// *** WARNING: this file was generated by pulumi-language-nodejs. *** // *** Do not edit by hand unless you're certain you know what you are doing! *** import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; import * as enums from "../types/enums"; import * as utilities from "../utilities"; export interface GetAvailabilityZoneFilter { /** * Name of the filter field. Valid values can be found in the [EC2 DescribeAvailabilityZones API Reference](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeAvailabilityZones.html). */ name: string; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: string[]; } export interface GetAvailabilityZoneFilterArgs { /** * Name of the filter field. Valid values can be found in the [EC2 DescribeAvailabilityZones API Reference](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeAvailabilityZones.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: pulumi.Input[]>; } export interface GetAvailabilityZonesFilter { /** * Name of the filter field. Valid values can be found in the [EC2 DescribeAvailabilityZones API Reference](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeAvailabilityZones.html). */ name: string; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: string[]; } export interface GetAvailabilityZonesFilterArgs { /** * Name of the filter field. Valid values can be found in the [EC2 DescribeAvailabilityZones API Reference](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeAvailabilityZones.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: pulumi.Input[]>; } export interface GetRegionsFilter { /** * Name of the filter field. Valid values can be found in the [describe-regions AWS CLI Reference][1]. */ name: string; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: string[]; } export interface GetRegionsFilterArgs { /** * Name of the filter field. Valid values can be found in the [describe-regions AWS CLI Reference][1]. */ name: pulumi.Input; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: pulumi.Input[]>; } export interface ProviderAssumeRole { /** * The duration, between 15 minutes and 12 hours, of the role session. Valid time units are ns, us (or µs), ms, s, h, or m. */ duration?: pulumi.Input; /** * A unique identifier that might be required when you assume a role in another account. */ externalId?: pulumi.Input; /** * IAM Policy JSON describing further restricting permissions for the IAM Role being assumed. */ policy?: pulumi.Input; /** * Amazon Resource Names (ARNs) of IAM Policies describing further restricting permissions for the IAM Role being assumed. */ policyArns?: pulumi.Input[]>; /** * Amazon Resource Name (ARN) of an IAM Role to assume prior to making API calls. */ roleArn?: pulumi.Input; /** * An identifier for the assumed role session. */ sessionName?: pulumi.Input; /** * Source identity specified by the principal assuming the role. */ sourceIdentity?: pulumi.Input; /** * Assume role session tags. */ tags?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Assume role session tag keys to pass to any subsequent sessions. */ transitiveTagKeys?: pulumi.Input[]>; } export interface ProviderAssumeRoleWithWebIdentity { /** * The duration, between 15 minutes and 12 hours, of the role session. Valid time units are ns, us (or µs), ms, s, h, or m. */ duration?: pulumi.Input; /** * IAM Policy JSON describing further restricting permissions for the IAM Role being assumed. */ policy?: pulumi.Input; /** * Amazon Resource Names (ARNs) of IAM Policies describing further restricting permissions for the IAM Role being assumed. */ policyArns?: pulumi.Input[]>; /** * Amazon Resource Name (ARN) of an IAM Role to assume prior to making API calls. */ roleArn?: pulumi.Input; /** * An identifier for the assumed role session. */ sessionName?: pulumi.Input; webIdentityToken?: pulumi.Input; webIdentityTokenFile?: pulumi.Input; } export interface ProviderDefaultTags { /** * Resource tags to default across all resources. Can also be configured with environment variables like `TF_AWS_DEFAULT_TAGS_`. */ tags?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface ProviderEndpoint { /** * Use this to override the default service endpoint URL */ accessanalyzer?: pulumi.Input; /** * Use this to override the default service endpoint URL */ account?: pulumi.Input; /** * Use this to override the default service endpoint URL */ acm?: pulumi.Input; /** * Use this to override the default service endpoint URL */ acmpca?: pulumi.Input; /** * Use this to override the default service endpoint URL */ amg?: pulumi.Input; /** * Use this to override the default service endpoint URL */ amp?: pulumi.Input; /** * Use this to override the default service endpoint URL */ amplify?: pulumi.Input; /** * Use this to override the default service endpoint URL */ apigateway?: pulumi.Input; /** * Use this to override the default service endpoint URL */ apigatewayv2?: pulumi.Input; /** * Use this to override the default service endpoint URL */ appautoscaling?: pulumi.Input; /** * Use this to override the default service endpoint URL */ appconfig?: pulumi.Input; /** * Use this to override the default service endpoint URL */ appfabric?: pulumi.Input; /** * Use this to override the default service endpoint URL */ appflow?: pulumi.Input; /** * Use this to override the default service endpoint URL */ appintegrations?: pulumi.Input; /** * Use this to override the default service endpoint URL */ appintegrationsservice?: pulumi.Input; /** * Use this to override the default service endpoint URL */ applicationautoscaling?: pulumi.Input; /** * Use this to override the default service endpoint URL */ applicationinsights?: pulumi.Input; /** * Use this to override the default service endpoint URL */ applicationsignals?: pulumi.Input; /** * Use this to override the default service endpoint URL */ appmesh?: pulumi.Input; /** * Use this to override the default service endpoint URL */ appregistry?: pulumi.Input; /** * Use this to override the default service endpoint URL */ apprunner?: pulumi.Input; /** * Use this to override the default service endpoint URL */ appstream?: pulumi.Input; /** * Use this to override the default service endpoint URL */ appsync?: pulumi.Input; /** * Use this to override the default service endpoint URL */ arcregionswitch?: pulumi.Input; /** * Use this to override the default service endpoint URL */ arczonalshift?: pulumi.Input; /** * Use this to override the default service endpoint URL */ athena?: pulumi.Input; /** * Use this to override the default service endpoint URL */ auditmanager?: pulumi.Input; /** * Use this to override the default service endpoint URL */ autoscaling?: pulumi.Input; /** * Use this to override the default service endpoint URL */ autoscalingplans?: pulumi.Input; /** * Use this to override the default service endpoint URL */ backup?: pulumi.Input; /** * Use this to override the default service endpoint URL */ batch?: pulumi.Input; /** * Use this to override the default service endpoint URL */ bcmdataexports?: pulumi.Input; /** * Use this to override the default service endpoint URL */ beanstalk?: pulumi.Input; /** * Use this to override the default service endpoint URL */ bedrock?: pulumi.Input; /** * Use this to override the default service endpoint URL */ bedrockagent?: pulumi.Input; /** * Use this to override the default service endpoint URL */ bedrockagentcore?: pulumi.Input; /** * Use this to override the default service endpoint URL */ billing?: pulumi.Input; /** * Use this to override the default service endpoint URL */ budgets?: pulumi.Input; /** * Use this to override the default service endpoint URL */ ce?: pulumi.Input; /** * Use this to override the default service endpoint URL */ chatbot?: pulumi.Input; /** * Use this to override the default service endpoint URL */ chime?: pulumi.Input; /** * Use this to override the default service endpoint URL */ chimesdkmediapipelines?: pulumi.Input; /** * Use this to override the default service endpoint URL */ chimesdkvoice?: pulumi.Input; /** * Use this to override the default service endpoint URL */ cleanrooms?: pulumi.Input; /** * Use this to override the default service endpoint URL */ cloud9?: pulumi.Input; /** * Use this to override the default service endpoint URL */ cloudcontrol?: pulumi.Input; /** * Use this to override the default service endpoint URL */ cloudcontrolapi?: pulumi.Input; /** * Use this to override the default service endpoint URL */ cloudformation?: pulumi.Input; /** * Use this to override the default service endpoint URL */ cloudfront?: pulumi.Input; /** * Use this to override the default service endpoint URL */ cloudfrontkeyvaluestore?: pulumi.Input; /** * Use this to override the default service endpoint URL */ cloudhsm?: pulumi.Input; /** * Use this to override the default service endpoint URL */ cloudhsmv2?: pulumi.Input; /** * Use this to override the default service endpoint URL */ cloudsearch?: pulumi.Input; /** * Use this to override the default service endpoint URL */ cloudtrail?: pulumi.Input; /** * Use this to override the default service endpoint URL */ cloudwatch?: pulumi.Input; /** * Use this to override the default service endpoint URL */ cloudwatchevents?: pulumi.Input; /** * Use this to override the default service endpoint URL */ cloudwatchevidently?: pulumi.Input; /** * Use this to override the default service endpoint URL */ cloudwatchlog?: pulumi.Input; /** * Use this to override the default service endpoint URL */ cloudwatchlogs?: pulumi.Input; /** * Use this to override the default service endpoint URL */ cloudwatchobservabilityaccessmanager?: pulumi.Input; /** * Use this to override the default service endpoint URL */ cloudwatchrum?: pulumi.Input; /** * Use this to override the default service endpoint URL */ codeartifact?: pulumi.Input; /** * Use this to override the default service endpoint URL */ codebuild?: pulumi.Input; /** * Use this to override the default service endpoint URL */ codecatalyst?: pulumi.Input; /** * Use this to override the default service endpoint URL */ codecommit?: pulumi.Input; /** * Use this to override the default service endpoint URL */ codeconnections?: pulumi.Input; /** * Use this to override the default service endpoint URL */ codedeploy?: pulumi.Input; /** * Use this to override the default service endpoint URL */ codeguruprofiler?: pulumi.Input; /** * Use this to override the default service endpoint URL */ codegurureviewer?: pulumi.Input; /** * Use this to override the default service endpoint URL */ codepipeline?: pulumi.Input; /** * Use this to override the default service endpoint URL */ codestarconnections?: pulumi.Input; /** * Use this to override the default service endpoint URL */ codestarnotifications?: pulumi.Input; /** * Use this to override the default service endpoint URL */ cognitoidentity?: pulumi.Input; /** * Use this to override the default service endpoint URL */ cognitoidentityprovider?: pulumi.Input; /** * Use this to override the default service endpoint URL */ cognitoidp?: pulumi.Input; /** * Use this to override the default service endpoint URL */ comprehend?: pulumi.Input; /** * Use this to override the default service endpoint URL */ computeoptimizer?: pulumi.Input; /** * Use this to override the default service endpoint URL */ config?: pulumi.Input; /** * Use this to override the default service endpoint URL */ configservice?: pulumi.Input; /** * Use this to override the default service endpoint URL */ connect?: pulumi.Input; /** * Use this to override the default service endpoint URL */ connectcases?: pulumi.Input; /** * Use this to override the default service endpoint URL */ controltower?: pulumi.Input; /** * Use this to override the default service endpoint URL */ costandusagereportservice?: pulumi.Input; /** * Use this to override the default service endpoint URL */ costexplorer?: pulumi.Input; /** * Use this to override the default service endpoint URL */ costoptimizationhub?: pulumi.Input; /** * Use this to override the default service endpoint URL */ cur?: pulumi.Input; /** * Use this to override the default service endpoint URL */ customerprofiles?: pulumi.Input; /** * Use this to override the default service endpoint URL */ databasemigration?: pulumi.Input; /** * Use this to override the default service endpoint URL */ databasemigrationservice?: pulumi.Input; /** * Use this to override the default service endpoint URL */ databrew?: pulumi.Input; /** * Use this to override the default service endpoint URL */ dataexchange?: pulumi.Input; /** * Use this to override the default service endpoint URL */ datapipeline?: pulumi.Input; /** * Use this to override the default service endpoint URL */ datasync?: pulumi.Input; /** * Use this to override the default service endpoint URL */ datazone?: pulumi.Input; /** * Use this to override the default service endpoint URL */ dax?: pulumi.Input; /** * Use this to override the default service endpoint URL */ deploy?: pulumi.Input; /** * Use this to override the default service endpoint URL */ detective?: pulumi.Input; /** * Use this to override the default service endpoint URL */ devicefarm?: pulumi.Input; /** * Use this to override the default service endpoint URL */ devopsguru?: pulumi.Input; /** * Use this to override the default service endpoint URL */ directconnect?: pulumi.Input; /** * Use this to override the default service endpoint URL */ directoryservice?: pulumi.Input; /** * Use this to override the default service endpoint URL */ dlm?: pulumi.Input; /** * Use this to override the default service endpoint URL */ dms?: pulumi.Input; /** * Use this to override the default service endpoint URL */ docdb?: pulumi.Input; /** * Use this to override the default service endpoint URL */ docdbelastic?: pulumi.Input; /** * Use this to override the default service endpoint URL */ drs?: pulumi.Input; /** * Use this to override the default service endpoint URL */ ds?: pulumi.Input; /** * Use this to override the default service endpoint URL */ dsql?: pulumi.Input; /** * Use this to override the default service endpoint URL */ dynamodb?: pulumi.Input; /** * Use this to override the default service endpoint URL */ ec2?: pulumi.Input; /** * Use this to override the default service endpoint URL */ ecr?: pulumi.Input; /** * Use this to override the default service endpoint URL */ ecrpublic?: pulumi.Input; /** * Use this to override the default service endpoint URL */ ecs?: pulumi.Input; /** * Use this to override the default service endpoint URL */ efs?: pulumi.Input; /** * Use this to override the default service endpoint URL */ eks?: pulumi.Input; /** * Use this to override the default service endpoint URL */ elasticache?: pulumi.Input; /** * Use this to override the default service endpoint URL */ elasticbeanstalk?: pulumi.Input; /** * Use this to override the default service endpoint URL */ elasticloadbalancing?: pulumi.Input; /** * Use this to override the default service endpoint URL */ elasticloadbalancingv2?: pulumi.Input; /** * Use this to override the default service endpoint URL */ elasticsearch?: pulumi.Input; /** * Use this to override the default service endpoint URL */ elasticsearchservice?: pulumi.Input; /** * Use this to override the default service endpoint URL */ elastictranscoder?: pulumi.Input; /** * Use this to override the default service endpoint URL */ elb?: pulumi.Input; /** * Use this to override the default service endpoint URL */ elbv2?: pulumi.Input; /** * Use this to override the default service endpoint URL */ emr?: pulumi.Input; /** * Use this to override the default service endpoint URL */ emrcontainers?: pulumi.Input; /** * Use this to override the default service endpoint URL */ emrserverless?: pulumi.Input; /** * Use this to override the default service endpoint URL */ es?: pulumi.Input; /** * Use this to override the default service endpoint URL */ eventbridge?: pulumi.Input; /** * Use this to override the default service endpoint URL */ events?: pulumi.Input; /** * Use this to override the default service endpoint URL */ evidently?: pulumi.Input; /** * Use this to override the default service endpoint URL */ evs?: pulumi.Input; /** * Use this to override the default service endpoint URL */ finspace?: pulumi.Input; /** * Use this to override the default service endpoint URL */ firehose?: pulumi.Input; /** * Use this to override the default service endpoint URL */ fis?: pulumi.Input; /** * Use this to override the default service endpoint URL */ fms?: pulumi.Input; /** * Use this to override the default service endpoint URL */ fsx?: pulumi.Input; /** * Use this to override the default service endpoint URL */ gamelift?: pulumi.Input; /** * Use this to override the default service endpoint URL */ glacier?: pulumi.Input; /** * Use this to override the default service endpoint URL */ globalaccelerator?: pulumi.Input; /** * Use this to override the default service endpoint URL */ glue?: pulumi.Input; /** * Use this to override the default service endpoint URL */ gluedatabrew?: pulumi.Input; /** * Use this to override the default service endpoint URL */ grafana?: pulumi.Input; /** * Use this to override the default service endpoint URL */ greengrass?: pulumi.Input; /** * Use this to override the default service endpoint URL */ groundstation?: pulumi.Input; /** * Use this to override the default service endpoint URL */ guardduty?: pulumi.Input; /** * Use this to override the default service endpoint URL */ healthlake?: pulumi.Input; /** * Use this to override the default service endpoint URL */ iam?: pulumi.Input; /** * Use this to override the default service endpoint URL */ identitystore?: pulumi.Input; /** * Use this to override the default service endpoint URL */ imagebuilder?: pulumi.Input; /** * Use this to override the default service endpoint URL */ inspector?: pulumi.Input; /** * Use this to override the default service endpoint URL */ inspector2?: pulumi.Input; /** * Use this to override the default service endpoint URL */ inspectorv2?: pulumi.Input; /** * Use this to override the default service endpoint URL */ internetmonitor?: pulumi.Input; /** * Use this to override the default service endpoint URL */ invoicing?: pulumi.Input; /** * Use this to override the default service endpoint URL */ iot?: pulumi.Input; /** * Use this to override the default service endpoint URL */ ivs?: pulumi.Input; /** * Use this to override the default service endpoint URL */ ivschat?: pulumi.Input; /** * Use this to override the default service endpoint URL */ kafka?: pulumi.Input; /** * Use this to override the default service endpoint URL */ kafkaconnect?: pulumi.Input; /** * Use this to override the default service endpoint URL */ kendra?: pulumi.Input; /** * Use this to override the default service endpoint URL */ keyspaces?: pulumi.Input; /** * Use this to override the default service endpoint URL */ kinesis?: pulumi.Input; /** * Use this to override the default service endpoint URL */ kinesisanalytics?: pulumi.Input; /** * Use this to override the default service endpoint URL */ kinesisanalyticsv2?: pulumi.Input; /** * Use this to override the default service endpoint URL */ kinesisvideo?: pulumi.Input; /** * Use this to override the default service endpoint URL */ kms?: pulumi.Input; /** * Use this to override the default service endpoint URL */ lakeformation?: pulumi.Input; /** * Use this to override the default service endpoint URL */ lambda?: pulumi.Input; /** * Use this to override the default service endpoint URL */ launchwizard?: pulumi.Input; /** * Use this to override the default service endpoint URL */ lex?: pulumi.Input; /** * Use this to override the default service endpoint URL */ lexmodelbuilding?: pulumi.Input; /** * Use this to override the default service endpoint URL */ lexmodelbuildingservice?: pulumi.Input; /** * Use this to override the default service endpoint URL */ lexmodels?: pulumi.Input; /** * Use this to override the default service endpoint URL */ lexmodelsv2?: pulumi.Input; /** * Use this to override the default service endpoint URL */ lexv2models?: pulumi.Input; /** * Use this to override the default service endpoint URL */ licensemanager?: pulumi.Input; /** * Use this to override the default service endpoint URL */ lightsail?: pulumi.Input; /** * Use this to override the default service endpoint URL */ location?: pulumi.Input; /** * Use this to override the default service endpoint URL */ locationservice?: pulumi.Input; /** * Use this to override the default service endpoint URL */ logs?: pulumi.Input; /** * Use this to override the default service endpoint URL */ m2?: pulumi.Input; /** * Use this to override the default service endpoint URL */ macie2?: pulumi.Input; /** * Use this to override the default service endpoint URL */ managedgrafana?: pulumi.Input; /** * Use this to override the default service endpoint URL */ mediaconnect?: pulumi.Input; /** * Use this to override the default service endpoint URL */ mediaconvert?: pulumi.Input; /** * Use this to override the default service endpoint URL */ medialive?: pulumi.Input; /** * Use this to override the default service endpoint URL */ mediapackage?: pulumi.Input; /** * Use this to override the default service endpoint URL */ mediapackagev2?: pulumi.Input; /** * Use this to override the default service endpoint URL */ mediapackagevod?: pulumi.Input; /** * Use this to override the default service endpoint URL */ mediastore?: pulumi.Input; /** * Use this to override the default service endpoint URL */ memorydb?: pulumi.Input; /** * Use this to override the default service endpoint URL */ mgn?: pulumi.Input; /** * Use this to override the default service endpoint URL */ mpa?: pulumi.Input; /** * Use this to override the default service endpoint URL */ mq?: pulumi.Input; /** * Use this to override the default service endpoint URL */ msk?: pulumi.Input; /** * Use this to override the default service endpoint URL */ mwaa?: pulumi.Input; /** * Use this to override the default service endpoint URL */ mwaaserverless?: pulumi.Input; /** * Use this to override the default service endpoint URL */ neptune?: pulumi.Input; /** * Use this to override the default service endpoint URL */ neptunegraph?: pulumi.Input; /** * Use this to override the default service endpoint URL */ networkfirewall?: pulumi.Input; /** * Use this to override the default service endpoint URL */ networkflowmonitor?: pulumi.Input; /** * Use this to override the default service endpoint URL */ networkmanager?: pulumi.Input; /** * Use this to override the default service endpoint URL */ networkmonitor?: pulumi.Input; /** * Use this to override the default service endpoint URL */ notifications?: pulumi.Input; /** * Use this to override the default service endpoint URL */ notificationscontacts?: pulumi.Input; /** * Use this to override the default service endpoint URL */ oam?: pulumi.Input; /** * Use this to override the default service endpoint URL */ observabilityadmin?: pulumi.Input; /** * Use this to override the default service endpoint URL */ odb?: pulumi.Input; /** * Use this to override the default service endpoint URL */ opensearch?: pulumi.Input; /** * Use this to override the default service endpoint URL */ opensearchingestion?: pulumi.Input; /** * Use this to override the default service endpoint URL */ opensearchserverless?: pulumi.Input; /** * Use this to override the default service endpoint URL */ opensearchservice?: pulumi.Input; /** * Use this to override the default service endpoint URL */ organizations?: pulumi.Input; /** * Use this to override the default service endpoint URL */ osis?: pulumi.Input; /** * Use this to override the default service endpoint URL */ outposts?: pulumi.Input; /** * Use this to override the default service endpoint URL */ paymentcryptography?: pulumi.Input; /** * Use this to override the default service endpoint URL */ pcaconnectorad?: pulumi.Input; /** * Use this to override the default service endpoint URL */ pcs?: pulumi.Input; /** * Use this to override the default service endpoint URL */ pinpoint?: pulumi.Input; /** * Use this to override the default service endpoint URL */ pinpointsmsvoicev2?: pulumi.Input; /** * Use this to override the default service endpoint URL */ pipes?: pulumi.Input; /** * Use this to override the default service endpoint URL */ polly?: pulumi.Input; /** * Use this to override the default service endpoint URL */ pricing?: pulumi.Input; /** * Use this to override the default service endpoint URL */ prometheus?: pulumi.Input; /** * Use this to override the default service endpoint URL */ prometheusservice?: pulumi.Input; /** * Use this to override the default service endpoint URL */ qbusiness?: pulumi.Input; /** * Use this to override the default service endpoint URL */ qldb?: pulumi.Input; /** * Use this to override the default service endpoint URL */ quicksight?: pulumi.Input; /** * Use this to override the default service endpoint URL */ ram?: pulumi.Input; /** * Use this to override the default service endpoint URL */ rbin?: pulumi.Input; /** * Use this to override the default service endpoint URL */ rds?: pulumi.Input; /** * Use this to override the default service endpoint URL */ rdsdata?: pulumi.Input; /** * Use this to override the default service endpoint URL */ rdsdataservice?: pulumi.Input; /** * Use this to override the default service endpoint URL */ recyclebin?: pulumi.Input; /** * Use this to override the default service endpoint URL */ redshift?: pulumi.Input; /** * Use this to override the default service endpoint URL */ redshiftdata?: pulumi.Input; /** * Use this to override the default service endpoint URL */ redshiftdataapiservice?: pulumi.Input; /** * Use this to override the default service endpoint URL */ redshiftserverless?: pulumi.Input; /** * Use this to override the default service endpoint URL */ rekognition?: pulumi.Input; /** * Use this to override the default service endpoint URL */ resiliencehub?: pulumi.Input; /** * Use this to override the default service endpoint URL */ resourceexplorer2?: pulumi.Input; /** * Use this to override the default service endpoint URL */ resourcegroups?: pulumi.Input; /** * Use this to override the default service endpoint URL */ resourcegroupstagging?: pulumi.Input; /** * Use this to override the default service endpoint URL */ resourcegroupstaggingapi?: pulumi.Input; /** * Use this to override the default service endpoint URL */ rolesanywhere?: pulumi.Input; /** * Use this to override the default service endpoint URL */ route53?: pulumi.Input; /** * Use this to override the default service endpoint URL */ route53domains?: pulumi.Input; /** * Use this to override the default service endpoint URL */ route53profiles?: pulumi.Input; /** * Use this to override the default service endpoint URL */ route53recoverycontrolconfig?: pulumi.Input; /** * Use this to override the default service endpoint URL */ route53recoveryreadiness?: pulumi.Input; /** * Use this to override the default service endpoint URL */ route53resolver?: pulumi.Input; /** * Use this to override the default service endpoint URL */ rum?: pulumi.Input; /** * Use this to override the default service endpoint URL */ s3?: pulumi.Input; /** * Use this to override the default service endpoint URL */ s3api?: pulumi.Input; /** * Use this to override the default service endpoint URL */ s3control?: pulumi.Input; /** * Use this to override the default service endpoint URL */ s3outposts?: pulumi.Input; /** * Use this to override the default service endpoint URL */ s3tables?: pulumi.Input; /** * Use this to override the default service endpoint URL */ s3vectors?: pulumi.Input; /** * Use this to override the default service endpoint URL */ sagemaker?: pulumi.Input; /** * Use this to override the default service endpoint URL */ savingsplans?: pulumi.Input; /** * Use this to override the default service endpoint URL */ scheduler?: pulumi.Input; /** * Use this to override the default service endpoint URL */ schemas?: pulumi.Input; /** * Use this to override the default service endpoint URL */ secretsmanager?: pulumi.Input; /** * Use this to override the default service endpoint URL */ securityhub?: pulumi.Input; /** * Use this to override the default service endpoint URL */ securitylake?: pulumi.Input; /** * Use this to override the default service endpoint URL */ serverlessapplicationrepository?: pulumi.Input; /** * Use this to override the default service endpoint URL */ serverlessapprepo?: pulumi.Input; /** * Use this to override the default service endpoint URL */ serverlessrepo?: pulumi.Input; /** * Use this to override the default service endpoint URL */ servicecatalog?: pulumi.Input; /** * Use this to override the default service endpoint URL */ servicecatalogappregistry?: pulumi.Input; /** * Use this to override the default service endpoint URL */ servicediscovery?: pulumi.Input; /** * Use this to override the default service endpoint URL */ servicequotas?: pulumi.Input; /** * Use this to override the default service endpoint URL */ ses?: pulumi.Input; /** * Use this to override the default service endpoint URL */ sesv2?: pulumi.Input; /** * Use this to override the default service endpoint URL */ sfn?: pulumi.Input; /** * Use this to override the default service endpoint URL */ shield?: pulumi.Input; /** * Use this to override the default service endpoint URL */ signer?: pulumi.Input; /** * Use this to override the default service endpoint URL */ sns?: pulumi.Input; /** * Use this to override the default service endpoint URL */ sqs?: pulumi.Input; /** * Use this to override the default service endpoint URL */ ssm?: pulumi.Input; /** * Use this to override the default service endpoint URL */ ssmcontacts?: pulumi.Input; /** * Use this to override the default service endpoint URL */ ssmincidents?: pulumi.Input; /** * Use this to override the default service endpoint URL */ ssmquicksetup?: pulumi.Input; /** * Use this to override the default service endpoint URL */ ssmsap?: pulumi.Input; /** * Use this to override the default service endpoint URL */ sso?: pulumi.Input; /** * Use this to override the default service endpoint URL */ ssoadmin?: pulumi.Input; /** * Use this to override the default service endpoint URL */ stepfunctions?: pulumi.Input; /** * Use this to override the default service endpoint URL */ storagegateway?: pulumi.Input; /** * Use this to override the default service endpoint URL */ sts?: pulumi.Input; /** * Use this to override the default service endpoint URL */ swf?: pulumi.Input; /** * Use this to override the default service endpoint URL */ synthetics?: pulumi.Input; /** * Use this to override the default service endpoint URL */ taxsettings?: pulumi.Input; /** * Use this to override the default service endpoint URL */ timestreaminfluxdb?: pulumi.Input; /** * Use this to override the default service endpoint URL */ timestreamquery?: pulumi.Input; /** * Use this to override the default service endpoint URL */ timestreamwrite?: pulumi.Input; /** * Use this to override the default service endpoint URL */ transcribe?: pulumi.Input; /** * Use this to override the default service endpoint URL */ transcribeservice?: pulumi.Input; /** * Use this to override the default service endpoint URL */ transfer?: pulumi.Input; /** * Use this to override the default service endpoint URL */ verifiedpermissions?: pulumi.Input; /** * Use this to override the default service endpoint URL */ vpclattice?: pulumi.Input; /** * Use this to override the default service endpoint URL */ waf?: pulumi.Input; /** * Use this to override the default service endpoint URL */ wafregional?: pulumi.Input; /** * Use this to override the default service endpoint URL */ wafv2?: pulumi.Input; /** * Use this to override the default service endpoint URL */ wellarchitected?: pulumi.Input; /** * Use this to override the default service endpoint URL */ workmail?: pulumi.Input; /** * Use this to override the default service endpoint URL */ workspaces?: pulumi.Input; /** * Use this to override the default service endpoint URL */ workspacesweb?: pulumi.Input; /** * Use this to override the default service endpoint URL */ xray?: pulumi.Input; } export interface ProviderIgnoreTags { /** * Resource tag key prefixes to ignore across all resources. Can also be configured with the TF_AWS_IGNORE_TAGS_KEY_PREFIXES environment variable. */ keyPrefixes?: pulumi.Input[]>; /** * Resource tag keys to ignore across all resources. Can also be configured with the TF_AWS_IGNORE_TAGS_KEYS environment variable. */ keys?: pulumi.Input[]>; } export namespace accessanalyzer { export interface AnalyzerConfiguration { /** * Specifies the configuration of an internal access analyzer for an AWS organization or account. This configuration determines how the analyzer evaluates access within your AWS environment. See `internalAccess` Block for details. */ internalAccess?: pulumi.Input; /** * Specifies the configuration of an unused access analyzer for an AWS organization or account. See `unusedAccess` Block for details. */ unusedAccess?: pulumi.Input; } export interface AnalyzerConfigurationInternalAccess { /** * Information about analysis rules for the internal access analyzer. These rules determine which resources and access patterns will be analyzed. See `analysisRule` Block for Internal Access Analyzer for details. */ analysisRule?: pulumi.Input; } export interface AnalyzerConfigurationInternalAccessAnalysisRule { /** * List of rules for the internal access analyzer containing criteria to include in analysis. Only resources that meet the rule criteria will generate findings. See `inclusion` Block for details. */ inclusions?: pulumi.Input[]>; } export interface AnalyzerConfigurationInternalAccessAnalysisRuleInclusion { /** * List of AWS account IDs to apply to the internal access analysis rule criteria. Account IDs can only be applied to the analysis rule criteria for organization-level analyzers. */ accountIds?: pulumi.Input[]>; /** * List of resource ARNs to apply to the internal access analysis rule criteria. The analyzer will only generate findings for resources that match these ARNs. */ resourceArns?: pulumi.Input[]>; /** * List of resource types to apply to the internal access analysis rule criteria. The analyzer will only generate findings for resources of these types. Refer to [InternalAccessAnalysisRuleCriteria](https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_InternalAccessAnalysisRuleCriteria.html) in