From d4c7b9328fc39b21022b2bb1c6e27d9215592d51 Mon Sep 17 00:00:00 2001 From: Jeffrey Aven Date: Tue, 11 Jun 2024 19:59:09 +0800 Subject: [PATCH] aws doc updates --- .../aws/acmpca/certificates/index.md | 4 +- .../aws/apigateway/api_keys/index.md | 2 +- .../providers/aws/apigateway/methods/index.md | 2 +- .../providers/aws/apigateway/models/index.md | 2 +- .../aws/apigateway/rest_apis/index.md | 4 +- .../aws/apigateway/usage_plans/index.md | 2 +- .../aws/apigatewayv2/authorizers/index.md | 2 +- .../aws/apigatewayv2/domain_names/index.md | 2 +- .../integration_responses/index.md | 2 +- .../scalable_targets/index.md | 10 +- .../scaling_policies/index.md | 4 +- .../auto_scaling_configurations/index.md | 2 +- .../observability_configurations/index.md | 2 +- .../providers/aws/appsync/resolvers/index.md | 6 +- .../autoscaling/auto_scaling_groups/index.md | 32 ++--- .../providers/aws/backup/frameworks/index.md | 2 +- .../hook_default_versions/index.md | 2 +- .../cloudformation/hook_type_configs/index.md | 2 +- .../aws/cloudformation/hook_versions/index.md | 6 +- .../cloudformation/module_versions/index.md | 4 +- .../public_type_versions/index.md | 2 +- .../resource_default_versions/index.md | 2 +- .../cloudformation/resource_versions/index.md | 6 +- .../cloudformation/type_activations/index.md | 2 +- .../providers/aws/cloudwatch/alarms/index.md | 22 +-- .../aws/codeconnections/connections/index.md | 2 +- .../codestarconnections/connections/index.md | 2 +- .../aws/config/config_rules/index.md | 6 +- .../providers/aws/dynamodb/tables/index.md | 20 +-- .../aws/ec2/customer_gateways/index.md | 2 +- docs/aws-docs/providers/aws/ec2/eips/index.md | 12 +- .../providers/aws/ec2/instances/index.md | 2 +- .../providers/aws/ec2/key_pairs/index.md | 8 +- .../aws/ec2/launch_templates/index.md | 4 +- .../providers/aws/ec2/nat_gateways/index.md | 6 +- .../providers/aws/ec2/route_tables/index.md | 2 +- .../providers/aws/ec2/routes/index.md | 4 +- .../aws/ec2/security_group_egresses/index.md | 14 +- .../aws/ec2/security_group_ingresses/index.md | 14 +- .../subnet_route_table_associations/index.md | 2 +- .../providers/aws/ec2/subnets/index.md | 16 +-- .../aws/ec2/volume_attachments/index.md | 2 +- .../providers/aws/ec2/volumes/index.md | 16 +-- .../providers/aws/ec2/vpc_endpoints/index.md | 8 +- docs/aws-docs/providers/aws/ec2/vpcs/index.md | 10 +- .../aws/ecr/public_repositories/index.md | 2 +- .../aws/ecr/registry_policies/index.md | 2 +- .../providers/aws/ecr/repositories/index.md | 2 +- .../repository_creation_templates/index.md | 4 +- .../providers/aws/ecs/services/index.md | 26 ++-- .../aws/ecs/task_definitions/index.md | 24 ++-- .../providers/aws/efs/access_points/index.md | 4 +- .../providers/aws/efs/file_systems/index.md | 10 +- .../configuration_templates/index.md | 4 +- .../listener_rules/index.md | 8 +- .../elasticloadbalancingv2/listeners/index.md | 6 +- .../load_balancers/index.md | 8 +- .../providers/aws/events/rules/index.md | 2 +- .../fsx/data_repository_associations/index.md | 8 +- .../providers/aws/gamelift/fleets/index.md | 4 +- .../providers/aws/iam/group_policies/index.md | 8 +- .../providers/aws/iam/groups/index.md | 10 +- .../aws/iam/instance_profiles/index.md | 6 +- .../aws/iam/managed_policies/index.md | 16 +-- .../providers/aws/iam/role_policies/index.md | 8 +- .../aws-docs/providers/aws/iam/roles/index.md | 14 +- .../providers/aws/iam/user_policies/index.md | 8 +- .../aws-docs/providers/aws/iam/users/index.md | 16 +-- .../imagebuilder/container_recipes/index.md | 2 +- .../aws/iotevents/alarm_models/index.md | 8 +- .../aws/iotevents/detector_models/index.md | 4 +- .../providers/aws/iotevents/inputs/index.md | 2 +- .../providers/aws/kms/aliases/index.md | 6 +- docs/aws-docs/providers/aws/kms/keys/index.md | 24 ++-- .../aws/lambda/event_source_mappings/index.md | 18 +-- .../providers/aws/lambda/functions/index.md | 8 +- .../providers/aws/lambda/permissions/index.md | 6 +- .../aws/lightsail/instances/index.md | 4 +- .../aws/logs/account_policies/index.md | 4 +- .../providers/aws/logs/deliveries/index.md | 2 +- .../aws/logs/delivery_destinations/index.md | 4 +- .../aws/logs/delivery_sources/index.md | 2 +- .../aws/logs/metric_filters/index.md | 2 +- .../aws/logs/subscription_filters/index.md | 2 +- .../providers/aws/memorydb/clusters/index.md | 4 +- .../providers/aws/mwaa/environments/index.md | 16 +-- .../aws/neptune/db_clusters/index.md | 14 +- .../aws/neptunegraph/graphs/index.md | 8 +- .../private_graph_endpoints/index.md | 2 +- .../aws/nimblestudio/launch_profiles/index.md | 6 +- .../opensearchserverless/collections/index.md | 2 +- .../aws/organizations/policies/index.md | 2 +- .../environment_account_connections/index.md | 2 +- .../aws/proton/environment_templates/index.md | 2 +- .../aws/proton/service_templates/index.md | 2 +- .../aws/quicksight/data_sets/index.md | 6 +- .../aws/quicksight/data_sources/index.md | 2 +- .../providers/aws/rds/db_clusters/index.md | 8 +- .../providers/aws/rds/db_instances/index.md | 130 +++++++++--------- .../aws/rds/db_parameter_groups/index.md | 10 +- .../aws/rds/db_subnet_groups/index.md | 4 +- .../aws/rds/global_clusters/index.md | 4 +- .../providers/aws/redshift/clusters/index.md | 8 +- .../rekognition/stream_processors/index.md | 2 +- .../aws/route53/hosted_zones/index.md | 12 +- .../profile_associations/index.md | 10 +- .../profile_resource_associations/index.md | 10 +- .../resource_sets/index.md | 2 +- .../providers/aws/s3/bucket_policies/index.md | 2 +- .../providers/aws/s3/buckets/index.md | 10 +- .../providers/aws/sagemaker/projects/index.md | 2 +- .../aws/secretsmanager/secrets/index.md | 10 +- .../providers/aws/securityhub/hubs/index.md | 4 +- .../aws/securityhub/standards/index.md | 4 +- .../aws/shield/proactive_engagements/index.md | 4 +- .../aws/shield/protection_groups/index.md | 2 +- .../providers/aws/sns/topics/index.md | 14 +- .../providers/aws/sqs/queues/index.md | 18 +-- .../providers/aws/ssm/parameters/index.md | 8 +- .../index.md | 2 +- 120 files changed, 456 insertions(+), 470 deletions(-) diff --git a/docs/aws-docs/providers/aws/acmpca/certificates/index.md b/docs/aws-docs/providers/aws/acmpca/certificates/index.md index d0dcd52161..6aac5846b9 100644 --- a/docs/aws-docs/providers/aws/acmpca/certificates/index.md +++ b/docs/aws-docs/providers/aws/acmpca/certificates/index.md @@ -33,10 +33,10 @@ Creates, updates, deletes or gets a certificate resource or lists < - + - + diff --git a/docs/aws-docs/providers/aws/apigateway/api_keys/index.md b/docs/aws-docs/providers/aws/apigateway/api_keys/index.md index 24a307dbd8..b14c0e3746 100644 --- a/docs/aws-docs/providers/aws/apigateway/api_keys/index.md +++ b/docs/aws-docs/providers/aws/apigateway/api_keys/index.md @@ -35,7 +35,7 @@ Creates, updates, deletes or gets an api_key resource or lists - + diff --git a/docs/aws-docs/providers/aws/apigateway/methods/index.md b/docs/aws-docs/providers/aws/apigateway/methods/index.md index 95b96ca1b3..556eb7cc91 100644 --- a/docs/aws-docs/providers/aws/apigateway/methods/index.md +++ b/docs/aws-docs/providers/aws/apigateway/methods/index.md @@ -41,7 +41,7 @@ Creates, updates, deletes or gets a method resource or lists - +
NameDatatypeDescription
objectSpecifies X.509 certificate information to be included in the issued certificate. An APIPassthrough or APICSRPassthrough template variant must be selected, or else this parameter is ignored.
stringThe Amazon Resource Name (ARN) for the private CA issues the certificate.
stringThe certificate signing request (CSR) for the certificate.
stringThe name of the algorithm that will be used to sign the certificate to be issued.
This parameter should not be confused with the SigningAlgorithm parameter used to sign a CSR in the CreateCertificateAuthority action.
The specified signing algorithm family (RSA or ECDSA) must match the algorithm family of the CA's secret key.
stringThe name of the algorithm that will be used to sign the certificate to be issued. This parameter should not be confused with the SigningAlgorithm parameter used to sign a CSR in the CreateCertificateAuthority action. The specified signing algorithm family (RSA or ECDSA) must match the algorithm family of the CA's secret key.
stringSpecifies a custom configuration template to use when issuing a certificate. If this parameter is not provided, PCAshort defaults to the EndEntityCertificate/V1 template. For more information about PCAshort templates, see [Using Templates](https://docs.aws.amazon.com/privateca/latest/userguide/UsingTemplates.html).
objectThe period of time during which the certificate will be valid.
objectInformation describing the start of the validity period of the certificate. This parameter sets the “Not Before" date for the certificate.
By default, when issuing a certificate, PCAshort sets the "Not Before" date to the issuance time minus 60 minutes. This compensates for clock inconsistencies across computer systems. The ValidityNotBefore parameter can be used to customize the “Not Before” value.
Unlike the Validity parameter, the ValidityNotBefore parameter is optional.
The ValidityNotBefore value is expressed as an explicit date and time, using the Validity type value ABSOLUTE.
objectInformation describing the start of the validity period of the certificate. This parameter sets the “Not Before" date for the certificate. By default, when issuing a certificate, PCAshort sets the "Not Before" date to the issuance time minus 60 minutes. This compensates for clock inconsistencies across computer systems. The ValidityNotBefore parameter can be used to customize the “Not Before” value. Unlike the Validity parameter, the ValidityNotBefore parameter is optional. The ValidityNotBefore value is expressed as an explicit date and time, using the Validity type value ABSOLUTE.
string
undefined
stringAWS region.
stringThe description of the ApiKey.
booleanSpecifies whether the ApiKey can be used by callers.
booleanSpecifies whether (true) or not (false) the key identifier is distinct from the created API key value. This parameter is deprecated and should not be used.
stringA name for the API key. If you don't specify a name, CFN generates a unique physical ID and uses that ID for the API key name. For more information, see [Name Type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html).
If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.
stringA name for the API key. If you don't specify a name, CFN generates a unique physical ID and uses that ID for the API key name. For more information, see [Name Type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html). If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.
arrayDEPRECATED FOR USAGE PLANS - Specifies stages associated with the API key.
arrayThe key-value map of strings. The valid character set is [a-zA-Z+-=._:/]. The tag key can be up to 128 characters and must not start with aws:. The tag value can be up to 256 characters.
stringSpecifies a value of the API key.
stringThe identifier of an authorizer to use on this method. The method's authorization type must be CUSTOM or COGNITO_USER_POOLS.
stringThe Resource identifier for the MethodResponse resource.
booleanA boolean flag specifying whether a valid ApiKey is required to invoke this method.
stringThe method's authorization type. This parameter is required. For valid values, see [Method](https://docs.aws.amazon.com/apigateway/latest/api/API_Method.html) in the *API Gateway API Reference*.
If you specify the AuthorizerId property, specify CUSTOM or COGNITO_USER_POOLS for this property.
stringThe method's authorization type. This parameter is required. For valid values, see [Method](https://docs.aws.amazon.com/apigateway/latest/api/API_Method.html) in the *API Gateway API Reference*. If you specify the AuthorizerId property, specify CUSTOM or COGNITO_USER_POOLS for this property.
stringThe method's HTTP verb.
stringAWS region.
diff --git a/docs/aws-docs/providers/aws/apigateway/models/index.md b/docs/aws-docs/providers/aws/apigateway/models/index.md index 02cfb8045f..22ed7e7959 100644 --- a/docs/aws-docs/providers/aws/apigateway/models/index.md +++ b/docs/aws-docs/providers/aws/apigateway/models/index.md @@ -32,7 +32,7 @@ Creates, updates, deletes or gets a model resource or lists m ## Fields - + diff --git a/docs/aws-docs/providers/aws/apigateway/rest_apis/index.md b/docs/aws-docs/providers/aws/apigateway/rest_apis/index.md index 4b70701350..2b141a459a 100644 --- a/docs/aws-docs/providers/aws/apigateway/rest_apis/index.md +++ b/docs/aws-docs/providers/aws/apigateway/rest_apis/index.md @@ -25,7 +25,7 @@ Creates, updates, deletes or gets a rest_api resource or lists - +
NameDatatypeDescription
stringThe content-type for the model.
stringThe description of the model.
stringA name for the model. If you don't specify a name, CFN generates a unique physical ID and uses that ID for the model name. For more information, see [Name Type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html).
If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.
stringA name for the model. If you don't specify a name, CFN generates a unique physical ID and uses that ID for the model name. For more information, see [Name Type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html). If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.
stringThe string identifier of the associated RestApi.
objectThe schema for the model. For application/json models, this should be JSON schema draft 4 model. Do not include "\*/" characters in the description of any properties because such "\*/" characters may be interpreted as the closing marker for comments in some languages, such as Java or JavaScript, causing the installation of your API's SDK generated by API Gateway to fail.
stringAWS region.
Namerest_apis
TypeResource
DescriptionThe AWS::ApiGateway::RestApi resource creates a REST API. For more information, see [restapi:create](https://docs.aws.amazon.com/apigateway/latest/api/API_CreateRestApi.html) in the *Amazon API Gateway REST API Reference*.
On January 1, 2016, the Swagger Specification was donated to the [OpenAPI initiative](https://docs.aws.amazon.com/https://www.openapis.org/), becoming the foundation of the OpenAPI Specification.
DescriptionThe AWS::ApiGateway::RestApi resource creates a REST API. For more information, see [restapi:create](https://docs.aws.amazon.com/apigateway/latest/api/API_CreateRestApi.html) in the *Amazon API Gateway REST API Reference*. On January 1, 2016, the Swagger Specification was donated to the [OpenAPI initiative](https://docs.aws.amazon.com/https://www.openapis.org/), becoming the foundation of the OpenAPI Specification.
Id
@@ -36,7 +36,7 @@ Creates, updates, deletes or gets a rest_api resource or lists integerA nullable integer that is used to enable compression (with non-negative between 0 and 10485760 (10M) bytes, inclusive) or disable compression (with a null value) on an API. When compression is enabled, compression or decompression is not applied on the payload if the payload size is smaller than this value. Setting it to zero allows compression for any payload size. objectCustom header parameters as part of the request. For example, to exclude DocumentationParts from an imported API, set ignore=documentation as a parameters value, as in the AWS CLI command of aws apigateway import-rest-api --parameters ignore=documentation --body 'file:///path/to/imported-api-body.json'. stringThe ID of the RestApi that you want to clone from. -stringThis property applies only when you use OpenAPI to define your REST API. The Mode determines how API Gateway handles resource updates.
Valid values are overwrite or merge.
For overwrite, the new API definition replaces the existing one. The existing API identifier remains unchanged.
For merge, the new API definition is merged with the existing API.
If you don't specify this property, a default value is chosen. For REST APIs created before March 29, 2021, the default is overwrite. For REST APIs created after March 29, 2021, the new API definition takes precedence, but any container types such as endpoint configurations and binary media types are merged with the existing API.
Use the default mode to define top-level RestApi properties in addition to using OpenAPI. Generally, it's preferred to use API Gateway's OpenAPI extensions to model these properties. +stringThis property applies only when you use OpenAPI to define your REST API. The Mode determines how API Gateway handles resource updates. Valid values are overwrite or merge. For overwrite, the new API definition replaces the existing one. The existing API identifier remains unchanged. For merge, the new API definition is merged with the existing API. If you don't specify this property, a default value is chosen. For REST APIs created before March 29, 2021, the default is overwrite. For REST APIs created after March 29, 2021, the new API definition takes precedence, but any container types such as endpoint configurations and binary media types are merged with the existing API. Use the default mode to define top-level RestApi properties in addition to using OpenAPI. Generally, it's preferred to use API Gateway's OpenAPI extensions to model these properties. string booleanSpecifies whether clients can invoke your API by using the default execute-api endpoint. By default, clients can invoke your API with the default https://{api_id}.execute-api.{region}.amazonaws.com endpoint. To require that clients use a custom domain name to invoke your API, disable the default endpoint booleanA query parameter to indicate whether to rollback the API update (true) or not (false) when a warning is encountered. The default value is false. diff --git a/docs/aws-docs/providers/aws/apigateway/usage_plans/index.md b/docs/aws-docs/providers/aws/apigateway/usage_plans/index.md index cbcfa6847f..f83d04162e 100644 --- a/docs/aws-docs/providers/aws/apigateway/usage_plans/index.md +++ b/docs/aws-docs/providers/aws/apigateway/usage_plans/index.md @@ -25,7 +25,7 @@ Creates, updates, deletes or gets an usage_plan resource or lists < - +
Nameusage_plans
TypeResource
DescriptionThe AWS::ApiGateway::UsagePlan resource creates a usage plan for deployed APIs. A usage plan sets a target for the throttling and quota limits on individual client API keys. For more information, see [Creating and Using API Usage Plans in Amazon API Gateway](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-api-usage-plans.html) in the *API Gateway Developer Guide*.
In some cases clients can exceed the targets that you set. Don’t rely on usage plans to control costs. Consider using [](https://docs.aws.amazon.com/cost-management/latest/userguide/budgets-managing-costs.html) to monitor costs and [](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) to manage API requests.
DescriptionThe AWS::ApiGateway::UsagePlan resource creates a usage plan for deployed APIs. A usage plan sets a target for the throttling and quota limits on individual client API keys. For more information, see [Creating and Using API Usage Plans in Amazon API Gateway](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-api-usage-plans.html) in the *API Gateway Developer Guide*. In some cases clients can exceed the targets that you set. Don’t rely on usage plans to control costs. Consider using [](https://docs.aws.amazon.com/cost-management/latest/userguide/budgets-managing-costs.html) to monitor costs and [](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) to manage API requests.
Id
diff --git a/docs/aws-docs/providers/aws/apigatewayv2/authorizers/index.md b/docs/aws-docs/providers/aws/apigatewayv2/authorizers/index.md index 10837fd6d2..9e86844d29 100644 --- a/docs/aws-docs/providers/aws/apigatewayv2/authorizers/index.md +++ b/docs/aws-docs/providers/aws/apigatewayv2/authorizers/index.md @@ -36,7 +36,7 @@ Creates, updates, deletes or gets an authorizer resource or lists < stringThe authorizer type. Specify REQUEST for a Lambda function using incoming request parameters. Specify JWT to use JSON Web Tokens (supported only for HTTP APIs). objectThe JWTConfiguration property specifies the configuration of a JWT authorizer. Required for the JWT authorizer type. Supported only for HTTP APIs. integerThe time to live (TTL) for cached authorizer results, in seconds. If it equals 0, authorization caching is disabled. If it is greater than 0, API Gateway caches authorizer responses. The maximum value is 3600, or 1 hour. Supported only for HTTP API Lambda authorizers. -arrayThe identity source for which authorization is requested.
For a REQUEST authorizer, this is optional. The value is a set of one or more mapping expressions of the specified request parameters. The identity source can be headers, query string parameters, stage variables, and context parameters. For example, if an Auth header and a Name query string parameter are defined as identity sources, this value is route.request.header.Auth, route.request.querystring.Name for WebSocket APIs. For HTTP APIs, use selection expressions prefixed with $, for example, $request.header.Auth, $request.querystring.Name. These parameters are used to perform runtime validation for Lambda-based authorizers by verifying all of the identity-related request parameters are present in the request, not null, and non-empty. Only when this is true does the authorizer invoke the authorizer Lambda function. Otherwise, it returns a 401 Unauthorized response without calling the Lambda function. For HTTP APIs, identity sources are also used as the cache key when caching is enabled. To learn more, see [Working with Lambda authorizers for HTTP APIs](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-lambda-authorizer.html).
For JWT, a single entry that specifies where to extract the JSON Web Token (JWT) from inbound requests. Currently only header-based and query parameter-based selections are supported, for example $request.header.Authorization. +arrayThe identity source for which authorization is requested. For a REQUEST authorizer, this is optional. The value is a set of one or more mapping expressions of the specified request parameters. The identity source can be headers, query string parameters, stage variables, and context parameters. For example, if an Auth header and a Name query string parameter are defined as identity sources, this value is route.request.header.Auth, route.request.querystring.Name for WebSocket APIs. For HTTP APIs, use selection expressions prefixed with $, for example, $request.header.Auth, $request.querystring.Name. These parameters are used to perform runtime validation for Lambda-based authorizers by verifying all of the identity-related request parameters are present in the request, not null, and non-empty. Only when this is true does the authorizer invoke the authorizer Lambda function. Otherwise, it returns a 401 Unauthorized response without calling the Lambda function. For HTTP APIs, identity sources are also used as the cache key when caching is enabled. To learn more, see [Working with Lambda authorizers for HTTP APIs](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-lambda-authorizer.html). For JWT, a single entry that specifies where to extract the JSON Web Token (JWT) from inbound requests. Currently only header-based and query parameter-based selections are supported, for example $request.header.Authorization. stringSpecifies the format of the payload sent to an HTTP API Lambda authorizer. Required for HTTP API Lambda authorizers. Supported values are 1.0 and 2.0. To learn more, see [Working with Lambda authorizers for HTTP APIs](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-lambda-authorizer.html). stringThe API identifier. booleanSpecifies whether a Lambda authorizer returns a response in a simple format. By default, a Lambda authorizer must return an IAM policy. If enabled, the Lambda authorizer can return a boolean value instead of an IAM policy. Supported only for HTTP APIs. To learn more, see [Working with Lambda authorizers for HTTP APIs](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-lambda-authorizer.html). diff --git a/docs/aws-docs/providers/aws/apigatewayv2/domain_names/index.md b/docs/aws-docs/providers/aws/apigatewayv2/domain_names/index.md index 3d089c730e..c7e9d5ffcf 100644 --- a/docs/aws-docs/providers/aws/apigatewayv2/domain_names/index.md +++ b/docs/aws-docs/providers/aws/apigatewayv2/domain_names/index.md @@ -25,7 +25,7 @@ Creates, updates, deletes or gets a domain_name resource or lists < - +
Namedomain_names
TypeResource
DescriptionThe AWS::ApiGatewayV2::DomainName resource specifies a custom domain name for your API in Amazon API Gateway (API Gateway).
You can use a custom domain name to provide a URL that's more intuitive and easier to recall. For more information about using custom domain names, see [Set up Custom Domain Name for an API in API Gateway](https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-custom-domains.html) in the *API Gateway Developer Guide*.
DescriptionThe AWS::ApiGatewayV2::DomainName resource specifies a custom domain name for your API in Amazon API Gateway (API Gateway). You can use a custom domain name to provide a URL that's more intuitive and easier to recall. For more information about using custom domain names, see [Set up Custom Domain Name for an API in API Gateway](https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-custom-domains.html) in the *API Gateway Developer Guide*.
Id
diff --git a/docs/aws-docs/providers/aws/apigatewayv2/integration_responses/index.md b/docs/aws-docs/providers/aws/apigatewayv2/integration_responses/index.md index 151719a011..284ff6f797 100644 --- a/docs/aws-docs/providers/aws/apigatewayv2/integration_responses/index.md +++ b/docs/aws-docs/providers/aws/apigatewayv2/integration_responses/index.md @@ -34,7 +34,7 @@ Creates, updates, deletes or gets an integration_response resource objectThe collection of response templates for the integration response as a string-to-string map of key-value pairs. Response templates are represented as a key/value map, with a content-type as the key and a template as the value. stringThe template selection expression for the integration response. Supported only for WebSocket APIs. objectA key-value map specifying response parameters that are passed to the method response from the backend. The key is a method response header parameter name and the mapped value is an integration response header value, a static value enclosed within a pair of single quotes, or a JSON expression from the integration response body. The mapping key must match the pattern of method.response.header.{name}, where name is a valid and unique header name. The mapped non-static value must match the pattern of integration.response.header.{name} or integration.response.body.{JSON-expression}, where {name} is a valid and unique response header name and {JSON-expression} is a valid JSON expression without the $ prefix. -stringSupported only for WebSocket APIs. Specifies how to handle response payload content type conversions. Supported values are CONVERT_TO_BINARY and CONVERT_TO_TEXT, with the following behaviors:
CONVERT_TO_BINARY: Converts a response payload from a Base64-encoded string to the corresponding binary blob.
CONVERT_TO_TEXT: Converts a response payload from a binary blob to a Base64-encoded string.
If this property is not defined, the response payload will be passed through from the integration response to the route response or method response without modification. +stringSupported only for WebSocket APIs. Specifies how to handle response payload content type conversions. Supported values are CONVERT_TO_BINARY and CONVERT_TO_TEXT, with the following behaviors: CONVERT_TO_BINARY: Converts a response payload from a Base64-encoded string to the corresponding binary blob. CONVERT_TO_TEXT: Converts a response payload from a binary blob to a Base64-encoded string. If this property is not defined, the response payload will be passed through from the integration response to the route response or method response without modification. stringThe integration ID. stringThe integration response key. stringThe API identifier. diff --git a/docs/aws-docs/providers/aws/applicationautoscaling/scalable_targets/index.md b/docs/aws-docs/providers/aws/applicationautoscaling/scalable_targets/index.md index c2f7a68c7a..15e7759433 100644 --- a/docs/aws-docs/providers/aws/applicationautoscaling/scalable_targets/index.md +++ b/docs/aws-docs/providers/aws/applicationautoscaling/scalable_targets/index.md @@ -25,19 +25,19 @@ Creates, updates, deletes or gets a scalable_target resource or lis - +
Namescalable_targets
TypeResource
DescriptionThe AWS::ApplicationAutoScaling::ScalableTarget resource specifies a resource that Application Auto Scaling can scale, such as an AWS::DynamoDB::Table or AWS::ECS::Service resource.
For more information, see [Getting started](https://docs.aws.amazon.com/autoscaling/application/userguide/getting-started.html) in the *Application Auto Scaling User Guide*.
If the resource that you want Application Auto Scaling to scale is not yet created in your account, add a dependency on the resource when registering it as a scalable target using the [DependsOn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-dependson.html) attribute.
DescriptionThe AWS::ApplicationAutoScaling::ScalableTarget resource specifies a resource that Application Auto Scaling can scale, such as an AWS::DynamoDB::Table or AWS::ECS::Service resource. For more information, see [Getting started](https://docs.aws.amazon.com/autoscaling/application/userguide/getting-started.html) in the *Application Auto Scaling User Guide*. If the resource that you want Application Auto Scaling to scale is not yet created in your account, add a dependency on the resource when registering it as a scalable target using the [DependsOn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-dependson.html) attribute.
Id
## Fields - + - - + + - +
NameDatatypeDescription
arrayThe scheduled actions for the scalable target. Duplicates aren't allowed.
stringThe identifier of the resource associated with the scalable target. This string consists of the resource type and unique identifier.
+ ECS service - The resource type is service and the unique identifier is the cluster name and service name. Example: service/my-cluster/my-service.
+ Spot Fleet - The resource type is spot-fleet-request and the unique identifier is the Spot Fleet request ID. Example: spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE.
+ EMR cluster - The resource type is instancegroup and the unique identifier is the cluster ID and instance group ID. Example: instancegroup/j-2EEZNYKUA1NTV/ig-1791Y4E1L8YI0.
+ AppStream 2.0 fleet - The resource type is fleet and the unique identifier is the fleet name. Example: fleet/sample-fleet.
+ DynamoDB table - The resource type is table and the unique identifier is the table name. Example: table/my-table.
+ DynamoDB global secondary index - The resource type is index and the unique identifier is the index name. Example: table/my-table/index/my-table-index.
+ Aurora DB cluster - The resource type is cluster and the unique identifier is the cluster name. Example: cluster:my-db-cluster.
+ SageMaker endpoint variant - The resource type is variant and the unique identifier is the resource ID. Example: endpoint/my-end-point/variant/KMeansClustering.
+ Custom resources are not supported with a resource type. This parameter must specify the OutputValue from the CloudFormation template stack used to access the resources. The unique identifier is defined by the service provider. More information is available in our [GitHub repository](https://docs.aws.amazon.com/https://github.com/aws/aws-auto-scaling-custom-resource).
+ Amazon Comprehend document classification endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: arn:aws:comprehend:us-west-2:123456789012:document-classifier-endpoint/EXAMPLE.
+ Amazon Comprehend entity recognizer endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: arn:aws:comprehend:us-west-2:123456789012:entity-recognizer-endpoint/EXAMPLE.
+ Lambda provisioned concurrency - The resource type is function and the unique identifier is the function name with a function version or alias name suffix that is not $LATEST. Example: function:my-function:prod or function:my-function:1.
+ Amazon Keyspaces table - The resource type is table and the unique identifier is the table name. Example: keyspace/mykeyspace/table/mytable.
+ Amazon MSK cluster - The resource type and unique identifier are specified using the cluster ARN. Example: arn:aws:kafka:us-east-1:123456789012:cluster/demo-cluster-1/6357e0b2-0e6a-4b86-a0b4-70df934c2e31-5.
+ Amazon ElastiCache replication group - The resource type is replication-group and the unique identifier is the replication group name. Example: replication-group/mycluster.
+ Neptune cluster - The resource type is cluster and the unique identifier is the cluster name. Example: cluster:mycluster.
+ SageMaker serverless endpoint - The resource type is variant and the unique identifier is the resource ID. Example: endpoint/my-end-point/variant/KMeansClustering.
+ SageMaker inference component - The resource type is inference-component and the unique identifier is the resource ID. Example: inference-component/my-inference-component.
stringThe identifier of the resource associated with the scalable target. This string consists of the resource type and unique identifier. + ECS service - The resource type is service and the unique identifier is the cluster name and service name. Example: service/my-cluster/my-service. + Spot Fleet - The resource type is spot-fleet-request and the unique identifier is the Spot Fleet request ID. Example: spot-fleet-request/sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE. + EMR cluster - The resource type is instancegroup and the unique identifier is the cluster ID and instance group ID. Example: instancegroup/j-2EEZNYKUA1NTV/ig-1791Y4E1L8YI0. + AppStream 2.0 fleet - The resource type is fleet and the unique identifier is the fleet name. Example: fleet/sample-fleet. + DynamoDB table - The resource type is table and the unique identifier is the table name. Example: table/my-table. + DynamoDB global secondary index - The resource type is index and the unique identifier is the index name. Example: table/my-table/index/my-table-index. + Aurora DB cluster - The resource type is cluster and the unique identifier is the cluster name. Example: cluster:my-db-cluster. + SageMaker endpoint variant - The resource type is variant and the unique identifier is the resource ID. Example: endpoint/my-end-point/variant/KMeansClustering. + Custom resources are not supported with a resource type. This parameter must specify the OutputValue from the CloudFormation template stack used to access the resources. The unique identifier is defined by the service provider. More information is available in our [GitHub repository](https://docs.aws.amazon.com/https://github.com/aws/aws-auto-scaling-custom-resource). + Amazon Comprehend document classification endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: arn:aws:comprehend:us-west-2:123456789012:document-classifier-endpoint/EXAMPLE. + Amazon Comprehend entity recognizer endpoint - The resource type and unique identifier are specified using the endpoint ARN. Example: arn:aws:comprehend:us-west-2:123456789012:entity-recognizer-endpoint/EXAMPLE. + Lambda provisioned concurrency - The resource type is function and the unique identifier is the function name with a function version or alias name suffix that is not $LATEST. Example: function:my-function:prod or function:my-function:1. + Amazon Keyspaces table - The resource type is table and the unique identifier is the table name. Example: keyspace/mykeyspace/table/mytable. + Amazon MSK cluster - The resource type and unique identifier are specified using the cluster ARN. Example: arn:aws:kafka:us-east-1:123456789012:cluster/demo-cluster-1/6357e0b2-0e6a-4b86-a0b4-70df934c2e31-5. + Amazon ElastiCache replication group - The resource type is replication-group and the unique identifier is the replication group name. Example: replication-group/mycluster. + Neptune cluster - The resource type is cluster and the unique identifier is the cluster name. Example: cluster:mycluster. + SageMaker serverless endpoint - The resource type is variant and the unique identifier is the resource ID. Example: endpoint/my-end-point/variant/KMeansClustering. + SageMaker inference component - The resource type is inference-component and the unique identifier is the resource ID. Example: inference-component/my-inference-component.
stringThe namespace of the AWS service that provides the resource, or a custom-resource.
stringThe scalable dimension associated with the scalable target. This string consists of the service namespace, resource type, and scaling property.
+ ecs:service:DesiredCount - The desired task count of an ECS service.
+ elasticmapreduce:instancegroup:InstanceCount - The instance count of an EMR Instance Group.
+ ec2:spot-fleet-request:TargetCapacity - The target capacity of a Spot Fleet.
+ appstream:fleet:DesiredCapacity - The desired capacity of an AppStream 2.0 fleet.
+ dynamodb:table:ReadCapacityUnits - The provisioned read capacity for a DynamoDB table.
+ dynamodb:table:WriteCapacityUnits - The provisioned write capacity for a DynamoDB table.
+ dynamodb:index:ReadCapacityUnits - The provisioned read capacity for a DynamoDB global secondary index.
+ dynamodb:index:WriteCapacityUnits - The provisioned write capacity for a DynamoDB global secondary index.
+ rds:cluster:ReadReplicaCount - The count of Aurora Replicas in an Aurora DB cluster. Available for Aurora MySQL-compatible edition and Aurora PostgreSQL-compatible edition.
+ sagemaker:variant:DesiredInstanceCount - The number of EC2 instances for a SageMaker model endpoint variant.
+ custom-resource:ResourceType:Property - The scalable dimension for a custom resource provided by your own application or service.
+ comprehend:document-classifier-endpoint:DesiredInferenceUnits - The number of inference units for an Amazon Comprehend document classification endpoint.
+ comprehend:entity-recognizer-endpoint:DesiredInferenceUnits - The number of inference units for an Amazon Comprehend entity recognizer endpoint.
+ lambda:function:ProvisionedConcurrency - The provisioned concurrency for a Lambda function.
+ cassandra:table:ReadCapacityUnits - The provisioned read capacity for an Amazon Keyspaces table.
+ cassandra:table:WriteCapacityUnits - The provisioned write capacity for an Amazon Keyspaces table.
+ kafka:broker-storage:VolumeSize - The provisioned volume size (in GiB) for brokers in an Amazon MSK cluster.
+ elasticache:replication-group:NodeGroups - The number of node groups for an Amazon ElastiCache replication group.
+ elasticache:replication-group:Replicas - The number of replicas per node group for an Amazon ElastiCache replication group.
+ neptune:cluster:ReadReplicaCount - The count of read replicas in an Amazon Neptune DB cluster.
+ sagemaker:variant:DesiredProvisionedConcurrency - The provisioned concurrency for a SageMaker serverless endpoint.
+ sagemaker:inference-component:DesiredCopyCount - The number of copies across an endpoint for a SageMaker inference component.
objectAn embedded object that contains attributes and attribute values that are used to suspend and resume automatic scaling. Setting the value of an attribute to true suspends the specified scaling activities. Setting it to false (default) resumes the specified scaling activities.
*Suspension Outcomes*
+ For DynamicScalingInSuspended, while a suspension is in effect, all scale-in activities that are triggered by a scaling policy are suspended.
+ For DynamicScalingOutSuspended, while a suspension is in effect, all scale-out activities that are triggered by a scaling policy are suspended.
+ For ScheduledScalingSuspended, while a suspension is in effect, all scaling activities that involve scheduled actions are suspended.
stringThe scalable dimension associated with the scalable target. This string consists of the service namespace, resource type, and scaling property. + ecs:service:DesiredCount - The desired task count of an ECS service. + elasticmapreduce:instancegroup:InstanceCount - The instance count of an EMR Instance Group. + ec2:spot-fleet-request:TargetCapacity - The target capacity of a Spot Fleet. + appstream:fleet:DesiredCapacity - The desired capacity of an AppStream 2.0 fleet. + dynamodb:table:ReadCapacityUnits - The provisioned read capacity for a DynamoDB table. + dynamodb:table:WriteCapacityUnits - The provisioned write capacity for a DynamoDB table. + dynamodb:index:ReadCapacityUnits - The provisioned read capacity for a DynamoDB global secondary index. + dynamodb:index:WriteCapacityUnits - The provisioned write capacity for a DynamoDB global secondary index. + rds:cluster:ReadReplicaCount - The count of Aurora Replicas in an Aurora DB cluster. Available for Aurora MySQL-compatible edition and Aurora PostgreSQL-compatible edition. + sagemaker:variant:DesiredInstanceCount - The number of EC2 instances for a SageMaker model endpoint variant. + custom-resource:ResourceType:Property - The scalable dimension for a custom resource provided by your own application or service. + comprehend:document-classifier-endpoint:DesiredInferenceUnits - The number of inference units for an Amazon Comprehend document classification endpoint. + comprehend:entity-recognizer-endpoint:DesiredInferenceUnits - The number of inference units for an Amazon Comprehend entity recognizer endpoint. + lambda:function:ProvisionedConcurrency - The provisioned concurrency for a Lambda function. + cassandra:table:ReadCapacityUnits - The provisioned read capacity for an Amazon Keyspaces table. + cassandra:table:WriteCapacityUnits - The provisioned write capacity for an Amazon Keyspaces table. + kafka:broker-storage:VolumeSize - The provisioned volume size (in GiB) for brokers in an Amazon MSK cluster. + elasticache:replication-group:NodeGroups - The number of node groups for an Amazon ElastiCache replication group. + elasticache:replication-group:Replicas - The number of replicas per node group for an Amazon ElastiCache replication group. + neptune:cluster:ReadReplicaCount - The count of read replicas in an Amazon Neptune DB cluster. + sagemaker:variant:DesiredProvisionedConcurrency - The provisioned concurrency for a SageMaker serverless endpoint. + sagemaker:inference-component:DesiredCopyCount - The number of copies across an endpoint for a SageMaker inference component.
objectAn embedded object that contains attributes and attribute values that are used to suspend and resume automatic scaling. Setting the value of an attribute to true suspends the specified scaling activities. Setting it to false (default) resumes the specified scaling activities. *Suspension Outcomes* + For DynamicScalingInSuspended, while a suspension is in effect, all scale-in activities that are triggered by a scaling policy are suspended. + For DynamicScalingOutSuspended, while a suspension is in effect, all scale-out activities that are triggered by a scaling policy are suspended. + For ScheduledScalingSuspended, while a suspension is in effect, all scaling activities that involve scheduled actions are suspended.
string
integerThe minimum value that you plan to scale in to. When a scaling policy is in effect, Application Auto Scaling can scale in (contract) as needed to the minimum capacity limit in response to changing demand.
stringSpecify the Amazon Resource Name (ARN) of an Identity and Access Management (IAM) role that allows Application Auto Scaling to modify the scalable target on your behalf. This can be either an IAM service role that Application Auto Scaling can assume to make calls to other AWS resources on your behalf, or a service-linked role for the specified service. For more information, see [How Application Auto Scaling works with IAM](https://docs.aws.amazon.com/autoscaling/application/userguide/security_iam_service-with-iam.html) in the *Application Auto Scaling User Guide*.
To automatically create a service-linked role (recommended), specify the full ARN of the service-linked role in your stack template. To find the exact ARN of the service-linked role for your AWS or custom resource, see the [Service-linked roles](https://docs.aws.amazon.com/autoscaling/application/userguide/application-auto-scaling-service-linked-roles.html) topic in the *Application Auto Scaling User Guide*. Look for the ARN in the table at the bottom of the page.
stringSpecify the Amazon Resource Name (ARN) of an Identity and Access Management (IAM) role that allows Application Auto Scaling to modify the scalable target on your behalf. This can be either an IAM service role that Application Auto Scaling can assume to make calls to other AWS resources on your behalf, or a service-linked role for the specified service. For more information, see [How Application Auto Scaling works with IAM](https://docs.aws.amazon.com/autoscaling/application/userguide/security_iam_service-with-iam.html) in the *Application Auto Scaling User Guide*. To automatically create a service-linked role (recommended), specify the full ARN of the service-linked role in your stack template. To find the exact ARN of the service-linked role for your AWS or custom resource, see the [Service-linked roles](https://docs.aws.amazon.com/autoscaling/application/userguide/application-auto-scaling-service-linked-roles.html) topic in the *Application Auto Scaling User Guide*. Look for the ARN in the table at the bottom of the page.
integerThe maximum value that you plan to scale out to. When a scaling policy is in effect, Application Auto Scaling can scale out (expand) as needed to the maximum capacity limit in response to changing demand.
stringAWS region.
diff --git a/docs/aws-docs/providers/aws/applicationautoscaling/scaling_policies/index.md b/docs/aws-docs/providers/aws/applicationautoscaling/scaling_policies/index.md index 3e8deb3c97..e2f02744cc 100644 --- a/docs/aws-docs/providers/aws/applicationautoscaling/scaling_policies/index.md +++ b/docs/aws-docs/providers/aws/applicationautoscaling/scaling_policies/index.md @@ -30,8 +30,8 @@ Creates, updates, deletes or gets a scaling_policy resource or list ## Fields - - +
NameDatatypeDescription
stringThe name of the scaling policy.

Updates to the name of a target tracking scaling policy are not supported, unless you also update the metric used for scaling. To change only a target tracking scaling policy's name, first delete the policy by removing the existing AWS::ApplicationAutoScaling::ScalingPolicy resource from the template and updating the stack. Then, recreate the resource with the same settings and a different name.
stringThe scaling policy type.

The following policy types are supported:

TargetTrackingScaling Not supported for Amazon EMR

StepScaling Not supported for DynamoDB, Amazon Comprehend, Lambda, Amazon Keyspaces, Amazon MSK, Amazon ElastiCache, or Neptune.
+ diff --git a/docs/aws-docs/providers/aws/apprunner/auto_scaling_configurations/index.md b/docs/aws-docs/providers/aws/apprunner/auto_scaling_configurations/index.md index 743b117cd3..c38825ef84 100644 --- a/docs/aws-docs/providers/aws/apprunner/auto_scaling_configurations/index.md +++ b/docs/aws-docs/providers/aws/apprunner/auto_scaling_configurations/index.md @@ -31,7 +31,7 @@ Creates, updates, deletes or gets an auto_scaling_configuration res ## Fields
NameDatatypeDescription
stringThe name of the scaling policy. Updates to the name of a target tracking scaling policy are not supported, unless you also update the metric used for scaling. To change only a target tracking scaling policy's name, first delete the policy by removing the existing AWS::ApplicationAutoScaling::ScalingPolicy resource from the template and updating the stack. Then, recreate the resource with the same settings and a different name.
stringThe scaling policy type. The following policy types are supported: TargetTrackingScaling Not supported for Amazon EMR StepScaling Not supported for DynamoDB, Amazon Comprehend, Lambda, Amazon Keyspaces, Amazon MSK, Amazon ElastiCache, or Neptune.
stringThe identifier of the resource associated with the scaling policy. This string consists of the resource type and unique identifier.
stringThe scalable dimension. This string consists of the service namespace, resource type, and scaling property.
stringThe CloudFormation-generated ID of an Application Auto Scaling scalable target. For more information about the ID, see the Return Value section of the AWS::ApplicationAutoScaling::ScalableTarget resource.
- + diff --git a/docs/aws-docs/providers/aws/apprunner/observability_configurations/index.md b/docs/aws-docs/providers/aws/apprunner/observability_configurations/index.md index 30d2604847..5673d7eadb 100644 --- a/docs/aws-docs/providers/aws/apprunner/observability_configurations/index.md +++ b/docs/aws-docs/providers/aws/apprunner/observability_configurations/index.md @@ -25,7 +25,7 @@ Creates, updates, deletes or gets an observability_configuration re
NameDatatypeDescription
stringThe Amazon Resource Name (ARN) of this auto scaling configuration.
stringThe customer-provided auto scaling configuration name. When you use it for the first time in an AWS Region, App Runner creates revision number 1 of this name. When you use the same name in subsequent calls, App Runner creates incremental revisions of the configuration. The auto scaling configuration name can be used in multiple revisions of a configuration.
stringThe customer-provided auto scaling configuration name. When you use it for the first time in an AWS Region, App Runner creates revision number 1 of this name. When you use the same name in subsequent calls, App Runner creates incremental revisions of the configuration. The auto scaling configuration name can be used in multiple revisions of a configuration.
integerThe revision of this auto scaling configuration. It's unique among all the active configurations ("Status": "ACTIVE") that share the same AutoScalingConfigurationName.
integerThe maximum number of concurrent requests that an instance processes. If the number of concurrent requests exceeds this limit, App Runner scales the service up to use more instances to process the requests.
integerThe maximum number of instances that an App Runner service scales up to. At most MaxSize instances actively serve traffic for your service.
- +
Nameobservability_configurations
TypeResource
DescriptionThe AWS::AppRunner::ObservabilityConfiguration resource is an AWS App Runner resource type that specifies an App Runner observability configuration
DescriptionThe AWS::AppRunner::ObservabilityConfiguration resource is an AWS App Runner resource type that specifies an App Runner observability configuration
Id
diff --git a/docs/aws-docs/providers/aws/appsync/resolvers/index.md b/docs/aws-docs/providers/aws/appsync/resolvers/index.md index e5f4fdfc84..bf67fa8579 100644 --- a/docs/aws-docs/providers/aws/appsync/resolvers/index.md +++ b/docs/aws-docs/providers/aws/appsync/resolvers/index.md @@ -25,7 +25,7 @@ Creates, updates, deletes or gets a resolver resource or lists Nameresolvers TypeResource -DescriptionThe AWS::AppSync::Resolver resource defines the logical GraphQL resolver that you attach to fields in a schema. Request and response templates for resolvers are written in Apache Velocity Template Language (VTL) format. For more information about resolvers, see [Resolver Mapping Template Reference](https://docs.aws.amazon.com/appsync/latest/devguide/resolver-mapping-template-reference.html).
When you submit an update, CFNLong updates resources based on differences between what you submit and the stack's current template. To cause this resource to be updated you must change a property value for this resource in the CFNshort template. Changing the S3 file content without changing a property value will not result in an update operation.
See [Update Behaviors of Stack Resources](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html) in the *User Guide*. +DescriptionThe AWS::AppSync::Resolver resource defines the logical GraphQL resolver that you attach to fields in a schema. Request and response templates for resolvers are written in Apache Velocity Template Language (VTL) format. For more information about resolvers, see [Resolver Mapping Template Reference](https://docs.aws.amazon.com/appsync/latest/devguide/resolver-mapping-template-reference.html). When you submit an update, CFNLong updates resources based on differences between what you submit and the stack's current template. To cause this resource to be updated you must change a property value for this resource in the CFNshort template. Changing the S3 file content without changing a property value will not result in an update operation. See [Update Behaviors of Stack Resources](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html) in the *User Guide*. Id @@ -36,10 +36,10 @@ Creates, updates, deletes or gets a resolver resource or lists stringThe Amazon S3 endpoint. stringThe resolver data source name. stringThe GraphQL field on a type that invokes the resolver. -stringThe resolver type.
+ *UNIT*: A UNIT resolver type. A UNIT resolver is the default resolver type. You can use a UNIT resolver to run a GraphQL query against a single data source.
+ *PIPELINE*: A PIPELINE resolver type. You can use a PIPELINE resolver to invoke a series of Function objects in a serial manner. You can use a pipeline resolver to run a GraphQL query against multiple data sources. +stringThe resolver type. + *UNIT*: A UNIT resolver type. A UNIT resolver is the default resolver type. You can use a UNIT resolver to run a GraphQL query against a single data source. + *PIPELINE*: A PIPELINE resolver type. You can use a PIPELINE resolver to invoke a series of Function objects in a serial manner. You can use a pipeline resolver to run a GraphQL query against multiple data sources. integerThe maximum number of resolver request inputs that will be sent to a single LAMlong function in a BatchInvoke operation. objectFunctions linked with the pipeline resolver. -stringThe request mapping template.
Request mapping templates are optional when using a Lambda data source. For all other data sources, a request mapping template is required. +stringThe request mapping template. Request mapping templates are optional when using a Lambda data source. For all other data sources, a request mapping template is required. stringThe location of a request mapping template in an S3 bucket. Use this if you want to provision with a template file in S3 rather than embedding it in your CFNshort template. string stringThe response mapping template. diff --git a/docs/aws-docs/providers/aws/autoscaling/auto_scaling_groups/index.md b/docs/aws-docs/providers/aws/autoscaling/auto_scaling_groups/index.md index 4bdf6e152f..0685cfc879 100644 --- a/docs/aws-docs/providers/aws/autoscaling/auto_scaling_groups/index.md +++ b/docs/aws-docs/providers/aws/autoscaling/auto_scaling_groups/index.md @@ -25,42 +25,42 @@ Creates, updates, deletes or gets an auto_scaling_group resource or - +
Nameauto_scaling_groups
TypeResource
DescriptionThe AWS::AutoScaling::AutoScalingGroup resource defines an Amazon EC2 Auto Scaling group, which is a collection of Amazon EC2 instances that are treated as a logical grouping for the purposes of automatic scaling and management.
For more information about Amazon EC2 Auto Scaling, see the [Amazon EC2 Auto Scaling User Guide](https://docs.aws.amazon.com/autoscaling/ec2/userguide/what-is-amazon-ec2-auto-scaling.html).
Amazon EC2 Auto Scaling configures instances launched as part of an Auto Scaling group using either a [launch template](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-launchtemplate.html) or a launch configuration. We strongly recommend that you do not use launch configurations. For more information, see [Launch configurations](https://docs.aws.amazon.com/autoscaling/ec2/userguide/launch-configurations.html) in the *Amazon EC2 Auto Scaling User Guide*.
For help migrating from launch configurations to launch templates, see [Migrate CloudFormation stacks from launch configurations to launch templates](https://docs.aws.amazon.com/autoscaling/ec2/userguide/migrate-launch-configurations-with-cloudformation.html) in the *Amazon EC2 Auto Scaling User Guide*.
DescriptionThe AWS::AutoScaling::AutoScalingGroup resource defines an Amazon EC2 Auto Scaling group, which is a collection of Amazon EC2 instances that are treated as a logical grouping for the purposes of automatic scaling and management. For more information about Amazon EC2 Auto Scaling, see the [Amazon EC2 Auto Scaling User Guide](https://docs.aws.amazon.com/autoscaling/ec2/userguide/what-is-amazon-ec2-auto-scaling.html). Amazon EC2 Auto Scaling configures instances launched as part of an Auto Scaling group using either a [launch template](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-launchtemplate.html) or a launch configuration. We strongly recommend that you do not use launch configurations. For more information, see [Launch configurations](https://docs.aws.amazon.com/autoscaling/ec2/userguide/launch-configurations.html) in the *Amazon EC2 Auto Scaling User Guide*. For help migrating from launch configurations to launch templates, see [Migrate CloudFormation stacks from launch configurations to launch templates](https://docs.aws.amazon.com/autoscaling/ec2/userguide/migrate-launch-configurations-with-cloudformation.html) in the *Amazon EC2 Auto Scaling User Guide*.
Id
## Fields - + - + - - - + + + - - - + + + - + - + - - - - - + + + + +
NameDatatypeDescription
arrayOne or more lifecycle hooks to add to the Auto Scaling group before instances are launched.
arrayA list of Classic Load Balancers associated with this Auto Scaling group. For Application Load Balancers, Network Load Balancers, and Gateway Load Balancers, specify the TargetGroupARNs property instead.
stringThe name of the launch configuration to use to launch instances.
Required only if you don't specify LaunchTemplate, MixedInstancesPolicy, or InstanceId.
stringThe name of the launch configuration to use to launch instances. Required only if you don't specify LaunchTemplate, MixedInstancesPolicy, or InstanceId.
stringThe Amazon Resource Name (ARN) of the service-linked role that the Auto Scaling group uses to call other AWS service on your behalf. By default, Amazon EC2 Auto Scaling uses a service-linked role named AWSServiceRoleForAutoScaling, which it creates if it does not exist. For more information, see [Service-linked roles](https://docs.aws.amazon.com/autoscaling/ec2/userguide/autoscaling-service-linked-role.html) in the *Amazon EC2 Auto Scaling User Guide*.
arrayThe Amazon Resource Names (ARN) of the Elastic Load Balancing target groups to associate with the Auto Scaling group. Instances are registered as targets with the target groups. The target groups receive incoming traffic and route requests to one or more registered targets. For more information, see [Use Elastic Load Balancing to distribute traffic across the instances in your Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/autoscaling-load-balancer.html) in the *Amazon EC2 Auto Scaling User Guide*.
string*Only needed if you use simple scaling policies.*
The amount of time, in seconds, between one scaling activity ending and another one starting due to simple scaling policies. For more information, see [Scaling cooldowns for Amazon EC2 Auto Scaling](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-scaling-cooldowns.html) in the *Amazon EC2 Auto Scaling User Guide*.
Default: 300 seconds
string*Only needed if you use simple scaling policies.* The amount of time, in seconds, between one scaling activity ending and another one starting due to simple scaling policies. For more information, see [Scaling cooldowns for Amazon EC2 Auto Scaling](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-scaling-cooldowns.html) in the *Amazon EC2 Auto Scaling User Guide*. Default: 300 seconds
arrayConfigures an Auto Scaling group to send notifications when specified events take place.
stringThe desired capacity is the initial capacity of the Auto Scaling group at the time of its creation and the capacity it attempts to maintain. It can scale beyond this capacity if you configure automatic scaling.
The number must be greater than or equal to the minimum size of the group and less than or equal to the maximum size of the group. If you do not specify a desired capacity when creating the stack, the default is the minimum size of the group.
CloudFormation marks the Auto Scaling group as successful (by setting its status to CREATE_COMPLETE) when the desired capacity is reached. However, if a maximum Spot price is set in the launch template or launch configuration that you specified, then desired capacity is not used as a criteria for success. Whether your request is fulfilled depends on Spot Instance capacity and your maximum price.
integerThe amount of time, in seconds, that Amazon EC2 Auto Scaling waits before checking the health status of an EC2 instance that has come into service and marking it unhealthy due to a failed health check. This is useful if your instances do not immediately pass their health checks after they enter the InService state. For more information, see [Set the health check grace period for an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/health-check-grace-period.html) in the *Amazon EC2 Auto Scaling User Guide*.
Default: 0 seconds
integerThe amount of time, in seconds, until a new instance is considered to have finished initializing and resource consumption to become stable after it enters the InService state.
During an instance refresh, Amazon EC2 Auto Scaling waits for the warm-up period after it replaces an instance before it moves on to replacing the next instance. Amazon EC2 Auto Scaling also waits for the warm-up period before aggregating the metrics for new instances with existing instances in the Amazon CloudWatch metrics that are used for scaling, resulting in more reliable usage data. For more information, see [Set the default instance warmup for an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-default-instance-warmup.html) in the *Amazon EC2 Auto Scaling User Guide*.
To manage various warm-up settings at the group level, we recommend that you set the default instance warmup, *even if it is set to 0 seconds*. To remove a value that you previously set, include the property but specify -1 for the value. However, we strongly recommend keeping the default instance warmup enabled by specifying a value of 0 or other nominal value.
Default: None
stringThe desired capacity is the initial capacity of the Auto Scaling group at the time of its creation and the capacity it attempts to maintain. It can scale beyond this capacity if you configure automatic scaling. The number must be greater than or equal to the minimum size of the group and less than or equal to the maximum size of the group. If you do not specify a desired capacity when creating the stack, the default is the minimum size of the group. CloudFormation marks the Auto Scaling group as successful (by setting its status to CREATE_COMPLETE) when the desired capacity is reached. However, if a maximum Spot price is set in the launch template or launch configuration that you specified, then desired capacity is not used as a criteria for success. Whether your request is fulfilled depends on Spot Instance capacity and your maximum price.
integerThe amount of time, in seconds, that Amazon EC2 Auto Scaling waits before checking the health status of an EC2 instance that has come into service and marking it unhealthy due to a failed health check. This is useful if your instances do not immediately pass their health checks after they enter the InService state. For more information, see [Set the health check grace period for an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/health-check-grace-period.html) in the *Amazon EC2 Auto Scaling User Guide*. Default: 0 seconds
integerThe amount of time, in seconds, until a new instance is considered to have finished initializing and resource consumption to become stable after it enters the InService state. During an instance refresh, Amazon EC2 Auto Scaling waits for the warm-up period after it replaces an instance before it moves on to replacing the next instance. Amazon EC2 Auto Scaling also waits for the warm-up period before aggregating the metrics for new instances with existing instances in the Amazon CloudWatch metrics that are used for scaling, resulting in more reliable usage data. For more information, see [Set the default instance warmup for an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-default-instance-warmup.html) in the *Amazon EC2 Auto Scaling User Guide*. To manage various warm-up settings at the group level, we recommend that you set the default instance warmup, *even if it is set to 0 seconds*. To remove a value that you previously set, include the property but specify -1 for the value. However, we strongly recommend keeping the default instance warmup enabled by specifying a value of 0 or other nominal value. Default: None
booleanIndicates whether newly launched instances are protected from termination by Amazon EC2 Auto Scaling when scaling in. For more information about preventing instances from terminating on scale in, see [Use instance scale-in protection](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-instance-protection.html) in the *Amazon EC2 Auto Scaling User Guide*.
objectInformation used to specify the launch template and version to use to launch instances. You can alternatively associate a launch template to the Auto Scaling group by specifying a MixedInstancesPolicy. For more information about creating launch templates, see [Create a launch template for an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/create-launch-template.html) in the *Amazon EC2 Auto Scaling User Guide*.
If you omit this property, you must specify MixedInstancesPolicy, LaunchConfigurationName, or InstanceId.
objectAn embedded object that specifies a mixed instances policy.
The policy includes properties that not only define the distribution of On-Demand Instances and Spot Instances, the maximum price to pay for Spot Instances (optional), and how the Auto Scaling group allocates instance types to fulfill On-Demand and Spot capacities, but also the properties that specify the instance configuration information—the launch template and instance types. The policy can also include a weight for each instance type and different launch templates for individual instance types.
For more information, see [Auto Scaling groups with multiple instance types and purchase options](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-mixed-instances-groups.html) in the *Amazon EC2 Auto Scaling User Guide*.
arrayA list of subnet IDs for a virtual private cloud (VPC) where instances in the Auto Scaling group can be created.
If this resource specifies public subnets and is also in a VPC that is defined in the same stack template, you must use the [DependsOn attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-dependson.html) to declare a dependency on the [VPC-gateway attachment](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpc-gateway-attachment.html).
When you update VPCZoneIdentifier, this retains the same Auto Scaling group and replaces old instances with new ones, according to the specified subnets. You can optionally specify how CloudFormation handles these updates by using an [UpdatePolicy attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatepolicy.html).
Required to launch instances into a nondefault VPC. If you specify VPCZoneIdentifier with AvailabilityZones, the subnets that you specify for this property must reside in those Availability Zones.
objectInformation used to specify the launch template and version to use to launch instances. You can alternatively associate a launch template to the Auto Scaling group by specifying a MixedInstancesPolicy. For more information about creating launch templates, see [Create a launch template for an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/create-launch-template.html) in the *Amazon EC2 Auto Scaling User Guide*. If you omit this property, you must specify MixedInstancesPolicy, LaunchConfigurationName, or InstanceId.
objectAn embedded object that specifies a mixed instances policy. The policy includes properties that not only define the distribution of On-Demand Instances and Spot Instances, the maximum price to pay for Spot Instances (optional), and how the Auto Scaling group allocates instance types to fulfill On-Demand and Spot capacities, but also the properties that specify the instance configuration information—the launch template and instance types. The policy can also include a weight for each instance type and different launch templates for individual instance types. For more information, see [Auto Scaling groups with multiple instance types and purchase options](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-mixed-instances-groups.html) in the *Amazon EC2 Auto Scaling User Guide*.
arrayA list of subnet IDs for a virtual private cloud (VPC) where instances in the Auto Scaling group can be created. If this resource specifies public subnets and is also in a VPC that is defined in the same stack template, you must use the [DependsOn attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-dependson.html) to declare a dependency on the [VPC-gateway attachment](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpc-gateway-attachment.html). When you update VPCZoneIdentifier, this retains the same Auto Scaling group and replaces old instances with new ones, according to the specified subnets. You can optionally specify how CloudFormation handles these updates by using an [UpdatePolicy attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatepolicy.html). Required to launch instances into a nondefault VPC. If you specify VPCZoneIdentifier with AvailabilityZones, the subnets that you specify for this property must reside in those Availability Zones.
arrayOne or more tags. You can tag your Auto Scaling group and propagate the tags to the Amazon EC2 instances it launches. Tags are not propagated to Amazon EBS volumes. To add tags to Amazon EBS volumes, specify the tags in a launch template but use caution. If the launch template specifies an instance tag with a key that is also specified for the Auto Scaling group, Amazon EC2 Auto Scaling overrides the value of that instance tag with the value specified by the Auto Scaling group. For more information, see [Tag Auto Scaling groups and instances](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-tagging.html) in the *Amazon EC2 Auto Scaling User Guide*.
stringReserved.
booleanIndicates whether Capacity Rebalancing is enabled. Otherwise, Capacity Rebalancing is disabled. When you turn on Capacity Rebalancing, Amazon EC2 Auto Scaling attempts to launch a Spot Instance whenever Amazon EC2 notifies that a Spot Instance is at an elevated risk of interruption. After launching a new instance, it then terminates an old instance. For more information, see [Use Capacity Rebalancing to handle Amazon EC2 Spot Interruptions](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-capacity-rebalancing.html) in the in the *Amazon EC2 Auto Scaling User Guide*.
stringThe ID of the instance used to base the launch configuration on. For more information, see [Create an Auto Scaling group using an EC2 instance](https://docs.aws.amazon.com/autoscaling/ec2/userguide/create-asg-from-instance.html) in the *Amazon EC2 Auto Scaling User Guide*.
If you specify LaunchTemplate, MixedInstancesPolicy, or LaunchConfigurationName, don't specify InstanceId.
stringThe ID of the instance used to base the launch configuration on. For more information, see [Create an Auto Scaling group using an EC2 instance](https://docs.aws.amazon.com/autoscaling/ec2/userguide/create-asg-from-instance.html) in the *Amazon EC2 Auto Scaling User Guide*. If you specify LaunchTemplate, MixedInstancesPolicy, or LaunchConfigurationName, don't specify InstanceId.
arrayA list of Availability Zones where instances in the Auto Scaling group can be created. Used for launching into the default VPC subnet in each Availability Zone when not using the VPCZoneIdentifier property, or for attaching a network interface when an existing network interface ID is specified in a launch template.
A structure that specifies an Amazon SNS notification configuration for the ``NotificationConfigurations`` property of the [AWS::AutoScaling::AutoScalingGroup](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-autoscaling-autoscalinggroup.html) resource. For an example template snippet, see [Configure Amazon EC2 Auto Scaling resources](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-ec2-auto-scaling.html). For more information, see [Get Amazon SNS notifications when your Auto Scaling group scales](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ASGettingNotifications.html) in the *Amazon EC2 Auto Scaling User Guide*.
arrayEnables the monitoring of group metrics of an Auto Scaling group. By default, these metrics are disabled.
objectAn instance maintenance policy. For more information, see [Set instance maintenance policy](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-instance-maintenance-policy.html) in the *Amazon EC2 Auto Scaling User Guide*.
stringThe maximum size of the group.
With a mixed instances policy that uses instance weighting, Amazon EC2 Auto Scaling may need to go above MaxSize to meet your capacity requirements. In this event, Amazon EC2 Auto Scaling will never go above MaxSize by more than your largest instance weight (weights that define how many units each instance contributes to the desired capacity of the group).
stringThe maximum size of the group. With a mixed instances policy that uses instance weighting, Amazon EC2 Auto Scaling may need to go above MaxSize to meet your capacity requirements. In this event, Amazon EC2 Auto Scaling will never go above MaxSize by more than your largest instance weight (weights that define how many units each instance contributes to the desired capacity of the group).
stringThe minimum size of the group.
arrayA policy or a list of policies that are used to select the instance to terminate. These policies are executed in the order that you list them. For more information, see [Configure termination policies for Amazon EC2 Auto Scaling](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-termination-policies.html) in the *Amazon EC2 Auto Scaling User Guide*.
Valid values: Default | AllocationStrategy | ClosestToNextInstanceHour | NewestInstance | OldestInstance | OldestLaunchConfiguration | OldestLaunchTemplate | arn:aws:lambda:region:account-id:function:my-function:my-alias
stringThe name of the Auto Scaling group. This name must be unique per Region per account.
The name can contain any ASCII character 33 to 126 including most punctuation characters, digits, and upper and lowercased letters.
You cannot use a colon (:) in the name.
stringThe unit of measurement for the value specified for desired capacity. Amazon EC2 Auto Scaling supports DesiredCapacityType for attribute-based instance type selection only. For more information, see [Create a mixed instances group using attribute-based instance type selection](https://docs.aws.amazon.com/autoscaling/ec2/userguide/create-mixed-instances-group-attribute-based-instance-type-selection.html) in the *Amazon EC2 Auto Scaling User Guide*.
By default, Amazon EC2 Auto Scaling specifies units, which translates into number of instances.
Valid values: units | vcpu | memory-mib
stringThe name of the placement group into which to launch your instances. For more information, see [Placement groups](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html) in the *Amazon EC2 User Guide for Linux Instances*.
A *cluster* placement group is a logical grouping of instances within a single Availability Zone. You cannot specify multiple Availability Zones and a cluster placement group.
stringA comma-separated value string of one or more health check types.
The valid values are EC2, ELB, and VPC_LATTICE. EC2 is the default health check and cannot be disabled. For more information, see [Health checks for instances in an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-health-checks.html) in the *Amazon EC2 Auto Scaling User Guide*.
Only specify EC2 if you must clear a value that was previously set.
arrayA policy or a list of policies that are used to select the instance to terminate. These policies are executed in the order that you list them. For more information, see [Configure termination policies for Amazon EC2 Auto Scaling](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-termination-policies.html) in the *Amazon EC2 Auto Scaling User Guide*. Valid values: Default | AllocationStrategy | ClosestToNextInstanceHour | NewestInstance | OldestInstance | OldestLaunchConfiguration | OldestLaunchTemplate | arn:aws:lambda:region:account-id:function:my-function:my-alias
stringThe name of the Auto Scaling group. This name must be unique per Region per account. The name can contain any ASCII character 33 to 126 including most punctuation characters, digits, and upper and lowercased letters. You cannot use a colon (:) in the name.
stringThe unit of measurement for the value specified for desired capacity. Amazon EC2 Auto Scaling supports DesiredCapacityType for attribute-based instance type selection only. For more information, see [Create a mixed instances group using attribute-based instance type selection](https://docs.aws.amazon.com/autoscaling/ec2/userguide/create-mixed-instances-group-attribute-based-instance-type-selection.html) in the *Amazon EC2 Auto Scaling User Guide*. By default, Amazon EC2 Auto Scaling specifies units, which translates into number of instances. Valid values: units | vcpu | memory-mib
stringThe name of the placement group into which to launch your instances. For more information, see [Placement groups](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html) in the *Amazon EC2 User Guide for Linux Instances*. A *cluster* placement group is a logical grouping of instances within a single Availability Zone. You cannot specify multiple Availability Zones and a cluster placement group.
stringA comma-separated value string of one or more health check types. The valid values are EC2, ELB, and VPC_LATTICE. EC2 is the default health check and cannot be disabled. For more information, see [Health checks for instances in an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-health-checks.html) in the *Amazon EC2 Auto Scaling User Guide*. Only specify EC2 if you must clear a value that was previously set.
integerThe maximum amount of time, in seconds, that an instance can be in service. The default is null. If specified, the value must be either 0 or a number equal to or greater than 86,400 seconds (1 day). For more information, see [Replace Auto Scaling instances based on maximum instance lifetime](https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-max-instance-lifetime.html) in the *Amazon EC2 Auto Scaling User Guide*.
stringAWS region.
diff --git a/docs/aws-docs/providers/aws/backup/frameworks/index.md b/docs/aws-docs/providers/aws/backup/frameworks/index.md index beb806da13..50cdd1801f 100644 --- a/docs/aws-docs/providers/aws/backup/frameworks/index.md +++ b/docs/aws-docs/providers/aws/backup/frameworks/index.md @@ -36,7 +36,7 @@ Creates, updates, deletes or gets a framework resource or lists stringThe deployment status of a framework. The statuses are: `CREATE_IN_PROGRESS | UPDATE_IN_PROGRESS | DELETE_IN_PROGRESS | COMPLETED | FAILED` stringThe date and time that a framework is created, in ISO 8601 representation. The value of CreationTime is accurate to milliseconds. For example, 2020-07-10T15:00:00.000-08:00 represents the 10th of July 2020 at 3:00 PM 8 hours behind UTC. arrayContains detailed information about all of the controls of a framework. Each framework must contain at least one control. -stringA framework consists of one or more controls. Each control governs a resource, such as backup plans, backup selections, backup vaults, or recovery points. You can also turn AWS Config recording on or off for each resource. The statuses are:

`ACTIVE` when recording is turned on for all resources governed by the framework.

