Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: update L1 CloudFormation resource definitions (#32847)
Updates the L1 CloudFormation resource definitions with the latest changes from `@aws-cdk/aws-service-spec`
**L1 CloudFormation resource definition changes:**
```
├[~] service aws-appconfig
│ └ resources
│ └[~] resource AWS::AppConfig::Deployment
│ ├ attributes
│ │ └[-] Id: string
│ └ types
│ └[~] type Tags
│ ├ - documentation: Metadata to assign to the deployment strategy. Tags help organize and categorize your AWS AppConfig resources. Each tag consists of a key and an optional value, both of which you define.
│ │ + documentation: undefined
│ └ properties
│ ├ Key: (documentation changed)
│ └ Value: (documentation changed)
├[~] service aws-appsync
│ └ resources
│ └[~] resource AWS::AppSync::DataSource
│ └ properties
│ └ ServiceRoleArn: (documentation changed)
├[~] service aws-backup
│ └ resources
│ └[~] resource AWS::Backup::LogicallyAirGappedBackupVault
│ ├ properties
│ │ ├[-] VaultState: string
│ │ └[-] VaultType: string
│ └ attributes
│ ├[+] VaultState: string
│ └[+] VaultType: string
├[~] service aws-cleanrooms
│ └ resources
│ ├[~] resource AWS::CleanRooms::Collaboration
│ │ ├ properties
│ │ │ └ CreatorMLMemberAbilities: (documentation changed)
│ │ └ types
│ │ ├[~] type MemberSpecification
│ │ │ └ properties
│ │ │ └ MLMemberAbilities: (documentation changed)
│ │ ├[~] type MLMemberAbilities
│ │ │ ├ - documentation: undefined
│ │ │ │ + documentation: The ML member abilities for a collaboration member.
│ │ │ └ properties
│ │ │ └ CustomMLMemberAbilities: (documentation changed)
│ │ ├[~] type MLPaymentConfig
│ │ │ ├ - documentation: undefined
│ │ │ │ + documentation: An object representing the collaboration member's machine learning payment responsibilities set by the collaboration creator.
│ │ │ └ properties
│ │ │ ├ ModelInference: (documentation changed)
│ │ │ └ ModelTraining: (documentation changed)
│ │ ├[~] type ModelInferencePaymentConfig
│ │ │ ├ - documentation: undefined
│ │ │ │ + documentation: An object representing the collaboration member's model inference payment responsibilities set by the collaboration creator.
│ │ │ └ properties
│ │ │ └ IsResponsible: (documentation changed)
│ │ ├[~] type ModelTrainingPaymentConfig
│ │ │ ├ - documentation: undefined
│ │ │ │ + documentation: An object representing the collaboration member's model training payment responsibilities set by the collaboration creator.
│ │ │ └ properties
│ │ │ └ IsResponsible: (documentation changed)
│ │ └[~] type PaymentConfiguration
│ │ └ properties
│ │ └ MachineLearning: (documentation changed)
│ └[~] resource AWS::CleanRooms::Membership
│ └ types
│ ├[~] type MembershipMLPaymentConfig
│ │ ├ - documentation: undefined
│ │ │ + documentation: An object representing the collaboration member's machine learning payment responsibilities set by the collaboration creator.
│ │ └ properties
│ │ ├ ModelInference: (documentation changed)
│ │ └ ModelTraining: (documentation changed)
│ ├[~] type MembershipModelInferencePaymentConfig
│ │ ├ - documentation: undefined
│ │ │ + documentation: An object representing the collaboration member's model inference payment responsibilities set by the collaboration creator.
│ │ └ properties
│ │ └ IsResponsible: (documentation changed)
│ ├[~] type MembershipModelTrainingPaymentConfig
│ │ ├ - documentation: undefined
│ │ │ + documentation: An object representing the collaboration member's model training payment responsibilities set by the collaboration creator.
│ │ └ properties
│ │ └ IsResponsible: (documentation changed)
│ └[~] type MembershipPaymentConfiguration
│ └ properties
│ └ MachineLearning: (documentation changed)
├[~] service aws-cloudformation
│ └ resources
│ └[~] resource AWS::CloudFormation::Macro
│ └ properties
│ └ LogGroupName: (documentation changed)
├[~] service aws-cloudwatch
│ └ resources
│ ├[~] resource AWS::CloudWatch::Alarm
│ │ ├ properties
│ │ │ └ Period: (documentation changed)
│ │ └ types
│ │ ├[~] type MetricDataQuery
│ │ │ └ properties
│ │ │ └ Period: (documentation changed)
│ │ └[~] type MetricStat
│ │ └ properties
│ │ └ Period: (documentation changed)
│ └[~] resource AWS::CloudWatch::AnomalyDetector
│ └ types
│ ├[~] type MetricDataQuery
│ │ └ properties
│ │ └ Period: (documentation changed)
│ └[~] type MetricStat
│ └ properties
│ └ Period: (documentation changed)
├[~] service aws-cognito
│ └ resources
│ ├[~] resource AWS::Cognito::LogDeliveryConfiguration
│ │ ├ - documentation: Sets up or modifies the logging configuration of a user pool. User pools can export user notification logs and advanced security features user activity logs.
│ │ │ + documentation: Sets up or modifies the logging configuration of a user pool. User pools can export user notification logs and, when threat protection is active, user-activity logs. For more information, see [Exporting user pool logs](https://docs.aws.amazon.com/cognito/latest/developerguide/exporting-quotas-and-usage.html) .
│ │ └ types
│ │ ├[~] type FirehoseConfiguration
│ │ │ ├ - documentation: Configuration for the Amazon Data Firehose stream destination of user activity log export with advanced security features.
│ │ │ │ + documentation: Configuration for the Amazon Data Firehose stream destination of user activity log export with threat protection.
│ │ │ └ properties
│ │ │ └ StreamArn: (documentation changed)
│ │ ├[~] type LogConfiguration
│ │ │ ├ - documentation: The configuration of user event logs to an external AWS service like Amazon Data Firehose, Amazon S3, or Amazon CloudWatch Logs.