the AWS IAM Access Analyzer API Reference for valid values. */ resourceTypes?: pulumi.Input[]>; } export interface AnalyzerConfigurationUnusedAccess { /** * Information about analysis rules for the analyzer. Analysis rules determine which entities will generate findings based on the criteria you define when you create the rule. See `analysisRule` Block for Unused Access Analyzer for details. */ analysisRule?: pulumi.Input; /** * Specified access age in days for which to generate findings for unused access. */ unusedAccessAge?: pulumi.Input; } export interface AnalyzerConfigurationUnusedAccessAnalysisRule { /** * List of rules for the analyzer containing criteria to exclude from analysis. Entities that meet the rule criteria will not generate findings. See `exclusion` Block for details. */ exclusions?: pulumi.Input[]>; } export interface AnalyzerConfigurationUnusedAccessAnalysisRuleExclusion { /** * List of AWS account IDs to apply to the analysis rule criteria. The accounts cannot include the organization analyzer owner account. Account IDs can only be applied to the analysis rule criteria for organization-level analyzers. */ accountIds?: pulumi.Input[]>; /** * List of key-value pairs for resource tags to exclude from the analysis. */ resourceTags?: pulumi.Input}>[]>; } export interface ArchiveRuleFilter { /** * Contains comparator. */ contains?: pulumi.Input[]>; /** * Filter criteria. */ criteria: pulumi.Input; /** * Equals comparator. */ eqs?: pulumi.Input[]>; /** * Boolean comparator. */ exists?: pulumi.Input; /** * Not Equals comparator. */ neqs?: pulumi.Input[]>; } } export namespace account { } export namespace acm { export interface CertificateDomainValidationOption { /** * Fully qualified domain name (FQDN) in the certificate. */ domainName?: pulumi.Input; /** * The name of the DNS record to create to validate the certificate */ resourceRecordName?: pulumi.Input; /** * The type of DNS record to create */ resourceRecordType?: pulumi.Input; /** * The value the DNS record needs to have */ resourceRecordValue?: pulumi.Input; } export interface CertificateOptions { /** * Whether certificate details should be added to a certificate transparency log. Valid values are `ENABLED` or `DISABLED`. See https://docs.aws.amazon.com/acm/latest/userguide/acm-concepts.html#concept-transparency for more details. */ certificateTransparencyLoggingPreference?: pulumi.Input; /** * Whether the certificate can be exported. Valid values are `ENABLED` or `DISABLED` (default). **Note** Issuing an exportable certificate is subject to additional charges. See [AWS Certificate Manager pricing](https://aws.amazon.com/certificate-manager/pricing/) for more details. */ export?: pulumi.Input; } export interface CertificateRenewalSummary { /** * The status of ACM's managed renewal of the certificate */ renewalStatus?: pulumi.Input; /** * The reason that a renewal request was unsuccessful or is pending */ renewalStatusReason?: pulumi.Input; updatedAt?: pulumi.Input; } export interface CertificateValidationOption { /** * Fully qualified domain name (FQDN) in the certificate. */ domainName: pulumi.Input; /** * Domain name that you want ACM to use to send you validation emails. This domain name is the suffix of the email addresses that you want ACM to use. This must be the same as the `domainName` value or a superdomain of the `domainName` value. For example, if you request a certificate for `"testing.example.com"`, you can specify `"example.com"` for this value. */ validationDomain: pulumi.Input; } } export namespace acmpca { export interface CertificateAuthorityCertificateAuthorityConfiguration { /** * Type of the public key algorithm and size, in bits, of the key pair that your key pair creates when it issues a certificate. Valid values can be found in the [ACM PCA Documentation](https://docs.aws.amazon.com/privateca/latest/APIReference/API_CertificateAuthorityConfiguration.html). */ keyAlgorithm: pulumi.Input; /** * Name of the algorithm your private CA uses to sign certificate requests. Valid values can be found in the [ACM PCA Documentation](https://docs.aws.amazon.com/privateca/latest/APIReference/API_CertificateAuthorityConfiguration.html). */ signingAlgorithm: pulumi.Input; /** * Nested argument that contains X.500 distinguished name information. At least one nested attribute must be specified. */ subject: pulumi.Input; } export interface CertificateAuthorityCertificateAuthorityConfigurationSubject { /** * Fully qualified domain name (FQDN) associated with the certificate subject. Must be less than or equal to 64 characters in length. */ commonName?: pulumi.Input; /** * Two digit code that specifies the country in which the certificate subject located. Must be less than or equal to 2 characters in length. */ country?: pulumi.Input; /** * Disambiguating information for the certificate subject. Must be less than or equal to 64 characters in length. */ distinguishedNameQualifier?: pulumi.Input; /** * Typically a qualifier appended to the name of an individual. Examples include Jr. for junior, Sr. for senior, and III for third. Must be less than or equal to 3 characters in length. */ generationQualifier?: pulumi.Input; /** * First name. Must be less than or equal to 16 characters in length. */ givenName?: pulumi.Input; /** * Concatenation that typically contains the first letter of the `givenName`, the first letter of the middle name if one exists, and the first letter of the `surname`. Must be less than or equal to 5 characters in length. */ initials?: pulumi.Input; /** * Locality (such as a city or town) in which the certificate subject is located. Must be less than or equal to 128 characters in length. */ locality?: pulumi.Input; /** * Legal name of the organization with which the certificate subject is affiliated. Must be less than or equal to 64 characters in length. */ organization?: pulumi.Input; /** * Subdivision or unit of the organization (such as sales or finance) with which the certificate subject is affiliated. Must be less than or equal to 64 characters in length. */ organizationalUnit?: pulumi.Input; /** * Typically a shortened version of a longer `givenName`. For example, Jonathan is often shortened to John. Elizabeth is often shortened to Beth, Liz, or Eliza. Must be less than or equal to 128 characters in length. */ pseudonym?: pulumi.Input; /** * State in which the subject of the certificate is located. Must be less than or equal to 128 characters in length. */ state?: pulumi.Input; /** * Family name. In the US and the UK for example, the surname of an individual is ordered last. In Asian cultures the surname is typically ordered first. Must be less than or equal to 40 characters in length. */ surname?: pulumi.Input; /** * Title such as Mr. or Ms. which is pre-pended to the name to refer formally to the certificate subject. Must be less than or equal to 64 characters in length. */ title?: pulumi.Input; } export interface CertificateAuthorityRevocationConfiguration { /** * Nested argument containing configuration of the certificate revocation list (CRL), if any, maintained by the certificate authority. Defined below. */ crlConfiguration?: pulumi.Input; /** * Nested argument containing configuration of * the custom OCSP responder endpoint. Defined below. */ ocspConfiguration?: pulumi.Input; } export interface CertificateAuthorityRevocationConfigurationCrlConfiguration { /** * Name inserted into the certificate CRL Distribution Points extension that enables the use of an alias for the CRL distribution point. Use this value if you don't want the name of your S3 bucket to be public. Must be less than or equal to 253 characters in length. */ customCname?: pulumi.Input; /** * Boolean value that specifies whether certificate revocation lists (CRLs) are enabled. Defaults to `false`. */ enabled?: pulumi.Input; /** * Number of days until a certificate expires. Must be between 1 and 5000. */ expirationInDays?: pulumi.Input; /** * Name of the S3 bucket that contains the CRL. If you do not provide a value for the `customCname` argument, the name of your S3 bucket is placed into the CRL Distribution Points extension of the issued certificate. You must specify a bucket policy that allows ACM PCA to write the CRL to your bucket. Must be between 3 and 255 characters in length. */ s3BucketName?: pulumi.Input; /** * Determines whether the CRL will be publicly readable or privately held in the CRL Amazon S3 bucket. Defaults to `PUBLIC_READ`. */ s3ObjectAcl?: pulumi.Input; } export interface CertificateAuthorityRevocationConfigurationOcspConfiguration { /** * Boolean value that specifies whether a custom OCSP responder is enabled. */ enabled: pulumi.Input; /** * CNAME specifying a customized OCSP domain. Note: The value of the CNAME must not include a protocol prefix such as "http://" or "https://". */ ocspCustomCname?: pulumi.Input; } export interface CertificateValidity { /** * Determines how `value` is interpreted. Valid values: `DAYS`, `MONTHS`, `YEARS`, `ABSOLUTE`, `END_DATE`. */ type: pulumi.Input; /** * If `type` is `DAYS`, `MONTHS`, or `YEARS`, the relative time until the certificate expires. If `type` is `ABSOLUTE`, the date in seconds since the Unix epoch. If `type` is `END_DATE`, the date in RFC 3339 format. */ value: pulumi.Input; } } export namespace alb { export interface ListenerDefaultAction { /** * Configuration block for using Amazon Cognito to authenticate users. Specify only when `type` is `authenticate-cognito`. See below. */ authenticateCognito?: pulumi.Input; /** * Configuration block for an identity provider that is compliant with OpenID Connect (OIDC). Specify only when `type` is `authenticate-oidc`. See below. */ authenticateOidc?: pulumi.Input; /** * Information for creating an action that returns a custom HTTP response. Required if `type` is `fixed-response`. */ fixedResponse?: pulumi.Input; /** * Configuration block for creating an action that distributes requests among one or more target groups. Specify only if `type` is `forward`. See below. */ forward?: pulumi.Input; /** * Configuration block for creating a JWT validation action. Required if `type` is `jwt-validation`. */ jwtValidation?: pulumi.Input; /** * Order for the action. The action with the lowest value for order is performed first. Valid values are between `1` and `50000`. Defaults to the position in the list of actions. */ order?: pulumi.Input; /** * Configuration block for creating a redirect action. Required if `type` is `redirect`. See below. */ redirect?: pulumi.Input; /** * ARN of the Target Group to which to route traffic. Specify only if `type` is `forward` and you want to route to a single target group. To route to one or more target groups, use a `forward` block instead. Can be specified with `forward` but ARNs must match. */ targetGroupArn?: pulumi.Input; /** * Type of routing action. Valid values are `forward`, `redirect`, `fixed-response`, `authenticate-cognito`, `authenticate-oidc` and `jwt-validation`. * * The following arguments are optional: */ type: pulumi.Input; } export interface ListenerDefaultActionAuthenticateCognito { /** * Query parameters to include in the redirect request to the authorization endpoint. Max: 10. See below. */ authenticationRequestExtraParams?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Behavior if the user is not authenticated. Valid values are `deny`, `allow` and `authenticate`. */ onUnauthenticatedRequest?: pulumi.Input; /** * Set of user claims to be requested from the IdP. */ scope?: pulumi.Input; /** * Name of the cookie used to maintain session information. */ sessionCookieName?: pulumi.Input; /** * Maximum duration of the authentication session, in seconds. */ sessionTimeout?: pulumi.Input; /** * ARN of the Cognito user pool. */ userPoolArn: pulumi.Input; /** * ID of the Cognito user pool client. */ userPoolClientId: pulumi.Input; /** * Domain prefix or fully-qualified domain name of the Cognito user pool. * * The following arguments are optional: */ userPoolDomain: pulumi.Input; } export interface ListenerDefaultActionAuthenticateOidc { /** * Query parameters to include in the redirect request to the authorization endpoint. Max: 10. */ authenticationRequestExtraParams?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Authorization endpoint of the IdP. */ authorizationEndpoint: pulumi.Input; /** * OAuth 2.0 client identifier. */ clientId: pulumi.Input; /** * OAuth 2.0 client secret. */ clientSecret: pulumi.Input; /** * OIDC issuer identifier of the IdP. */ issuer: pulumi.Input; /** * Behavior if the user is not authenticated. Valid values: `deny`, `allow` and `authenticate` */ onUnauthenticatedRequest?: pulumi.Input; /** * Set of user claims to be requested from the IdP. */ scope?: pulumi.Input; /** * Name of the cookie used to maintain session information. */ sessionCookieName?: pulumi.Input; /** * Maximum duration of the authentication session, in seconds. */ sessionTimeout?: pulumi.Input; /** * Token endpoint of the IdP. */ tokenEndpoint: pulumi.Input; /** * User info endpoint of the IdP. * * The following arguments are optional: */ userInfoEndpoint: pulumi.Input; } export interface ListenerDefaultActionFixedResponse { /** * Content type. Valid values are `text/plain`, `text/css`, `text/html`, `application/javascript` and `application/json`. * * The following arguments are optional: */ contentType: pulumi.Input; /** * Message body. */ messageBody?: pulumi.Input; /** * HTTP response code. Valid values are `2XX`, `4XX`, or `5XX`. */ statusCode?: pulumi.Input; } export interface ListenerDefaultActionForward { /** * Configuration block for target group stickiness for the rule. See below. */ stickiness?: pulumi.Input; /** * Set of 1-5 target group blocks. See below. * * The following arguments are optional: */ targetGroups: pulumi.Input[]>; } export interface ListenerDefaultActionForwardStickiness { /** * Time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days). * * The following arguments are optional: */ duration: pulumi.Input; /** * Whether target group stickiness is enabled. Default is `false`. */ enabled?: pulumi.Input; } export interface ListenerDefaultActionForwardTargetGroup { /** * ARN of the target group. * * The following arguments are optional: */ arn: pulumi.Input; /** * Weight. The range is 0 to 999. */ weight?: pulumi.Input; } export interface ListenerDefaultActionJwtValidation { /** * Repeatable configuration block for additional claims to validate. */ additionalClaims?: pulumi.Input[]>; /** * Issuer of the JWT. */ issuer: pulumi.Input; /** * JSON Web Key Set (JWKS) endpoint. This endpoint contains JSON Web Keys (JWK) that are used to validate signatures from the provider. This must be a full URL, including the HTTPS protocol, the domain, and the path. * * The following arguments are optional: */ jwksEndpoint: pulumi.Input; } export interface ListenerDefaultActionJwtValidationAdditionalClaim { /** * Format of the claim value. Valid values are `single-string`, `string-array` and `space-separated-values`. */ format: pulumi.Input; /** * Name of the claim to validate. `exp`, `iss`, `nbf`, or `iat` cannot be specified because they are validated by default. */ name: pulumi.Input; /** * List of expected values of the claim. */ values: pulumi.Input[]>; } export interface ListenerDefaultActionRedirect { /** * Hostname. This component is not percent-encoded. The hostname can contain `#{host}`. Defaults to `#{host}`. */ host?: pulumi.Input; /** * Absolute path, starting with the leading "/". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}. Defaults to `/#{path}`. */ path?: pulumi.Input; /** * Port. Specify a value from `1` to `65535` or `#{port}`. Defaults to `#{port}`. */ port?: pulumi.Input; /** * Protocol. Valid values are `HTTP`, `HTTPS`, or `#{protocol}`. Defaults to `#{protocol}`. */ protocol?: pulumi.Input; /** * Query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading "?". Defaults to `#{query}`. */ query?: pulumi.Input; /** * HTTP redirect code. The redirect is either permanent (`HTTP_301`) or temporary (`HTTP_302`). * * The following arguments are optional: */ statusCode: pulumi.Input; } export interface ListenerMutualAuthentication { /** * Valid values are `off` and `on`. */ advertiseTrustStoreCaNames?: pulumi.Input; /** * Whether client certificate expiry is ignored. * Default is `false`. */ ignoreClientCertificateExpiry?: pulumi.Input; /** * Valid values are `off`, `passthrough`, and `verify`. */ mode: pulumi.Input; /** * ARN of the elbv2 Trust Store. */ trustStoreArn?: pulumi.Input; } export interface ListenerRuleAction { /** * Information for creating an authenticate action using Cognito. Required if `type` is `authenticate-cognito`. */ authenticateCognito?: pulumi.Input; /** * Information for creating an authenticate action using OIDC. Required if `type` is `authenticate-oidc`. */ authenticateOidc?: pulumi.Input; /** * Information for creating an action that returns a custom HTTP response. Required if `type` is `fixed-response`. */ fixedResponse?: pulumi.Input; /** * Configuration block for creating an action that distributes requests among one or more target groups. * Specify only if `type` is `forward`. * Cannot be specified with `targetGroupArn`. */ forward?: pulumi.Input; /** * Information for creating a JWT validation action. Required if `type` is `jwt-validation`. */ jwtValidation?: pulumi.Input; /** * Order for the action. * The action with the lowest value for order is performed first. * Valid values are between `1` and `50000`. * Defaults to the position in the list of actions. */ order?: pulumi.Input; /** * Information for creating a redirect action. Required if `type` is `redirect`. */ redirect?: pulumi.Input; /** * ARN of the Target Group to which to route traffic. * Specify only if `type` is `forward` and you want to route to a single target group. * To route to one or more target groups, use a `forward` block instead. * Cannot be specified with `forward`. */ targetGroupArn?: pulumi.Input; /** * The type of routing action. Valid values are `forward`, `redirect`, `fixed-response`, `authenticate-cognito`, `authenticate-oidc` and `jwt-validation`. */ type: pulumi.Input; } export interface ListenerRuleActionAuthenticateCognito { /** * The query parameters to include in the redirect request to the authorization endpoint. Max: 10. */ authenticationRequestExtraParams?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * The behavior if the user is not authenticated. Valid values: `deny`, `allow` and `authenticate` */ onUnauthenticatedRequest?: pulumi.Input; /** * The set of user claims to be requested from the IdP. */ scope?: pulumi.Input; /** * The name of the cookie used to maintain session information. */ sessionCookieName?: pulumi.Input; /** * The maximum duration of the authentication session, in seconds. */ sessionTimeout?: pulumi.Input; /** * The ARN of the Cognito user pool. */ userPoolArn: pulumi.Input; /** * The ID of the Cognito user pool client. */ userPoolClientId: pulumi.Input; /** * The domain prefix or fully-qualified domain name of the Cognito user pool. */ userPoolDomain: pulumi.Input; } export interface ListenerRuleActionAuthenticateOidc { /** * The query parameters to include in the redirect request to the authorization endpoint. Max: 10. */ authenticationRequestExtraParams?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * The authorization endpoint of the IdP. */ authorizationEndpoint: pulumi.Input; /** * The OAuth 2.0 client identifier. */ clientId: pulumi.Input; /** * The OAuth 2.0 client secret. */ clientSecret: pulumi.Input; /** * The OIDC issuer identifier of the IdP. */ issuer: pulumi.Input; /** * The behavior if the user is not authenticated. Valid values: `deny`, `allow` and `authenticate` */ onUnauthenticatedRequest?: pulumi.Input; /** * The set of user claims to be requested from the IdP. */ scope?: pulumi.Input; /** * The name of the cookie used to maintain session information. */ sessionCookieName?: pulumi.Input; /** * The maximum duration of the authentication session, in seconds. */ sessionTimeout?: pulumi.Input; /** * The token endpoint of the IdP. */ tokenEndpoint: pulumi.Input; /** * The user info endpoint of the IdP. */ userInfoEndpoint: pulumi.Input; } export interface ListenerRuleActionFixedResponse { /** * The content type. Valid values are `text/plain`, `text/css`, `text/html`, `application/javascript` and `application/json`. */ contentType: pulumi.Input; /** * The message body. */ messageBody?: pulumi.Input; /** * The HTTP response code. Valid values are `2XX`, `4XX`, or `5XX`. */ statusCode?: pulumi.Input; } export interface ListenerRuleActionForward { /** * The target group stickiness for the rule. */ stickiness?: pulumi.Input; /** * One or more target group blocks. */ targetGroups: pulumi.Input[]>; } export interface ListenerRuleActionForwardStickiness { /** * The time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days). */ duration: pulumi.Input; /** * Indicates whether target group stickiness is enabled. */ enabled?: pulumi.Input; } export interface ListenerRuleActionForwardTargetGroup { /** * The Amazon Resource Name (ARN) of the target group. */ arn: pulumi.Input; /** * The weight. The range is 0 to 999. */ weight?: pulumi.Input; } export interface ListenerRuleActionJwtValidation { /** * Repeatable configuration block for additional claims to validate. */ additionalClaims?: pulumi.Input[]>; /** * Issuer of the JWT. */ issuer: pulumi.Input; /** * JSON Web Key Set (JWKS) endpoint. This endpoint contains JSON Web Keys (JWK) that are used to validate signatures from the provider. This must be a full URL, including the HTTPS protocol, the domain, and the path. */ jwksEndpoint: pulumi.Input; } export interface ListenerRuleActionJwtValidationAdditionalClaim { /** * Format of the claim value. Valid values are `single-string`, `string-array` and `space-separated-values`. */ format: pulumi.Input; /** * Name of the claim to validate. `exp`, `iss`, `nbf`, or `iat` cannot be specified because they are validated by default. */ name: pulumi.Input; /** * List of expected values of the claim. */ values: pulumi.Input[]>; } export interface ListenerRuleActionRedirect { /** * The hostname. This component is not percent-encoded. The hostname can contain `#{host}`. Defaults to `#{host}`. */ host?: pulumi.Input; /** * The absolute path, starting with the leading "/". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}. Defaults to `/#{path}`. */ path?: pulumi.Input; /** * The port. Specify a value from `1` to `65535` or `#{port}`. Defaults to `#{port}`. */ port?: pulumi.Input; /** * The protocol. Valid values are `HTTP`, `HTTPS`, or `#{protocol}`. Defaults to `#{protocol}`. */ protocol?: pulumi.Input; /** * The query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading "?". Defaults to `#{query}`. */ query?: pulumi.Input; /** * The HTTP redirect code. The redirect is either permanent (`HTTP_301`) or temporary (`HTTP_302`). */ statusCode: pulumi.Input; } export interface ListenerRuleCondition { /** * Host header patterns to match. Host Header block fields documented below. */ hostHeader?: pulumi.Input; /** * HTTP headers to match. HTTP Header block fields documented below. */ httpHeader?: pulumi.Input; /** * Contains a single `values` item which is a list of HTTP request methods or verbs to match. Maximum size is 40 characters. Only allowed characters are A-Z, hyphen (-) and underscore (\_). Comparison is case sensitive. Wildcards are not supported. Only one needs to match for the condition to be satisfied. AWS recommends that GET and HEAD requests are routed in the same way because the response to a HEAD request may be cached. */ httpRequestMethod?: pulumi.Input; /** * Path patterns to match against the request URL. Path Pattern block fields documented below. */ pathPattern?: pulumi.Input; /** * Query strings to match. Query String block fields documented below. */ queryStrings?: pulumi.Input[]>; /** * Contains a single `values` item which is a list of source IP CIDR notations to match. You can use both IPv4 and IPv6 addresses. Wildcards are not supported. Condition is satisfied if the source IP address of the request matches one of the CIDR blocks. Condition is not satisfied by the addresses in the `X-Forwarded-For` header, use `httpHeader` condition instead. * * > **NOTE::** Exactly one of `hostHeader`, `httpHeader`, `httpRequestMethod`, `pathPattern`, `queryString` or `sourceIp` must be set per condition. */ sourceIp?: pulumi.Input; } export interface ListenerRuleConditionHostHeader { /** * List of regular expressions to compare against the host header. The maximum length of each string is 128 characters. Conflicts with `values`. */ regexValues?: pulumi.Input[]>; /** * List of host header value patterns to match. Maximum size of each pattern is 128 characters. Comparison is case-insensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). Only one pattern needs to match for the condition to be satisfied. Conflicts with `regexValues`. */ values?: pulumi.Input[]>; } export interface ListenerRuleConditionHttpHeader { /** * Name of HTTP header to search. The maximum size is 40 characters. Comparison is case-insensitive. Only RFC7240 characters are supported. Wildcards are not supported. You cannot use HTTP header condition to specify the host header, use a `host-header` condition instead. */ httpHeaderName: pulumi.Input; /** * List of regular expression to compare against the HTTP header. The maximum length of each string is 128 characters. Conflicts with `values`. */ regexValues?: pulumi.Input[]>; /** * List of header value patterns to match. Maximum size of each pattern is 128 characters. Comparison is case-insensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). If the same header appears multiple times in the request they will be searched in order until a match is found. Only one pattern needs to match for the condition to be satisfied. To require that all of the strings are a match, create one condition block per string. Conflicts with `regexValues`. */ values?: pulumi.Input[]>; } export interface ListenerRuleConditionHttpRequestMethod { values: pulumi.Input[]>; } export interface ListenerRuleConditionPathPattern { /** * List of regular expressions to compare against the request URL. The maximum length of each string is 128 characters. Conflicts with `values`. */ regexValues?: pulumi.Input[]>; /** * List of path patterns to compare against the request URL. Maximum size of each pattern is 128 characters. Comparison is case-sensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). Only one pattern needs to match for the condition to be satisfied. Path pattern is compared only to the path of the URL, not to its query string. To compare against the query string, use a `queryString` condition. Conflicts with `regexValues`. */ values?: pulumi.Input[]>; } export interface ListenerRuleConditionQueryString { /** * Query string key pattern to match. */ key?: pulumi.Input; /** * Query string value pattern to match. */ value: pulumi.Input; } export interface ListenerRuleConditionSourceIp { values: pulumi.Input[]>; } export interface ListenerRuleTransform { /** * Configuration block for host header rewrite. Required if `type` is `host-header-rewrite`. See Host Header Rewrite Config Blocks below. */ hostHeaderRewriteConfig?: pulumi.Input; /** * Type of transform. Valid values are `host-header-rewrite` and `url-rewrite`. */ type: pulumi.Input; /** * Configuration block for URL rewrite. Required if `type` is `url-rewrite`. See URL Rewrite Config Blocks below. */ urlRewriteConfig?: pulumi.Input; } export interface ListenerRuleTransformHostHeaderRewriteConfig { /** * Block for host header rewrite configuration. Only one block is accepted. See Rewrite Blocks below. */ rewrite?: pulumi.Input; } export interface ListenerRuleTransformHostHeaderRewriteConfigRewrite { /** * Regular expression to match in the input string. Length constraints: Between 1 and 1024 characters. */ regex: pulumi.Input; /** * Replacement string to use when rewriting the matched input. Capture groups in the regular expression (for example, `$1` and `$2`) can be specified. Length constraints: Between 0 and 1024 characters. */ replace: pulumi.Input; } export interface ListenerRuleTransformUrlRewriteConfig { /** * Block for URL rewrite configuration. Only one block is accepted. See Rewrite Blocks below. */ rewrite?: pulumi.Input; } export interface ListenerRuleTransformUrlRewriteConfigRewrite { /** * Regular expression to match in the input string. Length constraints: Between 1 and 1024 characters. */ regex: pulumi.Input; /** * Replacement string to use when rewriting the matched input. Capture groups in the regular expression (for example, `$1` and `$2`) can be specified. Length constraints: Between 0 and 1024 characters. */ replace: pulumi.Input; } export interface LoadBalancerAccessLogs { /** * S3 bucket name to store the logs in. */ bucket: pulumi.Input; /** * Boolean to enable / disable `accessLogs`. Defaults to `false`, even when `bucket` is specified. */ enabled?: pulumi.Input; /** * S3 bucket prefix. Logs are stored in the root if not configured. */ prefix?: pulumi.Input; } export interface LoadBalancerConnectionLogs { /** * S3 bucket name to store the logs in. */ bucket: pulumi.Input; /** * Boolean to enable / disable `connectionLogs`. Defaults to `false`, even when `bucket` is specified. */ enabled?: pulumi.Input; /** * S3 bucket prefix. Logs are stored in the root if not configured. */ prefix?: pulumi.Input; } export interface LoadBalancerHealthCheckLogs { /** * S3 bucket name to store the logs in. */ bucket: pulumi.Input; /** * Boolean to enable / disable `healthCheckLogs`. Defaults to `false`, even when `bucket` is specified. */ enabled?: pulumi.Input; /** * S3 bucket prefix. Logs are stored in the root if not configured. */ prefix?: pulumi.Input; } export interface LoadBalancerIpamPools { /** * The ID of the IPv4 IPAM pool. */ ipv4IpamPoolId: pulumi.Input; } export interface LoadBalancerMinimumLoadBalancerCapacity { /** * The number of capacity units. */ capacityUnits: pulumi.Input; } export interface LoadBalancerSubnetMapping { /** * Allocation ID of the Elastic IP address for an internet-facing load balancer. */ allocationId?: pulumi.Input; /** * IPv6 address. You associate IPv6 CIDR blocks with your VPC and choose the subnets where you launch both internet-facing and internal Application Load Balancers or Network Load Balancers. */ ipv6Address?: pulumi.Input; outpostId?: pulumi.Input; /** * Private IPv4 address for an internal load balancer. */ privateIpv4Address?: pulumi.Input; /** * ID of the subnet of which to attach to the load balancer. You can specify only one subnet per Availability Zone. */ subnetId: pulumi.Input; } export interface TargetGroupHealthCheck { /** * Whether health checks are enabled. Defaults to `true`. */ enabled?: pulumi.Input; /** * Number of consecutive health check successes required before considering a target healthy. The range is 2-10. Defaults to 3. */ healthyThreshold?: pulumi.Input; /** * Approximate amount of time, in seconds, between health checks of an individual target. The range is 5-300. For `lambda` target groups, it needs to be greater than the timeout of the underlying `lambda`. Defaults to 30. */ interval?: pulumi.Input; /** * The HTTP or gRPC codes to use when checking for a successful response from a target. * The `health_check.protocol` must be one of `HTTP` or `HTTPS` or the `targetType` must be `lambda`. * Values can be comma-separated individual values (e.g., "200,202") or a range of values (e.g., "200-299"). * Once the value has been set, removing it has no effect. To unset it, set it to an empty string `""`. * * For gRPC-based target groups (i.e., the `protocol` is one of `HTTP` or `HTTPS` and the `protocolVersion` is `GRPC`), values can be between `0` and `99`. The default is `12`. * * When used with an Application Load Balancer (i.e., the `protocol` is one of `HTTP` or `HTTPS` and the `protocolVersion` is not `GRPC`), values can be between `200` and `499`. The default is `200`. * * When used with a Network Load Balancer (i.e., the `protocol` is one of `TCP`, `TCP_UDP`, `UDP`, or `TLS`), values can be between `200` and `599`. The default is `200-399`. * * When the `targetType` is `lambda`, values can be between `200` and `499`. The default is `200`. */ matcher?: pulumi.Input; /** * Destination for the health check request. Required for HTTP/HTTPS ALB and HTTP NLB. Only applies to HTTP/HTTPS. * Once the value has been set, removing it has no effect. To unset it, set it to an empty string `""`. * * For HTTP and HTTPS health checks, the default is `/`. * * For gRPC health checks, the default is `/AWS.ALB/healthcheck`. */ path?: pulumi.Input; /** * The port the load balancer uses when performing health checks on targets. * Valid values are either `traffic-port`, to use the same port as the target group, or a valid port number between `1` and `65536`. * Default is `traffic-port`. */ port?: pulumi.Input; /** * Protocol the load balancer uses when performing health checks on targets. * Must be one of `TCP`, `HTTP`, or `HTTPS`. * The `TCP` protocol is not supported for health checks if the protocol of the target group is `HTTP` or `HTTPS`. * Default is `HTTP`. * Cannot be specified when the `targetType` is `lambda`. */ protocol?: pulumi.Input; /** * Amount of time, in seconds, during which no response from a target means a failed health check. The range is 2–120 seconds. For target groups with a protocol of HTTP, the default is 6 seconds. For target groups with a protocol of TCP, TLS or HTTPS, the default is 10 seconds. For target groups with a protocol of GENEVE, the default is 5 seconds. If the target type is lambda, the default is 30 seconds. */ timeout?: pulumi.Input; /** * Number of consecutive health check failures required before considering a target unhealthy. The range is 2-10. Defaults to 3. */ unhealthyThreshold?: pulumi.Input; } export interface TargetGroupStickiness { /** * Only used when the type is `lbCookie`. The time period, in seconds, during which requests from a client should be routed to the same target. After this time period expires, the load balancer-generated cookie is considered stale. The range is 1 second to 1 week (604800 seconds). The default value is 1 day (86400 seconds). */ cookieDuration?: pulumi.Input; /** * Name of the application based cookie. AWSALB, AWSALBAPP, and AWSALBTG prefixes are reserved and cannot be used. Only needed when type is `appCookie`. */ cookieName?: pulumi.Input; /** * Boolean to enable / disable `stickiness`. Default is `true`. */ enabled?: pulumi.Input; /** * The type of sticky sessions. The only current possible values are `lbCookie`, `appCookie` for ALBs, `sourceIp` for NLBs, and `sourceIpDestIp`, `sourceIpDestIpProto` for GWLBs. */ type: pulumi.Input; } export interface TargetGroupTargetFailover { /** * Indicates how the GWLB handles existing flows when a target is deregistered. Possible values are `rebalance` and `noRebalance`. Must match the attribute value set for `onUnhealthy`. Default: `noRebalance`. */ onDeregistration: pulumi.Input; /** * Indicates how the GWLB handles existing flows when a target is unhealthy. Possible values are `rebalance` and `noRebalance`. Must match the attribute value set for `onDeregistration`. Default: `noRebalance`. */ onUnhealthy: pulumi.Input; } export interface TargetGroupTargetGroupHealth { /** * Block to configure DNS Failover requirements. See DNS Failover below for details on attributes. */ dnsFailover?: pulumi.Input; /** * Block to configure Unhealthy State Routing requirements. See Unhealthy State Routing below for details on attributes. */ unhealthyStateRouting?: pulumi.Input; } export interface TargetGroupTargetGroupHealthDnsFailover { /** * The minimum number of targets that must be healthy. If the number of healthy targets is below this value, mark the zone as unhealthy in DNS, so that traffic is routed only to healthy zones. The possible values are `off` or an integer from `1` to the maximum number of targets. The default is `off`. */ minimumHealthyTargetsCount?: pulumi.Input; /** * The minimum percentage of targets that must be healthy. If the percentage of healthy targets is below this value, mark the zone as unhealthy in DNS, so that traffic is routed only to healthy zones. The possible values are `off` or an integer from `1` to `100`. The default is `off`. */ minimumHealthyTargetsPercentage?: pulumi.Input; } export interface TargetGroupTargetGroupHealthUnhealthyStateRouting { /** * The minimum number of targets that must be healthy. If the number of healthy targets is below this value, send traffic to all targets, including unhealthy targets. The possible values are `1` to the maximum number of targets. The default is `1`. */ minimumHealthyTargetsCount?: pulumi.Input; /** * The minimum percentage of targets that must be healthy. If the percentage of healthy targets is below this value, send traffic to all targets, including unhealthy targets. The possible values are `off` or an integer from `1` to `100`. The default is `off`. */ minimumHealthyTargetsPercentage?: pulumi.Input; } export interface TargetGroupTargetHealthState { /** * Indicates whether the load balancer terminates connections to unhealthy targets. Possible values are `true` or `false`. Default: `true`. */ enableUnhealthyConnectionTermination: pulumi.Input; /** * Indicates the time to wait for in-flight requests to complete when a target becomes unhealthy. The range is `0-360000`. This value has to be set only if `enableUnhealthyConnectionTermination` is set to false. Default: `0`. */ unhealthyDrainingInterval?: pulumi.Input; } } export namespace amp { export interface QueryLoggingConfigurationDestination { /** * Configuration block for CloudWatch Logs destination. See `cloudwatchLogs`. */ cloudwatchLogs: pulumi.Input; /** * A list of filter configurations that specify which logs should be sent to the destination. See `filters`. */ filters: pulumi.Input; } export interface QueryLoggingConfigurationDestinationCloudwatchLogs { /** * The ARN of the CloudWatch log group to which query logs will be sent. The ARN must end with `:*` */ logGroupArn: pulumi.Input; } export interface QueryLoggingConfigurationDestinationFilters { /** * The Query Samples Processed (QSP) threshold above which queries will be logged. Queries processing more samples than this threshold will be captured in logs. */ qspThreshold: pulumi.Input; } export interface QueryLoggingConfigurationTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface ResourcePolicyTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface ScraperDestination { /** * Configuration block for an Amazon Managed Prometheus workspace destination. See `amp`. */ amp?: pulumi.Input; } export interface ScraperDestinationAmp { /** * The Amazon Resource Name (ARN) of the prometheus workspace. */ workspaceArn: pulumi.Input; } export interface ScraperRoleConfiguration { /** * The Amazon Resource Name (ARN) of the source role configuration. Must be an IAM role ARN. */ sourceRoleArn?