`PARTIALLY_ACTIVE` when recording is turned off for at least one resource governed by the framework.

`INACTIVE` when recording is turned off for all resources governed by the framework.

`UNAVAILABLE` when AWS Backup is unable to validate recording status at this time. +stringA framework consists of one or more controls. Each control governs a resource, such as backup plans, backup selections, backup vaults, or recovery points. You can also turn AWS Config recording on or off for each resource. The statuses are: `ACTIVE` when recording is turned on for all resources governed by the framework. `PARTIALLY_ACTIVE` when recording is turned off for at least one resource governed by the framework. `INACTIVE` when recording is turned off for all resources governed by the framework. `UNAVAILABLE` when AWS Backup is unable to validate recording status at this time. arrayMetadata that you can assign to help organize the frameworks that you create. Each tag is a key-value pair. stringAWS region. diff --git a/docs/aws-docs/providers/aws/cloudformation/hook_default_versions/index.md b/docs/aws-docs/providers/aws/cloudformation/hook_default_versions/index.md index 3cfd3c0620..bf639f57d3 100644 --- a/docs/aws-docs/providers/aws/cloudformation/hook_default_versions/index.md +++ b/docs/aws-docs/providers/aws/cloudformation/hook_default_versions/index.md @@ -31,7 +31,7 @@ Creates, updates, deletes or gets a hook_default_version resource o ## Fields - + diff --git a/docs/aws-docs/providers/aws/cloudformation/hook_type_configs/index.md b/docs/aws-docs/providers/aws/cloudformation/hook_type_configs/index.md index 2458855a50..8f32055a21 100644 --- a/docs/aws-docs/providers/aws/cloudformation/hook_type_configs/index.md +++ b/docs/aws-docs/providers/aws/cloudformation/hook_type_configs/index.md @@ -31,7 +31,7 @@ Creates, updates, deletes or gets a hook_type_config resource or li ## Fields
NameDatatypeDescription
stringThe Amazon Resource Name (ARN) of the type version.
stringThe name of the type being registered.

We recommend that type names adhere to the following pattern: company_or_organization::service::type.
stringThe name of the type being registered. We recommend that type names adhere to the following pattern: company_or_organization::service::type.
stringThe Amazon Resource Name (ARN) of the type. This is used to uniquely identify a HookDefaultVersion
stringThe ID of an existing version of the hook to set as the default.
stringAWS region.
- + diff --git a/docs/aws-docs/providers/aws/cloudformation/hook_versions/index.md b/docs/aws-docs/providers/aws/cloudformation/hook_versions/index.md index 349f75a0e4..83d384d3d9 100644 --- a/docs/aws-docs/providers/aws/cloudformation/hook_versions/index.md +++ b/docs/aws-docs/providers/aws/cloudformation/hook_versions/index.md @@ -35,10 +35,10 @@ Creates, updates, deletes or gets a hook_version resource or lists - - + + - +
NameDatatypeDescription
stringThe Amazon Resource Name (ARN) of the type without version number.
stringThe name of the type being registered.

We recommend that type names adhere to the following pattern: company_or_organization::service::type.
stringThe name of the type being registered. We recommend that type names adhere to the following pattern: company_or_organization::service::type.
stringThe Amazon Resource Name (ARN) for the configuration data, in this account and region.
stringThe configuration data for the extension, in this account and region.
stringAn alias by which to refer to this extension configuration data.
stringThe Amazon Resource Name (ARN) of the IAM execution role to use to register the type. If your resource type calls AWS APIs in any of its handlers, you must create an IAM execution role that includes the necessary permissions to call those AWS APIs, and provision that execution role in your account. CloudFormation then assumes that execution role to provide your resource type with the appropriate credentials.
booleanIndicates if this type version is the current default version
objectSpecifies logging configuration information for a type.
stringA url to the S3 bucket containing the schema handler package that contains the schema, event handlers, and associated files for the type you want to register.

For information on generating a schema handler package for the type you want to register, see submit in the CloudFormation CLI User Guide.
stringThe name of the type being registered.

We recommend that type names adhere to the following pattern: company_or_organization::service::type.
stringA url to the S3 bucket containing the schema handler package that contains the schema, event handlers, and associated files for the type you want to register. For information on generating a schema handler package for the type you want to register, see submit in the CloudFormation CLI User Guide.
stringThe name of the type being registered. We recommend that type names adhere to the following pattern: company_or_organization::service::type.
stringThe ID of the version of the type represented by this hook instance.
stringThe scope at which the type is visible and usable in CloudFormation operations.

Valid values include:

PRIVATE: The type is only visible and usable within the account in which it is registered. Currently, AWS CloudFormation marks any types you register as PRIVATE.

PUBLIC: The type is publically visible and usable within any Amazon account.
stringThe scope at which the type is visible and usable in CloudFormation operations. Valid values include: PRIVATE: The type is only visible and usable within the account in which it is registered. Currently, AWS CloudFormation marks any types you register as PRIVATE. PUBLIC: The type is publically visible and usable within any Amazon account.
stringAWS region.
diff --git a/docs/aws-docs/providers/aws/cloudformation/module_versions/index.md b/docs/aws-docs/providers/aws/cloudformation/module_versions/index.md index fc6e50dfb8..981727962b 100644 --- a/docs/aws-docs/providers/aws/cloudformation/module_versions/index.md +++ b/docs/aws-docs/providers/aws/cloudformation/module_versions/index.md @@ -33,13 +33,13 @@ Creates, updates, deletes or gets a module_version resource or list - + - +
NameDatatypeDescription
stringThe Amazon Resource Name (ARN) of the module.
stringThe description of the registered module.
stringThe URL of a page providing detailed documentation for this module.
stringThe name of the module being registered.

Recommended module naming pattern: company_or_organization::service::type::MODULE.
stringThe name of the module being registered. Recommended module naming pattern: company_or_organization::service::type::MODULE.
stringThe url to the S3 bucket containing the schema and template fragment for the module you want to register.
booleanIndicator of whether this module version is the current default version
stringThe schema defining input parameters to and resources generated by the module.
stringThe time that the specified module version was registered.
stringThe version ID of the module represented by this module instance.
stringThe scope at which the type is visible and usable in CloudFormation operations.

The only allowed value at present is:

PRIVATE: The type is only visible and usable within the account in which it is registered. Currently, AWS CloudFormation marks any types you register as PRIVATE.
stringThe scope at which the type is visible and usable in CloudFormation operations. The only allowed value at present is: PRIVATE: The type is only visible and usable within the account in which it is registered. Currently, AWS CloudFormation marks any types you register as PRIVATE.
stringAWS region.
diff --git a/docs/aws-docs/providers/aws/cloudformation/public_type_versions/index.md b/docs/aws-docs/providers/aws/cloudformation/public_type_versions/index.md index 896a21cf75..7c05e69d8d 100644 --- a/docs/aws-docs/providers/aws/cloudformation/public_type_versions/index.md +++ b/docs/aws-docs/providers/aws/cloudformation/public_type_versions/index.md @@ -35,7 +35,7 @@ Creates, updates, deletes or gets a public_type_version resource or stringThe version number of a public third-party extension stringThe publisher id assigned by CloudFormation for publishing in this region. stringThe Amazon Resource Number (ARN) assigned to the public extension upon publication -stringThe name of the type being registered.

We recommend that type names adhere to the following pattern: company_or_organization::service::type. +stringThe name of the type being registered. We recommend that type names adhere to the following pattern: company_or_organization::service::type. stringA url to the S3 bucket where logs for the testType run will be available stringThe kind of extension stringAWS region. diff --git a/docs/aws-docs/providers/aws/cloudformation/resource_default_versions/index.md b/docs/aws-docs/providers/aws/cloudformation/resource_default_versions/index.md index 12dda5a9ef..27fecd0ecd 100644 --- a/docs/aws-docs/providers/aws/cloudformation/resource_default_versions/index.md +++ b/docs/aws-docs/providers/aws/cloudformation/resource_default_versions/index.md @@ -31,7 +31,7 @@ Creates, updates, deletes or gets a resource_default_version resour ## Fields - + diff --git a/docs/aws-docs/providers/aws/cloudformation/resource_versions/index.md b/docs/aws-docs/providers/aws/cloudformation/resource_versions/index.md index fd32465fd6..d7e674202a 100644 --- a/docs/aws-docs/providers/aws/cloudformation/resource_versions/index.md +++ b/docs/aws-docs/providers/aws/cloudformation/resource_versions/index.md @@ -36,10 +36,10 @@ Creates, updates, deletes or gets a resource_version resource or li - - + + - +
NameDatatypeDescription
stringThe ID of an existing version of the resource to set as the default.
stringThe name of the type being registered.

We recommend that type names adhere to the following pattern: company_or_organization::service::type.
stringThe name of the type being registered. We recommend that type names adhere to the following pattern: company_or_organization::service::type.
stringThe Amazon Resource Name (ARN) of the type. This is used to uniquely identify a ResourceDefaultVersion
stringThe Amazon Resource Name (ARN) of the type version.
stringAWS region.
booleanIndicates if this type version is the current default version
objectSpecifies logging configuration information for a type.
stringThe provisioning behavior of the type. AWS CloudFormation determines the provisioning type during registration, based on the types of handlers in the schema handler package submitted.
stringA url to the S3 bucket containing the schema handler package that contains the schema, event handlers, and associated files for the type you want to register.

For information on generating a schema handler package for the type you want to register, see submit in the CloudFormation CLI User Guide.
stringThe name of the type being registered.

We recommend that type names adhere to the following pattern: company_or_organization::service::type.
stringA url to the S3 bucket containing the schema handler package that contains the schema, event handlers, and associated files for the type you want to register. For information on generating a schema handler package for the type you want to register, see submit in the CloudFormation CLI User Guide.
stringThe name of the type being registered. We recommend that type names adhere to the following pattern: company_or_organization::service::type.
stringThe ID of the version of the type represented by this resource instance.
stringThe scope at which the type is visible and usable in CloudFormation operations.

Valid values include:

PRIVATE: The type is only visible and usable within the account in which it is registered. Currently, AWS CloudFormation marks any types you register as PRIVATE.

PUBLIC: The type is publically visible and usable within any Amazon account.
stringThe scope at which the type is visible and usable in CloudFormation operations. Valid values include: PRIVATE: The type is only visible and usable within the account in which it is registered. Currently, AWS CloudFormation marks any types you register as PRIVATE. PUBLIC: The type is publically visible and usable within any Amazon account.
stringAWS region.
diff --git a/docs/aws-docs/providers/aws/cloudformation/type_activations/index.md b/docs/aws-docs/providers/aws/cloudformation/type_activations/index.md index 489c076b84..95f098159e 100644 --- a/docs/aws-docs/providers/aws/cloudformation/type_activations/index.md +++ b/docs/aws-docs/providers/aws/cloudformation/type_activations/index.md @@ -39,7 +39,7 @@ Creates, updates, deletes or gets a type_activation resource or lis stringAn alias to assign to the public extension in this account and region. If you specify an alias for the extension, you must then use the alias to refer to the extension in your templates. stringManually updates a previously-enabled type to a new major or minor version, if available. You can also use this parameter to update the value of AutoUpdateEnabled stringThe Major Version of the type you want to enable -stringThe name of the type being registered.

We recommend that type names adhere to the following pattern: company_or_organization::service::type. +stringThe name of the type being registered. We recommend that type names adhere to the following pattern: company_or_organization::service::type. stringThe kind of extension stringAWS region. diff --git a/docs/aws-docs/providers/aws/cloudwatch/alarms/index.md b/docs/aws-docs/providers/aws/cloudwatch/alarms/index.md index 9de49102de..4359d3d17c 100644 --- a/docs/aws-docs/providers/aws/cloudwatch/alarms/index.md +++ b/docs/aws-docs/providers/aws/cloudwatch/alarms/index.md @@ -25,32 +25,32 @@ Creates, updates, deletes or gets an alarm resource or lists - +
Namealarms
TypeResource
DescriptionThe AWS::CloudWatch::Alarm type specifies an alarm and associates it with the specified metric or metric math expression.
When this operation creates an alarm, the alarm state is immediately set to INSUFFICIENT_DATA. The alarm is then evaluated and its state is set appropriately. Any actions associated with the new state are then executed.
When you update an existing alarm, its state is left unchanged, but the update completely overwrites the previous configuration of the alarm.
DescriptionThe AWS::CloudWatch::Alarm type specifies an alarm and associates it with the specified metric or metric math expression. When this operation creates an alarm, the alarm state is immediately set to INSUFFICIENT_DATA. The alarm is then evaluated and its state is set appropriately. Any actions associated with the new state are then executed. When you update an existing alarm, its state is left unchanged, but the update completely overwrites the previous configuration of the alarm.
Id
## Fields - + - + - - - - + + + + - + - - + + - + diff --git a/docs/aws-docs/providers/aws/codeconnections/connections/index.md b/docs/aws-docs/providers/aws/codeconnections/connections/index.md index 4da40789bb..a3c201ed3b 100644 --- a/docs/aws-docs/providers/aws/codeconnections/connections/index.md +++ b/docs/aws-docs/providers/aws/codeconnections/connections/index.md @@ -30,7 +30,7 @@ Creates, updates, deletes or gets a connection resource or lists
NameDatatypeDescription
stringIn an alarm based on an anomaly detection model, this is the ID of the ANOMALY_DETECTION_BAND function used as the threshold for the alarm.
stringUsed only for alarms based on percentiles. If ignore, the alarm state does not change during periods with too few data points to be statistically significant. If evaluate or this parameter is not used, the alarm is always evaluated and possibly changes state no matter how many data points are available.
stringThe percentile statistic for the metric associated with the alarm. Specify a value between p0.0 and p100.
For an alarm based on a metric, you must specify either Statistic or ExtendedStatistic but not both.
For an alarm based on a math expression, you can't specify ExtendedStatistic. Instead, you use Metrics.
stringThe percentile statistic for the metric associated with the alarm. Specify a value between p0.0 and p100. For an alarm based on a metric, you must specify either Statistic or ExtendedStatistic but not both. For an alarm based on a math expression, you can't specify ExtendedStatistic. Instead, you use Metrics.
stringThe arithmetic operation to use when comparing the specified statistic and threshold. The specified statistic value is used as the first operand.
stringSets how this alarm is to handle missing data points. Valid values are breaching, notBreaching, ignore, and missing. For more information, see [Configuring How Alarms Treat Missing Data](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/AlarmThatSendsEmail.html#alarms-and-missing-data) in the *Amazon User Guide*.
If you omit this parameter, the default behavior of missing is used.
stringSets how this alarm is to handle missing data points. Valid values are breaching, notBreaching, ignore, and missing. For more information, see [Configuring How Alarms Treat Missing Data](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/AlarmThatSendsEmail.html#alarms-and-missing-data) in the *Amazon User Guide*. If you omit this parameter, the default behavior of missing is used.
arrayThe dimensions for the metric associated with the alarm. For an alarm based on a math expression, you can't specify Dimensions. Instead, you use Metrics.
integerThe period, in seconds, over which the statistic is applied. This is required for an alarm based on a metric. Valid values are 10, 30, 60, and any multiple of 60.
For an alarm based on a math expression, you can't specify Period, and instead you use the Metrics parameter.
*Minimum:* 10
integerThe number of periods over which data is compared to the specified threshold. If you are setting an alarm that requires that a number of consecutive data points be breaching to trigger the alarm, this value specifies that number. If you are setting an "M out of N" alarm, this value is the N, and DatapointsToAlarm is the M.
For more information, see [Evaluating an Alarm](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/AlarmThatSendsEmail.html#alarm-evaluation) in the *User Guide*.
stringThe unit of the metric associated with the alarm. Specify this only if you are creating an alarm based on a single metric. Do not specify this if you are specifying a Metrics array.
You can specify the following values: Seconds, Microseconds, Milliseconds, Bytes, Kilobytes, Megabytes, Gigabytes, Terabytes, Bits, Kilobits, Megabits, Gigabits, Terabits, Percent, Count, Bytes/Second, Kilobytes/Second, Megabytes/Second, Gigabytes/Second, Terabytes/Second, Bits/Second, Kilobits/Second, Megabits/Second, Gigabits/Second, Terabits/Second, Count/Second, or None.
stringThe namespace of the metric associated with the alarm. This is required for an alarm based on a metric. For an alarm based on a math expression, you can't specify Namespace and you use Metrics instead.
For a list of namespaces for metrics from AWS services, see [Services That Publish Metrics.](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/aws-services-cloudwatch-metrics.html)
integerThe period, in seconds, over which the statistic is applied. This is required for an alarm based on a metric. Valid values are 10, 30, 60, and any multiple of 60. For an alarm based on a math expression, you can't specify Period, and instead you use the Metrics parameter. *Minimum:* 10
integerThe number of periods over which data is compared to the specified threshold. If you are setting an alarm that requires that a number of consecutive data points be breaching to trigger the alarm, this value specifies that number. If you are setting an "M out of N" alarm, this value is the N, and DatapointsToAlarm is the M. For more information, see [Evaluating an Alarm](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/AlarmThatSendsEmail.html#alarm-evaluation) in the *User Guide*.
stringThe unit of the metric associated with the alarm. Specify this only if you are creating an alarm based on a single metric. Do not specify this if you are specifying a Metrics array. You can specify the following values: Seconds, Microseconds, Milliseconds, Bytes, Kilobytes, Megabytes, Gigabytes, Terabytes, Bits, Kilobits, Megabits, Gigabits, Terabits, Percent, Count, Bytes/Second, Kilobytes/Second, Megabytes/Second, Gigabytes/Second, Terabytes/Second, Bits/Second, Kilobits/Second, Megabits/Second, Gigabits/Second, Terabits/Second, Count/Second, or None.
stringThe namespace of the metric associated with the alarm. This is required for an alarm based on a metric. For an alarm based on a math expression, you can't specify Namespace and you use Metrics instead. For a list of namespaces for metrics from AWS services, see [Services That Publish Metrics.](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/aws-services-cloudwatch-metrics.html)
arrayThe actions to execute when this alarm transitions to the OK state from any other state. Each action is specified as an Amazon Resource Name (ARN).
arrayThe list of actions to execute when this alarm transitions into an ALARM state from any other state. Specify each action as an Amazon Resource Name (ARN). For more information about creating alarms and the actions that you can specify, see [PutMetricAlarm](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_PutMetricAlarm.html) in the *API Reference*.
stringThe name of the metric associated with the alarm. This is required for an alarm based on a metric. For an alarm based on a math expression, you use Metrics instead and you can't specify MetricName.
booleanIndicates whether actions should be executed during any changes to the alarm state. The default is TRUE.
arrayAn array that enables you to create an alarm based on the result of a metric math expression. Each item in the array either retrieves a metric or performs a math expression.
If you specify the Metrics parameter, you cannot specify MetricName, Dimensions, Period, Namespace, Statistic, ExtendedStatistic, or Unit.
arrayAn array that enables you to create an alarm based on the result of a metric math expression. Each item in the array either retrieves a metric or performs a math expression. If you specify the Metrics parameter, you cannot specify MetricName, Dimensions, Period, Namespace, Statistic, ExtendedStatistic, or Unit.
stringThe description of the alarm.
stringThe name of the alarm. If you don't specify a name, CFN generates a unique physical ID and uses that ID for the alarm name.
If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.
stringThe statistic for the metric associated with the alarm, other than percentile. For percentile statistics, use ExtendedStatistic.
For an alarm based on a metric, you must specify either Statistic or ExtendedStatistic but not both.
For an alarm based on a math expression, you can't specify Statistic. Instead, you use Metrics.
stringThe name of the alarm. If you don't specify a name, CFN generates a unique physical ID and uses that ID for the alarm name. If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.
stringThe statistic for the metric associated with the alarm, other than percentile. For percentile statistics, use ExtendedStatistic. For an alarm based on a metric, you must specify either Statistic or ExtendedStatistic but not both. For an alarm based on a math expression, you can't specify Statistic. Instead, you use Metrics.
arrayThe actions to execute when this alarm transitions to the INSUFFICIENT_DATA state from any other state. Each action is specified as an Amazon Resource Name (ARN).
string
integerThe number of datapoints that must be breaching to trigger the alarm. This is used only if you are setting an "M out of N" alarm. In that case, this value is the M, and the value that you set for EvaluationPeriods is the N value. For more information, see [Evaluating an Alarm](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/AlarmThatSendsEmail.html#alarm-evaluation) in the *User Guide*.
If you omit this parameter, CW uses the same value here that you set for EvaluationPeriods, and the alarm goes to alarm state if that many consecutive periods are breaching.
integerThe number of datapoints that must be breaching to trigger the alarm. This is used only if you are setting an "M out of N" alarm. In that case, this value is the M, and the value that you set for EvaluationPeriods is the N value. For more information, see [Evaluating an Alarm](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/AlarmThatSendsEmail.html#alarm-evaluation) in the *User Guide*. If you omit this parameter, CW uses the same value here that you set for EvaluationPeriods, and the alarm goes to alarm state if that many consecutive periods are breaching.
numberThe value to compare with the specified statistic.
array
stringAWS region.
## Fields - +
NameDatatypeDescription
stringThe Amazon Resource Name (ARN) of the connection. The ARN is used as the connection reference when the connection is shared between AWS services.
diff --git a/docs/aws-docs/providers/aws/codestarconnections/connections/index.md b/docs/aws-docs/providers/aws/codestarconnections/connections/index.md index f9ec17c85f..67ebfa3c85 100644 --- a/docs/aws-docs/providers/aws/codestarconnections/connections/index.md +++ b/docs/aws-docs/providers/aws/codestarconnections/connections/index.md @@ -30,7 +30,7 @@ Creates, updates, deletes or gets a connection resource or lists
NameDatatypeDescription
stringThe Amazon Resource Name (ARN) of the connection. The ARN is used as the connection reference when the connection is shared between AWS services.
stringThe name of the connection. Connection names must be unique in an AWS user account.
stringThe current status of the connection.
stringThe name of the external provider where your third-party code repository is configured. For Bitbucket, this is the account ID of the owner of the Bitbucket repository.
## Fields - +
NameDatatypeDescription
stringThe Amazon Resource Name (ARN) of the connection. The ARN is used as the connection reference when the connection is shared between AWS services.
diff --git a/docs/aws-docs/providers/aws/config/config_rules/index.md b/docs/aws-docs/providers/aws/config/config_rules/index.md index 4180e9b471..fe86458524 100644 --- a/docs/aws-docs/providers/aws/config/config_rules/index.md +++ b/docs/aws-docs/providers/aws/config/config_rules/index.md @@ -25,18 +25,18 @@ Creates, updates, deletes or gets a config_rule resource or lists <
NameDatatypeDescription
stringThe Amazon Resource Name (ARN) of the connection. The ARN is used as the connection reference when the connection is shared between AWS services.
stringThe name of the connection. Connection names must be unique in an AWS user account.
stringThe current status of the connection.
stringThe name of the external provider where your third-party code repository is configured. For Bitbucket, this is the account ID of the owner of the Bitbucket repository.
- +
Nameconfig_rules
TypeResource
DescriptionYou must first create and start the CC configuration recorder in order to create CC managed rules with CFNlong. For more information, see [Managing the Configuration Recorder](https://docs.aws.amazon.com/config/latest/developerguide/stop-start-recorder.html).
Adds or updates an CC rule to evaluate if your AWS resources comply with your desired configurations. For information on how many CC rules you can have per account, see [Service Limits](https://docs.aws.amazon.com/config/latest/developerguide/configlimits.html) in the *Developer Guide*.
There are two types of rules: *Managed Rules* and *Custom Rules*. You can use the ConfigRule resource to create both CC Managed Rules and CC Custom Rules.
CC Managed Rules are predefined, customizable rules created by CC. For a list of managed rules, see [List of Managed Rules](https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html). If you are adding an CC managed rule, you must specify the rule's identifier for the SourceIdentifier key.
CC Custom Rules are rules that you create from scratch. There are two ways to create CC custom rules: with Lambda functions ([Developer Guide](https://docs.aws.amazon.com/config/latest/developerguide/gettingstarted-concepts.html#gettingstarted-concepts-function)) and with CFNGUARDshort ([Guard GitHub Repository](https://docs.aws.amazon.com/https://github.com/aws-cloudformation/cloudformation-guard)), a policy-as-code language. CC custom rules created with LAMlong are called *Custom Lambda Rules* and CC custom rules created with CFNGUARDshort are called *Custom Policy Rules*.
If you are adding a new CC Custom LAM rule, you first need to create an LAMlong function that the rule invokes to evaluate your resources. When you use the ConfigRule resource to add a Custom LAM rule to CC, you must specify the Amazon Resource Name (ARN) that LAMlong assigns to the function. You specify the ARN in the SourceIdentifier key. This key is part of the Source object, which is part of the ConfigRule object.
For any new CC rule that you add, specify the ConfigRuleName in the ConfigRule object. Do not specify the ConfigRuleArn or the ConfigRuleId. These values are generated by CC for new rules.
If you are updating a rule that you added previously, you can specify the rule by ConfigRuleName, ConfigRuleId, or ConfigRuleArn in the ConfigRule data type that you use in this request.
For more information about developing and using CC rules, see [Evaluating Resources with Rules](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config.html) in the *Developer Guide*.
DescriptionYou must first create and start the CC configuration recorder in order to create CC managed rules with CFNlong. For more information, see [Managing the Configuration Recorder](https://docs.aws.amazon.com/config/latest/developerguide/stop-start-recorder.html). Adds or updates an CC rule to evaluate if your AWS resources comply with your desired configurations. For information on how many CC rules you can have per account, see [Service Limits](https://docs.aws.amazon.com/config/latest/developerguide/configlimits.html) in the *Developer Guide*. There are two types of rules: *Managed Rules* and *Custom Rules*. You can use the ConfigRule resource to create both CC Managed Rules and CC Custom Rules. CC Managed Rules are predefined, customizable rules created by CC. For a list of managed rules, see [List of Managed Rules](https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html). If you are adding an CC managed rule, you must specify the rule's identifier for the SourceIdentifier key. CC Custom Rules are rules that you create from scratch. There are two ways to create CC custom rules: with Lambda functions ([Developer Guide](https://docs.aws.amazon.com/config/latest/developerguide/gettingstarted-concepts.html#gettingstarted-concepts-function)) and with CFNGUARDshort ([Guard GitHub Repository](https://docs.aws.amazon.com/https://github.com/aws-cloudformation/cloudformation-guard)), a policy-as-code language. CC custom rules created with LAMlong are called *Custom Lambda Rules* and CC custom rules created with CFNGUARDshort are called *Custom Policy Rules*. If you are adding a new CC Custom LAM rule, you first need to create an LAMlong function that the rule invokes to evaluate your resources. When you use the ConfigRule resource to add a Custom LAM rule to CC, you must specify the Amazon Resource Name (ARN) that LAMlong assigns to the function. You specify the ARN in the SourceIdentifier key. This key is part of the Source object, which is part of the ConfigRule object. For any new CC rule that you add, specify the ConfigRuleName in the ConfigRule object. Do not specify the ConfigRuleArn or the ConfigRuleId. These values are generated by CC for new rules. If you are updating a rule that you added previously, you can specify the rule by ConfigRuleName, ConfigRuleId, or ConfigRuleArn in the ConfigRule data type that you use in this request. For more information about developing and using CC rules, see [Evaluating Resources with Rules](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config.html) in the *Developer Guide*.
Id
## Fields - + - + diff --git a/docs/aws-docs/providers/aws/dynamodb/tables/index.md b/docs/aws-docs/providers/aws/dynamodb/tables/index.md index dc85b95ed6..bfc9ecf4e7 100644 --- a/docs/aws-docs/providers/aws/dynamodb/tables/index.md +++ b/docs/aws-docs/providers/aws/dynamodb/tables/index.md @@ -25,7 +25,7 @@ Creates, updates, deletes or gets a table resource or lists t
NameDatatypeDescription
string
stringThe description that you provide for the CC rule.
objectDefines which resources can trigger an evaluation for the rule. The scope can include one or more resource types, a combination of one resource type and one resource ID, or a combination of a tag key and value. Specify a scope to constrain the resources that can trigger an evaluation for the rule. If you do not specify a scope, evaluations are triggered when any resource in the recording group changes.
The scope can be empty.
objectDefines which resources can trigger an evaluation for the rule. The scope can include one or more resource types, a combination of one resource type and one resource ID, or a combination of a tag key and value. Specify a scope to constrain the resources that can trigger an evaluation for the rule. If you do not specify a scope, evaluations are triggered when any resource in the recording group changes. The scope can be empty.
stringA name for the CC rule. If you don't specify a name, CFN generates a unique physical ID and uses that ID for the rule name. For more information, see [Name Type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html).
string
objectIndicates whether an AWS resource or CC rule is compliant and provides the number of contributors that affect the compliance.
stringThe maximum frequency with which CC runs evaluations for a rule. You can specify a value for MaximumExecutionFrequency when:
+ You are using an AWS managed rule that is triggered at a periodic frequency.
+ Your custom rule is triggered when CC delivers the configuration snapshot. For more information, see [ConfigSnapshotDeliveryProperties](https://docs.aws.amazon.com/config/latest/APIReference/API_ConfigSnapshotDeliveryProperties.html).

By default, rules with a periodic trigger are evaluated every 24 hours. To change the frequency, specify a valid value for the MaximumExecutionFrequency parameter.
stringThe maximum frequency with which CC runs evaluations for a rule. You can specify a value for MaximumExecutionFrequency when: + You are using an AWS managed rule that is triggered at a periodic frequency. + Your custom rule is triggered when CC delivers the configuration snapshot. For more information, see [ConfigSnapshotDeliveryProperties](https://docs.aws.amazon.com/config/latest/APIReference/API_ConfigSnapshotDeliveryProperties.html). By default, rules with a periodic trigger are evaluated every 24 hours. To change the frequency, specify a valid value for the MaximumExecutionFrequency parameter.
objectProvides the rule owner ( for managed rules, CUSTOM_POLICY for Custom Policy rules, and CUSTOM_LAMBDA for Custom Lambda rules), the rule identifier, and the notifications that cause the function to evaluate your AWS resources.
objectA string, in JSON format, that is passed to the CC rule Lambda function.
arrayThe modes the CC rule can be evaluated in. The valid values are distinct objects. By default, the value is Detective evaluation mode only.
- +
Nametables
TypeResource
DescriptionThe AWS::DynamoDB::Table resource creates a DDB table. For more information, see [CreateTable](https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_CreateTable.html) in the *API Reference*.
You should be aware of the following behaviors when working with DDB tables:
+ CFNlong typically creates DDB tables in parallel. However, if your template includes multiple DDB tables with indexes, you must declare dependencies so that the tables are created sequentially. DDBlong limits the number of tables with secondary indexes that are in the creating state. If you create multiple tables with indexes at the same time, DDB returns an error and the stack operation fails. For an example, see [DynamoDB Table with a DependsOn Attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dynamodb-table.html#aws-resource-dynamodb-table--examples--DynamoDB_Table_with_a_DependsOn_Attribute).

Our guidance is to use the latest schema documented here for your CFNlong templates. This schema supports the provisioning of all table settings below. When using this schema in your CFNlong templates, please ensure that your Identity and Access Management (IAM) policies are updated with appropriate permissions to allow for the authorization of these setting changes.
DescriptionThe AWS::DynamoDB::Table resource creates a DDB table. For more information, see [CreateTable](https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_CreateTable.html) in the *API Reference*. You should be aware of the following behaviors when working with DDB tables: + CFNlong typically creates DDB tables in parallel. However, if your template includes multiple DDB tables with indexes, you must declare dependencies so that the tables are created sequentially. DDBlong limits the number of tables with secondary indexes that are in the creating state. If you create multiple tables with indexes at the same time, DDB returns an error and the stack operation fails. For an example, see [DynamoDB Table with a DependsOn Attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dynamodb-table.html#aws-resource-dynamodb-table--examples--DynamoDB_Table_with_a_DependsOn_Attribute). Our guidance is to use the latest schema documented here for your CFNlong templates. This schema supports the provisioning of all table settings below. When using this schema in your CFNlong templates, please ensure that your Identity and Access Management (IAM) policies are updated with appropriate permissions to allow for the authorization of these setting changes.
Id
@@ -35,22 +35,22 @@ Creates, updates, deletes or gets a table resource or lists t objectThe Kinesis Data Streams configuration for the specified table. objectThe settings for the DDB table stream, which capture changes to items stored in the table. objectThe settings used to enable or disable CloudWatch Contributor Insights for the specified table. -objectSpecifies the properties of data being imported from the S3 bucket source to the table.
If you specify the ImportSourceSpecification property, and also specify either the StreamSpecification, the TableClass property, or the DeletionProtectionEnabled property, the IAM entity creating/updating stack must have UpdateTable permission. +objectSpecifies the properties of data being imported from the S3 bucket source to the table. If you specify the ImportSourceSpecification property, and also specify either the StreamSpecification, the TableClass property, or the DeletionProtectionEnabled property, the IAM entity creating/updating stack must have UpdateTable permission. objectThe settings used to enable point in time recovery. -objectThroughput for the specified table, which consists of values for ReadCapacityUnits and WriteCapacityUnits. For more information about the contents of a provisioned throughput structure, see [Amazon DynamoDB Table ProvisionedThroughput](https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_ProvisionedThroughput.html).
If you set BillingMode as PROVISIONED, you must specify this property. If you set BillingMode as PAY_PER_REQUEST, you cannot specify this property. -stringA name for the table. If you don't specify a name, CFNlong generates a unique physical ID and uses that ID for the table name. For more information, see [Name Type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html).
If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name. -arrayA list of attributes that describe the key schema for the table and indexes.
This property is required to create a DDB table.
Update requires: [Some interruptions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-some-interrupt). Replacement if you edit an existing AttributeDefinition. -stringSpecify how you are charged for read and write throughput and how you manage capacity.
Valid values include:
+ PROVISIONED - We recommend using PROVISIONED for predictable workloads. PROVISIONED sets the billing mode to [Provisioned Mode](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/HowItWorks.ReadWriteCapacityMode.html#HowItWorks.ProvisionedThroughput.Manual).
+ PAY_PER_REQUEST - We recommend using PAY_PER_REQUEST for unpredictable workloads. PAY_PER_REQUEST sets the billing mode to [On-Demand Mode](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/HowItWorks.ReadWriteCapacityMode.html#HowItWorks.OnDemand).

If not specified, the default is PROVISIONED. -arrayGlobal secondary indexes to be created on the table. You can create up to 20 global secondary indexes.
If you update a table to include a new global secondary index, CFNlong initiates the index creation and then proceeds with the stack update. CFNlong doesn't wait for the index to complete creation because the backfilling phase can take a long time, depending on the size of the table. You can't use the index or update the table until the index's status is ACTIVE. You can track its status by using the DynamoDB [DescribeTable](https://docs.aws.amazon.com/cli/latest/reference/dynamodb/describe-table.html) command.
If you add or delete an index during an update, we recommend that you don't update any other resources. If your stack fails to update and is rolled back while adding a new index, you must manually delete the index.
Updates are not supported. The following are exceptions:
+ If you update either the contributor insights specification or the provisioned throughput values of global secondary indexes, you can update the table without interruption.
+ You can delete or add one global secondary index without interruption. If you do both in the same update (for example, by changing the index's logical ID), the update fails. -objectA resource-based policy document that contains permissions to add to the specified table. In a CFNshort template, you can provide the policy in JSON or YAML format because CFNshort converts YAML to JSON before submitting it to DDB. For more information about resource-based policies, see [Using resource-based policies for](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/access-control-resource-based.html) and [Resource-based policy examples](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/rbac-examples.html).
When you attach a resource-based policy while creating a table, the policy creation is *strongly consistent*. For information about the considerations that you should keep in mind while attaching a resource-based policy, see [Resource-based policy considerations](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/rbac-considerations.html). +objectThroughput for the specified table, which consists of values for ReadCapacityUnits and WriteCapacityUnits. For more information about the contents of a provisioned throughput structure, see [Amazon DynamoDB Table ProvisionedThroughput](https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_ProvisionedThroughput.html). If you set BillingMode as PROVISIONED, you must specify this property. If you set BillingMode as PAY_PER_REQUEST, you cannot specify this property. +stringA name for the table. If you don't specify a name, CFNlong generates a unique physical ID and uses that ID for the table name. For more information, see [Name Type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html). If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name. +arrayA list of attributes that describe the key schema for the table and indexes. This property is required to create a DDB table. Update requires: [Some interruptions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-some-interrupt). Replacement if you edit an existing AttributeDefinition. +stringSpecify how you are charged for read and write throughput and how you manage capacity. Valid values include: + PROVISIONED - We recommend using PROVISIONED for predictable workloads. PROVISIONED sets the billing mode to [Provisioned Mode](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/HowItWorks.ReadWriteCapacityMode.html#HowItWorks.ProvisionedThroughput.Manual). + PAY_PER_REQUEST - We recommend using PAY_PER_REQUEST for unpredictable workloads. PAY_PER_REQUEST sets the billing mode to [On-Demand Mode](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/HowItWorks.ReadWriteCapacityMode.html#HowItWorks.OnDemand). If not specified, the default is PROVISIONED. +arrayGlobal secondary indexes to be created on the table. You can create up to 20 global secondary indexes. If you update a table to include a new global secondary index, CFNlong initiates the index creation and then proceeds with the stack update. CFNlong doesn't wait for the index to complete creation because the backfilling phase can take a long time, depending on the size of the table. You can't use the index or update the table until the index's status is ACTIVE. You can track its status by using the DynamoDB [DescribeTable](https://docs.aws.amazon.com/cli/latest/reference/dynamodb/describe-table.html) command. If you add or delete an index during an update, we recommend that you don't update any other resources. If your stack fails to update and is rolled back while adding a new index, you must manually delete the index. Updates are not supported. The following are exceptions: + If you update either the contributor insights specification or the provisioned throughput values of global secondary indexes, you can update the table without interruption. + You can delete or add one global secondary index without interruption. If you do both in the same update (for example, by changing the index's logical ID), the update fails. +objectA resource-based policy document that contains permissions to add to the specified table. In a CFNshort template, you can provide the policy in JSON or YAML format because CFNshort converts YAML to JSON before submitting it to DDB. For more information about resource-based policies, see [Using resource-based policies for](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/access-control-resource-based.html) and [Resource-based policy examples](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/rbac-examples.html). When you attach a resource-based policy while creating a table, the policy creation is *strongly consistent*. For information about the considerations that you should keep in mind while attaching a resource-based policy, see [Resource-based policy considerations](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/rbac-considerations.html). undefinedSpecifies the attributes that make up the primary key for the table. The attributes in the KeySchema property must also be defined in the AttributeDefinitions property. arrayLocal secondary indexes to be created on the table. You can create up to 5 local secondary indexes. Each index is scoped to a given hash key value. The size of each hash key can be up to 10 gigabytes. string string booleanDetermines if a table is protected from deletion. When enabled, the table cannot be deleted by any user or process. This setting is disabled by default. For more information, see [Using deletion protection](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/WorkingWithTables.Basics.html#WorkingWithTables.Basics.DeletionProtection) in the *Developer Guide*. stringThe table class of the new table. Valid values are STANDARD and STANDARD_INFREQUENT_ACCESS. -arrayAn array of key-value pairs to apply to this resource.
For more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html). -objectSpecifies the Time to Live (TTL) settings for the table.
For detailed information about the limits in DynamoDB, see [Limits in Amazon DynamoDB](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Limits.html) in the Amazon DynamoDB Developer Guide. +arrayAn array of key-value pairs to apply to this resource. For more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html). +objectSpecifies the Time to Live (TTL) settings for the table. For detailed information about the limits in DynamoDB, see [Limits in Amazon DynamoDB](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Limits.html) in the Amazon DynamoDB Developer Guide. stringAWS region. diff --git a/docs/aws-docs/providers/aws/ec2/customer_gateways/index.md b/docs/aws-docs/providers/aws/ec2/customer_gateways/index.md index 5574c83d1d..5f7cdc8870 100644 --- a/docs/aws-docs/providers/aws/ec2/customer_gateways/index.md +++ b/docs/aws-docs/providers/aws/ec2/customer_gateways/index.md @@ -34,7 +34,7 @@ Creates, updates, deletes or gets a customer_gateway resource or li string stringIPv4 address for the customer gateway device's outside interface. The address must be static. number -integerFor devices that support BGP, the customer gateway's BGP ASN.
Default: 65000 +integerFor devices that support BGP, the customer gateway's BGP ASN. Default: 65000 arrayOne or more tags for the customer gateway. string stringThe name of customer gateway device. diff --git a/docs/aws-docs/providers/aws/ec2/eips/index.md b/docs/aws-docs/providers/aws/ec2/eips/index.md index cbe5315b53..5bcfbb2b64 100644 --- a/docs/aws-docs/providers/aws/ec2/eips/index.md +++ b/docs/aws-docs/providers/aws/ec2/eips/index.md @@ -25,19 +25,19 @@ Creates, updates, deletes or gets an eip resource or lists ei - +
Nameeips
TypeResource
DescriptionSpecifies an Elastic IP (EIP) address and can, optionally, associate it with an Amazon EC2 instance.
You can allocate an Elastic IP address from an address pool owned by AWS or from an address pool created from a public IPv4 address range that you have brought to AWS for use with your AWS resources using bring your own IP addresses (BYOIP). For more information, see [Bring Your Own IP Addresses (BYOIP)](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-byoip.html) in the *Amazon EC2 User Guide*.
For more information, see [Elastic IP Addresses](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html) in the *Amazon EC2 User Guide*.
DescriptionSpecifies an Elastic IP (EIP) address and can, optionally, associate it with an Amazon EC2 instance. You can allocate an Elastic IP address from an address pool owned by AWS or from an address pool created from a public IPv4 address range that you have brought to AWS for use with your AWS resources using bring your own IP addresses (BYOIP). For more information, see [Bring Your Own IP Addresses (BYOIP)](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-byoip.html) in the *Amazon EC2 User Guide*. For more information, see [Elastic IP Addresses](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html) in the *Amazon EC2 User Guide*.
Id
## Fields - - + + - - - + + +
NameDatatypeDescription
string
string
stringThe network (vpc).
If you define an Elastic IP address and associate it with a VPC that is defined in the same template, you must declare a dependency on the VPC-gateway attachment by using the [DependsOn Attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-dependson.html) on this resource.
stringA unique set of Availability Zones, Local Zones, or Wavelength Zones from which AWS advertises IP addresses. Use this parameter to limit the IP address to this location. IP addresses cannot move between network border groups.
Use [DescribeAvailabilityZones](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeAvailabilityZones.html) to view the network border groups.
stringThe network (vpc). If you define an Elastic IP address and associate it with a VPC that is defined in the same template, you must declare a dependency on the VPC-gateway attachment by using the [DependsOn Attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-dependson.html) on this resource.
stringA unique set of Availability Zones, Local Zones, or Wavelength Zones from which AWS advertises IP addresses. Use this parameter to limit the IP address to this location. IP addresses cannot move between network border groups. Use [DescribeAvailabilityZones](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeAvailabilityZones.html) to view the network border groups.
stringThe Elastic IP address you are accepting for transfer. You can only accept one transferred address. For more information on Elastic IP address transfers, see [Transfer Elastic IP addresses](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-eips.html#transfer-EIPs-intro) in the *Amazon Virtual Private Cloud User Guide*.
stringThe ID of the instance.
Updates to the InstanceId property may require *some interruptions*. Updates on an EIP reassociates the address on its associated resource.
stringThe ID of an address pool that you own. Use this parameter to let Amazon EC2 select an address from the address pool.
Updates to the PublicIpv4Pool property may require *some interruptions*. Updates on an EIP reassociates the address on its associated resource.
arrayAny tags assigned to the Elastic IP address.
Updates to the Tags property may require *some interruptions*. Updates on an EIP reassociates the address on its associated resource.
stringThe ID of the instance. Updates to the InstanceId property may require *some interruptions*. Updates on an EIP reassociates the address on its associated resource.
stringThe ID of an address pool that you own. Use this parameter to let Amazon EC2 select an address from the address pool. Updates to the PublicIpv4Pool property may require *some interruptions*. Updates on an EIP reassociates the address on its associated resource.
arrayAny tags assigned to the Elastic IP address. Updates to the Tags property may require *some interruptions*. Updates on an EIP reassociates the address on its associated resource.
stringAWS region.
diff --git a/docs/aws-docs/providers/aws/ec2/instances/index.md b/docs/aws-docs/providers/aws/ec2/instances/index.md index 14af6eb3f7..e2d7ad83ca 100644 --- a/docs/aws-docs/providers/aws/ec2/instances/index.md +++ b/docs/aws-docs/providers/aws/ec2/instances/index.md @@ -39,7 +39,7 @@ Creates, updates, deletes or gets an instance resource or lists stringThe IAM instance profile. array[EC2-VPC] The IPv6 addresses from the range of the subnet to associate with the primary network interface. stringThe ID of the kernel. -string[EC2-VPC] The ID of the subnet to launch the instance into.

+string[EC2-VPC] The ID of the subnet to launch the instance into. booleanIndicates whether the instance is optimized for Amazon EBS I/O. booleanIndicates whether to assign the tags from the instance to all of the volumes attached to the instance at launch. If you specify true and you assign tags to the instance, those tags are automatically assigned to all of the volumes that you attach to the instance at launch. If you specify false, those tags are not assigned to the attached volumes. arrayAn elastic GPU to associate with the instance. diff --git a/docs/aws-docs/providers/aws/ec2/key_pairs/index.md b/docs/aws-docs/providers/aws/ec2/key_pairs/index.md index a1adfce8d8..ba0b732936 100644 --- a/docs/aws-docs/providers/aws/ec2/key_pairs/index.md +++ b/docs/aws-docs/providers/aws/ec2/key_pairs/index.md @@ -25,14 +25,14 @@ Creates, updates, deletes or gets a key_pair resource or lists Namekey_pairs TypeResource -DescriptionSpecifies a key pair for use with an EC2long instance as follows:
+ To import an existing key pair, include the PublicKeyMaterial property.
+ To create a new key pair, omit the PublicKeyMaterial property.

When you import an existing key pair, you specify the public key material for the key. We assume that you have the private key material for the key. CFNlong does not create or return the private key material when you import a key pair.
When you create a new key pair, the private key is saved to SYSlong Parameter Store, using a parameter with the following name: /ec2/keypair/{key_pair_id}. For more information about retrieving private key, and the required permissions, see [Create a key pair using](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/create-key-pairs.html#create-key-pair-cloudformation) in the *User Guide*.
When CFN deletes a key pair that was created or imported by a stack, it also deletes the parameter that was used to store the private key material in Parameter Store. +DescriptionSpecifies a key pair for use with an EC2long instance as follows: + To import an existing key pair, include the PublicKeyMaterial property. + To create a new key pair, omit the PublicKeyMaterial property. When you import an existing key pair, you specify the public key material for the key. We assume that you have the private key material for the key. CFNlong does not create or return the private key material when you import a key pair. When you create a new key pair, the private key is saved to SYSlong Parameter Store, using a parameter with the following name: /ec2/keypair/{key_pair_id}. For more information about retrieving private key, and the required permissions, see [Create a key pair using](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/create-key-pairs.html#create-key-pair-cloudformation) in the *User Guide*. When CFN deletes a key pair that was created or imported by a stack, it also deletes the parameter that was used to store the private key material in Parameter Store. Id ## Fields - - - +
NameDatatypeDescription
stringA unique name for the key pair.
Constraints: Up to 255 ASCII characters
stringThe type of key pair. Note that ED25519 keys are not supported for Windows instances.
If the PublicKeyMaterial property is specified, the KeyType property is ignored, and the key type is inferred from the PublicKeyMaterial value.
Default: rsa
stringThe format of the key pair.
Default: pem
+ + diff --git a/docs/aws-docs/providers/aws/ec2/launch_templates/index.md b/docs/aws-docs/providers/aws/ec2/launch_templates/index.md index 79aee5450b..03036b87e0 100644 --- a/docs/aws-docs/providers/aws/ec2/launch_templates/index.md +++ b/docs/aws-docs/providers/aws/ec2/launch_templates/index.md @@ -25,7 +25,7 @@ Creates, updates, deletes or gets a launch_template resource or lis
NameDatatypeDescription
stringA unique name for the key pair. Constraints: Up to 255 ASCII characters
stringThe type of key pair. Note that ED25519 keys are not supported for Windows instances. If the PublicKeyMaterial property is specified, the KeyType property is ignored, and the key type is inferred from the PublicKeyMaterial value. Default: rsa
stringThe format of the key pair. Default: pem
stringThe public key material. The PublicKeyMaterial property is used to import a key pair. If this property is not specified, then a new key pair will be created.
string
string
- +
Namelaunch_templates
TypeResource
DescriptionSpecifies the properties for creating a launch template.
The minimum required properties for specifying a launch template are as follows:
+ You must specify at least one property for the launch template data.
+ You can optionally specify a name for the launch template. If you do not specify a name, CFN creates a name for you.

A launch template can contain some or all of the configuration information to launch an instance. When you launch an instance using a launch template, instance properties that are not specified in the launch template use default values, except the ImageId property, which has no default value. If you do not specify an AMI ID for the launch template ImageId property, you must specify an AMI ID for the instance ImageId property.
For more information, see [Launch an instance from a launch template](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-launch-templates.html) in the *Amazon EC2 User Guide*.
DescriptionSpecifies the properties for creating a launch template. The minimum required properties for specifying a launch template are as follows: + You must specify at least one property for the launch template data. + You can optionally specify a name for the launch template. If you do not specify a name, CFN creates a name for you. A launch template can contain some or all of the configuration information to launch an instance. When you launch an instance using a launch template, instance properties that are not specified in the launch template use default values, except the ImageId property, which has no default value. If you do not specify an AMI ID for the launch template ImageId property, you must specify an AMI ID for the instance ImageId property. For more information, see [Launch an instance from a launch template](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-launch-templates.html) in the *Amazon EC2 User Guide*.
Id
@@ -33,7 +33,7 @@ Creates, updates, deletes or gets a launch_template resource or lis - + diff --git a/docs/aws-docs/providers/aws/ec2/nat_gateways/index.md b/docs/aws-docs/providers/aws/ec2/nat_gateways/index.md index 813dfe4f96..816d95d2be 100644 --- a/docs/aws-docs/providers/aws/ec2/nat_gateways/index.md +++ b/docs/aws-docs/providers/aws/ec2/nat_gateways/index.md @@ -25,7 +25,7 @@ Creates, updates, deletes or gets a nat_gateway resource or lists <
NameDatatypeDescription
stringA name for the launch template.
objectThe information for the launch template.
stringA description for the first version of the launch template.
arrayThe tags to apply to the launch template on creation. To tag the launch template, the resource type must be launch-template.
To specify the tags for the resources that are created when an instance is launched, you must use [TagSpecifications](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-launchtemplate.html#cfn-ec2-launchtemplate-tagspecifications).
arrayThe tags to apply to the launch template on creation. To tag the launch template, the resource type must be launch-template. To specify the tags for the resources that are created when an instance is launched, you must use [TagSpecifications](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-launchtemplate.html#cfn-ec2-launchtemplate-tagspecifications).
string
string
string
- +
Namenat_gateways
TypeResource
DescriptionSpecifies a network address translation (NAT) gateway in the specified subnet. You can create either a public NAT gateway or a private NAT gateway. The default is a public NAT gateway. If you create a public NAT gateway, you must specify an elastic IP address.
With a NAT gateway, instances in a private subnet can connect to the internet, other AWS services, or an on-premises network using the IP address of the NAT gateway. For more information, see [NAT gateways](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html) in the *Amazon VPC User Guide*.
If you add a default route (AWS::EC2::Route resource) that points to a NAT gateway, specify the NAT gateway ID for the route's NatGatewayId property.
When you associate an Elastic IP address or secondary Elastic IP address with a public NAT gateway, the network border group of the Elastic IP address must match the network border group of the Availability Zone (AZ) that the public NAT gateway is in. Otherwise, the NAT gateway fails to launch. You can see the network border group for the AZ by viewing the details of the subnet. Similarly, you can view the network border group for the Elastic IP address by viewing its details. For more information, see [Allocate an Elastic IP address](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-eips.html#allocate-eip) in the *Amazon VPC User Guide*.
DescriptionSpecifies a network address translation (NAT) gateway in the specified subnet. You can create either a public NAT gateway or a private NAT gateway. The default is a public NAT gateway. If you create a public NAT gateway, you must specify an elastic IP address. With a NAT gateway, instances in a private subnet can connect to the internet, other AWS services, or an on-premises network using the IP address of the NAT gateway. For more information, see [NAT gateways](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html) in the *Amazon VPC User Guide*. If you add a default route (AWS::EC2::Route resource) that points to a NAT gateway, specify the NAT gateway ID for the route's NatGatewayId property. When you associate an Elastic IP address or secondary Elastic IP address with a public NAT gateway, the network border group of the Elastic IP address must match the network border group of the Availability Zone (AZ) that the public NAT gateway is in. Otherwise, the NAT gateway fails to launch. You can see the network border group for the AZ by viewing the details of the subnet. Similarly, you can view the network border group for the Elastic IP address by viewing its details. For more information, see [Allocate an Elastic IP address](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-eips.html#allocate-eip) in the *Amazon VPC User Guide*.
Id
@@ -33,8 +33,8 @@ Creates, updates, deletes or gets a nat_gateway resource or lists < - - + + diff --git a/docs/aws-docs/providers/aws/ec2/route_tables/index.md b/docs/aws-docs/providers/aws/ec2/route_tables/index.md index 3b330af7e7..913effdf04 100644 --- a/docs/aws-docs/providers/aws/ec2/route_tables/index.md +++ b/docs/aws-docs/providers/aws/ec2/route_tables/index.md @@ -25,7 +25,7 @@ Creates, updates, deletes or gets a route_table resource or lists <
NameDatatypeDescription
arraySecondary EIP allocation IDs. For more information, see [Create a NAT gateway](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-creating) in the *Amazon VPC User Guide*.
stringThe private IPv4 address to assign to the NAT gateway. If you don't provide an address, a private IPv4 address will be automatically assigned.
stringIndicates whether the NAT gateway supports public or private connectivity. The default is public connectivity.
arraySecondary private IPv4 addresses. For more information about secondary addresses, see [Create a NAT gateway](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-creating) in the *Amazon Virtual Private Cloud User Guide*.
SecondaryPrivateIpAddressCount and SecondaryPrivateIpAddresses cannot be set at the same time.
integer[Private NAT gateway only] The number of secondary private IPv4 addresses you want to assign to the NAT gateway. For more information about secondary addresses, see [Create a NAT gateway](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-creating) in the *Amazon Virtual Private Cloud User Guide*.
SecondaryPrivateIpAddressCount and SecondaryPrivateIpAddresses cannot be set at the same time.
arraySecondary private IPv4 addresses. For more information about secondary addresses, see [Create a NAT gateway](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-creating) in the *Amazon Virtual Private Cloud User Guide*. SecondaryPrivateIpAddressCount and SecondaryPrivateIpAddresses cannot be set at the same time.
integer[Private NAT gateway only] The number of secondary private IPv4 addresses you want to assign to the NAT gateway. For more information about secondary addresses, see [Create a NAT gateway](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-creating) in the *Amazon Virtual Private Cloud User Guide*. SecondaryPrivateIpAddressCount and SecondaryPrivateIpAddresses cannot be set at the same time.
string[Public NAT gateway only] The allocation ID of the Elastic IP address that's associated with the NAT gateway. This property is required for a public NAT gateway and cannot be specified with a private NAT gateway.
stringThe ID of the subnet in which the NAT gateway is located.
string
- +
Nameroute_tables
TypeResource
DescriptionSpecifies a route table for the specified VPC. After you create a route table, you can add routes and associate the table with a subnet.
For more information, see [Route tables](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) in the *Amazon VPC User Guide*.
DescriptionSpecifies a route table for the specified VPC. After you create a route table, you can add routes and associate the table with a subnet. For more information, see [Route tables](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) in the *Amazon VPC User Guide*.
Id
diff --git a/docs/aws-docs/providers/aws/ec2/routes/index.md b/docs/aws-docs/providers/aws/ec2/routes/index.md index 5bb9ea02ba..a89a2115c5 100644 --- a/docs/aws-docs/providers/aws/ec2/routes/index.md +++ b/docs/aws-docs/providers/aws/ec2/routes/index.md @@ -25,12 +25,12 @@ Creates, updates, deletes or gets a route resource or lists r - +
Nameroutes
TypeResource
DescriptionSpecifies a route in a route table. For more information, see [Routes](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html#route-table-routes) in the *Amazon VPC User Guide*.
You must specify either a destination CIDR block or prefix list ID. You must also specify exactly one of the resources as the target.
If you create a route that references a transit gateway in the same template where you create the transit gateway, you must declare a dependency on the transit gateway attachment. The route table cannot use the transit gateway until it has successfully attached to the VPC. Add a [DependsOn Attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-dependson.html) in the AWS::EC2::Route resource to explicitly declare a dependency on the AWS::EC2::TransitGatewayAttachment resource.
DescriptionSpecifies a route in a route table. For more information, see [Routes](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html#route-table-routes) in the *Amazon VPC User Guide*. You must specify either a destination CIDR block or prefix list ID. You must also specify exactly one of the resources as the target. If you create a route that references a transit gateway in the same template where you create the transit gateway, you must declare a dependency on the transit gateway attachment. The route table cannot use the transit gateway until it has successfully attached to the VPC. Add a [DependsOn Attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-dependson.html) in the AWS::EC2::Route resource to explicitly declare a dependency on the AWS::EC2::TransitGatewayAttachment resource.
Id
## Fields - +
NameDatatypeDescription
stringThe ID of the carrier gateway.
You can only use this option when the VPC contains a subnet which is associated with a Wavelength Zone.
diff --git a/docs/aws-docs/providers/aws/ec2/security_group_egresses/index.md b/docs/aws-docs/providers/aws/ec2/security_group_egresses/index.md index 0095719758..b60d09d052 100644 --- a/docs/aws-docs/providers/aws/ec2/security_group_egresses/index.md +++ b/docs/aws-docs/providers/aws/ec2/security_group_egresses/index.md @@ -25,20 +25,20 @@ Creates, updates, deletes or gets a security_group_egress resource
NameDatatypeDescription
stringThe ID of the carrier gateway. You can only use this option when the VPC contains a subnet which is associated with a Wavelength Zone.
string
stringThe Amazon Resource Name (ARN) of the core network.
stringThe IPv4 CIDR address block used for the destination match. Routing decisions are based on the most specific match. We modify the specified CIDR block to its canonical form; for example, if you specify 100.68.0.18/18, we modify it to 100.68.0.0/18.
- +
Namesecurity_group_egresses
TypeResource
DescriptionAdds the specified outbound (egress) rule to a security group.
An outbound rule permits instances to send traffic to the specified IPv4 or IPv6 address range, the IP addresses that are specified by a prefix list, or the instances that are associated with a destination security group. For more information, see [Security group rules](https://docs.aws.amazon.com/vpc/latest/userguide/security-group-rules.html).
You must specify exactly one of the following destinations: an IPv4 address range, an IPv6 address range, a prefix list, or a security group.
You must specify a protocol for each rule (for example, TCP). If the protocol is TCP or UDP, you must also specify a port or port range. If the protocol is ICMP or ICMPv6, you must also specify the ICMP/ICMPv6 type and code. To specify all types or all codes, use -1.
Rule changes are propagated to instances associated with the security group as quickly as possible. However, a small delay might occur.
DescriptionAdds the specified outbound (egress) rule to a security group. An outbound rule permits instances to send traffic to the specified IPv4 or IPv6 address range, the IP addresses that are specified by a prefix list, or the instances that are associated with a destination security group. For more information, see [Security group rules](https://docs.aws.amazon.com/vpc/latest/userguide/security-group-rules.html). You must specify exactly one of the following destinations: an IPv4 address range, an IPv6 address range, a prefix list, or a security group. You must specify a protocol for each rule (for example, TCP). If the protocol is TCP or UDP, you must also specify a port or port range. If the protocol is ICMP or ICMPv6, you must also specify the ICMP/ICMPv6 type and code. To specify all types or all codes, use -1. Rule changes are propagated to instances associated with the security group as quickly as possible. However, a small delay might occur.
Id
## Fields - - - +
NameDatatypeDescription
stringThe IPv4 address range, in CIDR format.
You must specify exactly one of the following: CidrIp, CidrIpv6, DestinationPrefixListId, or DestinationSecurityGroupId.
For examples of rules that you can add to security groups for specific access scenarios, see [Security group rules for different use cases](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-rules-reference.html) in the *User Guide*.
stringThe IPv6 address range, in CIDR format.
You must specify exactly one of the following: CidrIp, CidrIpv6, DestinationPrefixListId, or DestinationSecurityGroupId.
For examples of rules that you can add to security groups for specific access scenarios, see [Security group rules for different use cases](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-rules-reference.html) in the *User Guide*.
stringThe description of an egress (outbound) security group rule.
Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*
+ + - - + + - +
NameDatatypeDescription
stringThe IPv4 address range, in CIDR format. You must specify exactly one of the following: CidrIp, CidrIpv6, DestinationPrefixListId, or DestinationSecurityGroupId. For examples of rules that you can add to security groups for specific access scenarios, see [Security group rules for different use cases](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-rules-reference.html) in the *User Guide*.
stringThe IPv6 address range, in CIDR format. You must specify exactly one of the following: CidrIp, CidrIpv6, DestinationPrefixListId, or DestinationSecurityGroupId. For examples of rules that you can add to security groups for specific access scenarios, see [Security group rules for different use cases](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-rules-reference.html) in the *User Guide*.
stringThe description of an egress (outbound) security group rule. Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*
integerIf the protocol is TCP or UDP, this is the start of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP type or -1 (all ICMP types).
integerIf the protocol is TCP or UDP, this is the end of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP code or -1 (all ICMP codes). If the start port is -1 (all ICMP types), then the end port must be -1 (all ICMP codes).
stringThe IP protocol name (tcp, udp, icmp, icmpv6) or number (see [Protocol Numbers](https://docs.aws.amazon.com/http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml)).
Use -1 to specify all protocols. When authorizing security group rules, specifying -1 or a protocol number other than tcp, udp, icmp, or icmpv6 allows traffic on all ports, regardless of any port range you specify. For tcp, udp, and icmp, you must specify a port range. For icmpv6, the port range is optional; if you omit the port range, traffic for all types and codes is allowed.
stringThe ID of the security group.
You must specify exactly one of the following: CidrIp, CidrIpv6, DestinationPrefixListId, or DestinationSecurityGroupId.
stringThe IP protocol name (tcp, udp, icmp, icmpv6) or number (see [Protocol Numbers](https://docs.aws.amazon.com/http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml)). Use -1 to specify all protocols. When authorizing security group rules, specifying -1 or a protocol number other than tcp, udp, icmp, or icmpv6 allows traffic on all ports, regardless of any port range you specify. For tcp, udp, and icmp, you must specify a port range. For icmpv6, the port range is optional; if you omit the port range, traffic for all types and codes is allowed.
stringThe ID of the security group. You must specify exactly one of the following: CidrIp, CidrIpv6, DestinationPrefixListId, or DestinationSecurityGroupId.
string
stringThe prefix list IDs for an AWS service. This is the AWS service to access through a VPC endpoint from instances associated with the security group.
You must specify exactly one of the following: CidrIp, CidrIpv6, DestinationPrefixListId, or DestinationSecurityGroupId.
stringThe prefix list IDs for an AWS service. This is the AWS service to access through a VPC endpoint from instances associated with the security group. You must specify exactly one of the following: CidrIp, CidrIpv6, DestinationPrefixListId, or DestinationSecurityGroupId.
stringThe ID of the security group. You must specify either the security group ID or the security group name in the request. For security groups in a nondefault VPC, you must specify the security group ID.
stringAWS region.
diff --git a/docs/aws-docs/providers/aws/ec2/security_group_ingresses/index.md b/docs/aws-docs/providers/aws/ec2/security_group_ingresses/index.md index 7ac3ba874f..91d94ed384 100644 --- a/docs/aws-docs/providers/aws/ec2/security_group_ingresses/index.md +++ b/docs/aws-docs/providers/aws/ec2/security_group_ingresses/index.md @@ -34,15 +34,15 @@ Creates, updates, deletes or gets a security_group_ingress resource stringThe IPv4 ranges string[VPC only] The IPv6 ranges stringUpdates the description of an ingress (inbound) security group rule. You can replace an existing description, or add a description to a rule that did not have one previously -integerThe start of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 type number. A value of -1 indicates all ICMP/ICMPv6 types. If you specify all ICMP/ICMPv6 types, you must specify all codes.