│ │ │ │ This data type is a request parameter of [SetLogDeliveryConfiguration](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetLogDeliveryConfiguration.html) and a response parameter of [GetLogDeliveryConfiguration](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetLogDeliveryConfiguration.html) .
│ │ │ │ + documentation: The configuration of user event logs to an external AWS service like Amazon Data Firehose, Amazon S3, or Amazon CloudWatch Logs.
│ │ │ │ This data type is a request parameter of `API_SetLogDeliveryConfiguration` and a response parameter of `API_GetLogDeliveryConfiguration` .
│ │ │ └ properties
│ │ │ ├ CloudWatchLogsConfiguration: (documentation changed)
│ │ │ ├ FirehoseConfiguration: (documentation changed)
│ │ │ └ S3Configuration: (documentation changed)
│ │ └[~] type S3Configuration
│ │ ├ - documentation: Configuration for the Amazon S3 bucket destination of user activity log export with advanced security features.
│ │ │ + documentation: Configuration for the Amazon S3 bucket destination of user activity log export with threat protection.
│ │ └ properties
│ │ └ BucketArn: (documentation changed)
│ ├[~] resource AWS::Cognito::ManagedLoginBranding
│ │ └ types
│ │ └[~] type AssetType
│ │ └ - documentation: An image file from a managed login branding style in a user pool.
│ │ This data type is a request parameter of [CreateManagedLoginBranding](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateManagedLoginBranding.html) and [UpdateManagedLoginBranding](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateManagedLoginBranding.html) , and a response parameter of [DescribeManagedLoginBranding](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeManagedLoginBranding.html) .
│ │ + documentation: An image file from a managed login branding style in a user pool.
│ │ This data type is a request parameter of `API_CreateManagedLoginBranding` and `API_UpdateManagedLoginBranding` , and a response parameter of `API_DescribeManagedLoginBranding` .
│ ├[~] resource AWS::Cognito::UserPool
│ │ ├ properties
│ │ │ ├ AdminCreateUserConfig: (documentation changed)
│ │ │ ├ AliasAttributes: (documentation changed)
│ │ │ ├ AutoVerifiedAttributes: (documentation changed)
│ │ │ ├ MfaConfiguration: (documentation changed)
│ │ │ ├ Policies: (documentation changed)
│ │ │ ├ SmsConfiguration: (documentation changed)
│ │ │ ├ UserPoolAddOns: (documentation changed)
│ │ │ └ UserPoolName: (documentation changed)
│ │ └ types
│ │ ├[~] type AdminCreateUserConfig
│ │ │ ├ - documentation: The settings for administrator creation of users in a user pool. Contains settings for allowing user sign-up, customizing invitation messages to new users, and the amount of time before temporary passwords expire.
│ │ │ │ This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) .
│ │ │ │ + documentation: The settings for administrator creation of users in a user pool. Contains settings for allowing user sign-up, customizing invitation messages to new users, and the amount of time before temporary passwords expire.
│ │ │ │ This data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` .
│ │ │ └ properties
│ │ │ ├ AllowAdminCreateUserOnly: (documentation changed)
│ │ │ └ UnusedAccountValidityDays: (documentation changed)
│ │ ├[~] type AdvancedSecurityAdditionalFlows
│ │ │ ├ - documentation: Advanced security configuration options for additional authentication types in your user pool, including custom authentication.
│ │ │ │ + documentation: Threat protection configuration options for additional authentication types in your user pool, including custom authentication.
│ │ │ └ properties
│ │ │ └ CustomAuthMode: (documentation changed)
│ │ ├[~] type DeviceConfiguration
│ │ │ ├ - documentation: The device-remembering configuration for a user pool. A [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) request returns a null value for this object when the user pool isn't configured to remember devices. When device remembering is active, you can remember a user's device with a [ConfirmDevice](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ConfirmDevice.html) API request. Additionally. when the property `DeviceOnlyRememberedOnUserPrompt` is `true` , you must follow `ConfirmDevice` with an [UpdateDeviceStatus](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateDeviceStatus.html) API request that sets the user's device to `remembered` or `not_remembered` .
│ │ │ │ To sign in with a remembered device, include `DEVICE_KEY` in the authentication parameters in your user's [InitiateAuth](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html) request. If your app doesn't include a `DEVICE_KEY` parameter, the [response](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html#API_InitiateAuth_ResponseSyntax) from Amazon Cognito includes newly-generated `DEVICE_KEY` and `DEVICE_GROUP_KEY` values under `NewDeviceMetadata` . Store these values to use in future device-authentication requests.
│ │ │ │ > When you provide a value for any property of `DeviceConfiguration` , you activate the device remembering for the user pool.
│ │ │ │ >
│ │ │ │ > This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) .
│ │ │ │ + documentation: The device-remembering configuration for a user pool.
│ │ │ │ A `API_DescribeUserPool` request returns a null value for this object when the user pool isn't configured to remember devices. When device remembering is active, you can remember a user's device with a `API_ConfirmDevice` API request. Additionally. when the property `DeviceOnlyRememberedOnUserPrompt` is `true` , you must follow `ConfirmDevice` with an `API_UpdateDeviceStatus` API request that sets the user's device to `remembered` or `not_remembered` .
│ │ │ │ To sign in with a remembered device, include `DEVICE_KEY` in the authentication parameters in your user's `API_InitiateAuth` request. If your app doesn't include a `DEVICE_KEY` parameter, the `API_InitiateAuth` from Amazon Cognito includes newly-generated `DEVICE_KEY` and `DEVICE_GROUP_KEY` values under `NewDeviceMetadata` . Store these values to use in future device-authentication requests.
│ │ │ │ > When you provide a value for any property of `DeviceConfiguration` , you activate the device remembering for the user pool.
│ │ │ │ >
│ │ │ │ > This data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` .
│ │ │ └ properties
│ │ │ └ DeviceOnlyRememberedOnUserPrompt: (documentation changed)
│ │ ├[~] type LambdaConfig
│ │ │ └ - documentation: A collection of user pool Lambda triggers. Amazon Cognito invokes triggers at several possible stages of user pool operations. Triggers can modify the outcome of the operations that invoked them.