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the target role configuration. Must be an IAM role ARN. */ targetRoleArn?: pulumi.Input; } export interface ScraperSource { /** * Configuration block for an EKS cluster source. See `eks`. */ eks: pulumi.Input; } export interface ScraperSourceEks { clusterArn: pulumi.Input; /** * List of the security group IDs for the Amazon EKS cluster VPC configuration. */ securityGroupIds?: pulumi.Input[]>; /** * List of subnet IDs. Must be in at least two different availability zones. */ subnetIds: pulumi.Input[]>; } export interface ScraperTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface WorkspaceConfigurationLimitsPerLabelSet { /** * Map of label key-value pairs that identify the metrics to which the limits apply. An empty map represents the default bucket for metrics that don't match any other label set. */ labelSet: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Configuration block for the limits to apply to the specified label set. Detailed below. */ limits: pulumi.Input; } export interface WorkspaceConfigurationLimitsPerLabelSetLimits { /** * Maximum number of active time series that can be ingested for metrics matching the label set. */ maxSeries: pulumi.Input; } export interface WorkspaceConfigurationTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface WorkspaceLoggingConfiguration { /** * The ARN of the CloudWatch log group to which the vended log data will be published. This log group must exist. The ARN must end with `:*` */ logGroupArn: pulumi.Input; } } export namespace amplify { export interface AppAutoBranchCreationConfig { /** * Basic authorization credentials for the autocreated branch. */ basicAuthCredentials?: pulumi.Input; /** * Build specification (build spec) for the autocreated branch. */ buildSpec?: pulumi.Input; /** * Enables auto building for the autocreated branch. */ enableAutoBuild?: pulumi.Input; /** * Enables basic authorization for the autocreated branch. */ enableBasicAuth?: pulumi.Input; /** * Enables performance mode for the branch. */ enablePerformanceMode?: pulumi.Input; /** * Enables pull request previews for the autocreated branch. */ enablePullRequestPreview?: pulumi.Input; /** * Environment variables for the autocreated branch. */ environmentVariables?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Framework for the autocreated branch. */ framework?: pulumi.Input; /** * Amplify environment name for the pull request. */ pullRequestEnvironmentName?: pulumi.Input; /** * Describes the current stage for the autocreated branch. Valid values: `PRODUCTION`, `BETA`, `DEVELOPMENT`, `EXPERIMENTAL`, `PULL_REQUEST`. */ stage?: pulumi.Input; } export interface AppCacheConfig { /** * Type of cache configuration to use for an Amplify app. Valid values: `AMPLIFY_MANAGED`, `AMPLIFY_MANAGED_NO_COOKIES`. */ type: pulumi.Input; } export interface AppCustomRule { /** * Condition for a URL rewrite or redirect rule, such as a country code. */ condition?: pulumi.Input; /** * Source pattern for a URL rewrite or redirect rule. */ source: pulumi.Input; /** * Status code for a URL rewrite or redirect rule. Valid values: `200`, `301`, `302`, `404`, `404-200`. */ status?: pulumi.Input; /** * Target pattern for a URL rewrite or redirect rule. */ target: pulumi.Input; } export interface AppJobConfig { /** * Size of the build instance. Valid values: `STANDARD_8GB`, `LARGE_16GB`, and `XLARGE_72GB`. Default: `STANDARD_8GB`. */ buildComputeType?: pulumi.Input; } export interface AppProductionBranch { /** * Branch name for the production branch. */ branchName?: pulumi.Input; /** * Last deploy time of the production branch. */ lastDeployTime?: pulumi.Input; /** * Status of the production branch. */ status?: pulumi.Input; /** * Thumbnail URL for the production branch. */ thumbnailUrl?: pulumi.Input; } export interface DomainAssociationCertificateSettings { /** * DNS records for certificate verification in a space-delimited format (` CNAME `). */ certificateVerificationDnsRecord?: pulumi.Input; /** * The Amazon resource name (ARN) for the custom certificate. * Required when `type` is `CUSTOM`. */ customCertificateArn?: pulumi.Input; /** * The certificate type. * Valid values are `AMPLIFY_MANAGED` and `CUSTOM`. */ type: pulumi.Input; } export interface DomainAssociationSubDomain { /** * Branch name setting for the subdomain. */ branchName: pulumi.Input; /** * DNS record for the subdomain in a space-prefixed and space-delimited format (` CNAME `). */ dnsRecord?: pulumi.Input; /** * Prefix setting for the subdomain. */ prefix: pulumi.Input; /** * Verified status of the subdomain. */ verified?: pulumi.Input; } } export namespace apigateway { export interface AccountThrottleSetting { /** * Absolute maximum number of times API Gateway allows the API to be called per second (RPS). */ burstLimit: pulumi.Input; /** * Number of times API Gateway allows the API to be called per second on average (RPS). */ rateLimit: pulumi.Input; } export interface DocumentationPartLocation { /** * HTTP verb of a method. The default value is `*` for any method. */ method?: pulumi.Input; /** * Name of the targeted API entity. */ name?: pulumi.Input; /** * URL path of the target. The default value is `/` for the root resource. */ path?: pulumi.Input; /** * HTTP status code of a response. The default value is `*` for any status code. */ statusCode?: pulumi.Input; /** * Type of API entity to which the documentation content appliesE.g., `API`, `METHOD` or `REQUEST_BODY` */ type: pulumi.Input; } export interface DomainNameEndpointConfiguration { ipAddressType?: pulumi.Input; /** * A list of endpoint types of an API or its custom domain name. For an edge-optimized API and its custom domain name, the endpoint type is `EDGE`. For a regional API and its custom domain name, the endpoint type is `REGIONAL`. For a private API, the endpoint type is `PRIVATE`. */ types: pulumi.Input; } export interface DomainNameMutualTlsAuthentication { /** * Amazon S3 URL that specifies the truststore for mutual TLS authentication, for example, `s3://bucket-name/key-name`. The truststore can contain certificates from public or private certificate authorities. To update the truststore, upload a new version to S3, and then update your custom domain name to use the new version. */ truststoreUri: pulumi.Input; /** * Version of the S3 object that contains the truststore. To specify a version, you must have versioning enabled for the S3 bucket. */ truststoreVersion?: pulumi.Input; } export interface IntegrationTlsConfig { /** * Whether or not API Gateway skips verification that the certificate for an integration endpoint is issued by a [supported certificate authority](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-supported-certificate-authorities-for-http-endpoints.html). This isn’t recommended, but it enables you to use certificates that are signed by private certificate authorities, or certificates that are self-signed. If enabled, API Gateway still performs basic certificate validation, which includes checking the certificate's expiration date, hostname, and presence of a root certificate authority. Supported only for `HTTP` and `HTTP_PROXY` integrations. */ insecureSkipVerification?: pulumi.Input; } export interface MethodSettingsSettings { /** * Whether the cached responses are encrypted. */ cacheDataEncrypted?: pulumi.Input; /** * Time to live (TTL), in seconds, for cached responses. The higher the TTL, the longer the response will be cached. */ cacheTtlInSeconds?: pulumi.Input; /** * Whether responses should be cached and returned for requests. A cache cluster must be enabled on the stage for responses to be cached. */ cachingEnabled?: pulumi.Input; /** * Whether data trace logging is enabled for this method, which effects the log entries pushed to Amazon CloudWatch Logs. */ dataTraceEnabled?: pulumi.Input; /** * Logging level for this method, which effects the log entries pushed to Amazon CloudWatch Logs. The available levels are `OFF`, `ERROR`, and `INFO`. */ loggingLevel?: pulumi.Input; /** * Whether Amazon CloudWatch metrics are enabled for this method. */ metricsEnabled?: pulumi.Input; /** * Whether authorization is required for a cache invalidation request. */ requireAuthorizationForCacheControl?: pulumi.Input; /** * Throttling burst limit. Default: `-1` (throttling disabled). */ throttlingBurstLimit?: pulumi.Input; /** * Throttling rate limit. Default: `-1` (throttling disabled). */ throttlingRateLimit?: pulumi.Input; /** * How to handle unauthorized requests for cache invalidation. The available values are `FAIL_WITH_403`, `SUCCEED_WITH_RESPONSE_HEADER`, `SUCCEED_WITHOUT_RESPONSE_HEADER`. */ unauthorizedCacheControlHeaderStrategy?: pulumi.Input; } export interface RestApiEndpointConfiguration { /** * The IP address types that can invoke an API (RestApi). Valid values: `ipv4`, `dualstack`. Use `ipv4` to allow only IPv4 addresses to invoke an API, or use `dualstack` to allow both IPv4 and IPv6 addresses to invoke an API. For the `PRIVATE` endpoint type, only `dualstack` is supported. The provider performs drift detection for this argument only when the value is provided. */ ipAddressType?: pulumi.Input; /** * List of endpoint types. This resource currently only supports managing a single value. Valid values: `EDGE`, `REGIONAL` or `PRIVATE`. If unspecified, defaults to `EDGE`. If set to `PRIVATE` recommend to set `putRestApiMode` = `merge` to not cause the endpoints and associated Route53 records to be deleted. Refer to the [documentation](https://docs.aws.amazon.com/apigateway/latest/developerguide/create-regional-api.html) for more information on the difference between edge-optimized and regional APIs. */ types: pulumi.Input; /** * Set of VPC Endpoint identifiers. It is only supported for `PRIVATE` endpoint type. If importing an OpenAPI specification via the `body` argument, this corresponds to the [`x-amazon-apigateway-endpoint-configuration` extension `vpcEndpointIds` property](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-swagger-extensions-endpoint-configuration.html). If the argument value is provided and is different than the OpenAPI value, **the argument value will override the OpenAPI value**. */ vpcEndpointIds?: pulumi.Input[]>; } export interface RestApiPutTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; } export interface StageAccessLogSettings { /** * ARN of the CloudWatch Logs log group or Kinesis Data Firehose delivery stream to receive access logs. If you specify a Kinesis Data Firehose delivery stream, the stream name must begin with `amazon-apigateway-`. Automatically removes trailing `:*` if present. */ destinationArn: pulumi.Input; /** * Formatting and values recorded in the logs. * For more information on configuring the log format rules visit the AWS [documentation](https://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-logging.html) */ format: pulumi.Input; } export interface StageCanarySettings { /** * ID of the deployment that the canary points to. */ deploymentId: pulumi.Input; /** * Percent `0.0` - `100.0` of traffic to divert to the canary deployment. */ percentTraffic?: pulumi.Input; /** * Map of overridden stage `variables` (including new variables) for the canary deployment. */ stageVariableOverrides?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Whether the canary deployment uses the stage cache. Defaults to false. */ useStageCache?: pulumi.Input; } export interface UsagePlanApiStage { /** * API Id of the associated API stage in a usage plan. */ apiId: pulumi.Input; /** * API stage name of the associated API stage in a usage plan. */ stage: pulumi.Input; /** * The throttling limits of the usage plan. */ throttles?: pulumi.Input[]>; } export interface UsagePlanApiStageThrottle { /** * The API request burst limit, the maximum rate limit over a time ranging from one to a few seconds, depending upon whether the underlying token bucket is at its full capacity. */ burstLimit?: pulumi.Input; /** * Method to apply the throttle settings for. Specfiy the path and method, for example `/test/GET`. */ path: pulumi.Input; /** * The API request steady-state rate limit. */ rateLimit?: pulumi.Input; } export interface UsagePlanQuotaSettings { /** * Maximum number of requests that can be made in a given time period. */ limit: pulumi.Input; /** * Number of requests subtracted from the given limit in the initial time period. */ offset?: pulumi.Input; /** * Time period in which the limit applies. Valid values are "DAY", "WEEK" or "MONTH". */ period: pulumi.Input; } export interface UsagePlanThrottleSettings { burstLimit?: pulumi.Input; rateLimit?: pulumi.Input; } } export namespace apigatewayv2 { export interface ApiCorsConfiguration { /** * Whether credentials are included in the CORS request. */ allowCredentials?: pulumi.Input; /** * Set of allowed HTTP headers. */ allowHeaders?: pulumi.Input[]>; /** * Set of allowed HTTP methods. */ allowMethods?: pulumi.Input[]>; /** * Set of allowed origins. */ allowOrigins?: pulumi.Input[]>; /** * Set of exposed HTTP headers. */ exposeHeaders?: pulumi.Input[]>; /** * Number of seconds that the browser should cache preflight request results. */ maxAge?: pulumi.Input; } export interface AuthorizerJwtConfiguration { /** * List of the intended recipients of the JWT. A valid JWT must provide an aud that matches at least one entry in this list. */ audiences?: pulumi.Input[]>; /** * Base domain of the identity provider that issues JSON Web Tokens, such as the `endpoint` attribute of the `aws.cognito.UserPool` resource. */ issuer?: pulumi.Input; } export interface DomainNameDomainNameConfiguration { /** * ARN of an AWS-managed certificate that will be used by the endpoint for the domain name. AWS Certificate Manager is the only supported source. Use the `aws.acm.Certificate` resource to configure an ACM certificate. */ certificateArn: pulumi.Input; /** * Endpoint type. Valid values: `REGIONAL`. */ endpointType: pulumi.Input; /** * Amazon Route 53 Hosted Zone ID of the endpoint. */ hostedZoneId?: pulumi.Input; /** * The IP address types that can invoke the domain name. Valid values: `ipv4`, `dualstack`. Use `ipv4` to allow only IPv4 addresses to invoke your domain name, or use `dualstack` to allow both IPv4 and IPv6 addresses to invoke your domain name. Defaults to `ipv4`. */ ipAddressType?: pulumi.Input; /** * ARN of the AWS-issued certificate used to validate custom domain ownership (when `certificateArn` is issued via an ACM Private CA or `mutualTlsAuthentication` is configured with an ACM-imported certificate.) */ ownershipVerificationCertificateArn?: pulumi.Input; /** * Transport Layer Security (TLS) version of the [security policy](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-custom-domain-tls-version.html) for the domain name. Valid values: `TLS_1_2`. */ securityPolicy: pulumi.Input; /** * Target domain name. */ targetDomainName?: pulumi.Input; } export interface DomainNameMutualTlsAuthentication { /** * Amazon S3 URL that specifies the truststore for mutual TLS authentication, for example, `s3://bucket-name/key-name`. The truststore can contain certificates from public or private certificate authorities. To update the truststore, upload a new version to S3, and then update your custom domain name to use the new version. */ truststoreUri: pulumi.Input; /** * Version of the S3 object that contains the truststore. To specify a version, you must have versioning enabled for the S3 bucket. */ truststoreVersion?: pulumi.Input; } export interface IntegrationResponseParameter { /** * Key-value map. The key of this map identifies the location of the request parameter to change, and how to change it. The corresponding value specifies the new data for the parameter. * See the [Amazon API Gateway Developer Guide](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-parameter-mapping.html) for details. */ mappings: pulumi.Input<{[key: string]: pulumi.Input}>; /** * HTTP status code in the range 200-599. */ statusCode: pulumi.Input; } export interface IntegrationTlsConfig { /** * If you specify a server name, API Gateway uses it to verify the hostname on the integration's certificate. The server name is also included in the TLS handshake to support Server Name Indication (SNI) or virtual hosting. */ serverNameToVerify?: pulumi.Input; } export interface RouteRequestParameter { /** * Request parameter key. This is a [request data mapping parameter](https://docs.aws.amazon.com/apigateway/latest/developerguide/websocket-api-data-mapping.html#websocket-mapping-request-parameters). */ requestParameterKey: pulumi.Input; /** * Boolean whether or not the parameter is required. */ required: pulumi.Input; } export interface RoutingRuleAction { /** * Configuration to invoke a stage of a target API. Only REST APIs are supported. See below. */ invokeApi: pulumi.Input; } export interface RoutingRuleActionInvokeApi { /** * Action to invoke a stage of a target API. Only REST APIs are supported. */ apiId: pulumi.Input; /** * Action to invoke a stage of a target API. Only REST APIs are supported. */ stage: pulumi.Input; /** * Action to invoke a stage of a target API. Only REST APIs are supported. */ stripBasePath?: pulumi.Input; } export interface RoutingRuleCondition { /** * The base path to be matched. See below. */ matchBasePaths?: pulumi.Input; /** * The headers to be matched. See below. */ matchHeaders?: pulumi.Input; } export interface RoutingRuleConditionMatchBasePaths { /** * List of strings of the case sensitive base path to be matched. */ anyOfs: pulumi.Input[]>; } export interface RoutingRuleConditionMatchHeaders { /** * Configuration of the headers to be matched. There is a match if any of the header name and header value globs are matched. See below. */ anyOf: pulumi.Input; } export interface RoutingRuleConditionMatchHeadersAnyOf { /** * The case insensitive header name to be matched. The header name must be less than 40 characters and the only allowed characters are a-z, A-Z, 0-9, and the following special characters: *?-!#$%&'.^_`|~. */ header: pulumi.Input; /** * The case sensitive header glob value to be matched against entire header value. The header glob value must be less than 128 characters and the only allowed characters are a-z, A-Z, 0-9, and the following special characters: \*?-!#$%&'.^_`|~. Wildcard matching is supported for header glob values but must be for \*prefix-match, suffix-match*, or \*infix*-match. */ valueGlob: pulumi.Input; } export interface StageAccessLogSettings { /** * ARN of the CloudWatch Logs log group to receive access logs. Any trailing `:*` is trimmed from the ARN. */ destinationArn: pulumi.Input; /** * Single line [format](https://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-logging.html#apigateway-cloudwatch-log-formats) of the access logs of data. Refer to log settings for [HTTP](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-logging-variables.html) or [Websocket](https://docs.aws.amazon.com/apigateway/latest/developerguide/websocket-api-logging.html). */ format: pulumi.Input; } export interface StageDefaultRouteSettings { /** * Whether data trace logging is enabled for the default route. Affects the log entries pushed to Amazon CloudWatch Logs. * Defaults to `false`. Supported only for WebSocket APIs. */ dataTraceEnabled?: pulumi.Input; /** * Whether detailed metrics are enabled for the default route. Defaults to `false`. */ detailedMetricsEnabled?: pulumi.Input; /** * Logging level for the default route. Affects the log entries pushed to Amazon CloudWatch Logs. * Valid values: `ERROR`, `INFO`, `OFF`. Defaults to `OFF`. Supported only for WebSocket APIs. This provider will only perform drift detection of its value when present in a configuration. */ loggingLevel?: pulumi.Input; /** * Throttling burst limit for the default route. */ throttlingBurstLimit?: pulumi.Input; /** * Throttling rate limit for the default route. */ throttlingRateLimit?: pulumi.Input; } export interface StageRouteSetting { /** * Whether data trace logging is enabled for the route. Affects the log entries pushed to Amazon CloudWatch Logs. * Defaults to `false`. Supported only for WebSocket APIs. */ dataTraceEnabled?: pulumi.Input; /** * Whether detailed metrics are enabled for the route. Defaults to `false`. */ detailedMetricsEnabled?: pulumi.Input; /** * Logging level for the route. Affects the log entries pushed to Amazon CloudWatch Logs. * Valid values: `ERROR`, `INFO`, `OFF`. Defaults to `OFF`. Supported only for WebSocket APIs. This provider will only perform drift detection of its value when present in a configuration. */ loggingLevel?: pulumi.Input; /** * Route key. */ routeKey: pulumi.Input; /** * Throttling burst limit for the route. */ throttlingBurstLimit?: pulumi.Input; /** * Throttling rate limit for the route. */ throttlingRateLimit?: pulumi.Input; } } export namespace appautoscaling { export interface PolicyPredictiveScalingPolicyConfiguration { /** * The behavior that should be applied if the forecast capacity approaches or exceeds the maximum capacity. Valid values are `HonorMaxCapacity` and `IncreaseMaxCapacity`. */ maxCapacityBreachBehavior?: pulumi.Input; /** * Size of the capacity buffer to use when the forecast capacity is close to or exceeds the maximum capacity. The value is specified as a percentage relative to the forecast capacity. Required if the `maxCapacityBreachBehavior` argument is set to `IncreaseMaxCapacity`, and cannot be used otherwise. */ maxCapacityBuffer?: pulumi.Input; /** * Metrics and target utilization to use for predictive scaling. See supported fields below. */ metricSpecifications: pulumi.Input[]>; /** * Predictive scaling mode. Valid values are `ForecastOnly` and `ForecastAndScale`. */ mode?: pulumi.Input; /** * Amount of time, in seconds, that the start time can be advanced. */ schedulingBufferTime?: pulumi.Input; } export interface PolicyPredictiveScalingPolicyConfigurationMetricSpecification { /** * Customized capacity metric specification. See supported fields below. */ customizedCapacityMetricSpecification?: pulumi.Input; /** * Customized load metric specification. See supported fields below. */ customizedLoadMetricSpecification?: pulumi.Input; /** * Customized scaling metric specification. See supported fields below. */ customizedScalingMetricSpecification?: pulumi.Input; /** * Predefined load metric specification. See supported fields below. */ predefinedLoadMetricSpecification?: pulumi.Input; /** * Predefined metric pair specification that determines the appropriate scaling metric and load metric to use. See supported fields below. */ predefinedMetricPairSpecification?: pulumi.Input; /** * Predefined scaling metric specification. See supported fields below. */ predefinedScalingMetricSpecification?: pulumi.Input; /** * Target utilization. */ targetValue: pulumi.Input; } export interface PolicyPredictiveScalingPolicyConfigurationMetricSpecificationCustomizedCapacityMetricSpecification { /** * One or more metric data queries to provide data points for a metric specification. See supported fields below. */ metricDataQueries: pulumi.Input[]>; } export interface PolicyPredictiveScalingPolicyConfigurationMetricSpecificationCustomizedCapacityMetricSpecificationMetricDataQuery { /** * Math expression to perform on the returned data, if this object is performing a math expression. */ expression?: pulumi.Input; /** * Short name that identifies the object's results in the response. */ id: pulumi.Input; /** * Human-readable label for this metric or expression. */ label?: pulumi.Input; /** * Information about the metric data to return. See supported fields below. */ metricStat?: pulumi.Input; /** * Whether to return the timestamps and raw data values of this metric. */ returnData?: pulumi.Input; } export interface PolicyPredictiveScalingPolicyConfigurationMetricSpecificationCustomizedCapacityMetricSpecificationMetricDataQueryMetricStat { /** * Structure that defines the CloudWatch metric to return, including the metric name, namespace, and dimensions. */ metric: pulumi.Input; /** * Statistic of the metrics to return. */ stat: pulumi.Input; /** * Unit of the metrics to return. */ unit?: pulumi.Input; } export interface PolicyPredictiveScalingPolicyConfigurationMetricSpecificationCustomizedCapacityMetricSpecificationMetricDataQueryMetricStatMetric { /** * Dimensions of the metric. See supported fields below. */ dimensions?: pulumi.Input[]>; /** * Name of the metric. */ metricName?: pulumi.Input; /** * Namespace of the metric. */ namespace?: pulumi.Input; } export interface PolicyPredictiveScalingPolicyConfigurationMetricSpecificationCustomizedCapacityMetricSpecificationMetricDataQueryMetricStatMetricDimension { /** * Name of the dimension. */ name: pulumi.Input; /** * Value of the dimension. */ value: pulumi.Input; } export interface PolicyPredictiveScalingPolicyConfigurationMetricSpecificationCustomizedLoadMetricSpecification { /** * One or more metric data queries to provide data points for a metric specification. See supported fields below. */ metricDataQueries: pulumi.Input[]>; } export interface PolicyPredictiveScalingPolicyConfigurationMetricSpecificationCustomizedLoadMetricSpecificationMetricDataQuery { /** * Math expression to perform on the returned data, if this object is performing a math expression. */ expression?: pulumi.Input; /** * Short name that identifies the object's results in the response. */ id: pulumi.Input; /** * Human-readable label for this metric or expression. */ label?: pulumi.Input; /** * Information about the metric data to return. See supported fields below. */ metricStat?: pulumi.Input; /** * Whether to return the timestamps and raw data values of this metric. */ returnData?: pulumi.Input; } export interface PolicyPredictiveScalingPolicyConfigurationMetricSpecificationCustomizedLoadMetricSpecificationMetricDataQueryMetricStat { /** * Structure that defines the CloudWatch metric to return, including the metric name, namespace, and dimensions. */ metric: pulumi.Input; /** * Statistic of the metrics to return. */ stat: pulumi.Input; /** * Unit of the metrics to return. */ unit?: pulumi.Input; } export interface PolicyPredictiveScalingPolicyConfigurationMetricSpecificationCustomizedLoadMetricSpecificationMetricDataQueryMetricStatMetric { /** * Dimensions of the metric. See supported fields below. */ dimensions?: pulumi.Input[]>; /** * Name of the metric. */ metricName?: pulumi.Input; /** * Namespace of the metric. */ namespace?: pulumi.Input; } export interface PolicyPredictiveScalingPolicyConfigurationMetricSpecificationCustomizedLoadMetricSpecificationMetricDataQueryMetricStatMetricDimension { /** * Name of the dimension. */ name: pulumi.Input; /** * Value of the dimension. */ value: pulumi.Input; } export interface PolicyPredictiveScalingPolicyConfigurationMetricSpecificationCustomizedScalingMetricSpecification { /** * One or more metric data queries to provide data points for a metric specification. See supported fields below. */ metricDataQueries: pulumi.Input[]>; } export interface PolicyPredictiveScalingPolicyConfigurationMetricSpecificationCustomizedScalingMetricSpecificationMetricDataQuery { /** * Math expression to perform on the returned data, if this object is performing a math expression. */ expression?: pulumi.Input; /** * Short name that identifies the object's results in the response. */ id: pulumi.Input; /** * Human-readable label for this metric or expression. */ label?: pulumi.Input; /** * Information about the metric data to return. See supported fields below. */ metricStat?: pulumi.Input; /** * Whether to return the timestamps and raw data values of this metric. */ returnData?: pulumi.Input; } export interface PolicyPredictiveScalingPolicyConfigurationMetricSpecificationCustomizedScalingMetricSpecificationMetricDataQueryMetricStat { /** * Structure that defines the CloudWatch metric to return, including the metric name, namespace, and dimensions. */ metric: pulumi.Input; /** * Statistic of the metrics to return. */ stat: pulumi.Input; /** * Unit of the metrics to return. */ unit?: pulumi.Input; } export interface PolicyPredictiveScalingPolicyConfigurationMetricSpecificationCustomizedScalingMetricSpecificationMetricDataQueryMetricStatMetric { /** * Dimensions of the metric. See supported fields below. */ dimensions?: pulumi.Input[]>; /** * Name of the metric. */ metricName?: pulumi.Input; /** * Namespace of the metric. */ namespace?: pulumi.Input; } export interface PolicyPredictiveScalingPolicyConfigurationMetricSpecificationCustomizedScalingMetricSpecificationMetricDataQueryMetricStatMetricDimension { /** * Name of the dimension. */ name: pulumi.Input; /** * Value of the dimension. */ value: pulumi.Input; } export interface PolicyPredictiveScalingPolicyConfigurationMetricSpecificationPredefinedLoadMetricSpecification { /** * Metric type. */ predefinedMetricType: pulumi.Input; /** * Label that uniquely identifies a target group. */ resourceLabel?: pulumi.Input; } export interface PolicyPredictiveScalingPolicyConfigurationMetricSpecificationPredefinedMetricPairSpecification { /** * Which metrics to use. There are two different types of metrics for each metric type: one is a load metric and one is a scaling metric. */ predefinedMetricType: pulumi.Input; /** * Label that uniquely identifies a specific target group from which to determine the total and average request count. */ resourceLabel?: pulumi.Input; } export interface