Use this for ICMP and any protocol that uses ports. -stringThe ID of the security group. You must specify either the security group ID or the security group name in the request. For security groups in a nondefault VPC, you must specify the security group ID.

You must specify the GroupName property or the GroupId property. For security groups that are in a VPC, you must use the GroupId property. +integerThe start of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 type number. A value of -1 indicates all ICMP/ICMPv6 types. If you specify all ICMP/ICMPv6 types, you must specify all codes. Use this for ICMP and any protocol that uses ports. +stringThe ID of the security group. You must specify either the security group ID or the security group name in the request. For security groups in a nondefault VPC, you must specify the security group ID. You must specify the GroupName property or the GroupId property. For security groups that are in a VPC, you must use the GroupId property. stringThe name of the security group. -stringThe IP protocol name (tcp, udp, icmp, icmpv6) or number (see Protocol Numbers).

[VPC only] Use -1 to specify all protocols. When authorizing security group rules, specifying -1 or a protocol number other than tcp, udp, icmp, or icmpv6 allows traffic on all ports, regardless of any port range you specify. For tcp, udp, and icmp, you must specify a port range. For icmpv6, the port range is optional; if you omit the port range, traffic for all types and codes is allowed. -string[EC2-VPC only] The ID of a prefix list.

+stringThe IP protocol name (tcp, udp, icmp, icmpv6) or number (see Protocol Numbers). [VPC only] Use -1 to specify all protocols. When authorizing security group rules, specifying -1 or a protocol number other than tcp, udp, icmp, or icmpv6 allows traffic on all ports, regardless of any port range you specify. For tcp, udp, and icmp, you must specify a port range. For icmpv6, the port range is optional; if you omit the port range, traffic for all types and codes is allowed. +string[EC2-VPC only] The ID of a prefix list. stringThe ID of the security group. You must specify either the security group ID or the security group name. For security groups in a nondefault VPC, you must specify the security group ID. -string[EC2-Classic, default VPC] The name of the source security group.

You must specify the GroupName property or the GroupId property. For security groups that are in a VPC, you must use the GroupId property. -string[nondefault VPC] The AWS account ID that owns the source security group. You can't specify this property with an IP address range.

If you specify SourceSecurityGroupName or SourceSecurityGroupId and that security group is owned by a different account than the account creating the stack, you must specify the SourceSecurityGroupOwnerId; otherwise, this property is optional. -integerThe end of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code. A value of -1 indicates all ICMP/ICMPv6 codes for the specified ICMP type. If you specify all ICMP/ICMPv6 types, you must specify all codes.

Use this for ICMP and any protocol that uses ports. +string[EC2-Classic, default VPC] The name of the source security group. You must specify the GroupName property or the GroupId property. For security groups that are in a VPC, you must use the GroupId property. +string[nondefault VPC] The AWS account ID that owns the source security group. You can't specify this property with an IP address range. If you specify SourceSecurityGroupName or SourceSecurityGroupId and that security group is owned by a different account than the account creating the stack, you must specify the SourceSecurityGroupOwnerId; otherwise, this property is optional. +integerThe end of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code. A value of -1 indicates all ICMP/ICMPv6 codes for the specified ICMP type. If you specify all ICMP/ICMPv6 types, you must specify all codes. Use this for ICMP and any protocol that uses ports. stringAWS region. diff --git a/docs/aws-docs/providers/aws/ec2/subnet_route_table_associations/index.md b/docs/aws-docs/providers/aws/ec2/subnet_route_table_associations/index.md index 9de8eea46c..d6d8edf8e4 100644 --- a/docs/aws-docs/providers/aws/ec2/subnet_route_table_associations/index.md +++ b/docs/aws-docs/providers/aws/ec2/subnet_route_table_associations/index.md @@ -31,7 +31,7 @@ Creates, updates, deletes or gets a subnet_route_table_association ## Fields - +
NameDatatypeDescription
string
stringThe ID of the route table.
The physical ID changes when the route table ID is changed.
stringThe ID of the route table. The physical ID changes when the route table ID is changed.
stringThe ID of the subnet.
stringAWS region.
diff --git a/docs/aws-docs/providers/aws/ec2/subnets/index.md b/docs/aws-docs/providers/aws/ec2/subnets/index.md index 7ed88aecd7..b36dd06dfc 100644 --- a/docs/aws-docs/providers/aws/ec2/subnets/index.md +++ b/docs/aws-docs/providers/aws/ec2/subnets/index.md @@ -25,26 +25,26 @@ Creates, updates, deletes or gets a subnet resource or lists - +
Namesubnets
TypeResource
DescriptionSpecifies a subnet for the specified VPC.
For an IPv4 only subnet, specify an IPv4 CIDR block. If the VPC has an IPv6 CIDR block, you can create an IPv6 only subnet or a dual stack subnet instead. For an IPv6 only subnet, specify an IPv6 CIDR block. For a dual stack subnet, specify both an IPv4 CIDR block and an IPv6 CIDR block.
For more information, see [Subnets for your VPC](https://docs.aws.amazon.com/vpc/latest/userguide/configure-subnets.html) in the *Amazon VPC User Guide*.
DescriptionSpecifies a subnet for the specified VPC. For an IPv4 only subnet, specify an IPv4 CIDR block. If the VPC has an IPv6 CIDR block, you can create an IPv6 only subnet or a dual stack subnet instead. For an IPv6 only subnet, specify an IPv6 CIDR block. For a dual stack subnet, specify both an IPv4 CIDR block and an IPv6 CIDR block. For more information, see [Subnets for your VPC](https://docs.aws.amazon.com/vpc/latest/userguide/configure-subnets.html) in the *Amazon VPC User Guide*.
Id
## Fields - - - +
NameDatatypeDescription
booleanIndicates whether a network interface created in this subnet receives an IPv6 address. The default value is false.
If you specify AssignIpv6AddressOnCreation, you must also specify an IPv6 CIDR block.
stringThe ID of the VPC the subnet is in.
If you update this property, you must also update the CidrBlock property.
booleanIndicates whether instances launched in this subnet receive a public IPv4 address. The default value is false.
AWS charges for all public IPv4 addresses, including public IPv4 addresses associated with running instances and Elastic IP addresses. For more information, see the *Public IPv4 Address* tab on the [VPC pricing page](https://docs.aws.amazon.com/vpc/pricing/).
+ + - + - + - + - + diff --git a/docs/aws-docs/providers/aws/ec2/volume_attachments/index.md b/docs/aws-docs/providers/aws/ec2/volume_attachments/index.md index 6826e54843..b0593e044e 100644 --- a/docs/aws-docs/providers/aws/ec2/volume_attachments/index.md +++ b/docs/aws-docs/providers/aws/ec2/volume_attachments/index.md @@ -25,7 +25,7 @@ Creates, updates, deletes or gets a volume_attachment resource or l
NameDatatypeDescription
booleanIndicates whether a network interface created in this subnet receives an IPv6 address. The default value is false. If you specify AssignIpv6AddressOnCreation, you must also specify an IPv6 CIDR block.
stringThe ID of the VPC the subnet is in. If you update this property, you must also update the CidrBlock property.
booleanIndicates whether instances launched in this subnet receive a public IPv4 address. The default value is false. AWS charges for all public IPv4 addresses, including public IPv4 addresses associated with running instances and Elastic IP addresses. For more information, see the *Public IPv4 Address* tab on the [VPC pricing page](https://docs.aws.amazon.com/vpc/pricing/).
integerIndicates the device position for local network interfaces in this subnet. For example, 1 indicates local network interfaces in this subnet are the secondary network interface (eth1).
string
stringThe Availability Zone of the subnet.
If you update this property, you must also update the CidrBlock property.
stringThe Availability Zone of the subnet. If you update this property, you must also update the CidrBlock property.
stringThe AZ ID of the subnet.
stringThe IPv4 CIDR block assigned to the subnet.
If you update this property, we create a new subnet, and then delete the existing one.
stringThe IPv4 CIDR block assigned to the subnet. If you update this property, we create a new subnet, and then delete the existing one.
string
arrayThe IPv6 network ranges for the subnet, in CIDR notation.
stringThe IPv6 CIDR block.
If you specify AssignIpv6AddressOnCreation, you must also specify an IPv6 CIDR block.
stringThe IPv6 CIDR block. If you specify AssignIpv6AddressOnCreation, you must also specify an IPv6 CIDR block.
stringThe Amazon Resource Name (ARN) of the Outpost.
booleanIndicates whether this is an IPv6 only subnet. For more information, see [Subnet basics](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html#subnet-basics) in the *User Guide*.
booleanIndicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. For more information, see [DNS64 and NAT64](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-nat64-dns64) in the *User Guide*.
objectThe hostname type for EC2 instances launched into this subnet and how DNS A and AAAA record queries to the instances should be handled. For more information, see [Amazon EC2 instance hostname types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-naming.html) in the *User Guide*.
Available options:
+ EnableResourceNameDnsAAAARecord (true | false)
+ EnableResourceNameDnsARecord (true | false)
+ HostnameType (ip-name | resource-name)
objectThe hostname type for EC2 instances launched into this subnet and how DNS A and AAAA record queries to the instances should be handled. For more information, see [Amazon EC2 instance hostname types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-naming.html) in the *User Guide*. Available options: + EnableResourceNameDnsAAAARecord (true | false) + EnableResourceNameDnsARecord (true | false) + HostnameType (ip-name | resource-name)
arrayAny tags assigned to the subnet.
stringAn IPv4 IPAM pool ID for the subnet.
integerAn IPv4 netmask length for the subnet.
- +
Namevolume_attachments
TypeResource
DescriptionAttaches an Amazon EBS volume to a running instance and exposes it to the instance with the specified device name.
Before this resource can be deleted (and therefore the volume detached), you must first unmount the volume in the instance. Failure to do so results in the volume being stuck in the busy state while it is trying to detach, which could possibly damage the file system or the data it contains.
If an Amazon EBS volume is the root device of an instance, it cannot be detached while the instance is in the "running" state. To detach the root volume, stop the instance first.
If the root volume is detached from an instance with an MKT product code, then the product codes from that volume are no longer associated with the instance.
DescriptionAttaches an Amazon EBS volume to a running instance and exposes it to the instance with the specified device name. Before this resource can be deleted (and therefore the volume detached), you must first unmount the volume in the instance. Failure to do so results in the volume being stuck in the busy state while it is trying to detach, which could possibly damage the file system or the data it contains. If an Amazon EBS volume is the root device of an instance, it cannot be detached while the instance is in the "running" state. To detach the root volume, stop the instance first. If the root volume is detached from an instance with an MKT product code, then the product codes from that volume are no longer associated with the instance.
Id
diff --git a/docs/aws-docs/providers/aws/ec2/volumes/index.md b/docs/aws-docs/providers/aws/ec2/volumes/index.md index 4d638206d1..3893055582 100644 --- a/docs/aws-docs/providers/aws/ec2/volumes/index.md +++ b/docs/aws-docs/providers/aws/ec2/volumes/index.md @@ -25,22 +25,22 @@ Creates, updates, deletes or gets a volume resource or lists - +
Namevolumes
TypeResource
DescriptionSpecifies an Amazon Elastic Block Store (Amazon EBS) volume.
When you use CFNlong to update an Amazon EBS volume that modifies Iops, Size, or VolumeType, there is a cooldown period before another operation can occur. This can cause your stack to report being in UPDATE_IN_PROGRESS or UPDATE_ROLLBACK_IN_PROGRESS for long periods of time.
Amazon EBS does not support sizing down an Amazon EBS volume. CFNlong does not attempt to modify an Amazon EBS volume to a smaller size on rollback.
Some common scenarios when you might encounter a cooldown period for Amazon EBS include:
+ You successfully update an Amazon EBS volume and the update succeeds. When you attempt another update within the cooldown window, that update will be subject to a cooldown period.
+ You successfully update an Amazon EBS volume and the update succeeds but another change in your update-stack call fails. The rollback will be subject to a cooldown period.

For more information on the coo
DescriptionSpecifies an Amazon Elastic Block Store (Amazon EBS) volume. When you use CFNlong to update an Amazon EBS volume that modifies Iops, Size, or VolumeType, there is a cooldown period before another operation can occur. This can cause your stack to report being in UPDATE_IN_PROGRESS or UPDATE_ROLLBACK_IN_PROGRESS for long periods of time. Amazon EBS does not support sizing down an Amazon EBS volume. CFNlong does not attempt to modify an Amazon EBS volume to a smaller size on rollback. Some common scenarios when you might encounter a cooldown period for Amazon EBS include: + You successfully update an Amazon EBS volume and the update succeeds. When you attempt another update within the cooldown window, that update will be subject to a cooldown period. + You successfully update an Amazon EBS volume and the update succeeds but another change in your update-stack call fails. The rollback will be subject to a cooldown period. For more information on the coo
Id
## Fields - - - - +
NameDatatypeDescription
booleanIndicates whether Amazon EBS Multi-Attach is enabled.
CFNlong does not currently support updating a single-attach volume to be multi-attach enabled, updating a multi-attach enabled volume to be single-attach, or updating the size or number of I/O operations per second (IOPS) of a multi-attach enabled volume.
stringThe identifier of the kms-key-long to use for Amazon EBS encryption. If KmsKeyId is specified, the encrypted state must be true.
If you omit this property and your account is enabled for encryption by default, or *Encrypted* is set to true, then the volume is encrypted using the default key specified for your account. If your account does not have a default key, then the volume is encrypted using the aws-managed-key.
Alternatively, if you want to specify a different key, you can specify one of the following:
+ Key ID. For example, 1234abcd-12ab-34cd-56ef-1234567890ab.
+ Key alias. Specify the alias for the key, prefixed with alias/. For example, for a key with the alias my_cmk, use alias/my_cmk. Or to specify the aws-managed-key, use alias/aws/ebs.
+ Key ARN. For example, arn:aws:kms:us-east-1:012345678910:key/1234abcd-12ab-34cd-56ef-1234567890ab.
+ Alias ARN. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias.
booleanIndicates whether the volume should be encrypted. The effect of setting the encryption state to true depends on the volume origin (new or from a snapshot), starting encryption state, ownership, and whether encryption by default is enabled. For more information, see [Encryption by default](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html#encryption-by-default) in the *Amazon Elastic Compute Cloud User Guide*.
Encrypted Amazon EBS volumes must be attached to instances that support Amazon EBS encryption. For more information, see [Supported instance types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html#EBSEncryption_supported_instances).
integerThe size of the volume, in GiBs. You must specify either a snapshot ID or a volume size. If you specify a snapshot, the default is the snapshot size. You can specify a volume size that is equal to or larger than the snapshot size.
The following are the supported volumes sizes for each volume type:
+ gp2 and gp3: 1 - 16,384 GiB
+ io1: 4 - 16,384 GiB
+ io2: 4 - 65,536 GiB
+ st1 and sc1: 125 - 16,384 GiB
+ standard: 1 - 1024 GiB
+ + + - - + + - + diff --git a/docs/aws-docs/providers/aws/ec2/vpc_endpoints/index.md b/docs/aws-docs/providers/aws/ec2/vpc_endpoints/index.md index 277e93fa79..dc2b656e61 100644 --- a/docs/aws-docs/providers/aws/ec2/vpc_endpoints/index.md +++ b/docs/aws-docs/providers/aws/ec2/vpc_endpoints/index.md @@ -25,7 +25,7 @@ Creates, updates, deletes or gets a vpc_endpoint resource or lists
NameDatatypeDescription
booleanIndicates whether Amazon EBS Multi-Attach is enabled. CFNlong does not currently support updating a single-attach volume to be multi-attach enabled, updating a multi-attach enabled volume to be single-attach, or updating the size or number of I/O operations per second (IOPS) of a multi-attach enabled volume.
stringThe identifier of the kms-key-long to use for Amazon EBS encryption. If KmsKeyId is specified, the encrypted state must be true. If you omit this property and your account is enabled for encryption by default, or *Encrypted* is set to true, then the volume is encrypted using the default key specified for your account. If your account does not have a default key, then the volume is encrypted using the aws-managed-key. Alternatively, if you want to specify a different key, you can specify one of the following: + Key ID. For example, 1234abcd-12ab-34cd-56ef-1234567890ab. + Key alias. Specify the alias for the key, prefixed with alias/. For example, for a key with the alias my_cmk, use alias/my_cmk. Or to specify the aws-managed-key, use alias/aws/ebs. + Key ARN. For example, arn:aws:kms:us-east-1:012345678910:key/1234abcd-12ab-34cd-56ef-1234567890ab. + Alias ARN. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias.
booleanIndicates whether the volume should be encrypted. The effect of setting the encryption state to true depends on the volume origin (new or from a snapshot), starting encryption state, ownership, and whether encryption by default is enabled. For more information, see [Encryption by default](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html#encryption-by-default) in the *Amazon Elastic Compute Cloud User Guide*. Encrypted Amazon EBS volumes must be attached to instances that support Amazon EBS encryption. For more information, see [Supported instance types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html#EBSEncryption_supported_instances).
integerThe size of the volume, in GiBs. You must specify either a snapshot ID or a volume size. If you specify a snapshot, the default is the snapshot size. You can specify a volume size that is equal to or larger than the snapshot size. The following are the supported volumes sizes for each volume type: + gp2 and gp3: 1 - 16,384 GiB + io1: 4 - 16,384 GiB + io2: 4 - 65,536 GiB + st1 and sc1: 125 - 16,384 GiB + standard: 1 - 1024 GiB
booleanIndicates whether the volume is auto-enabled for I/O operations. By default, Amazon EBS disables I/O to the volume from attached EC2 instances when it determines that a volume's data is potentially inconsistent. If the consistency of the volume is not a concern, and you prefer that the volume be made available immediately if it's impaired, you can configure the volume to automatically enable I/O.
stringThe Amazon Resource Name (ARN) of the Outpost.
stringThe ID of the Availability Zone in which to create the volume. For example, us-east-1a.
integerThe throughput to provision for a volume, with a maximum of 1,000 MiB/s.
This parameter is valid only for gp3 volumes. The default value is 125.
Valid Range: Minimum value of 125. Maximum value of 1000.
integerThe number of I/O operations per second (IOPS). For gp3, io1, and io2 volumes, this represents the number of IOPS that are provisioned for the volume. For gp2 volumes, this represents the baseline performance of the volume and the rate at which the volume accumulates I/O credits for bursting.
The following are the supported values for each volume type:
+ gp3: 3,000 - 16,000 IOPS
+ io1: 100 - 64,000 IOPS
+ io2: 100 - 256,000 IOPS

For io2 volumes, you can achieve up to 256,000 IOPS on [instances built on the Nitro System](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#ec2-nitro-instances). On other instances, you can achieve performance up to 32,000 IOPS.
This parameter is required for io1 and io2 volumes. The default for gp3 volumes is 3,000 IOPS. This parameter is not supported for gp2, st1, sc1, or standard volumes.
integerThe throughput to provision for a volume, with a maximum of 1,000 MiB/s. This parameter is valid only for gp3 volumes. The default value is 125. Valid Range: Minimum value of 125. Maximum value of 1000.
integerThe number of I/O operations per second (IOPS). For gp3, io1, and io2 volumes, this represents the number of IOPS that are provisioned for the volume. For gp2 volumes, this represents the baseline performance of the volume and the rate at which the volume accumulates I/O credits for bursting. The following are the supported values for each volume type: + gp3: 3,000 - 16,000 IOPS + io1: 100 - 64,000 IOPS + io2: 100 - 256,000 IOPS For io2 volumes, you can achieve up to 256,000 IOPS on [instances built on the Nitro System](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#ec2-nitro-instances). On other instances, you can achieve performance up to 32,000 IOPS. This parameter is required for io1 and io2 volumes. The default for gp3 volumes is 3,000 IOPS. This parameter is not supported for gp2, st1, sc1, or standard volumes.
stringThe snapshot from which to create the volume. You must specify either a snapshot ID or a volume size.
stringThe volume type. This parameter can be one of the following values:
+ General Purpose SSD: gp2 | gp3
+ Provisioned IOPS SSD: io1 | io2
+ Throughput Optimized HDD: st1
+ Cold HDD: sc1
+ Magnetic: standard

For more information, see [Amazon EBS volume types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html) in the *Amazon Elastic Compute Cloud User Guide*.
Default: gp2
stringThe volume type. This parameter can be one of the following values: + General Purpose SSD: gp2 | gp3 + Provisioned IOPS SSD: io1 | io2 + Throughput Optimized HDD: st1 + Cold HDD: sc1 + Magnetic: standard For more information, see [Amazon EBS volume types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html) in the *Amazon Elastic Compute Cloud User Guide*. Default: gp2
string
arrayThe tags to apply to the volume during creation.
stringAWS region.
- +
Namevpc_endpoints
TypeResource
DescriptionSpecifies a VPC endpoint. A VPC endpoint provides a private connection between your VPC and an endpoint service. You can use an endpoint service provided by AWS, an MKT Partner, or another AWS accounts in your organization. For more information, see the [User Guide](https://docs.aws.amazon.com/vpc/latest/privatelink/).
An endpoint of type Interface establishes connections between the subnets in your VPC and an AWS-service, your own service, or a service hosted by another AWS-account. With an interface VPC endpoint, you specify the subnets in which to create the endpoint and the security groups to associate with the endpoint network interfaces.
An endpoint of type gateway serves as a target for a route in your route table for traffic destined for S3 or DDB. You can specify an endpoint policy for the endpoint, which controls access to the service from your VPC. You can also specify the VPC route tables that use the endpoint. For more information about connectivity to S3, see [W
DescriptionSpecifies a VPC endpoint. A VPC endpoint provides a private connection between your VPC and an endpoint service. You can use an endpoint service provided by AWS, an MKT Partner, or another AWS accounts in your organization. For more information, see the [User Guide](https://docs.aws.amazon.com/vpc/latest/privatelink/). An endpoint of type Interface establishes connections between the subnets in your VPC and an AWS-service, your own service, or a service hosted by another AWS-account. With an interface VPC endpoint, you specify the subnets in which to create the endpoint and the security groups to associate with the endpoint network interfaces. An endpoint of type gateway serves as a target for a route in your route table for traffic destined for S3 or DDB. You can specify an endpoint policy for the endpoint, which controls access to the service from your VPC. You can also specify the VPC route tables that use the endpoint. For more information about connectivity to S3, see [W
Id
@@ -34,13 +34,13 @@ Creates, updates, deletes or gets a vpc_endpoint resource or lists string array array -objectAn endpoint policy, which controls access to the service from the VPC. The default endpoint policy allows full access to the service. Endpoint policies are supported only for gateway and interface endpoints.
For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. CFNlong converts YAML policies to JSON format before calling the API to create or modify the VPC endpoint. -booleanIndicate whether to associate a private hosted zone with the specified VPC. The private hosted zone contains a record set for the default public DNS name for the service for the Region (for example, kinesis.us-east-1.amazonaws.com), which resolves to the private IP addresses of the endpoint network interfaces in the VPC. This enables you to make requests to the default public DNS name for the service instead of the public DNS names that are automatically generated by the VPC endpoint service.
To use a private hosted zone, you must set the following VPC attributes to true: enableDnsHostnames and enableDnsSupport.
This property is supported only for interface endpoints.
Default: false +objectAn endpoint policy, which controls access to the service from the VPC. The default endpoint policy allows full access to the service. Endpoint policies are supported only for gateway and interface endpoints. For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. CFNlong converts YAML policies to JSON format before calling the API to create or modify the VPC endpoint. +booleanIndicate whether to associate a private hosted zone with the specified VPC. The private hosted zone contains a record set for the default public DNS name for the service for the Region (for example, kinesis.us-east-1.amazonaws.com), which resolves to the private IP addresses of the endpoint network interfaces in the VPC. This enables you to make requests to the default public DNS name for the service instead of the public DNS names that are automatically generated by the VPC endpoint service. To use a private hosted zone, you must set the following VPC attributes to true: enableDnsHostnames and enableDnsSupport. This property is supported only for interface endpoints. Default: false arrayThe IDs of the route tables. Routing is supported only for gateway endpoints. arrayThe IDs of the security groups to associate with the endpoint network interfaces. If this parameter is not specified, we use the default security group for the VPC. Security groups are supported only for interface endpoints. stringThe name of the endpoint service. arrayThe IDs of the subnets in which to create endpoint network interfaces. You must specify this property for an interface endpoint or a Gateway Load Balancer endpoint. You can't specify this property for a gateway endpoint. For a Gateway Load Balancer endpoint, you can specify only one subnet. -stringThe type of endpoint.
Default: Gateway +stringThe type of endpoint. Default: Gateway stringThe ID of the VPC. stringAWS region. diff --git a/docs/aws-docs/providers/aws/ec2/vpcs/index.md b/docs/aws-docs/providers/aws/ec2/vpcs/index.md index ab70b6ea81..baec89a7d4 100644 --- a/docs/aws-docs/providers/aws/ec2/vpcs/index.md +++ b/docs/aws-docs/providers/aws/ec2/vpcs/index.md @@ -25,22 +25,22 @@ Creates, updates, deletes or gets a vpc resource or lists vpc - +
Namevpcs
TypeResource
DescriptionSpecifies a virtual private cloud (VPC).
You can optionally request an IPv6 CIDR block for the VPC. You can request an Amazon-provided IPv6 CIDR block from Amazon's pool of IPv6 addresses, or an IPv6 CIDR block from an IPv6 address pool that you provisioned through bring your own IP addresses (BYOIP).
For more information, see [Virtual private clouds (VPC)](https://docs.aws.amazon.com/vpc/latest/userguide/configure-your-vpc.html) in the *Amazon VPC User Guide*.
DescriptionSpecifies a virtual private cloud (VPC). You can optionally request an IPv6 CIDR block for the VPC. You can request an Amazon-provided IPv6 CIDR block from Amazon's pool of IPv6 addresses, or an IPv6 CIDR block from an IPv6 address pool that you provisioned through bring your own IP addresses (BYOIP). For more information, see [Virtual private clouds (VPC)](https://docs.aws.amazon.com/vpc/latest/userguide/configure-your-vpc.html) in the *Amazon VPC User Guide*.
Id
## Fields - + - - + + - +
NameDatatypeDescription
string
stringThe allowed tenancy of instances launched into the VPC.
+ default: An instance launched into the VPC runs on shared hardware by default, unless you explicitly specify a different tenancy during instance launch.
+ dedicated: An instance launched into the VPC runs on dedicated hardware by default, unless you explicitly specify a tenancy of host during instance launch. You cannot specify a tenancy of default during instance launch.

Updating InstanceTenancy requires no replacement only if you are updating its value from dedicated to default. Updating InstanceTenancy from default to dedicated requires replacement.
stringThe allowed tenancy of instances launched into the VPC. + default: An instance launched into the VPC runs on shared hardware by default, unless you explicitly specify a different tenancy during instance launch. + dedicated: An instance launched into the VPC runs on dedicated hardware by default, unless you explicitly specify a tenancy of host during instance launch. You cannot specify a tenancy of default during instance launch. Updating InstanceTenancy requires no replacement only if you are updating its value from dedicated to default. Updating InstanceTenancy from default to dedicated requires replacement.
integerThe netmask length of the IPv4 CIDR you want to allocate to this VPC from an Amazon VPC IP Address Manager (IPAM) pool. For more information about IPAM, see [What is IPAM?](https://docs.aws.amazon.com//vpc/latest/ipam/what-is-it-ipam.html) in the *Amazon VPC IPAM User Guide*.
array
stringThe IPv4 network range for the VPC, in CIDR notation. For example, 10.0.0.0/16. We modify the specified CIDR block to its canonical form; for example, if you specify 100.68.0.18/18, we modify it to 100.68.0.0/18.
You must specify eitherCidrBlock or Ipv4IpamPoolId.
stringThe ID of an IPv4 IPAM pool you want to use for allocating this VPC's CIDR. For more information, see [What is IPAM?](https://docs.aws.amazon.com//vpc/latest/ipam/what-is-it-ipam.html) in the *Amazon VPC IPAM User Guide*.
You must specify eitherCidrBlock or Ipv4IpamPoolId.
stringThe IPv4 network range for the VPC, in CIDR notation. For example, 10.0.0.0/16. We modify the specified CIDR block to its canonical form; for example, if you specify 100.68.0.18/18, we modify it to 100.68.0.0/18. You must specify eitherCidrBlock or Ipv4IpamPoolId.
stringThe ID of an IPv4 IPAM pool you want to use for allocating this VPC's CIDR. For more information, see [What is IPAM?](https://docs.aws.amazon.com//vpc/latest/ipam/what-is-it-ipam.html) in the *Amazon VPC IPAM User Guide*. You must specify eitherCidrBlock or Ipv4IpamPoolId.
string
booleanIndicates whether the DNS resolution is supported for the VPC. If enabled, queries to the Amazon provided DNS server at the 169.254.169.253 IP address, or the reserved IP address at the base of the VPC network range "plus two" succeed. If disabled, the Amazon provided DNS service in the VPC that resolves public DNS hostnames to IP addresses is not enabled. Enabled by default. For more information, see [DNS attributes in your VPC](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-dns.html#vpc-dns-support).
array
string
booleanIndicates whether the instances launched in the VPC get DNS hostnames. If enabled, instances in the VPC get DNS hostnames; otherwise, they do not. Disabled by default for nondefault VPCs. For more information, see [DNS attributes in your VPC](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-dns.html#vpc-dns-support).
You can only enable DNS hostnames if you've enabled DNS support.
booleanIndicates whether the instances launched in the VPC get DNS hostnames. If enabled, instances in the VPC get DNS hostnames; otherwise, they do not. Disabled by default for nondefault VPCs. For more information, see [DNS attributes in your VPC](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-dns.html#vpc-dns-support). You can only enable DNS hostnames if you've enabled DNS support.
arrayThe tags for the VPC.
stringAWS region.
diff --git a/docs/aws-docs/providers/aws/ecr/public_repositories/index.md b/docs/aws-docs/providers/aws/ecr/public_repositories/index.md index 550cd6d6f9..9b4563bace 100644 --- a/docs/aws-docs/providers/aws/ecr/public_repositories/index.md +++ b/docs/aws-docs/providers/aws/ecr/public_repositories/index.md @@ -33,7 +33,7 @@ Creates, updates, deletes or gets a public_repository resource or l - +
NameDatatypeDescription
stringThe name to use for the repository. The repository name may be specified on its own (such as nginx-web-app) or it can be prepended with a namespace to group the repository into a category (such as project-a/nginx-web-app). If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the repository name. For more information, see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html.
objectThe JSON repository policy text to apply to the repository. For more information, see https://docs.aws.amazon.com/AmazonECR/latest/userguide/RepositoryPolicyExamples.html in the Amazon Elastic Container Registry User Guide.
string
objectThe CatalogData property type specifies Catalog data for ECR Public Repository. For information about Catalog Data, see
objectThe CatalogData property type specifies Catalog data for ECR Public Repository. For information about Catalog Data
arrayAn array of key-value pairs to apply to this resource.
stringAWS region.
diff --git a/docs/aws-docs/providers/aws/ecr/registry_policies/index.md b/docs/aws-docs/providers/aws/ecr/registry_policies/index.md index d969a2d11b..65c8cc1b93 100644 --- a/docs/aws-docs/providers/aws/ecr/registry_policies/index.md +++ b/docs/aws-docs/providers/aws/ecr/registry_policies/index.md @@ -25,7 +25,7 @@ Creates, updates, deletes or gets a registry_policy resource or lis - +
Nameregistry_policies
TypeResource
DescriptionThe AWS::ECR::RegistryPolicy resource creates or updates the permissions policy for a private registry.
A private registry policy is used to specify permissions for another AWS-account and is used when configuring cross-account replication. For more information, see [Registry permissions](https://docs.aws.amazon.com/AmazonECR/latest/userguide/registry-permissions.html) in the *Amazon Elastic Container Registry User Guide*.
DescriptionThe AWS::ECR::RegistryPolicy resource creates or updates the permissions policy for a private registry. A private registry policy is used to specify permissions for another AWS-account and is used when configuring cross-account replication. For more information, see [Registry permissions](https://docs.aws.amazon.com/AmazonECR/latest/userguide/registry-permissions.html) in the *Amazon Elastic Container Registry User Guide*.
Id
diff --git a/docs/aws-docs/providers/aws/ecr/repositories/index.md b/docs/aws-docs/providers/aws/ecr/repositories/index.md index fadf445751..56a0f45975 100644 --- a/docs/aws-docs/providers/aws/ecr/repositories/index.md +++ b/docs/aws-docs/providers/aws/ecr/repositories/index.md @@ -32,7 +32,7 @@ Creates, updates, deletes or gets a repository resource or lists NameDatatypeDescriptionbooleanIf true, deleting the repository force deletes the contents of the repository. If false, the repository must be empty before attempting to delete it. objectCreates or updates a lifecycle policy. For information about lifecycle policy syntax, see [Lifecycle policy template](https://docs.aws.amazon.com/AmazonECR/latest/userguide/LifecyclePolicies.html). -stringThe name to use for the repository. The repository name may be specified on its own (such as nginx-web-app) or it can be prepended with a namespace to group the repository into a category (such as project-a/nginx-web-app). If you don't specify a name, CFNlong generates a unique physical ID and uses that ID for the repository name. For more information, see [Name type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html).
The repository name must start with a letter and can only contain lowercase letters, numbers, hyphens, underscores, and forward slashes.
If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name. +stringThe name to use for the repository. The repository name may be specified on its own (such as nginx-web-app) or it can be prepended with a namespace to group the repository into a category (such as project-a/nginx-web-app). If you don't specify a name, CFNlong generates a unique physical ID and uses that ID for the repository name. For more information, see [Name type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html). The repository name must start with a letter and can only contain lowercase letters, numbers, hyphens, underscores, and forward slashes. If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name. objectThe JSON repository policy text to apply to the repository. For more information, see [Amazon ECR repository policies](https://docs.aws.amazon.com/AmazonECR/latest/userguide/repository-policy-examples.html) in the *Amazon Elastic Container Registry User Guide*. arrayAn array of key-value pairs to apply to this resource. string diff --git a/docs/aws-docs/providers/aws/ecr/repository_creation_templates/index.md b/docs/aws-docs/providers/aws/ecr/repository_creation_templates/index.md index fefdf3ba8d..505421569f 100644 --- a/docs/aws-docs/providers/aws/ecr/repository_creation_templates/index.md +++ b/docs/aws-docs/providers/aws/ecr/repository_creation_templates/index.md @@ -35,9 +35,7 @@ Creates, updates, deletes or gets a repository_creation_template re stringThe image tag mutability setting for the repository. stringThe JSON repository policy text to apply to the repository. For more information, see https://docs.aws.amazon.com/AmazonECR/latest/userguide/RepositoryPolicyExamples.html stringThe JSON lifecycle policy text to apply to the repository. For information about lifecycle policy syntax, see https://docs.aws.amazon.com/AmazonECR/latest/userguide/LifecyclePolicies.html -The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest. By default, when no encryption configuration is set or the AES256 encryption type is used, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts your data at rest using an AES-256 encryption algorithm. This does not require any action on your part. - -For more information, see https://docs.aws.amazon.com/AmazonECR/latest/userguide/encryption-at-rest.html +The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest. By default, when no encryption configuration is set or the AES256 encryption type is used, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts your data at rest using an AES-256 encryption algorithm. This does not require any action on your part. For more information, see https://docs.aws.amazon.com/AmazonECR/latest/userguide/encryption-at-rest.html arrayAn array of key-value pairs to apply to this resource. arrayA list of enumerable Strings representing the repository creation scenarios that the template will apply towards. stringCreate timestamp of the template. diff --git a/docs/aws-docs/providers/aws/ecs/services/index.md b/docs/aws-docs/providers/aws/ecs/services/index.md index 8e693dbf6c..b02547aa82 100644 --- a/docs/aws-docs/providers/aws/ecs/services/index.md +++ b/docs/aws-docs/providers/aws/ecs/services/index.md @@ -25,20 +25,20 @@ Creates, updates, deletes or gets a service resource or lists Nameservices TypeResource -DescriptionThe AWS::ECS::Service resource creates an Amazon Elastic Container Service (Amazon ECS) service that runs and maintains the requested number of tasks and associated load balancers.
The stack update fails if you change any properties that require replacement and at least one Amazon ECS Service Connect ServiceConnectService is configured. This is because AWS CloudFormation creates the replacement service first, but each ServiceConnectService must have a name that is unique in the namespace.
Starting April 15, 2023, AWS; will not onboard new customers to Amazon Elastic Inference (EI), and will help current customers migrate their workloads to options that offer better price and performance. After April 15, 2023, new customers will not be able to launch instances with Amazon EI accelerators in Amazon SageMaker, ECS, or EC2. However, customers who have used Amazon EI at least once during the past 30-day period are considered current customers and will be able to continue using the service. +DescriptionThe AWS::ECS::Service resource creates an Amazon Elastic Container Service (Amazon ECS) service that runs and maintains the requested number of tasks and associated load balancers. The stack update fails if you change any properties that require replacement and at least one Amazon ECS Service Connect ServiceConnectService is configured. This is because AWS CloudFormation creates the replacement service first, but each ServiceConnectService must have a name that is unique in the namespace. Starting April 15, 2023, AWS; will not onboard new customers to Amazon Elastic Inference (EI), and will help current customers migrate their workloads to options that offer better price and performance. After April 15, 2023, new customers will not be able to launch instances with Amazon EI accelerators in Amazon SageMaker, ECS, or EC2. However, customers who have used Amazon EI at least once during the past 30-day period are considered current customers and will be able to continue using the service. Id ## Fields - + - - + + - + @@ -46,14 +46,14 @@ Creates, updates, deletes or gets a service resource or lists - - - - - - - - + + + + + + + +
NameDatatypeDescription
string
arrayThe capacity provider strategy to use for the service.
If a capacityProviderStrategy is specified, the launchType parameter must be omitted. If no capacityProviderStrategy or launchType is specified, the defaultCapacityProviderStrategy for the cluster is used.
A capacity provider strategy may contain a maximum of 6 capacity providers.
arrayThe capacity provider strategy to use for the service. If a capacityProviderStrategy is specified, the launchType parameter must be omitted. If no capacityProviderStrategy or launchType is specified, the defaultCapacityProviderStrategy for the cluster is used. A capacity provider strategy may contain a maximum of 6 capacity providers.
stringThe short name or full Amazon Resource Name (ARN) of the cluster that you run your service on. If you do not specify a cluster, the default cluster is assumed.
objectOptional deployment parameters that control how many tasks run during the deployment and the ordering of stopping and starting tasks.
objectThe deployment controller to use for the service. If no deployment controller is specified, the default value of ECS is used.
integerThe number of instantiations of the specified task definition to place and keep running in your service.
For new services, if a desired count is not specified, a default value of 1 is used. When using the DAEMON scheduling strategy, the desired count is not required.
For existing services, if a desired count is not specified, it is omitted from the operation.
booleanSpecifies whether to turn on Amazon ECS managed tags for the tasks within the service. For more information, see [Tagging your Amazon ECS resources](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-using-tags.html) in the *Amazon Elastic Container Service Developer Guide*.
When you use Amazon ECS managed tags, you need to set the propagateTags request parameter.
integerThe number of instantiations of the specified task definition to place and keep running in your service. For new services, if a desired count is not specified, a default value of 1 is used. When using the DAEMON scheduling strategy, the desired count is not required. For existing services, if a desired count is not specified, it is omitted from the operation.
booleanSpecifies whether to turn on Amazon ECS managed tags for the tasks within the service. For more information, see [Tagging your Amazon ECS resources](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-using-tags.html) in the *Amazon Elastic Container Service Developer Guide*. When you use Amazon ECS managed tags, you need to set the propagateTags request parameter.
booleanDetermines whether the execute command functionality is turned on for the service. If true, the execute command functionality is turned on for all containers in tasks as part of the service.
integerThe period of time, in seconds, that the Amazon ECS service scheduler ignores unhealthy Elastic Load Balancing target health checks after a task has first started. This is only used when your service is configured to use a load balancer. If your service has a load balancer defined and you don't specify a health check grace period value, the default value of 0 is used.
If you do not use an Elastic Load Balancing, we recommend that you use the startPeriod in the task definition health check parameters. For more information, see [Health check](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_HealthCheck.html).
If your service's tasks take a while to start and respond to Elastic Load Balancing health checks, you can specify a health check grace period of up to 2,147,483,647 seconds (about 69 years). During that time, the Amazon ECS service scheduler ignores health check status. This grace period can prevent the service scheduler from marking tasks as unhealthy and stopping them before they have time to come up.
integerThe period of time, in seconds, that the Amazon ECS service scheduler ignores unhealthy Elastic Load Balancing target health checks after a task has first started. This is only used when your service is configured to use a load balancer. If your service has a load balancer defined and you don't specify a health check grace period value, the default value of 0 is used. If you do not use an Elastic Load Balancing, we recommend that you use the startPeriod in the task definition health check parameters. For more information, see [Health check](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_HealthCheck.html). If your service's tasks take a while to start and respond to Elastic Load Balancing health checks, you can specify a health check grace period of up to 2,147,483,647 seconds (about 69 years). During that time, the Amazon ECS service scheduler ignores health check status. This grace period can prevent the service scheduler from marking tasks as unhealthy and stopping them before they have time to come up.
stringThe launch type on which to run your service. For more information, see [Amazon ECS Launch Types](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html) in the *Amazon Elastic Container Service Developer Guide*.
arrayA list of load balancer objects to associate with the service. If you specify the Role property, LoadBalancers must be specified as well. For information about the number of load balancers that you can specify per service, see [Service Load Balancing](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-load-balancing.html) in the *Amazon Elastic Container Service Developer Guide*.
string
arrayAn array of placement constraint objects to use for tasks in your service. You can specify a maximum of 10 constraints for each task. This limit includes constraints in the task definition and those specified at runtime.
arrayThe placement strategy objects to use for tasks in your service. You can specify a maximum of 5 strategy rules for each service.
stringThe platform version that your tasks in the service are running on. A platform version is specified only for tasks using the Fargate launch type. If one isn't specified, the LATEST platform version is used. For more information, see [platform versions](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/platform_versions.html) in the *Amazon Elastic Container Service Developer Guide*.
stringSpecifies whether to propagate the tags from the task definition to the task. If no value is specified, the tags aren't propagated. Tags can only be propagated to the task during task creation. To add tags to a task after task creation, use the [TagResource](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_TagResource.html) API action.
The default is NONE.
stringThe name or full Amazon Resource Name (ARN) of the IAM role that allows Amazon ECS to make calls to your load balancer on your behalf. This parameter is only permitted if you are using a load balancer with your service and your task definition doesn't use the awsvpc network mode. If you specify the role parameter, you must also specify a load balancer object with the loadBalancers parameter.
If your account has already created the Amazon ECS service-linked role, that role is used for your service unless you specify a role here. The service-linked role is required if your task definition uses the awsvpc network mode or if the service is configured to use service discovery, an external deployment controller, multiple target groups, or Elastic Inference accelerators in which case you don't specify a role here. For more information, see [Using service-linked roles for Amazon ECS](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using-service-linked-roles.html) in the *Amazon Elastic Container Service Developer Guide*.
If your specified role has a path other than /, then you must either specify the full role ARN (this is recommended) or prefix the role name with the path. For example, if a role with the name bar has a path of /foo/ then you would specify /foo/bar as the role name. For more information, see [Friendly names and paths](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-friendly-names) in the *IAM User Guide*.
stringThe scheduling strategy to use for the service. For more information, see [Services](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs_services.html).
There are two service scheduler strategies available:
+ REPLICA-The replica scheduling strategy places and maintains the desired number of tasks across your cluster. By default, the service scheduler spreads tasks across Availability Zones. You can use task placement strategies and constraints to customize task placement decisions. This scheduler strategy is required if the service uses the CODE_DEPLOY or EXTERNAL deployment controller types.
+ DAEMON-The daemon scheduling strategy deploys exactly one task on each active container instance that meets all of the task placement constraints that you specify in your cluster. The service scheduler also evaluates the task placement constraints for running tasks and will stop tasks that don't meet the placement constraints. When you're using this strategy, you don't need to specify a desired number of tasks, a task placement strategy, or use Service Auto Scaling policies.
Tasks using the Fargate launch type or the CODE_DEPLOY or EXTERNAL deployment controller types don't support the DAEMON scheduling strategy.
objectThe configuration for this service to discover and connect to services, and be discovered by, and connected from, other services within a namespace.
Tasks that run in a namespace can use short names to connect to services in the namespace. Tasks can connect to services across all of the clusters in the namespace. Tasks connect through a managed proxy container that collects logs and metrics for increased visibility. Only the tasks that Amazon ECS services create are supported with Service Connect. For more information, see [Service Connect](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-connect.html) in the *Amazon Elastic Container Service Developer Guide*.
stringThe name of your service. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed. Service names must be unique within a cluster, but you can have similarly named services in multiple clusters within a Region or across multiple Regions.
The stack update fails if you change any properties that require replacement and the ServiceName is configured. This is because AWS CloudFormation creates the replacement service first, but each ServiceName must be unique in the cluster.
arrayThe details of the service discovery registry to associate with this service. For more information, see [Service discovery](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-discovery.html).
Each service may be associated with one service registry. Multiple service registries for each service isn't supported.
arrayThe metadata that you apply to the service to help you categorize and organize them. Each tag consists of a key and an optional value, both of which you define. When a service is deleted, the tags are deleted as well.
The following basic restrictions apply to tags:
+ Maximum number of tags per resource - 50
+ For each resource, each tag key must be unique, and each tag key can have only one value.
+ Maximum key length - 128 Unicode characters in UTF-8
+ Maximum value length - 256 Unicode characters in UTF-8
+ If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @.
+ Tag keys and values are case-sensitive.
+ Do not use aws:, AWS:, or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for AWS use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit.
stringThe family and revision (family:revision) or full ARN of the task definition to run in your service. If a revision isn't specified, the latest ACTIVE revision is used.
A task definition must be specified if the service uses either the ECS or CODE_DEPLOY deployment controllers.
For more information about deployment types, see [Amazon ECS deployment types](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-types.html).
stringSpecifies whether to propagate the tags from the task definition to the task. If no value is specified, the tags aren't propagated. Tags can only be propagated to the task during task creation. To add tags to a task after task creation, use the [TagResource](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_TagResource.html) API action. The default is NONE.
stringThe name or full Amazon Resource Name (ARN) of the IAM role that allows Amazon ECS to make calls to your load balancer on your behalf. This parameter is only permitted if you are using a load balancer with your service and your task definition doesn't use the awsvpc network mode. If you specify the role parameter, you must also specify a load balancer object with the loadBalancers parameter. If your account has already created the Amazon ECS service-linked role, that role is used for your service unless you specify a role here. The service-linked role is required if your task definition uses the awsvpc network mode or if the service is configured to use service discovery, an external deployment controller, multiple target groups, or Elastic Inference accelerators in which case you don't specify a role here. For more information, see [Using service-linked roles for Amazon ECS](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using-service-linked-roles.html) in the *Amazon Elastic Container Service Developer Guide*. If your specified role has a path other than /, then you must either specify the full role ARN (this is recommended) or prefix the role name with the path. For example, if a role with the name bar has a path of /foo/ then you would specify /foo/bar as the role name. For more information, see [Friendly names and paths](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-friendly-names) in the *IAM User Guide*.
stringThe scheduling strategy to use for the service. For more information, see [Services](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs_services.html). There are two service scheduler strategies available: + REPLICA-The replica scheduling strategy places and maintains the desired number of tasks across your cluster. By default, the service scheduler spreads tasks across Availability Zones. You can use task placement strategies and constraints to customize task placement decisions. This scheduler strategy is required if the service uses the CODE_DEPLOY or EXTERNAL deployment controller types. + DAEMON-The daemon scheduling strategy deploys exactly one task on each active container instance that meets all of the task placement constraints that you specify in your cluster. The service scheduler also evaluates the task placement constraints for running tasks and will stop tasks that don't meet the placement constraints. When you're using this strategy, you don't need to specify a desired number of tasks, a task placement strategy, or use Service Auto Scaling policies. Tasks using the Fargate launch type or the CODE_DEPLOY or EXTERNAL deployment controller types don't support the DAEMON scheduling strategy.
objectThe configuration for this service to discover and connect to services, and be discovered by, and connected from, other services within a namespace. Tasks that run in a namespace can use short names to connect to services in the namespace. Tasks can connect to services across all of the clusters in the namespace. Tasks connect through a managed proxy container that collects logs and metrics for increased visibility. Only the tasks that Amazon ECS services create are supported with Service Connect. For more information, see [Service Connect](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-connect.html) in the *Amazon Elastic Container Service Developer Guide*.
stringThe name of your service. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed. Service names must be unique within a cluster, but you can have similarly named services in multiple clusters within a Region or across multiple Regions. The stack update fails if you change any properties that require replacement and the ServiceName is configured. This is because AWS CloudFormation creates the replacement service first, but each ServiceName must be unique in the cluster.
arrayThe details of the service discovery registry to associate with this service. For more information, see [Service discovery](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-discovery.html). Each service may be associated with one service registry. Multiple service registries for each service isn't supported.
arrayThe metadata that you apply to the service to help you categorize and organize them. Each tag consists of a key and an optional value, both of which you define. When a service is deleted, the tags are deleted as well. The following basic restrictions apply to tags: + Maximum number of tags per resource - 50 + For each resource, each tag key must be unique, and each tag key can have only one value. + Maximum key length - 128 Unicode characters in UTF-8 + Maximum value length - 256 Unicode characters in UTF-8 + If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @. + Tag keys and values are case-sensitive. + Do not use aws:, AWS:, or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for AWS use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit.
stringThe family and revision (family:revision) or full ARN of the task definition to run in your service. If a revision isn't specified, the latest ACTIVE revision is used. A task definition must be specified if the service uses either the ECS or CODE_DEPLOY deployment controllers. For more information about deployment types, see [Amazon ECS deployment types](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-types.html).
arrayThe configuration for a volume specified in the task definition as a volume that is configured at launch time. Currently, the only supported volume type is an Amazon EBS volume.
stringAWS region.
diff --git a/docs/aws-docs/providers/aws/ecs/task_definitions/index.md b/docs/aws-docs/providers/aws/ecs/task_definitions/index.md index 9a175e4fab..2a6732e4a5 100644 --- a/docs/aws-docs/providers/aws/ecs/task_definitions/index.md +++ b/docs/aws-docs/providers/aws/ecs/task_definitions/index.md @@ -25,29 +25,29 @@ Creates, updates, deletes or gets a task_definition resource or lis - +
Nametask_definitions
TypeResource
DescriptionRegisters a new task definition from the supplied family and containerDefinitions. Optionally, you can add data volumes to your containers with the volumes parameter. For more information about task definition parameters and defaults, see [Amazon ECS Task Definitions](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_defintions.html) in the *Amazon Elastic Container Service Developer Guide*.
You can specify a role for your task with the taskRoleArn parameter. When you specify a role for a task, its containers can then use the latest versions of the CLI or SDKs to make API requests to the AWS services that are specified in the policy that's associated with the role. For more information, see [IAM Roles for Tasks](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html) in the *Amazon Elastic Container Service Developer Guide*.
You can specify a Docker networking mode for the containers in your task definition with the networkMode parameter. The available network modes correspond to those described in [Network settings](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#/network-settings) in the Docker run reference. If you specify the awsvpc network mode, the task is allocated an elastic network interface, and you must specify a NetworkConfiguration when you create a service or run a task with the task definition. For more information, see [Task Networking](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html) in the *Amazon Elastic Container Service Developer Guide*.
In the following example or examples, the Authorization header contents (AUTHPARAMS) must be replaced with an AWS Signature Version 4 signature. For more information, see [Signature Version 4 Signing Process](https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html) in the *General Reference*.
You only need to learn how to sign HTTP requests if you intend to create them manually. When you use the [](https://docs.aws.amazon.com/cli/) or one of the [SDKs](https://docs.aws.amazon.com/tools/) to make requests to AWS, these tools automatically sign the requests for you, with the access key that you specify when you configure the tools. When you use these tools, you don't have to sign requests yourself.
DescriptionRegisters a new task definition from the supplied family and containerDefinitions. Optionally, you can add data volumes to your containers with the volumes parameter. For more information about task definition parameters and defaults, see [Amazon ECS Task Definitions](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_defintions.html) in the *Amazon Elastic Container Service Developer Guide*. You can specify a role for your task with the taskRoleArn parameter. When you specify a role for a task, its containers can then use the latest versions of the CLI or SDKs to make API requests to the AWS services that are specified in the policy that's associated with the role. For more information, see [IAM Roles for Tasks](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html) in the *Amazon Elastic Container Service Developer Guide*. You can specify a Docker networking mode for the containers in your task definition with the networkMode parameter. The available network modes correspond to those described in [Network settings](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#/network-settings) in the Docker run reference. If you specify the awsvpc network mode, the task is allocated an elastic network interface, and you must specify a NetworkConfiguration when you create a service or run a task with the task definition. For more information, see [Task Networking](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html) in the *Amazon Elastic Container Service Developer Guide*. In the following example or examples, the Authorization header contents (AUTHPARAMS) must be replaced with an AWS Signature Version 4 signature. For more information, see [Signature Version 4 Signing Process](https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html) in the *General Reference*. You only need to learn how to sign HTTP requests if you intend to create them manually. When you use the [](https://docs.aws.amazon.com/cli/) or one of the [SDKs](https://docs.aws.amazon.com/tools/) to make requests to AWS, these tools automatically sign the requests for you, with the access key that you specify when you configure the tools. When you use these tools, you don't have to sign requests yourself.
Id
## Fields - + - + - - - - + + + + - - - + + + - - + +
NameDatatypeDescription
string
stringThe name of a family that this task definition is registered to. Up to 255 letters (uppercase and lowercase), numbers, hyphens, and underscores are allowed.
A family groups multiple versions of a task definition. Amazon ECS gives the first task definition that you registered to a family a revision number of 1. Amazon ECS gives sequential revision numbers to each task definition that you add.
To use revision numbers when you update a task definition, specify this property. If you don't specify a value, CFNlong generates a new task definition each time that you update it.
stringThe name of a family that this task definition is registered to. Up to 255 letters (uppercase and lowercase), numbers, hyphens, and underscores are allowed. A family groups multiple versions of a task definition. Amazon ECS gives the first task definition that you registered to a family a revision number of 1. Amazon ECS gives sequential revision numbers to each task definition that you add. To use revision numbers when you update a task definition, specify this property. If you don't specify a value, CFNlong generates a new task definition each time that you update it.
arrayA list of container definitions in JSON format that describe the different containers that make up your task. For more information about container definition parameters and defaults, see [Amazon ECS Task Definitions](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_defintions.html) in the *Amazon Elastic Container Service Developer Guide*.
stringThe number of cpu units used by the task. If you use the EC2 launch type, this field is optional. Any value can be used. If you use the Fargate launch type, this field is required. You must use one of the following values. The value that you choose determines your range of valid values for the memory parameter.
The CPU units cannot be less than 1 vCPU when you use Windows containers on Fargate.
+ 256 (.25 vCPU) - Available memory values: 512 (0.5 GB), 1024 (1 GB), 2048 (2 GB)
+ 512 (.5 vCPU) - Available memory values: 1024 (1 GB), 2048 (2 GB), 3072 (3 GB), 4096 (4 GB)
+ 1024 (1 vCPU) - Available memory values: 2048 (2 GB), 3072 (3 GB), 4096 (4 GB), 5120 (5 GB), 6144 (6 GB), 7168 (7 GB), 8192 (8 GB)
+ 2048 (2 vCPU) - Available memory values: 4096 (4 GB) and 16384 (16 GB) in increments of 1024 (1 GB)
+ 4096 (4 vCPU) - Available memory values: 8192 (8 GB) and 30720 (30 GB) in increments of 1024 (1 GB)
+ 8192 (8 vCPU) - Available memory values: 16 GB and 60 GB in 4 GB increments
This option requires Linux platform 1.4.0 or later.
+ 16384 (16vCPU) - Available memory values: 32GB and 120 GB in 8 GB increments
This option requires Linux platform 1.4.0 or later.
stringThe number of cpu units used by the task. If you use the EC2 launch type, this field is optional. Any value can be used. If you use the Fargate launch type, this field is required. You must use one of the following values. The value that you choose determines your range of valid values for the memory parameter. The CPU units cannot be less than 1 vCPU when you use Windows containers on Fargate. + 256 (.25 vCPU) - Available memory values: 512 (0.5 GB), 1024 (1 GB), 2048 (2 GB) + 512 (.5 vCPU) - Available memory values: 1024 (1 GB), 2048 (2 GB), 3072 (3 GB), 4096 (4 GB) + 1024 (1 vCPU) - Available memory values: 2048 (2 GB), 3072 (3 GB), 4096 (4 GB), 5120 (5 GB), 6144 (6 GB), 7168 (7 GB), 8192 (8 GB) + 2048 (2 vCPU) - Available memory values: 4096 (4 GB) and 16384 (16 GB) in increments of 1024 (1 GB) + 4096 (4 vCPU) - Available memory values: 8192 (8 GB) and 30720 (30 GB) in increments of 1024 (1 GB) + 8192 (8 vCPU) - Available memory values: 16 GB and 60 GB in 4 GB increments This option requires Linux platform 1.4.0 or later. + 16384 (16vCPU) - Available memory values: 32GB and 120 GB in 8 GB increments This option requires Linux platform 1.4.0 or later.
stringThe Amazon Resource Name (ARN) of the task execution role that grants the Amazon ECS container agent permission to make AWS API calls on your behalf. The task execution IAM role is required depending on the requirements of your task. For more information, see [Amazon ECS task execution IAM role](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_execution_IAM_role.html) in the *Amazon Elastic Container Service Developer Guide*.
objectThe ephemeral storage settings to use for tasks run with the task definition.
arrayThe Elastic Inference accelerators to use for the containers in the task.
stringThe amount (in MiB) of memory used by the task.
If your tasks runs on Amazon EC2 instances, you must specify either a task-level memory value or a container-level memory value. This field is optional and any value can be used. If a task-level memory value is specified, the container-level memory value is optional. For more information regarding container-level memory and memory reservation, see [ContainerDefinition](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_ContainerDefinition.html).
If your tasks runs on FARGATElong, this field is required. You must use one of the following values. The value you choose determines your range of valid values for the cpu parameter.
+ 512 (0.5 GB), 1024 (1 GB), 2048 (2 GB) - Available cpu values: 256 (.25 vCPU)
+ 1024 (1 GB), 2048 (2 GB), 3072 (3 GB), 4096 (4 GB) - Available cpu values: 512 (.5 vCPU)
+ 2048 (2 GB), 3072 (3 GB), 4096 (4 GB), 5120 (5 GB), 6144 (6 GB), 7168 (7 GB), 8192 (8 GB) - Available cpu values: 1024 (1 vCPU)
+ Between 4096 (4 GB) and 16384 (16 GB) in increments of 1024 (1 GB) - Available cpu values: 2048 (2 vCPU)
+ Between 8192 (8 GB) and 30720 (30 GB) in increments of 1024 (1 GB) - Available cpu values: 4096 (4 vCPU)
+ Between 16 GB and 60 GB in 4 GB increments - Available cpu values: 8192 (8 vCPU)
This option requires Linux platform 1.4.0 or later.
+ Between 32GB and 120 GB in 8 GB increments - Available cpu values: 16384 (16 vCPU)
This option requires Linux platform 1.4.0 or later.
stringThe Docker networking mode to use for the containers in the task. The valid values are none, bridge, awsvpc, and host. If no network mode is specified, the default is bridge.
For Amazon ECS tasks on Fargate, the awsvpc network mode is required. For Amazon ECS tasks on Amazon EC2 Linux instances, any network mode can be used. For Amazon ECS tasks on Amazon EC2 Windows instances, or awsvpc can be used. If the network mode is set to none, you cannot specify port mappings in your container definitions, and the tasks containers do not have external connectivity. The host and awsvpc network modes offer the highest networking performance for containers because they use the EC2 network stack instead of the virtualized network stack provided by the bridge mode.
With the host and awsvpc network modes, exposed container ports are mapped directly to the corresponding host port (for the host network mode) or the attached elastic network interface port (for the awsvpc network mode), so you cannot take advantage of dynamic host port mappings.
When using the host network mode, you should not run containers using the root user (UID 0). It is considered best practice to use a non-root user.
If the network mode is awsvpc, the task is allocated an elastic network interface, and you must specify a NetworkConfiguration value when you create a service or run a task with the task definition. For more information, see [Task Networking](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html) in the *Amazon Elastic Container Service Developer Guide*.
If the network mode is host, you cannot run multiple instantiations of the same task on a single container instance when port mappings are used.
For more information, see [Network settings](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#network-settings) in the *Docker run reference*.
arrayAn array of placement constraint objects to use for tasks.
This parameter isn't supported for tasks run on FARGATElong.
objectThe configuration details for the App Mesh proxy.
Your Amazon ECS container instances require at least version 1.26.0 of the container agent and at least version 1.26.0-1 of the ecs-init package to use a proxy configuration. If your container instances are launched from the Amazon ECS optimized AMI version 20190301 or later, they contain the required versions of the container agent and ecs-init. For more information, see [Amazon ECS-optimized Linux AMI](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html) in the *Amazon Elastic Container Service Developer Guide*.
stringThe amount (in MiB) of memory used by the task. If your tasks runs on Amazon EC2 instances, you must specify either a task-level memory value or a container-level memory value. This field is optional and any value can be used. If a task-level memory value is specified, the container-level memory value is optional. For more information regarding container-level memory and memory reservation, see [ContainerDefinition](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_ContainerDefinition.html). If your tasks runs on FARGATElong, this field is required. You must use one of the following values. The value you choose determines your range of valid values for the cpu parameter. + 512 (0.5 GB), 1024 (1 GB), 2048 (2 GB) - Available cpu values: 256 (.25 vCPU) + 1024 (1 GB), 2048 (2 GB), 3072 (3 GB), 4096 (4 GB) - Available cpu values: 512 (.5 vCPU) + 2048 (2 GB), 3072 (3 GB), 4096 (4 GB), 5120 (5 GB), 6144 (6 GB), 7168 (7 GB), 8192 (8 GB) - Available cpu values: 1024 (1 vCPU) + Between 4096 (4 GB) and 16384 (16 GB) in increments of 1024 (1 GB) - Available cpu values: 2048 (2 vCPU) + Between 8192 (8 GB) and 30720 (30 GB) in increments of 1024 (1 GB) - Available cpu values: 4096 (4 vCPU) + Between 16 GB and 60 GB in 4 GB increments - Available cpu values: 8192 (8 vCPU) This option requires Linux platform 1.4.0 or later. + Between 32GB and 120 GB in 8 GB increments - Available cpu values: 16384 (16 vCPU) This option requires Linux platform 1.4.0 or later.
stringThe Docker networking mode to use for the containers in the task. The valid values are none, bridge, awsvpc, and host. If no network mode is specified, the default is bridge. For Amazon ECS tasks on Fargate, the awsvpc network mode is required. For Amazon ECS tasks on Amazon EC2 Linux instances, any network mode can be used. For Amazon ECS tasks on Amazon EC2 Windows instances, default or awsvpc can be used. If the network mode is set to none, you cannot specify port mappings in your container definitions, and the tasks containers do not have external connectivity. The host and awsvpc network modes offer the highest networking performance for containers because they use the EC2 network stack instead of the virtualized network stack provided by the bridge mode. With the host and awsvpc network modes, exposed container ports are mapped directly to the corresponding host port (for the host network mode) or the attached elastic network interface port (for the awsvpc network mode), so you cannot take advantage of dynamic host port mappings. When using the host network mode, you should not run containers using the root user (UID 0). It is considered best practice to use a non-root user. If the network mode is awsvpc, the task is allocated an elastic network interface, and you must specify a NetworkConfiguration value when you create a service or run a task with the task definition. For more information, see [Task Networking](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html) in the *Amazon Elastic Container Service Developer Guide*. If the network mode is host, you cannot run multiple instantiations of the same task on a single container instance when port mappings are used. For more information, see [Network settings](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#network-settings) in the *Docker run reference*.
arrayAn array of placement constraint objects to use for tasks. This parameter isn't supported for tasks run on FARGATElong.
objectThe configuration details for the App Mesh proxy. Your Amazon ECS container instances require at least version 1.26.0 of the container agent and at least version 1.26.0-1 of the ecs-init package to use a proxy configuration. If your container instances are launched from the Amazon ECS optimized AMI version 20190301 or later, they contain the required versions of the container agent and ecs-init. For more information, see [Amazon ECS-optimized Linux AMI](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html) in the *Amazon Elastic Container Service Developer Guide*.
arrayThe task launch types the task definition was validated against. The valid values are EC2, FARGATE, and EXTERNAL. For more information, see [Amazon ECS launch types](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html) in the *Amazon Elastic Container Service Developer Guide*.
stringThe short name or full Amazon Resource Name (ARN) of the IAMlong role that grants containers in the task permission to call AWS APIs on your behalf. For more information, see [Amazon ECS Task Role](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html) in the *Amazon Elastic Container Service Developer Guide*.
IAM roles for tasks on Windows require that the -EnableTaskIAMRole option is set when you launch the Amazon ECS-optimized Windows AMI. Your containers must also run some configuration code to use the feature. For more information, see [Windows IAM roles for tasks](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/windows_task_IAM_roles.html) in the *Amazon Elastic Container Service Developer Guide*.
arrayThe list of data volume definitions for the task. For more information, see [Using data volumes in tasks](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_data_volumes.html) in the *Amazon Elastic Container Service Developer Guide*.
The host and sourcePath parameters aren't supported for tasks run on FARGATElong.
stringThe process namespace to use for the containers in the task. The valid values are host or task. On Fargate for Linux containers, the only valid value is task. For example, monitoring sidecars might need pidMode to access information about other containers running in the same task.
If host is specified, all containers within the tasks that specified the host PID mode on the same container instance share the same process namespace with the host Amazon EC2 instance.
If task is specified, all containers within the specified task share the same process namespace.
If no value is specified, the default is a private namespace for each container. For more information, see [PID settings](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#pid-settings---pid) in the *Docker run reference*.
If the host PID mode is used, there's a heightened risk of undesired process namespace exposure. For more information, see [Docker security](https://docs.aws.amazon.com/https://docs.docker.com/engine/security/security/).
This parameter is not supported for Windows containers.
This parameter is only supported for tasks that are hosted on FARGATElong if the tasks are using platform version 1.4.0 or later (Linux). This isn't supported for Windows containers on Fargate.
stringThe short name or full Amazon Resource Name (ARN) of the IAMlong role that grants containers in the task permission to call AWS APIs on your behalf. For more information, see [Amazon ECS Task Role](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html) in the *Amazon Elastic Container Service Developer Guide*. IAM roles for tasks on Windows require that the -EnableTaskIAMRole option is set when you launch the Amazon ECS-optimized Windows AMI. Your containers must also run some configuration code to use the feature. For more information, see [Windows IAM roles for tasks](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/windows_task_IAM_roles.html) in the *Amazon Elastic Container Service Developer Guide*.
arrayThe list of data volume definitions for the task. For more information, see [Using data volumes in tasks](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_data_volumes.html) in the *Amazon Elastic Container Service Developer Guide*. The host and sourcePath parameters aren't supported for tasks run on FARGATElong.
stringThe process namespace to use for the containers in the task. The valid values are host or task. On Fargate for Linux containers, the only valid value is task. For example, monitoring sidecars might need pidMode to access information about other containers running in the same task. If host is specified, all containers within the tasks that specified the host PID mode on the same container instance share the same process namespace with the host Amazon EC2 instance. If task is specified, all containers within the specified task share the same process namespace. If no value is specified, the default is a private namespace for each container. For more information, see [PID settings](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#pid-settings---pid) in the *Docker run reference*. If the host PID mode is used, there's a heightened risk of undesired process namespace exposure. For more information, see [Docker security](https://docs.aws.amazon.com/https://docs.docker.com/engine/security/security/). This parameter is not supported for Windows containers. This parameter is only supported for tasks that are hosted on FARGATElong if the tasks are using platform version 1.4.0 or later (Linux). This isn't supported for Windows containers on Fargate.
objectThe operating system that your tasks definitions run on. A platform family is specified only for tasks using the Fargate launch type.
stringThe IPC resource namespace to use for the containers in the task. The valid values are host, task, or none. If host is specified, then all containers within the tasks that specified the host IPC mode on the same container instance share the same IPC resources with the host Amazon EC2 instance. If task is specified, all containers within the specified task share the same IPC resources. If none is specified, then IPC resources within the containers of a task are private and not shared with other containers in a task or on the container instance. If no value is specified, then the IPC resource namespace sharing depends on the Docker daemon setting on the container instance. For more information, see [IPC settings](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#ipc-settings---ipc) in the *Docker run reference*.
If the host IPC mode is used, be aware that there is a heightened risk of undesired IPC namespace expose. For more information, see [Docker security](https://docs.aws.amazon.com/https://docs.docker.com/engine/security/security/).
If you are setting namespaced kernel parameters using systemControls for the containers in the task, the following will apply to your IPC resource namespace. For more information, see [System Controls](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html) in the *Amazon Elastic Container Service Developer Guide*.
+ For tasks that use the host IPC mode, IPC namespace related systemControls are not supported.
+ For tasks that use the task IPC mode, IPC namespace related systemControls will apply to all containers within a task.