│ │ │ This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) .
│ │ │ + documentation: A collection of user pool Lambda triggers. Amazon Cognito invokes triggers at several possible stages of user pool operations. Triggers can modify the outcome of the operations that invoked them.
│ │ │ This data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` .
│ │ ├[~] type NumberAttributeConstraints
│ │ │ └ - documentation: The minimum and maximum values of an attribute that is of the number type, for example `custom:age` .
│ │ │ This data type is part of [SchemaAttributeType](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SchemaAttributeType.html) . It defines the length constraints on number-type attributes that you configure in [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and displays the length constraints of all number-type attributes in the response to [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html)
│ │ │ + documentation: The minimum and maximum values of an attribute that is of the number type, for example `custom:age` .
│ │ │ This data type is part of `API_SchemaAttributeType` . It defines the length constraints on number-type attributes that you configure in `API_CreateUserPool` and `API_UpdateUserPool` , and displays the length constraints of all number-type attributes in the response to `API_DescribeUserPool`
│ │ ├[~] type PasswordPolicy
│ │ │ ├ - documentation: The password policy settings for a user pool, including complexity, history, and length requirements.
│ │ │ │ This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) .
│ │ │ │ + documentation: The password policy settings for a user pool, including complexity, history, and length requirements.
│ │ │ │ This data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` .
│ │ │ └ properties
│ │ │ └ PasswordHistorySize: (documentation changed)
│ │ ├[~] type Policies
│ │ │ ├ - documentation: A list of user pool policies. Contains the policy that sets password-complexity requirements.
│ │ │ │ This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) .
│ │ │ │ + documentation: A list of user pool policies. Contains the policy that sets password-complexity requirements.
│ │ │ │ This data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` .
│ │ │ └ properties
│ │ │ └ SignInPolicy: (documentation changed)
│ │ ├[~] type PreTokenGenerationConfig
│ │ │ └ - documentation: The properties of a pre token generation Lambda trigger.
│ │ │ This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) .
│ │ │ + documentation: The properties of a pre token generation Lambda trigger.
│ │ │ This data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` .
│ │ ├[~] type RecoveryOption
│ │ │ └ - documentation: A recovery option for a user. The `AccountRecoverySettingType` data type is an array of this object. Each `RecoveryOptionType` has a priority property that determines whether it is a primary or secondary option.
│ │ │ For example, if `verified_email` has a priority of `1` and `verified_phone_number` has a priority of `2` , your user pool sends account-recovery messages to a verified email address but falls back to an SMS message if the user has a verified phone number. The `admin_only` option prevents self-service account recovery.
│ │ │ This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) .
│ │ │ + documentation: A recovery option for a user. The `AccountRecoverySettingType` data type is an array of this object. Each `RecoveryOptionType` has a priority property that determines whether it is a primary or secondary option.
│ │ │ For example, if `verified_email` has a priority of `1` and `verified_phone_number` has a priority of `2` , your user pool sends account-recovery messages to a verified email address but falls back to an SMS message if the user has a verified phone number. The `admin_only` option prevents self-service account recovery.
│ │ │ This data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` .
│ │ ├[~] type SchemaAttribute
│ │ │ └ - documentation: A list of the user attributes and their properties in your user pool. The attribute schema contains standard attributes, custom attributes with a `custom:` prefix, and developer attributes with a `dev:` prefix. For more information, see [User pool attributes](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html) .
│ │ │ Developer-only `dev:` attributes are a legacy feature of user pools, and are read-only to all app clients. You can create and update developer-only attributes only with IAM-authenticated API operations. Use app client read/write permissions instead.
│ │ │ This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) .
│ │ │ + documentation: A list of the user attributes and their properties in your user pool. The attribute schema contains standard attributes, custom attributes with a `custom:` prefix, and developer attributes with a `dev:` prefix. For more information, see [User pool attributes](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html) .
│ │ │ Developer-only `dev:` attributes are a legacy feature of user pools, and are read-only to all app clients. You can create and update developer-only attributes only with IAM-authenticated API operations. Use app client read/write permissions instead.
│ │ │ This data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` .
│ │ ├[~] type SignInPolicy
│ │ │ └ - documentation: The policy for allowed types of authentication in a user pool. To activate this setting, your user pool must be in the [Essentials tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-essentials.html) or higher.
│ │ │ This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) .
│ │ │ + documentation: The policy for allowed types of authentication in a user pool. To activate this setting, your user pool must be in the [Essentials tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-essentials.html) or higher.
│ │ │ This data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` .
│ │ ├[~] type SmsConfiguration
│ │ │ └ - documentation: User pool configuration for delivery of SMS messages with Amazon Simple Notification Service. To send SMS messages with Amazon SNS in the AWS Region that you want, the Amazon Cognito user pool uses an AWS Identity and Access Management (IAM) role in your AWS account .
│ │ │ This data type is a request parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) , [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and [SetUserPoolMfaConfig](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUserPoolMfaConfig.html) , and a response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) , [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and [GetUserPoolMfaConfig](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetUserPoolMfaConfig.html) .
│ │ │ + documentation: User pool configuration for delivery of SMS messages with Amazon Simple Notification Service. To send SMS messages with Amazon SNS in the AWS Region that you want, the Amazon Cognito user pool uses an AWS Identity and Access Management (IAM) role in your AWS account .
│ │ │ This data type is a request parameter of `API_CreateUserPool` , `API_UpdateUserPool` , and `API_SetUserPoolMfaConfig` , and a response parameter of `API_CreateUserPool` , `API_UpdateUserPool` , and `API_GetUserPoolMfaConfig` .
│ │ ├[~] type StringAttributeConstraints
│ │ │ └ - documentation: The minimum and maximum length values of an attribute that is of the string type, for example `custom:department` .
│ │ │ This data type is part of [SchemaAttributeType](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SchemaAttributeType.html) . It defines the length constraints on string-type attributes that you configure in [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and displays the length constraints of all string-type attributes in the response to [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html)
│ │ │ + documentation: The minimum and maximum length values of an attribute that is of the string type, for example `custom:department` .