PolicyPredictiveScalingPolicyConfigurationMetricSpecificationPredefinedScalingMetricSpecification { /** * Metric type. */ predefinedMetricType: pulumi.Input; /** * Label that uniquely identifies a specific target group from which to determine the average request count. */ resourceLabel?: pulumi.Input; } export interface PolicyStepScalingPolicyConfiguration { /** * Whether the adjustment is an absolute number or a percentage of the current capacity. Valid values are `ChangeInCapacity`, `ExactCapacity`, and `PercentChangeInCapacity`. */ adjustmentType?: pulumi.Input; /** * Amount of time, in seconds, after a scaling activity completes and before the next scaling activity can start. */ cooldown?: pulumi.Input; /** * Aggregation type for the policy's metrics. Valid values are "Minimum", "Maximum", and "Average". Without a value, AWS will treat the aggregation type as "Average". */ metricAggregationType?: pulumi.Input; /** * Minimum number to adjust your scalable dimension as a result of a scaling activity. If the adjustment type is PercentChangeInCapacity, the scaling policy changes the scalable dimension of the scalable target by this amount. */ minAdjustmentMagnitude?: pulumi.Input; /** * Set of adjustments that manage scaling. These have the following structure: * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * const ecsPolicy = new aws.appautoscaling.Policy("ecs_policy", {stepScalingPolicyConfiguration: { * stepAdjustments: [ * { * metricIntervalLowerBound: "1", * metricIntervalUpperBound: "2", * scalingAdjustment: -1, * }, * { * metricIntervalLowerBound: "2", * metricIntervalUpperBound: "3", * scalingAdjustment: 1, * }, * ], * }}); * ``` */ stepAdjustments?: pulumi.Input[]>; } export interface PolicyStepScalingPolicyConfigurationStepAdjustment { /** * Lower bound for the difference between the alarm threshold and the CloudWatch metric. Without a value, AWS will treat this bound as negative infinity. */ metricIntervalLowerBound?: pulumi.Input; /** * Upper bound for the difference between the alarm threshold and the CloudWatch metric. Without a value, AWS will treat this bound as infinity. The upper bound must be greater than the lower bound. */ metricIntervalUpperBound?: pulumi.Input; /** * Number of members by which to scale, when the adjustment bounds are breached. A positive value scales up. A negative value scales down. */ scalingAdjustment: pulumi.Input; } export interface PolicyTargetTrackingScalingPolicyConfiguration { /** * Custom CloudWatch metric. Documentation can be found at: [AWS Customized Metric Specification](https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_CustomizedMetricSpecification.html). See supported fields below. */ customizedMetricSpecification?: pulumi.Input; /** * Whether scale in by the target tracking policy is disabled. If the value is true, scale in is disabled and the target tracking policy won't remove capacity from the scalable resource. Otherwise, scale in is enabled and the target tracking policy can remove capacity from the scalable resource. The default value is `false`. */ disableScaleIn?: pulumi.Input; /** * Predefined metric. See supported fields below. */ predefinedMetricSpecification?: pulumi.Input; /** * Amount of time, in seconds, after a scale in activity completes before another scale in activity can start. */ scaleInCooldown?: pulumi.Input; /** * Amount of time, in seconds, after a scale out activity completes before another scale out activity can start. */ scaleOutCooldown?: pulumi.Input; /** * Target value for the metric. */ targetValue: pulumi.Input; } export interface PolicyTargetTrackingScalingPolicyConfigurationCustomizedMetricSpecification { /** * Dimensions of the metric. */ dimensions?: pulumi.Input[]>; /** * Name of the metric. */ metricName?: pulumi.Input; /** * Metrics to include, as a metric data query. */ metrics?: pulumi.Input[]>; /** * Namespace of the metric. */ namespace?: pulumi.Input; /** * Statistic of the metric. Valid values: `Average`, `Minimum`, `Maximum`, `SampleCount`, and `Sum`. */ statistic?: pulumi.Input; /** * Unit of the metrics to return. */ unit?: pulumi.Input; } export interface PolicyTargetTrackingScalingPolicyConfigurationCustomizedMetricSpecificationDimension { /** * Name of the dimension. */ name: pulumi.Input; /** * Value of the dimension. */ value: pulumi.Input; } export interface PolicyTargetTrackingScalingPolicyConfigurationCustomizedMetricSpecificationMetric { /** * Math expression used on the returned metric. You must specify either `expression` or `metricStat`, but not both. */ expression?: pulumi.Input; /** * Short name for the metric used in target tracking scaling policy. */ id: pulumi.Input; /** * Human-readable label for this metric or expression. */ label?: pulumi.Input; /** * Structure that defines CloudWatch metric to be used in target tracking scaling policy. You must specify either `expression` or `metricStat`, but not both. */ metricStat?: pulumi.Input; /** * Boolean that indicates whether to return the timestamps and raw data values of this metric, the default is true */ returnData?: pulumi.Input; } export interface PolicyTargetTrackingScalingPolicyConfigurationCustomizedMetricSpecificationMetricMetricStat { /** * Structure that defines the CloudWatch metric to return, including the metric name, namespace, and dimensions. */ metric: pulumi.Input; /** * Statistic of the metrics to return. */ stat: pulumi.Input; /** * Unit of the metrics to return. */ unit?: pulumi.Input; } export interface PolicyTargetTrackingScalingPolicyConfigurationCustomizedMetricSpecificationMetricMetricStatMetric { /** * Dimensions of the metric. */ dimensions?: pulumi.Input[]>; /** * Name of the metric. */ metricName: pulumi.Input; /** * Namespace of the metric. */ namespace: pulumi.Input; } export interface PolicyTargetTrackingScalingPolicyConfigurationCustomizedMetricSpecificationMetricMetricStatMetricDimension { /** * Name of the dimension. */ name: pulumi.Input; /** * Value of the dimension. */ value: pulumi.Input; } export interface PolicyTargetTrackingScalingPolicyConfigurationPredefinedMetricSpecification { /** * Metric type. */ predefinedMetricType: pulumi.Input; /** * Reserved for future use if the `predefinedMetricType` is not `ALBRequestCountPerTarget`. If the `predefinedMetricType` is `ALBRequestCountPerTarget`, you must specify this argument. Documentation can be found at: [AWS Predefined Scaling Metric Specification](https://docs.aws.amazon.com/autoscaling/plans/APIReference/API_PredefinedScalingMetricSpecification.html). Must be less than or equal to 1023 characters in length. */ resourceLabel?: pulumi.Input; } export interface ScheduledActionScalableTargetAction { /** * Maximum capacity. At least one of `maxCapacity` or `minCapacity` must be set. */ maxCapacity?: pulumi.Input; /** * Minimum capacity. At least one of `minCapacity` or `maxCapacity` must be set. */ minCapacity?: pulumi.Input; } export interface TargetSuspendedState { /** * Whether scale in by a target tracking scaling policy or a step scaling policy is suspended. Default is `false`. */ dynamicScalingInSuspended?: pulumi.Input; /** * Whether scale out by a target tracking scaling policy or a step scaling policy is suspended. Default is `false`. */ dynamicScalingOutSuspended?: pulumi.Input; /** * Whether scheduled scaling is suspended. Default is `false`. */ scheduledScalingSuspended?: pulumi.Input; } } export namespace appconfig { export interface ConfigurationProfileValidator { /** * Either the JSON Schema content or the ARN of an AWS Lambda function. */ content?: pulumi.Input; /** * Type of validator. Valid values: `JSON_SCHEMA` and `LAMBDA`. */ type: pulumi.Input; } export interface EnvironmentMonitor { /** * ARN of the Amazon CloudWatch alarm. */ alarmArn: pulumi.Input; /** * ARN of an IAM role for AWS AppConfig to monitor `alarmArn`. */ alarmRoleArn?: pulumi.Input; } export interface EventIntegrationEventFilter { /** * Source of the events. */ source: pulumi.Input; } export interface ExtensionActionPoint { /** * An action defines the tasks the extension performs during the AppConfig workflow. Detailed below. */ actions: pulumi.Input[]>; /** * The point at which to perform the defined actions. Valid points are `PRE_CREATE_HOSTED_CONFIGURATION_VERSION`, `PRE_START_DEPLOYMENT`, `ON_DEPLOYMENT_START`, `ON_DEPLOYMENT_STEP`, `ON_DEPLOYMENT_BAKING`, `ON_DEPLOYMENT_COMPLETE`, `ON_DEPLOYMENT_ROLLED_BACK`. */ point: pulumi.Input; } export interface ExtensionActionPointAction { /** * Information about the action. */ description?: pulumi.Input; /** * The action name. */ name: pulumi.Input; /** * An Amazon Resource Name (ARN) for an Identity and Access Management assume role. */ roleArn?: pulumi.Input; /** * The extension URI associated to the action point in the extension definition. The URI can be an Amazon Resource Name (ARN) for one of the following: an Lambda function, an Amazon Simple Queue Service queue, an Amazon Simple Notification Service topic, or the Amazon EventBridge default event bus. */ uri: pulumi.Input; } export interface ExtensionParameter { /** * Information about the parameter. */ description?: pulumi.Input; /** * The parameter name. */ name: pulumi.Input; /** * Determines if a parameter value must be specified in the extension association. */ required?: pulumi.Input; } } export namespace appfabric { export interface AppAuthorizationConnectionAuthRequest { /** * The authorization code returned by the application after permission is granted in the application OAuth page (after clicking on the AuthURL).. */ code: pulumi.Input; /** * The redirect URL that is specified in the AuthURL and the application client. */ redirectUri: pulumi.Input; } export interface AppAuthorizationConnectionTenant { tenantDisplayName: pulumi.Input; tenantIdentifier: pulumi.Input; } export interface AppAuthorizationConnectionTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; } export interface AppAuthorizationCredential { /** * Contains API key credential information. */ apiKeyCredentials?: pulumi.Input[]>; /** * Contains OAuth2 client credential information. */ oauth2Credential?: pulumi.Input; } export interface AppAuthorizationCredentialApiKeyCredential { /** * Contains API key credential information. */ apiKey: pulumi.Input; } export interface AppAuthorizationCredentialOauth2Credential { /** * The client ID of the client application. */ clientId: pulumi.Input; /** * The client secret of the client application. */ clientSecret: pulumi.Input; } export interface AppAuthorizationTenant { /** * The display name of the tenant. */ tenantDisplayName: pulumi.Input; /** * The ID of the application tenant. */ tenantIdentifier: pulumi.Input; } export interface AppAuthorizationTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface IngestionDestinationDestinationConfiguration { /** * Contains information about an audit log processing configuration. */ auditLog: pulumi.Input; } export interface IngestionDestinationDestinationConfigurationAuditLog { /** * Contains information about an audit log destination. Only one destination (Firehose Stream) or (S3 Bucket) can be specified. */ destination: pulumi.Input; } export interface IngestionDestinationDestinationConfigurationAuditLogDestination { /** * Contains information about an Amazon Data Firehose delivery stream. */ firehoseStream?: pulumi.Input; /** * Contains information about an Amazon S3 bucket. */ s3Bucket?: pulumi.Input; } export interface IngestionDestinationDestinationConfigurationAuditLogDestinationFirehoseStream { streamName: pulumi.Input; } export interface IngestionDestinationDestinationConfigurationAuditLogDestinationS3Bucket { bucketName: pulumi.Input; /** * The object key to use. */ prefix?: pulumi.Input; } export interface IngestionDestinationProcessingConfiguration { /** * Contains information about an audit log processing configuration. */ auditLog: pulumi.Input; } export interface IngestionDestinationProcessingConfigurationAuditLog { /** * The format in which the audit logs need to be formatted. Valid values: `json`, `parquet`. */ format: pulumi.Input; /** * The event schema in which the audit logs need to be formatted. Valid values: `ocsf`, `raw`. */ schema: pulumi.Input; } export interface IngestionDestinationTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } } export namespace appflow { export interface ConnectorProfileConnectorProfileConfig { /** * The connector-specific credentials required by each connector. See Connector Profile Credentials for more details. */ connectorProfileCredentials: pulumi.Input; /** * The connector-specific properties of the profile configuration. See Connector Profile Properties for more details. */ connectorProfileProperties: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfileCredentials { /** * The connector-specific credentials required when using Amplitude. See Amplitude Connector Profile Credentials for more details. */ amplitude?: pulumi.Input; /** * The connector-specific profile credentials required when using the custom connector. See Custom Connector Profile Credentials for more details. */ customConnector?: pulumi.Input; /** * Connector-specific credentials required when using Datadog. See Datadog Connector Profile Credentials for more details. */ datadog?: pulumi.Input; /** * The connector-specific credentials required when using Dynatrace. See Dynatrace Connector Profile Credentials for more details. */ dynatrace?: pulumi.Input; /** * The connector-specific credentials required when using Google Analytics. See Google Analytics Connector Profile Credentials for more details. */ googleAnalytics?: pulumi.Input; /** * The connector-specific credentials required when using Amazon Honeycode. See Honeycode Connector Profile Credentials for more details. */ honeycode?: pulumi.Input; /** * The connector-specific credentials required when using Infor Nexus. See Infor Nexus Connector Profile Credentials for more details. */ inforNexus?: pulumi.Input; /** * Connector-specific credentials required when using Marketo. See Marketo Connector Profile Credentials for more details. */ marketo?: pulumi.Input; /** * Connector-specific credentials required when using Amazon Redshift. See Redshift Connector Profile Credentials for more details. */ redshift?: pulumi.Input; /** * The connector-specific credentials required when using Salesforce. See Salesforce Connector Profile Credentials for more details. */ salesforce?: pulumi.Input; /** * The connector-specific credentials required when using SAPOData. See SAPOData Connector Profile Credentials for more details. */ sapoData?: pulumi.Input; /** * The connector-specific credentials required when using ServiceNow. See ServiceNow Connector Profile Credentials for more details. */ serviceNow?: pulumi.Input; /** * Connector-specific credentials required when using Singular. See Singular Connector Profile Credentials for more details. */ singular?: pulumi.Input; /** * Connector-specific credentials required when using Slack. See Slack Connector Profile Credentials for more details. */ slack?: pulumi.Input; /** * The connector-specific credentials required when using Snowflake. See Snowflake Connector Profile Credentials for more details. */ snowflake?: pulumi.Input; /** * The connector-specific credentials required when using Trend Micro. See Trend Micro Connector Profile Credentials for more details. */ trendmicro?: pulumi.Input; /** * Connector-specific credentials required when using Veeva. See Veeva Connector Profile Credentials for more details. */ veeva?: pulumi.Input; /** * Connector-specific credentials required when using Zendesk. See Zendesk Connector Profile Credentials for more details. */ zendesk?: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfileCredentialsAmplitude { apiKey: pulumi.Input; /** * The Secret Access Key portion of the credentials. */ secretKey: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfileCredentialsCustomConnector { apiKey?: pulumi.Input; /** * The authentication type that the custom connector uses for authenticating while creating a connector profile. One of: `APIKEY`, `BASIC`, `CUSTOM`, `OAUTH2`. */ authenticationType: pulumi.Input; /** * Basic credentials that are required for the authentication of the user. */ basic?: pulumi.Input; /** * If the connector uses the custom authentication mechanism, this holds the required credentials. */ custom?: pulumi.Input; /** * OAuth 2.0 credentials required for the authentication of the user. */ oauth2?: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfileCredentialsCustomConnectorApiKey { apiKey: pulumi.Input; apiSecretKey?: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfileCredentialsCustomConnectorBasic { password: pulumi.Input; username: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfileCredentialsCustomConnectorCustom { /** * A map that holds custom authentication credentials. */ credentialsMap?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * The custom authentication type that the connector uses. */ customAuthenticationType: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfileCredentialsCustomConnectorOauth2 { accessToken?: pulumi.Input; clientId?: pulumi.Input; clientSecret?: pulumi.Input; oauthRequest?: pulumi.Input; refreshToken?: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfileCredentialsCustomConnectorOauth2OauthRequest { /** * The code provided by the connector when it has been authenticated via the connected app. */ authCode?: pulumi.Input; /** * The URL to which the authentication server redirects the browser after authorization has been granted. */ redirectUri?: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfileCredentialsDatadog { apiKey: pulumi.Input; /** * Application keys, in conjunction with your API key, give you full access to Datadog’s programmatic API. Application keys are associated with the user account that created them. The application key is used to log all requests made to the API. */ applicationKey: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfileCredentialsDynatrace { /** * The API tokens used by Dynatrace API to authenticate various API calls. */ apiToken: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfileCredentialsGoogleAnalytics { accessToken?: pulumi.Input; clientId: pulumi.Input; clientSecret: pulumi.Input; oauthRequest?: pulumi.Input; refreshToken?: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfileCredentialsGoogleAnalyticsOauthRequest { /** * The code provided by the connector when it has been authenticated via the connected app. */ authCode?: pulumi.Input; /** * The URL to which the authentication server redirects the browser after authorization has been granted. */ redirectUri?: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfileCredentialsHoneycode { accessToken?: pulumi.Input; oauthRequest?: pulumi.Input; refreshToken?: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfileCredentialsHoneycodeOauthRequest { /** * The code provided by the connector when it has been authenticated via the connected app. */ authCode?: pulumi.Input; /** * The URL to which the authentication server redirects the browser after authorization has been granted. */ redirectUri?: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfileCredentialsInforNexus { /** * The Access Key portion of the credentials. */ accessKeyId: pulumi.Input; /** * Encryption keys used to encrypt data. */ datakey: pulumi.Input; /** * The secret key used to sign requests. */ secretAccessKey: pulumi.Input; /** * Identifier for the user. */ userId: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfileCredentialsMarketo { accessToken?: pulumi.Input; clientId: pulumi.Input; clientSecret: pulumi.Input; oauthRequest?: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfileCredentialsMarketoOauthRequest { /** * The code provided by the connector when it has been authenticated via the connected app. */ authCode?: pulumi.Input; /** * The URL to which the authentication server redirects the browser after authorization has been granted. */ redirectUri?: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfileCredentialsRedshift { password: pulumi.Input; username: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfileCredentialsSalesforce { accessToken?: pulumi.Input; /** * The secret manager ARN, which contains the client ID and client secret of the connected app. */ clientCredentialsArn?: pulumi.Input; /** * A JSON web token (JWT) that authorizes access to Salesforce records. */ jwtToken?: pulumi.Input; oauth2GrantType?: pulumi.Input; oauthRequest?: pulumi.Input; refreshToken?: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfileCredentialsSalesforceOauthRequest { /** * The code provided by the connector when it has been authenticated via the connected app. */ authCode?: pulumi.Input; /** * The URL to which the authentication server redirects the browser after authorization has been granted. */ redirectUri?: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfileCredentialsSapoData { /** * The SAPOData basic authentication credentials. */ basicAuthCredentials?: pulumi.Input; /** * The SAPOData OAuth type authentication credentials. */ oauthCredentials?: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfileCredentialsSapoDataBasicAuthCredentials { password: pulumi.Input; username: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfileCredentialsSapoDataOauthCredentials { accessToken?: pulumi.Input; clientId: pulumi.Input; clientSecret: pulumi.Input; oauthRequest?: pulumi.Input; refreshToken?: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfileCredentialsSapoDataOauthCredentialsOauthRequest { /** * The code provided by the connector when it has been authenticated via the connected app. */ authCode?: pulumi.Input; /** * The URL to which the authentication server redirects the browser after authorization has been granted. */ redirectUri?: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfileCredentialsServiceNow { password: pulumi.Input; username: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfileCredentialsSingular { apiKey: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfileCredentialsSlack { accessToken?: pulumi.Input; clientId: pulumi.Input; clientSecret: pulumi.Input; oauthRequest?: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfileCredentialsSlackOauthRequest { /** * The code provided by the connector when it has been authenticated via the connected app. */ authCode?: pulumi.Input; /** * The URL to which the authentication server redirects the browser after authorization has been granted. */ redirectUri?: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfileCredentialsSnowflake { password: pulumi.Input; username: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfileCredentialsTrendmicro { apiSecretKey: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfileCredentialsVeeva { password: pulumi.Input; username: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfileCredentialsZendesk { accessToken?: pulumi.Input; clientId: pulumi.Input; clientSecret: pulumi.Input; oauthRequest?: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfileCredentialsZendeskOauthRequest { /** * The code provided by the connector when it has been authenticated via the connected app. */ authCode?: pulumi.Input; /** * The URL to which the authentication server redirects the browser after authorization has been granted. */ redirectUri?: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfileProperties { /** * The connector-specific credentials required when using Amplitude. See Amplitude Connector Profile Credentials for more details. */ amplitude?: pulumi.Input; /** * The connector-specific profile properties required when using the custom connector. See Custom Connector Profile Properties for more details. */ customConnector?: pulumi.Input; /** * Connector-specific properties required when using Datadog. See Generic Connector Profile Properties for more details. */ datadog?: pulumi.Input; /** * The connector-specific properties required when using Dynatrace. See Generic Connector Profile Properties for more details. */ dynatrace?: pulumi.Input; /** * The connector-specific credentials required when using Google Analytics. See Google Analytics Connector Profile Credentials for more details. */ googleAnalytics?: pulumi.Input; /** * The connector-specific credentials required when using Amazon Honeycode. See Honeycode Connector Profile Credentials for more details. */ honeycode?: pulumi.Input; /** * The connector-specific properties required when using Infor Nexus. See Generic Connector Profile Properties for more details. */ inforNexus?: pulumi.Input; /** * Connector-specific properties required when using Marketo. See Generic Connector Profile Properties for more details. */ marketo?: pulumi.Input; /** * Connector-specific properties required when using Amazon Redshift. See Redshift Connector Profile Properties for more details. */ redshift?: pulumi.Input; /** * The connector-specific properties required when using Salesforce. See Salesforce Connector Profile Properties for more details. */ salesforce?: pulumi.Input; /** * The connector-specific properties required when using SAPOData. See SAPOData Connector Profile Properties for more details. */ sapoData?: pulumi.Input; /** * The connector-specific properties required when using ServiceNow. See Generic Connector Profile Properties for more details. */ serviceNow?: pulumi.Input; /** * Connector-specific credentials required when using Singular. See Singular Connector Profile Credentials for more details. */ singular?: pulumi.Input; /** * Connector-specific properties required when using Slack. See Generic Connector Profile Properties for more details. */ slack?: pulumi.Input; /** * The connector-specific properties required when using Snowflake. See Snowflake Connector Profile Properties for more details. */ snowflake?: pulumi.Input; /** * The connector-specific credentials required when using Trend Micro. See Trend Micro Connector Profile Credentials for more details. */ trendmicro?: pulumi.Input; /** * Connector-specific properties required when using Veeva. See Generic Connector Profile Properties for more details. */ veeva?: pulumi.Input; /** * Connector-specific properties required when using Zendesk. See Generic Connector Profile Properties for more details. */ zendesk?: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfilePropertiesAmplitude { } export interface ConnectorProfileConnectorProfileConfigConnectorProfilePropertiesCustomConnector { /** * The OAuth 2.0 properties required for OAuth 2.0 authentication. */ oauth2Properties?: pulumi.Input; /** * A map of properties that are required to create a profile for the custom connector. */ profileProperties?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface ConnectorProfileConnectorProfileConfigConnectorProfilePropertiesCustomConnectorOauth2Properties { oauth2GrantType: pulumi.Input; tokenUrl: pulumi.Input; /** * Associates your token URL with a map of properties that you define. Use this parameter to provide any additional details that the connector requires to authenticate your request. */ tokenUrlCustomProperties?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface ConnectorProfileConnectorProfileConfigConnectorProfilePropertiesDatadog { instanceUrl: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfilePropertiesDynatrace { instanceUrl: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfilePropertiesGoogleAnalytics { } export interface ConnectorProfileConnectorProfileConfigConnectorProfilePropertiesHoneycode { } export interface ConnectorProfileConnectorProfileConfigConnectorProfilePropertiesInforNexus { instanceUrl: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfilePropertiesMarketo { instanceUrl: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfilePropertiesRedshift { bucketName: pulumi.Input; bucketPrefix?: pulumi.Input; /** * The unique ID that's assigned to an Amazon Redshift cluster. */ clusterIdentifier?: pulumi.Input; /** * ARN of the IAM role that permits AppFlow to access the database through Data API. */ dataApiRoleArn?: pulumi.Input; /** * The name of an Amazon Redshift database. */ databaseName?: pulumi.Input; /** * The JDBC URL of the Amazon Redshift cluster. */ databaseUrl?: pulumi.Input; /** * ARN of the IAM role. */ roleArn: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfilePropertiesSalesforce { instanceUrl?: pulumi.Input; /** * Indicates whether the connector profile applies to a sandbox or production environment. */ isSandboxEnvironment?: pulumi.Input; /** * Indicates whether Amazon AppFlow uses the private network to send metadata and authorization calls to Salesforce. Amazon AppFlow sends private calls through AWS PrivateLink. These calls travel through AWS infrastructure without being exposed to the public internet. */ usePrivatelinkForMetadataAndAuthorization?: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfilePropertiesSapoData { /** * The location of the SAPOData resource. */ applicationHostUrl: pulumi.Input; /** * The application path to catalog service. */ applicationServicePath: pulumi.Input; /** * The client number for the client creating the connection. */ clientNumber: pulumi.Input; /** * The logon language of SAPOData instance. */ logonLanguage?: pulumi.Input; /** * The SAPOData OAuth properties required for OAuth type authentication. */ oauthProperties?: pulumi.Input; /** * The port number of the SAPOData instance. */ portNumber: pulumi.Input; privateLinkServiceName?: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfilePropertiesSapoDataOauthProperties { /** * The authorization code url required to redirect to SAP Login Page to fetch authorization code for OAuth type authentication. */ authCodeUrl: pulumi.Input; /** * The OAuth scopes required for OAuth type authentication. */ oauthScopes: pulumi.Input[]>; tokenUrl: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfilePropertiesServiceNow { instanceUrl: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfilePropertiesSingular { } export interface ConnectorProfileConnectorProfileConfigConnectorProfilePropertiesSlack { instanceUrl: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfilePropertiesSnowflake { /** * The name of the account. */ accountName?: pulumi.Input; bucketName: pulumi.Input; bucketPrefix?: pulumi.Input; privateLinkServiceName?: pulumi.Input; /** * Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration. * * `name ` (Required) - Name of the connector profile. The name is unique for each `ConnectorProfile` in your AWS account. */ region?: pulumi.Input; /** * Name of the Amazon S3 stage that was created while setting up an Amazon S3 stage in the Snowflake account. This is written in the following format: `..