This parameter is not supported for Windows containers or tasks run on FARGATElong.
arrayThe metadata that you apply to the task definition to help you categorize and organize them. Each tag consists of a key and an optional value. You define both of them.
The following basic restrictions apply to tags:
+ Maximum number of tags per resource - 50
+ For each resource, each tag key must be unique, and each tag key can have only one value.
+ Maximum key length - 128 Unicode characters in UTF-8
+ Maximum value length - 256 Unicode characters in UTF-8
+ If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @.
+ Tag keys and values are case-sensitive.
+ Do not use aws:, AWS:, or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for AWS use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit.
stringThe IPC resource namespace to use for the containers in the task. The valid values are host, task, or none. If host is specified, then all containers within the tasks that specified the host IPC mode on the same container instance share the same IPC resources with the host Amazon EC2 instance. If task is specified, all containers within the specified task share the same IPC resources. If none is specified, then IPC resources within the containers of a task are private and not shared with other containers in a task or on the container instance. If no value is specified, then the IPC resource namespace sharing depends on the Docker daemon setting on the container instance. For more information, see [IPC settings](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/run/#ipc-settings---ipc) in the *Docker run reference*. If the host IPC mode is used, be aware that there is a heightened risk of undesired IPC namespace expose. For more information, see [Docker security](https://docs.aws.amazon.com/https://docs.docker.com/engine/security/security/). If you are setting namespaced kernel parameters using systemControls for the containers in the task, the following will apply to your IPC resource namespace. For more information, see [System Controls](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html) in the *Amazon Elastic Container Service Developer Guide*. + For tasks that use the host IPC mode, IPC namespace related systemControls are not supported. + For tasks that use the task IPC mode, IPC namespace related systemControls will apply to all containers within a task. This parameter is not supported for Windows containers or tasks run on FARGATElong.
arrayThe metadata that you apply to the task definition to help you categorize and organize them. Each tag consists of a key and an optional value. You define both of them. The following basic restrictions apply to tags: + Maximum number of tags per resource - 50 + For each resource, each tag key must be unique, and each tag key can have only one value. + Maximum key length - 128 Unicode characters in UTF-8 + Maximum value length - 256 Unicode characters in UTF-8 + If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @. + Tag keys and values are case-sensitive. + Do not use aws:, AWS:, or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for AWS use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit.
stringAWS region.
diff --git a/docs/aws-docs/providers/aws/efs/access_points/index.md b/docs/aws-docs/providers/aws/efs/access_points/index.md index 828053b7a8..a046075684 100644 --- a/docs/aws-docs/providers/aws/efs/access_points/index.md +++ b/docs/aws-docs/providers/aws/efs/access_points/index.md @@ -25,7 +25,7 @@ Creates, updates, deletes or gets an access_point resource or lists - +
Nameaccess_points
TypeResource
DescriptionThe AWS::EFS::AccessPoint resource creates an EFS access point. An access point is an application-specific view into an EFS file system that applies an operating system user and group, and a file system path, to any file system request made through the access point. The operating system user and group override any identity information provided by the NFS client. The file system path is exposed as the access point's root directory. Applications using the access point can only access data in its own directory and below. To learn more, see [Mounting a file system using EFS access points](https://docs.aws.amazon.com/efs/latest/ug/efs-access-points.html).
This operation requires permissions for the elasticfilesystem:CreateAccessPoint action.
DescriptionThe AWS::EFS::AccessPoint resource creates an EFS access point. An access point is an application-specific view into an EFS file system that applies an operating system user and group, and a file system path, to any file system request made through the access point. The operating system user and group override any identity information provided by the NFS client. The file system path is exposed as the access point's root directory. Applications using the access point can only access data in its own directory and below. To learn more, see [Mounting a file system using EFS access points](https://docs.aws.amazon.com/efs/latest/ug/efs-access-points.html). This operation requires permissions for the elasticfilesystem:CreateAccessPoint action.
Id
@@ -33,7 +33,7 @@ Creates, updates, deletes or gets an access_point resource or lists - + diff --git a/docs/aws-docs/providers/aws/efs/file_systems/index.md b/docs/aws-docs/providers/aws/efs/file_systems/index.md index 31d6e0036d..a6189c0976 100644 --- a/docs/aws-docs/providers/aws/efs/file_systems/index.md +++ b/docs/aws-docs/providers/aws/efs/file_systems/index.md @@ -34,16 +34,16 @@ Creates, updates, deletes or gets a file_system resource or lists < - - + + - + - + - +
NameDatatypeDescription
string
string
stringThe opaque string specified in the request to ensure idempotent creation.
arrayAn array of key-value pairs to apply to this resource.
For more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html).
arrayAn array of key-value pairs to apply to this resource. For more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html).
stringThe ID of the EFS file system that the access point applies to. Accepts only the ID format for input when specifying a file system, for example fs-0123456789abcedf2.
objectThe full POSIX identity, including the user ID, group ID, and secondary group IDs on the access point that is used for all file operations by NFS clients using the access point.
objectThe directory on the EFS file system that the access point exposes as the root directory to NFS clients using the access point.
undefined
booleanA Boolean value that, if true, creates an encrypted file system. When creating an encrypted file system, you have the option of specifying a KmsKeyId for an existing kms-key-long. If you don't specify a kms-key, then the default kms-key for EFS, /aws/elasticfilesystem, is used to protect the encrypted file system.
arrayUse to create one or more tags associated with the file system. Each tag is a user-defined key-value pair. Name your file system on creation by including a "Key":"Name","Value":"{value}" key-value pair. Each key must be unique. For more information, see [Tagging resources](https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html) in the *General Reference Guide*.
stringThe ID of the kms-key-long to be used to protect the encrypted file system. This parameter is only required if you want to use a nondefault kms-key. If this parameter is not specified, the default kms-key for EFS is used. This ID can be in one of the following formats:
+ Key ID - A unique identifier of the key, for example 1234abcd-12ab-34cd-56ef-1234567890ab.
+ ARN - An Amazon Resource Name (ARN) for the key, for example arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab.
+ Key alias - A previously created display name for a key, for example alias/projectKey1.
+ Key alias ARN - An ARN for a key alias, for example arn:aws:kms:us-west-2:444455556666:alias/projectKey1.

If KmsKeyId is specified, the Encrypted parameter must be set to true.
arrayAn array of LifecyclePolicy objects that define the file system's LifecycleConfiguration object. A LifecycleConfiguration object informs Lifecycle management of the following:
+ When to move files in the file system from primary storage to IA storage.
+ When to move files in the file system from primary storage or IA storage to Archive storage.
+ When to move files that are in IA or Archive storage to primary storage.

EFS requires that each LifecyclePolicy object have only a single transition. This means that in a request body, LifecyclePolicies needs to be structured as an array of LifecyclePolicy objects, one object for each transition, TransitionToIA, TransitionToArchive TransitionToPrimaryStorageClass. See the example requests in the following section for more information.
stringThe ID of the kms-key-long to be used to protect the encrypted file system. This parameter is only required if you want to use a nondefault kms-key. If this parameter is not specified, the default kms-key for EFS is used. This ID can be in one of the following formats: + Key ID - A unique identifier of the key, for example 1234abcd-12ab-34cd-56ef-1234567890ab. + ARN - An Amazon Resource Name (ARN) for the key, for example arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab. + Key alias - A previously created display name for a key, for example alias/projectKey1. + Key alias ARN - An ARN for a key alias, for example arn:aws:kms:us-west-2:444455556666:alias/projectKey1. If KmsKeyId is specified, the Encrypted parameter must be set to true.
arrayAn array of LifecyclePolicy objects that define the file system's LifecycleConfiguration object. A LifecycleConfiguration object informs Lifecycle management of the following: + When to move files in the file system from primary storage to IA storage. + When to move files in the file system from primary storage or IA storage to Archive storage. + When to move files that are in IA or Archive storage to primary storage. EFS requires that each LifecyclePolicy object have only a single transition. This means that in a request body, LifecyclePolicies needs to be structured as an array of LifecyclePolicy objects, one object for each transition, TransitionToIA, TransitionToArchive TransitionToPrimaryStorageClass. See the example requests in the following section for more information.
objectDescribes the protection on the file system.
stringThe Performance mode of the file system. We recommend generalPurpose performance mode for all file systems. File systems using the maxIO performance mode can scale to higher levels of aggregate throughput and operations per second with a tradeoff of slightly higher latencies for most file operations. The performance mode can't be changed after the file system has been created. The maxIO mode is not supported on One Zone file systems.
Due to the higher per-operation latencies with Max I/O, we recommend using General Purpose performance mode for all file systems.
Default is generalPurpose.
stringThe Performance mode of the file system. We recommend generalPurpose performance mode for all file systems. File systems using the maxIO performance mode can scale to higher levels of aggregate throughput and operations per second with a tradeoff of slightly higher latencies for most file operations. The performance mode can't be changed after the file system has been created. The maxIO mode is not supported on One Zone file systems. Due to the higher per-operation latencies with Max I/O, we recommend using General Purpose performance mode for all file systems. Default is generalPurpose.
numberThe throughput, measured in mebibytes per second (MiBps), that you want to provision for a file system that you're creating. Required if ThroughputMode is set to provisioned. Valid values are 1-3414 MiBps, with the upper limit depending on Region. To increase this limit, contact SUP. For more information, see [Amazon EFS quotas that you can increase](https://docs.aws.amazon.com/efs/latest/ug/limits.html#soft-limits) in the *Amazon EFS User Guide*.
stringSpecifies the throughput mode for the file system. The mode can be bursting, provisioned, or elastic. If you set ThroughputMode to provisioned, you must also set a value for ProvisionedThroughputInMibps. After you create the file system, you can decrease your file system's Provisioned throughput or change between the throughput modes, with certain time restrictions. For more information, see [Specifying throughput with provisioned mode](https://docs.aws.amazon.com/efs/latest/ug/performance.html#provisioned-throughput) in the *Amazon EFS User Guide*.
Default is bursting.
stringSpecifies the throughput mode for the file system. The mode can be bursting, provisioned, or elastic. If you set ThroughputMode to provisioned, you must also set a value for ProvisionedThroughputInMibps. After you create the file system, you can decrease your file system's Provisioned throughput or change between the throughput modes, with certain time restrictions. For more information, see [Specifying throughput with provisioned mode](https://docs.aws.amazon.com/efs/latest/ug/performance.html#provisioned-throughput) in the *Amazon EFS User Guide*. Default is bursting.
objectThe FileSystemPolicy for the EFS file system. A file system policy is an IAM resource policy used to control NFS access to an EFS file system. For more information, see [Using to control NFS access to Amazon EFS](https://docs.aws.amazon.com/efs/latest/ug/iam-access-control-nfs-efs.html) in the *Amazon EFS User Guide*.
boolean(Optional) A boolean that specifies whether or not to bypass the FileSystemPolicy lockout safety check. The lockout safety check determines whether the policy in the request will lock out, or prevent, the IAM principal that is making the request from making future PutFileSystemPolicy requests on this file system. Set BypassPolicyLockoutSafetyCheck to True only when you intend to prevent the IAM principal that is making the request from making subsequent PutFileSystemPolicy requests on this file system. The default value is False.
objectUse the BackupPolicy to turn automatic backups on or off for the file system.
stringFor One Zone file systems, specify the AWS Availability Zone in which to create the file system. Use the format us-east-1a to specify the Availability Zone. For more information about One Zone file systems, see [EFS file system types](https://docs.aws.amazon.com/efs/latest/ug/availability-durability.html#file-system-type) in the *Amazon EFS User Guide*.
One Zone file systems are not available in all Availability Zones in AWS-Regions where Amazon EFS is available.
stringFor One Zone file systems, specify the AWS Availability Zone in which to create the file system. Use the format us-east-1a to specify the Availability Zone. For more information about One Zone file systems, see [EFS file system types](https://docs.aws.amazon.com/efs/latest/ug/availability-durability.html#file-system-type) in the *Amazon EFS User Guide*. One Zone file systems are not available in all Availability Zones in AWS-Regions where Amazon EFS is available.
objectDescribes the replication configuration for a specific file system.
stringAWS region.
diff --git a/docs/aws-docs/providers/aws/elasticbeanstalk/configuration_templates/index.md b/docs/aws-docs/providers/aws/elasticbeanstalk/configuration_templates/index.md index 432f8a5ce0..25a455c4db 100644 --- a/docs/aws-docs/providers/aws/elasticbeanstalk/configuration_templates/index.md +++ b/docs/aws-docs/providers/aws/elasticbeanstalk/configuration_templates/index.md @@ -35,8 +35,8 @@ Creates, updates, deletes or gets a configuration_template resource stringThe ID of an environment whose settings you want to use to create the configuration template. You must specify EnvironmentId if you don't specify PlatformArn, SolutionStackName, or SourceConfiguration. arrayOption values for the Elastic Beanstalk configuration, such as the instance type. If specified, these values override the values obtained from the solution stack or the source configuration template. For a complete list of Elastic Beanstalk configuration options, see [Option Values](https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/command-options.html) in the AWS Elastic Beanstalk Developer Guide. stringThe Amazon Resource Name (ARN) of the custom platform. For more information, see [Custom Platforms](https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/custom-platforms.html) in the AWS Elastic Beanstalk Developer Guide. -stringThe name of an Elastic Beanstalk solution stack (platform version) that this configuration uses. For example, 64bit Amazon Linux 2013.09 running Tomcat 7 Java 7. A solution stack specifies the operating system, runtime, and application server for a configuration template. It also determines the set of configuration options as well as the possible and default values. For more information, see [Supported Platforms](https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/concepts.platforms.html) in the AWS Elastic Beanstalk Developer Guide.

You must specify SolutionStackName if you don't specify PlatformArn, EnvironmentId, or SourceConfiguration.

Use the ListAvailableSolutionStacks API to obtain a list of available solution stacks. -objectAn Elastic Beanstalk configuration template to base this one on. If specified, Elastic Beanstalk uses the configuration values from the specified configuration template to create a new configuration.

Values specified in OptionSettings override any values obtained from the SourceConfiguration.

You must specify SourceConfiguration if you don't specify PlatformArn, EnvironmentId, or SolutionStackName.

Constraint: If both solution stack name and source configuration are specified, the solution stack of the source configuration template must match the specified solution stack name. +stringThe name of an Elastic Beanstalk solution stack (platform version) that this configuration uses. For example, 64bit Amazon Linux 2013.09 running Tomcat 7 Java 7. A solution stack specifies the operating system, runtime, and application server for a configuration template. It also determines the set of configuration options as well as the possible and default values. For more information, see [Supported Platforms](https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/concepts.platforms.html) in the AWS Elastic Beanstalk Developer Guide. You must specify SolutionStackName if you don't specify PlatformArn, EnvironmentId, or SourceConfiguration. Use the ListAvailableSolutionStacks API to obtain a list of available solution stacks. +objectAn Elastic Beanstalk configuration template to base this one on. If specified, Elastic Beanstalk uses the configuration values from the specified configuration template to create a new configuration. Values specified in OptionSettings override any values obtained from the SourceConfiguration. You must specify SourceConfiguration if you don't specify PlatformArn, EnvironmentId, or SolutionStackName. Constraint: If both solution stack name and source configuration are specified, the solution stack of the source configuration template must match the specified solution stack name. stringThe name of the configuration template stringAWS region. diff --git a/docs/aws-docs/providers/aws/elasticloadbalancingv2/listener_rules/index.md b/docs/aws-docs/providers/aws/elasticloadbalancingv2/listener_rules/index.md index 6cb7fb038b..d4f8270ef7 100644 --- a/docs/aws-docs/providers/aws/elasticloadbalancingv2/listener_rules/index.md +++ b/docs/aws-docs/providers/aws/elasticloadbalancingv2/listener_rules/index.md @@ -25,16 +25,16 @@ Creates, updates, deletes or gets a listener_rule resource or lists - +
Namelistener_rules
TypeResource
DescriptionSpecifies a listener rule. The listener must be associated with an Application Load Balancer. Each rule consists of a priority, one or more actions, and one or more conditions.
For more information, see [Quotas for your Application Load Balancers](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-limits.html) in the *User Guide for Application Load Balancers*.
DescriptionSpecifies a listener rule. The listener must be associated with an Application Load Balancer. Each rule consists of a priority, one or more actions, and one or more conditions. For more information, see [Quotas for your Application Load Balancers](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-limits.html) in the *User Guide for Application Load Balancers*.
Id
## Fields - - - + + +
NameDatatypeDescription
stringThe Amazon Resource Name (ARN) of the listener.
string
arrayThe actions.
The rule must include exactly one of the following types of actions: forward, fixed-response, or redirect, and it must be the last action to be performed. If the rule is for an HTTPS listener, it can also optionally include an authentication action.
integerThe rule priority. A listener can't have multiple rules with the same priority.
If you try to reorder rules by updating their priorities, do not specify a new priority if an existing rule already uses this priority, as this can cause an error. If you need to reuse a priority with a different rule, you must remove it as a priority first, and then specify it in a subsequent update.
arrayThe conditions.
The rule can optionally include up to one of each of the following conditions: http-request-method, host-header, path-pattern, and source-ip. A rule can also optionally include one or more of each of the following conditions: http-header and query-string.
arrayThe actions. The rule must include exactly one of the following types of actions: forward, fixed-response, or redirect, and it must be the last action to be performed. If the rule is for an HTTPS listener, it can also optionally include an authentication action.
integerThe rule priority. A listener can't have multiple rules with the same priority. If you try to reorder rules by updating their priorities, do not specify a new priority if an existing rule already uses this priority, as this can cause an error. If you need to reuse a priority with a different rule, you must remove it as a priority first, and then specify it in a subsequent update.
arrayThe conditions. The rule can optionally include up to one of each of the following conditions: http-request-method, host-header, path-pattern, and source-ip. A rule can also optionally include one or more of each of the following conditions: http-header and query-string.
boolean
stringAWS region.
diff --git a/docs/aws-docs/providers/aws/elasticloadbalancingv2/listeners/index.md b/docs/aws-docs/providers/aws/elasticloadbalancingv2/listeners/index.md index 1a730ef86b..f91aa6b134 100644 --- a/docs/aws-docs/providers/aws/elasticloadbalancingv2/listeners/index.md +++ b/docs/aws-docs/providers/aws/elasticloadbalancingv2/listeners/index.md @@ -33,11 +33,11 @@ Creates, updates, deletes or gets a listener resource or lists NameDatatypeDescriptionstring objectThe mutual authentication configuration information. array[TLS listener] The name of the Application-Layer Protocol Negotiation (ALPN) policy. -string[HTTPS and TLS listeners] The security policy that defines which protocols and ciphers are supported.
Updating the security policy can result in interruptions if the load balancer is handling a high volume of traffic.
For more information, see [Security policies](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html#describe-ssl-policies) in the *Application Load Balancers Guide* and [Security policies](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/create-tls-listener.html#describe-ssl-policies) in the *Network Load Balancers Guide*. +string[HTTPS and TLS listeners] The security policy that defines which protocols and ciphers are supported. Updating the security policy can result in interruptions if the load balancer is handling a high volume of traffic. For more information, see [Security policies](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html#describe-ssl-policies) in the *Application Load Balancers Guide* and [Security policies](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/create-tls-listener.html#describe-ssl-policies) in the *Network Load Balancers Guide*. stringThe Amazon Resource Name (ARN) of the load balancer. -arrayThe actions for the default rule. You cannot define a condition for a default rule.
To create additional rules for an Application Load Balancer, use [AWS::ElasticLoadBalancingV2::ListenerRule](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-listenerrule.html). +arrayThe actions for the default rule. You cannot define a condition for a default rule. To create additional rules for an Application Load Balancer, use [AWS::ElasticLoadBalancingV2::ListenerRule](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-listenerrule.html). integerThe port on which the load balancer is listening. You cannot specify a port for a Gateway Load Balancer. -arrayThe default SSL server certificate for a secure listener. You must provide exactly one certificate if the listener protocol is HTTPS or TLS.
To create a certificate list for a secure listener, use [AWS::ElasticLoadBalancingV2::ListenerCertificate](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-listenercertificate.html). +arrayThe default SSL server certificate for a secure listener. You must provide exactly one certificate if the listener protocol is HTTPS or TLS. To create a certificate list for a secure listener, use [AWS::ElasticLoadBalancingV2::ListenerCertificate](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-listenercertificate.html). stringThe protocol for connections from clients to the load balancer. For Application Load Balancers, the supported protocols are HTTP and HTTPS. For Network Load Balancers, the supported protocols are TCP, TLS, UDP, and TCP_UDP. You can’t specify the UDP or TCP_UDP protocol if dual-stack mode is enabled. You cannot specify a protocol for a Gateway Load Balancer. stringAWS region. diff --git a/docs/aws-docs/providers/aws/elasticloadbalancingv2/load_balancers/index.md b/docs/aws-docs/providers/aws/elasticloadbalancingv2/load_balancers/index.md index 8f3f112344..bbde9d106d 100644 --- a/docs/aws-docs/providers/aws/elasticloadbalancingv2/load_balancers/index.md +++ b/docs/aws-docs/providers/aws/elasticloadbalancingv2/load_balancers/index.md @@ -33,17 +33,17 @@ Creates, updates, deletes or gets a load_balancer resource or lists - + - + - + - +
NameDatatypeDescription
stringThe IP address type. The possible values are ipv4 (for IPv4 addresses) and dualstack (for IPv4 and IPv6 addresses). You can’t specify dualstack for a load balancer with a UDP or TCP_UDP listener.
array[Application Load Balancers and Network Load Balancers] The IDs of the security groups for the load balancer.
arrayThe load balancer attributes.
stringThe nodes of an Internet-facing load balancer have public IP addresses. The DNS name of an Internet-facing load balancer is publicly resolvable to the public IP addresses of the nodes. Therefore, Internet-facing load balancers can route requests from clients over the internet.
The nodes of an internal load balancer have only private IP addresses. The DNS name of an internal load balancer is publicly resolvable to the private IP addresses of the nodes. Therefore, internal load balancers can route requests only from clients with access to the VPC for the load balancer.
The default is an Internet-facing load balancer.
You cannot specify a scheme for a Gateway Load Balancer.
stringThe nodes of an Internet-facing load balancer have public IP addresses. The DNS name of an Internet-facing load balancer is publicly resolvable to the public IP addresses of the nodes. Therefore, Internet-facing load balancers can route requests from clients over the internet. The nodes of an internal load balancer have only private IP addresses. The DNS name of an internal load balancer is publicly resolvable to the private IP addresses of the nodes. Therefore, internal load balancers can route requests only from clients with access to the VPC for the load balancer. The default is an Internet-facing load balancer. You cannot specify a scheme for a Gateway Load Balancer.
string
stringThe name of the load balancer. This name must be unique per region per account, can have a maximum of 32 characters, must contain only alphanumeric characters or hyphens, must not begin or end with a hyphen, and must not begin with "internal-".
If you don't specify a name, AWS CloudFormation generates a unique physical ID for the load balancer. If you specify a name, you cannot perform updates that require replacement of this resource, but you can perform other updates. To replace the resource, specify a new name.
stringThe name of the load balancer. This name must be unique per region per account, can have a maximum of 32 characters, must contain only alphanumeric characters or hyphens, must not begin or end with a hyphen, and must not begin with "internal-". If you don't specify a name, AWS CloudFormation generates a unique physical ID for the load balancer. If you specify a name, you cannot perform updates that require replacement of this resource, but you can perform other updates. To replace the resource, specify a new name.
string
string
arrayThe IDs of the subnets. You can specify only one subnet per Availability Zone. You must specify either subnets or subnet mappings, but not both. To specify an Elastic IP address, specify subnet mappings instead of subnets.
[Application Load Balancers] You must specify subnets from at least two Availability Zones.
[Application Load Balancers on Outposts] You must specify one Outpost subnet.
[Application Load Balancers on Local Zones] You can specify subnets from one or more Local Zones.
[Network Load Balancers] You can specify subnets from one or more Availability Zones.
[Gateway Load Balancers] You can specify subnets from one or more Availability Zones.
arrayThe IDs of the subnets. You can specify only one subnet per Availability Zone. You must specify either subnets or subnet mappings, but not both. To specify an Elastic IP address, specify subnet mappings instead of subnets. [Application Load Balancers] You must specify subnets from at least two Availability Zones. [Application Load Balancers on Outposts] You must specify one Outpost subnet. [Application Load Balancers on Local Zones] You can specify subnets from one or more Local Zones. [Network Load Balancers] You can specify subnets from one or more Availability Zones. [Gateway Load Balancers] You can specify subnets from one or more Availability Zones.
stringThe type of load balancer. The default is application.
string
arrayThe tags to assign to the load balancer.
string
arrayThe IDs of the subnets. You can specify only one subnet per Availability Zone. You must specify either subnets or subnet mappings, but not both.
[Application Load Balancers] You must specify subnets from at least two Availability Zones. You cannot specify Elastic IP addresses for your subnets.
[Application Load Balancers on Outposts] You must specify one Outpost subnet.
[Application Load Balancers on Local Zones] You can specify subnets from one or more Local Zones.
[Network Load Balancers] You can specify subnets from one or more Availability Zones. You can specify one Elastic IP address per subnet if you need static IP addresses for your internet-facing load balancer. For internal load balancers, you can specify one private IP address per subnet from the IPv4 range of the subnet. For internet-facing load balancer, you can specify one IPv6 address per subnet.
[Gateway Load Balancers] You can specify subnets from one or more Availability Zones. You cannot specify Elastic IP addresses for your subnets.
arrayThe IDs of the subnets. You can specify only one subnet per Availability Zone. You must specify either subnets or subnet mappings, but not both. [Application Load Balancers] You must specify subnets from at least two Availability Zones. You cannot specify Elastic IP addresses for your subnets. [Application Load Balancers on Outposts] You must specify one Outpost subnet. [Application Load Balancers on Local Zones] You can specify subnets from one or more Local Zones. [Network Load Balancers] You can specify subnets from one or more Availability Zones. You can specify one Elastic IP address per subnet if you need static IP addresses for your internet-facing load balancer. For internal load balancers, you can specify one private IP address per subnet from the IPv4 range of the subnet. For internet-facing load balancer, you can specify one IPv6 address per subnet. [Gateway Load Balancers] You can specify subnets from one or more Availability Zones. You cannot specify Elastic IP addresses for your subnets.
stringIndicates whether to evaluate inbound security group rules for traffic sent to a Network Load Balancer through privatelink.
stringAWS region.
diff --git a/docs/aws-docs/providers/aws/events/rules/index.md b/docs/aws-docs/providers/aws/events/rules/index.md index 6a399288ed..bf85820709 100644 --- a/docs/aws-docs/providers/aws/events/rules/index.md +++ b/docs/aws-docs/providers/aws/events/rules/index.md @@ -35,7 +35,7 @@ Creates, updates, deletes or gets a rule resource or lists ru stringThe scheduling expression. For example, "cron(0 20 * * ? *)", "rate(5 minutes)". For more information, see Creating an Amazon EventBridge rule that runs on a schedule. stringThe description of the rule. stringThe state of the rule. -arrayAdds the specified targets to the specified rule, or updates the targets if they are already associated with the rule.
Targets are the resources that are invoked when a rule is triggered. +arrayAdds the specified targets to the specified rule, or updates the targets if they are already associated with the rule. Targets are the resources that are invoked when a rule is triggered. stringThe ARN of the rule, such as arn:aws:events:us-east-2:123456789012:rule/example. stringThe Amazon Resource Name (ARN) of the role that is used for target invocation. stringThe name of the rule. diff --git a/docs/aws-docs/providers/aws/fsx/data_repository_associations/index.md b/docs/aws-docs/providers/aws/fsx/data_repository_associations/index.md index c34efdd635..cce3ba3800 100644 --- a/docs/aws-docs/providers/aws/fsx/data_repository_associations/index.md +++ b/docs/aws-docs/providers/aws/fsx/data_repository_associations/index.md @@ -25,7 +25,7 @@ Creates, updates, deletes or gets a data_repository_association res - +
Namedata_repository_associations
TypeResource
DescriptionCreates an Amazon FSx for Lustre data repository association (DRA). A data repository association is a link between a directory on the file system and an Amazon S3 bucket or prefix. You can have a maximum of 8 data repository associations on a file system. Data repository associations are supported on all FSx for Lustre 2.12 and newer file systems, excluding scratch_1 deployment type.
Each data repository association must have a unique Amazon FSx file system directory and a unique S3 bucket or prefix associated with it. You can configure a data repository association for automatic import only, for automatic export only, or for both. To learn more about linking a data repository to your file system, see [Linking your file system to an S3 bucket](https://docs.aws.amazon.com/fsx/latest/LustreGuide/create-dra-linked-data-repo.html).
DescriptionCreates an Amazon FSx for Lustre data repository association (DRA). A data repository association is a link between a directory on the file system and an Amazon S3 bucket or prefix. You can have a maximum of 8 data repository associations on a file system. Data repository associations are supported on all FSx for Lustre 2.12 and newer file systems, excluding scratch_1 deployment type. Each data repository association must have a unique Amazon FSx file system directory and a unique S3 bucket or prefix associated with it. You can configure a data repository association for automatic import only, for automatic export only, or for both. To learn more about linking a data repository to your file system, see [Linking your file system to an S3 bucket](https://docs.aws.amazon.com/fsx/latest/LustreGuide/create-dra-linked-data-repo.html).
Id
@@ -33,12 +33,12 @@ Creates, updates, deletes or gets a data_repository_association res - + - + - +
NameDatatypeDescription
string
string
stringThe ID of the file system on which the data repository association is configured.
stringA path on the Amazon FSx for Lustre file system that points to a high-level directory (such as /ns1/) or subdirectory (such as /ns1/subdir/) that will be mapped 1-1 with DataRepositoryPath. The leading forward slash in the name is required. Two data repository associations cannot have overlapping file system paths. For example, if a data repository is associated with file system path /ns1/, then you cannot link another data repository with file system path /ns1/ns2.
This path specifies where in your file system files will be exported from or imported to. This file system directory can be linked to only one Amazon S3 bucket, and no other S3 bucket can be linked to the directory.
If you specify only a forward slash (/) as the file system path, you can link only one data repository to the file system. You can only specify "/" as the file system path for the first data repository associated with a file system.
stringA path on the Amazon FSx for Lustre file system that points to a high-level directory (such as /ns1/) or subdirectory (such as /ns1/subdir/) that will be mapped 1-1 with DataRepositoryPath. The leading forward slash in the name is required. Two data repository associations cannot have overlapping file system paths. For example, if a data repository is associated with file system path /ns1/, then you cannot link another data repository with file system path /ns1/ns2. This path specifies where in your file system files will be exported from or imported to. This file system directory can be linked to only one Amazon S3 bucket, and no other S3 bucket can be linked to the directory. If you specify only a forward slash (/) as the file system path, you can link only one data repository to the file system. You can only specify "/" as the file system path for the first data repository associated with a file system.
stringThe path to the Amazon S3 data repository that will be linked to the file system. The path can be an S3 bucket or prefix in the format s3://myBucket/myPrefix/. This path specifies where in the S3 data repository files will be imported from or exported to.
booleanA boolean flag indicating whether an import data repository task to import metadata should run after the data repository association is created. The task runs if this flag is set to true.
integerFor files imported from a data repository, this value determines the stripe count and maximum amount of data per file (in MiB) stored on a single physical disk. The maximum number of disks that a single file can be striped across is limited by the total number of disks that make up the file system or cache.
The default chunk size is 1,024 MiB (1 GiB) and can go as high as 512,000 MiB (500 GiB). Amazon S3 objects have a maximum size of 5 TB.
integerFor files imported from a data repository, this value determines the stripe count and maximum amount of data per file (in MiB) stored on a single physical disk. The maximum number of disks that a single file can be striped across is limited by the total number of disks that make up the file system or cache. The default chunk size is 1,024 MiB (1 GiB) and can go as high as 512,000 MiB (500 GiB). Amazon S3 objects have a maximum size of 5 TB.
objectThe configuration for an Amazon S3 data repository linked to an Amazon FSx Lustre file system with a data repository association. The configuration defines which file events (new, changed, or deleted files or directories) are automatically imported from the linked data repository to the file system or automatically exported from the file system to the data repository.
arrayAn array of key-value pairs to apply to this resource.
For more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html).
arrayAn array of key-value pairs to apply to this resource. For more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html).
stringAWS region.
diff --git a/docs/aws-docs/providers/aws/gamelift/fleets/index.md b/docs/aws-docs/providers/aws/gamelift/fleets/index.md index bc2e51d5e7..0e9868369d 100644 --- a/docs/aws-docs/providers/aws/gamelift/fleets/index.md +++ b/docs/aws-docs/providers/aws/gamelift/fleets/index.md @@ -55,8 +55,8 @@ Creates, updates, deletes or gets a fleet resource or lists f objectA policy that limits the number of game sessions an individual player can create over a span of time for this fleet. stringUnique fleet ID stringA unique identifier for a build to be deployed on the new fleet. If you are deploying the fleet with a custom game build, you must specify this property. The build must have been successfully uploaded to Amazon GameLift and be in a READY status. This fleet setting cannot be changed once the fleet is created. -stringA unique identifier for a Realtime script to be deployed on a new Realtime Servers fleet. The script must have been successfully uploaded to Amazon GameLift. This fleet setting cannot be changed once the fleet is created.

Note: It is not currently possible to use the !Ref command to reference a script created with a CloudFormation template for the fleet property ScriptId. Instead, use Fn::GetAtt Script.Arn or Fn::GetAtt Script.Id to retrieve either of these properties as input for ScriptId. Alternatively, enter a ScriptId string manually. -objectInstructions for launching server processes on each instance in the fleet. Server processes run either a custom game build executable or a Realtime script. The runtime configuration defines the server executables or launch script file, launch parameters, and the number of processes to run concurrently on each instance. When creating a fleet, the runtime configuration must have at least one server process configuration; otherwise the request fails with an invalid request exception.

This parameter is required unless the parameters ServerLaunchPath and ServerLaunchParameters are defined. Runtime configuration has replaced these parameters, but fleets that use them will continue to work. +stringA unique identifier for a Realtime script to be deployed on a new Realtime Servers fleet. The script must have been successfully uploaded to Amazon GameLift. This fleet setting cannot be changed once the fleet is created. Note: It is not currently possible to use the !Ref command to reference a script created with a CloudFormation template for the fleet property ScriptId. Instead, use Fn::GetAtt Script.Arn or Fn::GetAtt Script.Id to retrieve either of these properties as input for ScriptId. Alternatively, enter a ScriptId string manually. +objectInstructions for launching server processes on each instance in the fleet. Server processes run either a custom game build executable or a Realtime script. The runtime configuration defines the server executables or launch script file, launch parameters, and the number of processes to run concurrently on each instance. When creating a fleet, the runtime configuration must have at least one server process configuration; otherwise the request fails with an invalid request exception. This parameter is required unless the parameters ServerLaunchPath and ServerLaunchParameters are defined. Runtime configuration has replaced these parameters, but fleets that use them will continue to work. stringThis parameter is no longer used but is retained for backward compatibility. Instead, specify server launch parameters in the RuntimeConfiguration parameter. A request must specify either a runtime configuration or values for both ServerLaunchParameters and ServerLaunchPath. stringThis parameter is no longer used. Instead, specify a server launch path using the RuntimeConfiguration parameter. Requests that specify a server launch path and launch parameters instead of a runtime configuration will continue to work. stringAWS region. diff --git a/docs/aws-docs/providers/aws/iam/group_policies/index.md b/docs/aws-docs/providers/aws/iam/group_policies/index.md index 3977126613..67141e10a5 100644 --- a/docs/aws-docs/providers/aws/iam/group_policies/index.md +++ b/docs/aws-docs/providers/aws/iam/group_policies/index.md @@ -25,14 +25,14 @@ Creates, updates, deletes or gets a group_policy resource or lists - +
Namegroup_policies
TypeResource
DescriptionAdds or updates an inline policy document that is embedded in the specified IAM group.
A group can also have managed policies attached to it. To attach a managed policy to a group, use [AWS::IAM::Group](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-group.html). To create a new managed policy, use [AWS::IAM::ManagedPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html). For information about policies, see [Managed policies and inline policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *IAM User Guide*.
For information about the maximum number of inline policies that you can embed in a group, see [IAM and quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *IAM User Guide*.
DescriptionAdds or updates an inline policy document that is embedded in the specified IAM group. A group can also have managed policies attached to it. To attach a managed policy to a group, use [AWS::IAM::Group](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-group.html). To create a new managed policy, use [AWS::IAM::ManagedPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html). For information about policies, see [Managed policies and inline policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *IAM User Guide*. For information about the maximum number of inline policies that you can embed in a group, see [IAM and quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *IAM User Guide*.
Id
## Fields - - - +
NameDatatypeDescription
objectThe policy document.
You must provide policies in JSON format in IAM. However, for CFN templates formatted in YAML, you can provide the policy in JSON or YAML format. CFN always converts a YAML policy to JSON format before submitting it to IAM.
The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following:
+ Any printable ASCII character ranging from the space character (\u0020) through the end of the ASCII character range
+ The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)
+ The special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D)
stringThe name of the policy document.
This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
stringThe name of the group to associate the policy with.
This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-.
+ +
NameDatatypeDescription
objectThe policy document. You must provide policies in JSON format in IAM. However, for CFN templates formatted in YAML, you can provide the policy in JSON or YAML format. CFN always converts a YAML policy to JSON format before submitting it to IAM. The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following: + Any printable ASCII character ranging from the space character (\u0020) through the end of the ASCII character range + The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF) + The special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D)
stringThe name of the policy document. This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
stringThe name of the group to associate the policy with. This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-.
stringAWS region.
diff --git a/docs/aws-docs/providers/aws/iam/groups/index.md b/docs/aws-docs/providers/aws/iam/groups/index.md index 96fa01afc0..473b4e0ee6 100644 --- a/docs/aws-docs/providers/aws/iam/groups/index.md +++ b/docs/aws-docs/providers/aws/iam/groups/index.md @@ -25,16 +25,16 @@ Creates, updates, deletes or gets a group resource or lists g - +
Namegroups
TypeResource
DescriptionCreates a new group.
For information about the number of groups you can create, see [Limitations on Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *User Guide*.
DescriptionCreates a new group. For information about the number of groups you can create, see [Limitations on Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *User Guide*.
Id
## Fields - - - - + + + +
NameDatatypeDescription
string
stringThe name of the group to create. Do not include the path in this value.
The group name must be unique within the account. Group names are not distinguished by case. For example, you cannot create groups named both "ADMINS" and "admins". If you don't specify a name, CFN generates a unique physical ID and uses that ID for the group name.
If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.
If you specify a name, you must specify the CAPABILITY_NAMED_IAM value to acknowledge your template's capabilities. For more information, see [Acknowledging Resources in Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities).
Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using Fn::Join and AWS::Region to create a Region-specific name, as in the following example: {"Fn::Join": ["", [{"Ref": "AWS::Region"}, {"Ref": "MyResourceName"}]]}.
arrayThe Amazon Resource Name (ARN) of the IAM policy you want to attach.
For more information about ARNs, see [Amazon Resource Names (ARNs)](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *General Reference*.
stringThe path to the group. For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide*.
This parameter is optional. If it is not included, it defaults to a slash (/).
This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
arrayAdds or updates an inline policy document that is embedded in the specified IAM group. To view AWS::IAM::Group snippets, see [Declaring an Group Resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-iam.html#scenario-iam-group).
The name of each inline policy for a role, user, or group must be unique. If you don't choose unique names, updates to the IAM identity will fail.
For information about limits on the number of inline policies that you can embed in a group, see [Limitations on Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *User Guide*.
stringThe name of the group to create. Do not include the path in this value. The group name must be unique within the account. Group names are not distinguished by case. For example, you cannot create groups named both "ADMINS" and "admins". If you don't specify a name, CFN generates a unique physical ID and uses that ID for the group name. If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name. If you specify a name, you must specify the CAPABILITY_NAMED_IAM value to acknowledge your template's capabilities. For more information, see [Acknowledging Resources in Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities). Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using Fn::Join and AWS::Region to create a Region-specific name, as in the following example: {"Fn::Join": ["", [{"Ref": "AWS::Region"}, {"Ref": "MyResourceName"}]]}.
arrayThe Amazon Resource Name (ARN) of the IAM policy you want to attach. For more information about ARNs, see [Amazon Resource Names (ARNs)](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *General Reference*.
stringThe path to the group. For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide*. This parameter is optional. If it is not included, it defaults to a slash (/). This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
arrayAdds or updates an inline policy document that is embedded in the specified IAM group. To view AWS::IAM::Group snippets, see [Declaring an Group Resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-iam.html#scenario-iam-group). The name of each inline policy for a role, user, or group must be unique. If you don't choose unique names, updates to the IAM identity will fail. For information about limits on the number of inline policies that you can embed in a group, see [Limitations on Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *User Guide*.
stringAWS region.
diff --git a/docs/aws-docs/providers/aws/iam/instance_profiles/index.md b/docs/aws-docs/providers/aws/iam/instance_profiles/index.md index 6ad9582c59..53b90c7aa7 100644 --- a/docs/aws-docs/providers/aws/iam/instance_profiles/index.md +++ b/docs/aws-docs/providers/aws/iam/instance_profiles/index.md @@ -25,14 +25,14 @@ Creates, updates, deletes or gets an instance_profile resource or l - +
Nameinstance_profiles
TypeResource
DescriptionCreates a new instance profile. For information about instance profiles, see [Using instance profiles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html).
For information about the number of instance profiles you can create, see [object quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *User Guide*.
DescriptionCreates a new instance profile. For information about instance profiles, see [Using instance profiles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html). For information about the number of instance profiles you can create, see [object quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *User Guide*.
Id
## Fields - +
NameDatatypeDescription
stringThe path to the instance profile. For more information about paths, see [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide*.
This parameter is optional. If it is not included, it defaults to a slash (/).
This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
- +
NameDatatypeDescription
stringThe path to the instance profile. For more information about paths, see [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide*. This parameter is optional. If it is not included, it defaults to a slash (/). This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
arrayThe name of the role to associate with the instance profile. Only one role can be assigned to an EC2 instance at a time, and all applications on the instance share the same role and permissions.
stringThe name of the instance profile to create.
This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
stringThe name of the instance profile to create. This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
string
stringAWS region.
diff --git a/docs/aws-docs/providers/aws/iam/managed_policies/index.md b/docs/aws-docs/providers/aws/iam/managed_policies/index.md index cda5072115..532ed97d90 100644 --- a/docs/aws-docs/providers/aws/iam/managed_policies/index.md +++ b/docs/aws-docs/providers/aws/iam/managed_policies/index.md @@ -25,18 +25,18 @@ Creates, updates, deletes or gets a managed_policy resource or list - +
Namemanaged_policies
TypeResource
DescriptionCreates a new managed policy for your AWS-account.
This operation creates a policy version with a version identifier of v1 and sets v1 as the policy's default version. For more information about policy versions, see [Versioning for managed policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html) in the *IAM User Guide*.
As a best practice, you can validate your IAM policies. To learn more, see [Validating IAM policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_policy-validator.html) in the *IAM User Guide*.
For more information about managed policies in general, see [Managed policies and inline policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *IAM User Guide*.
DescriptionCreates a new managed policy for your AWS-account. This operation creates a policy version with a version identifier of v1 and sets v1 as the policy's default version. For more information about policy versions, see [Versioning for managed policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html) in the *IAM User Guide*. As a best practice, you can validate your IAM policies. To learn more, see [Validating IAM policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_policy-validator.html) in the *IAM User Guide*. For more information about managed policies in general, see [Managed policies and inline policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *IAM User Guide*.
Id
## Fields - - - - - - - +
NameDatatypeDescription
stringA friendly description of the policy.
Typically used to store information about the permissions defined in the policy. For example, "Grants access to production DynamoDB tables."
The policy description is immutable. After a value is assigned, it cannot be changed.
arrayThe name (friendly name, not ARN) of the group to attach the policy to.
This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
stringThe friendly name of the policy.
If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.
If you specify a name, you must specify the CAPABILITY_NAMED_IAM value to acknowledge your template's capabilities. For more information, see [Acknowledging Resources in Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities).
Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using Fn::Join and AWS::Region to create a Region-specific name, as in the following example: {"Fn::Join": ["", [{"Ref": "AWS::Region"}, {"Ref": "MyResourceName"}]]}.
stringThe path for the policy.
For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide*.
This parameter is optional. If it is not included, it defaults to a slash (/).
This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
You cannot use an asterisk (*) in the path name.
objectThe JSON policy document that you want to use as the content for the new policy.
You must provide policies in JSON format in IAM. However, for CFN templates formatted in YAML, you can provide the policy in JSON or YAML format. CFN always converts a YAML policy to JSON format before submitting it to IAM.
The maximum length of the policy document that you can pass in this operation, including whitespace, is listed below. To view the maximum character counts of a managed policy with no whitespaces, see [IAM and character quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length).
To learn more about JSON policy grammar, see [Grammar of the IAM JSON policy language](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_grammar.html) in the *IAM User Guide*.
The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following:
+ Any printable ASCII character ranging from the space character (\u0020) through the end of the ASCII character range
+ The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)
+ The special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D)
arrayThe name (friendly name, not ARN) of the role to attach the policy to.
This parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
If an external policy (such as AWS::IAM::Policy or AWS::IAM::ManagedPolicy) has a Ref to a role and if a resource (such as AWS::ECS::Service) also has a Ref to the same role, add a DependsOn attribute to the resource to make the resource depend on the external policy. This dependency ensures that the role's policy is available throughout the resource's lifecycle. For example, when you delete a stack with an AWS::ECS::Service resource, the DependsOn attribute ensures that CFN deletes the AWS::ECS::Service resource before deleting its role's policy.
arrayThe name (friendly name, not ARN) of the IAM user to attach the policy to.
This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
+ + + + + + diff --git a/docs/aws-docs/providers/aws/iam/role_policies/index.md b/docs/aws-docs/providers/aws/iam/role_policies/index.md index 7038c9964c..5d70ef4f96 100644 --- a/docs/aws-docs/providers/aws/iam/role_policies/index.md +++ b/docs/aws-docs/providers/aws/iam/role_policies/index.md @@ -25,14 +25,14 @@ Creates, updates, deletes or gets a role_policy resource or lists <
NameDatatypeDescription
stringA friendly description of the policy. Typically used to store information about the permissions defined in the policy. For example, "Grants access to production DynamoDB tables." The policy description is immutable. After a value is assigned, it cannot be changed.
arrayThe name (friendly name, not ARN) of the group to attach the policy to. This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
stringThe friendly name of the policy. If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name. If you specify a name, you must specify the CAPABILITY_NAMED_IAM value to acknowledge your template's capabilities. For more information, see [Acknowledging Resources in Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities). Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using Fn::Join and AWS::Region to create a Region-specific name, as in the following example: {"Fn::Join": ["", [{"Ref": "AWS::Region"}, {"Ref": "MyResourceName"}]]}.
stringThe path for the policy. For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide*. This parameter is optional. If it is not included, it defaults to a slash (/). This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters. You cannot use an asterisk (*) in the path name.
objectThe JSON policy document that you want to use as the content for the new policy. You must provide policies in JSON format in IAM. However, for CFN templates formatted in YAML, you can provide the policy in JSON or YAML format. CFN always converts a YAML policy to JSON format before submitting it to IAM. The maximum length of the policy document that you can pass in this operation, including whitespace, is listed below. To view the maximum character counts of a managed policy with no whitespaces, see [IAM and character quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length). To learn more about JSON policy grammar, see [Grammar of the IAM JSON policy language](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_grammar.html) in the *IAM User Guide*. The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following: + Any printable ASCII character ranging from the space character (\u0020) through the end of the ASCII character range + The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF) + The special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D)
arrayThe name (friendly name, not ARN) of the role to attach the policy to. This parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@- If an external policy (such as AWS::IAM::Policy or AWS::IAM::ManagedPolicy) has a Ref to a role and if a resource (such as AWS::ECS::Service) also has a Ref to the same role, add a DependsOn attribute to the resource to make the resource depend on the external policy. This dependency ensures that the role's policy is available throughout the resource's lifecycle. For example, when you delete a stack with an AWS::ECS::Service resource, the DependsOn attribute ensures that CFN deletes the AWS::ECS::Service resource before deleting its role's policy.
arrayThe name (friendly name, not ARN) of the IAM user to attach the policy to. This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
string
integer
string
- +
Namerole_policies
TypeResource
DescriptionAdds or updates an inline policy document that is embedded in the specified IAM role.
When you embed an inline policy in a role, the inline policy is used as part of the role's access (permissions) policy. The role's trust policy is created at the same time as the role, using [CreateRole](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html). You can update a role's trust policy using [UpdateAssumeRolePolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateAssumeRolePolicy.html). For information about roles, see [roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html) in the *IAM User Guide*.
A role can also have a managed policy attached to it. To attach a managed policy to a role, use [AWS::IAM::Role](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html). To create a new managed policy, use [AWS::IAM::ManagedPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html). For information about policies, see [Managed policies and inline policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *IAM User Guide*.
For information about the maximum number of inline policies that you can embed with a role, see [IAM and quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *IAM User Guide*.
DescriptionAdds or updates an inline policy document that is embedded in the specified IAM role. When you embed an inline policy in a role, the inline policy is used as part of the role's access (permissions) policy. The role's trust policy is created at the same time as the role, using [CreateRole](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html). You can update a role's trust policy using [UpdateAssumeRolePolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateAssumeRolePolicy.html). For information about roles, see [roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html) in the *IAM User Guide*. A role can also have a managed policy attached to it. To attach a managed policy to a role, use [AWS::IAM::Role](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html). To create a new managed policy, use [AWS::IAM::ManagedPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html). For information about policies, see [Managed policies and inline policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *IAM User Guide*. For information about the maximum number of inline policies that you can embed with a role, see [IAM and quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *IAM User Guide*.
Id
## Fields - - - +
NameDatatypeDescription
objectThe policy document.
You must provide policies in JSON format in IAM. However, for CFN templates formatted in YAML, you can provide the policy in JSON or YAML format. CFN always converts a YAML policy to JSON format before submitting it to IAM.
The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following:
+ Any printable ASCII character ranging from the space character (\u0020) through the end of the ASCII character range
+ The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)
+ The special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D)
stringThe name of the policy document.
This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
stringThe name of the role to associate the policy with.
This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
+ +
NameDatatypeDescription
objectThe policy document. You must provide policies in JSON format in IAM. However, for CFN templates formatted in YAML, you can provide the policy in JSON or YAML format. CFN always converts a YAML policy to JSON format before submitting it to IAM. The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following: + Any printable ASCII character ranging from the space character (\u0020) through the end of the ASCII character range + The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF) + The special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D)
stringThe name of the policy document. This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
stringThe name of the role to associate the policy with. This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
stringAWS region.
diff --git a/docs/aws-docs/providers/aws/iam/roles/index.md b/docs/aws-docs/providers/aws/iam/roles/index.md index 189ddad240..fdc8cf104e 100644 --- a/docs/aws-docs/providers/aws/iam/roles/index.md +++ b/docs/aws-docs/providers/aws/iam/roles/index.md @@ -25,7 +25,7 @@ Creates, updates, deletes or gets a role resource or lists ro - +
Nameroles
TypeResource
DescriptionCreates a new role for your AWS-account.
For more information about roles, see [IAM roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html) in the *IAM User Guide*. For information about quotas for role names and the number of roles you can create, see [IAM and quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *IAM User Guide*.
DescriptionCreates a new role for your AWS-account. For more information about roles, see [IAM roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html) in the *IAM User Guide*. For information about quotas for role names and the number of roles you can create, see [IAM and quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *IAM User Guide*.
Id
@@ -33,13 +33,13 @@ Creates, updates, deletes or gets a role resource or lists ro - - - - - + + + + + - +
NameDatatypeDescription
string
objectThe trust policy that is associated with this role. Trust policies define which entities can assume the role. You can associate only one trust policy with a role. For an example of a policy that can be used to assume a role, see [Template Examples](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#aws-resource-iam-role--examples). For more information about the elements that you can use in an IAM policy, see [Policy Elements Reference](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements.html) in the *User Guide*.
stringA description of the role that you provide.
arrayA list of Amazon Resource Names (ARNs) of the IAM managed policies that you want to attach to the role.
For more information about ARNs, see [Amazon Resource Names (ARNs) and Service Namespaces](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *General Reference*.
integerThe maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default value of one hour is applied. This setting can have a value from 1 hour to 12 hours.
Anyone who assumes the role from the CLI or API can use the DurationSeconds API parameter or the duration-seconds CLI parameter to request a longer session. The MaxSessionDuration setting determines the maximum duration that can be requested using the DurationSeconds parameter. If users don't specify a value for the DurationSeconds parameter, their security credentials are valid for one hour by default. This applies when you use the AssumeRole* API operations or the assume-role* CLI operations but does not apply when you use those operations to create a console URL. For more information, see [Using IAM roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html) in the *IAM User Guide*.
stringThe path to the role. For more information about paths, see [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide*.
This parameter is optional. If it is not included, it defaults to a slash (/).
This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
stringThe ARN of the policy used to set the permissions boundary for the role.
For more information about permissions boundaries, see [Permissions boundaries for IAM identities](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM User Guide*.
arrayAdds or updates an inline policy document that is embedded in the specified IAM role.
When you embed an inline policy in a role, the inline policy is used as part of the role's access (permissions) policy. The role's trust policy is created at the same time as the role. You can update a role's trust policy later. For more information about IAM roles, go to [Using Roles to Delegate Permissions and Federate Identities](https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html).
A role can also have an attached managed policy. For information about policies, see [Managed Policies and Inline Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *User Guide*.
For information about limits on the number of inline policies that you can embed with a role, see [Limitations on Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *User Guide*.
If an external policy (such as AWS::IAM::Policy or
arrayA list of Amazon Resource Names (ARNs) of the IAM managed policies that you want to attach to the role. For more information about ARNs, see [Amazon Resource Names (ARNs) and Service Namespaces](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *General Reference*.
integerThe maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default value of one hour is applied. This setting can have a value from 1 hour to 12 hours. Anyone who assumes the role from the CLI or API can use the DurationSeconds API parameter or the duration-seconds CLI parameter to request a longer session. The MaxSessionDuration setting determines the maximum duration that can be requested using the DurationSeconds parameter. If users don't specify a value for the DurationSeconds parameter, their security credentials are valid for one hour by default. This applies when you use the AssumeRole* API operations or the assume-role* CLI operations but does not apply when you use those operations to create a console URL. For more information, see [Using IAM roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html) in the *IAM User Guide*.
stringThe path to the role. For more information about paths, see [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide*. This parameter is optional. If it is not included, it defaults to a slash (/). This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
stringThe ARN of the policy used to set the permissions boundary for the role. For more information about permissions boundaries, see [Permissions boundaries for IAM identities](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM User Guide*.
arrayAdds or updates an inline policy document that is embedded in the specified IAM role. When you embed an inline policy in a role, the inline policy is used as part of the role's access (permissions) policy. The role's trust policy is created at the same time as the role. You can update a role's trust policy later. For more information about IAM roles, go to [Using Roles to Delegate Permissions and Federate Identities](https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html). A role can also have an attached managed policy. For information about policies, see [Managed Policies and Inline Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *User Guide*. For information about limits on the number of inline policies that you can embed with a role, see [Limitations on Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *User Guide*. If an external policy (such as AWS::IAM::Policy or
string
stringA name for the IAM role, up to 64 characters in length. For valid values, see the RoleName parameter for the [CreateRole](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html) action in the *User Guide*.
This parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-. The role name must be unique within the account. Role names are not distinguished by case. For example, you cannot create roles named both "Role1" and "role1".
If you don't specify a name, CFN generates a unique physical ID and uses that ID for the role name.
If you specify a name, you must specify the CAPABILITY_NAMED_IAM value to acknowledge your template's capabilities. For more information, see [Acknowledging Resources in Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/Use
stringA name for the IAM role, up to 64 characters in length. For valid values, see the RoleName parameter for the [CreateRole](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html) action in the *User Guide*. This parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-. The role name must be unique within the account. Role names are not distinguished by case. For example, you cannot create roles named both "Role1" and "role1". If you don't specify a name, CFN generates a unique physical ID and uses that ID for the role name. If you specify a name, you must specify the CAPABILITY_NAMED_IAM value to acknowledge your template's capabilities. For more information, see [Acknowledging Resources in Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/Use
arrayA list of tags that are attached to the role. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide*.
stringAWS region.
diff --git a/docs/aws-docs/providers/aws/iam/user_policies/index.md b/docs/aws-docs/providers/aws/iam/user_policies/index.md index 3cb0bdbc04..06bb954bdc 100644 --- a/docs/aws-docs/providers/aws/iam/user_policies/index.md +++ b/docs/aws-docs/providers/aws/iam/user_policies/index.md @@ -25,14 +25,14 @@ Creates, updates, deletes or gets an user_policy resource or lists - +
Nameuser_policies
TypeResource
DescriptionAdds or updates an inline policy document that is embedded in the specified IAM user.
An IAM user can also have a managed policy attached to it. To attach a managed policy to a user, use [AWS::IAM::User](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html). To create a new managed policy, use [AWS::IAM::ManagedPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html). For information about policies, see [Managed policies and inline policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *IAM User Guide*.
For information about the maximum number of inline policies that you can embed in a user, see [IAM and quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *IAM User Guide*.
DescriptionAdds or updates an inline policy document that is embedded in the specified IAM user. An IAM user can also have a managed policy attached to it. To attach a managed policy to a user, use [AWS::IAM::User](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html). To create a new managed policy, use [AWS::IAM::ManagedPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html). For information about policies, see [Managed policies and inline policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *IAM User Guide*. For information about the maximum number of inline policies that you can embed in a user, see [IAM and quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *IAM User Guide*.
Id
## Fields - - - +
NameDatatypeDescription
objectThe policy document.
You must provide policies in JSON format in IAM. However, for CFN templates formatted in YAML, you can provide the policy in JSON or YAML format. CFN always converts a YAML policy to JSON format before submitting it to IAM.
The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following:
+ Any printable ASCII character ranging from the space character (\u0020) through the end of the ASCII character range
+ The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)
+ The special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D)
stringThe name of the policy document.
This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
stringThe name of the user to associate the policy with.
This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
+ +
NameDatatypeDescription
objectThe policy document. You must provide policies in JSON format in IAM. However, for CFN templates formatted in YAML, you can provide the policy in JSON or YAML format. CFN always converts a YAML policy to JSON format before submitting it to IAM. The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following: + Any printable ASCII character ranging from the space character (\u0020) through the end of the ASCII character range + The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF) + The special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D)
stringThe name of the policy document. This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
stringThe name of the user to associate the policy with. This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
stringAWS region.
diff --git a/docs/aws-docs/providers/aws/iam/users/index.md b/docs/aws-docs/providers/aws/iam/users/index.md index 1a32fca533..8c953b2207 100644 --- a/docs/aws-docs/providers/aws/iam/users/index.md +++ b/docs/aws-docs/providers/aws/iam/users/index.md @@ -25,20 +25,20 @@ Creates, updates, deletes or gets a user resource or lists us - +
Nameusers
TypeResource
DescriptionCreates a new IAM user for your AWS-account.
For information about quotas for the number of IAM users you can create, see [IAM and quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *IAM User Guide*.
DescriptionCreates a new IAM user for your AWS-account. For information about quotas for the number of IAM users you can create, see [IAM and quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *IAM User Guide*.
Id
## Fields - - - - +
NameDatatypeDescription
stringThe path for the user name. For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide*.
This parameter is optional. If it is not included, it defaults to a slash (/).
This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
arrayA list of Amazon Resource Names (ARNs) of the IAM managed policies that you want to attach to the user.
For more information about ARNs, see [Amazon Resource Names (ARNs) and Service Namespaces](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *General Reference*.
arrayAdds or updates an inline policy document that is embedded in the specified IAM user. To view AWS::IAM::User snippets, see [Declaring an User Resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-iam.html#scenario-iam-user).
The name of each policy for a role, user, or group must be unique. If you don't choose unique names, updates to the IAM identity will fail.
For information about limits on the number of inline policies that you can embed in a user, see [Limitations on Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *User Guide*.
stringThe name of the user to create. Do not include the path in this value.
This parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-. The user name must be unique within the account. User names are not distinguished by case. For example, you cannot create users named both "John" and "john".
If you don't specify a name, CFN generates a unique physical ID and uses that ID for the user name.
If you specify a name, you must specify the CAPABILITY_NAMED_IAM value to acknowledge your template's capabilities. For more information, see [Acknowledging Resources in Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities).
Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using Fn::Join and AWS::Region to create a Region-specific name, as in the following example: {"Fn::Join": ["", [{"Ref": "AWS::Region"}, {"Ref": "MyResourceName"}]]}.
+ + + - - - + + +
NameDatatypeDescription
stringThe path for the user name. For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide*. This parameter is optional. If it is not included, it defaults to a slash (/). This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
arrayA list of Amazon Resource Names (ARNs) of the IAM managed policies that you want to attach to the user. For more information about ARNs, see [Amazon Resource Names (ARNs) and Service Namespaces](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *General Reference*.
arrayAdds or updates an inline policy document that is embedded in the specified IAM user. To view AWS::IAM::User snippets, see [Declaring an User Resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-iam.html#scenario-iam-user). The name of each policy for a role, user, or group must be unique. If you don't choose unique names, updates to the IAM identity will fail. For information about limits on the number of inline policies that you can embed in a user, see [Limitations on Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *User Guide*.
stringThe name of the user to create. Do not include the path in this value. This parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-. The user name must be unique within the account. User names are not distinguished by case. For example, you cannot create users named both "John" and "john". If you don't specify a name, CFN generates a unique physical ID and uses that ID for the user name. If you specify a name, you must specify the CAPABILITY_NAMED_IAM value to acknowledge your template's capabilities. For more information, see [Acknowledging Resources in Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities). Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using Fn::Join and AWS::Region to create a Region-specific name, as in the following example: {"Fn::Join": ["", [{"Ref": "AWS::Region"}, {"Ref": "MyResourceName"}]]}.
arrayA list of group names to which you want to add the user.
string
objectCreates a password for the specified IAM user. A password allows an IAM user to access AWS services through the console.
You can use the CLI, the AWS API, or the *Users* page in the IAM console to create a password for any IAM user. Use [ChangePassword](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ChangePassword.html) to update your own existing password in the *My Security Credentials* page in the console.
For more information about managing passwords, see [Managing passwords](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html) in the *User Guide*.
arrayA list of tags that you want to attach to the new user. Each tag consists of a key name and an associated value. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide*.
If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created.
stringThe ARN of the managed policy that is used to set the permissions boundary for the user.
A permissions boundary policy defines the maximum permissions that identity-based policies can grant to an entity, but does not grant permissions. Permissions boundaries do not define the maximum permissions that a resource-based policy can grant to an entity. To learn more, see [Permissions boundaries for IAM entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM User Guide*.
For more information about policy types, see [Policy types](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policy-types) in the *IAM User Guide*.
objectCreates a password for the specified IAM user. A password allows an IAM user to access AWS services through the console. You can use the CLI, the AWS API, or the *Users* page in the IAM console to create a password for any IAM user. Use [ChangePassword](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ChangePassword.html) to update your own existing password in the *My Security Credentials* page in the console. For more information about managing passwords, see [Managing passwords](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html) in the *User Guide*.
arrayA list of tags that you want to attach to the new user. Each tag consists of a key name and an associated value. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide*. If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created.
stringThe ARN of the managed policy that is used to set the permissions boundary for the user. A permissions boundary policy defines the maximum permissions that identity-based policies can grant to an entity, but does not grant permissions. Permissions boundaries do not define the maximum permissions that a resource-based policy can grant to an entity. To learn more, see [Permissions boundaries for IAM entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM User Guide*. For more information about policy types, see [Policy types](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policy-types) in the *IAM User Guide*.
stringAWS region.
diff --git a/docs/aws-docs/providers/aws/imagebuilder/container_recipes/index.md b/docs/aws-docs/providers/aws/imagebuilder/container_recipes/index.md index 43a5df5658..bdb85d6a8b 100644 --- a/docs/aws-docs/providers/aws/imagebuilder/container_recipes/index.md +++ b/docs/aws-docs/providers/aws/imagebuilder/container_recipes/index.md @@ -33,7 +33,7 @@ Creates, updates, deletes or gets a container_recipe resource or li - + diff --git a/docs/aws-docs/providers/aws/iotevents/alarm_models/index.md b/docs/aws-docs/providers/aws/iotevents/alarm_models/index.md index 8a4c3c8778..9ed6b4b9c9 100644 --- a/docs/aws-docs/providers/aws/iotevents/alarm_models/index.md +++ b/docs/aws-docs/providers/aws/iotevents/alarm_models/index.md @@ -25,7 +25,7 @@ Creates, updates, deletes or gets an alarm_model resource or lists
NameDatatypeDescription
stringThe Amazon Resource Name (ARN) of the container recipe.
stringThe name of the container recipe.
stringThe description of the container recipe.
stringThe semantic version of the container recipe (..).
stringThe semantic version of the container recipe (major.minor.patch).
arrayComponents for build and test that are included in the container recipe.
objectA group of options that can be used to configure an instance for building and testing container images.
stringDockerfiles are text documents that are used to build Docker containers, and ensure that they contain all of the elements required by the application running inside. The template data consists of contextual variables where Image Builder places build information or scripts, based on your container image recipe.
- +
Namealarm_models
TypeResource
DescriptionThe AWS::IoTEvents::AlarmModel resource creates a alarm model. AWS IoT Events alarms help you monitor your data for changes. The data can be metrics that you measure for your equipment and processes. You can create alarms that send notifications when a threshold is breached. Alarms help you detect issues, streamline maintenance, and optimize performance of your equipment and processes.