│ │ │ This data type is part of `API_SchemaAttributeType` . It defines the length constraints on string-type attributes that you configure in `API_CreateUserPool` and `API_UpdateUserPool` , and displays the length constraints of all string-type attributes in the response to `API_DescribeUserPool`
│ │ ├[~] type UserAttributeUpdateSettings
│ │ │ └ properties
│ │ │ └ AttributesRequireVerificationBeforeUpdate: (documentation changed)
│ │ ├[~] type UsernameConfiguration
│ │ │ └ - documentation: Case sensitivity of the username input for the selected sign-in option. When case sensitivity is set to `False` (case insensitive), users can sign in with any combination of capital and lowercase letters. For example, `username` , `USERNAME` , or `UserName` , or for email, `email@example.com` or `EMaiL@eXamplE.Com` . For most use cases, set case sensitivity to `False` (case insensitive) as a best practice. When usernames and email addresses are case insensitive, Amazon Cognito treats any variation in case as the same user, and prevents a case variation from being assigned to the same attribute for a different user.
│ │ │ This configuration is immutable after you set it. For more information, see [UsernameConfigurationType](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UsernameConfigurationType.html) .
│ │ │ + documentation: Case sensitivity of the username input for the selected sign-in option. When case sensitivity is set to `False` (case insensitive), users can sign in with any combination of capital and lowercase letters. For example, `username` , `USERNAME` , or `UserName` , or for email, `email@example.com` or `EMaiL@eXamplE.Com` . For most use cases, set case sensitivity to `False` (case insensitive) as a best practice. When usernames and email addresses are case insensitive, Amazon Cognito treats any variation in case as the same user, and prevents a case variation from being assigned to the same attribute for a different user.
│ │ │ This configuration is immutable after you set it. For more information, see `API_UsernameConfigurationType` .
│ │ ├[~] type UserPoolAddOns
│ │ │ ├ - documentation: User pool add-ons. Contains settings for activation of threat protection. To log user security information but take no action, set to `AUDIT` . To configure automatic security responses to risky traffic to your user pool, set to `ENFORCED` .
│ │ │ │ For more information, see [Adding advanced security to a user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html) . To activate this setting, your user pool must be on the [Plus tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-plus.html) .
│ │ │ │ This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) .
│ │ │ │ + documentation: Contains settings for activation of threat protection, including the operating mode and additional authentication types. To log user security information but take no action, set to `AUDIT` . To configure automatic security responses to potentially unwanted traffic to your user pool, set to `ENFORCED` .
│ │ │ │ For more information, see [Adding advanced security to a user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html) . To activate this setting, your user pool must be on the [Plus tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-plus.html) .
│ │ │ │ This data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` .
│ │ │ └ properties
│ │ │ ├ AdvancedSecurityAdditionalFlows: (documentation changed)
│ │ │ └ AdvancedSecurityMode: (documentation changed)
│ │ └[~] type VerificationMessageTemplate
│ │ └ - documentation: The template for the verification message that your user pool delivers to users who set an email address or phone number attribute.
│ │ This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) .
│ │ + documentation: The template for the verification message that your user pool delivers to users who set an email address or phone number attribute.
│ │ This data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` .
│ ├[~] resource AWS::Cognito::UserPoolClient
│ │ ├ properties
│ │ │ ├ AllowedOAuthFlows: (documentation changed)
│ │ │ ├ AllowedOAuthFlowsUserPoolClient: (documentation changed)
│ │ │ ├ AllowedOAuthScopes: (documentation changed)
│ │ │ ├ CallbackURLs: (documentation changed)
│ │ │ ├ EnablePropagateAdditionalUserContextData: (documentation changed)
│ │ │ ├ EnableTokenRevocation: (documentation changed)
│ │ │ ├ ExplicitAuthFlows: (documentation changed)
│ │ │ ├ GenerateSecret: (documentation changed)
│ │ │ ├ LogoutURLs: (documentation changed)
│ │ │ ├ ReadAttributes: (documentation changed)
│ │ │ ├ SupportedIdentityProviders: (documentation changed)
│ │ │ └ WriteAttributes: (documentation changed)
│ │ └ types
│ │ ├[~] type AnalyticsConfiguration
│ │ │ └ - documentation: The settings for Amazon Pinpoint analytics configuration. With an analytics configuration, your application can collect user-activity metrics for user notifications with a Amazon Pinpoint campaign.
│ │ │ Amazon Pinpoint isn't available in all AWS Regions. For a list of available Regions, see [Amazon Cognito and Amazon Pinpoint Region availability](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-pinpoint-integration.html#cognito-user-pools-find-region-mappings) .
│ │ │ This data type is a request parameter of [CreateUserPoolClient](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPoolClient.html) and [UpdateUserPoolClient](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPoolClient.html) , and a response parameter of [DescribeUserPoolClient](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPoolClient.html) .
│ │ │ + documentation: The settings for Amazon Pinpoint analytics configuration. With an analytics configuration, your application can collect user-activity metrics for user notifications with a Amazon Pinpoint campaign.
│ │ │ Amazon Pinpoint isn't available in all AWS Regions. For a list of available Regions, see [Amazon Cognito and Amazon Pinpoint Region availability](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-pinpoint-integration.html#cognito-user-pools-find-region-mappings) .
│ │ │ This data type is a request parameter of `API_CreateUserPoolClient` and `API_UpdateUserPoolClient` , and a response parameter of `API_DescribeUserPoolClient` .
│ │ └[~] type TokenValidityUnits
│ │ └ - documentation: The time units you use when you set the duration of ID, access, and refresh tokens. The default unit for RefreshToken is days, and the default for ID and access tokens is hours.
│ │ + documentation: The units that validity times are represented in. The default unit for refresh tokens is days, and the default for ID and access tokens are hours.
│ ├[~] resource AWS::Cognito::UserPoolDomain
│ │ ├ properties
│ │ │ ├ CustomDomainConfig: (documentation changed)
│ │ │ ├ Domain: (documentation changed)
│ │ │ └ UserPoolId: (documentation changed)
│ │ └ types
│ │ └[~] type CustomDomainConfigType
│ │ └ - documentation: The configuration for a hosted UI custom domain.