`. */ stage: pulumi.Input; /** * The name of the Snowflake warehouse. */ warehouse: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfilePropertiesTrendmicro { } export interface ConnectorProfileConnectorProfileConfigConnectorProfilePropertiesVeeva { instanceUrl: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfilePropertiesZendesk { instanceUrl: pulumi.Input; } export interface FlowDestinationFlowConfig { /** * API version that the destination connector uses. */ apiVersion?: pulumi.Input; /** * Name of the connector profile. This name must be unique for each connector profile in the AWS account. */ connectorProfileName?: pulumi.Input; /** * Type of connector, such as Salesforce, Amplitude, and so on. Valid values are `Salesforce`, `Singular`, `Slack`, `Redshift`, `S3`, `Marketo`, `Googleanalytics`, `Zendesk`, `Servicenow`, `Datadog`, `Trendmicro`, `Snowflake`, `Dynatrace`, `Infornexus`, `Amplitude`, `Veeva`, `EventBridge`, `LookoutMetrics`, `Upsolver`, `Honeycode`, `CustomerProfiles`, `SAPOData`, and `CustomConnector`. */ connectorType: pulumi.Input; /** * This stores the information that is required to query a particular connector. See Destination Connector Properties for more information. */ destinationConnectorProperties: pulumi.Input; } export interface FlowDestinationFlowConfigDestinationConnectorProperties { /** * Properties that are required to query the custom Connector. See Custom Connector Destination Properties for more details. */ customConnector?: pulumi.Input; /** * Properties that are required to query Amazon Connect Customer Profiles. See Customer Profiles Destination Properties for more details. */ customerProfiles?: pulumi.Input; /** * Properties that are required to query Amazon EventBridge. See Generic Destination Properties for more details. */ eventBridge?: pulumi.Input; /** * Properties that are required to query Amazon Honeycode. See Generic Destination Properties for more details. */ honeycode?: pulumi.Input; lookoutMetrics?: pulumi.Input; /** * Properties that are required to query Marketo. See Generic Destination Properties for more details. */ marketo?: pulumi.Input; /** * Properties that are required to query Amazon Redshift. See Redshift Destination Properties for more details. */ redshift?: pulumi.Input; /** * Properties that are required to query Amazon S3. See S3 Destination Properties for more details. */ s3?: pulumi.Input; /** * Properties that are required to query Salesforce. See Salesforce Destination Properties for more details. */ salesforce?: pulumi.Input; /** * Properties that are required to query SAPOData. See SAPOData Destination Properties for more details. */ sapoData?: pulumi.Input; /** * Properties that are required to query Snowflake. See Snowflake Destination Properties for more details. */ snowflake?: pulumi.Input; /** * Properties that are required to query Upsolver. See Upsolver Destination Properties for more details. */ upsolver?: pulumi.Input; /** * Properties that are required to query Zendesk. See Zendesk Destination Properties for more details. */ zendesk?: pulumi.Input; } export interface FlowDestinationFlowConfigDestinationConnectorPropertiesCustomConnector { customProperties?: pulumi.Input<{[key: string]: pulumi.Input}>; entityName: pulumi.Input; errorHandlingConfig?: pulumi.Input; idFieldNames?: pulumi.Input[]>; writeOperationType?: pulumi.Input; } export interface FlowDestinationFlowConfigDestinationConnectorPropertiesCustomConnectorErrorHandlingConfig { /** * Name of the Amazon S3 bucket. */ bucketName?: pulumi.Input; /** * Amazon S3 bucket prefix. */ bucketPrefix?: pulumi.Input; /** * If the flow should fail after the first instance of a failure when attempting to place data in the destination. */ failOnFirstDestinationError?: pulumi.Input; } export interface FlowDestinationFlowConfigDestinationConnectorPropertiesCustomerProfiles { /** * Unique name of the Amazon Connect Customer Profiles domain. */ domainName: pulumi.Input; /** * Object specified in the Amazon Connect Customer Profiles flow destination. */ objectTypeName?: pulumi.Input; } export interface FlowDestinationFlowConfigDestinationConnectorPropertiesEventBridge { errorHandlingConfig?: pulumi.Input; object: pulumi.Input; } export interface FlowDestinationFlowConfigDestinationConnectorPropertiesEventBridgeErrorHandlingConfig { /** * Name of the Amazon S3 bucket. */ bucketName?: pulumi.Input; /** * Amazon S3 bucket prefix. */ bucketPrefix?: pulumi.Input; /** * If the flow should fail after the first instance of a failure when attempting to place data in the destination. */ failOnFirstDestinationError?: pulumi.Input; } export interface FlowDestinationFlowConfigDestinationConnectorPropertiesHoneycode { errorHandlingConfig?: pulumi.Input; object: pulumi.Input; } export interface FlowDestinationFlowConfigDestinationConnectorPropertiesHoneycodeErrorHandlingConfig { /** * Name of the Amazon S3 bucket. */ bucketName?: pulumi.Input; /** * Amazon S3 bucket prefix. */ bucketPrefix?: pulumi.Input; /** * If the flow should fail after the first instance of a failure when attempting to place data in the destination. */ failOnFirstDestinationError?: pulumi.Input; } export interface FlowDestinationFlowConfigDestinationConnectorPropertiesLookoutMetrics { } export interface FlowDestinationFlowConfigDestinationConnectorPropertiesMarketo { errorHandlingConfig?: pulumi.Input; object: pulumi.Input; } export interface FlowDestinationFlowConfigDestinationConnectorPropertiesMarketoErrorHandlingConfig { /** * Name of the Amazon S3 bucket. */ bucketName?: pulumi.Input; /** * Amazon S3 bucket prefix. */ bucketPrefix?: pulumi.Input; /** * If the flow should fail after the first instance of a failure when attempting to place data in the destination. */ failOnFirstDestinationError?: pulumi.Input; } export interface FlowDestinationFlowConfigDestinationConnectorPropertiesRedshift { bucketPrefix?: pulumi.Input; errorHandlingConfig?: pulumi.Input; intermediateBucketName: pulumi.Input; object: pulumi.Input; } export interface FlowDestinationFlowConfigDestinationConnectorPropertiesRedshiftErrorHandlingConfig { /** * Name of the Amazon S3 bucket. */ bucketName?: pulumi.Input; /** * Amazon S3 bucket prefix. */ bucketPrefix?: pulumi.Input; /** * If the flow should fail after the first instance of a failure when attempting to place data in the destination. */ failOnFirstDestinationError?: pulumi.Input; } export interface FlowDestinationFlowConfigDestinationConnectorPropertiesS3 { bucketName: pulumi.Input; bucketPrefix?: pulumi.Input; s3OutputFormatConfig?: pulumi.Input; } export interface FlowDestinationFlowConfigDestinationConnectorPropertiesS3S3OutputFormatConfig { /** * Aggregation settings that you can use to customize the output format of your flow data. See Aggregation Config for more details. */ aggregationConfig?: pulumi.Input; /** * File type that Amazon AppFlow places in the Amazon S3 bucket. Valid values are `CSV`, `JSON`, and `PARQUET`. */ fileType?: pulumi.Input; /** * Determines the prefix that Amazon AppFlow applies to the folder name in the Amazon S3 bucket. You can name folders according to the flow frequency and date. See Prefix Config for more details. */ prefixConfig?: pulumi.Input; /** * Whether the data types from the source system need to be preserved (Only valid for `Parquet` file type) */ preserveSourceDataTyping?: pulumi.Input; } export interface FlowDestinationFlowConfigDestinationConnectorPropertiesS3S3OutputFormatConfigAggregationConfig { /** * Whether Amazon AppFlow aggregates the flow records into a single file, or leave them unaggregated. Valid values are `None` and `SingleFile`. */ aggregationType?: pulumi.Input; /** * The desired file size, in MB, for each output file that Amazon AppFlow writes to the flow destination. Integer value. */ targetFileSize?: pulumi.Input; } export interface FlowDestinationFlowConfigDestinationConnectorPropertiesS3S3OutputFormatConfigPrefixConfig { /** * Determines the level of granularity that's included in the prefix. Valid values are `YEAR`, `MONTH`, `DAY`, `HOUR`, and `MINUTE`. */ prefixFormat?: pulumi.Input; /** * Determines whether the destination file path includes either or both of the selected elements. Valid values are `EXECUTION_ID` and `SCHEMA_VERSION` */ prefixHierarchies?: pulumi.Input[]>; /** * Determines the format of the prefix, and whether it applies to the file name, file path, or both. Valid values are `FILENAME`, `PATH`, and `PATH_AND_FILENAME`. */ prefixType?: pulumi.Input; } export interface FlowDestinationFlowConfigDestinationConnectorPropertiesSalesforce { dataTransferApi?: pulumi.Input; errorHandlingConfig?: pulumi.Input; idFieldNames?: pulumi.Input[]>; object: pulumi.Input; writeOperationType?: pulumi.Input; } export interface FlowDestinationFlowConfigDestinationConnectorPropertiesSalesforceErrorHandlingConfig { /** * Name of the Amazon S3 bucket. */ bucketName?: pulumi.Input; /** * Amazon S3 bucket prefix. */ bucketPrefix?: pulumi.Input; /** * If the flow should fail after the first instance of a failure when attempting to place data in the destination. */ failOnFirstDestinationError?: pulumi.Input; } export interface FlowDestinationFlowConfigDestinationConnectorPropertiesSapoData { errorHandlingConfig?: pulumi.Input; idFieldNames?: pulumi.Input[]>; objectPath: pulumi.Input; /** * Determines how Amazon AppFlow handles the success response that it gets from the connector after placing data. See Success Response Handling Config for more details. */ successResponseHandlingConfig?: pulumi.Input; writeOperationType?: pulumi.Input; } export interface FlowDestinationFlowConfigDestinationConnectorPropertiesSapoDataErrorHandlingConfig { /** * Name of the Amazon S3 bucket. */ bucketName?: pulumi.Input; /** * Amazon S3 bucket prefix. */ bucketPrefix?: pulumi.Input; /** * If the flow should fail after the first instance of a failure when attempting to place data in the destination. */ failOnFirstDestinationError?: pulumi.Input; } export interface FlowDestinationFlowConfigDestinationConnectorPropertiesSapoDataSuccessResponseHandlingConfig { /** * Name of the Amazon S3 bucket. */ bucketName?: pulumi.Input; /** * Amazon S3 bucket prefix. */ bucketPrefix?: pulumi.Input; } export interface FlowDestinationFlowConfigDestinationConnectorPropertiesSnowflake { bucketPrefix?: pulumi.Input; errorHandlingConfig?: pulumi.Input; intermediateBucketName: pulumi.Input; object: pulumi.Input; } export interface FlowDestinationFlowConfigDestinationConnectorPropertiesSnowflakeErrorHandlingConfig { /** * Name of the Amazon S3 bucket. */ bucketName?: pulumi.Input; /** * Amazon S3 bucket prefix. */ bucketPrefix?: pulumi.Input; /** * If the flow should fail after the first instance of a failure when attempting to place data in the destination. */ failOnFirstDestinationError?: pulumi.Input; } export interface FlowDestinationFlowConfigDestinationConnectorPropertiesUpsolver { bucketName: pulumi.Input; bucketPrefix?: pulumi.Input; s3OutputFormatConfig: pulumi.Input; } export interface FlowDestinationFlowConfigDestinationConnectorPropertiesUpsolverS3OutputFormatConfig { /** * Aggregation settings that you can use to customize the output format of your flow data. See Aggregation Config for more details. */ aggregationConfig?: pulumi.Input; /** * File type that Amazon AppFlow places in the Amazon S3 bucket. Valid values are `CSV`, `JSON`, and `PARQUET`. */ fileType?: pulumi.Input; /** * Determines the prefix that Amazon AppFlow applies to the folder name in the Amazon S3 bucket. You can name folders according to the flow frequency and date. See Prefix Config for more details. */ prefixConfig: pulumi.Input; } export interface FlowDestinationFlowConfigDestinationConnectorPropertiesUpsolverS3OutputFormatConfigAggregationConfig { /** * Whether Amazon AppFlow aggregates the flow records into a single file, or leave them unaggregated. Valid values are `None` and `SingleFile`. */ aggregationType?: pulumi.Input; } export interface FlowDestinationFlowConfigDestinationConnectorPropertiesUpsolverS3OutputFormatConfigPrefixConfig { /** * Determines the level of granularity that's included in the prefix. Valid values are `YEAR`, `MONTH`, `DAY`, `HOUR`, and `MINUTE`. */ prefixFormat?: pulumi.Input; /** * Determines whether the destination file path includes either or both of the selected elements. Valid values are `EXECUTION_ID` and `SCHEMA_VERSION` */ prefixHierarchies?: pulumi.Input[]>; /** * Determines the format of the prefix, and whether it applies to the file name, file path, or both. Valid values are `FILENAME`, `PATH`, and `PATH_AND_FILENAME`. */ prefixType: pulumi.Input; } export interface FlowDestinationFlowConfigDestinationConnectorPropertiesZendesk { errorHandlingConfig?: pulumi.Input; idFieldNames?: pulumi.Input[]>; object: pulumi.Input; writeOperationType?: pulumi.Input; } export interface FlowDestinationFlowConfigDestinationConnectorPropertiesZendeskErrorHandlingConfig { /** * Name of the Amazon S3 bucket. */ bucketName?: pulumi.Input; /** * Amazon S3 bucket prefix. */ bucketPrefix?: pulumi.Input; /** * If the flow should fail after the first instance of a failure when attempting to place data in the destination. */ failOnFirstDestinationError?: pulumi.Input; } export interface FlowMetadataCatalogConfig { glueDataCatalog?: pulumi.Input; } export interface FlowMetadataCatalogConfigGlueDataCatalog { /** * The name of an existing Glue database to store the metadata tables that Amazon AppFlow creates. */ databaseName: pulumi.Input; /** * The ARN of an IAM role that grants AppFlow the permissions it needs to create Data Catalog tables, databases, and partitions. */ roleArn: pulumi.Input; /** * A naming prefix for each Data Catalog table that Amazon AppFlow creates */ tablePrefix: pulumi.Input; } export interface FlowSourceFlowConfig { /** * API version that the destination connector uses. */ apiVersion?: pulumi.Input; /** * Name of the connector profile. This name must be unique for each connector profile in the AWS account. */ connectorProfileName?: pulumi.Input; /** * Type of connector, such as Salesforce, Amplitude, and so on. Valid values are `Salesforce`, `Singular`, `Slack`, `Redshift`, `S3`, `Marketo`, `Googleanalytics`, `Zendesk`, `Servicenow`, `Datadog`, `Trendmicro`, `Snowflake`, `Dynatrace`, `Infornexus`, `Amplitude`, `Veeva`, `EventBridge`, `LookoutMetrics`, `Upsolver`, `Honeycode`, `CustomerProfiles`, `SAPOData`, and `CustomConnector`. */ connectorType: pulumi.Input; /** * Defines the configuration for a scheduled incremental data pull. If a valid configuration is provided, the fields specified in the configuration are used when querying for the incremental data pull. See Incremental Pull Config for more details. */ incrementalPullConfig?: pulumi.Input; /** * Information that is required to query a particular source connector. See Source Connector Properties for details. */ sourceConnectorProperties: pulumi.Input; } export interface FlowSourceFlowConfigIncrementalPullConfig { /** * Field that specifies the date time or timestamp field as the criteria to use when importing incremental records from the source. */ datetimeTypeFieldName?: pulumi.Input; } export interface FlowSourceFlowConfigSourceConnectorProperties { /** * Information that is required for querying Amplitude. See Generic Source Properties for more details. */ amplitude?: pulumi.Input; /** * Properties that are applied when the custom connector is being used as a source. See Custom Connector Source Properties. */ customConnector?: pulumi.Input; /** * Information that is required for querying Datadog. See Generic Source Properties for more details. */ datadog?: pulumi.Input; /** * Operation to be performed on the provided Dynatrace source fields. Valid values are `PROJECTION`, `BETWEEN`, `EQUAL_TO`, `ADDITION`, `MULTIPLICATION`, `DIVISION`, `SUBTRACTION`, `MASK_ALL`, `MASK_FIRST_N`, `MASK_LAST_N`, `VALIDATE_NON_NULL`, `VALIDATE_NON_ZERO`, `VALIDATE_NON_NEGATIVE`, `VALIDATE_NUMERIC`, and `NO_OP`. */ dynatrace?: pulumi.Input; /** * Operation to be performed on the provided Google Analytics source fields. Valid values are `PROJECTION` and `BETWEEN`. */ googleAnalytics?: pulumi.Input; /** * Information that is required for querying Infor Nexus. See Generic Source Properties for more details. */ inforNexus?: pulumi.Input; /** * Information that is required for querying Marketo. See Generic Source Properties for more details. */ marketo?: pulumi.Input; /** * Information that is required for querying Amazon S3. See S3 Source Properties for more details. */ s3?: pulumi.Input; /** * Information that is required for querying Salesforce. See Salesforce Source Properties for more details. */ salesforce?: pulumi.Input; /** * Information that is required for querying SAPOData as a flow source. See SAPO Source Properties for more details. */ sapoData?: pulumi.Input; /** * Information that is required for querying ServiceNow. See Generic Source Properties for more details. */ serviceNow?: pulumi.Input; /** * Information that is required for querying Singular. See Generic Source Properties for more details. */ singular?: pulumi.Input; /** * Information that is required for querying Slack. See Generic Source Properties for more details. */ slack?: pulumi.Input; /** * Operation to be performed on the provided Trend Micro source fields. Valid values are `PROJECTION`, `EQUAL_TO`, `ADDITION`, `MULTIPLICATION`, `DIVISION`, `SUBTRACTION`, `MASK_ALL`, `MASK_FIRST_N`, `MASK_LAST_N`, `VALIDATE_NON_NULL`, `VALIDATE_NON_ZERO`, `VALIDATE_NON_NEGATIVE`, `VALIDATE_NUMERIC`, and `NO_OP`. */ trendmicro?: pulumi.Input; /** * Information that is required for querying Veeva. See Veeva Source Properties for more details. */ veeva?: pulumi.Input; /** * Information that is required for querying Zendesk. See Generic Source Properties for more details. */ zendesk?: pulumi.Input; } export interface FlowSourceFlowConfigSourceConnectorPropertiesAmplitude { object: pulumi.Input; } export interface FlowSourceFlowConfigSourceConnectorPropertiesCustomConnector { customProperties?: pulumi.Input<{[key: string]: pulumi.Input}>; entityName: pulumi.Input; } export interface FlowSourceFlowConfigSourceConnectorPropertiesDatadog { object: pulumi.Input; } export interface FlowSourceFlowConfigSourceConnectorPropertiesDynatrace { object: pulumi.Input; } export interface FlowSourceFlowConfigSourceConnectorPropertiesGoogleAnalytics { object: pulumi.Input; } export interface FlowSourceFlowConfigSourceConnectorPropertiesInforNexus { object: pulumi.Input; } export interface FlowSourceFlowConfigSourceConnectorPropertiesMarketo { object: pulumi.Input; } export interface FlowSourceFlowConfigSourceConnectorPropertiesS3 { bucketName: pulumi.Input; bucketPrefix: pulumi.Input; /** * When you use Amazon S3 as the source, the configuration format that you provide the flow input data. See S3 Input Format Config for details. */ s3InputFormatConfig?: pulumi.Input; } export interface FlowSourceFlowConfigSourceConnectorPropertiesS3S3InputFormatConfig { /** * File type that Amazon AppFlow gets from your Amazon S3 bucket. Valid values are `CSV` and `JSON`. */ s3InputFileType?: pulumi.Input; } export interface FlowSourceFlowConfigSourceConnectorPropertiesSalesforce { dataTransferApi?: pulumi.Input; /** * Flag that enables dynamic fetching of new (recently added) fields in the Salesforce objects while running a flow. */ enableDynamicFieldUpdate?: pulumi.Input; /** * Whether Amazon AppFlow includes deleted files in the flow run. */ includeDeletedRecords?: pulumi.Input; object: pulumi.Input; } export interface FlowSourceFlowConfigSourceConnectorPropertiesSapoData { objectPath: pulumi.Input; /** * Sets the page size for each concurrent process that transfers OData records from your SAP instance. */ paginationConfig?: pulumi.Input; /** * Sets the number of concurrent processes that transfers OData records from your SAP instance. */ parallelismConfig?: pulumi.Input; } export interface FlowSourceFlowConfigSourceConnectorPropertiesSapoDataPaginationConfig { /** * he maximum number of records that Amazon AppFlow receives in each page of the response from your SAP application. */ maxPageSize: pulumi.Input; } export interface FlowSourceFlowConfigSourceConnectorPropertiesSapoDataParallelismConfig { /** * he maximum number of records that Amazon AppFlow receives in each page of the response from your SAP application. */ maxPageSize: pulumi.Input; } export interface FlowSourceFlowConfigSourceConnectorPropertiesServiceNow { object: pulumi.Input; } export interface FlowSourceFlowConfigSourceConnectorPropertiesSingular { object: pulumi.Input; } export interface FlowSourceFlowConfigSourceConnectorPropertiesSlack { object: pulumi.Input; } export interface FlowSourceFlowConfigSourceConnectorPropertiesTrendmicro { object: pulumi.Input; } export interface FlowSourceFlowConfigSourceConnectorPropertiesVeeva { /** * Document type specified in the Veeva document extract flow. */ documentType?: pulumi.Input; /** * Boolean value to include All Versions of files in Veeva document extract flow. */ includeAllVersions?: pulumi.Input; /** * Boolean value to include file renditions in Veeva document extract flow. */ includeRenditions?: pulumi.Input; /** * Boolean value to include source files in Veeva document extract flow. */ includeSourceFiles?: pulumi.Input; object: pulumi.Input; } export interface FlowSourceFlowConfigSourceConnectorPropertiesZendesk { object: pulumi.Input; } export interface FlowTask { /** * Operation to be performed on the provided source fields. See Connector Operator for details. */ connectorOperators?: pulumi.Input[]>; /** * Field in a destination connector, or a field value against which Amazon AppFlow validates a source field. */ destinationField?: pulumi.Input; /** * Source fields to which a particular task is applied. */ sourceFields?: pulumi.Input[]>; /** * Map used to store task-related information. The execution service looks for particular information based on the `TaskType`. Valid keys are `VALUE`, `VALUES`, `DATA_TYPE`, `UPPER_BOUND`, `LOWER_BOUND`, `SOURCE_DATA_TYPE`, `DESTINATION_DATA_TYPE`, `VALIDATION_ACTION`, `MASK_VALUE`, `MASK_LENGTH`, `TRUNCATE_LENGTH`, `MATH_OPERATION_FIELDS_ORDER`, `CONCAT_FORMAT`, `SUBFIELD_CATEGORY_MAP`, and `EXCLUDE_SOURCE_FIELDS_LIST`. */ taskProperties?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Particular task implementation that Amazon AppFlow performs. Valid values are `Arithmetic`, `Filter`, `Map`, `Map_all`, `Mask`, `Merge`, `Passthrough`, `Truncate`, and `Validate`. */ taskType: pulumi.Input; } export interface FlowTaskConnectorOperator { /** * Operation to be performed on the provided Amplitude source fields. The only valid value is `BETWEEN`. */ amplitude?: pulumi.Input; /** * Operators supported by the custom connector. Valid values are `PROJECTION`, `LESS_THAN`, `GREATER_THAN`, `CONTAINS`, `BETWEEN`, `LESS_THAN_OR_EQUAL_TO`, `GREATER_THAN_OR_EQUAL_TO`, `EQUAL_TO`, `NOT_EQUAL_TO`, `ADDITION`, `MULTIPLICATION`, `DIVISION`, `SUBTRACTION`, `MASK_ALL`, `MASK_FIRST_N`, `MASK_LAST_N`, `VALIDATE_NON_NULL`, `VALIDATE_NON_ZERO`, `VALIDATE_NON_NEGATIVE`, `VALIDATE_NUMERIC`, and `NO_OP`. */ customConnector?: pulumi.Input; /** * Operation to be performed on the provided Datadog source fields. Valid values are `PROJECTION`, `BETWEEN`, `EQUAL_TO`, `ADDITION`, `MULTIPLICATION`, `DIVISION`, `SUBTRACTION`, `MASK_ALL`, `MASK_FIRST_N`, `MASK_LAST_N`, `VALIDATE_NON_NULL`, `VALIDATE_NON_ZERO`, `VALIDATE_NON_NEGATIVE`, `VALIDATE_NUMERIC`, and `NO_OP`. */ datadog?: pulumi.Input; /** * Operation to be performed on the provided Dynatrace source fields. Valid values are `PROJECTION`, `BETWEEN`, `EQUAL_TO`, `ADDITION`, `MULTIPLICATION`, `DIVISION`, `SUBTRACTION`, `MASK_ALL`, `MASK_FIRST_N`, `MASK_LAST_N`, `VALIDATE_NON_NULL`, `VALIDATE_NON_ZERO`, `VALIDATE_NON_NEGATIVE`, `VALIDATE_NUMERIC`, and `NO_OP`. */ dynatrace?: pulumi.Input; /** * Operation to be performed on the provided Google Analytics source fields. Valid values are `PROJECTION` and `BETWEEN`. */ googleAnalytics?: pulumi.Input; /** * Operation to be performed on the provided Infor Nexus source fields. Valid values are `PROJECTION`, `BETWEEN`, `EQUAL_TO`, `ADDITION`, `MULTIPLICATION`, `DIVISION`, `SUBTRACTION`, `MASK_ALL`, `MASK_FIRST_N`, `MASK_LAST_N`, `VALIDATE_NON_NULL`, `VALIDATE_NON_ZERO`, `VALIDATE_NON_NEGATIVE`, `VALIDATE_NUMERIC`, and `NO_OP`. */ inforNexus?: pulumi.Input; /** * Operation to be performed on the provided Marketo source fields. Valid values are `PROJECTION`, `BETWEEN`, `EQUAL_TO`, `ADDITION`, `MULTIPLICATION`, `DIVISION`, `SUBTRACTION`, `MASK_ALL`, `MASK_FIRST_N`, `MASK_LAST_N`, `VALIDATE_NON_NULL`, `VALIDATE_NON_ZERO`, `VALIDATE_NON_NEGATIVE`, `VALIDATE_NUMERIC`, and `NO_OP`. */ marketo?: pulumi.Input; /** * Operation to be performed on the provided Amazon S3 source fields. Valid values are `PROJECTION`, `LESS_THAN`, `GREATER_THAN`, `BETWEEN`, `LESS_THAN_OR_EQUAL_TO`, `GREATER_THAN_OR_EQUAL_TO`, `EQUAL_TO`, `NOT_EQUAL_TO`, `ADDITION`, `MULTIPLICATION`, `DIVISION`, `SUBTRACTION`, `MASK_ALL`, `MASK_FIRST_N`, `MASK_LAST_N`, `VALIDATE_NON_NULL`, `VALIDATE_NON_ZERO`, `VALIDATE_NON_NEGATIVE`, `VALIDATE_NUMERIC`, and `NO_OP`. */ s3?: pulumi.Input; /** * Operation to be performed on the provided Salesforce source fields. Valid values are `PROJECTION`, `LESS_THAN`, `GREATER_THAN`, `CONTAINS`, `BETWEEN`, `LESS_THAN_OR_EQUAL_TO`, `GREATER_THAN_OR_EQUAL_TO`, `EQUAL_TO`, `NOT_EQUAL_TO`, `ADDITION`, `MULTIPLICATION`, `DIVISION`, `SUBTRACTION`, `MASK_ALL`, `MASK_FIRST_N`, `MASK_LAST_N`, `VALIDATE_NON_NULL`, `VALIDATE_NON_ZERO`, `VALIDATE_NON_NEGATIVE`, `VALIDATE_NUMERIC`, and `NO_OP`. */ salesforce?: pulumi.Input; /** * Operation to be performed on the provided SAPOData source fields. Valid values are `PROJECTION`, `LESS_THAN`, `GREATER_THAN`, `CONTAINS`, `BETWEEN`, `LESS_THAN_OR_EQUAL_TO`, `GREATER_THAN_OR_EQUAL_TO`, `EQUAL_TO`, `NOT_EQUAL_TO`, `ADDITION`, `MULTIPLICATION`, `DIVISION`, `SUBTRACTION`, `MASK_ALL`, `MASK_FIRST_N`, `MASK_LAST_N`, `VALIDATE_NON_NULL`, `VALIDATE_NON_ZERO`, `VALIDATE_NON_NEGATIVE`, `VALIDATE_NUMERIC`, and `NO_OP`. */ sapoData?: pulumi.Input; /** * Operation to be performed on the provided ServiceNow source fields. Valid values are `PROJECTION`, `LESS_THAN`, `GREATER_THAN`, `CONTAINS`, `BETWEEN`, `LESS_THAN_OR_EQUAL_TO`, `GREATER_THAN_OR_EQUAL_TO`, `EQUAL_TO`, `NOT_EQUAL_TO`, `ADDITION`, `MULTIPLICATION`, `DIVISION`, `SUBTRACTION`, `MASK_ALL`, `MASK_FIRST_N`, `MASK_LAST_N`, `VALIDATE_NON_NULL`, `VALIDATE_NON_ZERO`, `VALIDATE_NON_NEGATIVE`, `VALIDATE_NUMERIC`, and `NO_OP`. */ serviceNow?: pulumi.Input; /** * Operation to be performed on the provided Singular source fields. Valid values are `PROJECTION`, `EQUAL_TO`, `ADDITION`, `MULTIPLICATION`, `DIVISION`, `SUBTRACTION`, `MASK_ALL`, `MASK_FIRST_N`, `MASK_LAST_N`, `VALIDATE_NON_NULL`, `VALIDATE_NON_ZERO`, `VALIDATE_NON_NEGATIVE`, `VALIDATE_NUMERIC`, and `NO_OP`. */ singular?: pulumi.Input; /** * Operation to be performed on the provided Slack source fields. Valid values are `PROJECTION`, `LESS_THAN`, `GREATER_THAN`, `BETWEEN`, `LESS_THAN_OR_EQUAL_TO`, `GREATER_THAN_OR_EQUAL_TO`, `EQUAL_TO`, `ADDITION`, `MULTIPLICATION`, `DIVISION`, `SUBTRACTION`, `MASK_ALL`, `MASK_FIRST_N`, `MASK_LAST_N`, `VALIDATE_NON_NULL`, `VALIDATE_NON_ZERO`, `VALIDATE_NON_NEGATIVE`, `VALIDATE_NUMERIC`, and `NO_OP`. */ slack?: pulumi.Input; /** * Operation to be performed on the provided Trend Micro source fields. Valid values are `PROJECTION`, `EQUAL_TO`, `ADDITION`, `MULTIPLICATION`, `DIVISION`, `SUBTRACTION`, `MASK_ALL`, `MASK_FIRST_N`, `MASK_LAST_N`, `VALIDATE_NON_NULL`, `VALIDATE_NON_ZERO`, `VALIDATE_NON_NEGATIVE`, `VALIDATE_NUMERIC`, and `NO_OP`. */ trendmicro?: pulumi.Input; /** * Operation to be performed on the provided Veeva source fields. Valid values are `PROJECTION`, `LESS_THAN`, `GREATER_THAN`, `CONTAINS`, `BETWEEN`, `LESS_THAN_OR_EQUAL_TO`, `GREATER_THAN_OR_EQUAL_TO`, `EQUAL_TO`, `NOT_EQUAL_TO`, `ADDITION`, `MULTIPLICATION`, `DIVISION`, `SUBTRACTION`, `MASK_ALL`, `MASK_FIRST_N`, `MASK_LAST_N`, `VALIDATE_NON_NULL`, `VALIDATE_NON_ZERO`, `VALIDATE_NON_NEGATIVE`, `VALIDATE_NUMERIC`, and `NO_OP`. */ veeva?: pulumi.Input; /** * Operation to be performed on the provided Zendesk source fields. Valid values are `PROJECTION`, `GREATER_THAN`, `ADDITION`, `MULTIPLICATION`, `DIVISION`, `SUBTRACTION`, `MASK_ALL`, `MASK_FIRST_N`, `MASK_LAST_N`, `VALIDATE_NON_NULL`, `VALIDATE_NON_ZERO`, `VALIDATE_NON_NEGATIVE`, `VALIDATE_NUMERIC`, and `NO_OP`. */ zendesk?: pulumi.Input; } export interface FlowTriggerConfig { /** * Configuration details of a schedule-triggered flow as defined by the user. Currently, these settings only apply to the `Scheduled` trigger type. See Scheduled Trigger Properties for details. */ triggerProperties?: pulumi.Input; /** * Type of flow trigger. Valid values are `Scheduled`, `Event`, and `OnDemand`. */ triggerType: pulumi.Input; } export interface FlowTriggerConfigTriggerProperties { scheduled?: pulumi.Input; } export interface FlowTriggerConfigTriggerPropertiesScheduled { /** * Whether a scheduled flow has an incremental data transfer or a complete data transfer for each flow run. Valid values are `Incremental` and `Complete`. */ dataPullMode?: pulumi.Input; /** * Date range for the records to import from the connector in the first flow run. Must be a valid RFC3339 timestamp. */ firstExecutionFrom?: pulumi.Input; /** * Scheduled end time for a schedule-triggered flow. Must be a valid RFC3339 timestamp. */ scheduleEndTime?: pulumi.Input; /** * Scheduling expression that determines the rate at which the schedule will run, for example `rate(5minutes)`. */ scheduleExpression: pulumi.Input; /** * Optional offset that is added to the time interval for a schedule-triggered flow. Maximum value of 36000. */ scheduleOffset?: pulumi.Input; /** * Scheduled start time for a schedule-triggered flow. Must be a valid RFC3339 timestamp. */ scheduleStartTime?: pulumi.Input; /** * Time zone used when referring to the date and time of a scheduled-triggered flow, such as `America/New_York`. * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * const example = new aws.appflow.Flow("example", {triggerConfig: { * scheduled: [{ * scheduleExpression: "rate(1minutes)", * }], * }}); * ``` */ timezone?: pulumi.Input; } } export namespace appintegrations { export interface DataIntegrationScheduleConfig { /** * The start date for objects to import in the first flow run as an Unix/epoch timestamp in milliseconds or in ISO-8601 format. This needs to be a time in the past, meaning that the data created or updated before this given date will not be downloaded. */ firstExecutionFrom: pulumi.Input; /** * The name of the object to pull from the data source. Examples of objects in Salesforce include `Case`, `Account`, or `Lead`. */ object: pulumi.Input; /** * How often the data should be pulled from data source. Examples include `rate(1 hour)`, `rate(3 hours)`, `rate(1 day)`. */ scheduleExpression: pulumi.Input; } } export namespace appmesh { export interface GatewayRouteSpec { /** * Specification of a gRPC gateway route. */ grpcRoute?: pulumi.Input; /** * Specification of an HTTP/2 gateway route. */ http2Route?: pulumi.Input; /** * Specification of an HTTP gateway route. */ httpRoute?: pulumi.Input; /** * Priority for the gateway route, between `0` and `1000`. */ priority?: pulumi.Input; } export interface GatewayRouteSpecGrpcRoute { /** * Action to take if a match is determined. */ action: pulumi.Input; /** * Criteria for determining a request match. */ match: pulumi.Input; } export interface GatewayRouteSpecGrpcRouteAction { /** * Target that traffic is routed to when a request matches the gateway route. */ target: pulumi.Input; } export interface GatewayRouteSpecGrpcRouteActionTarget { /** * The port number that corresponds to the target for Virtual Service provider port. This is required when the provider (router or node) of the Virtual Service has multiple listeners. */ port?: pulumi.Input; /** * Virtual service gateway route target. */ virtualService: pulumi.Input; } export interface GatewayRouteSpecGrpcRouteActionTargetVirtualService { /** * Name of the virtual service that traffic is routed to. Must be between 1 and 255 characters in length. */ virtualServiceName: pulumi.Input; } export interface GatewayRouteSpecGrpcRouteMatch { /** * The port number to match from the request. */ port?: pulumi.Input; /** * Fully qualified domain name for the service to match from the request. */ serviceName: pulumi.Input; } export interface GatewayRouteSpecHttp2Route { /** * Action to take if a match is determined. */ action: pulumi.Input; /** * Criteria for determining a request match. */ match: pulumi.Input; } export interface GatewayRouteSpecHttp2RouteAction { /** * Gateway route action to rewrite. */ rewrite?: pulumi.Input; /** * Target that traffic is routed to when a request matches the gateway route. */ target: pulumi.Input; } export interface GatewayRouteSpecHttp2RouteActionRewrite { /** * Host name to rewrite. */ hostname?: pulumi.Input; /** * Exact path to rewrite. */ path?: pulumi.Input; /** * Specified beginning characters to rewrite. */ prefix?: pulumi.Input; } export interface GatewayRouteSpecHttp2RouteActionRewriteHostname { /** * Default target host name to write to. Valid values: `ENABLED`, `DISABLED`. */ defaultTargetHostname: pulumi.Input; } export interface GatewayRouteSpecHttp2RouteActionRewritePath { /** * The exact path to match on. */ exact: pulumi.Input; } export interface GatewayRouteSpecHttp2RouteActionRewritePrefix { /** * Default prefix used to replace the incoming route prefix when rewritten. Valid values: `ENABLED`, `DISABLED`. */ defaultPrefix?: pulumi.Input; /** * Value used to replace the incoming route prefix when rewritten. */ value?: pulumi.Input; } export interface GatewayRouteSpecHttp2RouteActionTarget { /** * The port number that corresponds to the target for Virtual Service provider port. This is required when the provider (router or node) of the Virtual Service has multiple listeners. */ port?: pulumi.Input; /** * Virtual service gateway route target. */ virtualService: pulumi.Input; } export interface GatewayRouteSpecHttp2RouteActionTargetVirtualService { /** * Name of the virtual service that traffic is routed to. Must be between 1 and 255 characters in length. */ virtualServiceName: pulumi.Input; } export interface GatewayRouteSpecHttp2RouteMatch { /** * Client request headers to match on. */ headers?: pulumi.Input[]>; /** * Host name to match on. */ hostname?: pulumi.Input; /** * Client request path to match on. */ path?: pulumi.Input; /** * The port number to match from the request. */ port?: pulumi.Input; /** * Path to match requests with. This parameter must always start with `/`, which by itself matches all requests to the virtual service name. */ prefix?: pulumi.Input; /** * Client request query parameters to match on. */ queryParameters?: pulumi.Input[]>; } export interface GatewayRouteSpecHttp2RouteMatchHeader { /** * If `true`, the match is on the opposite of the `match` method and value. Default is `false`. */ invert?: pulumi.Input; /** * Method and value to match the header value sent with a request. Specify one match method. */ match?: pulumi.Input; /** * Name for the HTTP header in the client request that will be matched on. */ name: pulumi.Input; } export interface GatewayRouteSpecHttp2RouteMatchHeaderMatch { /** * Header value sent by the client must match the specified value exactly. */ exact?: pulumi.Input; /** * Header value sent by the client must begin with the specified characters. */ prefix?: pulumi.Input; /** * Object that specifies the range of numbers that the header value sent by the client must be included in. */ range?: pulumi.Input; /** * Header value sent by the client must include the specified characters. */ regex?: pulumi.Input; /** * Header value sent by the client must end with the specified characters. */ suffix?: pulumi.Input; } export interface GatewayRouteSpecHttp2RouteMatchHeaderMatchRange { /** * End of the range. */ end: pulumi.Input; /** * Start of the range. */ start: pulumi.Input; } export interface GatewayRouteSpecHttp2RouteMatchHostname { /** * Exact host name to match on. */ exact?: pulumi.Input; /** * Specified ending characters of the host name to match on. */ suffix?: pulumi.Input; } export interface GatewayRouteSpecHttp2RouteMatchPath { /** * The exact path to match on. */ exact?: pulumi.Input; /** * The regex used to match the path. */ regex?: pulumi.Input; } export interface GatewayRouteSpecHttp2RouteMatchQueryParameter { /** * The query parameter to match on. */ match?: pulumi.Input; /** * Name for the query parameter that will be matched on. */ name: pulumi.Input; } export interface GatewayRouteSpecHttp2RouteMatchQueryParameterMatch { /** * The exact query parameter to match on. */ exact?: pulumi.Input; } export interface GatewayRouteSpecHttpRoute { /** * Action to take if a match is determined. */ action: pulumi.Input; /** * Criteria for determining a request match. */ match: pulumi.Input; } export interface GatewayRouteSpecHttpRouteAction { /** * Gateway route action to rewrite. */ rewrite?: pulumi.Input; /** * Target that traffic is routed to when a request matches the gateway route. */ target: pulumi.Input; } export interface GatewayRouteSpecHttpRouteActionRewrite { /** * Host name to rewrite. */ hostname?: pulumi.Input; /** * Exact path to rewrite. */ path?: pulumi.Input; /** * Specified beginning characters to rewrite. */ prefix?: pulumi.Input; } export interface GatewayRouteSpecHttpRouteActionRewriteHostname { /** * Default target host name to write to. Valid values: `ENABLED`, `DISABLED`. */ defaultTargetHostname: pulumi.Input; } export interface GatewayRouteSpecHttpRouteActionRewritePath { /** * The exact path to match on. */ exact: pulumi.Input; } export