Alarms are instances of alarm models. The alarm model specifies what to detect, when to send notifications, who gets notified, and more. You can also specify one or more supported actions that occur when the alarm state changes. AWS IoT Events routes input attributes derived from your data to the appropriate alarms. If the data that you're monitoring is outside the specified range, the alarm is invoked. You can also acknowledge the alarms or set them to the snooze mode.
DescriptionThe AWS::IoTEvents::AlarmModel resource creates a alarm model. AWS IoT Events alarms help you monitor your data for changes. The data can be metrics that you measure for your equipment and processes. You can create alarms that send notifications when a threshold is breached. Alarms help you detect issues, streamline maintenance, and optimize performance of your equipment and processes. Alarms are instances of alarm models. The alarm model specifies what to detect, when to send notifications, who gets notified, and more. You can also specify one or more supported actions that occur when the alarm state changes. AWS IoT Events routes input attributes derived from your data to the appropriate alarms. If the data that you're monitoring is outside the specified range, the alarm is invoked. You can also acknowledge the alarms or set them to the snooze mode.
Id
@@ -33,12 +33,12 @@ Creates, updates, deletes or gets an alarm_model resource or lists - - + + - +
NameDatatypeDescription
stringThe name of the alarm model.
stringA brief description of the alarm model.
stringThe ARN of the role that grants permission to AWS IoT Events to perform its operations.
stringThe value used to identify a alarm instance. When a device or system sends input, a new alarm instance with a unique key value is created. AWS IoT Events can continue to route input to its corresponding alarm instance based on this identifying information.

This parameter uses a JSON-path expression to select the attribute-value pair in the message payload that is used for identification. To route the message to the correct alarm instance, the device must send a message payload that contains the same attribute-value.
integerA non-negative integer that reflects the severity level of the alarm.

stringThe value used to identify a alarm instance. When a device or system sends input, a new alarm instance with a unique key value is created. AWS IoT Events can continue to route input to its corresponding alarm instance based on this identifying information. This parameter uses a JSON-path expression to select the attribute-value pair in the message payload that is used for identification. To route the message to the correct alarm instance, the device must send a message payload that contains the same attribute-value.
integerA non-negative integer that reflects the severity level of the alarm.
Defines when your alarm is invoked.
Contains information about one or more alarm actions.
Contains the configuration information of alarm state changes
arrayAn array of key-value pairs to apply to this resource.

For more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html).
arrayAn array of key-value pairs to apply to this resource. For more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html).
stringAWS region.
diff --git a/docs/aws-docs/providers/aws/iotevents/detector_models/index.md b/docs/aws-docs/providers/aws/iotevents/detector_models/index.md index b6af450435..221c9e98fe 100644 --- a/docs/aws-docs/providers/aws/iotevents/detector_models/index.md +++ b/docs/aws-docs/providers/aws/iotevents/detector_models/index.md @@ -34,9 +34,9 @@ Creates, updates, deletes or gets a detector_model resource or list stringA brief description of the detector model. stringThe name of the detector model. stringInformation about the order in which events are evaluated and how actions are executed. -stringThe value used to identify a detector instance. When a device or system sends input, a new detector instance with a unique key value is created. AWS IoT Events can continue to route input to its corresponding detector instance based on this identifying information.

This parameter uses a JSON-path expression to select the attribute-value pair in the message payload that is used for identification. To route the message to the correct detector instance, the device must send a message payload that contains the same attribute-value. +stringThe value used to identify a detector instance. When a device or system sends input, a new detector instance with a unique key value is created. AWS IoT Events can continue to route input to its corresponding detector instance based on this identifying information. This parameter uses a JSON-path expression to select the attribute-value pair in the message payload that is used for identification. To route the message to the correct detector instance, the device must send a message payload that contains the same attribute-value. stringThe ARN of the role that grants permission to AWS IoT Events to perform its operations. -arrayAn array of key-value pairs to apply to this resource.

For more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html). +arrayAn array of key-value pairs to apply to this resource. For more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html). stringAWS region. diff --git a/docs/aws-docs/providers/aws/iotevents/inputs/index.md b/docs/aws-docs/providers/aws/iotevents/inputs/index.md index 849b286d05..627a95b313 100644 --- a/docs/aws-docs/providers/aws/iotevents/inputs/index.md +++ b/docs/aws-docs/providers/aws/iotevents/inputs/index.md @@ -33,7 +33,7 @@ Creates, updates, deletes or gets an input resource or lists - +
NameDatatypeDescription
The definition of the input.
stringA brief description of the input.
stringThe name of the input.
arrayAn array of key-value pairs to apply to this resource.

For more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html).
arrayAn array of key-value pairs to apply to this resource. For more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html).
stringAWS region.
diff --git a/docs/aws-docs/providers/aws/kms/aliases/index.md b/docs/aws-docs/providers/aws/kms/aliases/index.md index 36d3decfa6..ecc7bdee2b 100644 --- a/docs/aws-docs/providers/aws/kms/aliases/index.md +++ b/docs/aws-docs/providers/aws/kms/aliases/index.md @@ -25,13 +25,13 @@ Creates, updates, deletes or gets an alias resource or lists - +
Namealiases
TypeResource
DescriptionThe AWS::KMS::Alias resource specifies a display name for a [KMS key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#kms_keys). You can use an alias to identify a KMS key in the KMS console, in the [DescribeKey](https://docs.aws.amazon.com/kms/latest/APIReference/API_DescribeKey.html) operation, and in [cryptographic operations](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations), such as [Decrypt](https://docs.aws.amazon.com/kms/latest/APIReference/API_Decrypt.html) and [GenerateDataKey](https://docs.aws.amazon.com/kms/latest/APIReference/API_GenerateDataKey.html).
Adding, deleting, or updating an alias can allow or deny permission to the KMS key. For details, see [ABAC for](https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) in the *Developer Guide*.
Using an alias to refer to a KMS key can help you simplify key management. For example, an alias in your code can be associated with different KMS keys in different AWS-Regions. For more information, see [Using aliases](https://docs.aws.amazon.com/kms/latest/developerguide/kms-alias.html) in the *Developer Guide*.
When specifying an alias, observe the following rules.
+ Each alias is associated with one KMS key, but multiple aliases can be associated with the same KMS key.
+ The alias and its associated KMS key must be in the same AWS-account and Region.
+ The alias name must be unique in the AWS-account and Region. However, you can create aliases with the same name in different AWS-Regions. For example, you can have an alias/projectKey in multiple Regions, each of which is associated with a KMS key in its Region.
+ Each alias name must begin with alias/ followed by a name, such as alias/exampleKey. The alias name can contain only alphanumeric characters, forward slashes (/), underscores (_), and dashes (-). Alias names cannot begin with alias/aws/. That alias name prefix is reserved for [](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk).

*Regions*
KMS CloudFormation resources are available in all AWS-Regions in which KMS and CFN are supported.
DescriptionThe AWS::KMS::Alias resource specifies a display name for a [KMS key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#kms_keys). You can use an alias to identify a KMS key in the KMS console, in the [DescribeKey](https://docs.aws.amazon.com/kms/latest/APIReference/API_DescribeKey.html) operation, and in [cryptographic operations](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations), such as [Decrypt](https://docs.aws.amazon.com/kms/latest/APIReference/API_Decrypt.html) and [GenerateDataKey](https://docs.aws.amazon.com/kms/latest/APIReference/API_GenerateDataKey.html). Adding, deleting, or updating an alias can allow or deny permission to the KMS key. For details, see [ABAC for](https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) in the *Developer Guide*. Using an alias to refer to a KMS key can help you simplify key management. For example, an alias in your code can be associated with different KMS keys in different AWS-Regions. For more information, see [Using aliases](https://docs.aws.amazon.com/kms/latest/developerguide/kms-alias.html) in the *Developer Guide*. When specifying an alias, observe the following rules. + Each alias is associated with one KMS key, but multiple aliases can be associated with the same KMS key. + The alias and its associated KMS key must be in the same AWS-account and Region. + The alias name must be unique in the AWS-account and Region. However, you can create aliases with the same name in different AWS-Regions. For example, you can have an alias/projectKey in multiple Regions, each of which is associated with a KMS key in its Region. + Each alias name must begin with alias/ followed by a name, such as alias/exampleKey. The alias name can contain only alphanumeric characters, forward slashes (/), underscores (_), and dashes (-). Alias names cannot begin with alias/aws/. That alias name prefix is reserved for [](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk). *Regions* KMS CloudFormation resources are available in all AWS-Regions in which KMS and CFN are supported.
Id
## Fields - - +
NameDatatypeDescription
stringAssociates the alias with the specified [](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk). The KMS key must be in the same AWS-account and Region.
A valid key ID is required. If you supply a null or empty string value, this operation returns an error.
For help finding the key ID and ARN, see [Finding the key ID and ARN](https://docs.aws.amazon.com/kms/latest/developerguide/viewing-keys.html#find-cmk-id-arn) in the *Developer Guide*.
Specify the key ID or the key ARN of the KMS key.
For example:
+ Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
+ Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

To get the key ID and key ARN for a KMS key, use [ListKeys](https://docs.aws.amazon.com/kms/latest/APIReference/API_ListKeys.html) or [DescribeKey](https://docs.aws.amazon.com/kms/latest/APIReference/API_DescribeKey.html).
stringSpecifies the alias name. This value must begin with alias/ followed by a name, such as alias/ExampleAlias.
If you change the value of the AliasName property, the existing alias is deleted and a new alias is created for the specified KMS key. This change can disrupt applications that use the alias. It can also allow or deny access to a KMS key affected by attribute-based access control (ABAC).
The alias must be string of 1-256 characters. It can contain only alphanumeric characters, forward slashes (/), underscores (_), and dashes (-). The alias name cannot begin with alias/aws/. The alias/aws/ prefix is reserved for [](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk).
+
NameDatatypeDescription
stringAssociates the alias with the specified [](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk). The KMS key must be in the same AWS-account and Region. A valid key ID is required. If you supply a null or empty string value, this operation returns an error. For help finding the key ID and ARN, see [Finding the key ID and ARN](https://docs.aws.amazon.com/kms/latest/developerguide/viewing-keys.html#find-cmk-id-arn) in the *Developer Guide*. Specify the key ID or the key ARN of the KMS key. For example: + Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab + Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab To get the key ID and key ARN for a KMS key, use [ListKeys](https://docs.aws.amazon.com/kms/latest/APIReference/API_ListKeys.html) or [DescribeKey](https://docs.aws.amazon.com/kms/latest/APIReference/API_DescribeKey.html).
stringSpecifies the alias name. This value must begin with alias/ followed by a name, such as alias/ExampleAlias. If you change the value of the AliasName property, the existing alias is deleted and a new alias is created for the specified KMS key. This change can disrupt applications that use the alias. It can also allow or deny access to a KMS key affected by attribute-based access control (ABAC). The alias must be string of 1-256 characters. It can contain only alphanumeric characters, forward slashes (/), underscores (_), and dashes (-). The alias name cannot begin with alias/aws/. The alias/aws/ prefix is reserved for [](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk).
stringAWS region.
diff --git a/docs/aws-docs/providers/aws/kms/keys/index.md b/docs/aws-docs/providers/aws/kms/keys/index.md index cd8bee8a56..06ab8ce96b 100644 --- a/docs/aws-docs/providers/aws/kms/keys/index.md +++ b/docs/aws-docs/providers/aws/kms/keys/index.md @@ -25,25 +25,25 @@ Creates, updates, deletes or gets a key resource or lists key - +
Namekeys
TypeResource
DescriptionThe AWS::KMS::Key resource specifies an [KMS key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#kms_keys) in KMSlong. You can use this resource to create symmetric encryption KMS keys, asymmetric KMS keys for encryption or signing, and symmetric HMAC KMS keys. You can use AWS::KMS::Key to create [multi-Region primary keys](https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html#mrk-primary-key) of all supported types. To replicate a multi-Region key, use the AWS::KMS::ReplicaKey resource.
If you change the value of the KeySpec, KeyUsage, Origin, or MultiRegion properties of an existing KMS key, the update request fails, regardless of the value of the [UpdateReplacePolicy attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatereplacepolicy.html). This prevents you from accidentally deleting a KMS key by changing any of its immutable property values.
KMS replaced the term *customer master key (CMK)* with ** and *KMS key*. The concept has not changed. To prevent breaking changes, KMS is keeping some variations of this term.
You can use symmetric encryption KMS keys to encrypt and decrypt small amounts of data, but they are more commonly used to generate data keys and data key pairs. You can also use a symmetric encryption KMS key to encrypt data stored in AWS services that are [integrated with](https://docs.aws.amazon.com//kms/features/#AWS_Service_Integration). For more information, see [Symmetric encryption KMS keys](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#symmetric-cmks) in the *Developer Guide*.
You can use asymmetric KMS keys to encrypt and decrypt data or sign messages and verify signatures. To create an asymmetric key, you must specify an asymmetric KeySpec value and a KeyUsage value. For details, see [Asymmetric keys in](https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) in the *Developer Guide*.
You can use HMAC KMS keys (which are also symmetric keys) to generate and verify hash-based message authentication codes. To create an HMAC key, you must specify an HMAC KeySpec value and a KeyUsage value of GENERATE_VERIFY_MAC. For details, see [HMAC keys in](https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html) in the *Developer Guide*.
You can also create symmetric encryption, asymmetric, and HMAC multi-Region primary keys. To create a multi-Region primary key, set the MultiRegion property to true. For information about multi-Region keys, see [Multi-Region keys in](https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html) in the *Developer Guide*.
You cannot use the AWS::KMS::Key resource to specify a KMS key with [imported key material](https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) or a KMS key in a [custom key store](https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html).
*Regions*
KMS CloudFormation resources are available in all Regions in which KMS and CFN are supported. You can use the AWS::KMS::Key resource to create and manage all KMS key types that are supported in a Region.
DescriptionThe AWS::KMS::Key resource specifies an [KMS key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#kms_keys) in KMSlong. You can use this resource to create symmetric encryption KMS keys, asymmetric KMS keys for encryption or signing, and symmetric HMAC KMS keys. You can use AWS::KMS::Key to create [multi-Region primary keys](https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html#mrk-primary-key) of all supported types. To replicate a multi-Region key, use the AWS::KMS::ReplicaKey resource. If you change the value of the KeySpec, KeyUsage, Origin, or MultiRegion properties of an existing KMS key, the update request fails, regardless of the value of the [UpdateReplacePolicy attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatereplacepolicy.html). This prevents you from accidentally deleting a KMS key by changing any of its immutable property values. KMS replaced the term *customer master key (CMK)* with ** and *KMS key*. The concept has not changed. To prevent breaking changes, KMS is keeping some variations of this term. You can use symmetric encryption KMS keys to encrypt and decrypt small amounts of data, but they are more commonly used to generate data keys and data key pairs. You can also use a symmetric encryption KMS key to encrypt data stored in AWS services that are [integrated with](https://docs.aws.amazon.com//kms/features/#AWS_Service_Integration). For more information, see [Symmetric encryption KMS keys](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#symmetric-cmks) in the *Developer Guide*. You can use asymmetric KMS keys to encrypt and decrypt data or sign messages and verify signatures. To create an asymmetric key, you must specify an asymmetric KeySpec value and a KeyUsage value. For details, see [Asymmetric keys in](https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) in the *Developer Guide*. You can use HMAC KMS keys (which are also symmetric keys) to generate and verify hash-based message authentication codes. To create an HMAC key, you must specify an HMAC KeySpec value and a KeyUsage value of GENERATE_VERIFY_MAC. For details, see [HMAC keys in](https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html) in the *Developer Guide*. You can also create symmetric encryption, asymmetric, and HMAC multi-Region primary keys. To create a multi-Region primary key, set the MultiRegion property to true. For information about multi-Region keys, see [Multi-Region keys in](https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html) in the *Developer Guide*. You cannot use the AWS::KMS::Key resource to specify a KMS key with [imported key material](https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) or a KMS key in a [custom key store](https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). *Regions* KMS CloudFormation resources are available in all Regions in which KMS and CFN are supported. You can use the AWS::KMS::Key resource to create and manage all KMS key types that are supported in a Region.
Id
## Fields - - - - - - - - - + + + + + + + + + - - + +
NameDatatypeDescription
stringA description of the KMS key. Use a description that helps you to distinguish this KMS key from others in the account, such as its intended use.
booleanSpecifies whether the KMS key is enabled. Disabled KMS keys cannot be used in cryptographic operations.
When Enabled is true, the *key state* of the KMS key is Enabled. When Enabled is false, the key state of the KMS key is Disabled. The default value is true.
The actual key state of the KMS key might be affected by actions taken outside of CloudFormation, such as running the [EnableKey](https://docs.aws.amazon.com/kms/latest/APIReference/API_EnableKey.html), [DisableKey](https://docs.aws.amazon.com/kms/latest/APIReference/API_DisableKey.html), or [ScheduleKeyDeletion](https://docs.aws.amazon.com/kms/latest/APIReference/API_ScheduleKeyDeletion.html) operations.
For information about the key states of a KMS key, see [Key state: Effect on your KMS key](https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) in the *Developer Guide*.
booleanEnables automatic rotation of the key material for the specified KMS key. By default, automatic key rotation is not enabled.
KMS supports automatic rotation only for symmetric encryption KMS keys (KeySpec = SYMMETRIC_DEFAULT). For asymmetric KMS keys, HMAC KMS keys, and KMS keys with Origin EXTERNAL, omit the EnableKeyRotation property or set it to false.
To enable automatic key rotation of the key material for a multi-Region KMS key, set EnableKeyRotation to true on the primary key (created by using AWS::KMS::Key). KMS copies the rotation status to all replica keys. For details, see [Rotating multi-Region keys](https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate) in the *Developer Guide*.
When you enable automatic rotation, KMS automatically creates new key material for the KMS key one year after the enable date and every year thereafter. KMS retains all key material until you delete the KMS key. For detailed information about automatic key rotation, see [Rotating KMS keys](https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html) in the *Developer Guide*.
objectThe key policy to attach to the KMS key.
If you provide a key policy, it must meet the following criteria:
+ The key policy must allow the caller to make a subsequent [PutKeyPolicy](https://docs.aws.amazon.com/kms/latest/APIReference/API_PutKeyPolicy.html) request on the KMS key. This reduces the risk that the KMS key becomes unmanageable. For more information, see [Default key policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) in the *Developer Guide*. (To omit this condition, set BypassPolicyLockoutSafetyCheck to true.)
+ Each statement in the key policy must contain one or more principals. The principals in the key policy must exist and be visible to KMS. When you create a new AWS principal (for example, an IAM user or role), you might need to enforce a delay before including the new principal in a key policy because the new principal might not be immediately visible to KMS. For more information, see [Changes that I make are not always immediately visible](https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency) in the *User Guide*.

If you do not provide a key policy, KMS attaches a default key policy to the KMS key. For more information, see [Default key policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default) in the *Developer Guide*.
A key policy document can include only the following characters:
+ Printable ASCII characters
+ Printable characters in the Basic Latin and Latin-1 Supplement character set
+ The tab (\u0009), line feed (\u000A), and carriage return (\u000D) special characters

*Minimum*: 1
*Maximum*: 32768
stringDetermines the [cryptographic operations](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations) for which you can use the KMS key. The default value is ENCRYPT_DECRYPT. This property is required for asymmetric KMS keys and HMAC KMS keys. You can't change the KeyUsage value after the KMS key is created.
If you change the value of the KeyUsage property on an existing KMS key, the update request fails, regardless of the value of the [UpdateReplacePolicy attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatereplacepolicy.html). This prevents you from accidentally deleting a KMS key by changing an immutable property value.
Select only one valid value.
+ For symmetric encryption KMS keys, omit the property or specify ENCRYPT_DECRYPT.
+ For asymmetric KMS keys with RSA key material, specify ENCRYPT_DECRYPT or SIGN_VERIFY.
+ For asymmetric KMS keys with ECC key material, specify SIGN_VERIFY.
+ For asymmetric KMS keys with SM2 (China Regions only) key material, specify ENCRYPT_DECRYPT or SIGN_VERIFY.
+ For HMAC KMS keys, specify GENERATE_VERIFY_MAC.
stringThe source of the key material for the KMS key. You cannot change the origin after you create the KMS key. The default is AWS_KMS, which means that KMS creates the key material.
To [create a KMS key with no key material](https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys-create-cmk.html) (for imported key material), set this value to EXTERNAL. For more information about importing key material into KMS, see [Importing Key Material](https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) in the *Developer Guide*.
You can ignore ENABLED when Origin is EXTERNAL. When a KMS key with Origin EXTERNAL is created, the key state is PENDING_IMPORT and ENABLED is false. After you import the key material, ENABLED updated to true. The KMS key can then be used for Cryptographic Operations.
CFN doesn't support creating an Origin parameter of the AWS_CLOUDHSM or EXTERNAL_KEY_STORE values.
stringSpecifies the type of KMS key to create. The default value, SYMMETRIC_DEFAULT, creates a KMS key with a 256-bit symmetric key for encryption and decryption. In China Regions, SYMMETRIC_DEFAULT creates a 128-bit symmetric key that uses SM4 encryption. You can't change the KeySpec value after the KMS key is created. For help choosing a key spec for your KMS key, see [Choosing a KMS key type](https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-choose.html) in the *Developer Guide*.
The KeySpec property determines the type of key material in the KMS key and the algorithms that the KMS key supports. To further restrict the algorithms that can be used with the KMS key, use a condition key in its key policy or IAM policy. For more information, see [condition keys](https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms) in the *Developer Guide*.
If you change the value of the KeySpec property on an existing KMS key, the update request fails, regardless of the value of the [UpdateReplacePolicy attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatereplacepolicy.html). This prevents you from accidentally deleting a KMS key by changing an immutable property value.
[services that are integrated with](https://docs.aws.amazon.com/kms/features/#AWS_Service_Integration) use symmetric encryption KMS keys to protect your data. These services do not support encryption with asymmetric KMS keys. For help determining whether a KMS key is asymmetric, see [Identifying asymmetric KMS keys](https://docs.aws.amazon.com/kms/latest/developerguide/find-symm-asymm.html) in the *Developer Guide*.
KMS supports the following key specs for KMS keys:
+ Symmetric encryption key (default)
+ SYMMETRIC_DEFAULT (AES-256-GCM)

+ HMAC keys (symmetric)
+ HMAC_224
+ HMAC_256
+ HMAC_384
+ HMAC_512

+ Asymmetric RSA key pairs
+ RSA_2048
+ RSA_3072
+ RSA_4096

+ Asymmetric NIST-recommended elliptic curve key pairs
+ ECC_NIST_P256 (secp256r1)
+ ECC_NIST_P384 (secp384r1)
+ ECC_NIST_P521 (secp521r1)

+ Other asymmetric elliptic curve key pairs
+ ECC_SECG_P256K1 (secp256k1), commonly used for cryptocurrencies.

+ SM2 key pairs (China Regions only)
+ SM2
booleanCreates a multi-Region primary key that you can replicate in other AWS-Regions. You can't change the MultiRegion value after the KMS key is created.
For a list of AWS-Regions in which multi-Region keys are supported, see [Multi-Region keys in](https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html) in the **.
If you change the value of the MultiRegion property on an existing KMS key, the update request fails, regardless of the value of the [UpdateReplacePolicy attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatereplacepolicy.html). This prevents you from accidentally deleting a KMS key by changing an immutable property value.
For a multi-Region key, set to this property to true. For a single-Region key, omit this property or set it to false. The default value is false.
*Multi-Region keys* are an KMS feature that lets you create multiple interoperable KMS keys in different AWS-Regions. Because these KMS keys have the same key ID, key material, and other metadata, you can use them to encrypt data in one AWS-Region and decrypt it in a different AWS-Region without making a cross-Region call or exposing the plaintext data. For more information, see [Multi-Region keys](https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html) in the *Developer Guide*.
You can create a symmetric encryption, HMAC, or asymmetric multi-Region KMS key, and you can create a multi-Region key with imported key material. However, you cannot create a multi-Region key in a custom key store.
To create a replica of this primary key in a different AWS-Region , create an [AWS::KMS::ReplicaKey](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-kms-replicakey.html) resource in a CloudFormation stack in the replica Region. Specify the key ARN of this primary key.
integerSpecifies the number of days in the waiting period before KMS deletes a KMS key that has been removed from a CloudFormation stack. Enter a value between 7 and 30 days. The default value is 30 days.
When you remove a KMS key from a CloudFormation stack, KMS schedules the KMS key for deletion and starts the mandatory waiting period. The PendingWindowInDays property determines the length of waiting period. During the waiting period, the key state of KMS key is Pending Deletion or Pending Replica Deletion, which prevents the KMS key from being used in cryptographic operations. When the waiting period expires, KMS permanently deletes the KMS key.
KMS will not delete a [multi-Region primary key](https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html) that has replica keys. If you remove a multi-Region primary key from a CloudFormation stack, its key state changes to PendingReplicaDeletion so it cannot be replicated or used in cryptographic operations. This state can persist indefinitely. When the last of its replica keys is deleted, the key state of the primary key changes to PendingDeletion and the waiting period specified by PendingWindowInDays begins. When this waiting period expires, KMS deletes the primary key. For details, see [Deleting multi-Region keys](https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-delete.html) in the *Developer Guide*.
You cannot use a CloudFormation template to cancel deletion of the KMS key after you remove it from the stack, regardless of the waiting period. If you specify a KMS key in your template, even one with the same name, CloudFormation creates a new KMS key. To cancel deletion of a KMS key, use the KMS console or the [CancelKeyDeletion](https://docs.aws.amazon.com/kms/latest/APIReference/API_CancelKeyDeletion.html) operation.
For information about the Pending Deletion and Pending Replica Deletion key states, see [Key state: Effect on your KMS key](https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) in the *Developer Guide*. For more information about deleting KMS keys, see the [ScheduleKeyDeletion](https://docs.aws.amazon.com/kms/latest/APIReference/API_ScheduleKeyDeletion.html) operation in the *API Reference* and [Deleting KMS keys](https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html) in the *Developer Guide*.
arrayAssigns one or more tags to the replica key.
Tagging or untagging a KMS key can allow or deny permission to the KMS key. For details, see [ABAC for](https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) in the *Developer Guide*.
For information about tags in KMS, see [Tagging keys](https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html) in the *Developer Guide*. For information about tags in CloudFormation, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html).
booleanSpecifies whether the KMS key is enabled. Disabled KMS keys cannot be used in cryptographic operations. When Enabled is true, the *key state* of the KMS key is Enabled. When Enabled is false, the key state of the KMS key is Disabled. The default value is true. The actual key state of the KMS key might be affected by actions taken outside of CloudFormation, such as running the [EnableKey](https://docs.aws.amazon.com/kms/latest/APIReference/API_EnableKey.html), [DisableKey](https://docs.aws.amazon.com/kms/latest/APIReference/API_DisableKey.html), or [ScheduleKeyDeletion](https://docs.aws.amazon.com/kms/latest/APIReference/API_ScheduleKeyDeletion.html) operations. For information about the key states of a KMS key, see [Key state: Effect on your KMS key](https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) in the *Developer Guide*.
booleanEnables automatic rotation of the key material for the specified KMS key. By default, automatic key rotation is not enabled. KMS supports automatic rotation only for symmetric encryption KMS keys (KeySpec = SYMMETRIC_DEFAULT). For asymmetric KMS keys, HMAC KMS keys, and KMS keys with Origin EXTERNAL, omit the EnableKeyRotation property or set it to false. To enable automatic key rotation of the key material for a multi-Region KMS key, set EnableKeyRotation to true on the primary key (created by using AWS::KMS::Key). KMS copies the rotation status to all replica keys. For details, see [Rotating multi-Region keys](https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate) in the *Developer Guide*. When you enable automatic rotation, KMS automatically creates new key material for the KMS key one year after the enable date and every year thereafter. KMS retains all key material until you delete the KMS key. For detailed information about automatic key rotation, see [Rotating KMS keys](https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html) in the *Developer Guide*.
objectThe key policy to attach to the KMS key. If you provide a key policy, it must meet the following criteria: + The key policy must allow the caller to make a subsequent [PutKeyPolicy](https://docs.aws.amazon.com/kms/latest/APIReference/API_PutKeyPolicy.html) request on the KMS key. This reduces the risk that the KMS key becomes unmanageable. For more information, see [Default key policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) in the *Developer Guide*. (To omit this condition, set BypassPolicyLockoutSafetyCheck to true.) + Each statement in the key policy must contain one or more principals. The principals in the key policy must exist and be visible to KMS. When you create a new AWS principal (for example, an IAM user or role), you might need to enforce a delay before including the new principal in a key policy because the new principal might not be immediately visible to KMS. For more information, see [Changes that I make are not always immediately visible](https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency) in the *User Guide*. If you do not provide a key policy, KMS attaches a default key policy to the KMS key. For more information, see [Default key policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default) in the *Developer Guide*. A key policy document can include only the following characters: + Printable ASCII characters + Printable characters in the Basic Latin and Latin-1 Supplement character set + The tab (\u0009), line feed (\u000A), and carriage return (\u000D) special characters *Minimum*: 1 *Maximum*: 32768
stringDetermines the [cryptographic operations](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations) for which you can use the KMS key. The default value is ENCRYPT_DECRYPT. This property is required for asymmetric KMS keys and HMAC KMS keys. You can't change the KeyUsage value after the KMS key is created. If you change the value of the KeyUsage property on an existing KMS key, the update request fails, regardless of the value of the [UpdateReplacePolicy attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatereplacepolicy.html). This prevents you from accidentally deleting a KMS key by changing an immutable property value. Select only one valid value. + For symmetric encryption KMS keys, omit the property or specify ENCRYPT_DECRYPT. + For asymmetric KMS keys with RSA key material, specify ENCRYPT_DECRYPT or SIGN_VERIFY. + For asymmetric KMS keys with ECC key material, specify SIGN_VERIFY. + For asymmetric KMS keys with SM2 (China Regions only) key material, specify ENCRYPT_DECRYPT or SIGN_VERIFY. + For HMAC KMS keys, specify GENERATE_VERIFY_MAC.
stringThe source of the key material for the KMS key. You cannot change the origin after you create the KMS key. The default is AWS_KMS, which means that KMS creates the key material. To [create a KMS key with no key material](https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys-create-cmk.html) (for imported key material), set this value to EXTERNAL. For more information about importing key material into KMS, see [Importing Key Material](https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) in the *Developer Guide*. You can ignore ENABLED when Origin is EXTERNAL. When a KMS key with Origin EXTERNAL is created, the key state is PENDING_IMPORT and ENABLED is false. After you import the key material, ENABLED updated to true. The KMS key can then be used for Cryptographic Operations. CFN doesn't support creating an Origin parameter of the AWS_CLOUDHSM or EXTERNAL_KEY_STORE values.
stringSpecifies the type of KMS key to create. The default value, SYMMETRIC_DEFAULT, creates a KMS key with a 256-bit symmetric key for encryption and decryption. In China Regions, SYMMETRIC_DEFAULT creates a 128-bit symmetric key that uses SM4 encryption. You can't change the KeySpec value after the KMS key is created. For help choosing a key spec for your KMS key, see [Choosing a KMS key type](https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-choose.html) in the *Developer Guide*. The KeySpec property determines the type of key material in the KMS key and the algorithms that the KMS key supports. To further restrict the algorithms that can be used with the KMS key, use a condition key in its key policy or IAM policy. For more information, see [condition keys](https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms) in the *Developer Guide*. If you change the value of the KeySpec property on an existing KMS key, the update request fails, regardless of the value of the [UpdateReplacePolicy attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatereplacepolicy.html). This prevents you from accidentally deleting a KMS key by changing an immutable property value. [services that are integrated with](https://docs.aws.amazon.com/kms/features/#AWS_Service_Integration) use symmetric encryption KMS keys to protect your data. These services do not support encryption with asymmetric KMS keys. For help determining whether a KMS key is asymmetric, see [Identifying asymmetric KMS keys](https://docs.aws.amazon.com/kms/latest/developerguide/find-symm-asymm.html) in the *Developer Guide*. KMS supports the following key specs for KMS keys: + Symmetric encryption key (default) + SYMMETRIC_DEFAULT (AES-256-GCM) + HMAC keys (symmetric) + HMAC_224 + HMAC_256 + HMAC_384 + HMAC_512 + Asymmetric RSA key pairs + RSA_2048 + RSA_3072 + RSA_4096 + Asymmetric NIST-recommended elliptic curve key pairs + ECC_NIST_P256 (secp256r1) + ECC_NIST_P384 (secp384r1) + ECC_NIST_P521 (secp521r1) + Other asymmetric elliptic curve key pairs + ECC_SECG_P256K1 (secp256k1), commonly used for cryptocurrencies. + SM2 key pairs (China Regions only) + SM2
booleanCreates a multi-Region primary key that you can replicate in other AWS-Regions. You can't change the MultiRegion value after the KMS key is created. For a list of AWS-Regions in which multi-Region keys are supported, see [Multi-Region keys in](https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html) in the **. If you change the value of the MultiRegion property on an existing KMS key, the update request fails, regardless of the value of the [UpdateReplacePolicy attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatereplacepolicy.html). This prevents you from accidentally deleting a KMS key by changing an immutable property value. For a multi-Region key, set to this property to true. For a single-Region key, omit this property or set it to false. The default value is false. *Multi-Region keys* are an KMS feature that lets you create multiple interoperable KMS keys in different AWS-Regions. Because these KMS keys have the same key ID, key material, and other metadata, you can use them to encrypt data in one AWS-Region and decrypt it in a different AWS-Region without making a cross-Region call or exposing the plaintext data. For more information, see [Multi-Region keys](https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html) in the *Developer Guide*. You can create a symmetric encryption, HMAC, or asymmetric multi-Region KMS key, and you can create a multi-Region key with imported key material. However, you cannot create a multi-Region key in a custom key store. To create a replica of this primary key in a different AWS-Region , create an [AWS::KMS::ReplicaKey](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-kms-replicakey.html) resource in a CloudFormation stack in the replica Region. Specify the key ARN of this primary key.
integerSpecifies the number of days in the waiting period before KMS deletes a KMS key that has been removed from a CloudFormation stack. Enter a value between 7 and 30 days. The default value is 30 days. When you remove a KMS key from a CloudFormation stack, KMS schedules the KMS key for deletion and starts the mandatory waiting period. The PendingWindowInDays property determines the length of waiting period. During the waiting period, the key state of KMS key is Pending Deletion or Pending Replica Deletion, which prevents the KMS key from being used in cryptographic operations. When the waiting period expires, KMS permanently deletes the KMS key. KMS will not delete a [multi-Region primary key](https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html) that has replica keys. If you remove a multi-Region primary key from a CloudFormation stack, its key state changes to PendingReplicaDeletion so it cannot be replicated or used in cryptographic operations. This state can persist indefinitely. When the last of its replica keys is deleted, the key state of the primary key changes to PendingDeletion and the waiting period specified by PendingWindowInDays begins. When this waiting period expires, KMS deletes the primary key. For details, see [Deleting multi-Region keys](https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-delete.html) in the *Developer Guide*. You cannot use a CloudFormation template to cancel deletion of the KMS key after you remove it from the stack, regardless of the waiting period. If you specify a KMS key in your template, even one with the same name, CloudFormation creates a new KMS key. To cancel deletion of a KMS key, use the KMS console or the [CancelKeyDeletion](https://docs.aws.amazon.com/kms/latest/APIReference/API_CancelKeyDeletion.html) operation. For information about the Pending Deletion and Pending Replica Deletion key states, see [Key state: Effect on your KMS key](https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) in the *Developer Guide*. For more information about deleting KMS keys, see the [ScheduleKeyDeletion](https://docs.aws.amazon.com/kms/latest/APIReference/API_ScheduleKeyDeletion.html) operation in the *API Reference* and [Deleting KMS keys](https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html) in the *Developer Guide*.
arrayAssigns one or more tags to the replica key. Tagging or untagging a KMS key can allow or deny permission to the KMS key. For details, see [ABAC for](https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) in the *Developer Guide*. For information about tags in KMS, see [Tagging keys](https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html) in the *Developer Guide*. For information about tags in CloudFormation, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html).
string
string
booleanSkips ("bypasses") the key policy lockout safety check. The default value is false.
Setting this value to true increases the risk that the KMS key becomes unmanageable. Do not set this value to true indiscriminately.
For more information, see [Default key policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-default.html#prevent-unmanageable-key) in the *Developer Guide*.
Use this parameter only when you intend to prevent the principal that is making the request from making a subsequent [PutKeyPolicy](https://docs.aws.amazon.com/kms/latest/APIReference/API_PutKeyPolicy.html) request on the KMS key.
integerSpecifies a custom period of time between each rotation date. If no value is specified, the default value is 365 days.
The rotation period defines the number of days after you enable automatic key rotation that KMS will rotate your key material, and the number of days between each automatic rotation thereafter.
You can use the [kms:RotationPeriodInDays](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-rotation-period-in-days) condition key to further constrain the values that principals can specify in the RotationPeriodInDays parameter.
For more information about rotating KMS keys and automatic rotation, see [Rotating keys](https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html) in the *Developer Guide*.
booleanSkips ("bypasses") the key policy lockout safety check. The default value is false. Setting this value to true increases the risk that the KMS key becomes unmanageable. Do not set this value to true indiscriminately. For more information, see [Default key policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-default.html#prevent-unmanageable-key) in the *Developer Guide*. Use this parameter only when you intend to prevent the principal that is making the request from making a subsequent [PutKeyPolicy](https://docs.aws.amazon.com/kms/latest/APIReference/API_PutKeyPolicy.html) request on the KMS key.
integerSpecifies a custom period of time between each rotation date. If no value is specified, the default value is 365 days. The rotation period defines the number of days after you enable automatic key rotation that KMS will rotate your key material, and the number of days between each automatic rotation thereafter. You can use the [kms:RotationPeriodInDays](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-rotation-period-in-days) condition key to further constrain the values that principals can specify in the RotationPeriodInDays parameter. For more information about rotating KMS keys and automatic rotation, see [Rotating keys](https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html) in the *Developer Guide*.
stringAWS region.
diff --git a/docs/aws-docs/providers/aws/lambda/event_source_mappings/index.md b/docs/aws-docs/providers/aws/lambda/event_source_mappings/index.md index 677f1db128..5bd9837275 100644 --- a/docs/aws-docs/providers/aws/lambda/event_source_mappings/index.md +++ b/docs/aws-docs/providers/aws/lambda/event_source_mappings/index.md @@ -25,35 +25,35 @@ Creates, updates, deletes or gets an event_source_mapping resource - +
Nameevent_source_mappings
TypeResource
DescriptionThe AWS::Lambda::EventSourceMapping resource creates a mapping between an event source and an LAMlong function. LAM reads items from the event source and triggers the function.
For details about each event source type, see the following topics. In particular, each of the topics describes the required and optional parameters for the specific event source.
+ [Configuring a Dynamo DB stream as an event source](https://docs.aws.amazon.com/lambda/latest/dg/with-ddb.html#services-dynamodb-eventsourcemapping)
+ [Configuring a Kinesis stream as an event source](https://docs.aws.amazon.com/lambda/latest/dg/with-kinesis.html#services-kinesis-eventsourcemapping)
+ [Configuring an SQS queue as an event source](https://docs.aws.amazon.com/lambda/latest/dg/with-sqs.html#events-sqs-eventsource)
+ [Configuring an MQ broker as an event source](https://docs.aws.amazon.com/lambda/latest/dg/with-mq.html#services-mq-eventsourcemapping)
+ [Configuring MSK as an event source](https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html)
+ [Configuring Self-Managed Apache Kafka as an event source](https://docs.aws.amazon.com/lambda/latest/dg/kafka-smaa.html)
+ [Configuring Amazon DocumentDB as an event source](https://docs.aws.amazon.com/lambda/latest/dg/with-documentdb.html)
DescriptionThe AWS::Lambda::EventSourceMapping resource creates a mapping between an event source and an LAMlong function. LAM reads items from the event source and triggers the function. For details about each event source type, see the following topics. In particular, each of the topics describes the required and optional parameters for the specific event source. + [Configuring a Dynamo DB stream as an event source](https://docs.aws.amazon.com/lambda/latest/dg/with-ddb.html#services-dynamodb-eventsourcemapping) + [Configuring a Kinesis stream as an event source](https://docs.aws.amazon.com/lambda/latest/dg/with-kinesis.html#services-kinesis-eventsourcemapping) + [Configuring an SQS queue as an event source](https://docs.aws.amazon.com/lambda/latest/dg/with-sqs.html#events-sqs-eventsource) + [Configuring an MQ broker as an event source](https://docs.aws.amazon.com/lambda/latest/dg/with-mq.html#services-mq-eventsourcemapping) + [Configuring MSK as an event source](https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html) + [Configuring Self-Managed Apache Kafka as an event source](https://docs.aws.amazon.com/lambda/latest/dg/kafka-smaa.html) + [Configuring Amazon DocumentDB as an event source](https://docs.aws.amazon.com/lambda/latest/dg/with-documentdb.html)
Id
## Fields - +
NameDatatypeDescription
stringThe position in a stream from which to start reading. Required for Amazon Kinesis and Amazon DynamoDB.
+ *LATEST* - Read only new records.
+ *TRIM_HORIZON* - Process all available records.
+ *AT_TIMESTAMP* - Specify a time from which to start reading records.
- + - - + + - - + + - + - +
NameDatatypeDescription
stringThe position in a stream from which to start reading. Required for Amazon Kinesis and Amazon DynamoDB. + *LATEST* - Read only new records. + *TRIM_HORIZON* - Process all available records. + *AT_TIMESTAMP* - Specify a time from which to start reading records.
objectThe self-managed Apache Kafka cluster for your event source.
integer(Kinesis and DynamoDB Streams only) The number of batches to process concurrently from each shard. The default value is 1.
objectAn object that defines the filter criteria that determine whether Lambda should process an event. For more information, see [Lambda event filtering](https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html).
stringThe name or ARN of the Lambda function.
**Name formats**
+ *Function name* – MyFunction.
+ *Function ARN* – arn:aws:lambda:us-west-2:123456789012:function:MyFunction.
+ *Version or Alias ARN* – arn:aws:lambda:us-west-2:123456789012:function:MyFunction:PROD.
+ *Partial ARN* – 123456789012:function:MyFunction.

The length constraint applies only to the full ARN. If you specify only the function name, it's limited to 64 characters in length.
stringThe name or ARN of the Lambda function. **Name formats** + *Function name* – MyFunction. + *Function ARN* – arn:aws:lambda:us-west-2:123456789012:function:MyFunction. + *Version or Alias ARN* – arn:aws:lambda:us-west-2:123456789012:function:MyFunction:PROD. + *Partial ARN* – 123456789012:function:MyFunction. The length constraint applies only to the full ARN. If you specify only the function name, it's limited to 64 characters in length.
object(Kinesis, DynamoDB Streams, Amazon MSK, and self-managed Apache Kafka event sources only) A configuration object that specifies the destination of an event after Lambda processes it.
objectSpecific configuration settings for an Amazon Managed Streaming for Apache Kafka (Amazon MSK) event source.
arrayAn array of the authentication protocol, VPC components, or virtual host to secure and define your event source.
integerThe maximum amount of time, in seconds, that Lambda spends gathering records before invoking the function.
*Default (, , event sources)*: 0
*Default (, Kafka, , event sources)*: 500 ms
*Related setting:* For SQS event sources, when you set BatchSize to a value greater than 10, you must set MaximumBatchingWindowInSeconds to at least 1.
integerThe maximum number of records in each batch that Lambda pulls from your stream or queue and sends to your function. Lambda passes all of the records in the batch to the function in a single call, up to the payload limit for synchronous invocation (6 MB).
+ *Amazon Kinesis* – Default 100. Max 10,000.
+ *Amazon DynamoDB Streams* – Default 100. Max 10,000.
+ *Amazon Simple Queue Service* – Default 10. For standard queues the max is 10,000. For FIFO queues the max is 10.
+ *Amazon Managed Streaming for Apache Kafka* – Default 100. Max 10,000.
+ *Self-managed Apache Kafka* – Default 100. Max 10,000.
+ *Amazon MQ (ActiveMQ and RabbitMQ)* – Default 100. Max 10,000.
+ *DocumentDB* – Default 100. Max 10,000.
integerThe maximum amount of time, in seconds, that Lambda spends gathering records before invoking the function. *Default (, , event sources)*: 0 *Default (, Kafka, , event sources)*: 500 ms *Related setting:* For SQS event sources, when you set BatchSize to a value greater than 10, you must set MaximumBatchingWindowInSeconds to at least 1.
integerThe maximum number of records in each batch that Lambda pulls from your stream or queue and sends to your function. Lambda passes all of the records in the batch to the function in a single call, up to the payload limit for synchronous invocation (6 MB). + *Amazon Kinesis* – Default 100. Max 10,000. + *Amazon DynamoDB Streams* – Default 100. Max 10,000. + *Amazon Simple Queue Service* – Default 10. For standard queues the max is 10,000. For FIFO queues the max is 10. + *Amazon Managed Streaming for Apache Kafka* – Default 100. Max 10,000. + *Self-managed Apache Kafka* – Default 100. Max 10,000. + *Amazon MQ (ActiveMQ and RabbitMQ)* – Default 100. Max 10,000. + *DocumentDB* – Default 100. Max 10,000.
integer(Kinesis and DynamoDB Streams only) Discard records after the specified number of retries. The default value is -1, which sets the maximum number of retries to infinite. When MaximumRetryAttempts is infinite, Lambda retries failed records until the record expires in the event source.
arrayThe name of the Kafka topic.
object(Amazon SQS only) The scaling configuration for the event source. For more information, see [Configuring maximum concurrency for Amazon SQS event sources](https://docs.aws.amazon.com/lambda/latest/dg/with-sqs.html#events-sqs-max-concurrency).
booleanWhen true, the event source mapping is active. When false, Lambda pauses polling and invocation.
Default: True
stringThe Amazon Resource Name (ARN) of the event source.
+ *Amazon Kinesis* – The ARN of the data stream or a stream consumer.
+ *Amazon DynamoDB Streams* – The ARN of the stream.
+ *Amazon Simple Queue Service* – The ARN of the queue.
+ *Amazon Managed Streaming for Apache Kafka* – The ARN of the cluster or the ARN of the VPC connection (for [cross-account event source mappings](https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html#msk-multi-vpc)).
+ *Amazon MQ* – The ARN of the broker.
+ *Amazon DocumentDB* – The ARN of the DocumentDB change stream.
booleanWhen true, the event source mapping is active. When false, Lambda pauses polling and invocation. Default: True
stringThe Amazon Resource Name (ARN) of the event source. + *Amazon Kinesis* – The ARN of the data stream or a stream consumer. + *Amazon DynamoDB Streams* – The ARN of the stream. + *Amazon Simple Queue Service* – The ARN of the queue. + *Amazon Managed Streaming for Apache Kafka* – The ARN of the cluster or the ARN of the VPC connection (for [cross-account event source mappings](https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html#msk-multi-vpc)). + *Amazon MQ* – The ARN of the broker. + *Amazon DocumentDB* – The ARN of the DocumentDB change stream.
objectSpecific configuration settings for a self-managed Apache Kafka event source.
objectSpecific configuration settings for a DocumentDB event source.
integer(Kinesis and DynamoDB Streams only) The duration in seconds of a processing window for DynamoDB and Kinesis Streams event sources. A value of 0 seconds indicates no tumbling window.
boolean(Kinesis and DynamoDB Streams only) If the function returns an error, split the batch in two and retry. The default value is false.
integer(Kinesis and DynamoDB Streams only) Discard records older than the specified age. The default value is -1, which sets the maximum age to infinite. When the value is set to infinite, Lambda never discards old records.
The minimum valid value for maximum record age is 60s. Although values less than 60 and greater than -1 fall within the parameter's absolute range, they are not allowed
integer(Kinesis and DynamoDB Streams only) Discard records older than the specified age. The default value is -1, which sets the maximum age to infinite. When the value is set to infinite, Lambda never discards old records. The minimum valid value for maximum record age is 60s. Although values less than 60 and greater than -1 fall within the parameter's absolute range, they are not allowed
numberWith StartingPosition set to AT_TIMESTAMP, the time from which to start reading, in Unix time seconds. StartingPositionTimestamp cannot be in the future.
array(Amazon MQ) The name of the Amazon MQ broker destination queue to consume.
string
array(Streams and SQS) A list of current response type enums applied to the event source mapping.
Valid Values: ReportBatchItemFailures
array(Streams and SQS) A list of current response type enums applied to the event source mapping. Valid Values: ReportBatchItemFailures
stringAWS region.
diff --git a/docs/aws-docs/providers/aws/lambda/functions/index.md b/docs/aws-docs/providers/aws/lambda/functions/index.md index 1a39127c32..08970d72ab 100644 --- a/docs/aws-docs/providers/aws/lambda/functions/index.md +++ b/docs/aws-docs/providers/aws/lambda/functions/index.md @@ -25,7 +25,7 @@ Creates, updates, deletes or gets a function resource or lists Namefunctions TypeResource -DescriptionThe AWS::Lambda::Function resource creates a Lambda function. To create a function, you need a [deployment package](https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-package.html) and an [execution role](https://docs.aws.amazon.com/lambda/latest/dg/lambda-intro-execution-role.html). The deployment package is a .zip file archive or container image that contains your function code. The execution role grants the function permission to use AWS services, such as Amazon CloudWatch Logs for log streaming and AWS X-Ray for request tracing.
You set the package type to Image if the deployment package is a [container image](https://docs.aws.amazon.com/lambda/latest/dg/lambda-images.html). For a container image, the code property must include the URI of a container image in the Amazon ECR registry. You do not need to specify the handler and runtime properties.
You set the package type to Zip if the deployment package is a [.zip file archive](https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-package.html#gettingstarted-package-zip). For a .zip file archive, the code property specifies the location of the .zip file. You must also specify the handler and runtime properties. For a Python example, see [Deploy Python Lambda functions with .zip file archives](https://docs.aws.amazon.com/lambda/latest/dg/python-package.html).
You can use [code signing](https://docs.aws.amazon.com/lambda/latest/dg/configuration-codesigning.html) if your deployment package is a .zip file archive. To enable code signing for this function, specify the ARN of a code-signing configuration. When a user attempts to deploy a code package with UpdateFunctionCode, Lambda checks that the code package has a valid signature from a trusted publisher. The code-signing configuration includes a set of signing profiles, which define the trusted publishers for this function.
Note that you configure [provisioned concurrency](https://docs.aws.amazon.com/lambda/latest/dg/provisioned-concurrency.html) on a AWS::Lambda::Version or a AWS::Lambda::Alias.
For a complete introduction to Lambda functions, see [What is Lambda?](https://docs.aws.amazon.com/lambda/latest/dg/lambda-welcome.html) in the *Lambda developer guide.* +DescriptionThe AWS::Lambda::Function resource creates a Lambda function. To create a function, you need a [deployment package](https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-package.html) and an [execution role](https://docs.aws.amazon.com/lambda/latest/dg/lambda-intro-execution-role.html). The deployment package is a .zip file archive or container image that contains your function code. The execution role grants the function permission to use AWS services, such as Amazon CloudWatch Logs for log streaming and AWS X-Ray for request tracing. You set the package type to Image if the deployment package is a [container image](https://docs.aws.amazon.com/lambda/latest/dg/lambda-images.html). For a container image, the code property must include the URI of a container image in the Amazon ECR registry. You do not need to specify the handler and runtime properties. You set the package type to Zip if the deployment package is a [.zip file archive](https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-package.html#gettingstarted-package-zip). For a .zip file archive, the code property specifies the location of the .zip file. You must also specify the handler and runtime properties. For a Python example, see [Deploy Python Lambda functions with .zip file archives](https://docs.aws.amazon.com/lambda/latest/dg/python-package.html). You can use [code signing](https://docs.aws.amazon.com/lambda/latest/dg/configuration-codesigning.html) if your deployment package is a .zip file archive. To enable code signing for this function, specify the ARN of a code-signing configuration. When a user attempts to deploy a code package with UpdateFunctionCode, Lambda checks that the code package has a valid signature from a trusted publisher. The code-signing configuration includes a set of signing profiles, which define the trusted publishers for this function. Note that you configure [provisioned concurrency](https://docs.aws.amazon.com/lambda/latest/dg/provisioned-concurrency.html) on a AWS::Lambda::Version or a AWS::Lambda::Alias. For a complete introduction to Lambda functions, see [What is Lambda?](https://docs.aws.amazon.com/lambda/latest/dg/lambda-welcome.html) in the *Lambda developer guide.* Id @@ -36,9 +36,9 @@ Creates, updates, deletes or gets a function resource or lists objectSets the runtime management configuration for a function's version. For more information, see [Runtime updates](https://docs.aws.amazon.com/lambda/latest/dg/runtimes-update.html). integerThe number of simultaneous executions to reserve for the function. objectThe function's [SnapStart](https://docs.aws.amazon.com/lambda/latest/dg/snapstart.html) setting. -arrayConnection settings for an Amazon EFS file system. To connect a function to a file system, a mount target must be available in every Availability Zone that your function connects to. If your template contains an [AWS::EFS::MountTarget](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-efs-mounttarget.html) resource, you must also specify a DependsOn attribute to ensure that the mount target is created or updated before the function.
For more information about using the DependsOn attribute, see [DependsOn Attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-dependson.html). -stringThe name of the Lambda function, up to 64 characters in length. If you don't specify a name, CFN generates one.
If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name. -stringThe identifier of the function's [runtime](https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html). Runtime is required if the deployment package is a .zip file archive.
The following list includes deprecated runtimes. For more information, see [Runtime deprecation policy](https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html#runtime-support-policy). +arrayConnection settings for an Amazon EFS file system. To connect a function to a file system, a mount target must be available in every Availability Zone that your function connects to. If your template contains an [AWS::EFS::MountTarget](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-efs-mounttarget.html) resource, you must also specify a DependsOn attribute to ensure that the mount target is created or updated before the function. For more information about using the DependsOn attribute, see [DependsOn Attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-dependson.html). +stringThe name of the Lambda function, up to 64 characters in length. If you don't specify a name, CFN generates one. If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name. +stringThe identifier of the function's [runtime](https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html). Runtime is required if the deployment package is a .zip file archive. The following list includes deprecated runtimes. For more information, see [Runtime deprecation policy](https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html#runtime-support-policy). stringThe ARN of the KMSlong (KMS) customer managed key that's used to encrypt your function's [environment variables](https://docs.aws.amazon.com/lambda/latest/dg/configuration-envvars.html#configuration-envvars-encryption). When [Lambda SnapStart](https://docs.aws.amazon.com/lambda/latest/dg/snapstart-security.html) is activated, Lambda also uses this key is to encrypt your function's snapshot. If you deploy your function using a container image, Lambda also uses this key to encrypt your function when it's deployed. Note that this is not the same key that's used to protect your container image in the Amazon Elastic Container Registry (Amazon ECR). If you don't provide a customer managed key, Lambda uses a default service key. stringThe type of deployment package. Set to Image for container image and set Zip for .zip file archive. stringTo enable code signing for this function, specify the ARN of a code-signing configuration. A code-signing configuration includes a set of signing profiles, which define the trusted publishers for this function. diff --git a/docs/aws-docs/providers/aws/lambda/permissions/index.md b/docs/aws-docs/providers/aws/lambda/permissions/index.md index e452018a5a..5817ebb8cc 100644 --- a/docs/aws-docs/providers/aws/lambda/permissions/index.md +++ b/docs/aws-docs/providers/aws/lambda/permissions/index.md @@ -25,7 +25,7 @@ Creates, updates, deletes or gets a permission resource or lists Namepermissions TypeResource -DescriptionThe AWS::Lambda::Permission resource grants an AWS service or another account permission to use a function. You can apply the policy at the function level, or specify a qualifier to restrict access to a single version or alias. If you use a qualifier, the invoker must use the full Amazon Resource Name (ARN) of that version or alias to invoke the function.
To grant permission to another account, specify the account ID as the Principal. To grant permission to an organization defined in AOlong, specify the organization ID as the PrincipalOrgID. For AWS services, the principal is a domain-style identifier defined by the service, like s3.amazonaws.com or sns.amazonaws.com. For AWS services, you can also specify the ARN of the associated resource as the SourceArn. If you grant permission to a service principal without specifying the source, other accounts could potentially configure resources in their account to invoke your Lambda function.
If your function has a function URL, you can specify the FunctionUrlAuthType parameter. This adds a condition to your permission that only applies when your function URL's AuthType matches the specified FunctionUrlAuthType. For more information about the AuthType parameter, see [Security and auth model for function URLs](https://docs.aws.amazon.com/lambda/latest/dg/urls-auth.html).
This resource adds a statement to a resource-based permission policy for the function. For more information about function policies, see [Lambda Function Policies](https://docs.aws.amazon.com/lambda/latest/dg/access-control-resource-based.html). +DescriptionThe AWS::Lambda::Permission resource grants an AWS service or another account permission to use a function. You can apply the policy at the function level, or specify a qualifier to restrict access to a single version or alias. If you use a qualifier, the invoker must use the full Amazon Resource Name (ARN) of that version or alias to invoke the function. To grant permission to another account, specify the account ID as the Principal. To grant permission to an organization defined in AOlong, specify the organization ID as the PrincipalOrgID. For AWS services, the principal is a domain-style identifier defined by the service, like s3.amazonaws.com or sns.amazonaws.com. For AWS services, you can also specify the ARN of the associated resource as the SourceArn. If you grant permission to a service principal without specifying the source, other accounts could potentially configure resources in their account to invoke your Lambda function. If your function has a function URL, you can specify the FunctionUrlAuthType parameter. This adds a condition to your permission that only applies when your function URL's AuthType matches the specified FunctionUrlAuthType. For more information about the AuthType parameter, see [Security and auth model for function URLs](https://docs.aws.amazon.com/lambda/latest/dg/urls-auth.html). This resource adds a statement to a resource-based permission policy for the function. For more information about function policies, see [Lambda Function Policies](https://docs.aws.amazon.com/lambda/latest/dg/access-control-resource-based.html). Id @@ -33,12 +33,12 @@ Creates, updates, deletes or gets a permission resource or lists NameDatatypeDescriptionstring stringThe action that the principal can use on the function. For example, lambda:InvokeFunction or lambda:GetFunction. stringFor Alexa Smart Home functions, a token that the invoker must supply. -stringThe name or ARN of the Lambda function, version, or alias.
**Name formats**
+ *Function name* – my-function (name-only), my-function:v1 (with alias).
+ *Function ARN* – arn:aws:lambda:us-west-2:123456789012:function:my-function.
+ *Partial ARN* – 123456789012:function:my-function.

You can append a version number or alias to any of the formats. The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length. +stringThe name or ARN of the Lambda function, version, or alias. **Name formats** + *Function name* – my-function (name-only), my-function:v1 (with alias). + *Function ARN* – arn:aws:lambda:us-west-2:123456789012:function:my-function. + *Partial ARN* – 123456789012:function:my-function. You can append a version number or alias to any of the formats. The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length. stringThe type of authentication that your function URL uses. Set to AWS_IAM if you want to restrict access to authenticated users only. Set to NONE if you want to bypass IAM authentication to create a public endpoint. For more information, see [Security and auth model for Lambda function URLs](https://docs.aws.amazon.com/lambda/latest/dg/urls-auth.html). stringThe AWS-service or AWS-account that invokes the function. If you specify a service, use SourceArn or SourceAccount to limit who can invoke the function through that service. stringThe identifier for your organization in AOlong. Use this to grant permissions to all the AWS-accounts under this organization. stringFor AWS-service, the ID of the AWS-account that owns the resource. Use this together with SourceArn to ensure that the specified account owns the resource. It is possible for an Amazon S3 bucket to be deleted by its owner and recreated by another account. -stringFor AWS-services, the ARN of the AWS resource that invokes the function. For example, an Amazon S3 bucket or Amazon SNS topic.
Note that Lambda configures the comparison using the StringLike operator. +stringFor AWS-services, the ARN of the AWS resource that invokes the function. For example, an Amazon S3 bucket or Amazon SNS topic. Note that Lambda configures the comparison using the StringLike operator. stringAWS region. diff --git a/docs/aws-docs/providers/aws/lightsail/instances/index.md b/docs/aws-docs/providers/aws/lightsail/instances/index.md index 1be0494485..10e17df270 100644 --- a/docs/aws-docs/providers/aws/lightsail/instances/index.md +++ b/docs/aws-docs/providers/aws/lightsail/instances/index.md @@ -40,8 +40,8 @@ Creates, updates, deletes or gets an instance resource or lists Hardware of the Instance. Current State of the Instance. Networking of the Instance. -stringUsername of the Lightsail instance. -stringSSH Key Name of the Lightsail instance. +stringUsername of the Lightsail instance. +stringSSH Key Name of the Lightsail instance. stringThe names to use for your new Lightsail instance. stringThe Availability Zone in which to create your instance. Use the following format: us-east-2a (case sensitive). Be sure to add the include Availability Zones parameter to your request. stringThe bundle of specification information for your virtual private server (or instance ), including the pricing plan (e.g., micro_1_0 ). diff --git a/docs/aws-docs/providers/aws/logs/account_policies/index.md b/docs/aws-docs/providers/aws/logs/account_policies/index.md index 2de812c776..4b24fd36cf 100644 --- a/docs/aws-docs/providers/aws/logs/account_policies/index.md +++ b/docs/aws-docs/providers/aws/logs/account_policies/index.md @@ -32,10 +32,10 @@ Creates, updates, deletes or gets an account_policy resource or lis ## Fields - + - +
NameDatatypeDescription
stringUser account id
stringThe name of the account policy
stringThe body of the policy document you want to use for this topic.