│ │ This data type is a request parameter of [CreateUserPoolDomain](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPoolDomain.html) and [UpdateUserPoolDomain](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPoolDomain.html) .
│ │ + documentation: The configuration for a hosted UI custom domain.
│ │ This data type is a request parameter of `API_CreateUserPoolDomain` and `API_UpdateUserPoolDomain` .
│ ├[~] resource AWS::Cognito::UserPoolGroup
│ │ └ - documentation: A user pool group. Contains details about the group and the way that it contributes to IAM role decisions with identity pools. Identity pools can make decisions about the IAM role to assign based on groups: users get credentials for the role associated with their highest-priority group.
│ │ This data type is a response parameter of [AdminListGroupsForUser](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminListGroupsForUser.html) , [CreateGroup](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateGroup.html) , [GetGroup](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetGroup.html) , [ListGroups](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ListGroups.html) , and [UpdateGroup](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateGroup.html) .
│ │ + documentation: A user pool group. Contains details about the group and the way that it contributes to IAM role decisions with identity pools. Identity pools can make decisions about the IAM role to assign based on groups: users get credentials for the role associated with their highest-priority group.
│ │ This data type is a response parameter of `API_AdminListGroupsForUser` , `API_CreateGroup` , `API_GetGroup` , `API_ListGroups` , and `API_UpdateGroup` .
│ ├[~] resource AWS::Cognito::UserPoolResourceServer
│ │ └ types
│ │ └[~] type ResourceServerScopeType
│ │ └ - documentation: One custom scope associated with a user pool resource server. This data type is a member of `ResourceServerScopeType` . For more information, see [Scopes, M2M, and API authorization with resource servers](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-define-resource-servers.html) .
│ │ This data type is a request parameter of [CreateResourceServer](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateResourceServer.html) and a response parameter of [DescribeResourceServer](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeResourceServer.html) .
│ │ + documentation: One custom scope associated with a user pool resource server. This data type is a member of `ResourceServerScopeType` . For more information, see [Scopes, M2M, and API authorization with resource servers](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-define-resource-servers.html) .
│ │ This data type is a request parameter of `API_CreateResourceServer` and a response parameter of `API_DescribeResourceServer` .
│ ├[~] resource AWS::Cognito::UserPoolRiskConfigurationAttachment
│ │ ├ properties
│ │ │ ├ AccountTakeoverRiskConfiguration: (documentation changed)
│ │ │ └ CompromisedCredentialsRiskConfiguration: (documentation changed)
│ │ └ types
│ │ ├[~] type AccountTakeoverActionsType
│ │ │ ├ - documentation: A list of account-takeover actions for each level of risk that Amazon Cognito might assess with advanced security features.
│ │ │ │ This data type is a request parameter of [SetRiskConfiguration](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetRiskConfiguration.html) and a response parameter of [DescribeRiskConfiguration](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeRiskConfiguration.html) .
│ │ │ │ + documentation: A list of account-takeover actions for each level of risk that Amazon Cognito might assess with threat protection features.
│ │ │ │ This data type is a request parameter of `API_SetRiskConfiguration` and a response parameter of `API_DescribeRiskConfiguration` .
│ │ │ └ properties
│ │ │ ├ HighAction: (documentation changed)
│ │ │ ├ LowAction: (documentation changed)
│ │ │ └ MediumAction: (documentation changed)
│ │ ├[~] type AccountTakeoverActionType
│ │ │ └ - documentation: The automated response to a risk level for adaptive authentication in full-function, or `ENFORCED` , mode. You can assign an action to each risk level that advanced security features evaluates.
│ │ │ This data type is a request parameter of [SetRiskConfiguration](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetRiskConfiguration.html) and a response parameter of [DescribeRiskConfiguration](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeRiskConfiguration.html) .
│ │ │ + documentation: The automated response to a risk level for adaptive authentication in full-function, or `ENFORCED` , mode. You can assign an action to each risk level that threat protection evaluates.
│ │ │ This data type is a request parameter of `API_SetRiskConfiguration` and a response parameter of `API_DescribeRiskConfiguration` .
│ │ ├[~] type AccountTakeoverRiskConfigurationType
│ │ │ ├ - documentation: The settings for automated responses and notification templates for adaptive authentication with advanced security features.
│ │ │ │ This data type is a request parameter of [SetRiskConfiguration](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetRiskConfiguration.html) and a response parameter of [DescribeRiskConfiguration](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeRiskConfiguration.html) .
│ │ │ │ + documentation: The settings for automated responses and notification templates for adaptive authentication with threat protection features.
│ │ │ │ This data type is a request parameter of `API_SetRiskConfiguration` and a response parameter of `API_DescribeRiskConfiguration` .
│ │ │ └ properties
│ │ │ ├ Actions: (documentation changed)
│ │ │ └ NotifyConfiguration: (documentation changed)
│ │ ├[~] type CompromisedCredentialsActionsType
│ │ │ └ - documentation: Settings for user pool actions when Amazon Cognito detects compromised credentials with advanced security features in full-function `ENFORCED` mode.
│ │ │ This data type is a request parameter of [SetRiskConfiguration](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetRiskConfiguration.html) and a response parameter of [DescribeRiskConfiguration](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeRiskConfiguration.html) .
│ │ │ + documentation: Settings for user pool actions when Amazon Cognito detects compromised credentials with threat protection in full-function `ENFORCED` mode.
│ │ │ This data type is a request parameter of `API_SetRiskConfiguration` and a response parameter of `API_DescribeRiskConfiguration` .
│ │ ├[~] type CompromisedCredentialsRiskConfigurationType
│ │ │ └ - documentation: Settings for compromised-credentials actions and authentication-event sources with advanced security features in full-function `ENFORCED` mode.
│ │ │ This data type is a request parameter of [SetRiskConfiguration](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetRiskConfiguration.html) and a response parameter of [DescribeRiskConfiguration](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeRiskConfiguration.html) .
│ │ │ + documentation: Settings for compromised-credentials actions and authentication-event sources with threat protection in full-function `ENFORCED` mode.