interface GatewayRouteSpecHttpRouteActionRewritePrefix { /** * Default prefix used to replace the incoming route prefix when rewritten. Valid values: `ENABLED`, `DISABLED`. */ defaultPrefix?: pulumi.Input; /** * Value used to replace the incoming route prefix when rewritten. */ value?: pulumi.Input; } export interface GatewayRouteSpecHttpRouteActionTarget { /** * The port number that corresponds to the target for Virtual Service provider port. This is required when the provider (router or node) of the Virtual Service has multiple listeners. */ port?: pulumi.Input; /** * Virtual service gateway route target. */ virtualService: pulumi.Input; } export interface GatewayRouteSpecHttpRouteActionTargetVirtualService { /** * Name of the virtual service that traffic is routed to. Must be between 1 and 255 characters in length. */ virtualServiceName: pulumi.Input; } export interface GatewayRouteSpecHttpRouteMatch { /** * Client request headers to match on. */ headers?: pulumi.Input[]>; /** * Host name to match on. */ hostname?: pulumi.Input; /** * Client request path to match on. */ path?: pulumi.Input; /** * The port number to match from the request. */ port?: pulumi.Input; /** * Path to match requests with. This parameter must always start with `/`, which by itself matches all requests to the virtual service name. */ prefix?: pulumi.Input; /** * Client request query parameters to match on. */ queryParameters?: pulumi.Input[]>; } export interface GatewayRouteSpecHttpRouteMatchHeader { /** * If `true`, the match is on the opposite of the `match` method and value. Default is `false`. */ invert?: pulumi.Input; /** * Method and value to match the header value sent with a request. Specify one match method. */ match?: pulumi.Input; /** * Name for the HTTP header in the client request that will be matched on. */ name: pulumi.Input; } export interface GatewayRouteSpecHttpRouteMatchHeaderMatch { /** * Header value sent by the client must match the specified value exactly. */ exact?: pulumi.Input; /** * Header value sent by the client must begin with the specified characters. */ prefix?: pulumi.Input; /** * Object that specifies the range of numbers that the header value sent by the client must be included in. */ range?: pulumi.Input; /** * Header value sent by the client must include the specified characters. */ regex?: pulumi.Input; /** * Header value sent by the client must end with the specified characters. */ suffix?: pulumi.Input; } export interface GatewayRouteSpecHttpRouteMatchHeaderMatchRange { /** * End of the range. */ end: pulumi.Input; /** * Start of the range. */ start: pulumi.Input; } export interface GatewayRouteSpecHttpRouteMatchHostname { /** * Exact host name to match on. */ exact?: pulumi.Input; /** * Specified ending characters of the host name to match on. */ suffix?: pulumi.Input; } export interface GatewayRouteSpecHttpRouteMatchPath { /** * The exact path to match on. */ exact?: pulumi.Input; /** * The regex used to match the path. */ regex?: pulumi.Input; } export interface GatewayRouteSpecHttpRouteMatchQueryParameter { /** * The query parameter to match on. */ match?: pulumi.Input; /** * Name for the query parameter that will be matched on. */ name: pulumi.Input; } export interface GatewayRouteSpecHttpRouteMatchQueryParameterMatch { /** * The exact query parameter to match on. */ exact?: pulumi.Input; } export interface MeshSpec { /** * Egress filter rules for the service mesh. */ egressFilter?: pulumi.Input; /** * The service discovery information for the service mesh. */ serviceDiscovery?: pulumi.Input; } export interface MeshSpecEgressFilter { /** * Egress filter type. By default, the type is `DROP_ALL`. Valid values are `ALLOW_ALL` and `DROP_ALL`. */ type?: pulumi.Input; } export interface MeshSpecServiceDiscovery { /** * The IP version to use to control traffic within the mesh. Valid values are `IPv6_PREFERRED`, `IPv4_PREFERRED`, `IPv4_ONLY`, and `IPv6_ONLY`. */ ipPreference?: pulumi.Input; } export interface RouteSpec { /** * GRPC routing information for the route. */ grpcRoute?: pulumi.Input; /** * HTTP/2 routing information for the route. */ http2Route?: pulumi.Input; /** * HTTP routing information for the route. */ httpRoute?: pulumi.Input; /** * Priority for the route, between `0` and `1000`. * Routes are matched based on the specified value, where `0` is the highest priority. */ priority?: pulumi.Input; /** * TCP routing information for the route. */ tcpRoute?: pulumi.Input; } export interface RouteSpecGrpcRoute { /** * Action to take if a match is determined. */ action: pulumi.Input; /** * Criteria for determining an gRPC request match. */ match?: pulumi.Input; /** * Retry policy. */ retryPolicy?: pulumi.Input; /** * Types of timeouts. */ timeout?: pulumi.Input; } export interface RouteSpecGrpcRouteAction { /** * Targets that traffic is routed to when a request matches the route. * You can specify one or more targets and their relative weights with which to distribute traffic. */ weightedTargets: pulumi.Input[]>; } export interface RouteSpecGrpcRouteActionWeightedTarget { /** * The targeted port of the weighted object. */ port?: pulumi.Input; /** * Virtual node to associate with the weighted target. Must be between 1 and 255 characters in length. */ virtualNode: pulumi.Input; /** * Relative weight of the weighted target. An integer between 0 and 100. */ weight: pulumi.Input; } export interface RouteSpecGrpcRouteMatch { /** * Data to match from the gRPC request. */ metadatas?: pulumi.Input[]>; /** * Method name to match from the request. If you specify a name, you must also specify a `serviceName`. */ methodName?: pulumi.Input; /** * The port number to match from the request. */ port?: pulumi.Input; prefix?: pulumi.Input; /** * Fully qualified domain name for the service to match from the request. */ serviceName?: pulumi.Input; } export interface RouteSpecGrpcRouteMatchMetadata { /** * If `true`, the match is on the opposite of the `match` criteria. Default is `false`. */ invert?: pulumi.Input; /** * Data to match from the request. */ match?: pulumi.Input; /** * Name of the route. Must be between 1 and 50 characters in length. */ name: pulumi.Input; } export interface RouteSpecGrpcRouteMatchMetadataMatch { /** * Value sent by the client must match the specified value exactly. Must be between 1 and 255 characters in length. */ exact?: pulumi.Input; /** * Value sent by the client must begin with the specified characters. Must be between 1 and 255 characters in length. */ prefix?: pulumi.Input; /** * Object that specifies the range of numbers that the value sent by the client must be included in. */ range?: pulumi.Input; /** * Value sent by the client must include the specified characters. Must be between 1 and 255 characters in length. */ regex?: pulumi.Input; /** * Value sent by the client must end with the specified characters. Must be between 1 and 255 characters in length. */ suffix?: pulumi.Input; } export interface RouteSpecGrpcRouteMatchMetadataMatchRange { /** * End of the range. */ end: pulumi.Input; /** * Start of the range. */ start: pulumi.Input; } export interface RouteSpecGrpcRouteRetryPolicy { /** * List of gRPC retry events. * Valid values: `cancelled`, `deadline-exceeded`, `internal`, `resource-exhausted`, `unavailable`. */ grpcRetryEvents?: pulumi.Input[]>; /** * List of HTTP retry events. * Valid values: `client-error` (HTTP status code 409), `gateway-error` (HTTP status codes 502, 503, and 504), `server-error` (HTTP status codes 500, 501, 502, 503, 504, 505, 506, 507, 508, 510, and 511), `stream-error` (retry on refused stream). */ httpRetryEvents?: pulumi.Input[]>; /** * Maximum number of retries. */ maxRetries: pulumi.Input; /** * Per-retry timeout. */ perRetryTimeout: pulumi.Input; /** * List of TCP retry events. The only valid value is `connection-error`. */ tcpRetryEvents?: pulumi.Input[]>; } export interface RouteSpecGrpcRouteRetryPolicyPerRetryTimeout { /** * Retry unit. Valid values: `ms`, `s`. */ unit: pulumi.Input; /** * Retry value. */ value: pulumi.Input; } export interface RouteSpecGrpcRouteTimeout { /** * Idle timeout. An idle timeout bounds the amount of time that a connection may be idle. */ idle?: pulumi.Input; /** * Per request timeout. */ perRequest?: pulumi.Input; } export interface RouteSpecGrpcRouteTimeoutIdle { /** * Unit of time. Valid values: `ms`, `s`. */ unit: pulumi.Input; /** * Number of time units. Minimum value of `0`. */ value: pulumi.Input; } export interface RouteSpecGrpcRouteTimeoutPerRequest { /** * Unit of time. Valid values: `ms`, `s`. */ unit: pulumi.Input; /** * Number of time units. Minimum value of `0`. */ value: pulumi.Input; } export interface RouteSpecHttp2Route { /** * Action to take if a match is determined. */ action: pulumi.Input; /** * Criteria for determining an HTTP request match. */ match: pulumi.Input; /** * Retry policy. */ retryPolicy?: pulumi.Input; /** * Types of timeouts. */ timeout?: pulumi.Input; } export interface RouteSpecHttp2RouteAction { /** * Targets that traffic is routed to when a request matches the route. * You can specify one or more targets and their relative weights with which to distribute traffic. */ weightedTargets: pulumi.Input[]>; } export interface RouteSpecHttp2RouteActionWeightedTarget { /** * The targeted port of the weighted object. */ port?: pulumi.Input; /** * Virtual node to associate with the weighted target. Must be between 1 and 255 characters in length. */ virtualNode: pulumi.Input; /** * Relative weight of the weighted target. An integer between 0 and 100. */ weight: pulumi.Input; } export interface RouteSpecHttp2RouteMatch { /** * Client request headers to match on. */ headers?: pulumi.Input[]>; /** * Client request header method to match on. Valid values: `GET`, `HEAD`, `POST`, `PUT`, `DELETE`, `CONNECT`, `OPTIONS`, `TRACE`, `PATCH`. */ method?: pulumi.Input; /** * Client request path to match on. */ path?: pulumi.Input; /** * The port number to match from the request. */ port?: pulumi.Input; /** * Path with which to match requests. * This parameter must always start with /, which by itself matches all requests to the virtual router service name. */ prefix?: pulumi.Input; /** * Client request query parameters to match on. */ queryParameters?: pulumi.Input[]>; /** * Client request header scheme to match on. Valid values: `http`, `https`. */ scheme?: pulumi.Input; } export interface RouteSpecHttp2RouteMatchHeader { /** * If `true`, the match is on the opposite of the `match` method and value. Default is `false`. */ invert?: pulumi.Input; /** * Method and value to match the header value sent with a request. Specify one match method. */ match?: pulumi.Input; /** * Name for the HTTP header in the client request that will be matched on. */ name: pulumi.Input; } export interface RouteSpecHttp2RouteMatchHeaderMatch { /** * Header value sent by the client must match the specified value exactly. */ exact?: pulumi.Input; /** * Header value sent by the client must begin with the specified characters. */ prefix?: pulumi.Input; /** * Object that specifies the range of numbers that the header value sent by the client must be included in. */ range?: pulumi.Input; /** * Header value sent by the client must include the specified characters. */ regex?: pulumi.Input; /** * Header value sent by the client must end with the specified characters. */ suffix?: pulumi.Input; } export interface RouteSpecHttp2RouteMatchHeaderMatchRange { /** * End of the range. */ end: pulumi.Input; /** * Start of the range. */ start: pulumi.Input; } export interface RouteSpecHttp2RouteMatchPath { /** * The exact path to match on. */ exact?: pulumi.Input; /** * The regex used to match the path. */ regex?: pulumi.Input; } export interface RouteSpecHttp2RouteMatchQueryParameter { /** * The query parameter to match on. */ match?: pulumi.Input; /** * Name for the query parameter that will be matched on. */ name: pulumi.Input; } export interface RouteSpecHttp2RouteMatchQueryParameterMatch { /** * The exact query parameter to match on. */ exact?: pulumi.Input; } export interface RouteSpecHttp2RouteRetryPolicy { /** * List of HTTP retry events. * Valid values: `client-error` (HTTP status code 409), `gateway-error` (HTTP status codes 502, 503, and 504), `server-error` (HTTP status codes 500, 501, 502, 503, 504, 505, 506, 507, 508, 510, and 511), `stream-error` (retry on refused stream). */ httpRetryEvents?: pulumi.Input[]>; /** * Maximum number of retries. */ maxRetries: pulumi.Input; /** * Per-retry timeout. */ perRetryTimeout: pulumi.Input; /** * List of TCP retry events. The only valid value is `connection-error`. * * You must specify at least one value for `httpRetryEvents`, or at least one value for `tcpRetryEvents`. */ tcpRetryEvents?: pulumi.Input[]>; } export interface RouteSpecHttp2RouteRetryPolicyPerRetryTimeout { /** * Retry unit. Valid values: `ms`, `s`. */ unit: pulumi.Input; /** * Retry value. */ value: pulumi.Input; } export interface RouteSpecHttp2RouteTimeout { /** * Idle timeout. An idle timeout bounds the amount of time that a connection may be idle. */ idle?: pulumi.Input; /** * Per request timeout. */ perRequest?: pulumi.Input; } export interface RouteSpecHttp2RouteTimeoutIdle { /** * Unit of time. Valid values: `ms`, `s`. */ unit: pulumi.Input; /** * Number of time units. Minimum value of `0`. */ value: pulumi.Input; } export interface RouteSpecHttp2RouteTimeoutPerRequest { /** * Unit of time. Valid values: `ms`, `s`. */ unit: pulumi.Input; /** * Number of time units. Minimum value of `0`. */ value: pulumi.Input; } export interface RouteSpecHttpRoute { /** * Action to take if a match is determined. */ action: pulumi.Input; /** * Criteria for determining an HTTP request match. */ match: pulumi.Input; /** * Retry policy. */ retryPolicy?: pulumi.Input; /** * Types of timeouts. */ timeout?: pulumi.Input; } export interface RouteSpecHttpRouteAction { /** * Targets that traffic is routed to when a request matches the route. * You can specify one or more targets and their relative weights with which to distribute traffic. */ weightedTargets: pulumi.Input[]>; } export interface RouteSpecHttpRouteActionWeightedTarget { /** * The targeted port of the weighted object. */ port?: pulumi.Input; /** * Virtual node to associate with the weighted target. Must be between 1 and 255 characters in length. */ virtualNode: pulumi.Input; /** * Relative weight of the weighted target. An integer between 0 and 100. */ weight: pulumi.Input; } export interface RouteSpecHttpRouteMatch { /** * Client request headers to match on. */ headers?: pulumi.Input[]>; /** * Client request header method to match on. Valid values: `GET`, `HEAD`, `POST`, `PUT`, `DELETE`, `CONNECT`, `OPTIONS`, `TRACE`, `PATCH`. */ method?: pulumi.Input; /** * Client request path to match on. */ path?: pulumi.Input; /** * The port number to match from the request. */ port?: pulumi.Input; /** * Path with which to match requests. * This parameter must always start with /, which by itself matches all requests to the virtual router service name. */ prefix?: pulumi.Input; /** * Client request query parameters to match on. */ queryParameters?: pulumi.Input[]>; /** * Client request header scheme to match on. Valid values: `http`, `https`. */ scheme?: pulumi.Input; } export interface RouteSpecHttpRouteMatchHeader { /** * If `true`, the match is on the opposite of the `match` method and value. Default is `false`. */ invert?: pulumi.Input; /** * Method and value to match the header value sent with a request. Specify one match method. */ match?: pulumi.Input; /** * Name for the HTTP header in the client request that will be matched on. */ name: pulumi.Input; } export interface RouteSpecHttpRouteMatchHeaderMatch { /** * Header value sent by the client must match the specified value exactly. */ exact?: pulumi.Input; /** * Header value sent by the client must begin with the specified characters. */ prefix?: pulumi.Input; /** * Object that specifies the range of numbers that the header value sent by the client must be included in. */ range?: pulumi.Input; /** * Header value sent by the client must include the specified characters. */ regex?: pulumi.Input; /** * Header value sent by the client must end with the specified characters. */ suffix?: pulumi.Input; } export interface RouteSpecHttpRouteMatchHeaderMatchRange { /** * End of the range. */ end: pulumi.Input; /** * Start of the range. */ start: pulumi.Input; } export interface RouteSpecHttpRouteMatchPath { /** * The exact path to match on. */ exact?: pulumi.Input; /** * The regex used to match the path. */ regex?: pulumi.Input; } export interface RouteSpecHttpRouteMatchQueryParameter { /** * The query parameter to match on. */ match?: pulumi.Input; /** * Name for the query parameter that will be matched on. */ name: pulumi.Input; } export interface RouteSpecHttpRouteMatchQueryParameterMatch { /** * The exact query parameter to match on. */ exact?: pulumi.Input; } export interface RouteSpecHttpRouteRetryPolicy { /** * List of HTTP retry events. * Valid values: `client-error` (HTTP status code 409), `gateway-error` (HTTP status codes 502, 503, and 504), `server-error` (HTTP status codes 500, 501, 502, 503, 504, 505, 506, 507, 508, 510, and 511), `stream-error` (retry on refused stream). */ httpRetryEvents?: pulumi.Input[]>; /** * Maximum number of retries. */ maxRetries: pulumi.Input; /** * Per-retry timeout. */ perRetryTimeout: pulumi.Input; /** * List of TCP retry events. The only valid value is `connection-error`. * * You must specify at least one value for `httpRetryEvents`, or at least one value for `tcpRetryEvents`. */ tcpRetryEvents?: pulumi.Input[]>; } export interface RouteSpecHttpRouteRetryPolicyPerRetryTimeout { /** * Retry unit. Valid values: `ms`, `s`. */ unit: pulumi.Input; /** * Retry value. */ value: pulumi.Input; } export interface RouteSpecHttpRouteTimeout { /** * Idle timeout. An idle timeout bounds the amount of time that a connection may be idle. */ idle?: pulumi.Input; /** * Per request timeout. */ perRequest?: pulumi.Input; } export interface RouteSpecHttpRouteTimeoutIdle { /** * Unit of time. Valid values: `ms`, `s`. */ unit: pulumi.Input; /** * Number of time units. Minimum value of `0`. */ value: pulumi.Input; } export interface RouteSpecHttpRouteTimeoutPerRequest { /** * Unit of time. Valid values: `ms`, `s`. */ unit: pulumi.Input; /** * Number of time units. Minimum value of `0`. */ value: pulumi.Input; } export interface RouteSpecTcpRoute { /** * Action to take if a match is determined. */ action: pulumi.Input; match?: pulumi.Input; /** * Types of timeouts. */ timeout?: pulumi.Input; } export interface RouteSpecTcpRouteAction { /** * Targets that traffic is routed to when a request matches the route. * You can specify one or more targets and their relative weights with which to distribute traffic. */ weightedTargets: pulumi.Input[]>; } export interface RouteSpecTcpRouteActionWeightedTarget { /** * The targeted port of the weighted object. */ port?: pulumi.Input; /** * Virtual node to associate with the weighted target. Must be between 1 and 255 characters in length. */ virtualNode: pulumi.Input; /** * Relative weight of the weighted target. An integer between 0 and 100. */ weight: pulumi.Input; } export interface RouteSpecTcpRouteMatch { port?: pulumi.Input; } export interface RouteSpecTcpRouteTimeout { /** * Idle timeout. An idle timeout bounds the amount of time that a connection may be idle. */ idle?: pulumi.Input; } export interface RouteSpecTcpRouteTimeoutIdle { /** * Unit of time. Valid values: `ms`, `s`. */ unit: pulumi.Input; /** * Number of time units. Minimum value of `0`. */ value: pulumi.Input; } export interface VirtualGatewaySpec { /** * Defaults for backends. */ backendDefaults?: pulumi.Input; /** * Listeners that the mesh endpoint is expected to receive inbound traffic from. You can specify one listener. */ listeners: pulumi.Input[]>; /** * Inbound and outbound access logging information for the virtual gateway. */ logging?: pulumi.Input; } export interface VirtualGatewaySpecBackendDefaults { /** * Default client policy for virtual gateway backends. */ clientPolicy?: pulumi.Input; } export interface VirtualGatewaySpecBackendDefaultsClientPolicy { /** * Transport Layer Security (TLS) client policy. */ tls?: pulumi.Input; } export interface VirtualGatewaySpecBackendDefaultsClientPolicyTls { /** * Listener's TLS certificate. */ certificate?: pulumi.Input; /** * Whether the policy is enforced. Default is `true`. */ enforce?: pulumi.Input; /** * One or more ports that the policy is enforced for. */ ports?: pulumi.Input[]>; /** * Listener's Transport Layer Security (TLS) validation context. */ validation: pulumi.Input; } export interface VirtualGatewaySpecBackendDefaultsClientPolicyTlsCertificate { /** * Local file certificate. */ file?: pulumi.Input; /** * A [Secret Discovery Service](https://www.envoyproxy.io/docs/envoy/latest/configuration/security/secret#secret-discovery-service-sds) certificate. */ sds?: pulumi.Input; } export interface VirtualGatewaySpecBackendDefaultsClientPolicyTlsCertificateFile { /** * Certificate trust chain for a certificate stored on the file system of the mesh endpoint that the proxy is running on. Must be between 1 and 255 characters in length. */ certificateChain: pulumi.Input; /** * Private key for a certificate stored on the file system of the mesh endpoint that the proxy is running on. Must be between 1 and 255 characters in length. */ privateKey: pulumi.Input; } export interface VirtualGatewaySpecBackendDefaultsClientPolicyTlsCertificateSds { /** * Name of the secret for a virtual gateway's Transport Layer Security (TLS) Secret Discovery Service validation context trust. */ secretName: pulumi.Input; } export interface VirtualGatewaySpecBackendDefaultsClientPolicyTlsValidation { /** * SANs for a virtual gateway's listener's Transport Layer Security (TLS) validation context. */ subjectAlternativeNames?: pulumi.Input; /** * TLS validation context trust. */ trust: pulumi.Input; } export interface VirtualGatewaySpecBackendDefaultsClientPolicyTlsValidationSubjectAlternativeNames { /** * Criteria for determining a SAN's match. */ match: pulumi.Input; } export interface VirtualGatewaySpecBackendDefaultsClientPolicyTlsValidationSubjectAlternativeNamesMatch { /** * Values sent must match the specified values exactly. */ exacts: pulumi.Input[]>; } export interface VirtualGatewaySpecBackendDefaultsClientPolicyTlsValidationTrust { /** * TLS validation context trust for an AWS Certificate Manager (ACM) certificate. */ acm?: pulumi.Input; /** * TLS validation context trust for a local file certificate. */ file?: pulumi.Input; /** * TLS validation context trust for a [Secret Discovery Service](https://www.envoyproxy.io/docs/envoy/latest/configuration/security/secret#secret-discovery-service-sds) certificate. */ sds?: pulumi.Input; } export interface VirtualGatewaySpecBackendDefaultsClientPolicyTlsValidationTrustAcm { /** * One or more ACM ARNs. */ certificateAuthorityArns: pulumi.Input[]>; } export interface VirtualGatewaySpecBackendDefaultsClientPolicyTlsValidationTrustFile { /** * Certificate trust chain for a certificate stored on the file system of the mesh endpoint that the proxy is running on. Must be between 1 and 255 characters in length. */ certificateChain: pulumi.Input; } export interface VirtualGatewaySpecBackendDefaultsClientPolicyTlsValidationTrustSds { /** * Name of the secret for a virtual gateway's Transport Layer Security (TLS) Secret Discovery Service validation context trust. */ secretName: pulumi.Input; } export interface VirtualGatewaySpecListener { /** * Connection pool information for the listener. */ connectionPool?: pulumi.Input; /** * Health check information for the listener. */ healthCheck?: pulumi.Input; /** * Port mapping information for the listener. */ portMapping: pulumi.Input; /** * Transport Layer Security (TLS) properties for the listener */ tls?: pulumi.Input; } export interface VirtualGatewaySpecListenerConnectionPool { /** * Connection pool information for gRPC listeners. */ grpc?: pulumi.Input; /** * Connection pool information for HTTP listeners. */ http?: pulumi.Input; /** * Connection pool information for HTTP2 listeners. */ http2?: pulumi.Input; } export interface VirtualGatewaySpecListenerConnectionPoolGrpc { /** * Maximum number of inflight requests Envoy can concurrently support across hosts in upstream cluster. Minimum value of `1`. */ maxRequests: pulumi.Input; } export interface VirtualGatewaySpecListenerConnectionPoolHttp { /** * Maximum number of outbound TCP connections Envoy can establish concurrently with all hosts in upstream cluster. Minimum value of `1`. */ maxConnections: pulumi.Input; /** * Number of overflowing requests after `maxConnections` Envoy will queue to upstream cluster. Minimum value of `1`. */ maxPendingRequests?: pulumi.Input; } export interface VirtualGatewaySpecListenerConnectionPoolHttp2 { /** * Maximum number of inflight requests Envoy can concurrently support across hosts in upstream cluster. Minimum value of `1`. */ maxRequests: pulumi.Input; } export interface VirtualGatewaySpecListenerHealthCheck { /** * Number of consecutive successful health checks that must occur before declaring listener healthy. */ healthyThreshold: pulumi.Input; /** * Time period in milliseconds between each health check execution. */ intervalMillis: pulumi.Input; /** * Destination path for the health check request. This is only required if the specified protocol is `http` or `http2`. */ path?: pulumi.Input; /** * Destination port for the health check request. This port must match the port defined in the `portMapping` for the listener. */ port?: pulumi.Input; /** * Protocol for the health check request. Valid values are `http`, `http2`, and `grpc`. */ protocol: pulumi.Input; /** * Amount of time to wait when receiving a response from the health check, in milliseconds. */ timeoutMillis: pulumi.Input; /** * Number of consecutive failed health checks that must occur before declaring a virtual gateway unhealthy. */ unhealthyThreshold: pulumi.Input; } export interface VirtualGatewaySpecListenerPortMapping { /** * Port used for the port mapping. */ port: pulumi.Input; /** * Protocol used for the port mapping. Valid values are `http`, `http2`, `tcp` and `grpc`. */ protocol: pulumi.Input; } export interface VirtualGatewaySpecListenerTls { /** * Listener's TLS certificate. */ certificate: pulumi.Input; /** * Listener's TLS mode. Valid values: `DISABLED`, `PERMISSIVE`, `STRICT`. */ mode: pulumi.Input; /** * Listener's Transport Layer Security (TLS) validation context. */ validation?: pulumi.Input; } export interface VirtualGatewaySpecListenerTlsCertificate { /** * An AWS Certificate Manager (ACM) certificate. */ acm?: pulumi.Input; /** * Local file certificate. */ file?: pulumi.Input; /** * A [Secret Discovery Service](https://www.envoyproxy.io/docs/envoy/latest/configuration/security/secret#secret-discovery-service-sds) certificate. */ sds?: pulumi.Input; } export interface VirtualGatewaySpecListenerTlsCertificateAcm { /** * ARN for the certificate. */ certificateArn: pulumi.Input; } export interface VirtualGatewaySpecListenerTlsCertificateFile { /** * Certificate trust chain for a certificate stored on the file system of the mesh endpoint that the proxy is running on. Must be between 1 and 255 characters in length. */ certificateChain: pulumi.Input; /** * Private key for a certificate stored on the file system of the mesh endpoint that the proxy is running on. Must be between 1 and 255 characters in length. */ privateKey: pulumi.Input; } export interface VirtualGatewaySpecListenerTlsCertificateSds { /** * Name of the secret for a virtual gateway's Transport Layer Security (TLS) Secret Discovery Service validation context trust. */ secretName: pulumi.Input; } export interface VirtualGatewaySpecListenerTlsValidation { /** * SANs for a virtual gateway's listener's Transport Layer Security (TLS) validation context. */ subjectAlternativeNames?: pulumi.Input; /** * TLS validation context trust. */ trust: pulumi.Input; } export interface VirtualGatewaySpecListenerTlsValidationSubjectAlternativeNames { /** * Criteria for determining a SAN's match. */ match: pulumi.Input; } export interface VirtualGatewaySpecListenerTlsValidationSubjectAlternativeNamesMatch { /** * Values sent must match the specified values exactly. */ exacts: pulumi.Input[]>; } export interface VirtualGatewaySpecListenerTlsValidationTrust { /** * TLS validation context trust for a local file certificate. */ file?: pulumi.Input; /** * TLS validation context trust for a [Secret Discovery Service](https://www.envoyproxy.io/docs/envoy/latest/configuration/security/secret#secret-discovery-service-sds) certificate. */ sds?: pulumi.Input; } export interface VirtualGatewaySpecListenerTlsValidationTrustFile { /** * Certificate trust chain for a certificate stored on the file system of the mesh endpoint that the proxy is running on. Must be between 1 and 255 characters in length. */ certificateChain: pulumi.Input; } export interface VirtualGatewaySpecListenerTlsValidationTrustSds { /** * Name of the secret for a virtual gateway's Transport Layer Security (TLS) Secret Discovery Service validation context trust. */ secretName: pulumi.Input; } export interface VirtualGatewaySpecLogging { /** * Access log configuration for a virtual gateway. */ accessLog?: pulumi.Input; } export interface VirtualGatewaySpecLoggingAccessLog { /** * File object to send virtual gateway access logs to. */ file?: pulumi.Input; } export interface VirtualGatewaySpecLoggingAccessLogFile { /** * The specified format for the logs. */ format?: pulumi.Input; /** * File path to write access logs to. You can use `/dev/stdout` to send access logs to standard out. Must be between 1 and 255 characters in length. */ path: pulumi.Input; } export interface VirtualGatewaySpecLoggingAccessLogFileFormat { /** * The logging format for JSON. */ jsons?: pulumi.Input[]>; /** * The logging format for text. Must be between 1 and 1000 characters in length. */ text?: pulumi.Input; } export interface VirtualGatewaySpecLoggingAccessLogFileFormatJson { /** * The specified key for the JSON. Must be between 1 and 100 characters in length. */ key: pulumi.Input; /** * The specified value for the JSON. Must be between 1 and 100 characters in length. */ value: pulumi.Input; } export interface VirtualNodeSpec { /** * Defaults for backends. */ backendDefaults?: pulumi.Input; /** * Backends to which the virtual node is expected to send outbound traffic. */ backends?: pulumi.Input[]>; /** * Listeners from which the virtual node is expected to receive inbound traffic. */ listeners?: pulumi.Input[]>; /** * Inbound and outbound access logging information for the virtual node. */ logging?: pulumi.Input; /** * Service discovery information for the virtual node. */ serviceDiscovery?: pulumi.Input; } export interface VirtualNodeSpecBackend { /** * Virtual service to use as a backend for a virtual node. */ virtualService: pulumi.Input; } export interface VirtualNodeSpecBackendDefaults { /** * Default client policy for virtual service backends. See above for details. */ clientPolicy?: pulumi.Input; } export interface VirtualNodeSpecBackendDefaultsClientPolicy { /** * Transport Layer Security (TLS) client policy. */ tls?: pulumi.Input; } export interface VirtualNodeSpecBackendDefaultsClientPolicyTls { /** * Listener's TLS certificate. */ certificate?: pulumi.Input; /** * Whether the policy is enforced. Default is `true`. */ enforce?: pulumi.Input; /** * One or more ports that the policy is enforced for. */ ports?: pulumi.Input[]>; /** * Listener's Transport Layer Security (TLS) validation context. */ validation: pulumi.Input; } export interface VirtualNodeSpecBackendDefaultsClientPolicyTlsCertificate { /** * Local file certificate. */ file?: pulumi.Input; /** * A [Secret Discovery Service](https://www.envoyproxy.io/docs/envoy/latest/configuration/security/secret#secret-discovery-service-sds) certificate. */ sds?: pulumi.Input; } export interface VirtualNodeSpecBackendDefaultsClientPolicyTlsCertificateFile { /** * Certificate trust chain for a certificate stored on the file system of the mesh endpoint that the proxy is running on. Must be between 1 and 255 characters in length. */ certificateChain: pulumi.Input; /** * Private key for a certificate stored on the file system of the virtual node that the proxy is running on. Must be between 1 and 255 characters in length. */ privateKey: pulumi.Input; } export interface VirtualNodeSpecBackendDefaultsClientPolicyTlsCertificateSds { /** * Name of the secret for a virtual node's Transport Layer Security (TLS) Secret Discovery Service validation context trust. */ secretName: pulumi.Input; } export interface VirtualNodeSpecBackendDefaultsClientPolicyTlsValidation { /** * SANs for a TLS validation context. */ subjectAlternativeNames?: pulumi.Input; /** * TLS validation context trust. */ trust: pulumi.Input; } export interface VirtualNodeSpecBackendDefaultsClientPolicyTlsValidationSubjectAlternativeNames { /** * Criteria for determining a SAN's match. */ match: pulumi.Input; } export interface VirtualNodeSpecBackendDefaultsClientPolicyTlsValidationSubjectAlternativeNamesMatch { /** * Values sent must match the specified values exactly. */ exacts: pulumi.Input[]>; } export interface VirtualNodeSpecBackendDefaultsClientPolicyTlsValidationTrust { /** * TLS validation context trust for an AWS Certificate Manager (ACM) certificate. */ acm?: pulumi.Input; /** * TLS validation context trust for a local file certificate. */ file?: pulumi.Input; /** * TLS validation context trust for a [Secret Discovery Service](https://www.envoyproxy.io/docs/envoy/latest/configuration/security/secret#secret-discovery-service-sds) certificate. */ sds?: pulumi.Input; } export interface VirtualNodeSpecBackendDefaultsClientPolicyTlsValidationTrustAcm { /** * One or more ACM ARNs. */ certificateAuthorityArns: pulumi.Input[]>; } export interface VirtualNodeSpecBackendDefaultsClientPolicyTlsValidationTrustFile { /** * Certificate trust chain for a certificate stored on the file system of the mesh endpoint that the proxy is running on. Must be between 1 and 255 characters in length. */ certificateChain: pulumi.Input; } export interface