You can only add one policy per PolicyType.

The policy must be in JSON string format.

Length Constraints: Maximum length of 30720
stringThe body of the policy document you want to use for this topic. You can only add one policy per PolicyType. The policy must be in JSON string format. Length Constraints: Maximum length of 30720
stringType of the policy.
stringScope for policy application
stringLog group selection criteria to apply policy only to a subset of log groups. SelectionCriteria string can be up to 25KB and cloudwatchlogs determines the length of selectionCriteria by using its UTF-8 bytes
stringLog group selection criteria to apply policy only to a subset of log groups. SelectionCriteria string can be up to 25KB and cloudwatchlogs determines the length of selectionCriteria by using its UTF-8 bytes
stringAWS region.
diff --git a/docs/aws-docs/providers/aws/logs/deliveries/index.md b/docs/aws-docs/providers/aws/logs/deliveries/index.md index 9e63b95572..8955014578 100644 --- a/docs/aws-docs/providers/aws/logs/deliveries/index.md +++ b/docs/aws-docs/providers/aws/logs/deliveries/index.md @@ -25,7 +25,7 @@ Creates, updates, deletes or gets a delivery resource or lists Namedeliveries TypeResource -DescriptionThis structure contains information about one delivery in your account.

A delivery is a connection between a logical delivery source and a logical delivery destination.

For more information, see [CreateDelivery](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_CreateDelivery.html). +DescriptionThis structure contains information about one delivery in your account. A delivery is a connection between a logical delivery source and a logical delivery destination. For more information, see [CreateDelivery](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_CreateDelivery.html). Id diff --git a/docs/aws-docs/providers/aws/logs/delivery_destinations/index.md b/docs/aws-docs/providers/aws/logs/delivery_destinations/index.md index 0f4917e8d1..1a408f112a 100644 --- a/docs/aws-docs/providers/aws/logs/delivery_destinations/index.md +++ b/docs/aws-docs/providers/aws/logs/delivery_destinations/index.md @@ -25,7 +25,7 @@ Creates, updates, deletes or gets a delivery_destination resource o - +
Namedelivery_destinations
TypeResource
DescriptionThis structure contains information about one delivery destination in your account.

A delivery destination is an AWS resource that represents an AWS service that logs can be sent to CloudWatch Logs, Amazon S3, are supported as Kinesis Data Firehose delivery destinations.
DescriptionThis structure contains information about one delivery destination in your account. A delivery destination is an AWS resource that represents an AWS service that logs can be sent to CloudWatch Logs, Amazon S3, are supported as Kinesis Data Firehose delivery destinations.
Id
@@ -35,7 +35,7 @@ Creates, updates, deletes or gets a delivery_destination resource o stringThe ARN of the AWS resource that will receive the logs. arrayThe tags that have been assigned to this delivery destination. stringDisplays whether this delivery destination is CloudWatch Logs, Amazon S3, or Kinesis Data Firehose. -objectIAM policy that grants permissions to CloudWatch Logs to deliver logs cross-account to a specified destination in this account.

The policy must be in JSON string format.

Length Constraints: Maximum length of 51200 +objectIAM policy that grants permissions to CloudWatch Logs to deliver logs cross-account to a specified destination in this account. The policy must be in JSON string format. Length Constraints: Maximum length of 51200 stringAWS region. diff --git a/docs/aws-docs/providers/aws/logs/delivery_sources/index.md b/docs/aws-docs/providers/aws/logs/delivery_sources/index.md index c30b693aa6..b96115412b 100644 --- a/docs/aws-docs/providers/aws/logs/delivery_sources/index.md +++ b/docs/aws-docs/providers/aws/logs/delivery_sources/index.md @@ -25,7 +25,7 @@ Creates, updates, deletes or gets a delivery_source resource or lis - +
Namedelivery_sources
TypeResource
Description A delivery source is an AWS resource that sends logs to an AWS destination. The destination can be CloudWatch Logs, Amazon S3, or Kinesis Data Firehose.

Only some AWS services support being configured as a delivery source. These services are listed as Supported [V2 Permissions] in the table at [Enabling logging from AWS services](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html).
Description A delivery source is an AWS resource that sends logs to an AWS destination. The destination can be CloudWatch Logs, Amazon S3, or Kinesis Data Firehose. Only some AWS services support being configured as a delivery source. These services are listed as Supported [V2 Permissions] in the table at [Enabling logging from AWS services](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html).
Id
diff --git a/docs/aws-docs/providers/aws/logs/metric_filters/index.md b/docs/aws-docs/providers/aws/logs/metric_filters/index.md index c2cec40ccf..fc11d2f26e 100644 --- a/docs/aws-docs/providers/aws/logs/metric_filters/index.md +++ b/docs/aws-docs/providers/aws/logs/metric_filters/index.md @@ -25,7 +25,7 @@ Creates, updates, deletes or gets a metric_filter resource or lists - +
Namemetric_filters
TypeResource
DescriptionThe AWS::Logs::MetricFilter resource specifies a metric filter that describes how CWL extracts information from logs and transforms it into Amazon CloudWatch metrics. If you have multiple metric filters that are associated with a log group, all the filters are applied to the log streams in that group.
The maximum number of metric filters that can be associated with a log group is 100.
DescriptionThe AWS::Logs::MetricFilter resource specifies a metric filter that describes how CWL extracts information from logs and transforms it into Amazon CloudWatch metrics. If you have multiple metric filters that are associated with a log group, all the filters are applied to the log streams in that group. The maximum number of metric filters that can be associated with a log group is 100.
Id
diff --git a/docs/aws-docs/providers/aws/logs/subscription_filters/index.md b/docs/aws-docs/providers/aws/logs/subscription_filters/index.md index f6a90fb44f..70d5848d37 100644 --- a/docs/aws-docs/providers/aws/logs/subscription_filters/index.md +++ b/docs/aws-docs/providers/aws/logs/subscription_filters/index.md @@ -25,7 +25,7 @@ Creates, updates, deletes or gets a subscription_filter resource or - +
Namesubscription_filters
TypeResource
DescriptionThe AWS::Logs::SubscriptionFilter resource specifies a subscription filter and associates it with the specified log group. Subscription filters allow you to subscribe to a real-time stream of log events and have them delivered to a specific destination. Currently, the supported destinations are:
+ An Amazon Kinesis data stream belonging to the same account as the subscription filter, for same-account delivery.
+ A logical destination that belongs to a different account, for cross-account delivery.
+ An Amazon Kinesis Firehose delivery stream that belongs to the same account as the subscription filter, for same-account delivery.
+ An LAMlong function that belongs to the same account as the subscription filter, for same-account delivery.

There can be as many as two subscription filters associated with a log group.
DescriptionThe AWS::Logs::SubscriptionFilter resource specifies a subscription filter and associates it with the specified log group. Subscription filters allow you to subscribe to a real-time stream of log events and have them delivered to a specific destination. Currently, the supported destinations are: + An Amazon Kinesis data stream belonging to the same account as the subscription filter, for same-account delivery. + A logical destination that belongs to a different account, for cross-account delivery. + An Amazon Kinesis Firehose delivery stream that belongs to the same account as the subscription filter, for same-account delivery. + An LAMlong function that belongs to the same account as the subscription filter, for same-account delivery. There can be as many as two subscription filters associated with a log group.
Id
diff --git a/docs/aws-docs/providers/aws/memorydb/clusters/index.md b/docs/aws-docs/providers/aws/memorydb/clusters/index.md index fe6b386ec9..c140f9eb2e 100644 --- a/docs/aws-docs/providers/aws/memorydb/clusters/index.md +++ b/docs/aws-docs/providers/aws/memorydb/clusters/index.md @@ -47,7 +47,7 @@ Creates, updates, deletes or gets a cluster resource or lists stringThe name of the Access Control List to associate with the cluster. stringThe Amazon Resource Name (ARN) of the Amazon Simple Notification Service (SNS) topic to which notifications are sent. stringThe status of the Amazon SNS notification topic. Notifications are sent only if the status is enabled. -booleanA flag that enables in-transit encryption when set to true.

You cannot modify the value of TransitEncryptionEnabled after the cluster is created. To enable in-transit encryption on a cluster you must set TransitEncryptionEnabled to true when you create a cluster. +booleanA flag that enables in-transit encryption when set to true. You cannot modify the value of TransitEncryptionEnabled after the cluster is created. To enable in-transit encryption on a cluster you must set TransitEncryptionEnabled to true when you create a cluster. objectEnables data tiering. Data tiering is only supported for clusters using the r6gd node type. This parameter must be set when using r6gd nodes. stringThe ID of the KMS key used to encrypt the cluster. arrayA list of Amazon Resource Names (ARN) that uniquely identify the RDB snapshot files stored in Amazon S3. The snapshot files are used to populate the new cluster. The Amazon S3 object name in the ARN cannot contain any commas. @@ -56,7 +56,7 @@ Creates, updates, deletes or gets a cluster resource or lists stringThe Amazon Resource Name (ARN) of the cluster. stringThe Redis engine version used by the cluster. objectThe cluster endpoint. -booleanA flag that enables automatic minor version upgrade when set to true.

You cannot modify the value of AutoMinorVersionUpgrade after the cluster is created. To enable AutoMinorVersionUpgrade on a cluster you must set AutoMinorVersionUpgrade to true when you create a cluster. +booleanA flag that enables automatic minor version upgrade when set to true. You cannot modify the value of AutoMinorVersionUpgrade after the cluster is created. To enable AutoMinorVersionUpgrade on a cluster you must set AutoMinorVersionUpgrade to true when you create a cluster. arrayAn array of key-value pairs to apply to this cluster. stringAWS region. diff --git a/docs/aws-docs/providers/aws/mwaa/environments/index.md b/docs/aws-docs/providers/aws/mwaa/environments/index.md index 21d91214c1..17fe8d5e9c 100644 --- a/docs/aws-docs/providers/aws/mwaa/environments/index.md +++ b/docs/aws-docs/providers/aws/mwaa/environments/index.md @@ -34,19 +34,7 @@ Creates, updates, deletes or gets an environment resource or lists ARN for the MWAA environment. Url endpoint for the environment's Airflow UI. IAM role to be used by tasks. -The identifier of the AWS Key Management Service (AWS KMS) customer master key (CMK) to use for MWAA data encryption. - - You can specify the CMK using any of the following: - - Key ID. For example, key/1234abcd-12ab-34cd-56ef-1234567890ab. - - Key alias. For example, alias/ExampleAlias. - - Key ARN. For example, arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef. - - Alias ARN. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias. - - AWS authenticates the CMK asynchronously. Therefore, if you specify an ID, alias, or ARN that is not valid, the action can appear to complete, but eventually fails. +The identifier of the AWS Key Management Service (AWS KMS) customer master key (CMK) to use for MWAA data encryption. You can specify the CMK using any of the following: Key ID. For example, key/1234abcd-12ab-34cd-56ef-1234567890ab. Key alias. For example, alias/ExampleAlias. Key ARN. For example, arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef. Alias ARN. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias. AWS authenticates the CMK asynchronously. Therefore, if you specify an ID, alias, or ARN that is not valid, the action can appear to complete, but eventually fails. Version of airflow to deploy to the environment. ARN for the AWS S3 bucket to use as the source of DAGs and plugins for the environment. Represents an S3 prefix relative to the root of an S3 bucket. @@ -56,7 +44,7 @@ Creates, updates, deletes or gets an environment resource or lists Represents an version ID for an S3 object. Represents an S3 prefix relative to the root of an S3 bucket. Represents an version ID for an S3 object. -objectKey/value pairs representing Airflow configuration variables.
Keys are prefixed by their section:

[core]
dags_folder={AIRFLOW_HOME}/dags

Would be represented as

"core.dags_folder": "{AIRFLOW_HOME}/dags" +objectKey/value pairs representing Airflow configuration variables. Keys are prefixed by their section: [core] dags_folder={AIRFLOW_HOME}/dags Would be represented as "core.dags_folder": "{AIRFLOW_HOME}/dags" Templated configuration for airflow processes and backing infrastructure. Maximum worker compute units. Minimum worker compute units. diff --git a/docs/aws-docs/providers/aws/neptune/db_clusters/index.md b/docs/aws-docs/providers/aws/neptune/db_clusters/index.md index 4594fb9aa1..c28cb4aad1 100644 --- a/docs/aws-docs/providers/aws/neptune/db_clusters/index.md +++ b/docs/aws-docs/providers/aws/neptune/db_clusters/index.md @@ -40,7 +40,7 @@ Creates, updates, deletes or gets a db_cluster resource or lists stringThe DB cluster identifier. Contains a user-supplied DB cluster identifier. This identifier is the unique key that identifies a DB cluster stored as a lowercase string. stringProvides the name of the DB cluster parameter group. stringThe name of the DB parameter group to apply to all instances of the DB cluster. Used only in case of a major EngineVersion upgrade request. -integerThe port number on which the DB instances in the DB cluster accept connections.

If not specified, the default port used is `8182`.

Note: `Port` property will soon be deprecated from this resource. Please update existing templates to rename it with new property `DBPort` having same functionalities. +integerThe port number on which the DB instances in the DB cluster accept connections. If not specified, the default port used is `8182`. Note: `Port` property will soon be deprecated from this resource. Please update existing templates to rename it with new property `DBPort` having same functionalities. stringSpecifies information on the subnet group associated with the DB cluster, including the name, description, and subnets in the subnet group. booleanIndicates whether or not the DB cluster has deletion protection enabled. The database can't be deleted when deletion protection is enabled. arraySpecifies a list of log types that are enabled for export to CloudWatch Logs. @@ -50,14 +50,14 @@ Creates, updates, deletes or gets a db_cluster resource or lists stringThe port number on which the DB cluster accepts connections. For example: `8182`. stringSpecifies the daily time range during which automated backups are created if automated backups are enabled, as determined by the BackupRetentionPeriod. stringSpecifies the weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC). -stringCreates a new DB cluster from a DB snapshot or DB cluster snapshot.

If a DB snapshot is specified, the target DB cluster is created from the source DB snapshot with a default configuration and default security group.

If a DB cluster snapshot is specified, the target DB cluster is created from the source DB cluster restore point with the same configuration as the original source DB cluster, except that the new DB cluster is created with the default security group. -stringCreates a new DB cluster from a DB snapshot or DB cluster snapshot.

If a DB snapshot is specified, the target DB cluster is created from the source DB snapshot with a default configuration and default security group.

If a DB cluster snapshot is specified, the target DB cluster is created from the source DB cluster restore point with the same configuration as the original source DB cluster, except that the new DB cluster is created with the default security group. +stringCreates a new DB cluster from a DB snapshot or DB cluster snapshot. If a DB snapshot is specified, the target DB cluster is created from the source DB snapshot with a default configuration and default security group. If a DB cluster snapshot is specified, the target DB cluster is created from the source DB cluster restore point with the same configuration as the original source DB cluster, except that the new DB cluster is created with the default security group. +stringCreates a new DB cluster from a DB snapshot or DB cluster snapshot. If a DB snapshot is specified, the target DB cluster is created from the source DB snapshot with a default configuration and default security group. If a DB cluster snapshot is specified, the target DB cluster is created from the source DB cluster restore point with the same configuration as the original source DB cluster, except that the new DB cluster is created with the default security group. objectContains the scaling configuration used by the Neptune Serverless Instances within this DB cluster. -stringSpecifies the identifier for a DB cluster snapshot. Must match the identifier of an existing snapshot.

After you restore a DB cluster using a SnapshotIdentifier, you must specify the same SnapshotIdentifier for any future updates to the DB cluster. When you specify this property for an update, the DB cluster is not restored from the snapshot again, and the data in the database is not changed.

However, if you don't specify the SnapshotIdentifier, an empty DB cluster is created, and the original DB cluster is deleted. If you specify a property that is different from the previous snapshot restore property, the DB cluster is restored from the snapshot specified by the SnapshotIdentifier, and the original DB cluster is deleted. -stringCreates a new DB cluster from a DB snapshot or DB cluster snapshot.

If a DB snapshot is specified, the target DB cluster is created from the source DB snapshot with a default configuration and default security group.

If a DB cluster snapshot is specified, the target DB cluster is created from the source DB cluster restore point with the same configuration as the original source DB cluster, except that the new DB cluster is created with the default security group. -booleanIndicates whether the DB cluster is encrypted.

If you specify the `DBClusterIdentifier`, `DBSnapshotIdentifier`, or `SourceDBInstanceIdentifier` property, don't specify this property. The value is inherited from the cluster, snapshot, or source DB instance. If you specify the KmsKeyId property, you must enable encryption.

If you specify the KmsKeyId, you must enable encryption by setting StorageEncrypted to true. +stringSpecifies the identifier for a DB cluster snapshot. Must match the identifier of an existing snapshot. After you restore a DB cluster using a SnapshotIdentifier, you must specify the same SnapshotIdentifier for any future updates to the DB cluster. When you specify this property for an update, the DB cluster is not restored from the snapshot again, and the data in the database is not changed. However, if you don't specify the SnapshotIdentifier, an empty DB cluster is created, and the original DB cluster is deleted. If you specify a property that is different from the previous snapshot restore property, the DB cluster is restored from the snapshot specified by the SnapshotIdentifier, and the original DB cluster is deleted. +stringCreates a new DB cluster from a DB snapshot or DB cluster snapshot. If a DB snapshot is specified, the target DB cluster is created from the source DB snapshot with a default configuration and default security group. If a DB cluster snapshot is specified, the target DB cluster is created from the source DB cluster restore point with the same configuration as the original source DB cluster, except that the new DB cluster is created with the default security group. +booleanIndicates whether the DB cluster is encrypted. If you specify the `DBClusterIdentifier`, `DBSnapshotIdentifier`, or `SourceDBInstanceIdentifier` property, don't specify this property. The value is inherited from the cluster, snapshot, or source DB instance. If you specify the KmsKeyId property, you must enable encryption. If you specify the KmsKeyId, you must enable encryption by setting StorageEncrypted to true. arrayThe tags assigned to this cluster. -booleanCreates a new DB cluster from a DB snapshot or DB cluster snapshot.

If a DB snapshot is specified, the target DB cluster is created from the source DB snapshot with a default configuration and default security group.

If a DB cluster snapshot is specified, the target DB cluster is created from the source DB cluster restore point with the same configuration as the original source DB cluster, except that the new DB cluster is created with the default security group. +booleanCreates a new DB cluster from a DB snapshot or DB cluster snapshot. If a DB snapshot is specified, the target DB cluster is created from the source DB snapshot with a default configuration and default security group. If a DB cluster snapshot is specified, the target DB cluster is created from the source DB cluster restore point with the same configuration as the original source DB cluster, except that the new DB cluster is created with the default security group. arrayProvides a list of VPC security groups that the DB cluster belongs to. stringAWS region. diff --git a/docs/aws-docs/providers/aws/neptunegraph/graphs/index.md b/docs/aws-docs/providers/aws/neptunegraph/graphs/index.md index f16546271e..c820495ec6 100644 --- a/docs/aws-docs/providers/aws/neptunegraph/graphs/index.md +++ b/docs/aws-docs/providers/aws/neptunegraph/graphs/index.md @@ -30,11 +30,11 @@ Creates, updates, deletes or gets a graph resource or lists g ## Fields - - +
NameDatatypeDescription
booleanValue that indicates whether the Graph has deletion protection enabled. The graph can't be deleted when deletion protection is enabled.

_Default_: If not specified, the default value is true.
stringContains a user-supplied name for the Graph.

If you don't specify a name, we generate a unique Graph Name using a combination of Stack Name and a UUID comprising of 4 characters.

_Important_: If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.
+ - - + + diff --git a/docs/aws-docs/providers/aws/neptunegraph/private_graph_endpoints/index.md b/docs/aws-docs/providers/aws/neptunegraph/private_graph_endpoints/index.md index 3bbb25b7f0..c3a3f8eeef 100644 --- a/docs/aws-docs/providers/aws/neptunegraph/private_graph_endpoints/index.md +++ b/docs/aws-docs/providers/aws/neptunegraph/private_graph_endpoints/index.md @@ -34,7 +34,7 @@ Creates, updates, deletes or gets a private_graph_endpoint resource - +
NameDatatypeDescription
booleanValue that indicates whether the Graph has deletion protection enabled. The graph can't be deleted when deletion protection is enabled. _Default_: If not specified, the default value is true.
stringContains a user-supplied name for the Graph. If you don't specify a name, we generate a unique Graph Name using a combination of Stack Name and a UUID comprising of 4 characters. _Important_: If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.
integerMemory for the Graph.
booleanSpecifies whether the Graph can be reached over the internet. Access to all graphs requires IAM authentication.

When the Graph is publicly reachable, its Domain Name System (DNS) endpoint resolves to the public IP address from the internet.

When the Graph isn't publicly reachable, you need to create a PrivateGraphEndpoint in a given VPC to ensure the DNS name resolves to a private IP address that is reachable from the VPC.

_Default_: If not specified, the default value is false.
integerSpecifies the number of replicas you want when finished. All replicas will be provisioned in different availability zones.

Replica Count should always be less than or equal to 2.

_Default_: If not specified, the default value is 1.
booleanSpecifies whether the Graph can be reached over the internet. Access to all graphs requires IAM authentication. When the Graph is publicly reachable, its Domain Name System (DNS) endpoint resolves to the public IP address from the internet. When the Graph isn't publicly reachable, you need to create a PrivateGraphEndpoint in a given VPC to ensure the DNS name resolves to a private IP address that is reachable from the VPC. _Default_: If not specified, the default value is false.
integerSpecifies the number of replicas you want when finished. All replicas will be provisioned in different availability zones. Replica Count should always be less than or equal to 2. _Default_: If not specified, the default value is 1.
arrayThe tags associated with this graph.
objectVector Search Configuration
stringThe connection endpoint for the graph. For example: `g-12a3bcdef4.us-east-1.neptune-graph.amazonaws.com`
arrayThe security group Ids associated with the VPC where you want the private graph endpoint to be created, ie, the graph will be reachable from within the VPC.
arrayThe subnet Ids associated with the VPC where you want the private graph endpoint to be created, ie, the graph will be reachable from within the VPC.
stringThe VPC where you want the private graph endpoint to be created, ie, the graph will be reachable from within the VPC.
stringPrivateGraphEndpoint resource identifier generated by concatenating the associated GraphIdentifier and VpcId with an underscore separator.

For example, if GraphIdentifier is `g-12a3bcdef4` and VpcId is `vpc-0a12bc34567de8f90`, the generated PrivateGraphEndpointIdentifier will be `g-12a3bcdef4_vpc-0a12bc34567de8f90`
stringPrivateGraphEndpoint resource identifier generated by concatenating the associated GraphIdentifier and VpcId with an underscore separator. For example, if GraphIdentifier is `g-12a3bcdef4` and VpcId is `vpc-0a12bc34567de8f90`, the generated PrivateGraphEndpointIdentifier will be `g-12a3bcdef4_vpc-0a12bc34567de8f90`
stringVPC endpoint that provides a private connection between the Graph and specified VPC.
stringAWS region.
diff --git a/docs/aws-docs/providers/aws/nimblestudio/launch_profiles/index.md b/docs/aws-docs/providers/aws/nimblestudio/launch_profiles/index.md index 9e91c9a357..82228c5a16 100644 --- a/docs/aws-docs/providers/aws/nimblestudio/launch_profiles/index.md +++ b/docs/aws-docs/providers/aws/nimblestudio/launch_profiles/index.md @@ -31,12 +31,12 @@ Creates, updates, deletes or gets a launch_profile resource or list ## Fields - + - + - + diff --git a/docs/aws-docs/providers/aws/opensearchserverless/collections/index.md b/docs/aws-docs/providers/aws/opensearchserverless/collections/index.md index 418c8c2b3d..a926bb92d4 100644 --- a/docs/aws-docs/providers/aws/opensearchserverless/collections/index.md +++ b/docs/aws-docs/providers/aws/opensearchserverless/collections/index.md @@ -32,7 +32,7 @@ Creates, updates, deletes or gets a collection resource or lists - + diff --git a/docs/aws-docs/providers/aws/organizations/policies/index.md b/docs/aws-docs/providers/aws/organizations/policies/index.md index 8cfbd9be2d..8be618eaf0 100644 --- a/docs/aws-docs/providers/aws/organizations/policies/index.md +++ b/docs/aws-docs/providers/aws/organizations/policies/index.md @@ -25,7 +25,7 @@ Creates, updates, deletes or gets a policy resource or lists
NameDatatypeDescription
string

The description.

array

Specifies the IDs of the EC2 subnets where streaming sessions will be accessible from.
These subnets must support the specified instance types.

array

Specifies the IDs of the EC2 subnets where streaming sessions will be accessible from. These subnets must support the specified instance types.

string
array

The version number of the protocol that is used by the launch profile. The only valid
version is "2021-03-31".

array

The version number of the protocol that is used by the launch profile. The only valid version is "2021-03-31".

string

The name for the launch profile.

A configuration for a streaming session.

array

Unique identifiers for a collection of studio components that can be used with this
launch profile.

array

Unique identifiers for a collection of studio components that can be used with this launch profile.

string

The studio ID.

undefined
stringAWS region.
NameDatatypeDescription
stringThe description of the collection
stringThe identifier of the collection
stringThe name of the collection.

The name must meet the following criteria:
Unique to your account and AWS Region
Starts with a lowercase letter
Contains only lowercase letters a-z, the numbers 0-9 and the hyphen (-)
Contains between 3 and 32 characters
stringThe name of the collection. The name must meet the following criteria: Unique to your account and AWS Region Starts with a lowercase letter Contains only lowercase letters a-z, the numbers 0-9 and the hyphen (-) Contains between 3 and 32 characters
arrayList of tags to be added to the resource
stringThe Amazon Resource Name (ARN) of the collection.
stringThe endpoint for the collection.
- +
Namepolicies
TypeResource
DescriptionPolicies in AWS Organizations enable you to manage different features of the AWS accounts in your organization. You can use policies when all features are enabled in your organization.
DescriptionPolicies in AWS Organizations enable you to manage different features of the AWS accounts in your organization. You can use policies when all features are enabled in your organization.
Id
diff --git a/docs/aws-docs/providers/aws/proton/environment_account_connections/index.md b/docs/aws-docs/providers/aws/proton/environment_account_connections/index.md index 1869584859..b3d273bce8 100644 --- a/docs/aws-docs/providers/aws/proton/environment_account_connections/index.md +++ b/docs/aws-docs/providers/aws/proton/environment_account_connections/index.md @@ -39,7 +39,7 @@ Creates, updates, deletes or gets an environment_account_connection stringThe ID of the management account that accepts or rejects the environment account connection. You create an manage the AWS Proton environment in this account. If the management account accepts the environment account connection, AWS Proton can use the associated IAM role to provision environment infrastructure resources in the associated environment account. stringThe Amazon Resource Name (ARN) of the IAM service role that's created in the environment account. AWS Proton uses this role to provision infrastructure resources in the associated environment account. stringThe status of the environment account connection. -array

An optional list of metadata items that you can associate with the Proton environment account connection. A tag is a key-value pair.


For more information, see Proton resources and tagging in the
Proton User Guide.

+array

An optional list of metadata items that you can associate with the Proton environment account connection. A tag is a key-value pair.

For more information, see Proton resources and tagging in the Proton User Guide.

stringAWS region. diff --git a/docs/aws-docs/providers/aws/proton/environment_templates/index.md b/docs/aws-docs/providers/aws/proton/environment_templates/index.md index 95ea800633..7e6d3c9375 100644 --- a/docs/aws-docs/providers/aws/proton/environment_templates/index.md +++ b/docs/aws-docs/providers/aws/proton/environment_templates/index.md @@ -36,7 +36,7 @@ Creates, updates, deletes or gets an environment_template resource string

A customer provided encryption key that Proton uses to encrypt data.

string undefined -array

An optional list of metadata items that you can associate with the Proton environment template. A tag is a key-value pair.


For more information, see Proton resources and tagging in the
Proton User Guide.

+array

An optional list of metadata items that you can associate with the Proton environment template. A tag is a key-value pair.

For more information, see Proton resources and tagging in the Proton User Guide.

stringAWS region. diff --git a/docs/aws-docs/providers/aws/proton/service_templates/index.md b/docs/aws-docs/providers/aws/proton/service_templates/index.md index e2e9b11d6a..6900fe34fa 100644 --- a/docs/aws-docs/providers/aws/proton/service_templates/index.md +++ b/docs/aws-docs/providers/aws/proton/service_templates/index.md @@ -36,7 +36,7 @@ Creates, updates, deletes or gets a service_template resource or li string

A customer provided encryption key that's used to encrypt data.

string undefined -array

An optional list of metadata items that you can associate with the Proton service template. A tag is a key-value pair.


For more information, see Proton resources and tagging in the
Proton User Guide.

+array

An optional list of metadata items that you can associate with the Proton service template. A tag is a key-value pair.

For more information, see Proton resources and tagging in the Proton User Guide.

stringAWS region. diff --git a/docs/aws-docs/providers/aws/quicksight/data_sets/index.md b/docs/aws-docs/providers/aws/quicksight/data_sets/index.md index 8b4257a036..c4b6610833 100644 --- a/docs/aws-docs/providers/aws/quicksight/data_sets/index.md +++ b/docs/aws-docs/providers/aws/quicksight/data_sets/index.md @@ -33,8 +33,8 @@ Creates, updates, deletes or gets a data_set resource or lists NameDatatypeDescriptionstring

The Amazon Resource Name (ARN) of the resource.

string array

Groupings of columns that work together in certain Amazon QuickSight features. Currently, only geospatial hierarchy is supported.

-array

A set of one or more definitions of a
ColumnLevelPermissionRule
.

-number

The amount of SPICE capacity used by this dataset. This is 0 if the dataset isn't
imported into SPICE.

+array

A set of one or more definitions of a ColumnLevelPermissionRule .

+number

The amount of SPICE capacity used by this dataset. This is 0 if the dataset isn't imported into SPICE.

string

The time that this dataset was created.

string

The refresh properties of a dataset.

 @@ -45,7 +45,7 @@ Creates, updates, deletes or gets a data_set resource or lists string

The last time that this dataset was updated.

undefined string

The display name for the dataset.

-array

The list of columns after all transforms. These columns are available in templates,
analyses, and dashboards.

+array

The list of columns after all transforms. These columns are available in templates, analyses, and dashboards.

array

A list of resource permissions on the dataset.

undefined

Information about a dataset that contains permissions for row-level security (RLS). diff --git a/docs/aws-docs/providers/aws/quicksight/data_sources/index.md b/docs/aws-docs/providers/aws/quicksight/data_sources/index.md index 89e41c73ee..38c3aca461 100644 --- a/docs/aws-docs/providers/aws/quicksight/data_sources/index.md +++ b/docs/aws-docs/providers/aws/quicksight/data_sources/index.md @@ -30,7 +30,7 @@ Creates, updates, deletes or gets a data_source resource or lists < ## Fields - +
NameDatatypeDescription
array

A set of alternate data source parameters that you want to share for the credentials
stored with this data source. The credentials are applied in tandem with the data source
parameters when you copy a data source by using a create or update request. The API
operation compares the DataSourceParameters structure that's in the request
with the structures in the AlternateDataSourceParameters allow list. If the
structures are an exact match, the request is allowed to use the credentials from this
existing data source. If the AlternateDataSourceParameters list is null,
the Credentials originally used with this DataSourceParameters
are automatically allowed.

diff --git a/docs/aws-docs/providers/aws/rds/db_clusters/index.md b/docs/aws-docs/providers/aws/rds/db_clusters/index.md index 9024beadf9..cfa2174d5c 100644 --- a/docs/aws-docs/providers/aws/rds/db_clusters/index.md +++ b/docs/aws-docs/providers/aws/rds/db_clusters/index.md @@ -30,7 +30,7 @@ Creates, updates, deletes or gets a db_cluster resource or lists
NameDatatypeDescription
array

A set of alternate data source parameters that you want to share for the credentials stored with this data source. The credentials are applied in tandem with the data source parameters when you copy a data source by using a create or update request. The API operation compares the DataSourceParameters structure that's in the request with the structures in the AlternateDataSourceParameters allow list. If the structures are an exact match, the request is allowed to use the credentials from this existing data source. If the AlternateDataSourceParameters list is null, the Credentials originally used with this DataSourceParameters are automatically allowed.

string

The Amazon Resource Name (ARN) of the data source.

string
string

The time that this data source was created.

## Fields - +
NameDatatypeDescription
booleanIndicates whether the DB instance is encrypted.
If you specify the DBClusterIdentifier, SnapshotIdentifier, or SourceDBInstanceIdentifier property, don't specify this property. The value is inherited from the cluster, snapshot, or source DB instance.
@@ -73,13 +73,13 @@ Creates, updates, deletes or gets a db_cluster resource or lists - + - - + + diff --git a/docs/aws-docs/providers/aws/rds/db_instances/index.md b/docs/aws-docs/providers/aws/rds/db_instances/index.md index 89e41ecf22..bc3f830f82 100644 --- a/docs/aws-docs/providers/aws/rds/db_instances/index.md +++ b/docs/aws-docs/providers/aws/rds/db_instances/index.md @@ -25,91 +25,91 @@ Creates, updates, deletes or gets a db_instance resource or lists <
NameDatatypeDescription
booleanIndicates whether the DB instance is encrypted. If you specify the DBClusterIdentifier, SnapshotIdentifier, or SourceDBInstanceIdentifier property, don't specify this property. The value is inherited from the cluster, snapshot, or source DB instance.
stringReserved for future use.
stringThe date and time to restore the DB cluster to. Value must be a time in Universal Coordinated Time (UTC) format. An example: 2015-03-07T23:45:00Z
stringThe DB engine mode of the DB cluster, either provisioned, serverless, parallelquery, global, or multimaster.
stringThe Amazon Resource Name (ARN) for the IAM role that permits RDS to send Enhanced Monitoring metrics to Amazon CloudWatch Logs.
arrayProvides a list of the AWS Identity and Access Management (IAM) roles that are associated with the DB cluster. IAM roles that are associated with a DB cluster grant permission for the DB cluster to access other AWS services on your behalf.
booleanA value that indicates whether to enable the HTTP endpoint for DB cluster. By default, the HTTP endpoint is disabled.
stringThe identifier for the DB snapshot or DB cluster snapshot to restore from.
You can use either the name or the Amazon Resource Name (ARN) to specify a DB cluster snapshot. However, you can use only the ARN to specify a DB snapshot.
After you restore a DB cluster with a SnapshotIdentifier property, you must specify the same SnapshotIdentifier property for any future updates to the DB cluster. When you specify this property for an update, the DB cluster is not restored from the snapshot again, and the data in the database is not changed. However, if you don't specify the SnapshotIdentifier property, an empty DB cluster is created, and the original DB cluster is deleted. If you specify a property that is different from the previous snapshot restore property, the DB cluster is restored from the specified SnapshotIdentifier property, and the original DB cluster is deleted.
stringThe identifier for the DB snapshot or DB cluster snapshot to restore from. You can use either the name or the Amazon Resource Name (ARN) to specify a DB cluster snapshot. However, you can use only the ARN to specify a DB snapshot. After you restore a DB cluster with a SnapshotIdentifier property, you must specify the same SnapshotIdentifier property for any future updates to the DB cluster. When you specify this property for an update, the DB cluster is not restored from the snapshot again, and the data in the database is not changed. However, if you don't specify the SnapshotIdentifier property, an empty DB cluster is created, and the original DB cluster is deleted. If you specify a property that is different from the previous snapshot restore property, the DB cluster is restored from the specified SnapshotIdentifier property, and the original DB cluster is deleted.
stringThe daily time range during which automated backups are created if automated backups are enabled using the BackupRetentionPeriod parameter. The default is a 30-minute window selected at random from an 8-hour block of time for each AWS Region. To see the time blocks available, see Adjusting the Preferred DB Cluster Maintenance Window in the Amazon Aurora User Guide.
stringThe network type of the DB cluster.
arrayA list of EC2 VPC security groups to associate with this DB cluster.
booleanA value that indicates whether to copy all tags from the DB cluster to snapshots of the DB cluster. The default is not to copy them.
stringIf you are configuring an Aurora global database cluster and want your Aurora DB cluster to be a secondary member in the global database cluster, specify the global cluster ID of the global database cluster. To define the primary database cluster of the global cluster, use the AWS::RDS::GlobalCluster resource.

If you aren't configuring a global database cluster, don't specify this property.
stringThe type of restore to be performed. You can specify one of the following values:
full-copy - The new DB cluster is restored as a full copy of the source DB cluster.
copy-on-write - The new DB cluster is restored as a clone of the source DB cluster.
stringIf you are configuring an Aurora global database cluster and want your Aurora DB cluster to be a secondary member in the global database cluster, specify the global cluster ID of the global database cluster. To define the primary database cluster of the global cluster, use the AWS::RDS::GlobalCluster resource. If you aren't configuring a global database cluster, don't specify this property.
stringThe type of restore to be performed. You can specify one of the following values: full-copy - The new DB cluster is restored as a full copy of the source DB cluster. copy-on-write - The new DB cluster is restored as a clone of the source DB cluster.
stringSpecify the name of the IAM role to be used when making API calls to the Directory Service.
stringThe compute and memory capacity of each DB instance in the Multi-AZ DB cluster, for example db.m6g.xlarge.
arrayA list of Availability Zones (AZs) where instances in the DB cluster can be created. For information on AWS Regions and Availability Zones, see Choosing the Regions and Availability Zones in the Amazon Aurora User Guide.
- +
Namedb_instances
TypeResource
DescriptionThe AWS::RDS::DBInstance resource creates an Amazon DB instance. The new DB instance can be an RDS DB instance, or it can be a DB instance in an Aurora DB cluster.
For more information about creating an RDS DB instance, see [Creating an Amazon RDS DB instance](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_CreateDBInstance.html) in the *Amazon RDS User Guide*.
For more information about creating a DB instance in an Aurora DB cluster, see [Creating an Amazon Aurora DB cluster](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.CreateInstance.html) in the *Amazon Aurora User Guide*.
If you import an existing DB instance, and the template configuration doesn't match the actual configuration of the DB instance, AWS CloudFormation applies the changes in the template during the import operation.
If a DB instance is deleted or replaced during an update, AWS CloudFormation deletes all automated snapshots. However, it retains manual DB snapshots. During an update that requires replacement, you can apply a stack policy to prevent DB instances from being replaced. For more information, see [Prevent Updates to Stack Resources](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/protect-stack-resources.html).
*Updating DB instances*
When properties labeled "*Update requires:* [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement)" are updated, AWS CloudFormation first creates a replacement DB instance, then changes references from other dependent resources to point to the replacement DB instance, and finally deletes the old DB instance.
We highly recommend that you take a snapshot of the database before updating the stack. If you don't, you lose the data when AWS CloudFormation replaces your DB instance. To preserve your data, perform the following procedure:
1. Deactivate any applications that are using the DB instance so that there's no activity on the DB instance.
1. Create a snapshot of the DB instance. For more information, see [Creating a DB Snapshot](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_CreateSnapshot.html).
1. If you want to restore your instance using a DB snapshot, modify the updated template with your DB instance changes and add the DBSnapshotIdentifier property with the ID of the DB snapshot that you want to use.
After you restore a DB instance with a DBSnapshotIdentifier property, you can delete the DBSnapshotIdentifier property. When you specify this property for an update, the DB instance is not restored from the DB snapshot again, and the data in the database is not changed. However, if you don't specify the DBSnapshotIdentifier property, an empty DB instance is created, and the original DB instance is deleted. If you specify a property that is different from the previous snapshot restore property, a new DB instance is restored from the specified DBSnapshotIdentifier property, and the original DB instance is deleted.
1. Update the stack.

For more information about updating other properties of this resource, see ModifyDBInstance. For more information about updating stacks, see [CloudFormation Stacks Updates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks.html).
*Deleting DB instances*
For DB instances that are part of an Aurora DB cluster, you can set a deletion policy for your DB instance to control how AWS CloudFormation handles the DB instance when the stack is deleted. For Amazon RDS DB instances, you can choose to *retain* the DB instance, to *delete* the DB instance, or to *create a snapshot* of the DB instance. The default AWS CloudFormation behavior depends on the DBClusterIdentifier property:
1. For AWS::RDS::DBInstance resources that don't specify the DBClusterIdentifier property, AWS CloudFormation saves a snapshot of the DB instance.
1. For AWS::RDS::DBInstance resources that do specify the DBClusterIdentifier property, AWS CloudFormation deletes the DB instance.

For more information, see [DeletionPolicy Attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html).
DescriptionThe AWS::RDS::DBInstance resource creates an Amazon DB instance. The new DB instance can be an RDS DB instance, or it can be a DB instance in an Aurora DB cluster. For more information about creating an RDS DB instance, see [Creating an Amazon RDS DB instance](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_CreateDBInstance.html) in the *Amazon RDS User Guide*. For more information about creating a DB instance in an Aurora DB cluster, see [Creating an Amazon Aurora DB cluster](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.CreateInstance.html) in the *Amazon Aurora User Guide*. If you import an existing DB instance, and the template configuration doesn't match the actual configuration of the DB instance, AWS CloudFormation applies the changes in the template during the import operation. If a DB instance is deleted or replaced during an update, AWS CloudFormation deletes all automated snapshots. However, it retains manual DB snapshots. During an update that requires replacement, you can apply a stack policy to prevent DB instances from being replaced. For more information, see [Prevent Updates to Stack Resources](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/protect-stack-resources.html). *Updating DB instances* When properties labeled "*Update requires:* [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement)" are updated, AWS CloudFormation first creates a replacement DB instance, then changes references from other dependent resources to point to the replacement DB instance, and finally deletes the old DB instance. We highly recommend that you take a snapshot of the database before updating the stack. If you don't, you lose the data when AWS CloudFormation replaces your DB instance. To preserve your data, perform the following procedure: 1. Deactivate any applications that are using the DB instance so that there's no activity on the DB instance. 1. Create a snapshot of the DB instance. For more information, see [Creating a DB Snapshot](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_CreateSnapshot.html). 1. If you want to restore your instance using a DB snapshot, modify the updated template with your DB instance changes and add the DBSnapshotIdentifier property with the ID of the DB snapshot that you want to use. After you restore a DB instance with a DBSnapshotIdentifier property, you can delete the DBSnapshotIdentifier property. When you specify this property for an update, the DB instance is not restored from the DB snapshot again, and the data in the database is not changed. However, if you don't specify the DBSnapshotIdentifier property, an empty DB instance is created, and the original DB instance is deleted. If you specify a property that is different from the previous snapshot restore property, a new DB instance is restored from the specified DBSnapshotIdentifier property, and the original DB instance is deleted. 1. Update the stack. For more information about updating other properties of this resource, see ModifyDBInstance. For more information about updating stacks, see [CloudFormation Stacks Updates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks.html). *Deleting DB instances* For DB instances that are part of an Aurora DB cluster, you can set a deletion policy for your DB instance to control how AWS CloudFormation handles the DB instance when the stack is deleted. For Amazon RDS DB instances, you can choose to *retain* the DB instance, to *delete* the DB instance, or to *create a snapshot* of the DB instance. The default AWS CloudFormation behavior depends on the DBClusterIdentifier property: 1. For AWS::RDS::DBInstance resources that don't specify the DBClusterIdentifier property, AWS CloudFormation saves a snapshot of the DB instance. 1. For AWS::RDS::DBInstance resources that do specify the DBClusterIdentifier property, AWS CloudFormation deletes the DB instance. For more information, see [DeletionPolicy Attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html).
Id
## Fields - +
NameDatatypeDescription
booleanA value that indicates whether the DB instance is encrypted. By default, it isn't encrypted.
If you specify the KmsKeyId property, then you must enable encryption.
If you specify the SourceDBInstanceIdentifier property, don't specify this property. The value is inherited from the source DB instance, and if the DB instance is encrypted, the specified KmsKeyId property is used.
If you specify DBSnapshotIdentifier property, don't specify this property. The value is inherited from the snapshot.
*Amazon Aurora*
Not applicable. The encryption for DB instances is managed by the DB cluster.
- + - + - - + + - + - - + + - + - - - - + + + + - - - - - + + + + + - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - - - - + + + + + + + - - - + + + - + - - - - - - - - - + + + + + + + + +
NameDatatypeDescription
booleanA value that indicates whether the DB instance is encrypted. By default, it isn't encrypted. If you specify the KmsKeyId property, then you must enable encryption. If you specify the SourceDBInstanceIdentifier property, don't specify this property. The value is inherited from the source DB instance, and if the DB instance is encrypted, the specified KmsKeyId property is used. If you specify DBSnapshotIdentifier property, don't specify this property. The value is inherited from the snapshot. *Amazon Aurora* Not applicable. The encryption for DB instances is managed by the DB cluster.
stringThe time zone of the DB instance. The time zone parameter is currently supported only by [RDS for Db2](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/db2-time-zone) and [RDS for SQL Server](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_SQLServer.html#SQLServer.Concepts.General.TimeZone).
stringThe Oracle system identifier (SID), which is the name of the Oracle database instance that manages your database files. In this context, the term "Oracle database instance" refers exclusively to the system global area (SGA) and Oracle background processes. If you don't specify a SID, the value defaults to RDSCDB. The Oracle SID is also the name of your CDB.
objectThe details of the DB instance's server certificate.
stringThe port number on which the database accepts connections.
*Amazon Aurora*
Not applicable. The port number is managed by the DB cluster.
*Db2*
Default value: 50000
stringThe port number on which the database accepts connections. *Amazon Aurora* Not applicable. The port number is managed by the DB cluster. *Db2* Default value: 50000
stringThe identifier of the DB cluster that the instance will belong to.
integerSpecifies the storage throughput value for the DB instance. This setting applies only to the gp3 storage type.
This setting doesn't apply to RDS Custom or Amazon Aurora.
integerSpecifies the storage throughput value for the DB instance. This setting applies only to the gp3 storage type. This setting doesn't apply to RDS Custom or Amazon Aurora.
string
integerThe interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. To disable collection of Enhanced Monitoring metrics, specify 0. The default is 0.
If MonitoringRoleArn is specified, then you must set MonitoringInterval to a value other than 0.
This setting doesn't apply to RDS Custom.
Valid Values: 0, 1, 5, 10, 15, 30, 60
stringThe name of an existing DB parameter group or a reference to an [AWS::RDS::DBParameterGroup](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbparametergroup.html) resource created in the template.
To list all of the available DB parameter group names, use the following command:
aws rds describe-db-parameter-groups --query "DBParameterGroups[].DBParameterGroupName" --output text
If any of the data members of the referenced parameter group are changed during an update, the DB instance might need to be restarted, which causes some interruption. If the parameter group contains static parameters, whether they were changed or not, an update triggers a reboot.
If you don't specify a value for DBParameterGroupName property, the default DB parameter group for the specified engine and engine version is used.
integerThe interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. To disable collection of Enhanced Monitoring metrics, specify 0. The default is 0. If MonitoringRoleArn is specified, then you must set MonitoringInterval to a value other than 0. This setting doesn't apply to RDS Custom. Valid Values: 0, 1, 5, 10, 15, 30, 60
stringThe name of an existing DB parameter group or a reference to an [AWS::RDS::DBParameterGroup](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbparametergroup.html) resource created in the template. To list all of the available DB parameter group names, use the following command: aws rds describe-db-parameter-groups --query "DBParameterGroups[].DBParameterGroupName" --output text If any of the data members of the referenced parameter group are changed during an update, the DB instance might need to be restarted, which causes some interruption. If the parameter group contains static parameters, whether they were changed or not, an update triggers a reboot. If you don't specify a value for DBParameterGroupName property, the default DB parameter group for the specified engine and engine version is used.
string
objectThe connection endpoint for the DB instance.
The endpoint might not be shown for instances with the status of creating.
objectThe connection endpoint for the DB instance. The endpoint might not be shown for instances with the status of creating.
string
stringThe AWS KMS key identifier for encryption of the replicated automated backups. The KMS key ID is the Amazon Resource Name (ARN) for the KMS encryption key in the destination AWS-Region, for example, arn:aws:kms:us-east-1:123456789012:key/AKIAIOSFODNN7EXAMPLE.
booleanSpecifies whether the database instance is a Multi-AZ DB instance deployment. You can't set the AvailabilityZone parameter if the MultiAZ parameter is set to true.
For more information, see [Multi-AZ deployments for high availability](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.MultiAZ.html) in the *Amazon RDS User Guide*.
*Amazon Aurora*
Not applicable. Amazon Aurora storage is replicated across all of the Availability Zones and doesn't require the MultiAZ option to be set.
stringThe name of the database engine to use for this DB instance. Not every database engine is available in every AWS Region.
This property is required when creating a DB instance.
You can convert an Oracle database from the non-CDB architecture to the container database (CDB) architecture by updating the Engine value in your templates from oracle-ee to oracle-ee-cdb or from oracle-se2 to oracle-se2-cdb. Converting to the CDB architecture requires an interruption.
Valid Values:
+ aurora-mysql (for Aurora MySQL DB instances)
+ aurora-postgresql (for Aurora PostgreSQL DB instances)
+ custom-oracle-ee (for RDS Custom for Oracle DB instances)
+ custom-oracle-ee-cdb (for RDS Custom for Oracle DB instances)
+ custom-sqlserver-ee (for RDS Custom for SQL Server DB instances)
+ custom-sqlserver-se (for RDS Custom for SQL Server DB instances)
+ custom-sqlserver-web (for RDS Custom for SQL Server DB instances)
+ db2-ae
+ db2-se
+ mariadb
+ mysql
+ oracle-ee
+ oracle-ee-cdb
+ oracle-se2
+ oracle-se2-cdb
+ postgres
+ sqlserver-ee
+ sqlserver-se
+ sqlserver-ex
+ sqlserver-web
booleanSpecifies whether the database instance is a Multi-AZ DB instance deployment. You can't set the AvailabilityZone parameter if the MultiAZ parameter is set to true. For more information, see [Multi-AZ deployments for high availability](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.MultiAZ.html) in the *Amazon RDS User Guide*. *Amazon Aurora* Not applicable. Amazon Aurora storage is replicated across all of the Availability Zones and doesn't require the MultiAZ option to be set.
stringThe name of the database engine to use for this DB instance. Not every database engine is available in every AWS Region. This property is required when creating a DB instance. You can convert an Oracle database from the non-CDB architecture to the container database (CDB) architecture by updating the Engine value in your templates from oracle-ee to oracle-ee-cdb or from oracle-se2 to oracle-se2-cdb. Converting to the CDB architecture requires an interruption. Valid Values: + aurora-mysql (for Aurora MySQL DB instances) + aurora-postgresql (for Aurora PostgreSQL DB instances) + custom-oracle-ee (for RDS Custom for Oracle DB instances) + custom-oracle-ee-cdb (for RDS Custom for Oracle DB instances) + custom-sqlserver-ee (for RDS Custom for SQL Server DB instances) + custom-sqlserver-se (for RDS Custom for SQL Server DB instances) + custom-sqlserver-web (for RDS Custom for SQL Server DB instances) + db2-ae + db2-se + mariadb + mysql + oracle-ee + oracle-ee-cdb + oracle-se2 + oracle-se2-cdb + postgres + sqlserver-ee + sqlserver-se + sqlserver-ex + sqlserver-web
arrayAn optional array of key-value pairs to apply to this DB instance.
stringThe AWS KMS key identifier for encryption of Performance Insights data.
The KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key.
If you do not specify a value for PerformanceInsightsKMSKeyId, then Amazon RDS uses your default KMS key. There is a default KMS key for your AWS account. Your AWS account has a different default KMS key for each AWS Region.
For information about enabling Performance Insights, see [EnablePerformanceInsights](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-database-instance.html#cfn-rds-dbinstance-enableperformanceinsights).
stringThe AWS KMS key identifier for encryption of Performance Insights data. The KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key. If you do not specify a value for PerformanceInsightsKMSKeyId, then Amazon RDS uses your default KMS key. There is a default KMS key for your AWS account. Your AWS account has a different default KMS key for each AWS Region. For information about enabling Performance Insights, see [EnablePerformanceInsights](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-database-instance.html#cfn-rds-dbinstance-enableperformanceinsights).
string
stringIf you want to create a read replica DB instance, specify the ID of the source DB instance. Each DB instance can have a limited number of read replicas. For more information, see [Working with Read Replicas](https://docs.aws.amazon.com/AmazonRDS/latest/DeveloperGuide/USER_ReadRepl.html) in the *Amazon RDS User Guide*.
For information about constraints that apply to DB instance identifiers, see [Naming constraints in Amazon RDS](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Limits.html#RDS_Limits.Constraints) in the *Amazon RDS User Guide*.
The SourceDBInstanceIdentifier property determines whether a DB instance is a read replica. If you remove the SourceDBInstanceIdentifier property from your template and then update your stack, AWS CloudFormation promotes the Read Replica to a standalone DB instance.
+ If you specify a source DB instance that uses VPC security groups, we recommend that you specify the VPCSecurityGroups property. If you don't specify the property, the read replica inherits the value of the VPCSecurityGroups property from the source DB when you create the replica. However, if you update the stack, AWS CloudFormation reverts the replica's VPCSecurityGroups property to the default value because it's not defined in the stack's template. This change might cause unexpected issues.
+ Read replicas don't support deletion policies. AWS CloudFormation ignores any deletion policy that's associated with a read replica.
+ If you specify SourceDBInstanceIdentifier, don't specify the DBSnapshotIdentifier property. You can't create a read replica from a snapshot.
+ Don't set the BackupRetentionPeriod, DBName, MasterUsername, MasterUserPassword, and PreferredBackupWindow properties. The database attributes are inherited from the source DB instance, and backups are disabled for read replicas.
+ If the source DB instance is in a different region than the read replica, specify the source region in SourceRegion, and specify an ARN for a valid DB instance in SourceDBInstanceIdentifier. For more information, see [Constructing a Amazon RDS Amazon Resource Name (ARN)](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html#USER_Tagging.ARN) in the *Amazon RDS User Guide*.
+ For DB instances in Amazon Aurora clusters, don't specify this property. Amazon RDS automatically assigns writer and reader DB instances.
stringThe version number of the database engine to use.
For a list of valid engine versions, use the DescribeDBEngineVersions action.
The following are the database engines and links to information about the major and minor versions that are available with Amazon RDS. Not every database engine is available for every AWS Region.
*Amazon Aurora*
Not applicable. The version number of the database engine to be used by the DB instance is managed by the DB cluster.
*Db2*
See [Amazon RDS for Db2](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Db2.html#Db2.Concepts.VersionMgmt) in the *Amazon RDS User Guide.*
*MariaDB*
See [MariaDB on Amazon RDS Versions](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MariaDB.html#MariaDB.Concepts.VersionMgmt) in the *Amazon RDS User Guide.*
*Microsoft SQL Server*
See [Microsoft SQL Server Versions on Amazon RDS](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_SQLServer.html#SQLServer.Concepts.General.VersionSupport) in the *Amazon RDS User Guide.*
*MySQL*
See [MySQL on Amazon RDS Versions](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.VersionMgmt) in the *Amazon RDS User Guide.*
*Oracle*
See [Oracle Database Engine Release Notes](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.Oracle.PatchComposition.html) in the *Amazon RDS User Guide.*
*PostgreSQL*
See [Supported PostgreSQL Database Versions](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_PostgreSQL.html#PostgreSQL.Concepts.General.DBVersions) in the *Amazon RDS User Guide.*
stringThe storage type to associate with the DB instance.
If you specify io1, io2, or gp3, you must also include a value for the Iops parameter.
This setting doesn't apply to Amazon Aurora DB instances. Storage is managed by the DB cluster.
Valid Values: gp2 | gp3 | io1 | io2 | standard
Default: io1, if the Iops parameter is specified. Otherwise, gp2.
stringThe ARN of the AWS KMS key that's used to encrypt the DB instance, such as arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef. If you enable the StorageEncrypted property but don't specify this property, AWS CloudFormation uses the default KMS key. If you specify this property, you must set the StorageEncrypted property to true.
If you specify the SourceDBInstanceIdentifier property, the value is inherited from the source DB instance if the read replica is created in the same region.
If you create an encrypted read replica in a different AWS Region, then you must specify a KMS key for the destination AWS Region. KMS encryption keys are specific to the region that they're created in, and you can't use encryption keys from one region in another region.
If you specify the DBSnapshotIdentifier property, don't specify this property. The StorageEncrypted property value is inherited from the snapshot. If the DB instance is encrypted, the specified KmsKeyId property is also inherited from the snapshot.
If you specify DBSecurityGroups, AWS CloudFormation ignores this property. To specify both a security group and this property, you must use a VPC security group. For more information about Amazon RDS and VPC, see [Using Amazon RDS with Amazon VPC](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.html) in the *Amazon RDS User Guide*.
*Amazon Aurora*
Not applicable. The KMS key identifier is managed by the DB cluster.
stringIf you want to create a read replica DB instance, specify the ID of the source DB instance. Each DB instance can have a limited number of read replicas. For more information, see [Working with Read Replicas](https://docs.aws.amazon.com/AmazonRDS/latest/DeveloperGuide/USER_ReadRepl.html) in the *Amazon RDS User Guide*. For information about constraints that apply to DB instance identifiers, see [Naming constraints in Amazon RDS](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Limits.html#RDS_Limits.Constraints) in the *Amazon RDS User Guide*. The SourceDBInstanceIdentifier property determines whether a DB instance is a read replica. If you remove the SourceDBInstanceIdentifier property from your template and then update your stack, AWS CloudFormation promotes the Read Replica to a standalone DB instance. + If you specify a source DB instance that uses VPC security groups, we recommend that you specify the VPCSecurityGroups property. If you don't specify the property, the read replica inherits the value of the VPCSecurityGroups property from the source DB when you create the replica. However, if you update the stack, AWS CloudFormation reverts the replica's VPCSecurityGroups property to the default value because it's not defined in the stack's template. This change might cause unexpected issues. + Read replicas don't support deletion policies. AWS CloudFormation ignores any deletion policy that's associated with a read replica. + If you specify SourceDBInstanceIdentifier, don't specify the DBSnapshotIdentifier property. You can't create a read replica from a snapshot. + Don't set the BackupRetentionPeriod, DBName, MasterUsername, MasterUserPassword, and PreferredBackupWindow properties. The database attributes are inherited from the source DB instance, and backups are disabled for read replicas. + If the source DB instance is in a different region than the read replica, specify the source region in SourceRegion, and specify an ARN for a valid DB instance in SourceDBInstanceIdentifier. For more information, see [Constructing a Amazon RDS Amazon Resource Name (ARN)](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html#USER_Tagging.ARN) in the *Amazon RDS User Guide*. + For DB instances in Amazon Aurora clusters, don't specify this property. Amazon RDS automatically assigns writer and reader DB instances.
stringThe version number of the database engine to use. For a list of valid engine versions, use the DescribeDBEngineVersions action. The following are the database engines and links to information about the major and minor versions that are available with Amazon RDS. Not every database engine is available for every AWS Region. *Amazon Aurora* Not applicable. The version number of the database engine to be used by the DB instance is managed by the DB cluster. *Db2* See [Amazon RDS for Db2](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Db2.html#Db2.Concepts.VersionMgmt) in the *Amazon RDS User Guide.* *MariaDB* See [MariaDB on Amazon RDS Versions](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MariaDB.html#MariaDB.Concepts.VersionMgmt) in the *Amazon RDS User Guide.* *Microsoft SQL Server* See [Microsoft SQL Server Versions on Amazon RDS](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_SQLServer.html#SQLServer.Concepts.General.VersionSupport) in the *Amazon RDS User Guide.* *MySQL* See [MySQL on Amazon RDS Versions](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.VersionMgmt) in the *Amazon RDS User Guide.* *Oracle* See [Oracle Database Engine Release Notes](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.Oracle.PatchComposition.html) in the *Amazon RDS User Guide.* *PostgreSQL* See [Supported PostgreSQL Database Versions](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_PostgreSQL.html#PostgreSQL.Concepts.General.DBVersions) in the *Amazon RDS User Guide.*
stringThe storage type to associate with the DB instance. If you specify io1, io2, or gp3, you must also include a value for the Iops parameter. This setting doesn't apply to Amazon Aurora DB instances. Storage is managed by the DB cluster. Valid Values: gp2 | gp3 | io1 | io2 | standard Default: io1, if the Iops parameter is specified. Otherwise, gp2.
stringThe ARN of the AWS KMS key that's used to encrypt the DB instance, such as arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef. If you enable the StorageEncrypted property but don't specify this property, AWS CloudFormation uses the default KMS key. If you specify this property, you must set the StorageEncrypted property to true. If you specify the SourceDBInstanceIdentifier property, the value is inherited from the source DB instance if the read replica is created in the same region. If you create an encrypted read replica in a different AWS Region, then you must specify a KMS key for the destination AWS Region. KMS encryption keys are specific to the region that they're created in, and you can't use encryption keys from one region in another region. If you specify the DBSnapshotIdentifier property, don't specify this property. The StorageEncrypted property value is inherited from the snapshot. If the DB instance is encrypted, the specified KmsKeyId property is also inherited from the snapshot. If you specify DBSecurityGroups, AWS CloudFormation ignores this property. To specify both a security group and this property, you must use a VPC security group. For more information about Amazon RDS and VPC, see [Using Amazon RDS with Amazon VPC](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.html) in the *Amazon RDS User Guide*. *Amazon Aurora* Not applicable. The KMS key identifier is managed by the DB cluster.
stringThe compute and memory capacity of the DB instance, for example db.m5.large. Not all DB instance classes are available in all AWS-Regions, or for all database engines. For the full list of DB instance classes, and availability for your engine, see [DB instance classes](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html) in the *Amazon RDS User Guide* or [Aurora DB instance classes](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Concepts.DBInstanceClass.html) in the *Amazon Aurora User Guide*.
booleanA value that indicates whether to remove automated backups immediately after the DB instance is deleted. This parameter isn't case-sensitive. The default is to remove automated backups immediately after the DB instance is deleted.
*Amazon Aurora*
Not applicable. When you delete a DB cluster, all automated backups for that DB cluster are deleted and can't be recovered. Manual DB cluster snapshots of the DB cluster are not deleted.
integerThe number of days to retain Performance Insights data.
This setting doesn't apply to RDS Custom DB instances.
Valid Values:
+ 7
+ *month* * 31, where *month* is a number of months from 1-23. Examples: 93 (3 months * 31), 341 (11 months * 31), 589 (19 months * 31)
+ 731

Default: 7 days
If you specify a retention period that isn't valid, such as 94, Amazon RDS returns an error.
stringThe Availability Zone (AZ) where the database will be created. For information on AWS-Regions and Availability Zones, see [Regions and Availability Zones](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.RegionsAndAvailabilityZones.html).
For Amazon Aurora, each Aurora DB cluster hosts copies of its storage in three separate Availability Zones. Specify one of these Availability Zones. Aurora automatically chooses an appropriate Availability Zone if you don't specify one.
Default: A random, system-chosen Availability Zone in the endpoint's AWS-Region.
Constraints:
+ The AvailabilityZone parameter can't be specified if the DB instance is a Multi-AZ deployment.
+ The specified Availability Zone must be in the same AWS-Region as the current endpoint.

Example: us-east-1d
stringIndicates that the DB instance should be associated with the specified option group.
Permanent options, such as the TDE option for Oracle Advanced Security TDE, can't be removed from an option group. Also, that option group can't be removed from a DB instance once it is associated with a DB instance.
booleanSpecifies whether to enable Performance Insights for the DB instance. For more information, see [Using Amazon Performance Insights](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PerfInsights.html) in the *Amazon RDS User Guide*.
This setting doesn't apply to RDS Custom DB instances.
booleanA value that indicates whether to remove automated backups immediately after the DB instance is deleted. This parameter isn't case-sensitive. The default is to remove automated backups immediately after the DB instance is deleted. *Amazon Aurora* Not applicable. When you delete a DB cluster, all automated backups for that DB cluster are deleted and can't be recovered. Manual DB cluster snapshots of the DB cluster are not deleted.
integerThe number of days to retain Performance Insights data. This setting doesn't apply to RDS Custom DB instances. Valid Values: + 7 + *month* * 31, where *month* is a number of months from 1-23. Examples: 93 (3 months * 31), 341 (11 months * 31), 589 (19 months * 31) + 731 Default: 7 days If you specify a retention period that isn't valid, such as 94, Amazon RDS returns an error.
stringThe Availability Zone (AZ) where the database will be created. For information on AWS-Regions and Availability Zones, see [Regions and Availability Zones](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.RegionsAndAvailabilityZones.html). For Amazon Aurora, each Aurora DB cluster hosts copies of its storage in three separate Availability Zones. Specify one of these Availability Zones. Aurora automatically chooses an appropriate Availability Zone if you don't specify one. Default: A random, system-chosen Availability Zone in the endpoint's AWS-Region. Constraints: + The AvailabilityZone parameter can't be specified if the DB instance is a Multi-AZ deployment. + The specified Availability Zone must be in the same AWS-Region as the current endpoint. Example: us-east-1d
stringIndicates that the DB instance should be associated with the specified option group. Permanent options, such as the TDE option for Oracle Advanced Security TDE, can't be removed from an option group. Also, that option group can't be removed from a DB instance once it is associated with a DB instance.
booleanSpecifies whether to enable Performance Insights for the DB instance. For more information, see [Using Amazon Performance Insights](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PerfInsights.html) in the *Amazon RDS User Guide*. This setting doesn't apply to RDS Custom DB instances.
booleanA value that indicates whether minor engine upgrades are applied automatically to the DB instance during the maintenance window. By default, minor engine upgrades are applied automatically.
stringA DB subnet group to associate with the DB instance. If you update this value, the new subnet group must be a subnet group in a new VPC.
If there's no DB subnet group, then the DB instance isn't a VPC DB instance.
For more information about using Amazon RDS in a VPC, see [Using Amazon RDS with Amazon Virtual Private Cloud (VPC)](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.html) in the *Amazon RDS User Guide*.
*Amazon Aurora*
Not applicable. The DB subnet group is managed by the DB cluster. If specified, the setting must match the DB cluster setting.
booleanA value that indicates whether the DB instance has deletion protection enabled. The database can't be deleted when deletion protection is enabled. By default, deletion protection is disabled. For more information, see [Deleting a DB Instance](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_DeleteInstance.html).
*Amazon Aurora*
Not applicable. You can enable or disable deletion protection for the DB cluster. For more information, see CreateDBCluster. DB instances in a DB cluster can be deleted even when deletion protection is enabled for the DB cluster.
stringA name for the DB instance. If you specify a name, AWS CloudFormation converts it to lowercase. If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the DB instance. For more information, see [Name Type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html).
For information about constraints that apply to DB instance identifiers, see [Naming constraints in Amazon RDS](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Limits.html#RDS_Limits.Constraints) in the *Amazon RDS User Guide*.
If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.
stringThe amount of storage in gibibytes (GiB) to be initially allocated for the database instance.
If any value is set in the Iops parameter, AllocatedStorage must be at least 100 GiB, which corresponds to the minimum Iops value of 1,000. If you increase the Iops value (in 1,000 IOPS increments), then you must also increase the AllocatedStorage value (in 100-GiB increments).
*Amazon Aurora*
Not applicable. Aurora cluster volumes automatically grow as the amount of data in your database increases, though you are only charged for the space that you use in an Aurora cluster volume.
*Db2*
Constraints to the amount of storage for each storage type are the following:
+ General Purpose (SSD) storage (gp3): Must be an integer from 20 to 64000.
+ Provisioned IOPS storage (io1): Must be an integer from 100 to 64000.