│ │ │ This data type is a request parameter of `API_SetRiskConfiguration` and a response parameter of `API_DescribeRiskConfiguration` .
│ │ ├[~] type NotifyConfigurationType
│ │ │ └ - documentation: The configuration for Amazon SES email messages that advanced security features sends to a user when your adaptive authentication automated response has a *Notify* action.
│ │ │ This data type is a request parameter of [SetRiskConfiguration](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetRiskConfiguration.html) and a response parameter of [DescribeRiskConfiguration](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeRiskConfiguration.html) .
│ │ │ + documentation: The configuration for Amazon SES email messages that threat protection sends to a user when your adaptive authentication automated response has a *Notify* action.
│ │ │ This data type is a request parameter of `API_SetRiskConfiguration` and a response parameter of `API_DescribeRiskConfiguration` .
│ │ ├[~] type NotifyEmailType
│ │ │ └ - documentation: The template for email messages that advanced security features sends to a user when your threat protection automated response has a *Notify* action.
│ │ │ This data type is a request parameter of [SetRiskConfiguration](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetRiskConfiguration.html) and a response parameter of [DescribeRiskConfiguration](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeRiskConfiguration.html) .
│ │ │ + documentation: The template for email messages that threat protection sends to a user when your threat protection automated response has a *Notify* action.
│ │ │ This data type is a request parameter of `API_SetRiskConfiguration` and a response parameter of `API_DescribeRiskConfiguration` .
│ │ └[~] type RiskExceptionConfigurationType
│ │ └ - documentation: Exceptions to the risk evaluation configuration, including always-allow and always-block IP address ranges.
│ │ This data type is a request parameter of [SetRiskConfiguration](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetRiskConfiguration.html) and a response parameter of [DescribeRiskConfiguration](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeRiskConfiguration.html) .
│ │ + documentation: Exceptions to the risk evaluation configuration, including always-allow and always-block IP address ranges.
│ │ This data type is a request parameter of `API_SetRiskConfiguration` and a response parameter of `API_DescribeRiskConfiguration` .
│ ├[~] resource AWS::Cognito::UserPoolUICustomizationAttachment
│ │ ├ - documentation: A container for the UI customization information for the hosted UI in a user pool.
│ │ │ This data type is a response parameter of [GetUICustomization](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPoolClient.html) .
│ │ │ + documentation: A container for the UI customization information for the hosted UI in a user pool.
│ │ │ This data type is a response parameter of `API_DescribeUserPoolClient` .
│ │ └ properties
│ │ ├ CSS: (documentation changed)
│ │ └ UserPoolId: (documentation changed)
│ └[~] resource AWS::Cognito::UserPoolUser
│ ├ properties
│ │ ├ UserAttributes: (documentation changed)
│ │ └ ValidationData: (documentation changed)
│ └ types
│ └[~] type AttributeType
│ └ - documentation: The name and value of a user attribute.
│ This data type is a request parameter of [AdminUpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html) and [UpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserAttributes.html) .
│ + documentation: The name and value of a user attribute.
│ This data type is a request parameter of `API_AdminUpdateUserAttributes` and `API_UpdateUserAttributes` .
├[~] service aws-customerprofiles
│ └ resources
│ └[+] resource AWS::CustomerProfiles::EventTrigger
│ ├ name: EventTrigger
│ │ cloudFormationType: AWS::CustomerProfiles::EventTrigger
│ │ documentation: An event trigger resource of Amazon Connect Customer Profiles
│ │ tagInformation: {"tagPropertyName":"Tags","variant":"standard"}
│ ├ properties
│ │ ├ DomainName: string (required, immutable)
│ │ ├ EventTriggerName: string (required, immutable)
│ │ ├ ObjectTypeName: string (required)
│ │ ├ Description: string
│ │ ├ EventTriggerConditions: Array<EventTriggerCondition> (required)
│ │ ├ EventTriggerLimits: EventTriggerLimits
│ │ ├ SegmentFilter: string
│ │ └ Tags: Array<tag>
│ ├ attributes
│ │ ├ CreatedAt: string
│ │ └ LastUpdatedAt: string
│ └ types
│ ├ type EventTriggerCondition
│ │ ├ documentation: Specifies the circumstances under which the event should trigger the destination.
│ │ │ name: EventTriggerCondition
│ │ └ properties
│ │ ├ EventTriggerDimensions: Array<EventTriggerDimension> (required)
│ │ └ LogicalOperator: string (required)
│ ├ type EventTriggerDimension
│ │ ├ documentation: A specific event dimension to be assessed.
│ │ │ name: EventTriggerDimension
│ │ └ properties
│ │ └ ObjectAttributes: Array<ObjectAttribute> (required)
│ ├ type EventTriggerLimits
│ │ ├ documentation: Defines limits controlling whether an event triggers the destination, based on ingestion latency and the number of invocations per profile over specific time periods.
│ │ │ name: EventTriggerLimits
│ │ └ properties
│ │ ├ EventExpiration: integer
│ │ └ Periods: Array<Period>
│ ├ type ObjectAttribute
│ │ ├ documentation: The criteria that a specific object attribute must meet to trigger the destination.
│ │ │ name: ObjectAttribute
│ │ └ properties
│ │ ├ Source: string
│ │ ├ FieldName: string
│ │ ├ ComparisonOperator: string (required)
│ │ └ Values: Array<string> (required)
│ └ type Period
│ ├ documentation: Defines a limit and the time period during which it is enforced.