VirtualNodeSpecBackendDefaultsClientPolicyTlsValidationTrustSds { /** * Name of the secret for a virtual node's Transport Layer Security (TLS) Secret Discovery Service validation context trust. */ secretName: pulumi.Input; } export interface VirtualNodeSpecBackendVirtualService { /** * Client policy for the backend. */ clientPolicy?: pulumi.Input; /** * Name of the virtual service that is acting as a virtual node backend. Must be between 1 and 255 characters in length. */ virtualServiceName: pulumi.Input; } export interface VirtualNodeSpecBackendVirtualServiceClientPolicy { /** * Transport Layer Security (TLS) client policy. */ tls?: pulumi.Input; } export interface VirtualNodeSpecBackendVirtualServiceClientPolicyTls { /** * Listener's TLS certificate. */ certificate?: pulumi.Input; /** * Whether the policy is enforced. Default is `true`. */ enforce?: pulumi.Input; /** * One or more ports that the policy is enforced for. */ ports?: pulumi.Input[]>; /** * Listener's Transport Layer Security (TLS) validation context. */ validation: pulumi.Input; } export interface VirtualNodeSpecBackendVirtualServiceClientPolicyTlsCertificate { /** * Local file certificate. */ file?: pulumi.Input; /** * A [Secret Discovery Service](https://www.envoyproxy.io/docs/envoy/latest/configuration/security/secret#secret-discovery-service-sds) certificate. */ sds?: pulumi.Input; } export interface VirtualNodeSpecBackendVirtualServiceClientPolicyTlsCertificateFile { /** * Certificate trust chain for a certificate stored on the file system of the mesh endpoint that the proxy is running on. Must be between 1 and 255 characters in length. */ certificateChain: pulumi.Input; /** * Private key for a certificate stored on the file system of the virtual node that the proxy is running on. Must be between 1 and 255 characters in length. */ privateKey: pulumi.Input; } export interface VirtualNodeSpecBackendVirtualServiceClientPolicyTlsCertificateSds { /** * Name of the secret for a virtual node's Transport Layer Security (TLS) Secret Discovery Service validation context trust. */ secretName: pulumi.Input; } export interface VirtualNodeSpecBackendVirtualServiceClientPolicyTlsValidation { /** * SANs for a TLS validation context. */ subjectAlternativeNames?: pulumi.Input; /** * TLS validation context trust. */ trust: pulumi.Input; } export interface VirtualNodeSpecBackendVirtualServiceClientPolicyTlsValidationSubjectAlternativeNames { /** * Criteria for determining a SAN's match. */ match: pulumi.Input; } export interface VirtualNodeSpecBackendVirtualServiceClientPolicyTlsValidationSubjectAlternativeNamesMatch { /** * Values sent must match the specified values exactly. */ exacts: pulumi.Input[]>; } export interface VirtualNodeSpecBackendVirtualServiceClientPolicyTlsValidationTrust { /** * TLS validation context trust for an AWS Certificate Manager (ACM) certificate. */ acm?: pulumi.Input; /** * TLS validation context trust for a local file certificate. */ file?: pulumi.Input; /** * TLS validation context trust for a [Secret Discovery Service](https://www.envoyproxy.io/docs/envoy/latest/configuration/security/secret#secret-discovery-service-sds) certificate. */ sds?: pulumi.Input; } export interface VirtualNodeSpecBackendVirtualServiceClientPolicyTlsValidationTrustAcm { /** * One or more ACM ARNs. */ certificateAuthorityArns: pulumi.Input[]>; } export interface VirtualNodeSpecBackendVirtualServiceClientPolicyTlsValidationTrustFile { /** * Certificate trust chain for a certificate stored on the file system of the mesh endpoint that the proxy is running on. Must be between 1 and 255 characters in length. */ certificateChain: pulumi.Input; } export interface VirtualNodeSpecBackendVirtualServiceClientPolicyTlsValidationTrustSds { /** * Name of the secret for a virtual node's Transport Layer Security (TLS) Secret Discovery Service validation context trust. */ secretName: pulumi.Input; } export interface VirtualNodeSpecListener { /** * Connection pool information for the listener. */ connectionPool?: pulumi.Input; /** * Health check information for the listener. */ healthCheck?: pulumi.Input; /** * Outlier detection information for the listener. */ outlierDetection?: pulumi.Input; /** * Port mapping information for the listener. */ portMapping: pulumi.Input; /** * Timeouts for different protocols. */ timeout?: pulumi.Input; /** * Transport Layer Security (TLS) properties for the listener */ tls?: pulumi.Input; } export interface VirtualNodeSpecListenerConnectionPool { /** * Connection pool information for gRPC listeners. */ grpc?: pulumi.Input; /** * Connection pool information for HTTP2 listeners. */ http2s?: pulumi.Input[]>; /** * Connection pool information for HTTP listeners. */ https?: pulumi.Input[]>; /** * Connection pool information for TCP listeners. */ tcps?: pulumi.Input[]>; } export interface VirtualNodeSpecListenerConnectionPoolGrpc { /** * Maximum number of inflight requests Envoy can concurrently support across hosts in upstream cluster. Minimum value of `1`. */ maxRequests: pulumi.Input; } export interface VirtualNodeSpecListenerConnectionPoolHttp { /** * Maximum number of outbound TCP connections Envoy can establish concurrently with all hosts in upstream cluster. Minimum value of `1`. */ maxConnections: pulumi.Input; /** * Number of overflowing requests after `maxConnections` Envoy will queue to upstream cluster. Minimum value of `1`. */ maxPendingRequests?: pulumi.Input; } export interface VirtualNodeSpecListenerConnectionPoolHttp2 { /** * Maximum number of inflight requests Envoy can concurrently support across hosts in upstream cluster. Minimum value of `1`. */ maxRequests: pulumi.Input; } export interface VirtualNodeSpecListenerConnectionPoolTcp { /** * Maximum number of outbound TCP connections Envoy can establish concurrently with all hosts in upstream cluster. Minimum value of `1`. */ maxConnections: pulumi.Input; } export interface VirtualNodeSpecListenerHealthCheck { /** * Number of consecutive successful health checks that must occur before declaring listener healthy. */ healthyThreshold: pulumi.Input; /** * Time period in milliseconds between each health check execution. */ intervalMillis: pulumi.Input; /** * Destination path for the health check request. This is only required if the specified protocol is `http` or `http2`. */ path?: pulumi.Input; /** * Destination port for the health check request. This port must match the port defined in the `portMapping` for the listener. */ port?: pulumi.Input; /** * Protocol for the health check request. Valid values are `http`, `http2`, `tcp` and `grpc`. */ protocol: pulumi.Input; /** * Amount of time to wait when receiving a response from the health check, in milliseconds. */ timeoutMillis: pulumi.Input; /** * Number of consecutive failed health checks that must occur before declaring a virtual node unhealthy. */ unhealthyThreshold: pulumi.Input; } export interface VirtualNodeSpecListenerOutlierDetection { /** * Base amount of time for which a host is ejected. */ baseEjectionDuration: pulumi.Input; /** * Time interval between ejection sweep analysis. */ interval: pulumi.Input; /** * Maximum percentage of hosts in load balancing pool for upstream service that can be ejected. Will eject at least one host regardless of the value. * Minimum value of `0`. Maximum value of `100`. */ maxEjectionPercent: pulumi.Input; /** * Number of consecutive `5xx` errors required for ejection. Minimum value of `1`. */ maxServerErrors: pulumi.Input; } export interface VirtualNodeSpecListenerOutlierDetectionBaseEjectionDuration { /** * Unit of time. Valid values: `ms`, `s`. */ unit: pulumi.Input; /** * Number of time units. Minimum value of `0`. */ value: pulumi.Input; } export interface VirtualNodeSpecListenerOutlierDetectionInterval { /** * Unit of time. Valid values: `ms`, `s`. */ unit: pulumi.Input; /** * Number of time units. Minimum value of `0`. */ value: pulumi.Input; } export interface VirtualNodeSpecListenerPortMapping { /** * Port used for the port mapping. */ port: pulumi.Input; /** * Protocol used for the port mapping. Valid values are `http`, `http2`, `tcp` and `grpc`. */ protocol: pulumi.Input; } export interface VirtualNodeSpecListenerTimeout { /** * Timeouts for gRPC listeners. */ grpc?: pulumi.Input; /** * Timeouts for HTTP listeners. */ http?: pulumi.Input; /** * Timeouts for HTTP2 listeners. */ http2?: pulumi.Input; /** * Timeouts for TCP listeners. */ tcp?: pulumi.Input; } export interface VirtualNodeSpecListenerTimeoutGrpc { /** * Idle timeout. An idle timeout bounds the amount of time that a connection may be idle. */ idle?: pulumi.Input; /** * Per request timeout. */ perRequest?: pulumi.Input; } export interface VirtualNodeSpecListenerTimeoutGrpcIdle { /** * Unit of time. Valid values: `ms`, `s`. */ unit: pulumi.Input; /** * Number of time units. Minimum value of `0`. */ value: pulumi.Input; } export interface VirtualNodeSpecListenerTimeoutGrpcPerRequest { /** * Unit of time. Valid values: `ms`, `s`. */ unit: pulumi.Input; /** * Number of time units. Minimum value of `0`. */ value: pulumi.Input; } export interface VirtualNodeSpecListenerTimeoutHttp { /** * Idle timeout. An idle timeout bounds the amount of time that a connection may be idle. */ idle?: pulumi.Input; /** * Per request timeout. */ perRequest?: pulumi.Input; } export interface VirtualNodeSpecListenerTimeoutHttp2 { /** * Idle timeout. An idle timeout bounds the amount of time that a connection may be idle. */ idle?: pulumi.Input; /** * Per request timeout. */ perRequest?: pulumi.Input; } export interface VirtualNodeSpecListenerTimeoutHttp2Idle { /** * Unit of time. Valid values: `ms`, `s`. */ unit: pulumi.Input; /** * Number of time units. Minimum value of `0`. */ value: pulumi.Input; } export interface VirtualNodeSpecListenerTimeoutHttp2PerRequest { /** * Unit of time. Valid values: `ms`, `s`. */ unit: pulumi.Input; /** * Number of time units. Minimum value of `0`. */ value: pulumi.Input; } export interface VirtualNodeSpecListenerTimeoutHttpIdle { /** * Unit of time. Valid values: `ms`, `s`. */ unit: pulumi.Input; /** * Number of time units. Minimum value of `0`. */ value: pulumi.Input; } export interface VirtualNodeSpecListenerTimeoutHttpPerRequest { /** * Unit of time. Valid values: `ms`, `s`. */ unit: pulumi.Input; /** * Number of time units. Minimum value of `0`. */ value: pulumi.Input; } export interface VirtualNodeSpecListenerTimeoutTcp { /** * Idle timeout. An idle timeout bounds the amount of time that a connection may be idle. */ idle?: pulumi.Input; } export interface VirtualNodeSpecListenerTimeoutTcpIdle { /** * Unit of time. Valid values: `ms`, `s`. */ unit: pulumi.Input; /** * Number of time units. Minimum value of `0`. */ value: pulumi.Input; } export interface VirtualNodeSpecListenerTls { /** * Listener's TLS certificate. */ certificate: pulumi.Input; /** * Listener's TLS mode. Valid values: `DISABLED`, `PERMISSIVE`, `STRICT`. */ mode: pulumi.Input; /** * Listener's Transport Layer Security (TLS) validation context. */ validation?: pulumi.Input; } export interface VirtualNodeSpecListenerTlsCertificate { /** * An AWS Certificate Manager (ACM) certificate. */ acm?: pulumi.Input; /** * Local file certificate. */ file?: pulumi.Input; /** * A [Secret Discovery Service](https://www.envoyproxy.io/docs/envoy/latest/configuration/security/secret#secret-discovery-service-sds) certificate. */ sds?: pulumi.Input; } export interface VirtualNodeSpecListenerTlsCertificateAcm { /** * ARN for the certificate. */ certificateArn: pulumi.Input; } export interface VirtualNodeSpecListenerTlsCertificateFile { /** * Certificate trust chain for a certificate stored on the file system of the mesh endpoint that the proxy is running on. Must be between 1 and 255 characters in length. */ certificateChain: pulumi.Input; /** * Private key for a certificate stored on the file system of the virtual node that the proxy is running on. Must be between 1 and 255 characters in length. */ privateKey: pulumi.Input; } export interface VirtualNodeSpecListenerTlsCertificateSds { /** * Name of the secret for a virtual node's Transport Layer Security (TLS) Secret Discovery Service validation context trust. */ secretName: pulumi.Input; } export interface VirtualNodeSpecListenerTlsValidation { /** * SANs for a TLS validation context. */ subjectAlternativeNames?: pulumi.Input; /** * TLS validation context trust. */ trust: pulumi.Input; } export interface VirtualNodeSpecListenerTlsValidationSubjectAlternativeNames { /** * Criteria for determining a SAN's match. */ match: pulumi.Input; } export interface VirtualNodeSpecListenerTlsValidationSubjectAlternativeNamesMatch { /** * Values sent must match the specified values exactly. */ exacts: pulumi.Input[]>; } export interface VirtualNodeSpecListenerTlsValidationTrust { /** * TLS validation context trust for a local file certificate. */ file?: pulumi.Input; /** * TLS validation context trust for a [Secret Discovery Service](https://www.envoyproxy.io/docs/envoy/latest/configuration/security/secret#secret-discovery-service-sds) certificate. */ sds?: pulumi.Input; } export interface VirtualNodeSpecListenerTlsValidationTrustFile { /** * Certificate trust chain for a certificate stored on the file system of the mesh endpoint that the proxy is running on. Must be between 1 and 255 characters in length. */ certificateChain: pulumi.Input; } export interface VirtualNodeSpecListenerTlsValidationTrustSds { /** * Name of the secret for a virtual node's Transport Layer Security (TLS) Secret Discovery Service validation context trust. */ secretName: pulumi.Input; } export interface VirtualNodeSpecLogging { /** * Access log configuration for a virtual node. */ accessLog?: pulumi.Input; } export interface VirtualNodeSpecLoggingAccessLog { /** * File object to send virtual node access logs to. */ file?: pulumi.Input; } export interface VirtualNodeSpecLoggingAccessLogFile { /** * The specified format for the logs. */ format?: pulumi.Input; /** * File path to write access logs to. You can use `/dev/stdout` to send access logs to standard out. Must be between 1 and 255 characters in length. */ path: pulumi.Input; } export interface VirtualNodeSpecLoggingAccessLogFileFormat { /** * The logging format for JSON. */ jsons?: pulumi.Input[]>; /** * The logging format for text. Must be between 1 and 1000 characters in length. */ text?: pulumi.Input; } export interface VirtualNodeSpecLoggingAccessLogFileFormatJson { /** * The specified key for the JSON. Must be between 1 and 100 characters in length. */ key: pulumi.Input; /** * The specified value for the JSON. Must be between 1 and 100 characters in length. */ value: pulumi.Input; } export interface VirtualNodeSpecServiceDiscovery { /** * Any AWS Cloud Map information for the virtual node. */ awsCloudMap?: pulumi.Input; /** * DNS service name for the virtual node. */ dns?: pulumi.Input; } export interface VirtualNodeSpecServiceDiscoveryAwsCloudMap { /** * String map that contains attributes with values that you can use to filter instances by any custom attribute that you specified when you registered the instance. Only instances that match all of the specified key/value pairs will be returned. */ attributes?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Name of the AWS Cloud Map namespace to use. * Use the `aws.servicediscovery.HttpNamespace` resource to configure a Cloud Map namespace. Must be between 1 and 1024 characters in length. */ namespaceName: pulumi.Input; /** * Name of the AWS Cloud Map service to use. Use the `aws.servicediscovery.Service` resource to configure a Cloud Map service. Must be between 1 and 1024 characters in length. */ serviceName: pulumi.Input; } export interface VirtualNodeSpecServiceDiscoveryDns { /** * DNS host name for your virtual node. */ hostname: pulumi.Input; /** * The preferred IP version that this virtual node uses. Valid values: `IPv6_PREFERRED`, `IPv4_PREFERRED`, `IPv4_ONLY`, `IPv6_ONLY`. */ ipPreference?: pulumi.Input; /** * The DNS response type for the virtual node. Valid values: `LOADBALANCER`, `ENDPOINTS`. */ responseType?: pulumi.Input; } export interface VirtualRouterSpec { /** * Listeners that the virtual router is expected to receive inbound traffic from. * Currently only one listener is supported per virtual router. */ listeners?: pulumi.Input[]>; } export interface VirtualRouterSpecListener { /** * Port mapping information for the listener. */ portMapping: pulumi.Input; } export interface VirtualRouterSpecListenerPortMapping { /** * Port used for the port mapping. */ port: pulumi.Input; /** * Protocol used for the port mapping. Valid values are `http`,`http2`, `tcp` and `grpc`. */ protocol: pulumi.Input; } export interface VirtualServiceSpec { /** * App Mesh object that is acting as the provider for a virtual service. You can specify a single virtual node or virtual router. */ provider?: pulumi.Input; } export interface VirtualServiceSpecProvider { /** * Virtual node associated with a virtual service. */ virtualNode?: pulumi.Input; /** * Virtual router associated with a virtual service. */ virtualRouter?: pulumi.Input; } export interface VirtualServiceSpecProviderVirtualNode { /** * Name of the virtual node that is acting as a service provider. Must be between 1 and 255 characters in length. */ virtualNodeName: pulumi.Input; } export interface VirtualServiceSpecProviderVirtualRouter { /** * Name of the virtual router that is acting as a service provider. Must be between 1 and 255 characters in length. */ virtualRouterName: pulumi.Input; } } export namespace apprunner { export interface CustomDomainAssociationCertificateValidationRecord { /** * Certificate CNAME record name. */ name?: pulumi.Input; /** * Current state of the certificate CNAME record validation. It should change to `SUCCESS` after App Runner completes validation with your DNS. */ status?: pulumi.Input; /** * Record type, always `CNAME`. */ type?: pulumi.Input; /** * Certificate CNAME record value. */ value?: pulumi.Input; } export interface DeploymentTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; } export interface ObservabilityConfigurationTraceConfiguration { /** * Implementation provider chosen for tracing App Runner services. Valid values: `AWSXRAY`. */ vendor?: pulumi.Input; } export interface ServiceEncryptionConfiguration { /** * ARN of the KMS key used for encryption. */ kmsKey: pulumi.Input; } export interface ServiceHealthCheckConfiguration { /** * Number of consecutive checks that must succeed before App Runner decides that the service is healthy. Defaults to 1. Minimum value of 1. Maximum value of 20. */ healthyThreshold?: pulumi.Input; /** * Time interval, in seconds, between health checks. Defaults to 5. Minimum value of 1. Maximum value of 20. */ interval?: pulumi.Input; /** * URL to send requests to for health checks. Defaults to `/`. Minimum length of 0. Maximum length of 51200. */ path?: pulumi.Input; /** * IP protocol that App Runner uses to perform health checks for your service. Valid values: `TCP`, `HTTP`. Defaults to `TCP`. If you set protocol to `HTTP`, App Runner sends health check requests to the HTTP path specified by `path`. */ protocol?: pulumi.Input; /** * Time, in seconds, to wait for a health check response before deciding it failed. Defaults to 2. Minimum value of 1. Maximum value of 20. */ timeout?: pulumi.Input; /** * Number of consecutive checks that must fail before App Runner decides that the service is unhealthy. Defaults to 5. Minimum value of 1. Maximum value of 20. */ unhealthyThreshold?: pulumi.Input; } export interface ServiceInstanceConfiguration { /** * Number of CPU units reserved for each instance of your App Runner service represented as a String. Defaults to `1024`. Valid values: `256|512|1024|2048|4096|(0.25|0.5|1|2|4) vCPU`. */ cpu?: pulumi.Input; /** * ARN of an IAM role that provides permissions to your App Runner service. These are permissions that your code needs when it calls any AWS APIs. */ instanceRoleArn?: pulumi.Input; /** * Amount of memory, in MB or GB, reserved for each instance of your App Runner service. Defaults to `2048`. Valid values: `512|1024|2048|3072|4096|6144|8192|10240|12288|(0.5|1|2|3|4|6|8|10|12) GB`. */ memory?: pulumi.Input; } export interface ServiceNetworkConfiguration { /** * Network configuration settings for outbound message traffic. See Egress Configuration below for more details. */ egressConfiguration?: pulumi.Input; /** * Network configuration settings for inbound network traffic. See Ingress Configuration below for more details. */ ingressConfiguration?: pulumi.Input; /** * App Runner provides you with the option to choose between Internet Protocol version 4 (IPv4) and dual stack (IPv4 and IPv6) for your incoming public network configuration. Valid values: `IPV4`, `DUAL_STACK`. Default: `IPV4`. */ ipAddressType?: pulumi.Input; } export interface ServiceNetworkConfigurationEgressConfiguration { /** * The type of egress configuration. Valid values are: `DEFAULT` and `VPC`. */ egressType?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the App Runner VPC connector that you want to associate with your App Runner service. Only valid when `EgressType = VPC`. */ vpcConnectorArn?: pulumi.Input; } export interface ServiceNetworkConfigurationIngressConfiguration { /** * Specifies whether your App Runner service is publicly accessible. To make the service publicly accessible set it to True. To make the service privately accessible, from only within an Amazon VPC set it to False. */ isPubliclyAccessible?: pulumi.Input; } export interface ServiceObservabilityConfiguration { /** * ARN of the observability configuration that is associated with the service. Specified only when `observabilityEnabled` is `true`. */ observabilityConfigurationArn?: pulumi.Input; /** * When `true`, an observability configuration resource is associated with the service. */ observabilityEnabled: pulumi.Input; } export interface ServiceSourceConfiguration { /** * Describes resources needed to authenticate access to some source repositories. See Authentication Configuration below for more details. */ authenticationConfiguration?: pulumi.Input; /** * Whether continuous integration from the source repository is enabled for the App Runner service. If set to `true`, each repository change (source code commit or new image version) starts a deployment. Defaults to `true`. */ autoDeploymentsEnabled?: pulumi.Input; /** * Description of a source code repository. See Code Repository below for more details. */ codeRepository?: pulumi.Input; /** * Description of a source image repository. See Image Repository below for more details. */ imageRepository?: pulumi.Input; } export interface ServiceSourceConfigurationAuthenticationConfiguration { /** * ARN of the IAM role that grants the App Runner service access to a source repository. Required for ECR image repositories (but not for ECR Public) */ accessRoleArn?: pulumi.Input; /** * ARN of the App Runner connection that enables the App Runner service to connect to a source repository. Required for GitHub code repositories. */ connectionArn?: pulumi.Input; } export interface ServiceSourceConfigurationCodeRepository { /** * Configuration for building and running the service from a source code repository. See Code Configuration below for more details. */ codeConfiguration?: pulumi.Input; /** * Location of the repository that contains the source code. */ repositoryUrl: pulumi.Input; /** * Version that should be used within the source code repository. See Source Code Version below for more details. */ sourceCodeVersion: pulumi.Input; /** * The path of the directory that stores source code and configuration files. The build and start commands also execute from here. The path is absolute from root and, if not specified, defaults to the repository root. */ sourceDirectory?: pulumi.Input; } export interface ServiceSourceConfigurationCodeRepositoryCodeConfiguration { /** * Basic configuration for building and running the App Runner service. Use this parameter to quickly launch an App Runner service without providing an apprunner.yaml file in the source code repository (or ignoring the file if it exists). See Code Configuration Values below for more details. */ codeConfigurationValues?: pulumi.Input; /** * Source of the App Runner configuration. Valid values: `REPOSITORY`, `API`. Values are interpreted as follows: * * `REPOSITORY` - App Runner reads configuration values from the apprunner.yaml file in the * source code repository and ignores the CodeConfigurationValues parameter. * * `API` - App Runner uses configuration values provided in the CodeConfigurationValues * parameter and ignores the apprunner.yaml file in the source code repository. */ configurationSource: pulumi.Input; } export interface ServiceSourceConfigurationCodeRepositoryCodeConfigurationCodeConfigurationValues { /** * Command App Runner runs to build your application. */ buildCommand?: pulumi.Input; /** * Port that your application listens to in the container. Defaults to `"8080"`. */ port?: pulumi.Input; /** * Runtime environment type for building and running an App Runner service. Represents a programming language runtime. Valid values: `PYTHON_3`, `NODEJS_12`, `NODEJS_14`, `NODEJS_16`, `CORRETTO_8`, `CORRETTO_11`, `GO_1`, `DOTNET_6`, `PHP_81`, `RUBY_31`. */ runtime: pulumi.Input; /** * Secrets and parameters available to your service as environment variables. A map of key/value pairs, where the key is the desired name of the Secret in the environment (i.e. it does not have to match the name of the secret in Secrets Manager or SSM Parameter Store), and the value is the ARN of the secret from AWS Secrets Manager or the ARN of the parameter in AWS SSM Parameter Store. */ runtimeEnvironmentSecrets?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Environment variables available to your running App Runner service. A map of key/value pairs. Keys with a prefix of `AWSAPPRUNNER` are reserved for system use and aren't valid. */ runtimeEnvironmentVariables?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Command App Runner runs to start your application. */ startCommand?: pulumi.Input; } export interface ServiceSourceConfigurationCodeRepositorySourceCodeVersion { /** * Type of version identifier. For a git-based repository, branches represent versions. Valid values: `BRANCH`. */ type: pulumi.Input; /** * Source code version. For a git-based repository, a branch name maps to a specific version. App Runner uses the most recent commit to the branch. */ value: pulumi.Input; } export interface ServiceSourceConfigurationImageRepository { /** * Configuration for running the identified image. See Image Configuration below for more details. */ imageConfiguration?: pulumi.Input; /** * Identifier of an image. For an image in Amazon Elastic Container Registry (Amazon ECR), this is an image name. For the * image name format, see Pulling an image in the Amazon ECR User Guide. */ imageIdentifier: pulumi.Input; /** * Type of the image repository. This reflects the repository provider and whether the repository is private or public. Valid values: `ECR` , `ECR_PUBLIC`. */ imageRepositoryType: pulumi.Input; } export interface ServiceSourceConfigurationImageRepositoryImageConfiguration { /** * Port that your application listens to in the container. Defaults to `"8080"`. */ port?: pulumi.Input; /** * Secrets and parameters available to your service as environment variables. A map of key/value pairs, where the key is the desired name of the Secret in the environment (i.e. it does not have to match the name of the secret in Secrets Manager or SSM Parameter Store), and the value is the ARN of the secret from AWS Secrets Manager or the ARN of the parameter in AWS SSM Parameter Store. */ runtimeEnvironmentSecrets?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Environment variables available to your running App Runner service. A map of key/value pairs. Keys with a prefix of `AWSAPPRUNNER` are reserved for system use and aren't valid. */ runtimeEnvironmentVariables?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Command App Runner runs to start the application in the source image. If specified, this command overrides the Docker image’s default start command. */ startCommand?: pulumi.Input; } export interface VpcIngressConnectionIngressVpcConfiguration { /** * The ID of the VPC endpoint that your App Runner service connects to. */ vpcEndpointId?: pulumi.Input; /** * The ID of the VPC that is used for the VPC endpoint. */ vpcId?: pulumi.Input; } } export namespace appstream { export interface DirectoryConfigCertificateBasedAuthProperties { /** * The ARN of the AWS Certificate Manager Private CA resource. */ certificateAuthorityArn?: pulumi.Input; /** * The status of the certificate-based authentication properties. Valid values - ["DISABLED", "ENABLED", "ENABLED_NO_DIRECTORY_LOGIN_FALLBACK"]. */ status?: pulumi.Input; } export interface DirectoryConfigServiceAccountCredentials { /** * User name of the account. This account must have the following privileges: create computer objects, join computers to the domain, and change/reset the password on descendant computer objects for the organizational units specified. */ accountName: pulumi.Input; /** * Password for the account. */ accountPassword: pulumi.Input; } export interface FleetComputeCapacity { /** * Number of currently available instances that can be used to stream sessions. */ available?: pulumi.Input; /** * Desired number of streaming instances. */ desiredInstances?: pulumi.Input; /** * Desired number of user sessions for a multi-session fleet. This is not allowed for single-session fleets. */ desiredSessions?: pulumi.Input; /** * Number of instances in use for streaming. */ inUse?: pulumi.Input; /** * Total number of simultaneous streaming instances that are running. */ running?: pulumi.Input; } export interface FleetDomainJoinInfo { /** * Fully qualified name of the directory (for example, corp.example.com). */ directoryName?: pulumi.Input; /** * Distinguished name of the organizational unit for computer accounts. */ organizationalUnitDistinguishedName?: pulumi.Input; } export interface FleetVpcConfig { /** * Identifiers of the security groups for the fleet or image builder. */ securityGroupIds?: pulumi.Input[]>; /** * Identifiers of the subnets to which a network interface is attached from the fleet instance or image builder instance. */ subnetIds?: pulumi.Input[]>; } export interface ImageBuilderAccessEndpoint { /** * Type of interface endpoint. For valid values, refer to the [AWS documentation](https://docs.aws.amazon.com/appstream2/latest/APIReference/API_AccessEndpoint.html). */ endpointType: pulumi.Input; /** * Identifier (ID) of the interface VPC endpoint. */ vpceId?: pulumi.Input; } export interface ImageBuilderDomainJoinInfo { /** * Fully qualified name of the directory (for example, corp.example.com). */ directoryName?: pulumi.Input; /** * Distinguished name of the organizational unit for computer accounts. */ organizationalUnitDistinguishedName?: pulumi.Input; } export interface ImageBuilderVpcConfig { /** * Identifiers of the security groups for the image builder or image builder. */ securityGroupIds?: pulumi.Input[]>; /** * Identifier of the subnet to which a network interface is attached from the image builder instance. */ subnetIds?: pulumi.Input[]>; } export interface StackAccessEndpoint { /** * Type of the interface endpoint. * See the [`AccessEndpoint` AWS API documentation](https://docs.aws.amazon.com/appstream2/latest/APIReference/API_AccessEndpoint.html) for valid values. */ endpointType: pulumi.Input; /** * ID of the VPC in which the interface endpoint is used. */ vpceId?: pulumi.Input; } export interface StackApplicationSettings { /** * Whether application settings should be persisted. */ enabled: pulumi.Input; /** * Name of the settings group. * Required when `enabled` is `true`. * Can be up to 100 characters. */ settingsGroup?: pulumi.Input; } export interface StackStorageConnector { /** * Type of storage connector. * Valid values are `HOMEFOLDERS`, `GOOGLE_DRIVE`, or `ONE_DRIVE`. */ connectorType: pulumi.Input; /** * Names of the domains for the account. */ domains?: pulumi.Input[]>; /** * ARN of the storage connector. */ resourceIdentifier?: pulumi.Input; } export interface StackStreamingExperienceSettings { /** * The preferred protocol that you want to use while streaming your application. * Valid values are `TCP` and `UDP`. */ preferredProtocol?: pulumi.Input; } export interface StackUserSetting { /** * Action that is enabled or disabled. * Valid values are `AUTO_TIME_ZONE_REDIRECTION`, `CLIPBOARD_COPY_FROM_LOCAL_DEVICE`, `CLIPBOARD_COPY_TO_LOCAL_DEVICE`, `DOMAIN_PASSWORD_SIGNIN`, `DOMAIN_SMART_CARD_SIGNIN`, `FILE_UPLOAD`, `FILE_DOWNLOAD`, or `PRINTING_TO_LOCAL_DEVICE`. */ action: pulumi.Input; /** * Whether the action is enabled or disabled. * Valid values are `ENABLED` or `DISABLED`. */ permission: pulumi.Input; } } export namespace appsync { export interface ApiEventConfig { /** * List of authentication providers. See Auth Providers below. */ authProviders: pulumi.Input[]>; /** * List of authentication modes for connections. See Auth Modes below. */ connectionAuthModes: pulumi.Input[]>; /** * List of default authentication modes for publishing. See Auth Modes below. */ defaultPublishAuthModes: pulumi.Input[]>; /** * List of default authentication modes for subscribing. See Auth Modes below. */ defaultSubscribeAuthModes: pulumi.Input[]>; /** * Logging configuration. See Log Config below. */ logConfig?: pulumi.Input; } export interface ApiEventConfigAuthProvider { /** * Type of authentication provider. Valid values: `API_KEY`, `AWS_IAM`, `AMAZON_COGNITO_USER_POOLS`, `OPENID_CONNECT`, `AWS_LAMBDA`. */ authType: pulumi.Input; /** * Configuration for Cognito user pool authentication. Required when `authType` is `AMAZON_COGNITO_USER_POOLS`. See Cognito Config below. */ cognitoConfig?: pulumi.Input; /** * Configuration for Lambda authorization. Required when `authType` is `AWS_LAMBDA`. See Lambda Authorizer Config below. */ lambdaAuthorizerConfig?: pulumi.Input; /** * Configuration for OpenID Connect. Required when `authType` is `OPENID_CONNECT`. See OpenID Connect Config below. */ openidConnectConfig?: pulumi.Input; } export interface