*MySQL*
Constraints to the amount of storage for each storage type are the following:
+ General Purpose (SSD) storage (gp2): Must be an integer from 20 to 65536.
+ Provisioned IOPS storage (io1): Must be an integer from 100 to 65536.
+ Magnetic storage (standard): Must be an integer from 5 to 3072.

*MariaDB*
Constraints to the amount of storage for each storage type are the following:
+ General Purpose (SSD) storage (gp2): Must be an integer from 20 to 65536.
+ Provisioned IOPS storage (io1): Must be an integer from 100 to 65536.
+ Magnetic storage (standard): Must be an integer from 5 to 3072.

*PostgreSQL*
Constraints to the amount of storage for each storage type are the following:
+ General Purpose (SSD) storage (gp2): Must be an integer from 20 to 65536.
+ Provisioned IOPS storage (io1): Must be an integer from 100 to 65536.
+ Magnetic storage (standard): Must be an integer from 5 to 3072.

*Oracle*
Constraints to the amount of storage for each storage type are the following:
+ General Purpose (SSD) storage (gp2): Must be an integer from 20 to 65536.
+ Provisioned IOPS storage (io1): Must be an integer from 100 to 65536.
+ Magnetic storage (standard): Must be an integer from 10 to 3072.

*SQL Server*
Constraints to the amount of storage for each storage type are the following:
+ General Purpose (SSD) storage (gp2):
+ Enterprise and Standard editions: Must be an integer from 20 to 16384.
+ Web and Express editions: Must be an integer from 20 to 16384.

+ Provisioned IOPS storage (io1):
+ Enterprise and Standard editions: Must be an integer from 20 to 16384.
+ Web and Express editions: Must be an integer from 20 to 16384.

+ Magnetic storage (standard):
+ Enterprise and Standard editions: Must be an integer from 20 to 1024.
+ Web and Express editions: Must be an integer from 20 to 1024.
stringThe password for the master user. The password can include any printable ASCII character except "/", """, or "@".
*Amazon Aurora*
Not applicable. The password for the master user is managed by the DB cluster.
*RDS for Db2*
Must contain from 8 to 255 characters.
*RDS for MariaDB*
Constraints: Must contain from 8 to 41 characters.
*RDS for Microsoft SQL Server*
Constraints: Must contain from 8 to 128 characters.
*RDS for MySQL*
Constraints: Must contain from 8 to 41 characters.
*RDS for Oracle*
Constraints: Must contain from 8 to 30 characters.
*RDS for PostgreSQL*
Constraints: Must contain from 8 to 128 characters.
objectThe secret managed by RDS in AWS Secrets Manager for the master user password.
For more information, see [Password management with Secrets Manager](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html) in the *Amazon RDS User Guide.*
stringThe name of the NCHAR character set for the Oracle DB instance.
This setting doesn't apply to RDS Custom DB instances.
stringThe identifier of the Multi-AZ DB cluster that will act as the source for the read replica. Each DB cluster can have up to 15 read replicas.
Constraints:
+ Must be the identifier of an existing Multi-AZ DB cluster.
+ Can't be specified if the SourceDBInstanceIdentifier parameter is also specified.
+ The specified DB cluster must have automatic backups enabled, that is, its backup retention period must be greater than 0.
+ The source DB cluster must be in the same AWS-Region as the read replica. Cross-Region replication isn't supported.
arrayA list of the DB security groups to assign to the DB instance. The list can include both the name of existing DB security groups or references to AWS::RDS::DBSecurityGroup resources created in the template.
If you set DBSecurityGroups, you must not set VPCSecurityGroups, and vice versa. Also, note that the DBSecurityGroups property exists only for backwards compatibility with older regions and is no longer recommended for providing security information to an RDS DB instance. Instead, use VPCSecurityGroups.
If you specify this property, AWS CloudFormation sends only the following properties (if specified) to Amazon RDS during create operations:
+ AllocatedStorage
+ AutoMinorVersionUpgrade
+ AvailabilityZone
+ BackupRetentionPeriod
+ CharacterSetName
+ DBInstanceClass
+ DBName
+ DBParameterGroupName
+ DBSecurityGroups
+ DBSubnetGroupName
+ Engine
+ EngineVersion
+ Iops
+ LicenseModel
+ MasterUsername
+ MasterUserPassword
+ MultiAZ
+ OptionGroupName
+ PreferredBackupWindow
+ PreferredMaintenanceWindow

All other properties are ignored. Specify a virtual private cloud (VPC) security group if you want to submit other properties, such as StorageType, StorageEncrypted, or KmsKeyId. If you're already using the DBSecurityGroups property, you can't use these other properties by updating your DB instance to use a VPC security group. You must recreate the DB instance.
stringThe master user name for the DB instance.
If you specify the SourceDBInstanceIdentifier or DBSnapshotIdentifier property, don't specify this property. The value is inherited from the source DB instance or snapshot.
When migrating a self-managed Db2 database, we recommend that you use the same master username as your self-managed Db2 instance name.
*Amazon Aurora*
Not applicable. The name for the master user is managed by the DB cluster.
*RDS for Db2*
Constraints:
+ Must be 1 to 16 letters or numbers.
+ First character must be a letter.
+ Can't be a reserved word for the chosen database engine.

*RDS for MariaDB*
Constraints:
+ Must be 1 to 16 letters or numbers.
+ Can't be a reserved word for the chosen database engine.

*RDS for Microsoft SQL Server*
Constraints:
+ Must be 1 to 128 letters or numbers.
+ First character must be a letter.
+ Can't be a reserved word for the chosen database engine.

*RDS for MySQL*
Constraints:
+ Must be 1 to 16 letters or numbers.
+ First character must be a letter.
+ Can't be a reserved word for the chosen database engine.

*RDS for Oracle*
Constraints:
+ Must be 1 to 30 letters or numbers.
+ First character must be a letter.
+ Can't be a reserved word for the chosen database engine.

*RDS for PostgreSQL*
Constraints:
+ Must be 1 to 63 letters or numbers.
+ First character must be a letter.
+ Can't be a reserved word for the chosen database engine.
integerThe upper limit in gibibytes (GiB) to which Amazon RDS can automatically scale the storage of the DB instance.
For more information about this setting, including limitations that apply to it, see [Managing capacity automatically with Amazon RDS storage autoscaling](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PIOPS.StorageTypes.html#USER_PIOPS.Autoscaling) in the *Amazon RDS User Guide*.
This setting doesn't apply to the following DB instances:
+ Amazon Aurora (Storage is managed by the DB cluster.)
+ RDS Custom
integerThe order of priority in which an Aurora Replica is promoted to the primary instance after a failure of the existing primary instance. For more information, see [Fault Tolerance for an Aurora DB Cluster](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Concepts.AuroraHighAvailability.html#Aurora.Managing.FaultTolerance) in the *Amazon Aurora User Guide*.
This setting doesn't apply to RDS Custom DB instances.
Default: 1
Valid Values: 0 - 15
booleanIndicates whether the DB instance is an internet-facing instance. If you specify true, AWS CloudFormation creates an instance with a publicly resolvable DNS name, which resolves to a public IP address. If you specify false, AWS CloudFormation creates an internal instance with a DNS name that resolves to a private IP address.
The default behavior value depends on your VPC setup and the database subnet group. For more information, see the PubliclyAccessible parameter in the [CreateDBInstance](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBInstance.html) in the *Amazon RDS API Reference*.
stringThe Active Directory directory ID to create the DB instance in. Currently, only Db2, MySQL, Microsoft SQL Server, Oracle, and PostgreSQL DB instances can be created in an Active Directory Domain.
For more information, see [Kerberos Authentication](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/kerberos-authentication.html) in the *Amazon RDS User Guide*.
stringThe fully qualified domain name (FQDN) of an Active Directory domain.
Constraints:
+ Can't be longer than 64 characters.

Example: mymanagedADtest.mymanagedAD.mydomain
stringFor supported engines, indicates that the DB instance should be associated with the specified character set.
*Amazon Aurora*
Not applicable. The character set is managed by the DB cluster. For more information, see [AWS::RDS::DBCluster](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbcluster.html).
stringThe ARN for the IAM role that permits RDS to send enhanced monitoring metrics to Amazon CloudWatch Logs. For example, arn:aws:iam:123456789012:role/emaccess. For information on creating a monitoring role, see [Setting Up and Enabling Enhanced Monitoring](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Monitoring.OS.html#USER_Monitoring.OS.Enabling) in the *Amazon RDS User Guide*.
If MonitoringInterval is set to a value other than 0, then you must supply a MonitoringRoleArn value.
This setting doesn't apply to RDS Custom DB instances.
arrayThe IAMlong (IAM) roles associated with the DB instance.
*Amazon Aurora*
Not applicable. The associated roles are managed by the DB cluster.
stringThe Active Directory organizational unit for your DB instance to join.
Constraints:
+ Must be in the distinguished name format.
+ Can't be longer than 64 characters.

Example: OU=mymanagedADtestOU,DC=mymanagedADtest,DC=mymanagedAD,DC=mydomain
stringThe identifier for the Multi-AZ DB cluster snapshot to restore from.
For more information on Multi-AZ DB clusters, see [Multi-AZ DB cluster deployments](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) in the *Amazon RDS User Guide*.
Constraints:
+ Must match the identifier of an existing Multi-AZ DB cluster snapshot.
+ Can't be specified when DBSnapshotIdentifier is specified.
+ Must be specified when DBSnapshotIdentifier isn't specified.
+ If you are restoring from a shared manual Multi-AZ DB cluster snapshot, the DBClusterSnapshotIdentifier must be the ARN of the shared snapshot.
+ Can't be the identifier of an Aurora DB cluster snapshot.
stringThe Amazon Resource Name (ARN) of the replicated automated backups from which to restore, for example, arn:aws:rds:us-east-1:123456789012:auto-backup:ab-L2IJCEXJP7XQ7HOJ4SIEXAMPLE.
This setting doesn't apply to RDS Custom.
arrayThe number of CPU cores and the number of threads per core for the DB instance class of the DB instance.
This setting doesn't apply to Amazon Aurora or RDS Custom DB instances.
stringThe daily time range during which automated backups are created if automated backups are enabled, using the BackupRetentionPeriod parameter. For more information, see [Backup Window](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html#USER_WorkingWithAutomatedBackups.BackupWindow) in the *Amazon RDS User Guide.*
Constraints:
+ Must be in the format hh24:mi-hh24:mi.
+ Must be in Universal Coordinated Time (UTC).
+ Must not conflict with the preferred maintenance window.
+ Must be at least 30 minutes.

*Amazon Aurora*
Not applicable. The daily time range for creating automated backups is managed by the DB cluster.
stringThe date and time to restore from.
Constraints:
+ Must be a time in Universal Coordinated Time (UTC) format.
+ Must be before the latest restorable time for the DB instance.
+ Can't be specified if the UseLatestRestorableTime parameter is enabled.

Example: 2009-09-07T23:45:00Z
booleanSpecifies whether the DB instance is restarted when you rotate your SSL/TLS certificate.
By default, the DB instance is restarted when you rotate your SSL/TLS certificate. The certificate is not updated until the DB instance is restarted.
Set this parameter only if you are *not* using SSL/TLS to connect to the DB instance.
If you are using SSL/TLS to connect to the DB instance, follow the appropriate instructions for your DB engine to rotate your SSL/TLS certificate:
+ For more information about rotating your SSL/TLS certificate for RDS DB engines, see [Rotating Your SSL/TLS Certificate.](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL-certificate-rotation.html) in the *Amazon RDS User Guide.*
+ For more information about rotating your SSL/TLS certificate for Aurora DB engines, see [Rotating Your SSL/TLS Certificate](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL-certificate-rotation.html) in the *Amazon Aurora User Guide*.

This setting doesn't apply to RDS Custom DB instances.
stringThe network type of the DB instance.
Valid values:
+ IPV4
+ DUAL

The network type is determined by the DBSubnetGroup specified for the DB instance. A DBSubnetGroup can support only the IPv4 protocol or the IPv4 and IPv6 protocols (DUAL).
For more information, see [Working with a DB instance in a VPC](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html) in the *Amazon RDS User Guide.*
stringA DB subnet group to associate with the DB instance. If you update this value, the new subnet group must be a subnet group in a new VPC. If there's no DB subnet group, then the DB instance isn't a VPC DB instance. For more information about using Amazon RDS in a VPC, see [Using Amazon RDS with Amazon Virtual Private Cloud (VPC)](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.html) in the *Amazon RDS User Guide*. *Amazon Aurora* Not applicable. The DB subnet group is managed by the DB cluster. If specified, the setting must match the DB cluster setting.
booleanA value that indicates whether the DB instance has deletion protection enabled. The database can't be deleted when deletion protection is enabled. By default, deletion protection is disabled. For more information, see [Deleting a DB Instance](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_DeleteInstance.html). *Amazon Aurora* Not applicable. You can enable or disable deletion protection for the DB cluster. For more information, see CreateDBCluster. DB instances in a DB cluster can be deleted even when deletion protection is enabled for the DB cluster.
stringA name for the DB instance. If you specify a name, AWS CloudFormation converts it to lowercase. If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the DB instance. For more information, see [Name Type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html). For information about constraints that apply to DB instance identifiers, see [Naming constraints in Amazon RDS](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Limits.html#RDS_Limits.Constraints) in the *Amazon RDS User Guide*. If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.
stringThe amount of storage in gibibytes (GiB) to be initially allocated for the database instance. If any value is set in the Iops parameter, AllocatedStorage must be at least 100 GiB, which corresponds to the minimum Iops value of 1,000. If you increase the Iops value (in 1,000 IOPS increments), then you must also increase the AllocatedStorage value (in 100-GiB increments). *Amazon Aurora* Not applicable. Aurora cluster volumes automatically grow as the amount of data in your database increases, though you are only charged for the space that you use in an Aurora cluster volume. *Db2* Constraints to the amount of storage for each storage type are the following: + General Purpose (SSD) storage (gp3): Must be an integer from 20 to 64000. + Provisioned IOPS storage (io1): Must be an integer from 100 to 64000. *MySQL* Constraints to the amount of storage for each storage type are the following: + General Purpose (SSD) storage (gp2): Must be an integer from 20 to 65536. + Provisioned IOPS storage (io1): Must be an integer from 100 to 65536. + Magnetic storage (standard): Must be an integer from 5 to 3072. *MariaDB* Constraints to the amount of storage for each storage type are the following: + General Purpose (SSD) storage (gp2): Must be an integer from 20 to 65536. + Provisioned IOPS storage (io1): Must be an integer from 100 to 65536. + Magnetic storage (standard): Must be an integer from 5 to 3072. *PostgreSQL* Constraints to the amount of storage for each storage type are the following: + General Purpose (SSD) storage (gp2): Must be an integer from 20 to 65536. + Provisioned IOPS storage (io1): Must be an integer from 100 to 65536. + Magnetic storage (standard): Must be an integer from 5 to 3072. *Oracle* Constraints to the amount of storage for each storage type are the following: + General Purpose (SSD) storage (gp2): Must be an integer from 20 to 65536. + Provisioned IOPS storage (io1): Must be an integer from 100 to 65536. + Magnetic storage (standard): Must be an integer from 10 to 3072. *SQL Server* Constraints to the amount of storage for each storage type are the following: + General Purpose (SSD) storage (gp2): + Enterprise and Standard editions: Must be an integer from 20 to 16384. + Web and Express editions: Must be an integer from 20 to 16384. + Provisioned IOPS storage (io1): + Enterprise and Standard editions: Must be an integer from 20 to 16384. + Web and Express editions: Must be an integer from 20 to 16384. + Magnetic storage (standard): + Enterprise and Standard editions: Must be an integer from 20 to 1024. + Web and Express editions: Must be an integer from 20 to 1024.
stringThe password for the master user. The password can include any printable ASCII character except "/", """, or "@". *Amazon Aurora* Not applicable. The password for the master user is managed by the DB cluster. *RDS for Db2* Must contain from 8 to 255 characters. *RDS for MariaDB* Constraints: Must contain from 8 to 41 characters. *RDS for Microsoft SQL Server* Constraints: Must contain from 8 to 128 characters. *RDS for MySQL* Constraints: Must contain from 8 to 41 characters. *RDS for Oracle* Constraints: Must contain from 8 to 30 characters. *RDS for PostgreSQL* Constraints: Must contain from 8 to 128 characters.
objectThe secret managed by RDS in AWS Secrets Manager for the master user password. For more information, see [Password management with Secrets Manager](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html) in the *Amazon RDS User Guide.*
stringThe name of the NCHAR character set for the Oracle DB instance. This setting doesn't apply to RDS Custom DB instances.
stringThe identifier of the Multi-AZ DB cluster that will act as the source for the read replica. Each DB cluster can have up to 15 read replicas. Constraints: + Must be the identifier of an existing Multi-AZ DB cluster. + Can't be specified if the SourceDBInstanceIdentifier parameter is also specified. + The specified DB cluster must have automatic backups enabled, that is, its backup retention period must be greater than 0. + The source DB cluster must be in the same AWS-Region as the read replica. Cross-Region replication isn't supported.
arrayA list of the DB security groups to assign to the DB instance. The list can include both the name of existing DB security groups or references to AWS::RDS::DBSecurityGroup resources created in the template. If you set DBSecurityGroups, you must not set VPCSecurityGroups, and vice versa. Also, note that the DBSecurityGroups property exists only for backwards compatibility with older regions and is no longer recommended for providing security information to an RDS DB instance. Instead, use VPCSecurityGroups. If you specify this property, AWS CloudFormation sends only the following properties (if specified) to Amazon RDS during create operations: + AllocatedStorage + AutoMinorVersionUpgrade + AvailabilityZone + BackupRetentionPeriod + CharacterSetName + DBInstanceClass + DBName + DBParameterGroupName + DBSecurityGroups + DBSubnetGroupName + Engine + EngineVersion + Iops + LicenseModel + MasterUsername + MasterUserPassword + MultiAZ + OptionGroupName + PreferredBackupWindow + PreferredMaintenanceWindow All other properties are ignored. Specify a virtual private cloud (VPC) security group if you want to submit other properties, such as StorageType, StorageEncrypted, or KmsKeyId. If you're already using the DBSecurityGroups property, you can't use these other properties by updating your DB instance to use a VPC security group. You must recreate the DB instance.
stringThe master user name for the DB instance. If you specify the SourceDBInstanceIdentifier or DBSnapshotIdentifier property, don't specify this property. The value is inherited from the source DB instance or snapshot. When migrating a self-managed Db2 database, we recommend that you use the same master username as your self-managed Db2 instance name. *Amazon Aurora* Not applicable. The name for the master user is managed by the DB cluster. *RDS for Db2* Constraints: + Must be 1 to 16 letters or numbers. + First character must be a letter. + Can't be a reserved word for the chosen database engine. *RDS for MariaDB* Constraints: + Must be 1 to 16 letters or numbers. + Can't be a reserved word for the chosen database engine. *RDS for Microsoft SQL Server* Constraints: + Must be 1 to 128 letters or numbers. + First character must be a letter. + Can't be a reserved word for the chosen database engine. *RDS for MySQL* Constraints: + Must be 1 to 16 letters or numbers. + First character must be a letter. + Can't be a reserved word for the chosen database engine. *RDS for Oracle* Constraints: + Must be 1 to 30 letters or numbers. + First character must be a letter. + Can't be a reserved word for the chosen database engine. *RDS for PostgreSQL* Constraints: + Must be 1 to 63 letters or numbers. + First character must be a letter. + Can't be a reserved word for the chosen database engine.
integerThe upper limit in gibibytes (GiB) to which Amazon RDS can automatically scale the storage of the DB instance. For more information about this setting, including limitations that apply to it, see [Managing capacity automatically with Amazon RDS storage autoscaling](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PIOPS.StorageTypes.html#USER_PIOPS.Autoscaling) in the *Amazon RDS User Guide*. This setting doesn't apply to the following DB instances: + Amazon Aurora (Storage is managed by the DB cluster.) + RDS Custom
integerThe order of priority in which an Aurora Replica is promoted to the primary instance after a failure of the existing primary instance. For more information, see [Fault Tolerance for an Aurora DB Cluster](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Concepts.AuroraHighAvailability.html#Aurora.Managing.FaultTolerance) in the *Amazon Aurora User Guide*. This setting doesn't apply to RDS Custom DB instances. Default: 1 Valid Values: 0 - 15
booleanIndicates whether the DB instance is an internet-facing instance. If you specify true, AWS CloudFormation creates an instance with a publicly resolvable DNS name, which resolves to a public IP address. If you specify false, AWS CloudFormation creates an internal instance with a DNS name that resolves to a private IP address. The default behavior value depends on your VPC setup and the database subnet group. For more information, see the PubliclyAccessible parameter in the [CreateDBInstance](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBInstance.html) in the *Amazon RDS API Reference*.
stringThe Active Directory directory ID to create the DB instance in. Currently, only Db2, MySQL, Microsoft SQL Server, Oracle, and PostgreSQL DB instances can be created in an Active Directory Domain. For more information, see [Kerberos Authentication](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/kerberos-authentication.html) in the *Amazon RDS User Guide*.
stringThe fully qualified domain name (FQDN) of an Active Directory domain. Constraints: + Can't be longer than 64 characters. Example: mymanagedADtest.mymanagedAD.mydomain
stringFor supported engines, indicates that the DB instance should be associated with the specified character set. *Amazon Aurora* Not applicable. The character set is managed by the DB cluster. For more information, see [AWS::RDS::DBCluster](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbcluster.html).
stringThe ARN for the IAM role that permits RDS to send enhanced monitoring metrics to Amazon CloudWatch Logs. For example, arn:aws:iam:123456789012:role/emaccess. For information on creating a monitoring role, see [Setting Up and Enabling Enhanced Monitoring](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Monitoring.OS.html#USER_Monitoring.OS.Enabling) in the *Amazon RDS User Guide*. If MonitoringInterval is set to a value other than 0, then you must supply a MonitoringRoleArn value. This setting doesn't apply to RDS Custom DB instances.
arrayThe IAMlong (IAM) roles associated with the DB instance. *Amazon Aurora* Not applicable. The associated roles are managed by the DB cluster.
stringThe Active Directory organizational unit for your DB instance to join. Constraints: + Must be in the distinguished name format. + Can't be longer than 64 characters. Example: OU=mymanagedADtestOU,DC=mymanagedADtest,DC=mymanagedAD,DC=mydomain
stringThe identifier for the Multi-AZ DB cluster snapshot to restore from. For more information on Multi-AZ DB clusters, see [Multi-AZ DB cluster deployments](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) in the *Amazon RDS User Guide*. Constraints: + Must match the identifier of an existing Multi-AZ DB cluster snapshot. + Can't be specified when DBSnapshotIdentifier is specified. + Must be specified when DBSnapshotIdentifier isn't specified. + If you are restoring from a shared manual Multi-AZ DB cluster snapshot, the DBClusterSnapshotIdentifier must be the ARN of the shared snapshot. + Can't be the identifier of an Aurora DB cluster snapshot.
stringThe Amazon Resource Name (ARN) of the replicated automated backups from which to restore, for example, arn:aws:rds:us-east-1:123456789012:auto-backup:ab-L2IJCEXJP7XQ7HOJ4SIEXAMPLE. This setting doesn't apply to RDS Custom.
arrayThe number of CPU cores and the number of threads per core for the DB instance class of the DB instance. This setting doesn't apply to Amazon Aurora or RDS Custom DB instances.
stringThe daily time range during which automated backups are created if automated backups are enabled, using the BackupRetentionPeriod parameter. For more information, see [Backup Window](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html#USER_WorkingWithAutomatedBackups.BackupWindow) in the *Amazon RDS User Guide.* Constraints: + Must be in the format hh24:mi-hh24:mi. + Must be in Universal Coordinated Time (UTC). + Must not conflict with the preferred maintenance window. + Must be at least 30 minutes. *Amazon Aurora* Not applicable. The daily time range for creating automated backups is managed by the DB cluster.
stringThe date and time to restore from. Constraints: + Must be a time in Universal Coordinated Time (UTC) format. + Must be before the latest restorable time for the DB instance. + Can't be specified if the UseLatestRestorableTime parameter is enabled. Example: 2009-09-07T23:45:00Z
booleanSpecifies whether the DB instance is restarted when you rotate your SSL/TLS certificate. By default, the DB instance is restarted when you rotate your SSL/TLS certificate. The certificate is not updated until the DB instance is restarted. Set this parameter only if you are *not* using SSL/TLS to connect to the DB instance. If you are using SSL/TLS to connect to the DB instance, follow the appropriate instructions for your DB engine to rotate your SSL/TLS certificate: + For more information about rotating your SSL/TLS certificate for RDS DB engines, see [Rotating Your SSL/TLS Certificate.](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL-certificate-rotation.html) in the *Amazon RDS User Guide.* + For more information about rotating your SSL/TLS certificate for Aurora DB engines, see [Rotating Your SSL/TLS Certificate](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL-certificate-rotation.html) in the *Amazon Aurora User Guide*. This setting doesn't apply to RDS Custom DB instances.
stringThe network type of the DB instance. Valid values: + IPV4 + DUAL The network type is determined by the DBSubnetGroup specified for the DB instance. A DBSubnetGroup can support only the IPv4 protocol or the IPv4 and IPv6 protocols (DUAL). For more information, see [Working with a DB instance in a VPC](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html) in the *Amazon RDS User Guide.*
booleanIndicates whether the DB instance has a dedicated log volume (DLV) enabled.
booleanSpecifies whether to copy tags from the DB instance to snapshots of the DB instance. By default, tags are not copied.
This setting doesn't apply to Amazon Aurora DB instances. Copying tags to snapshots is managed by the DB cluster. Setting this value for an Aurora DB instance has no effect on the DB cluster setting.
stringThe name of the IAM role to use when making API calls to the Directory Service.
This setting doesn't apply to the following DB instances:
+ Amazon Aurora (The domain is managed by the DB cluster.)
+ RDS Custom
stringThe open mode of an Oracle read replica. For more information, see [Working with Oracle Read Replicas for Amazon RDS](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/oracle-read-replicas.html) in the *Amazon RDS User Guide*.
This setting is only supported in RDS for Oracle.
Default: open-read-only
Valid Values: open-read-only or mounted
stringLicense model information for this DB instance.
Valid Values:
+ Aurora MySQL - general-public-license
+ Aurora PostgreSQL - postgresql-license
+ RDS for Db2 - bring-your-own-license. For more information about RDS for Db2 licensing, see [](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/db2-licensing.html) in the *Amazon RDS User Guide.*
+ RDS for MariaDB - general-public-license
+ RDS for Microsoft SQL Server - license-included
+ RDS for MySQL - general-public-license
+ RDS for Oracle - bring-your-own-license or license-included
+ RDS for PostgreSQL - postgresql-license

If you've specified DBSecurityGroups and then you update the license model, AWS CloudFormation replaces the underlying DB instance. This will incur some interruptions to database availability.
arrayThe IPv4 DNS IP addresses of your primary and secondary Active Directory domain controllers.
Constraints:
+ Two IP addresses must be provided. If there isn't a secondary domain controller, use the IP address of the primary domain controller for both entries in the list.

Example: 123.124.125.126,234.235.236.237
stringThe weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC).
Format: ddd:hh24:mi-ddd:hh24:mi
The default is a 30-minute window selected at random from an 8-hour block of time for each AWS Region, occurring on a random day of the week. To see the time blocks available, see [Adjusting the Preferred DB Instance Maintenance Window](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Maintenance.html#AdjustingTheMaintenanceWindow) in the *Amazon RDS User Guide.*
This property applies when AWS CloudFormation initially creates the DB instance. If you use AWS CloudFormation to update the DB instance, those updates are applied immediately.
Constraints: Minimum 30-minute window.
integerThe number of I/O operations per second (IOPS) that the database provisions. The value must be equal to or greater than 1000.
If you specify this property, you must follow the range of allowed ratios of your requested IOPS rate to the amount of storage that you allocate (IOPS to allocated storage). For example, you can provision an Oracle database instance with 1000 IOPS and 200 GiB of storage (a ratio of 5:1), or specify 2000 IOPS with 200 GiB of storage (a ratio of 10:1). For more information, see [Amazon RDS Provisioned IOPS Storage to Improve Performance](https://docs.aws.amazon.com/AmazonRDS/latest/DeveloperGuide/CHAP_Storage.html#USER_PIOPS) in the *Amazon RDS User Guide*.
If you specify io1 for the StorageType property, then you must also specify the Iops property.
Constraints:
+ For RDS for Db2, MariaDB, MySQL, Oracle, and PostgreSQL - Must be a multiple between .5 and 50 of the storage amount for the DB instance.
+ For RDS for SQL Server - Must be a multiple between 1 and 50 of the storage amount for the DB instance.
booleanSpecifies whether to copy tags from the DB instance to snapshots of the DB instance. By default, tags are not copied. This setting doesn't apply to Amazon Aurora DB instances. Copying tags to snapshots is managed by the DB cluster. Setting this value for an Aurora DB instance has no effect on the DB cluster setting.
stringThe name of the IAM role to use when making API calls to the Directory Service. This setting doesn't apply to the following DB instances: + Amazon Aurora (The domain is managed by the DB cluster.) + RDS Custom
stringThe open mode of an Oracle read replica. For more information, see [Working with Oracle Read Replicas for Amazon RDS](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/oracle-read-replicas.html) in the *Amazon RDS User Guide*. This setting is only supported in RDS for Oracle. Default: open-read-only Valid Values: open-read-only or mounted
stringLicense model information for this DB instance. Valid Values: + Aurora MySQL - general-public-license + Aurora PostgreSQL - postgresql-license + RDS for Db2 - bring-your-own-license. For more information about RDS for Db2 licensing, see [](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/db2-licensing.html) in the *Amazon RDS User Guide.* + RDS for MariaDB - general-public-license + RDS for Microsoft SQL Server - license-included + RDS for MySQL - general-public-license + RDS for Oracle - bring-your-own-license or license-included + RDS for PostgreSQL - postgresql-license If you've specified DBSecurityGroups and then you update the license model, AWS CloudFormation replaces the underlying DB instance. This will incur some interruptions to database availability.
arrayThe IPv4 DNS IP addresses of your primary and secondary Active Directory domain controllers. Constraints: + Two IP addresses must be provided. If there isn't a secondary domain controller, use the IP address of the primary domain controller for both entries in the list. Example: 123.124.125.126,234.235.236.237
stringThe weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC). Format: ddd:hh24:mi-ddd:hh24:mi The default is a 30-minute window selected at random from an 8-hour block of time for each AWS Region, occurring on a random day of the week. To see the time blocks available, see [Adjusting the Preferred DB Instance Maintenance Window](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Maintenance.html#AdjustingTheMaintenanceWindow) in the *Amazon RDS User Guide.* This property applies when AWS CloudFormation initially creates the DB instance. If you use AWS CloudFormation to update the DB instance, those updates are applied immediately. Constraints: Minimum 30-minute window.
integerThe number of I/O operations per second (IOPS) that the database provisions. The value must be equal to or greater than 1000. If you specify this property, you must follow the range of allowed ratios of your requested IOPS rate to the amount of storage that you allocate (IOPS to allocated storage). For example, you can provision an Oracle database instance with 1000 IOPS and 200 GiB of storage (a ratio of 5:1), or specify 2000 IOPS with 200 GiB of storage (a ratio of 10:1). For more information, see [Amazon RDS Provisioned IOPS Storage to Improve Performance](https://docs.aws.amazon.com/AmazonRDS/latest/DeveloperGuide/CHAP_Storage.html#USER_PIOPS) in the *Amazon RDS User Guide*. If you specify io1 for the StorageType property, then you must also specify the Iops property. Constraints: + For RDS for Db2, MariaDB, MySQL, Oracle, and PostgreSQL - Must be a multiple between .5 and 50 of the storage amount for the DB instance. + For RDS for SQL Server - Must be a multiple between 1 and 50 of the storage amount for the DB instance.
stringThe ID of the region that contains the source DB instance for the read replica.
booleanSpecifies whether the DB instance is restored from the latest backup time. By default, the DB instance isn't restored from the latest backup time.
Constraints:
+ Can't be specified if the RestoreTime parameter is provided.
stringThe identifier of the CA certificate for this DB instance.
For more information, see [Using SSL/TLS to encrypt a connection to a DB instance](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html) in the *Amazon RDS User Guide* and [Using SSL/TLS to encrypt a connection to a DB cluster](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL.html) in the *Amazon Aurora User Guide*.
booleanSpecifies whether to manage the master user password with AWS Secrets Manager.
For more information, see [Password management with Secrets Manager](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html) in the *Amazon RDS User Guide.*
Constraints:
+ Can't manage the master user password with AWS Secrets Manager if MasterUserPassword is specified.
booleanSpecifies whether the DB instance is restored from the latest backup time. By default, the DB instance isn't restored from the latest backup time. Constraints: + Can't be specified if the RestoreTime parameter is provided.
stringThe identifier of the CA certificate for this DB instance. For more information, see [Using SSL/TLS to encrypt a connection to a DB instance](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html) in the *Amazon RDS User Guide* and [Using SSL/TLS to encrypt a connection to a DB cluster](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL.html) in the *Amazon Aurora User Guide*.
booleanSpecifies whether to manage the master user password with AWS Secrets Manager. For more information, see [Password management with Secrets Manager](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html) in the *Amazon RDS User Guide.* Constraints: + Can't manage the master user password with AWS Secrets Manager if MasterUserPassword is specified.
stringThe resource ID of the source DB instance from which to restore.
stringThe ARN for the Secrets Manager secret with the credentials for the user joining the domain.
Example: arn:aws:secretsmanager:region:account-number:secret:myselfmanagedADtestsecret-123456
stringThe ARN for the Secrets Manager secret with the credentials for the user joining the domain. Example: arn:aws:secretsmanager:region:account-number:secret:myselfmanagedADtestsecret-123456
stringThe destination region for the backup replication of the DB instance. For more info, see [Replicating automated backups to another Region](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ReplicateBackups.html) in the *Amazon RDS User Guide*.
arrayA list of the VPC security group IDs to assign to the DB instance. The list can include both the physical IDs of existing VPC security groups and references to [AWS::EC2::SecurityGroup](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group.html) resources created in the template.
If you plan to update the resource, don't specify VPC security groups in a shared VPC.
If you set VPCSecurityGroups, you must not set [DBSecurityGroups](https://docs.aws.amazon.com//AWSCloudFormation/latest/UserGuide/aws-properties-rds-database-instance.html#cfn-rds-dbinstance-dbsecuritygroups), and vice versa.
You can migrate a DB instance in your stack from an RDS DB security group to a VPC security group, but keep the following in mind:
+ You can't revert to using an RDS security group after you establish a VPC security group membership.
+ When you migrate your DB instance to VPC security groups, if your stack update rolls back because the DB instance update fails or because an update fails in another AWS CloudFormation resource, the rollback fails because it can't revert to an RDS security group.
+ To use the properties that are available when you use a VPC security group, you must recreate the DB instance. If you don't, AWS CloudFormation submits only the property values that are listed in the [DBSecurityGroups](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-database-instance.html#cfn-rds-dbinstance-dbsecuritygroups) property.

To avoid this situation, migrate your DB instance to using VPC security groups only when that is the only change in your stack template.
*Amazon Aurora*
Not applicable. The associated list of EC2 VPC security groups is managed by the DB cluster. If specified, the setting must match the DB cluster setting.
booleanA value that indicates whether major version upgrades are allowed. Changing this parameter doesn't result in an outage and the change is asynchronously applied as soon as possible.
Constraints: Major version upgrades must be allowed when specifying a value for the EngineVersion parameter that is a different major version than the DB instance's current version.
stringThe meaning of this parameter differs according to the database engine you use.
If you specify the DBSnapshotIdentifier property, this property only applies to RDS for Oracle.
*Amazon Aurora*
Not applicable. The database name is managed by the DB cluster.
*Db2*
The name of the database to create when the DB instance is created. If this parameter isn't specified, no database is created in the DB instance.
Constraints:
+ Must contain 1 to 64 letters or numbers.
+ Must begin with a letter. Subsequent characters can be letters, underscores, or digits (0-9).
+ Can't be a word reserved by the specified database engine.

*MySQL*
The name of the database to create when the DB instance is created. If this parameter is not specified, no database is created in the DB instance.
Constraints:
+ Must contain 1 to 64 letters or numbers.
+ Can't be a word reserved by the specified database engine

*MariaDB*
The name of the database to create when the DB instance is created. If this parameter is not specified, no database is created in the DB instance.
Constraints:
+ Must contain 1 to 64 letters or numbers.
+ Can't be a word reserved by the specified database engine

*PostgreSQL*
The name of the database to create when the DB instance is created. If this parameter is not specified, the default postgres database is created in the DB instance.
Constraints:
+ Must begin with a letter. Subsequent characters can be letters, underscores, or digits (0-9).
+ Must contain 1 to 63 characters.
+ Can't be a word reserved by the specified database engine

*Oracle*
The Oracle System ID (SID) of the created DB instance. If you specify null, the default value ORCL is used. You can't specify the string NULL, or any other reserved word, for DBName.
Default: ORCL
Constraints:
+ Can't be longer than 8 characters

*SQL Server*
Not applicable. Must be null.
booleanA value that indicates whether to enable mapping of AWS Identity and Access Management (IAM) accounts to database accounts. By default, mapping is disabled.
This property is supported for RDS for MariaDB, RDS for MySQL, and RDS for PostgreSQL. For more information, see [IAM Database Authentication for MariaDB, MySQL, and PostgreSQL](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html) in the *Amazon RDS User Guide.*
*Amazon Aurora*
Not applicable. Mapping AWS IAM accounts to database accounts is managed by the DB cluster.
integerThe number of days for which automated backups are retained. Setting this parameter to a positive number enables backups. Setting this parameter to 0 disables automated backups.
*Amazon Aurora*
Not applicable. The retention period for automated backups is managed by the DB cluster.
Default: 1
Constraints:
+ Must be a value from 0 to 35
+ Can't be set to 0 if the DB instance is a source to read replicas
stringThe instance profile associated with the underlying Amazon EC2 instance of an RDS Custom DB instance.
This setting is required for RDS Custom.
Constraints:
+ The profile must exist in your account.
+ The profile must have an IAM role that Amazon EC2 has permissions to assume.
+ The instance profile name and the associated IAM role name must start with the prefix AWSRDSCustom.

For the list of permissions required for the IAM role, see [Configure IAM and your VPC](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-setup-orcl.html#custom-setup-orcl.iam-vpc) in the *Amazon RDS User Guide*.
stringThe name or Amazon Resource Name (ARN) of the DB snapshot that's used to restore the DB instance. If you're restoring from a shared manual DB snapshot, you must specify the ARN of the snapshot.
By specifying this property, you can create a DB instance from the specified DB snapshot. If the DBSnapshotIdentifier property is an empty string or the AWS::RDS::DBInstance declaration has no DBSnapshotIdentifier property, AWS CloudFormation creates a new database. If the property contains a value (other than an empty string), AWS CloudFormation creates a database from the specified snapshot. If a snapshot with the specified name doesn't exist, AWS CloudFormation can't create the database and it rolls back the stack.
Some DB instance properties aren't valid when you restore from a snapshot, such as the MasterUsername and MasterUserPassword properties. For information about the properties that you can specify, see the RestoreDBInstanceFromDBSnapshot action in the *Amazon RDS API Reference*.
After you restore a DB instance with a DBSnapshotIdentifier property, you must specify the same DBSnapshotIdentifier property for any future updates to the DB instance. When you specify this property for an update, the DB instance is not restored from the DB snapshot again, and the data in the database is not changed. However, if you don't specify the DBSnapshotIdentifier property, an empty DB instance is created, and the original DB instance is deleted. If you specify a property that is different from the previous snapshot restore property, a new DB instance is restored from the specified DBSnapshotIdentifier property, and the original DB instance is deleted.
If you specify the DBSnapshotIdentifier property to restore a DB instance (as opposed to specifying it for DB instance updates), then don't specify the following properties:
+ CharacterSetName
+ DBClusterIdentifier
+ DBName
+ DeleteAutomatedBackups
+ EnablePerformanceInsights
+ KmsKeyId
+ MasterUsername
+ MasterUserPassword
+ PerformanceInsightsKMSKeyId
+ PerformanceInsightsRetentionPeriod
+ PromotionTier
+ SourceDBInstanceIdentifier
+ SourceRegion
+ StorageEncrypted (for an encrypted snapshot)
+ Timezone

*Amazon Aurora*
Not applicable. Snapshot restore is managed by the DB cluster.
arrayThe list of log types that need to be enabled for exporting to CloudWatch Logs. The values in the list depend on the DB engine being used. For more information, see [Publishing Database Logs to Amazon CloudWatch Logs](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.html#USER_LogAccess.Procedural.UploadtoCloudWatch) in the *Amazon Relational Database Service User Guide*.
*Amazon Aurora*
Not applicable. CloudWatch Logs exports are managed by the DB cluster.
*Db2*
Valid values: diag.log, notify.log
*MariaDB*
Valid values: audit, error, general, slowquery
*Microsoft SQL Server*
Valid values: agent, error
*MySQL*
Valid values: audit, error, general, slowquery
*Oracle*
Valid values: alert, audit, listener, trace, oemagent
*PostgreSQL*
Valid values: postgresql, upgrade
booleanSpecifies whether the DB instance class of the DB instance uses its default processor features.
This setting doesn't apply to RDS Custom DB instances.
arrayA list of the VPC security group IDs to assign to the DB instance. The list can include both the physical IDs of existing VPC security groups and references to [AWS::EC2::SecurityGroup](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group.html) resources created in the template. If you plan to update the resource, don't specify VPC security groups in a shared VPC. If you set VPCSecurityGroups, you must not set [DBSecurityGroups](https://docs.aws.amazon.com//AWSCloudFormation/latest/UserGuide/aws-properties-rds-database-instance.html#cfn-rds-dbinstance-dbsecuritygroups), and vice versa. You can migrate a DB instance in your stack from an RDS DB security group to a VPC security group, but keep the following in mind: + You can't revert to using an RDS security group after you establish a VPC security group membership. + When you migrate your DB instance to VPC security groups, if your stack update rolls back because the DB instance update fails or because an update fails in another AWS CloudFormation resource, the rollback fails because it can't revert to an RDS security group. + To use the properties that are available when you use a VPC security group, you must recreate the DB instance. If you don't, AWS CloudFormation submits only the property values that are listed in the [DBSecurityGroups](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-database-instance.html#cfn-rds-dbinstance-dbsecuritygroups) property. To avoid this situation, migrate your DB instance to using VPC security groups only when that is the only change in your stack template. *Amazon Aurora* Not applicable. The associated list of EC2 VPC security groups is managed by the DB cluster. If specified, the setting must match the DB cluster setting.
booleanA value that indicates whether major version upgrades are allowed. Changing this parameter doesn't result in an outage and the change is asynchronously applied as soon as possible. Constraints: Major version upgrades must be allowed when specifying a value for the EngineVersion parameter that is a different major version than the DB instance's current version.
stringThe meaning of this parameter differs according to the database engine you use. If you specify the DBSnapshotIdentifier property, this property only applies to RDS for Oracle. *Amazon Aurora* Not applicable. The database name is managed by the DB cluster. *Db2* The name of the database to create when the DB instance is created. If this parameter isn't specified, no database is created in the DB instance. Constraints: + Must contain 1 to 64 letters or numbers. + Must begin with a letter. Subsequent characters can be letters, underscores, or digits (0-9). + Can't be a word reserved by the specified database engine. *MySQL* The name of the database to create when the DB instance is created. If this parameter is not specified, no database is created in the DB instance. Constraints: + Must contain 1 to 64 letters or numbers. + Can't be a word reserved by the specified database engine *MariaDB* The name of the database to create when the DB instance is created. If this parameter is not specified, no database is created in the DB instance. Constraints: + Must contain 1 to 64 letters or numbers. + Can't be a word reserved by the specified database engine *PostgreSQL* The name of the database to create when the DB instance is created. If this parameter is not specified, the default postgres database is created in the DB instance. Constraints: + Must begin with a letter. Subsequent characters can be letters, underscores, or digits (0-9). + Must contain 1 to 63 characters. + Can't be a word reserved by the specified database engine *Oracle* The Oracle System ID (SID) of the created DB instance. If you specify null, the default value ORCL is used. You can't specify the string NULL, or any other reserved word, for DBName. Default: ORCL Constraints: + Can't be longer than 8 characters *SQL Server* Not applicable. Must be null.
booleanA value that indicates whether to enable mapping of AWS Identity and Access Management (IAM) accounts to database accounts. By default, mapping is disabled. This property is supported for RDS for MariaDB, RDS for MySQL, and RDS for PostgreSQL. For more information, see [IAM Database Authentication for MariaDB, MySQL, and PostgreSQL](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html) in the *Amazon RDS User Guide.* *Amazon Aurora* Not applicable. Mapping AWS IAM accounts to database accounts is managed by the DB cluster.
integerThe number of days for which automated backups are retained. Setting this parameter to a positive number enables backups. Setting this parameter to 0 disables automated backups. *Amazon Aurora* Not applicable. The retention period for automated backups is managed by the DB cluster. Default: 1 Constraints: + Must be a value from 0 to 35 + Can't be set to 0 if the DB instance is a source to read replicas
stringThe instance profile associated with the underlying Amazon EC2 instance of an RDS Custom DB instance. This setting is required for RDS Custom. Constraints: + The profile must exist in your account. + The profile must have an IAM role that Amazon EC2 has permissions to assume. + The instance profile name and the associated IAM role name must start with the prefix AWSRDSCustom. For the list of permissions required for the IAM role, see [Configure IAM and your VPC](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-setup-orcl.html#custom-setup-orcl.iam-vpc) in the *Amazon RDS User Guide*.
stringThe name or Amazon Resource Name (ARN) of the DB snapshot that's used to restore the DB instance. If you're restoring from a shared manual DB snapshot, you must specify the ARN of the snapshot. By specifying this property, you can create a DB instance from the specified DB snapshot. If the DBSnapshotIdentifier property is an empty string or the AWS::RDS::DBInstance declaration has no DBSnapshotIdentifier property, AWS CloudFormation creates a new database. If the property contains a value (other than an empty string), AWS CloudFormation creates a database from the specified snapshot. If a snapshot with the specified name doesn't exist, AWS CloudFormation can't create the database and it rolls back the stack. Some DB instance properties aren't valid when you restore from a snapshot, such as the MasterUsername and MasterUserPassword properties. For information about the properties that you can specify, see the RestoreDBInstanceFromDBSnapshot action in the *Amazon RDS API Reference*. After you restore a DB instance with a DBSnapshotIdentifier property, you must specify the same DBSnapshotIdentifier property for any future updates to the DB instance. When you specify this property for an update, the DB instance is not restored from the DB snapshot again, and the data in the database is not changed. However, if you don't specify the DBSnapshotIdentifier property, an empty DB instance is created, and the original DB instance is deleted. If you specify a property that is different from the previous snapshot restore property, a new DB instance is restored from the specified DBSnapshotIdentifier property, and the original DB instance is deleted. If you specify the DBSnapshotIdentifier property to restore a DB instance (as opposed to specifying it for DB instance updates), then don't specify the following properties: + CharacterSetName + DBClusterIdentifier + DBName + DeleteAutomatedBackups + EnablePerformanceInsights + KmsKeyId + MasterUsername + MasterUserPassword + PerformanceInsightsKMSKeyId + PerformanceInsightsRetentionPeriod + PromotionTier + SourceDBInstanceIdentifier + SourceRegion + StorageEncrypted (for an encrypted snapshot) + Timezone *Amazon Aurora* Not applicable. Snapshot restore is managed by the DB cluster.
arrayThe list of log types that need to be enabled for exporting to CloudWatch Logs. The values in the list depend on the DB engine being used. For more information, see [Publishing Database Logs to Amazon CloudWatch Logs](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.html#USER_LogAccess.Procedural.UploadtoCloudWatch) in the *Amazon Relational Database Service User Guide*. *Amazon Aurora* Not applicable. CloudWatch Logs exports are managed by the DB cluster. *Db2* Valid values: diag.log, notify.log *MariaDB* Valid values: audit, error, general, slowquery *Microsoft SQL Server* Valid values: agent, error *MySQL* Valid values: audit, error, general, slowquery *Oracle* Valid values: alert, audit, listener, trace, oemagent *PostgreSQL* Valid values: postgresql, upgrade
booleanSpecifies whether the DB instance class of the DB instance uses its default processor features. This setting doesn't apply to RDS Custom DB instances.
stringAWS region.
diff --git a/docs/aws-docs/providers/aws/rds/db_parameter_groups/index.md b/docs/aws-docs/providers/aws/rds/db_parameter_groups/index.md index 7f36cc43e6..cc240ddfd7 100644 --- a/docs/aws-docs/providers/aws/rds/db_parameter_groups/index.md +++ b/docs/aws-docs/providers/aws/rds/db_parameter_groups/index.md @@ -25,16 +25,16 @@ Creates, updates, deletes or gets a db_parameter_group resource or - +
Namedb_parameter_groups
TypeResource
DescriptionThe AWS::RDS::DBParameterGroup resource creates a custom parameter group for an RDS database family.
This type can be declared in a template and referenced in the DBParameterGroupName property of an AWS::RDS::DBInstance resource.
For information about configuring parameters for Amazon RDS DB instances, see [Working with parameter groups](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithParamGroups.html) in the *Amazon RDS User Guide*.
For information about configuring parameters for Amazon Aurora DB instances, see [Working with parameter groups](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_WorkingWithParamGroups.html) in the *Amazon Aurora User Guide*.
Applying a parameter group to a DB instance may require the DB instance to reboot, resulting in a database outage for the duration of the reboot.
DescriptionThe AWS::RDS::DBParameterGroup resource creates a custom parameter group for an RDS database family. This type can be declared in a template and referenced in the DBParameterGroupName property of an AWS::RDS::DBInstance resource. For information about configuring parameters for Amazon RDS DB instances, see [Working with parameter groups](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithParamGroups.html) in the *Amazon RDS User Guide*. For information about configuring parameters for Amazon Aurora DB instances, see [Working with parameter groups](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_WorkingWithParamGroups.html) in the *Amazon Aurora User Guide*. Applying a parameter group to a DB instance may require the DB instance to reboot, resulting in a database outage for the duration of the reboot.
Id
## Fields - +
NameDatatypeDescription
stringThe name of the DB parameter group.
Constraints:
+ Must be 1 to 255 letters, numbers, or hyphens.
+ First character must be a letter
+ Can't end with a hyphen or contain two consecutive hyphens

If you don't specify a value for DBParameterGroupName property, a name is automatically created for the DB parameter group.
This value is stored as a lowercase string.
- - - + + +
NameDatatypeDescription
stringThe name of the DB parameter group. Constraints: + Must be 1 to 255 letters, numbers, or hyphens. + First character must be a letter + Can't end with a hyphen or contain two consecutive hyphens If you don't specify a value for DBParameterGroupName property, a name is automatically created for the DB parameter group. This value is stored as a lowercase string.
stringProvides the customer-specified description for this DB parameter group.
stringThe DB parameter group family name. A DB parameter group can be associated with one and only one DB parameter group family, and can be applied only to a DB instance running a DB engine and engine version compatible with that DB parameter group family.
The DB parameter group family can't be changed when updating a DB parameter group.
To list all of the available parameter group families, use the following command:
aws rds describe-db-engine-versions --query "DBEngineVersions[].DBParameterGroupFamily"
The output contains duplicates.
For more information, see CreateDBParameterGroup.
objectAn array of parameter names and values for the parameter update. At least one parameter name and value must be supplied. Subsequent arguments are optional.
RDS for Db2 requires you to bring your own Db2 license. You must enter your IBM customer ID (rds.ibm_customer_id) and site number (rds.ibm_site_id) before starting a Db2 instance.
For more information about DB parameters and DB parameter groups for Amazon RDS DB engines, see [Working with DB Parameter Groups](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithParamGroups.html) in the *Amazon RDS User Guide*.
For more information about DB cluster and DB instance parameters and parameter groups for Amazon Aurora DB engines, see [Working with DB Parameter Groups and DB Cluster Parameter Groups](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_WorkingWithParamGroups.html) in the *Amazon Aurora User Guide*.
AWS CloudFormation doesn't support specifying an apply method for each individual parameter. The default apply method for each parameter is used.
arrayAn optional array of key-value pairs to apply to this DB parameter group.
Currently, this is the only property that supports drift detection.
stringThe DB parameter group family name. A DB parameter group can be associated with one and only one DB parameter group family, and can be applied only to a DB instance running a DB engine and engine version compatible with that DB parameter group family. The DB parameter group family can't be changed when updating a DB parameter group. To list all of the available parameter group families, use the following command: aws rds describe-db-engine-versions --query "DBEngineVersions[].DBParameterGroupFamily" The output contains duplicates. For more information, see CreateDBParameterGroup.
objectAn array of parameter names and values for the parameter update. At least one parameter name and value must be supplied. Subsequent arguments are optional. RDS for Db2 requires you to bring your own Db2 license. You must enter your IBM customer ID (rds.ibm_customer_id) and site number (rds.ibm_site_id) before starting a Db2 instance. For more information about DB parameters and DB parameter groups for Amazon RDS DB engines, see [Working with DB Parameter Groups](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithParamGroups.html) in the *Amazon RDS User Guide*. For more information about DB cluster and DB instance parameters and parameter groups for Amazon Aurora DB engines, see [Working with DB Parameter Groups and DB Cluster Parameter Groups](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_WorkingWithParamGroups.html) in the *Amazon Aurora User Guide*. AWS CloudFormation doesn't support specifying an apply method for each individual parameter. The default apply method for each parameter is used.
arrayAn optional array of key-value pairs to apply to this DB parameter group. Currently, this is the only property that supports drift detection.
stringAWS region.
diff --git a/docs/aws-docs/providers/aws/rds/db_subnet_groups/index.md b/docs/aws-docs/providers/aws/rds/db_subnet_groups/index.md index 715b9c31e8..b1b97965bb 100644 --- a/docs/aws-docs/providers/aws/rds/db_subnet_groups/index.md +++ b/docs/aws-docs/providers/aws/rds/db_subnet_groups/index.md @@ -25,13 +25,13 @@ Creates, updates, deletes or gets a db_subnet_group resource or lis - +
Namedb_subnet_groups
TypeResource
DescriptionThe AWS::RDS::DBSubnetGroup resource creates a database subnet group. Subnet groups must contain at least two subnets in two different Availability Zones in the same region.
For more information, see [Working with DB subnet groups](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html#USER_VPC.Subnets) in the *Amazon RDS User Guide*.
DescriptionThe AWS::RDS::DBSubnetGroup resource creates a database subnet group. Subnet groups must contain at least two subnets in two different Availability Zones in the same region. For more information, see [Working with DB subnet groups](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html#USER_VPC.Subnets) in the *Amazon RDS User Guide*.
Id
## Fields - + diff --git a/docs/aws-docs/providers/aws/rds/global_clusters/index.md b/docs/aws-docs/providers/aws/rds/global_clusters/index.md index 310106322b..88d969f617 100644 --- a/docs/aws-docs/providers/aws/rds/global_clusters/index.md +++ b/docs/aws-docs/providers/aws/rds/global_clusters/index.md @@ -30,12 +30,12 @@ Creates, updates, deletes or gets a global_cluster resource or list
NameDatatypeDescription
stringThe description for the DB subnet group.
stringThe name for the DB subnet group. This value is stored as a lowercase string.
Constraints: Must contain no more than 255 lowercase alphanumeric characters or hyphens. Must not be "Default".
Example: mysubnetgroup
stringThe name for the DB subnet group. This value is stored as a lowercase string. Constraints: Must contain no more than 255 lowercase alphanumeric characters or hyphens. Must not be "Default". Example: mysubnetgroup
arrayThe EC2 Subnet IDs for the DB subnet group.
arrayAn optional array of key-value pairs to apply to this DB subnet group.
stringAWS region.
## Fields - +
NameDatatypeDescription
stringThe name of the database engine to be used for this DB cluster. Valid Values: aurora (for MySQL 5.6-compatible Aurora), aurora-mysql (for MySQL 5.7-compatible Aurora).
If you specify the SourceDBClusterIdentifier property, don't specify this property. The value is inherited from the cluster.
- +
NameDatatypeDescription
stringThe name of the database engine to be used for this DB cluster. Valid Values: aurora (for MySQL 5.6-compatible Aurora), aurora-mysql (for MySQL 5.7-compatible Aurora). If you specify the SourceDBClusterIdentifier property, don't specify this property. The value is inherited from the cluster.
stringThe version number of the database engine to use. If you specify the SourceDBClusterIdentifier property, don't specify this property. The value is inherited from the cluster.
booleanThe deletion protection setting for the new global database. The global database can't be deleted when deletion protection is enabled.
stringThe cluster identifier of the new global database cluster. This parameter is stored as a lowercase string.
stringThe Amazon Resource Name (ARN) to use as the primary cluster of the global database. This parameter is optional. This parameter is stored as a lowercase string.
boolean The storage encryption setting for the new global database cluster.
If you specify the SourceDBClusterIdentifier property, don't specify this property. The value is inherited from the cluster.
boolean The storage encryption setting for the new global database cluster. If you specify the SourceDBClusterIdentifier property, don't specify this property. The value is inherited from the cluster.
stringAWS region.
diff --git a/docs/aws-docs/providers/aws/redshift/clusters/index.md b/docs/aws-docs/providers/aws/redshift/clusters/index.md index ed9b07b035..74253bc384 100644 --- a/docs/aws-docs/providers/aws/redshift/clusters/index.md +++ b/docs/aws-docs/providers/aws/redshift/clusters/index.md @@ -59,16 +59,16 @@ Creates, updates, deletes or gets a cluster resource or lists stringThe user name associated with the master user account for the cluster that is being created. The user name can't be PUBLIC and first character must be a letter. booleanIf true, the cluster can be accessed from a public network. stringA unique identifier for the deferred maintenance window. -integerThe number of days to retain newly copied snapshots in the destination AWS Region after they are copied from the source AWS Region. If the value is -1, the manual snapshot is retained indefinitely.

The value must be either -1 or an integer between 1 and 3,653. +integerThe number of days to retain newly copied snapshots in the destination AWS Region after they are copied from the source AWS Region. If the value is -1, the manual snapshot is retained indefinitely. The value must be either -1 or an integer between 1 and 3,653. stringThe Redshift operation to be performed. Resource Action supports pause-cluster, resume-cluster, failover-primary-compute APIs stringSpecifies the name of the HSM client certificate the Amazon Redshift cluster uses to retrieve the data encryption keys stored in an HSM stringThe Elastic IP (EIP) address for the cluster. stringThe availability zone relocation status of the cluster -stringThe value represents how the cluster is configured to use AQUA (Advanced Query Accelerator) after the cluster is restored. Possible values include the following.

enabled - Use AQUA if it is available for the current Region and Amazon Redshift node type.
disabled - Don't use AQUA.
auto - Amazon Redshift determines whether to use AQUA.
+stringThe value represents how the cluster is configured to use AQUA (Advanced Query Accelerator) after the cluster is restored. Possible values include the following. enabled - Use AQUA if it is available for the current Region and Amazon Redshift node type. disabled - Don't use AQUA. auto - Amazon Redshift determines whether to use AQUA. stringThe name of the snapshot from which to create the new cluster. This parameter isn't case sensitive. booleanThe option to enable relocation for an Amazon Redshift cluster between Availability Zones after the cluster modification is complete. stringThe name of the snapshot copy grant to use when snapshots of an AWS KMS-encrypted cluster are copied to the destination region. -booleanAn option that specifies whether to create the cluster with enhanced VPC routing enabled. To create a cluster that uses enhanced VPC routing, the cluster must be in a VPC. For more information, see Enhanced VPC Routing in the Amazon Redshift Cluster Management Guide.

If this option is true , enhanced VPC routing is enabled.

Default: false +booleanAn option that specifies whether to create the cluster with enhanced VPC routing enabled. To create a cluster that uses enhanced VPC routing, the cluster must be in a VPC. For more information, see Enhanced VPC Routing in the Amazon Redshift Cluster Management Guide. If this option is true , enhanced VPC routing is enabled. Default: false stringThe name of the parameter group to be associated with this cluster. stringA timestamp indicating end time for the deferred maintenance window. If you specify an end time, you can't specify a duration. booleanA boolean indicating if we want to rotate Encryption Keys. @@ -84,7 +84,7 @@ Creates, updates, deletes or gets a cluster resource or lists stringThe ID of the Key Management Service (KMS) key used to encrypt and store the cluster's admin user credentials secret. integerAn integer indicating the duration of the maintenance window in days. If you specify a duration, you can't specify an end time. The duration must be 45 days or less. stringThe name of the first database to be created when the cluster is created. To create additional databases after the cluster is created, connect to the cluster with a SQL client and use SQL commands to create a database. -integerThe number of days to retain automated snapshots in the destination region after they are copied from the source region.

Default is 7.

Constraints: Must be at least 1 and no more than 35. +integerThe number of days to retain automated snapshots in the destination region after they are copied from the source region. Default is 7. Constraints: Must be at least 1 and no more than 35. stringAWS region. diff --git a/docs/aws-docs/providers/aws/rekognition/stream_processors/index.md b/docs/aws-docs/providers/aws/rekognition/stream_processors/index.md index fc31e89341..097435ef84 100644 --- a/docs/aws-docs/providers/aws/rekognition/stream_processors/index.md +++ b/docs/aws-docs/providers/aws/rekognition/stream_processors/index.md @@ -25,7 +25,7 @@ Creates, updates, deletes or gets a stream_processor resource or li - +
Namestream_processors
TypeResource
DescriptionThe AWS::Rekognition::StreamProcessor type is used to create an Amazon Rekognition StreamProcessor that you can use to analyze streaming videos.

DescriptionThe AWS::Rekognition::StreamProcessor type is used to create an Amazon Rekognition StreamProcessor that you can use to analyze streaming videos.
Id
diff --git a/docs/aws-docs/providers/aws/route53/hosted_zones/index.md b/docs/aws-docs/providers/aws/route53/hosted_zones/index.md index 8b94dbcf76..4319e53d3a 100644 --- a/docs/aws-docs/providers/aws/route53/hosted_zones/index.md +++ b/docs/aws-docs/providers/aws/route53/hosted_zones/index.md @@ -25,17 +25,17 @@ Creates, updates, deletes or gets a hosted_zone resource or lists < - +
Namehosted_zones
TypeResource
DescriptionCreates a new public or private hosted zone. You create records in a public hosted zone to define how you want to route traffic on the internet for a domain, such as example.com, and its subdomains (apex.example.com, acme.example.com). You create records in a private hosted zone to define how you want to route traffic for a domain and its subdomains within one or more Amazon Virtual Private Clouds (Amazon VPCs).
You can't convert a public hosted zone to a private hosted zone or vice versa. Instead, you must create a new hosted zone with the same name and create new resource record sets.
For more information about charges for hosted zones, see [Amazon Route 53 Pricing](https://docs.aws.amazon.com/route53/pricing/).
Note the following:
+ You can't create a hosted zone for a top-level domain (TLD) such as .com.
+ If your domain is registered with a registrar other than Route 53, you must update the name servers with your registrar to make Route 53 the DNS service for the domain. For more information, see [Migrating DNS Service for an Existing Domain to Amazon Route 53](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/MigratingDNS.html) in the *Amazon Route 53 Developer Guide*.