│ │ name: Period
│ └ properties
│ ├ Unit: string (required)
│ ├ Value: integer (required)
│ ├ MaxInvocationsPerProfile: integer
│ └ Unlimited: boolean
├[~] service aws-docdb
│ └ resources
│ └[~] resource AWS::DocDB::DBCluster
│ └ properties
│ ├ ManageMasterUserPassword: (documentation changed)
│ ├ MasterUserSecretKmsKeyId: (documentation changed)
│ └ RotateMasterUserPassword: (documentation changed)
├[~] service aws-dynamodb
│ └ resources
│ ├[~] resource AWS::DynamoDB::GlobalTable
│ │ └ types
│ │ └[~] type PointInTimeRecoverySpecification
│ │ └ properties
│ │ └[+] RecoveryPeriodInDays: integer
│ └[~] resource AWS::DynamoDB::Table
│ └ types
│ └[~] type PointInTimeRecoverySpecification
│ └ properties
│ └ RecoveryPeriodInDays: (documentation changed)
├[~] service aws-ec2
│ └ resources
│ ├[~] resource AWS::EC2::EC2Fleet
│ │ └ types
│ │ └[~] type InstanceRequirementsRequest
│ │ └ properties
│ │ └ AcceleratorTypes: (documentation changed)
│ ├[~] resource AWS::EC2::LaunchTemplate
│ │ └ types
│ │ └[~] type InstanceRequirements
│ │ └ properties
│ │ └ AcceleratorTypes: (documentation changed)
│ └[~] resource AWS::EC2::SpotFleet
│ └ types
│ └[~] type InstanceRequirementsRequest
│ └ properties
│ └ AcceleratorTypes: (documentation changed)
├[~] service aws-healthlake
│ └ resources
│ └[~] resource AWS::HealthLake::FHIRDatastore
│ ├ properties
│ │ ├ DatastoreName: (documentation changed)
│ │ ├ DatastoreTypeVersion: (documentation changed)
│ │ ├ IdentityProviderConfiguration: (documentation changed)
│ │ ├ PreloadDataConfig: (documentation changed)
│ │ └ SseConfiguration: (documentation changed)
│ └ types
│ ├[~] type IdentityProviderConfiguration
│ │ ├ - documentation: The identity provider configuration that you gave when the data store was created.
│ │ │ + documentation: The identity provider configuration selected when the data store was created.
│ │ └ properties
│ │ ├ AuthorizationStrategy: (documentation changed)
│ │ ├ FineGrainedAuthorizationEnabled: (documentation changed)
│ │ ├ IdpLambdaArn: (documentation changed)
│ │ └ Metadata: (documentation changed)
│ ├[~] type KmsEncryptionConfig
│ │ └ properties
│ │ └ KmsKeyId: (documentation changed)
│ ├[~] type PreloadDataConfig
│ │ └ - documentation: Optional parameter to preload data upon creation of the data store. Currently, the only supported preloaded data is synthetic data generated from Synthea.
│ │ + documentation: An optional parameter to preload (import) open source Synthea FHIR data upon creation of the data store.
│ └[~] type SseConfiguration
│ ├ - documentation: The server-side encryption key configuration for a customer provided encryption key.
│ │ + documentation: The server-side encryption key configuration for a customer-provided encryption key.
│ └ properties
│ └ KmsEncryptionConfig: (documentation changed)
├[-] service aws-iot1click
│ ├ capitalized: IoT1Click
│ │ cloudFormationNamespace: AWS::IoT1Click
│ │ name: aws-iot1click
│ │ shortName: iot1click
│ └ resources
│ ├ resource AWS::IoT1Click::Device
│ │ ├ name: Device
│ │ │ cloudFormationType: AWS::IoT1Click::Device
│ │ │ documentation: > AWS IoT 1-Click was discontinued on Dec 16, 2024. For more information, see [AWS IoT 1-Click](https://docs.aws.amazon.com//iot/latest/developerguide/iot-legacy-services.html) .
│ │ │ The `AWS::IoT1Click::Device` resource controls the enabled state of an AWS IoT 1-Click compatible device. For more information, see [Device](https://docs.aws.amazon.com/iot-1-click/1.0/devices-apireference/devices-deviceid.html) in the *AWS IoT 1-Click Devices API Reference* .
│ │ ├ properties
│ │ │ ├ DeviceId: string (required, immutable)
│ │ │ └ Enabled: boolean (required)
│ │ └ attributes
│ │ ├ DeviceId: string
│ │ ├ Enabled: boolean
│ │ └ Arn: string
│ ├ resource AWS::IoT1Click::Placement
│ │ ├ name: Placement
│ │ │ cloudFormationType: AWS::IoT1Click::Placement
│ │ │ documentation: > AWS IoT 1-Click was discontinued on Dec 16, 2024. For more information, see [AWS IoT 1-Click](https://docs.aws.amazon.com//iot/latest/developerguide/iot-legacy-services.html) .
│ │ │ The `AWS::IoT1Click::Placement` resource creates a placement to be associated with an AWS IoT 1-Click project. A placement is an instance of a device in a location. For more information, see [Projects, Templates, and Placements](https://docs.aws.amazon.com/iot-1-click/latest/developerguide/1click-PTP.html) in the *AWS IoT 1-Click Developer Guide* .
│ │ ├ properties
│ │ │ ├ PlacementName: string (immutable)
│ │ │ ├ ProjectName: string (required, immutable)
│ │ │ ├ AssociatedDevices: json (immutable)
│ │ │ └ Attributes: json
│ │ └ attributes
│ │ ├ PlacementName: string
│ │ ├ ProjectName: string
│ │ └ Id: string
│ └ resource AWS::IoT1Click::Project
│ ├ name: Project
│ │ cloudFormationType: AWS::IoT1Click::Project
│ │ documentation: > AWS IoT 1-Click was discontinued on Dec 16, 2024. For more information, see [AWS IoT 1-Click](https://docs.aws.amazon.com//iot/latest/developerguide/iot-legacy-services.html) .
│ │ The `AWS::IoT1Click::Project` resource creates an empty project with a placement template. A project contains zero or more placements that adhere to the placement template defined in the project. For more information, see [CreateProject](https://docs.aws.amazon.com/iot-1-click/latest/projects-apireference/API_CreateProject.html) in the *AWS IoT 1-Click Projects API Reference* .
│ ├ properties
│ │ ├ Description: string
│ │ ├ PlacementTemplate: PlacementTemplate (required)
│ │ └ ProjectName: string (immutable)
│ ├ attributes
│ │ ├ ProjectName: string
│ │ ├ Arn: string
│ │ └ Id: string
│ └ types
│ ├ type DeviceTemplate
│ │ ├ name: DeviceTemplate
│ │ └ properties
│ │ ├ DeviceType: string
│ │ └ CallbackOverrides: json
│ └ type PlacementTemplate
│ ├ documentation: > AWS IoT 1-Click was discontinued on Dec 16, 2024. For more information, see [AWS IoT 1-Click](https://docs.aws.amazon.com//iot/latest/developerguide/iot-legacy-services.html) .