When you submit a CreateHostedZone request, the initial status of the hosted zone is PENDING. For public hosted zones, this means that the NS and SOA records are not yet available on all Route 53 DNS servers. When the NS and SOA records are available, the status of the zone changes to INSYNC.
The CreateHostedZone request requires the caller to have an ec2:DescribeVpcs permission.
When creating private hosted zones, the Amazon VPC must belong to the same partition where the hosted zone is created. A partition is a group of AWS-Regions. Each AWS-account is scoped to one partition.
The following are the supported partitions:
+ aws - AWS-Regions
+ aws-cn - China Regions
+ aws-us-gov - govcloud-us-region

For more information, see [Access Management](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *General Reference*.
DescriptionCreates a new public or private hosted zone. You create records in a public hosted zone to define how you want to route traffic on the internet for a domain, such as example.com, and its subdomains (apex.example.com, acme.example.com). You create records in a private hosted zone to define how you want to route traffic for a domain and its subdomains within one or more Amazon Virtual Private Clouds (Amazon VPCs). You can't convert a public hosted zone to a private hosted zone or vice versa. Instead, you must create a new hosted zone with the same name and create new resource record sets. For more information about charges for hosted zones, see [Amazon Route 53 Pricing](https://docs.aws.amazon.com/route53/pricing/). Note the following: + You can't create a hosted zone for a top-level domain (TLD) such as .com. + If your domain is registered with a registrar other than Route 53, you must update the name servers with your registrar to make Route 53 the DNS service for the domain. For more information, see [Migrating DNS Service for an Existing Domain to Amazon Route 53](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/MigratingDNS.html) in the *Amazon Route 53 Developer Guide*. When you submit a CreateHostedZone request, the initial status of the hosted zone is PENDING. For public hosted zones, this means that the NS and SOA records are not yet available on all Route 53 DNS servers. When the NS and SOA records are available, the status of the zone changes to INSYNC. The CreateHostedZone request requires the caller to have an ec2:DescribeVpcs permission. When creating private hosted zones, the Amazon VPC must belong to the same partition where the hosted zone is created. A partition is a group of AWS-Regions. Each AWS-account is scoped to one partition. The following are the supported partitions: + aws - AWS-Regions + aws-cn - China Regions + aws-us-gov - govcloud-us-region For more information, see [Access Management](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *General Reference*.
Id
## Fields - - - - - + + + + +
NameDatatypeDescription
string
objectA complex type that contains an optional comment.
If you don't want to specify a comment, omit the HostedZoneConfig and Comment elements.
arrayAdds, edits, or deletes tags for a health check or a hosted zone.
For information about using tags for cost allocation, see [Using Cost Allocation Tags](https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/cost-alloc-tags.html) in the *User Guide*.
stringThe name of the domain. Specify a fully qualified domain name, for example, *www.example.com*. The trailing dot is optional; Amazon Route 53 assumes that the domain name is fully qualified. This means that Route 53 treats *www.example.com* (without a trailing dot) and *www.example.com.* (with a trailing dot) as identical.
If you're creating a public hosted zone, this is the name you have registered with your DNS registrar. If your domain name is registered with a registrar other than Route 53, change the name servers for your domain to the set of NameServers that are returned by the Fn::GetAtt intrinsic function.
objectCreates a configuration for DNS query logging. After you create a query logging configuration, Amazon Route 53 begins to publish log data to an Amazon CloudWatch Logs log group.
DNS query logs contain information about the queries that Route 53 receives for a specified public hosted zone, such as the following:
+ Route 53 edge location that responded to the DNS query
+ Domain or subdomain that was requested
+ DNS record type, such as A or AAAA
+ DNS response code, such as NoError or ServFail

+ Log Group and Resource Policy Before you create a query logging configuration, perform the following operations. If you create a query logging configuration using the Route 53 console, Route 53 performs these operations automatically. Create a CloudWatch Logs log group, and make note of the ARN, which you specify when you create a query logging configuration. Note the following: You must create the log group in the us-east-1 region. You must use the same to create the log group and the hosted zone that you want to configure query logging for. When you create log groups for query logging, we recommend that you use a consistent prefix, for example: /aws/route53/hosted zone name In the next step, you'll create a resource policy, which controls access to one or more log groups and the associated resources, such as Route 53 hosted zones. There's a limit on the number of resource policies that you can create, so we recommend that you use a consistent prefix so you can use the same resource policy for all the log groups that you create for query logging. Create a CloudWatch Logs resource policy, and give it the permissions that Route 53 needs to create log streams and to send query logs to log streams. You must create the CloudWatch Logs resource policy in the us-east-1 region. For the value of Resource, specify the ARN for the log group that you created in the previous step. To use the same resource policy for all the CloudWatch Logs log groups that you created for query logging configurations, replace the hosted zone name with *, for example: arn:aws:logs:us-east-1:123412341234:log-group:/aws/route53/* To avoid the confused deputy problem, a security issue where an entity without a permission for an action can coerce a more-privileged entity to perform it, you can optionally limit the permissions that a service has to a resource in a resource-based policy by supplying the following values: For aws:SourceArn, supply the hosted zone ARN used in creating the query logging configuration. For example, aws:SourceArn: arn:aws:route53:::hostedzone/hosted zone ID. For aws:SourceAccount, supply the account ID for the account that creates the query logging configuration. For example, aws:SourceAccount:111111111111. For more information, see The confused deputy problem in the IAM User Guide. You can't use the CloudWatch console to create or edit a resource policy. You must use the CloudWatch API, one of the SDKs, or the . + Log Streams and Edge Locations When Route 53 finishes creating the configuration for DNS query logging, it does the following: Creates a log stream for an edge location the first time that the edge location responds to DNS queries for the specified hosted zone. That log stream is used to log all queries that Route 53 responds to for that edge location. Begins to send query logs to the applicable log stream. The name of each log stream is in the following format: hosted zone ID/edge location code The edge location code is a three-letter code and an arbitrarily assigned number, for example, DFW3. The three-letter code typically corresponds with the International Air Transport Association airport code for an airport near the edge location. (These abbreviations might change in the future.) For a list of edge locations, see "The Route 53 Global Network" on the Route 53 Product Details page. + Queries That Are Logged Query logs contain only the queries that DNS resolvers forward to Route 53. If a DNS resolver has already cached the response to a query (such as the IP address for a load balancer for example.com), the resolver will continue to return the cached response. It doesn't forward another query to Route 53 until the TTL for the corresponding resource record set expires. Depending on how many DNS queries are submitted for a resource record set, and depending on the TTL for that resource record set, query logs might contain information about only one query out of every several thousand queries that are submitted to DNS. For more information about how DNS works, see Routing Internet Traffic to Your Website or Web Application in the Amazon Route 53 Developer Guide. + Log File Format For a list of the values in each query log and the format of each value, see Logging DNS Queries in the Amazon Route 53 Developer Guide. + Pricing For information about charges for query logs, see Amazon CloudWatch Pricing. + How to Stop Logging If you want Route 53 to stop sending query logs to CloudWatch Logs, delete the query logging configuration. For more information, see DeleteQueryLoggingConfig.
array*Private hosted zones:* A complex type that contains information about the VPCs that are associated with the specified hosted zone.
For public hosted zones, omit VPCs, VPCId, and VPCRegion.
objectA complex type that contains an optional comment. If you don't want to specify a comment, omit the HostedZoneConfig and Comment elements.
arrayAdds, edits, or deletes tags for a health check or a hosted zone. For information about using tags for cost allocation, see [Using Cost Allocation Tags](https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/cost-alloc-tags.html) in the *User Guide*.
stringThe name of the domain. Specify a fully qualified domain name, for example, *www.example.com*. The trailing dot is optional; Amazon Route 53 assumes that the domain name is fully qualified. This means that Route 53 treats *www.example.com* (without a trailing dot) and *www.example.com.* (with a trailing dot) as identical. If you're creating a public hosted zone, this is the name you have registered with your DNS registrar. If your domain name is registered with a registrar other than Route 53, change the name servers for your domain to the set of NameServers that are returned by the Fn::GetAtt intrinsic function.
objectCreates a configuration for DNS query logging. After you create a query logging configuration, Amazon Route 53 begins to publish log data to an Amazon CloudWatch Logs log group. DNS query logs contain information about the queries that Route 53 receives for a specified public hosted zone, such as the following: + Route 53 edge location that responded to the DNS query + Domain or subdomain that was requested + DNS record type, such as A or AAAA + DNS response code, such as NoError or ServFail + Log Group and Resource Policy Before you create a query logging configuration, perform the following operations. If you create a query logging configuration using the Route 53 console, Route 53 performs these operations automatically. Create a CloudWatch Logs log group, and make note of the ARN, which you specify when you create a query logging configuration. Note the following: You must create the log group in the us-east-1 region. You must use the same to create the log group and the hosted zone that you want to configure query logging for. When you create log groups for query logging, we recommend that you use a consistent prefix, for example: /aws/route53/hosted zone name In the next step, you'll create a resource policy, which controls access to one or more log groups and the associated resources, such as Route 53 hosted zones. There's a limit on the number of resource policies that you can create, so we recommend that you use a consistent prefix so you can use the same resource policy for all the log groups that you create for query logging. Create a CloudWatch Logs resource policy, and give it the permissions that Route 53 needs to create log streams and to send query logs to log streams. You must create the CloudWatch Logs resource policy in the us-east-1 region. For the value of Resource, specify the ARN for the log group that you created in the previous step. To use the same resource policy for all the CloudWatch Logs log groups that you created for query logging configurations, replace the hosted zone name with *, for example: arn:aws:logs:us-east-1:123412341234:log-group:/aws/route53/* To avoid the confused deputy problem, a security issue where an entity without a permission for an action can coerce a more-privileged entity to perform it, you can optionally limit the permissions that a service has to a resource in a resource-based policy by supplying the following values: For aws:SourceArn, supply the hosted zone ARN used in creating the query logging configuration. For example, aws:SourceArn: arn:aws:route53:::hostedzone/hosted zone ID. For aws:SourceAccount, supply the account ID for the account that creates the query logging configuration. For example, aws:SourceAccount:111111111111. For more information, see The confused deputy problem in the IAM User Guide. You can't use the CloudWatch console to create or edit a resource policy. You must use the CloudWatch API, one of the SDKs, or the . + Log Streams and Edge Locations When Route 53 finishes creating the configuration for DNS query logging, it does the following: Creates a log stream for an edge location the first time that the edge location responds to DNS queries for the specified hosted zone. That log stream is used to log all queries that Route 53 responds to for that edge location. Begins to send query logs to the applicable log stream. The name of each log stream is in the following format: hosted zone ID/edge location code The edge location code is a three-letter code and an arbitrarily assigned number, for example, DFW3. The three-letter code typically corresponds with the International Air Transport Association airport code for an airport near the edge location. (These abbreviations might change in the future.) For a list of edge locations, see "The Route 53 Global Network" on the Route 53 Product Details page. + Queries That Are Logged Query logs contain only the queries that DNS resolvers forward to Route 53. If a DNS resolver has already cached the response to a query (such as the IP address for a load balancer for example.com), the resolver will continue to return the cached response. It doesn't forward another query to Route 53 until the TTL for the corresponding resource record set expires. Depending on how many DNS queries are submitted for a resource record set, and depending on the TTL for that resource record set, query logs might contain information about only one query out of every several thousand queries that are submitted to DNS. For more information about how DNS works, see Routing Internet Traffic to Your Website or Web Application in the Amazon Route 53 Developer Guide. + Log File Format For a list of the values in each query log and the format of each value, see Logging DNS Queries in the Amazon Route 53 Developer Guide. + Pricing For information about charges for query logs, see Amazon CloudWatch Pricing. + How to Stop Logging If you want Route 53 to stop sending query logs to CloudWatch Logs, delete the query logging configuration. For more information, see DeleteQueryLoggingConfig.
array*Private hosted zones:* A complex type that contains information about the VPCs that are associated with the specified hosted zone. For public hosted zones, omit VPCs, VPCId, and VPCRegion.
array
stringAWS region.
diff --git a/docs/aws-docs/providers/aws/route53profiles/profile_associations/index.md b/docs/aws-docs/providers/aws/route53profiles/profile_associations/index.md index 9f7e0c8eb7..0baf85fc6a 100644 --- a/docs/aws-docs/providers/aws/route53profiles/profile_associations/index.md +++ b/docs/aws-docs/providers/aws/route53profiles/profile_associations/index.md @@ -30,12 +30,12 @@ Creates, updates, deletes or gets a profile_association resource or ## Fields - - - - +
NameDatatypeDescription
stringThe resource that you associated the profile with.
stringThe ID of the profile that you associated with the resource that is specified by ResourceId.
stringPrimary Identifier for Profile Association
stringThe name of an association between a Profile and a VPC.
+ + + - +
NameDatatypeDescription
stringThe resource that you associated the profile with.
stringThe ID of the profile that you associated with the resource that is specified by ResourceId.
stringPrimary Identifier for Profile Association
stringThe name of an association between a Profile and a VPC.
arrayAn array of key-value pairs to apply to this resource.
stringThe Amazon Resource Name (ARN) of the profile association.
stringThe Amazon Resource Name (ARN) of the profile association.
stringAWS region.
diff --git a/docs/aws-docs/providers/aws/route53profiles/profile_resource_associations/index.md b/docs/aws-docs/providers/aws/route53profiles/profile_resource_associations/index.md index 717256b5d5..e8c3608178 100644 --- a/docs/aws-docs/providers/aws/route53profiles/profile_resource_associations/index.md +++ b/docs/aws-docs/providers/aws/route53profiles/profile_resource_associations/index.md @@ -30,12 +30,12 @@ Creates, updates, deletes or gets a profile_resource_association re ## Fields - - - - +
NameDatatypeDescription
stringThe ID of the profile that you associated the resource to that is specified by ResourceArn.
stringPrimary Identifier for Profile Resource Association
stringThe name of an association between the Profile and resource.
stringThe arn of the resource that you associated to the Profile.
+ + + - +
NameDatatypeDescription
stringThe ID of the profile that you associated the resource to that is specified by ResourceArn.
stringPrimary Identifier for Profile Resource Association
stringThe name of an association between the Profile and resource.
stringThe arn of the resource that you associated to the Profile.
stringA JSON-formatted string with key-value pairs specifying the properties of the associated resource.
stringThe type of the resource associated to the Profile.
stringThe type of the resource associated to the Profile.
stringAWS region.
diff --git a/docs/aws-docs/providers/aws/route53recoveryreadiness/resource_sets/index.md b/docs/aws-docs/providers/aws/route53recoveryreadiness/resource_sets/index.md index 23e5467592..6a70922f4a 100644 --- a/docs/aws-docs/providers/aws/route53recoveryreadiness/resource_sets/index.md +++ b/docs/aws-docs/providers/aws/route53recoveryreadiness/resource_sets/index.md @@ -33,7 +33,7 @@ Creates, updates, deletes or gets a resource_set resource or lists - +
NameDatatypeDescription
stringThe name of the resource set to create.
arrayA list of resource objects in the resource set.
stringThe Amazon Resource Name (ARN) of the resource set.
stringThe resource type of the resources in the resource set. Enter one of the following values for resource type:

AWS: :AutoScaling: :AutoScalingGroup, AWS: :CloudWatch: :Alarm, AWS: :EC2: :CustomerGateway, AWS: :DynamoDB: :Table, AWS: :EC2: :Volume, AWS: :ElasticLoadBalancing: :LoadBalancer, AWS: :ElasticLoadBalancingV2: :LoadBalancer, AWS: :MSK: :Cluster, AWS: :RDS: :DBCluster, AWS: :Route53: :HealthCheck, AWS: :SQS: :Queue, AWS: :SNS: :Topic, AWS: :SNS: :Subscription, AWS: :EC2: :VPC, AWS: :EC2: :VPNConnection, AWS: :EC2: :VPNGateway, AWS::Route53RecoveryReadiness::DNSTargetResource
stringThe resource type of the resources in the resource set. Enter one of the following values for resource type: AWS: :AutoScaling: :AutoScalingGroup, AWS: :CloudWatch: :Alarm, AWS: :EC2: :CustomerGateway, AWS: :DynamoDB: :Table, AWS: :EC2: :Volume, AWS: :ElasticLoadBalancing: :LoadBalancer, AWS: :ElasticLoadBalancingV2: :LoadBalancer, AWS: :MSK: :Cluster, AWS: :RDS: :DBCluster, AWS: :Route53: :HealthCheck, AWS: :SQS: :Queue, AWS: :SNS: :Topic, AWS: :SNS: :Subscription, AWS: :EC2: :VPC, AWS: :EC2: :VPNConnection, AWS: :EC2: :VPNGateway, AWS::Route53RecoveryReadiness::DNSTargetResource
arrayA tag to associate with the parameters for a resource set.
stringAWS region.
diff --git a/docs/aws-docs/providers/aws/s3/bucket_policies/index.md b/docs/aws-docs/providers/aws/s3/bucket_policies/index.md index 828490acda..016011716f 100644 --- a/docs/aws-docs/providers/aws/s3/bucket_policies/index.md +++ b/docs/aws-docs/providers/aws/s3/bucket_policies/index.md @@ -25,7 +25,7 @@ Creates, updates, deletes or gets a bucket_policy resource or lists - +
Namebucket_policies
TypeResource
DescriptionApplies an Amazon S3 bucket policy to an Amazon S3 bucket. If you are using an identity other than the root user of the AWS-account that owns the bucket, the calling identity must have the PutBucketPolicy permissions on the specified bucket and belong to the bucket owner's account in order to use this operation.
If you don't have PutBucketPolicy permissions, Amazon S3 returns a 403 Access Denied error. If you have the correct permissions, but you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 405 Method Not Allowed error.
As a security precaution, the root user of the AWS-account that owns a bucket can always use this operation, even if the policy explicitly denies the root user the ability to perform this action.
For more information, see [Bucket policy examples](https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html).
The following operations are related to PutBucketPolicy:
+ [CreateBucket](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html)
+ [DeleteBucket](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html)
DescriptionApplies an Amazon S3 bucket policy to an Amazon S3 bucket. If you are using an identity other than the root user of the AWS-account that owns the bucket, the calling identity must have the PutBucketPolicy permissions on the specified bucket and belong to the bucket owner's account in order to use this operation. If you don't have PutBucketPolicy permissions, Amazon S3 returns a 403 Access Denied error. If you have the correct permissions, but you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 405 Method Not Allowed error. As a security precaution, the root user of the AWS-account that owns a bucket can always use this operation, even if the policy explicitly denies the root user the ability to perform this action. For more information, see [Bucket policy examples](https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html). The following operations are related to PutBucketPolicy: + [CreateBucket](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html) + [DeleteBucket](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html)
Id
diff --git a/docs/aws-docs/providers/aws/s3/buckets/index.md b/docs/aws-docs/providers/aws/s3/buckets/index.md index f8412dc0e4..e27714667a 100644 --- a/docs/aws-docs/providers/aws/s3/buckets/index.md +++ b/docs/aws-docs/providers/aws/s3/buckets/index.md @@ -25,16 +25,16 @@ Creates, updates, deletes or gets a bucket resource or lists - +
Namebuckets
TypeResource
DescriptionThe AWS::S3::Bucket resource creates an Amazon S3 bucket in the same AWS Region where you create the AWS CloudFormation stack.
To control how AWS CloudFormation handles the bucket when the stack is deleted, you can set a deletion policy for your bucket. You can choose to *retain* the bucket or to *delete* the bucket. For more information, see [DeletionPolicy Attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html).
You can only delete empty buckets. Deletion fails for buckets that have contents.
DescriptionThe AWS::S3::Bucket resource creates an Amazon S3 bucket in the same AWS Region where you create the AWS CloudFormation stack. To control how AWS CloudFormation handles the bucket when the stack is deleted, you can set a deletion policy for your bucket. You can choose to *retain* the bucket or to *delete* the bucket. For more information, see [DeletionPolicy Attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html). You can only delete empty buckets. Deletion fails for buckets that have contents.
Id
## Fields - + - + @@ -42,11 +42,11 @@ Creates, updates, deletes or gets a bucket resource or lists - + - + diff --git a/docs/aws-docs/providers/aws/sagemaker/projects/index.md b/docs/aws-docs/providers/aws/sagemaker/projects/index.md index 6d8186a6ba..413e9061ad 100644 --- a/docs/aws-docs/providers/aws/sagemaker/projects/index.md +++ b/docs/aws-docs/providers/aws/sagemaker/projects/index.md @@ -37,7 +37,7 @@ Creates, updates, deletes or gets a project resource or lists - +
NameDatatypeDescription
objectConfigures the transfer acceleration state for an Amazon S3 bucket. For more information, see [Amazon S3 Transfer Acceleration](https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html) in the *Amazon S3 User Guide*.
stringThis is a legacy property, and it is not recommended for most use cases. A majority of modern use cases in Amazon S3 no longer require the use of ACLs, and we recommend that you keep ACLs disabled. For more information, see [Controlling object ownership](https://docs.aws.amazon.com//AmazonS3/latest/userguide/about-object-ownership.html) in the *Amazon S3 User Guide*.
A canned access control list (ACL) that grants predefined permissions to the bucket. For more information about canned ACLs, see [Canned ACL](https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl) in the *Amazon S3 User Guide*.
S3 buckets are created with ACLs disabled by default. Therefore, unless you explicitly set the [AWS::S3::OwnershipControls](https://docs.aws.amazon.com//AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-ownershipcontrols.html) property to enable ACLs, your resource will fail to deploy with any value other than Private. Use cases requiring ACLs are uncommon.
The majority of access control configurations can be successfully and more easily achieved with bucket policies. For more information, see [AWS::S3::BucketPolicy](https://docs.aws.amazon.com//AWSCloudFormation/latest/UserGuide/aws-properties-s3-policy.html). For examples of common policy configurations, including S3 Server Access Logs buckets and more, see [Bucket policy examples](https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html) in the *Amazon S3 User Guide*.
stringThis is a legacy property, and it is not recommended for most use cases. A majority of modern use cases in Amazon S3 no longer require the use of ACLs, and we recommend that you keep ACLs disabled. For more information, see [Controlling object ownership](https://docs.aws.amazon.com//AmazonS3/latest/userguide/about-object-ownership.html) in the *Amazon S3 User Guide*. A canned access control list (ACL) that grants predefined permissions to the bucket. For more information about canned ACLs, see [Canned ACL](https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl) in the *Amazon S3 User Guide*. S3 buckets are created with ACLs disabled by default. Therefore, unless you explicitly set the [AWS::S3::OwnershipControls](https://docs.aws.amazon.com//AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-ownershipcontrols.html) property to enable ACLs, your resource will fail to deploy with any value other than Private. Use cases requiring ACLs are uncommon. The majority of access control configurations can be successfully and more easily achieved with bucket policies. For more information, see [AWS::S3::BucketPolicy](https://docs.aws.amazon.com//AWSCloudFormation/latest/UserGuide/aws-properties-s3-policy.html). For examples of common policy configurations, including S3 Server Access Logs buckets and more, see [Bucket policy examples](https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html) in the *Amazon S3 User Guide*.
arraySpecifies the configuration and any analyses for the analytics filter of an Amazon S3 bucket.
objectSpecifies default encryption for a bucket using server-side encryption with Amazon S3-managed keys (SSE-S3), AWS KMS-managed keys (SSE-KMS), or dual-layer server-side encryption with KMS-managed keys (DSSE-KMS). For information about the Amazon S3 default encryption feature, see [Amazon S3 Default Encryption for S3 Buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) in the *Amazon S3 User Guide*.
stringA name for the bucket. If you don't specify a name, AWS CloudFormation generates a unique ID and uses that ID for the bucket name. The bucket name must contain only lowercase letters, numbers, periods (.), and dashes (-) and must follow [Amazon S3 bucket restrictions and limitations](https://docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestrictions.html). For more information, see [Rules for naming Amazon S3 buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestrictions.html#bucketnamingrules) in the *Amazon S3 User Guide*.
If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you need to replace the resource, specify a new name.
stringA name for the bucket. If you don't specify a name, AWS CloudFormation generates a unique ID and uses that ID for the bucket name. The bucket name must contain only lowercase letters, numbers, periods (.), and dashes (-) and must follow [Amazon S3 bucket restrictions and limitations](https://docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestrictions.html). For more information, see [Rules for naming Amazon S3 buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestrictions.html#bucketnamingrules) in the *Amazon S3 User Guide*. If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you need to replace the resource, specify a new name.
objectDescribes the cross-origin access configuration for objects in an Amazon S3 bucket. For more information, see [Enabling Cross-Origin Resource Sharing](https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html) in the *Amazon S3 User Guide*.
arrayDefines how Amazon S3 handles Intelligent-Tiering storage.
arraySpecifies the inventory configuration for an Amazon S3 bucket. For more information, see [GET Bucket inventory](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketGETInventoryConfig.html) in the *Amazon S3 API Reference*.
objectSettings that define where logs are stored.
arraySpecifies a metrics configuration for the CloudWatch request metrics (specified by the metrics configuration ID) from an Amazon S3 bucket. If you're updating an existing metrics configuration, note that this is a full replacement of the existing metrics configuration. If you don't include the elements you want to keep, they are erased. For more information, see [PutBucketMetricsConfiguration](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTMetricConfiguration.html).
objectConfiguration that defines how Amazon S3 handles bucket notifications.
objectThis operation is not supported by directory buckets.
Places an Object Lock configuration on the specified bucket. The rule specified in the Object Lock configuration will be applied by default to every new object placed in the specified bucket. For more information, see [Locking Objects](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html).
+ The DefaultRetention settings require both a mode and a period.
+ The DefaultRetention period can be either Days or Years but you must select one. You cannot specify Days and Years at the same time.
+ You can enable Object Lock for new or existing buckets. For more information, see [Configuring Object Lock](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-configure.html).
objectThis operation is not supported by directory buckets. Places an Object Lock configuration on the specified bucket. The rule specified in the Object Lock configuration will be applied by default to every new object placed in the specified bucket. For more information, see [Locking Objects](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html). + The DefaultRetention settings require both a mode and a period. + The DefaultRetention period can be either Days or Years but you must select one. You cannot specify Days and Years at the same time. + You can enable Object Lock for new or existing buckets. For more information, see [Configuring Object Lock](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-configure.html).
booleanIndicates whether this bucket has an Object Lock configuration enabled. Enable ObjectLockEnabled when you apply ObjectLockConfiguration to a bucket.
objectConfiguration that defines how Amazon S3 handles Object Ownership rules.
objectConfiguration that defines how Amazon S3 handles public access.
objectConfiguration for replicating objects in an S3 bucket. To enable replication, you must also enable versioning by using the VersioningConfiguration property.
Amazon S3 can store replicated objects in a single destination bucket or multiple destination buckets. The destination bucket or buckets must already exist.
objectConfiguration for replicating objects in an S3 bucket. To enable replication, you must also enable versioning by using the VersioningConfiguration property. Amazon S3 can store replicated objects in a single destination bucket or multiple destination buckets. The destination bucket or buckets must already exist.
arrayAn arbitrary set of tags (key-value pairs) for this S3 bucket.
objectEnables multiple versions of all objects in this bucket. You might enable versioning to prevent objects from being deleted or overwritten by mistake or to archive objects so that you can retrieve previous versions of them.
objectInformation used to configure the bucket as a static website. For more information, see [Hosting Websites on Amazon S3](https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html).
The description of the project.
stringThe time at which the project was created.
objectInput ServiceCatalog Provisioning Details
objectProvisioned ServiceCatalog Details
objectProvisioned ServiceCatalog Details
stringThe status of a project.
stringAWS region.
diff --git a/docs/aws-docs/providers/aws/secretsmanager/secrets/index.md b/docs/aws-docs/providers/aws/secretsmanager/secrets/index.md index e1dd779638..df38cb0bf5 100644 --- a/docs/aws-docs/providers/aws/secretsmanager/secrets/index.md +++ b/docs/aws-docs/providers/aws/secretsmanager/secrets/index.md @@ -25,19 +25,19 @@ Creates, updates, deletes or gets a secret resource or lists - +
Namesecrets
TypeResource
DescriptionCreates a new secret. A *secret* can be a password, a set of credentials such as a user name and password, an OAuth token, or other secret information that you store in an encrypted form in Secrets Manager.
For RDS master user credentials, see [AWS::RDS::DBCluster MasterUserSecret](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbcluster-masterusersecret.html).
To retrieve a secret in a CFNshort template, use a *dynamic reference*. For more information, see [Retrieve a secret in an resource](https://docs.aws.amazon.com/secretsmanager/latest/userguide/cfn-example_reference-secret.html).
A common scenario is to first create a secret with GenerateSecretString, which generates a password, and then use a dynamic reference to retrieve the username and password from the secret to use as credentials for a new database. See the example *Creating a Redshift cluster and a secret for the admin credentials*.
For information about creating a secret in the console, see [Create a secret](https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_create-basic-secret.html). For information about creating a secret using the CLI or SDK, see [CreateSecret](https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_CreateSecret.html).
For information about retrieving a secret in code, see [Retrieve secrets from Secrets Manager](https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieving-secrets.html).
DescriptionCreates a new secret. A *secret* can be a password, a set of credentials such as a user name and password, an OAuth token, or other secret information that you store in an encrypted form in Secrets Manager. For RDS master user credentials, see [AWS::RDS::DBCluster MasterUserSecret](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-dbcluster-masterusersecret.html). To retrieve a secret in a CFNshort template, use a *dynamic reference*. For more information, see [Retrieve a secret in an resource](https://docs.aws.amazon.com/secretsmanager/latest/userguide/cfn-example_reference-secret.html). A common scenario is to first create a secret with GenerateSecretString, which generates a password, and then use a dynamic reference to retrieve the username and password from the secret to use as credentials for a new database. See the example *Creating a Redshift cluster and a secret for the admin credentials*. For information about creating a secret in the console, see [Create a secret](https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_create-basic-secret.html). For information about creating a secret using the CLI or SDK, see [CreateSecret](https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_CreateSecret.html). For information about retrieving a secret in code, see [Retrieve secrets from Secrets Manager](https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieving-secrets.html).
Id
## Fields - + - + - - + +
NameDatatypeDescription
stringThe description of the secret.
stringThe ARN, key ID, or alias of the KMS key that Secrets Manager uses to encrypt the secret value in the secret. An alias is always prefixed by alias/, for example alias/aws/secretsmanager. For more information, see [About aliases](https://docs.aws.amazon.com/kms/latest/developerguide/alias-about.html).
To use a KMS key in a different account, use the key ARN or the alias ARN.
If you don't specify this value, then Secrets Manager uses the key aws/secretsmanager. If that key doesn't yet exist, then Secrets Manager creates it for you automatically the first time it encrypts the secret value.
If the secret is in a different AWS account from the credentials calling the API, then you can't use aws/secretsmanager to encrypt the secret, and you must create and use a customer managed KMS key.
stringThe ARN, key ID, or alias of the KMS key that Secrets Manager uses to encrypt the secret value in the secret. An alias is always prefixed by alias/, for example alias/aws/secretsmanager. For more information, see [About aliases](https://docs.aws.amazon.com/kms/latest/developerguide/alias-about.html). To use a KMS key in a different account, use the key ARN or the alias ARN. If you don't specify this value, then Secrets Manager uses the key aws/secretsmanager. If that key doesn't yet exist, then Secrets Manager creates it for you automatically the first time it encrypts the secret value. If the secret is in a different AWS account from the credentials calling the API, then you can't use aws/secretsmanager to encrypt the secret, and you must create and use a customer managed KMS key.
stringThe text to encrypt and store in the secret. We recommend you use a JSON structure of key/value pairs for your secret value. To generate a random password, use GenerateSecretString instead. If you omit both GenerateSecretString and SecretString, you create an empty secret. When you make a change to this property, a new secret version is created.
objectA structure that specifies how to generate a password to encrypt and store in the secret. To include a specific string in the secret, use SecretString instead. If you omit both GenerateSecretString and SecretString, you create an empty secret. When you make a change to this property, a new secret version is created.
We recommend that you specify the maximum length and include every character type that the system you are generating a password for can support.
objectA structure that specifies how to generate a password to encrypt and store in the secret. To include a specific string in the secret, use SecretString instead. If you omit both GenerateSecretString and SecretString, you create an empty secret. When you make a change to this property, a new secret version is created. We recommend that you specify the maximum length and include every character type that the system you are generating a password for can support.
arrayA custom type that specifies a Region and the KmsKeyId for a replica secret.
string
arrayA list of tags to attach to the secret. Each tag is a key and value pair of strings in a JSON text string, for example:
[{"Key":"CostCenter","Value":"12345"},{"Key":"environment","Value":"production"}]
Secrets Manager tag key names are case sensitive. A tag with the key "ABC" is a different tag from one with key "abc".
Stack-level tags, tags you apply to the CloudFormation stack, are also attached to the secret.
If you check tags in permissions policies as part of your security strategy, then adding or removing a tag can change permissions. If the completion of this operation would result in you losing your permissions for this secret, then Secrets Manager blocks the operation and returns an Access Denied error. For more information, see [Control access to secrets using tags](https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html#tag-secrets-abac) and [Limit access to identities with tags that match secrets' tags](https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html#auth-and-access_tags2).
For information about how to format a JSON parameter for the various command line tool environments, see [Using JSON for Parameters](https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json). If your command-line tool or SDK requires quotation marks around the parameter, you should use single quotes to avoid confusion with the double quotes required in the JSON text.
The following restrictions apply to tags:
+ Maximum number of tags per secret: 50
+ Maximum key length: 127 Unicode characters in UTF-8
+ Maximum value length: 255 Unicode characters in UTF-8
+ Tag keys and values are case sensitive.
+ Do not use the aws: prefix in your tag names or values because AWS reserves it for AWS use. You can't edit or delete tag names or values with this prefix. Tags with this prefix do not count against your tags per secret limit.
+ If you use your tagging schema across multiple services and resources, other services might have restrictions on allowed characters. Generally allowed characters: letters, spaces, and numbers representable in UTF-8, plus the following special characters: + - = . _ : / @.
stringThe name of the new secret.
The secret name can contain ASCII letters, numbers, and the following characters: /_+=.@-
Do not end your secret name with a hyphen followed by six characters. If you do so, you risk confusion and unexpected results when searching for a secret by partial ARN. Secrets Manager automatically adds a hyphen and six random characters after the secret name at the end of the ARN.
arrayA list of tags to attach to the secret. Each tag is a key and value pair of strings in a JSON text string, for example: [{"Key":"CostCenter","Value":"12345"},{"Key":"environment","Value":"production"}] Secrets Manager tag key names are case sensitive. A tag with the key "ABC" is a different tag from one with key "abc". Stack-level tags, tags you apply to the CloudFormation stack, are also attached to the secret. If you check tags in permissions policies as part of your security strategy, then adding or removing a tag can change permissions. If the completion of this operation would result in you losing your permissions for this secret, then Secrets Manager blocks the operation and returns an Access Denied error. For more information, see [Control access to secrets using tags](https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html#tag-secrets-abac) and [Limit access to identities with tags that match secrets' tags](https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html#auth-and-access_tags2). For information about how to format a JSON parameter for the various command line tool environments, see [Using JSON for Parameters](https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json). If your command-line tool or SDK requires quotation marks around the parameter, you should use single quotes to avoid confusion with the double quotes required in the JSON text. The following restrictions apply to tags: + Maximum number of tags per secret: 50 + Maximum key length: 127 Unicode characters in UTF-8 + Maximum value length: 255 Unicode characters in UTF-8 + Tag keys and values are case sensitive. + Do not use the aws: prefix in your tag names or values because AWS reserves it for AWS use. You can't edit or delete tag names or values with this prefix. Tags with this prefix do not count against your tags per secret limit. + If you use your tagging schema across multiple services and resources, other services might have restrictions on allowed characters. Generally allowed characters: letters, spaces, and numbers representable in UTF-8, plus the following special characters: + - = . _ : / @.
stringThe name of the new secret. The secret name can contain ASCII letters, numbers, and the following characters: /_+=.@- Do not end your secret name with a hyphen followed by six characters. If you do so, you risk confusion and unexpected results when searching for a secret by partial ARN. Secrets Manager automatically adds a hyphen and six random characters after the secret name at the end of the ARN.
stringAWS region.
diff --git a/docs/aws-docs/providers/aws/securityhub/hubs/index.md b/docs/aws-docs/providers/aws/securityhub/hubs/index.md index 6f74107743..bd3c84b5d5 100644 --- a/docs/aws-docs/providers/aws/securityhub/hubs/index.md +++ b/docs/aws-docs/providers/aws/securityhub/hubs/index.md @@ -25,14 +25,14 @@ Creates, updates, deletes or gets a hub resource or lists hub - +
Namehubs
TypeResource
DescriptionThe AWS::SecurityHub::Hub resource represents the implementation of the AWS Security Hub service in your account. One hub resource is created for each Region in which you enable Security Hub.

DescriptionThe AWS::SecurityHub::Hub resource represents the implementation of the AWS Security Hub service in your account. One hub resource is created for each Region in which you enable Security Hub.
Id
## Fields - + diff --git a/docs/aws-docs/providers/aws/securityhub/standards/index.md b/docs/aws-docs/providers/aws/securityhub/standards/index.md index 304f68eba7..7e95b50f98 100644 --- a/docs/aws-docs/providers/aws/securityhub/standards/index.md +++ b/docs/aws-docs/providers/aws/securityhub/standards/index.md @@ -25,14 +25,14 @@ Creates, updates, deletes or gets a standard resource or lists - +
NameDatatypeDescription
stringAn ARN is automatically created for the customer.
booleanWhether to enable the security standards that Security Hub has designated as automatically enabled.
stringThis field, used when enabling Security Hub, specifies whether the calling account has consolidated control findings turned on. If the value for this field is set to SECURITY_CONTROL, Security Hub generates a single finding for a control check even when the check applies to multiple enabled standards. If the value for this field is set to STANDARD_CONTROL, Security Hub generates separate findings for a control check when the check applies to multiple enabled standards.
stringThis field, used when enabling Security Hub, specifies whether the calling account has consolidated control findings turned on. If the value for this field is set to SECURITY_CONTROL, Security Hub generates a single finding for a control check even when the check applies to multiple enabled standards. If the value for this field is set to STANDARD_CONTROL, Security Hub generates separate findings for a control check when the check applies to multiple enabled standards.
booleanWhether to automatically enable new controls when they are added to standards that are enabled
A key-value pair to associate with a resource.
stringThe date and time when Security Hub was enabled in the account.
Namestandards
TypeResource
DescriptionThe AWS::SecurityHub::Standard resource specifies the enablement of a security standard. The standard is identified by the StandardsArn property. To view a list of ASH standards and their Amazon Resource Names (ARNs), use the [DescribeStandards](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DescribeStandards.html) API operation.
You must create a separate AWS::SecurityHub::Standard resource for each standard that you want to enable.
For more information about ASH standards, see [standards reference](https://docs.aws.amazon.com/securityhub/latest/userguide/standards-reference.html) in the *User Guide*.
DescriptionThe AWS::SecurityHub::Standard resource specifies the enablement of a security standard. The standard is identified by the StandardsArn property. To view a list of ASH standards and their Amazon Resource Names (ARNs), use the [DescribeStandards](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DescribeStandards.html) API operation. You must create a separate AWS::SecurityHub::Standard resource for each standard that you want to enable. For more information about ASH standards, see [standards reference](https://docs.aws.amazon.com/securityhub/latest/userguide/standards-reference.html) in the *User Guide*.
Id
## Fields - +
NameDatatypeDescription
string
stringThe ARN of the standard that you want to enable. To view a list of available ASH standards and their ARNs, use the [DescribeStandards](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DescribeStandards.html) API operation.
arraySpecifies which controls are to be disabled in a standard.
*Maximum*: 100
arraySpecifies which controls are to be disabled in a standard. *Maximum*: 100
stringAWS region.
diff --git a/docs/aws-docs/providers/aws/shield/proactive_engagements/index.md b/docs/aws-docs/providers/aws/shield/proactive_engagements/index.md index acbdd555e3..0f6d1da943 100644 --- a/docs/aws-docs/providers/aws/shield/proactive_engagements/index.md +++ b/docs/aws-docs/providers/aws/shield/proactive_engagements/index.md @@ -31,8 +31,8 @@ Creates, updates, deletes or gets a proactive_engagement resource o ## Fields - - + +
NameDatatypeDescription
string
stringIf `ENABLED`, the Shield Response Team (SRT) will use email and phone to notify contacts about escalations to the SRT and to initiate proactive customer support.
If `DISABLED`, the SRT will not proactively notify contacts about escalations or to initiate proactive customer support.
arrayA list of email addresses and phone numbers that the Shield Response Team (SRT) can use to contact you for escalations to the SRT and to initiate proactive customer support.
To enable proactive engagement, the contact list must include at least one phone number.
stringIf `ENABLED`, the Shield Response Team (SRT) will use email and phone to notify contacts about escalations to the SRT and to initiate proactive customer support. If `DISABLED`, the SRT will not proactively notify contacts about escalations or to initiate proactive customer support.
arrayA list of email addresses and phone numbers that the Shield Response Team (SRT) can use to contact you for escalations to the SRT and to initiate proactive customer support. To enable proactive engagement, the contact list must include at least one phone number.
stringAWS region.
diff --git a/docs/aws-docs/providers/aws/shield/protection_groups/index.md b/docs/aws-docs/providers/aws/shield/protection_groups/index.md index b80e51d2b5..12e92ab99c 100644 --- a/docs/aws-docs/providers/aws/shield/protection_groups/index.md +++ b/docs/aws-docs/providers/aws/shield/protection_groups/index.md @@ -32,7 +32,7 @@ Creates, updates, deletes or gets a protection_group resource or li ## Fields - + diff --git a/docs/aws-docs/providers/aws/sns/topics/index.md b/docs/aws-docs/providers/aws/sns/topics/index.md index d35400c832..4bfa055a57 100644 --- a/docs/aws-docs/providers/aws/sns/topics/index.md +++ b/docs/aws-docs/providers/aws/sns/topics/index.md @@ -25,20 +25,20 @@ Creates, updates, deletes or gets a topic resource or lists t
NameDatatypeDescription
stringThe name of the protection group. You use this to identify the protection group in lists and to manage the protection group, for example to update, delete, or describe it.
stringThe ARN (Amazon Resource Name) of the protection group.
stringDefines how AWS Shield combines resource data for the group in order to detect, mitigate, and report events.
* Sum - Use the total traffic across the group. This is a good choice for most cases. Examples include Elastic IP addresses for EC2 instances that scale manually or automatically.
* Mean - Use the average of the traffic across the group. This is a good choice for resources that share traffic uniformly. Examples include accelerators and load balancers.
* Max - Use the highest traffic from each resource. This is useful for resources that don't share traffic and for resources that share that traffic in a non-uniform way. Examples include Amazon CloudFront and origin resources for CloudFront distributions.
stringDefines how AWS Shield combines resource data for the group in order to detect, mitigate, and report events. * Sum - Use the total traffic across the group. This is a good choice for most cases. Examples include Elastic IP addresses for EC2 instances that scale manually or automatically. * Mean - Use the average of the traffic across the group. This is a good choice for resources that share traffic uniformly. Examples include accelerators and load balancers. * Max - Use the highest traffic from each resource. This is useful for resources that don't share traffic and for resources that share that traffic in a non-uniform way. Examples include Amazon CloudFront and origin resources for CloudFront distributions.
stringThe criteria to use to choose the protected resources for inclusion in the group. You can include all resources that have protections, provide a list of resource Amazon Resource Names (ARNs), or include all resources of a specified resource type.
arrayThe Amazon Resource Names (ARNs) of the resources to include in the protection group. You must set this when you set `Pattern` to `ARBITRARY` and you must not set it for any other `Pattern` setting.
stringThe resource type to include in the protection group. All protected resources of this type are included in the protection group. Newly protected resources of this type are automatically added to the group. You must set this when you set `Pattern` to `BY_RESOURCE_TYPE` and you must not set it for any other `Pattern` setting.
- +
Nametopics
TypeResource
DescriptionThe AWS::SNS::Topic resource creates a topic to which notifications can be published.
One account can create a maximum of 100,000 standard topics and 1,000 FIFO topics. For more information, see [endpoints and quotas](https://docs.aws.amazon.com/general/latest/gr/sns.html) in the *General Reference*.
The structure of AUTHPARAMS depends on the .signature of the API request. For more information, see [Examples of the complete Signature Version 4 signing process](https://docs.aws.amazon.com/general/latest/gr/sigv4-signed-request-examples.html) in the *General Reference*.
DescriptionThe AWS::SNS::Topic resource creates a topic to which notifications can be published. One account can create a maximum of 100,000 standard topics and 1,000 FIFO topics. For more information, see [endpoints and quotas](https://docs.aws.amazon.com/general/latest/gr/sns.html) in the *General Reference*. The structure of AUTHPARAMS depends on the .signature of the API request. For more information, see [Examples of the complete Signature Version 4 signing process](https://docs.aws.amazon.com/general/latest/gr/sigv4-signed-request-examples.html) in the *General Reference*.
Id
## Fields - - - + + + - + - - + + diff --git a/docs/aws-docs/providers/aws/sqs/queues/index.md b/docs/aws-docs/providers/aws/sqs/queues/index.md index 9a5635c1e8..3fe003bfd7 100644 --- a/docs/aws-docs/providers/aws/sqs/queues/index.md +++ b/docs/aws-docs/providers/aws/sqs/queues/index.md @@ -25,7 +25,7 @@ Creates, updates, deletes or gets a queue resource or lists q
NameDatatypeDescription
stringThe display name to use for an SNS topic with SMS subscriptions. The display name must be maximum 100 characters long, including hyphens (-), underscores (_), spaces, and tabs.
stringThe ID of an AWS managed customer master key (CMK) for SNS or a custom CMK. For more information, see [Key terms](https://docs.aws.amazon.com/sns/latest/dg/sns-server-side-encryption.html#sse-key-terms). For more examples, see KeyId in the *API Reference*.
This property applies only to [server-side-encryption](https://docs.aws.amazon.com/sns/latest/dg/sns-server-side-encryption.html).
objectThe body of the policy document you want to use for this topic.
You can only add one policy per topic.
The policy must be in JSON string format.
Length Constraints: Maximum length of 30,720.
arrayThe SNS subscriptions (endpoints) for this topic.
If you specify the Subscription property in the AWS::SNS::Topic resource and it creates an associated subscription resource, the associated subscription is not deleted when the AWS::SNS::Topic resource is deleted.
stringThe ID of an AWS managed customer master key (CMK) for SNS or a custom CMK. For more information, see [Key terms](https://docs.aws.amazon.com/sns/latest/dg/sns-server-side-encryption.html#sse-key-terms). For more examples, see KeyId in the *API Reference*. This property applies only to [server-side-encryption](https://docs.aws.amazon.com/sns/latest/dg/sns-server-side-encryption.html).
objectThe body of the policy document you want to use for this topic. You can only add one policy per topic. The policy must be in JSON string format. Length Constraints: Maximum length of 30,720.
arrayThe SNS subscriptions (endpoints) for this topic. If you specify the Subscription property in the AWS::SNS::Topic resource and it creates an associated subscription resource, the associated subscription is not deleted when the AWS::SNS::Topic resource is deleted.
booleanSet to true to create a FIFO topic.
booleanEnables content-based deduplication for FIFO topics.
+ By default, ContentBasedDeduplication is set to false. If you create a FIFO topic and this attribute is false, you must specify a value for the MessageDeduplicationId parameter for the [Publish](https://docs.aws.amazon.com/sns/latest/api/API_Publish.html) action.
+ When you set ContentBasedDeduplication to true, SNS uses a SHA-256 hash to generate the MessageDeduplicationId using the body of the message (but not the attributes of the message).
(Optional) To override the generated value, you can specify a value for the the MessageDeduplicationId parameter for the Publish action.
booleanEnables content-based deduplication for FIFO topics. + By default, ContentBasedDeduplication is set to false. If you create a FIFO topic and this attribute is false, you must specify a value for the MessageDeduplicationId parameter for the [Publish](https://docs.aws.amazon.com/sns/latest/api/API_Publish.html) action. + When you set ContentBasedDeduplication to true, SNS uses a SHA-256 hash to generate the MessageDeduplicationId using the body of the message (but not the attributes of the message). (Optional) To override the generated value, you can specify a value for the the MessageDeduplicationId parameter for the Publish action.
objectThe archive policy determines the number of days SNS retains messages. You can set a retention period from 1 to 365 days.
arrayThe list of tags to add to a new topic.
To be able to tag a topic on creation, you must have the sns:CreateTopic and sns:TagResource permissions.
stringThe name of the topic you want to create. Topic names must include only uppercase and lowercase ASCII letters, numbers, underscores, and hyphens, and must be between 1 and 256 characters long. FIFO topic names must end with .fifo.
If you don't specify a name, CFN generates a unique physical ID and uses that ID for the topic name. For more information, see [Name type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html).
If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.
arrayThe list of tags to add to a new topic. To be able to tag a topic on creation, you must have the sns:CreateTopic and sns:TagResource permissions.
stringThe name of the topic you want to create. Topic names must include only uppercase and lowercase ASCII letters, numbers, underscores, and hyphens, and must be between 1 and 256 characters long. FIFO topic names must end with .fifo. If you don't specify a name, CFN generates a unique physical ID and uses that ID for the topic name. For more information, see [Name type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html). If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.
string
stringThe signature version corresponds to the hashing algorithm used while creating the signature of the notifications, subscription confirmations, or unsubscribe confirmation messages sent by Amazon SNS. By default, SignatureVersion is set to 1.
stringTracing mode of an SNS topic. By default TracingConfig is set to PassThrough, and the topic passes through the tracing header it receives from an SNS publisher to its subscriptions. If set to Active, SNS will vend X-Ray segment data to topic owner account if the sampled flag in the tracing header is true.
- +
Namequeues
TypeResource
DescriptionThe AWS::SQS::Queue resource creates an SQS standard or FIFO queue.
Keep the following caveats in mind:
+ If you don't specify the FifoQueue property, SQS creates a standard queue.
You can't change the queue type after you create it and you can't convert an existing standard queue into a FIFO queue. You must either create a new FIFO queue for your application or delete your existing standard queue and recreate it as a FIFO queue. For more information, see [Moving from a standard queue to a FIFO queue](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues-moving.html) in the *Developer Guide*.
+ If you don't provide a value for a property, the queue is created with the default value for the property.
+ If you delete a queue, you must wait at least 60 seconds before creating a queue with the same name.
+ To successfully create a new queue, you must provide a queue name that adheres to the [limits related to queues](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/limits-queues.html) and is unique within the scope of your queues.

For more information about creating FIFO (first-in-first-out) queues, see [Creating an queue ()](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/screate-queue-cloudformation.html) in the *Developer Guide*.
DescriptionThe AWS::SQS::Queue resource creates an SQS standard or FIFO queue. Keep the following caveats in mind: + If you don't specify the FifoQueue property, SQS creates a standard queue. You can't change the queue type after you create it and you can't convert an existing standard queue into a FIFO queue. You must either create a new FIFO queue for your application or delete your existing standard queue and recreate it as a FIFO queue. For more information, see [Moving from a standard queue to a FIFO queue](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues-moving.html) in the *Developer Guide*. + If you don't provide a value for a property, the queue is created with the default value for the property. + If you delete a queue, you must wait at least 60 seconds before creating a queue with the same name. + To successfully create a new queue, you must provide a queue name that adheres to the [limits related to queues](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/limits-queues.html) and is unique within the scope of your queues. For more information about creating FIFO (first-in-first-out) queues, see [Creating an queue ()](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/screate-queue-cloudformation.html) in the *Developer Guide*.
Id
@@ -33,21 +33,21 @@ Creates, updates, deletes or gets a queue resource or lists q - + - - - + + + - + - - + + - +
NameDatatypeDescription
string
string
booleanFor first-in-first-out (FIFO) queues, specifies whether to enable content-based deduplication. During the deduplication interval, SQS treats messages that are sent with identical content as duplicates and delivers only one copy of the message. For more information, see the ContentBasedDeduplication attribute for the CreateQueue action in the *API Reference*.
stringFor high throughput for FIFO queues, specifies whether message deduplication occurs at the message group or queue level. Valid values are messageGroup and queue.
To enable high throughput for a FIFO queue, set this attribute to messageGroup *and* set the FifoThroughputLimit attribute to perMessageGroupId. If you set these attributes to anything other than these values, normal throughput is in effect and deduplication occurs as specified. For more information, see [High throughput for FIFO queues](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/high-throughput-fifo.html) and [Quotas related to messages](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/quotas-messages.html) in the *Developer Guide*.
stringFor high throughput for FIFO queues, specifies whether message deduplication occurs at the message group or queue level. Valid values are messageGroup and queue. To enable high throughput for a FIFO queue, set this attribute to messageGroup *and* set the FifoThroughputLimit attribute to perMessageGroupId. If you set these attributes to anything other than these values, normal throughput is in effect and deduplication occurs as specified. For more information, see [High throughput for FIFO queues](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/high-throughput-fifo.html) and [Quotas related to messages](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/quotas-messages.html) in the *Developer Guide*.
integerThe time in seconds for which the delivery of all messages in the queue is delayed. You can specify an integer value of 0 to 900 (15 minutes). The default value is 0.
booleanIf set to true, creates a FIFO queue. If you don't specify this property, SQS creates a standard queue. For more information, see [FIFO queues](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html) in the *Developer Guide*.
stringFor high throughput for FIFO queues, specifies whether the FIFO queue throughput quota applies to the entire queue or per message group. Valid values are perQueue and perMessageGroupId.
To enable high throughput for a FIFO queue, set this attribute to perMessageGroupId *and* set the DeduplicationScope attribute to messageGroup. If you set these attributes to anything other than these values, normal throughput is in effect and deduplication occurs as specified. For more information, see [High throughput for FIFO queues](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/high-throughput-fifo.html) and [Quotas related to messages](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/quotas-messages.html) in the *Developer Guide*.
integerThe length of time in seconds for which SQS can reuse a data key to encrypt or decrypt messages before calling KMS again. The value must be an integer between 60 (1 minute) and 86,400 (24 hours). The default is 300 (5 minutes).
A shorter time period provides better security, but results in more calls to KMS, which might incur charges after Free Tier. For more information, see [Encryption at rest](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html#sqs-how-does-the-data-key-reuse-period-work) in the *Developer Guide*.
stringThe ID of an AWS Key Management Service (KMS) for SQS, or a custom KMS. To use the AWS managed KMS for SQS, specify a (default) alias ARN, alias name (e.g. alias/aws/sqs), key ARN, or key ID. For more information, see the following:
+ [Encryption at rest](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html) in the *Developer Guide*
+ [CreateQueue](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/APIReference/API_CreateQueue.html) in the *API Reference*
+ [Request Parameters](https://docs.aws.amazon.com/kms/latest/APIReference/API_DescribeKey.html#API_DescribeKey_RequestParameters) in the *Key Management Service API Reference*
+ The Key Management Service (KMS) section of the [Best Practices](https://docs.aws.amazon.com/https://d0.awsstatic.com/whitepapers/aws-kms-best-practices.pdf) whitepaper
stringFor high throughput for FIFO queues, specifies whether the FIFO queue throughput quota applies to the entire queue or per message group. Valid values are perQueue and perMessageGroupId. To enable high throughput for a FIFO queue, set this attribute to perMessageGroupId *and* set the DeduplicationScope attribute to messageGroup. If you set these attributes to anything other than these values, normal throughput is in effect and deduplication occurs as specified. For more information, see [High throughput for FIFO queues](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/high-throughput-fifo.html) and [Quotas related to messages](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/quotas-messages.html) in the *Developer Guide*.
integerThe length of time in seconds for which SQS can reuse a data key to encrypt or decrypt messages before calling KMS again. The value must be an integer between 60 (1 minute) and 86,400 (24 hours). The default is 300 (5 minutes). A shorter time period provides better security, but results in more calls to KMS, which might incur charges after Free Tier. For more information, see [Encryption at rest](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html#sqs-how-does-the-data-key-reuse-period-work) in the *Developer Guide*.
stringThe ID of an AWS Key Management Service (KMS) for SQS, or a custom KMS. To use the AWS managed KMS for SQS, specify a (default) alias ARN, alias name (e.g. alias/aws/sqs), key ARN, or key ID. For more information, see the following: + [Encryption at rest](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html) in the *Developer Guide* + [CreateQueue](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/APIReference/API_CreateQueue.html) in the *API Reference* + [Request Parameters](https://docs.aws.amazon.com/kms/latest/APIReference/API_DescribeKey.html#API_DescribeKey_RequestParameters) in the *Key Management Service API Reference* + The Key Management Service (KMS) section of the [Best Practices](https://docs.aws.amazon.com/https://d0.awsstatic.com/whitepapers/aws-kms-best-practices.pdf) whitepaper
booleanEnables server-side queue encryption using SQS owned encryption keys. Only one server-side encryption option is supported per queue (for example, [SSE-KMS](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-configure-sse-existing-queue.html) or [SSE-SQS](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-configure-sqs-sse-queue.html)). When SqsManagedSseEnabled is not defined, SSE-SQS encryption is enabled by default.
integerThe limit of how many bytes that a message can contain before SQS rejects it. You can specify an integer value from 1,024 bytes (1 KiB) to 262,144 bytes (256 KiB). The default value is 262,144 (256 KiB).
integerThe number of seconds that SQS retains a message. You can specify an integer value from 60 seconds (1 minute) to 1,209,600 seconds (14 days). The default value is 345,600 seconds (4 days).
stringA name for the queue. To create a FIFO queue, the name of your FIFO queue must end with the .fifo suffix. For more information, see [FIFO queues](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html) in the *Developer Guide*.
If you don't specify a name, CFN generates a unique physical ID and uses that ID for the queue name. For more information, see [Name type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html) in the *User Guide*.
If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.
stringA name for the queue. To create a FIFO queue, the name of your FIFO queue must end with the .fifo suffix. For more information, see [FIFO queues](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html) in the *Developer Guide*. If you don't specify a name, CFN generates a unique physical ID and uses that ID for the queue name. For more information, see [Name type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html) in the *User Guide*. If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.
integerSpecifies the duration, in seconds, that the ReceiveMessage action call waits until a message is in the queue in order to include it in the response, rather than returning an empty response if a message isn't yet available. You can specify an integer from 1 to 20. Short polling is used as the default or when you specify 0 for this property. For more information, see [Consuming messages using long polling](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-short-and-long-polling.html#sqs-long-polling) in the *Developer Guide*.
objectThe string that includes the parameters for the permissions for the dead-letter queue redrive permission and which source queues can specify dead-letter queues as a JSON object. The parameters are as follows:
+ redrivePermission: The permission type that defines which source queues can specify the current queue as the dead-letter queue. Valid values are:
+ allowAll: (Default) Any source queues in this AWS account in the same Region can specify this queue as the dead-letter queue.
+ denyAll: No source queues can specify this queue as the dead-letter queue.
+ byQueue: Only queues specified by the sourceQueueArns parameter can specify this queue as the dead-letter queue.

+ sourceQueueArns: The Amazon Resource Names (ARN)s of the source queues that can specify this queue as the dead-letter queue and redrive messages. You can specify this parameter only when the redrivePermission parameter is set to byQueue. You can specify up to 10 source queue ARNs. To allow more than 10 source queues to specify dead-letter queues, set the redrivePermission parameter to allowAll.
objectThe string that includes the parameters for the dead-letter queue functionality of the source queue as a JSON object. The parameters are as follows:
+ deadLetterTargetArn: The Amazon Resource Name (ARN) of the dead-letter queue to which SQS moves messages after the value of maxReceiveCount is exceeded.
+ maxReceiveCount: The number of times a message is delivered to the source queue before being moved to the dead-letter queue. When the ReceiveCount for a message exceeds the maxReceiveCount for a queue, SQS moves the message to the dead-letter-queue.

The dead-letter queue of a FIFO queue must also be a FIFO queue. Similarly, the dead-letter queue of a standard queue must also be a standard queue.
*JSON*
{ "deadLetterTargetArn" : String, "maxReceiveCount" : Integer }
*YAML*
deadLetterTargetArn : String
maxReceiveCount : Integer
objectThe string that includes the parameters for the permissions for the dead-letter queue redrive permission and which source queues can specify dead-letter queues as a JSON object. The parameters are as follows: + redrivePermission: The permission type that defines which source queues can specify the current queue as the dead-letter queue. Valid values are: + allowAll: (Default) Any source queues in this AWS account in the same Region can specify this queue as the dead-letter queue. + denyAll: No source queues can specify this queue as the dead-letter queue. + byQueue: Only queues specified by the sourceQueueArns parameter can specify this queue as the dead-letter queue. + sourceQueueArns: The Amazon Resource Names (ARN)s of the source queues that can specify this queue as the dead-letter queue and redrive messages. You can specify this parameter only when the redrivePermission parameter is set to byQueue. You can specify up to 10 source queue ARNs. To allow more than 10 source queues to specify dead-letter queues, set the redrivePermission parameter to allowAll.
objectThe string that includes the parameters for the dead-letter queue functionality of the source queue as a JSON object. The parameters are as follows: + deadLetterTargetArn: The Amazon Resource Name (ARN) of the dead-letter queue to which SQS moves messages after the value of maxReceiveCount is exceeded. + maxReceiveCount: The number of times a message is delivered to the source queue before being moved to the dead-letter queue. When the ReceiveCount for a message exceeds the maxReceiveCount for a queue, SQS moves the message to the dead-letter-queue. The dead-letter queue of a FIFO queue must also be a FIFO queue. Similarly, the dead-letter queue of a standard queue must also be a standard queue. *JSON* { "deadLetterTargetArn" : String, "maxReceiveCount" : Integer } *YAML* deadLetterTargetArn : String maxReceiveCount : Integer
arrayThe tags that you attach to this queue. For more information, see [Resource tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html) in the *User Guide*.
integerThe length of time during which a message will be unavailable after a message is delivered from the queue. This blocks other components from receiving the same message and gives the initial component time to process and delete the message from the queue.
Values must be from 0 to 43,200 seconds (12 hours). If you don't specify a value, AWS CloudFormation uses the default value of 30 seconds.
For more information about SQS queue visibility timeouts, see [Visibility timeout](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-visibility-timeout.html) in the *Developer Guide*.
integerThe length of time during which a message will be unavailable after a message is delivered from the queue. This blocks other components from receiving the same message and gives the initial component time to process and delete the message from the queue. Values must be from 0 to 43,200 seconds (12 hours). If you don't specify a value, AWS CloudFormation uses the default value of 30 seconds. For more information about SQS queue visibility timeouts, see [Visibility timeout](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-visibility-timeout.html) in the *Developer Guide*.
stringAWS region.
diff --git a/docs/aws-docs/providers/aws/ssm/parameters/index.md b/docs/aws-docs/providers/aws/ssm/parameters/index.md index 249949dc43..c645eb1802 100644 --- a/docs/aws-docs/providers/aws/ssm/parameters/index.md +++ b/docs/aws-docs/providers/aws/ssm/parameters/index.md @@ -25,20 +25,20 @@ Creates, updates, deletes or gets a parameter resource or lists Nameparameters TypeResource -DescriptionThe AWS::SSM::Parameter resource creates an SSM parameter in SYSlong Parameter Store.
To create an SSM parameter, you must have the IAMlong (IAM) permissions ssm:PutParameter and ssm:AddTagsToResource. On stack creation, CFNlong adds the following three tags to the parameter: aws:cloudformation:stack-name, aws:cloudformation:logical-id, and aws:cloudformation:stack-id, in addition to any custom tags you specify.
To add, update, or remove tags during stack update, you must have IAM permissions for both ssm:AddTagsToResource and ssm:RemoveTagsFromResource. For more information, see [Managing Access Using Policies](https://docs.aws.amazon.com/systems-manager/latest/userguide/security-iam.html#security_iam_access-manage) in the *User Guide*.
For information about valid values for parameters, see [About requirements and constraints for parameter names](https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-paramstore-su-create.html#sysman-parameter-name-constraints) in the *User Guide* and [PutParameter](https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_PutParameter.html) in the *API Reference*. +DescriptionThe AWS::SSM::Parameter resource creates an SSM parameter in SYSlong Parameter Store. To create an SSM parameter, you must have the IAMlong (IAM) permissions ssm:PutParameter and ssm:AddTagsToResource. On stack creation, CFNlong adds the following three tags to the parameter: aws:cloudformation:stack-name, aws:cloudformation:logical-id, and aws:cloudformation:stack-id, in addition to any custom tags you specify. To add, update, or remove tags during stack update, you must have IAM permissions for both ssm:AddTagsToResource and ssm:RemoveTagsFromResource. For more information, see [Managing Access Using Policies](https://docs.aws.amazon.com/systems-manager/latest/userguide/security-iam.html#security_iam_access-manage) in the *User Guide*. For information about valid values for parameters, see [About requirements and constraints for parameter names](https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-paramstore-su-create.html#sysman-parameter-name-constraints) in the *User Guide* and [PutParameter](https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_PutParameter.html) in the *API Reference*. Id ## Fields - + - + - +
NameDatatypeDescription
stringThe type of parameter.
stringThe parameter value.
If type is StringList, the system returns a comma-separated string with no spaces between commas in the Value field.
stringThe parameter value. If type is StringList, the system returns a comma-separated string with no spaces between commas in the Value field.
stringInformation about the parameter.
stringInformation about the policies assigned to a parameter.
[Assigning parameter policies](https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-store-policies.html) in the *User Guide*.
stringInformation about the policies assigned to a parameter. [Assigning parameter policies](https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-store-policies.html) in the *User Guide*.
stringA regular expression used to validate the parameter value. For example, for String types with values restricted to numbers, you can specify the following: AllowedPattern=^\d+$
stringThe parameter tier.
objectOptional metadata that you assign to a resource in the form of an arbitrary set of tags (key-value pairs). Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag a SYS parameter to identify the type of resource to which it applies, the environment, or the type of configuration data referenced by the parameter.
stringThe data type of the parameter, such as text or aws:ec2:image. The default is text.
stringThe name of the parameter.
The maximum length constraint listed below includes capacity for additional system attributes that aren't part of the name. The maximum length for a parameter name, including the full length of the parameter Amazon Resource Name (ARN), is 1011 characters. For example, the length of the following parameter name is 65 characters, not 20 characters: arn:aws:ssm:us-east-2:111222333444:parameter/ExampleParameterName
stringThe name of the parameter. The maximum length constraint listed below includes capacity for additional system attributes that aren't part of the name. The maximum length for a parameter name, including the full length of the parameter Amazon Resource Name (ARN), is 1011 characters. For example, the length of the following parameter name is 65 characters, not 20 characters: arn:aws:ssm:us-east-2:111222333444:parameter/ExampleParameterName
stringAWS region.
diff --git a/docs/aws-docs/providers/aws/sso/instance_access_control_attribute_configurations/index.md b/docs/aws-docs/providers/aws/sso/instance_access_control_attribute_configurations/index.md index e7d90207ac..d47a955d71 100644 --- a/docs/aws-docs/providers/aws/sso/instance_access_control_attribute_configurations/index.md +++ b/docs/aws-docs/providers/aws/sso/instance_access_control_attribute_configurations/index.md @@ -31,7 +31,7 @@ Creates, updates, deletes or gets an instance_access_control_attribute_con ## Fields - +
NameDatatypeDescription
stringThe ARN of the AWS SSO instance under which the operation will be executed.
objectThe InstanceAccessControlAttributeConfiguration property has been deprecated but is still supported for backwards compatibility purposes. We recomend that you use AccessControlAttributes property instead.
objectThe InstanceAccessControlAttributeConfiguration property has been deprecated but is still supported for backwards compatibility purposes. We recomend that you use AccessControlAttributes property instead.
undefined
stringAWS region.