│ │ In AWS CloudFormation , use the `PlacementTemplate` property type to define the template for an AWS IoT 1-Click project.
│ │ `PlacementTemplate` is a property of the `AWS::IoT1Click::Project` resource.
│ │ name: PlacementTemplate
│ └ properties
│ ├ DeviceTemplates: Map<string, DeviceTemplate> (immutable)
│ └ DefaultAttributes: json
├[~] service aws-lex
│ └ resources
│ └[~] resource AWS::Lex::Bot
│ ├ properties
│ │ └[+] Replication: Replication
│ └ types
│ └[+] type Replication
│ ├ documentation: Parameter used to create a replication of the source bot in the secondary region.
│ │ name: Replication
│ └ properties
│ └ ReplicaRegions: Array<string> (required)
├[~] service aws-mediaconvert
│ └ resources
│ └[~] resource AWS::MediaConvert::Queue
│ └ properties
│ └ ConcurrentJobs: (documentation changed)
├[~] service aws-organizations
│ └ resources
│ └[~] resource AWS::Organizations::Organization
│ └ properties
│ └ FeatureSet: (documentation changed)
├[~] service aws-resiliencehub
│ └ resources
│ └[~] resource AWS::ResilienceHub::App
│ └ properties
│ └[+] RegulatoryPolicyArn: string
├[~] service aws-rolesanywhere
│ └ resources
│ └[~] resource AWS::RolesAnywhere::Profile
│ └ properties
│ └ RequireInstanceProperties: - boolean
│ + boolean (immutable)
├[~] service aws-s3
│ └ resources
│ └[~] resource AWS::S3::Bucket
│ └ types
│ └[~] type Transition
│ └ properties
│ └ TransitionInDays: (documentation changed)
├[~] service aws-ses
│ └ resources
│ └[~] resource AWS::SES::ConfigurationSet
│ └ types
│ └[~] type TrackingOptions
│ └ properties
│ └[+] HttpsPolicy: string
├[~] service aws-ssm
│ └ resources
│ └[~] resource AWS::SSM::Parameter
│ ├ - documentation: The `AWS::SSM::Parameter` resource creates an SSM parameter in AWS Systems Manager Parameter Store.
│ │ > To create an SSM parameter, you must have the AWS Identity and Access Management ( IAM ) permissions `ssm:PutParameter` and `ssm:AddTagsToResource` . On stack creation, AWS CloudFormation adds the following three tags to the parameter: `aws:cloudformation:stack-name` , `aws:cloudformation:logical-id` , and `aws:cloudformation:stack-id` , in addition to any custom tags you specify.
│ │ >
│ │ > To add, update, or remove tags during stack update, you must have IAM permissions for both `ssm:AddTagsToResource` and `ssm:RemoveTagsFromResource` . For more information, see [Managing Access Using Policies](https://docs.aws.amazon.com/systems-manager/latest/userguide/security-iam.html#security_iam_access-manage) in the *AWS Systems Manager User Guide* .
│ │ For information about valid values for parameters, see [About requirements and constraints for parameter names](https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-paramstore-su-create.html#sysman-parameter-name-constraints) in the *AWS Systems Manager User Guide* and [PutParameter](https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_PutParameter.html) in the *AWS Systems Manager API Reference* .
│ │ + documentation: The `AWS::SSM::Parameter` resource creates an SSM parameter in AWS Systems Manager Parameter Store.
│ │ > To create an SSM parameter, you must have the AWS Identity and Access Management ( IAM ) permissions `ssm:PutParameter` and `ssm:AddTagsToResource` . On stack creation, AWS CloudFormation adds the following three tags to the parameter: `aws:cloudformation:stack-name` , `aws:cloudformation:logical-id` , and `aws:cloudformation:stack-id` , in addition to any custom tags you specify.
│ │ >
│ │ > To add, update, or remove tags during stack update, you must have IAM permissions for both `ssm:AddTagsToResource` and `ssm:RemoveTagsFromResource` . For more information, see [Managing Access Using Policies](https://docs.aws.amazon.com/systems-manager/latest/userguide/security-iam.html#security_iam_access-manage) in the *AWS Systems Manager User Guide* .
│ │ For information about valid values for parameters, see [About requirements and constraints for parameter names](https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-paramstore-su-create.html#sysman-parameter-name-constraints) in the *AWS Systems Manager User Guide* and [PutParameter](https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_PutParameter.html) in the *AWS Systems Manager API Reference* .
│ │ > Parameters of type `SecureString` are not supported by AWS CloudFormation .
│ └ properties
│ └ Type: (documentation changed)
├[~] service aws-ssmquicksetup
│ └ resources
│ └[~] resource AWS::SSMQuickSetup::ConfigurationManager
│ └ types
│ └[~] type ConfigurationDefinition
│ └ properties
│ └ Parameters: (documentation changed)
└[~] service aws-sso
└ resources
├[~] resource AWS::SSO::Application
│ └ - documentation: Creates an application in IAM Identity Center for the given application provider.
│ + documentation: Creates an OAuth 2.0 customer managed application in IAM Identity Center for the given application provider.
│ > This API does not support creating SAML 2.0 customer managed applications or AWS managed applications. To learn how to create an AWS managed application, see the application user guide. You can create a SAML 2.0 customer managed application in the AWS Management Console only. See [Setting up customer managed SAML 2.0 applications](https://docs.aws.amazon.com/singlesignon/latest/userguide/customermanagedapps-saml2-setup.html) . For more information on these application types, see [AWS managed applications](https://docs.aws.amazon.com/singlesignon/latest/userguide/awsapps.html) .
└[~] resource AWS::SSO::PermissionSet
└ properties
└ ManagedPolicies: (documentation changed)
```- Loading branch information
1 parent
166466d
commit 9317203