ApiEventConfigAuthProviderCognitoConfig { /** * Regular expression for matching the client ID. */ appIdClientRegex?: pulumi.Input; /** * AWS region where the user pool is located. */ awsRegion: pulumi.Input; /** * ID of the Cognito user pool. */ userPoolId: pulumi.Input; } export interface ApiEventConfigAuthProviderLambdaAuthorizerConfig { /** * TTL in seconds for the authorization result cache. */ authorizerResultTtlInSeconds?: pulumi.Input; /** * URI of the Lambda function for authorization. */ authorizerUri: pulumi.Input; /** * Regular expression for identity validation. */ identityValidationExpression?: pulumi.Input; } export interface ApiEventConfigAuthProviderOpenidConnectConfig { /** * TTL in seconds for the authentication token. */ authTtl?: pulumi.Input; /** * Client ID for the OpenID Connect provider. */ clientId?: pulumi.Input; /** * TTL in seconds for the issued at time. */ iatTtl?: pulumi.Input; /** * Issuer URL for the OpenID Connect provider. */ issuer: pulumi.Input; } export interface ApiEventConfigConnectionAuthMode { /** * Type of authentication. Valid values: `API_KEY`, `AWS_IAM`, `AMAZON_COGNITO_USER_POOLS`, `OPENID_CONNECT`, `AWS_LAMBDA`. */ authType: pulumi.Input; } export interface ApiEventConfigDefaultPublishAuthMode { /** * Type of authentication. Valid values: `API_KEY`, `AWS_IAM`, `AMAZON_COGNITO_USER_POOLS`, `OPENID_CONNECT`, `AWS_LAMBDA`. */ authType: pulumi.Input; } export interface ApiEventConfigDefaultSubscribeAuthMode { /** * Type of authentication. Valid values: `API_KEY`, `AWS_IAM`, `AMAZON_COGNITO_USER_POOLS`, `OPENID_CONNECT`, `AWS_LAMBDA`. */ authType: pulumi.Input; } export interface ApiEventConfigLogConfig { /** * ARN of the IAM role for CloudWatch logs. */ cloudwatchLogsRoleArn: pulumi.Input; /** * Log level. Valid values: `NONE`, `ERROR`, `ALL`, `INFO`, `DEBUG`. */ logLevel: pulumi.Input; } export interface ChannelNamespaceHandlerConfigs { /** * Handler configuration. See Handler Config below. */ onPublish?: pulumi.Input; /** * Handler configuration. See Handler Config below. */ onSubscribe?: pulumi.Input; } export interface ChannelNamespaceHandlerConfigsOnPublish { /** * Behavior for the handler. Valid values: `CODE`, `DIRECT`. */ behavior: pulumi.Input; /** * Integration data source configuration for the handler. See Integration below. */ integration: pulumi.Input; } export interface ChannelNamespaceHandlerConfigsOnPublishIntegration { /** * Unique name of the data source that has been configured on the API. */ dataSourceName: pulumi.Input; /** * Configuration for a Lambda data source. See Lambda Config below. */ lambdaConfig?: pulumi.Input; } export interface ChannelNamespaceHandlerConfigsOnPublishIntegrationLambdaConfig { /** * Invocation type for a Lambda data source. Valid values: `REQUEST_RESPONSE`, `EVENT`. */ invokeType?: pulumi.Input; } export interface ChannelNamespaceHandlerConfigsOnSubscribe { /** * Behavior for the handler. Valid values: `CODE`, `DIRECT`. */ behavior: pulumi.Input; /** * Integration data source configuration for the handler. See Integration below. */ integration: pulumi.Input; } export interface ChannelNamespaceHandlerConfigsOnSubscribeIntegration { /** * Unique name of the data source that has been configured on the API. */ dataSourceName: pulumi.Input; /** * Configuration for a Lambda data source. See Lambda Config below. */ lambdaConfig?: pulumi.Input; } export interface ChannelNamespaceHandlerConfigsOnSubscribeIntegrationLambdaConfig { /** * Invocation type for a Lambda data source. Valid values: `REQUEST_RESPONSE`, `EVENT`. */ invokeType?: pulumi.Input; } export interface ChannelNamespacePublishAuthMode { /** * Type of authentication. Valid values: `API_KEY`, `AWS_IAM`, `AMAZON_COGNITO_USER_POOLS`, `OPENID_CONNECT`, `AWS_LAMBDA`. */ authType: pulumi.Input; } export interface ChannelNamespaceSubscribeAuthMode { /** * Type of authentication. Valid values: `API_KEY`, `AWS_IAM`, `AMAZON_COGNITO_USER_POOLS`, `OPENID_CONNECT`, `AWS_LAMBDA`. */ authType: pulumi.Input; } export interface DataSourceDynamodbConfig { /** * The DeltaSyncConfig for a versioned data source. See `deltaSyncConfig` Block for details. */ deltaSyncConfig?: pulumi.Input; /** * AWS region of the DynamoDB table. Defaults to current region. */ region?: pulumi.Input; /** * Name of the DynamoDB table. */ tableName: pulumi.Input; /** * Set to `true` to use Amazon Cognito credentials with this data source. */ useCallerCredentials?: pulumi.Input; /** * Detects Conflict Detection and Resolution with this data source. */ versioned?: pulumi.Input; } export interface DataSourceDynamodbConfigDeltaSyncConfig { /** * The number of minutes that an Item is stored in the data source. */ baseTableTtl?: pulumi.Input; /** * The table name. */ deltaSyncTableName: pulumi.Input; /** * The number of minutes that a Delta Sync log entry is stored in the Delta Sync table. */ deltaSyncTableTtl?: pulumi.Input; } export interface DataSourceElasticsearchConfig { /** * HTTP endpoint of the Elasticsearch domain. */ endpoint: pulumi.Input; /** * AWS region of Elasticsearch domain. Defaults to current region. */ region?: pulumi.Input; } export interface DataSourceEventBridgeConfig { /** * ARN for the EventBridge bus. */ eventBusArn: pulumi.Input; } export interface DataSourceHttpConfig { /** * Authorization configuration in case the HTTP endpoint requires authorization. See `authorizationConfig` Block for details. */ authorizationConfig?: pulumi.Input; /** * HTTP URL. */ endpoint: pulumi.Input; } export interface DataSourceHttpConfigAuthorizationConfig { /** * Authorization type that the HTTP endpoint requires. Default values is `AWS_IAM`. */ authorizationType?: pulumi.Input; /** * Identity and Access Management (IAM) settings. See `awsIamConfig` Block for details. */ awsIamConfig?: pulumi.Input; } export interface DataSourceHttpConfigAuthorizationConfigAwsIamConfig { /** * Signing Amazon Web Services Region for IAM authorization. */ signingRegion?: pulumi.Input; /** * Signing service name for IAM authorization. */ signingServiceName?: pulumi.Input; } export interface DataSourceLambdaConfig { /** * ARN for the Lambda function. */ functionArn: pulumi.Input; } export interface DataSourceOpensearchserviceConfig { /** * HTTP endpoint of the OpenSearch domain. */ endpoint: pulumi.Input; /** * AWS region of the OpenSearch domain. Defaults to current region. */ region?: pulumi.Input; } export interface DataSourceRelationalDatabaseConfig { /** * Amazon RDS HTTP endpoint configuration. See `httpEndpointConfig` Block for details. */ httpEndpointConfig?: pulumi.Input; /** * Source type for the relational database. Valid values: `RDS_HTTP_ENDPOINT`. */ sourceType?: pulumi.Input; } export interface DataSourceRelationalDatabaseConfigHttpEndpointConfig { /** * AWS secret store ARN for database credentials. */ awsSecretStoreArn: pulumi.Input; /** * Logical database name. */ databaseName?: pulumi.Input; /** * Amazon RDS cluster identifier. */ dbClusterIdentifier: pulumi.Input; /** * AWS Region for RDS HTTP endpoint. Defaults to current region. */ region?: pulumi.Input; /** * Logical schema name. */ schema?: pulumi.Input; } export interface FunctionRuntime { /** * The name of the runtime to use. Currently, the only allowed value is `APPSYNC_JS`. */ name: pulumi.Input; /** * The version of the runtime to use. Currently, the only allowed version is `1.0.0`. */ runtimeVersion: pulumi.Input; } export interface FunctionSyncConfig { /** * Conflict Detection strategy to use. Valid values are `NONE` and `VERSION`. */ conflictDetection?: pulumi.Input; /** * Conflict Resolution strategy to perform in the event of a conflict. Valid values are `NONE`, `OPTIMISTIC_CONCURRENCY`, `AUTOMERGE`, and `LAMBDA`. */ conflictHandler?: pulumi.Input; /** * Lambda Conflict Handler Config when configuring `LAMBDA` as the Conflict Handler. See `lambdaConflictHandlerConfig` Block for details. */ lambdaConflictHandlerConfig?: pulumi.Input; } export interface FunctionSyncConfigLambdaConflictHandlerConfig { /** * ARN for the Lambda function to use as the Conflict Handler. */ lambdaConflictHandlerArn?: pulumi.Input; } export interface GraphQLApiAdditionalAuthenticationProvider { /** * Authentication type. Valid values: `API_KEY`, `AWS_IAM`, `AMAZON_COGNITO_USER_POOLS`, `OPENID_CONNECT`, `AWS_LAMBDA` */ authenticationType: pulumi.Input; /** * Nested argument containing Lambda authorizer configuration. See `lambdaAuthorizerConfig` Block for details. */ lambdaAuthorizerConfig?: pulumi.Input; /** * Nested argument containing OpenID Connect configuration. See `openidConnectConfig` Block for details. */ openidConnectConfig?: pulumi.Input; /** * Amazon Cognito User Pool configuration. See `userPoolConfig` Block for details. */ userPoolConfig?: pulumi.Input; } export interface GraphQLApiAdditionalAuthenticationProviderLambdaAuthorizerConfig { /** * Number of seconds a response should be cached for. The default is 5 minutes (300 seconds). The Lambda function can override this by returning a `ttlOverride` key in its response. A value of 0 disables caching of responses. Minimum value of 0. Maximum value of 3600. */ authorizerResultTtlInSeconds?: pulumi.Input; /** * ARN of the Lambda function to be called for authorization. Note: This Lambda function must have a resource-based policy assigned to it, to allow `lambda:InvokeFunction` from service principal `appsync.amazonaws.com`. */ authorizerUri: pulumi.Input; /** * Regular expression for validation of tokens before the Lambda function is called. */ identityValidationExpression?: pulumi.Input; } export interface GraphQLApiAdditionalAuthenticationProviderOpenidConnectConfig { /** * Number of milliseconds a token is valid after being authenticated. */ authTtl?: pulumi.Input; /** * Client identifier of the Relying party at the OpenID identity provider. This identifier is typically obtained when the Relying party is registered with the OpenID identity provider. You can specify a regular expression so the AWS AppSync can validate against multiple client identifiers at a time. */ clientId?: pulumi.Input; /** * Number of milliseconds a token is valid after being issued to a user. */ iatTtl?: pulumi.Input; /** * Issuer for the OpenID Connect configuration. The issuer returned by discovery MUST exactly match the value of iss in the ID Token. */ issuer: pulumi.Input; } export interface GraphQLApiAdditionalAuthenticationProviderUserPoolConfig { /** * Regular expression for validating the incoming Amazon Cognito User Pool app client ID. */ appIdClientRegex?: pulumi.Input; /** * AWS region in which the user pool was created. */ awsRegion?: pulumi.Input; /** * User pool ID. */ userPoolId: pulumi.Input; } export interface GraphQLApiEnhancedMetricsConfig { /** * How data source metrics will be emitted to CloudWatch. Valid values: `FULL_REQUEST_DATA_SOURCE_METRICS`, `PER_DATA_SOURCE_METRICS` */ dataSourceLevelMetricsBehavior: pulumi.Input; /** * How operation metrics will be emitted to CloudWatch. Valid values: `ENABLED`, `DISABLED` */ operationLevelMetricsConfig: pulumi.Input; /** * How resolver metrics will be emitted to CloudWatch. Valid values: `FULL_REQUEST_RESOLVER_METRICS`, `PER_RESOLVER_METRICS` */ resolverLevelMetricsBehavior: pulumi.Input; } export interface GraphQLApiLambdaAuthorizerConfig { /** * Number of seconds a response should be cached for. The default is 5 minutes (300 seconds). The Lambda function can override this by returning a `ttlOverride` key in its response. A value of 0 disables caching of responses. Minimum value of 0. Maximum value of 3600. */ authorizerResultTtlInSeconds?: pulumi.Input; /** * ARN of the Lambda function to be called for authorization. Note: This Lambda function must have a resource-based policy assigned to it, to allow `lambda:InvokeFunction` from service principal `appsync.amazonaws.com`. */ authorizerUri: pulumi.Input; /** * Regular expression for validation of tokens before the Lambda function is called. */ identityValidationExpression?: pulumi.Input; } export interface GraphQLApiLogConfig { /** * Amazon Resource Name of the service role that AWS AppSync will assume to publish to Amazon CloudWatch logs in your account. */ cloudwatchLogsRoleArn: pulumi.Input; /** * Set to TRUE to exclude sections that contain information such as headers, context, and evaluated mapping templates, regardless of logging level. Valid values: `true`, `false`. Default value: `false` */ excludeVerboseContent?: pulumi.Input; /** * Field logging level. Valid values: `ALL`, `ERROR`, `NONE`. */ fieldLogLevel: pulumi.Input; } export interface GraphQLApiOpenidConnectConfig { /** * Number of milliseconds a token is valid after being authenticated. */ authTtl?: pulumi.Input; /** * Client identifier of the Relying party at the OpenID identity provider. This identifier is typically obtained when the Relying party is registered with the OpenID identity provider. You can specify a regular expression so the AWS AppSync can validate against multiple client identifiers at a time. */ clientId?: pulumi.Input; /** * Number of milliseconds a token is valid after being issued to a user. */ iatTtl?: pulumi.Input; /** * Issuer for the OpenID Connect configuration. The issuer returned by discovery MUST exactly match the value of iss in the ID Token. */ issuer: pulumi.Input; } export interface GraphQLApiUserPoolConfig { /** * Regular expression for validating the incoming Amazon Cognito User Pool app client ID. */ appIdClientRegex?: pulumi.Input; /** * AWS region in which the user pool was created. */ awsRegion?: pulumi.Input; /** * Action that you want your GraphQL API to take when a request that uses Amazon Cognito User Pool authentication doesn't match the Amazon Cognito User Pool configuration. Valid: `ALLOW` and `DENY` */ defaultAction: pulumi.Input; /** * User pool ID. */ userPoolId: pulumi.Input; } export interface ResolverCachingConfig { /** * The caching keys for a resolver that has caching activated. Valid values are entries from the $context.arguments, $context.source, and $context.identity maps. */ cachingKeys?: pulumi.Input[]>; /** * The TTL in seconds for a resolver that has caching activated. Valid values are between `1` and `3600` seconds. */ ttl?: pulumi.Input; } export interface ResolverPipelineConfig { /** * A list of Function objects. */ functions?: pulumi.Input[]>; } export interface ResolverRuntime { /** * The name of the runtime to use. Currently, the only allowed value is `APPSYNC_JS`. */ name: pulumi.Input; /** * The version of the runtime to use. Currently, the only allowed version is `1.0.0`. */ runtimeVersion: pulumi.Input; } export interface ResolverSyncConfig { /** * Conflict Detection strategy to use. Valid values are `NONE` and `VERSION`. */ conflictDetection?: pulumi.Input; /** * Conflict Resolution strategy to perform in the event of a conflict. Valid values are `NONE`, `OPTIMISTIC_CONCURRENCY`, `AUTOMERGE`, and `LAMBDA`. */ conflictHandler?: pulumi.Input; /** * Lambda Conflict Handler Config when configuring `LAMBDA` as the Conflict Handler. See Lambda Conflict Handler Config. */ lambdaConflictHandlerConfig?: pulumi.Input; } export interface ResolverSyncConfigLambdaConflictHandlerConfig { /** * ARN for the Lambda function to use as the Conflict Handler. */ lambdaConflictHandlerArn?: pulumi.Input; } export interface SourceApiAssociationSourceApiAssociationConfig { /** * Merge type. Valid values: `MANUAL_MERGE`, `AUTO_MERGE` */ mergeType: pulumi.Input; } export interface SourceApiAssociationTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } } export namespace arcregionswitch { export interface PlanAssociatedAlarm { /** * Type of alarm. Valid values: `applicationHealth`, `trigger`. */ alarmType: pulumi.Input; /** * ARN of the cross-account role to assume. */ crossAccountRole?: pulumi.Input; /** * External ID for cross-account role assumption. */ externalId?: pulumi.Input; /** * Name of the alarm. */ mapBlockKey: pulumi.Input; /** * Resource identifier (ARN) of the CloudWatch alarm. */ resourceIdentifier: pulumi.Input; } export interface PlanTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface PlanTrigger { /** * Action to trigger. Valid values: `activate`, `deactivate`. */ action: pulumi.Input; /** * List of conditions that must be met. See Conditions below. */ conditions?: pulumi.Input[]>; /** * Description of the trigger. */ description?: pulumi.Input; /** * Minimum delay in minutes between executions. */ minDelayMinutesBetweenExecutions: pulumi.Input; /** * Target region for the trigger. */ targetRegion: pulumi.Input; } export interface PlanTriggerCondition { /** * Name of the associated alarm. */ associatedAlarmName: pulumi.Input; /** * Condition to check. Valid values: `red`, `green`. */ condition: pulumi.Input; } export interface PlanWorkflow { /** * List of steps in the workflow. See Step below. */ steps?: pulumi.Input[]>; /** * Description of the workflow. */ workflowDescription?: pulumi.Input; /** * Action to perform. Valid values: `activate`, `deactivate`. */ workflowTargetAction: pulumi.Input; /** * Target region for the workflow. */ workflowTargetRegion?: pulumi.Input; } export interface PlanWorkflowStep { /** * Configuration for ARC routing control. See ARC Routing Control Config below. */ arcRoutingControlConfigs?: pulumi.Input[]>; /** * Configuration for Lambda function execution. See Custom Action Lambda Config below. */ customActionLambdaConfigs?: pulumi.Input[]>; /** * Description of the step. */ description?: pulumi.Input; /** * Configuration for DocumentDB global cluster operations. See DocumentDB Config below. */ documentDbConfigs?: pulumi.Input[]>; /** * Configuration for EC2 Auto Scaling group capacity increase. See EC2 ASG Capacity Increase Config below. */ ec2AsgCapacityIncreaseConfigs?: pulumi.Input[]>; /** * Configuration for ECS service capacity increase. See ECS Capacity Increase Config below. */ ecsCapacityIncreaseConfigs?: pulumi.Input[]>; /** * Configuration for EKS resource scaling. See EKS Resource Scaling Config below. */ eksResourceScalingConfigs?: pulumi.Input[]>; /** * Configuration for manual approval steps. See Execution Approval Config below. */ executionApprovalConfigs?: pulumi.Input[]>; /** * Type of execution block. Valid values: `ARCRegionSwitchPlan`, `ARCRoutingControl`, `AuroraGlobalDatabase`, `CustomActionLambda`, `DocumentDb`, `EC2AutoScaling`, `ECSServiceScaling`, `EKSResourceScaling`, `ManualApproval`, `Parallel`, `Route53HealthCheck`. */ executionBlockType: pulumi.Input; /** * Configuration for Aurora Global Database operations. See Global Aurora Config below. */ globalAuroraConfigs?: pulumi.Input[]>; /** * Name of the step. */ name: pulumi.Input; /** * Configuration for parallel execution of multiple steps. See Parallel Config below. */ parallelConfigs?: pulumi.Input[]>; regionSwitchPlanConfigs?: pulumi.Input[]>; /** * Configuration for Route53 health check operations. See Route53 Health Check Config below. */ route53HealthCheckConfigs?: pulumi.Input[]>; } export interface PlanWorkflowStepArcRoutingControlConfig { /** * ARN of the cross-account role to assume. */ crossAccountRole?: pulumi.Input; /** * External ID for cross-account role assumption. */ externalId?: pulumi.Input; /** * List of regions and their routing controls. See Region and Routing Controls below. */ regionAndRoutingControls?: pulumi.Input[]>; /** * Timeout in minutes. */ timeoutMinutes?: pulumi.Input; } export interface PlanWorkflowStepArcRoutingControlConfigRegionAndRoutingControl { /** * AWS region. */ region: pulumi.Input; /** * List of routing controls. See Routing Control below. */ routingControls?: pulumi.Input[]>; } export interface PlanWorkflowStepArcRoutingControlConfigRegionAndRoutingControlRoutingControl { /** * ARN of the routing control. */ routingControlArn: pulumi.Input; /** * State of the routing control. Valid values: `On`, `Off`. */ state: pulumi.Input; } export interface PlanWorkflowStepCustomActionLambdaConfig { /** * Lambda function configuration. See Lambda below. */ lambdas?: pulumi.Input[]>; /** * Region where the Lambda function should run. Valid values: `activatingRegion`, `deactivatingRegion`. */ regionToRun: pulumi.Input; /** * Retry interval in minutes. */ retryIntervalMinutes: pulumi.Input; /** * Timeout in minutes. */ timeoutMinutes?: pulumi.Input; /** * Ungraceful behavior configuration. See Ungraceful below. */ ungracefuls?: pulumi.Input[]>; } export interface PlanWorkflowStepCustomActionLambdaConfigLambda { /** * ARN of the Lambda function. */ arn: pulumi.Input; /** * ARN of the cross-account role to assume. */ crossAccountRole?: pulumi.Input; /** * External ID for cross-account role assumption. */ externalId?: pulumi.Input; } export interface PlanWorkflowStepCustomActionLambdaConfigUngraceful { /** * Behavior when ungraceful. Valid values: `skip`. */ behavior: pulumi.Input; } export interface PlanWorkflowStepDocumentDbConfig { behavior: pulumi.Input; crossAccountRole?: pulumi.Input; databaseClusterArns: pulumi.Input[]>; externalId?: pulumi.Input; globalClusterIdentifier: pulumi.Input; timeoutMinutes?: pulumi.Input; ungracefuls?: pulumi.Input[]>; } export interface PlanWorkflowStepDocumentDbConfigUngraceful { ungraceful: pulumi.Input; } export interface PlanWorkflowStepEc2AsgCapacityIncreaseConfig { /** * Auto Scaling group configuration. See ASG below. */ asgs?: pulumi.Input[]>; /** * Capacity monitoring approach. Valid values: `sampledMaxInLast24Hours`, `autoscalingMaxInLast24Hours`. */ capacityMonitoringApproach: pulumi.Input; /** * Target capacity percentage. */ targetPercent?: pulumi.Input; /** * Timeout in minutes. */ timeoutMinutes?: pulumi.Input; /** * Ungraceful behavior configuration. See Ungraceful below. */ ungraceful?: pulumi.Input; } export interface PlanWorkflowStepEc2AsgCapacityIncreaseConfigAsg { /** * ARN of the Auto Scaling group. */ arn: pulumi.Input; /** * ARN of the cross-account role to assume. */ crossAccountRole?: pulumi.Input; /** * External ID for cross-account role assumption. */ externalId?: pulumi.Input; } export interface PlanWorkflowStepEc2AsgCapacityIncreaseConfigUngraceful { /** * Minimum success percentage required. */ minimumSuccessPercentage: pulumi.Input; } export interface PlanWorkflowStepEcsCapacityIncreaseConfig { /** * Capacity monitoring approach. Valid values: `sampledMaxInLast24Hours`, `containerInsightsMaxInLast24Hours`. */ capacityMonitoringApproach: pulumi.Input; /** * ECS service configuration. See ECS Service below. */ services?: pulumi.Input[]>; /** * Target capacity percentage. */ targetPercent?: pulumi.Input; /** * Timeout in minutes. */ timeoutMinutes?: pulumi.Input; /** * Ungraceful behavior configuration. See Ungraceful Capacity below. */ ungraceful?: pulumi.Input; } export interface PlanWorkflowStepEcsCapacityIncreaseConfigService { clusterArn: pulumi.Input; crossAccountRole?: pulumi.Input; externalId?: pulumi.Input; /** * ARN of the ECS service. */ serviceArn: pulumi.Input; } export interface PlanWorkflowStepEcsCapacityIncreaseConfigUngraceful { /** * Minimum success percentage required. */ minimumSuccessPercentage: pulumi.Input; } export interface PlanWorkflowStepEksResourceScalingConfig { /** * Capacity monitoring approach. Valid values: `sampledMaxInLast24Hours`, `autoscalingMaxInLast24Hours`. */ capacityMonitoringApproach: pulumi.Input; /** * List of EKS clusters. See EKS Clusters below. */ eksClusters?: pulumi.Input[]>; /** * Kubernetes resource type. See Kubernetes Resource Type below. */ kubernetesResourceTypes?: pulumi.Input[]>; /** * List of scaling resources. See Scaling Resources below. */ scalingResources?: pulumi.Input[]>; /** * Target capacity percentage. */ targetPercent: pulumi.Input; /** * Timeout in minutes. */ timeoutMinutes?: pulumi.Input; /** * Ungraceful behavior configuration. See Ungraceful Capacity below. */ ungracefuls?: pulumi.Input[]>; } export interface PlanWorkflowStepEksResourceScalingConfigEksCluster { /** * ARN of the EKS cluster. */ clusterArn: pulumi.Input; /** * ARN of the cross-account role to assume. */ crossAccountRole?: pulumi.Input; /** * External ID for cross-account role assumption. */ externalId?: pulumi.Input; } export interface PlanWorkflowStepEksResourceScalingConfigKubernetesResourceType { /** * Kubernetes API version. */ apiVersion: pulumi.Input; /** * Kubernetes resource kind. */ kind: pulumi.Input; } export interface PlanWorkflowStepEksResourceScalingConfigScalingResource { /** * Kubernetes namespace. */ namespace: pulumi.Input; /** * Set of resources to scale. See Resources below. */ resources?: pulumi.Input[]>; } export interface PlanWorkflowStepEksResourceScalingConfigScalingResourceResource { /** * Name of the Horizontal Pod Autoscaler. */ hpaName?: pulumi.Input; /** * Name of the Kubernetes object. */ name: pulumi.Input; /** * Kubernetes namespace. */ namespace: pulumi.Input; /** * Name of the resource. */ resourceName: pulumi.Input; } export interface PlanWorkflowStepEksResourceScalingConfigUngraceful { /** * Minimum success percentage required. */ minimumSuccessPercentage: pulumi.Input; } export interface PlanWorkflowStepExecutionApprovalConfig { /** * ARN of the IAM role for approval. */ approvalRole: pulumi.Input; /** * Timeout in minutes for the approval. */ timeoutMinutes?: pulumi.Input; } export interface PlanWorkflowStepGlobalAuroraConfig { /** * Behavior for Aurora operations. Valid values: `switchoverOnly`, `failover`. */ behavior: pulumi.Input; /** * ARN of the cross-account role to assume. */ crossAccountRole?: pulumi.Input; /** * List of database cluster ARNs. */ databaseClusterArns: pulumi.Input[]>; /** * External ID for cross-account role assumption. */ externalId?: pulumi.Input; /** * Global cluster identifier. */ globalClusterIdentifier: pulumi.Input; /** * Timeout in minutes. */ timeoutMinutes?: pulumi.Input; /** * Ungraceful behavior configuration. See Ungraceful Aurora below. */ ungracefuls?: pulumi.Input[]>; } export interface PlanWorkflowStepGlobalAuroraConfigUngraceful { ungraceful: pulumi.Input; } export interface PlanWorkflowStepParallelConfig { /** * List of steps to execute in parallel. Uses the same schema as Step but without `parallelConfig` to prevent infinite nesting. */ steps?: pulumi.Input[]>; } export interface PlanWorkflowStepParallelConfigStep { /** * Configuration for ARC routing control. See ARC Routing Control Config below. */ arcRoutingControlConfigs?: pulumi.Input[]>; /** * Configuration for Lambda function execution. See Custom Action Lambda Config below. */ customActionLambdaConfigs?: pulumi.Input[]>; /** * Description of the step. */ description?: pulumi.Input; /** * Configuration for DocumentDB global cluster operations. See DocumentDB Config below. */ documentDbConfigs?: pulumi.Input[]>; /** * Configuration for EC2 Auto Scaling group capacity increase. See EC2 ASG Capacity Increase Config below. */ ec2AsgCapacityIncreaseConfigs?: pulumi.Input[]>; /** * Configuration for ECS service capacity increase. See ECS Capacity Increase Config below. */ ecsCapacityIncreaseConfigs?: pulumi.Input[]>; /** * Configuration for EKS resource scaling. See EKS Resource Scaling Config below. */ eksResourceScalingConfigs?: pulumi.Input[]>; /** * Configuration for manual approval steps. See Execution Approval Config below. */ executionApprovalConfigs?: pulumi.Input[]>; /** * Type of execution block. Valid values: `ARCRegionSwitchPlan`, `ARCRoutingControl`, `AuroraGlobalDatabase`, `CustomActionLambda`, `DocumentDb`, `EC2AutoScaling`, `ECSServiceScaling`, `EKSResourceScaling`, `ManualApproval`, `Parallel`, `Route53HealthCheck`. */ executionBlockType: pulumi.Input; /** * Configuration for Aurora Global Database operations. See Global Aurora Config below. */ globalAuroraConfigs?: pulumi.Input[]>; /** * Name of the step. */ name: pulumi.Input; regionSwitchPlanConfigs?: pulumi.Input[]>; /** * Configuration for Route53 health check operations. See Route53 Health Check Config below. */ route53HealthCheckConfigs?: pulumi.Input[]>; } export interface PlanWorkflowStepParallelConfigStepArcRoutingControlConfig { /** * ARN of the cross-account role to assume. */ crossAccountRole?: pulumi.Input; /** * External ID for cross-account role assumption. */ externalId?: pulumi.Input; /** * List of regions and their routing controls. See Region and Routing Controls below. */ regionAndRoutingControls?: pulumi.Input[]>; /** * Timeout in minutes. */ timeoutMinutes?: pulumi.Input; } export interface PlanWorkflowStepParallelConfigStepArcRoutingControlConfigRegionAndRoutingControl { /** * AWS region. */ region: pulumi.Input; /** * List of routing controls. See Routing Control below. */ routingControls?: pulumi.Input[]>; } export interface PlanWorkflowStepParallelConfigStepArcRoutingControlConfigRegionAndRoutingControlRoutingControl { /** * ARN of the routing control. */ routingControlArn: pulumi.Input; /** * State of the routing control. Valid values: `On`, `Off`. */ state: pulumi.Input; } export interface PlanWorkflowStepParallelConfigStepCustomActionLambdaConfig { /** * Lambda function configuration. See Lambda below. */ lambdas?: pulumi.Input[]>; /** * Region where the Lambda function should run. Valid values: `activatingRegion`, `deactivatingRegion`. */ regionToRun: pulumi.Input; /** * Retry interval in minutes. */ retryIntervalMinutes: pulumi.Input; /** * Timeout in minutes. */ timeoutMinutes?: pulumi.Input; /** * Ungraceful behavior configuration. See Ungraceful below. */ ungracefuls?: pulumi.Input[]>; } export interface PlanWorkflowStepParallelConfigStepCustomActionLambdaConfigLambda { /** * ARN of the Lambda function. */ arn: pulumi.Input; /** * ARN of the cross-account role to assume. */ crossAccountRole?: pulumi.Input; /** * External ID for cross-account role assumption. */ externalId?: pulumi.Input; } export interface PlanWorkflowStepParallelConfigStepCustomActionLambdaConfigUngraceful { /** * Behavior when ungraceful. Valid values: `skip`. */ behavior: pulumi.Input; } export interface PlanWorkflowStepParallelConfigStepDocumentDbConfig { behavior: pulumi.Input; crossAccountRole?: pulumi.Input; databaseClusterArns: pulumi.Input[]>; externalId?: pulumi.Input; globalClusterIdentifier: pulumi.Input; timeoutMinutes?: pulumi.Input; ungracefuls?: pulumi.Input[]>; } export interface PlanWorkflowStepParallelConfigStepDocumentDbConfigUngraceful { ungraceful: pulumi.Input; } export interface PlanWorkflowStepParallelConfigStepEc2AsgCapacityIncreaseConfig { /** * Auto Scaling group configuration. See ASG below. */ asgs?: pulumi.Input[]>; /** * Capacity monitoring approach. Valid values: `sampledMaxInLast24Hours`, `autoscalingMaxInLast24Hours`. */ capacityMonitoringApproach: pulumi.Input; /** * Target capacity percentage. */ targetPercent?: pulumi.Input; /** * Timeout in minutes. */ timeoutMinutes?: pulumi.Input; /** * Ungraceful behavior configuration. See Ungraceful below. */ ungraceful?: pulumi.Input; } export interface PlanWorkflowStepParallelConfigStepEc2AsgCapacityIncreaseConfigAsg { /** * ARN of the Auto Scaling group. */ arn: pulumi.Input; /** * ARN of the cross-account role to assume. */ crossAccountRole?: pulumi.Input; /** * External ID for cross-account role assumption. */ externalId?: pulumi.Input; } export interface PlanWorkflowStepParallelConfigStepEc2AsgCapacityIncreaseConfigUngraceful { /** * Minimum success percentage required. */ minimumSuccessPercentage: pulumi.Input; } export interface PlanWorkflowStepParallelConfigStepEcsCapacityIncreaseConfig { /** * Capacity monitoring approach. Valid values: `sampledMaxInLast24Hours`, `containerInsightsMaxInLast24Hours`. */ capacityMonitoringApproach: pulumi.Input; /** * ECS service configuration. See ECS Service below. */ services?: pulumi.Input[]>; /** * Target capacity percentage. */ targetPercent?: pulumi.Input; /** * Timeout in minutes. */ timeoutMinutes?: pulumi.Input; /** * Ungraceful behavior configuration. See Ungraceful Capacity below. */ ungraceful?: pulumi.Input; } export interface PlanWorkflowStepParallelConfigStepEcsCapacityIncreaseConfigService { clusterArn: pulumi.Input; crossAccountRole?: pulumi.Input; externalId?: pulumi.Input; /** * ARN of the ECS service. */ serviceArn: pulumi.Input; } export interface PlanWorkflowStepParallelConfigStepEcsCapacityIncreaseConfigUngraceful { /** * Minimum success percentage required. */ minimumSuccessPercentage: pulumi.Input; } export interface PlanWorkflowStepParallelConfigStepEksResourceScalingConfig { /** * Capacity monitoring approach. Valid values: `sampledMaxInLast24Hours`, `autoscalingMaxInLast24Hours`. */ capacityMonitoringApproach: pulumi.Input; /** * List of EKS clusters. See EKS Clusters below. */ eksClusters?: pulumi.Input[]>; /** * Kubernetes resource type. See Kubernetes Resource Type below. */ kubernetesResourceTypes?: pulumi.Input[]>; /** * List of scaling resources. See Scaling Resources below. */ scalingResources?: pulumi.Input[]>; /** * Target capacity percentage. */ targetPercent: pulumi.Input; /** * Timeout in minutes. */ timeoutMinutes?: pulumi.Input; /** * Ungraceful behavior configuration. See Ungraceful Capacity below. */ ungracefuls?: pulumi.Input[]>; } export interface PlanWorkflowStepParallelConfigStepEksResourceScalingConfigEksCluster { /** * ARN of the EKS cluster. */ clusterArn: pulumi.Input; /** * ARN of the cross-account role to assume. */ crossAccountRole?: pulumi.Input; /** * External ID for cross-account role assumption. */ externalId?: pulumi.Input; } export interface PlanWorkflowStepParallelConfigStepEksResourceScalingConfigKubernetesResourceType { /** * Kubernetes API version. */ apiVersion: pulumi.Input; /** * Kubernetes resource kind. */ kind: pulumi.Input; } export interface PlanWorkflowStepParallelConfigStepEksResourceScalingConfigScalingResource { /** * Kubernetes namespace. */ namespace: pulumi.Input; /** * Set of resources to scale. See Resources below. */ resources?: pulumi.Input[]>; } export interface PlanWorkflowStepParallelConfigStepEksResourceScalingConfigScalingResourceResource { /** * Name of the Horizontal Pod Autoscaler. */ hpaName?: pulumi.Input; /** * Name of the Kubernetes object. */ name: pulumi.Input; /** * Kubernetes namespace. */ namespace: pulumi.Input; /** * Name of the resource. */ resourceName: pulumi.Input; } export interface PlanWorkflowStepParallelConfigStepEksResourceScalingConfigUngraceful { /** * Minimum success percentage required. */ minimumSuccessPercentage: pulumi.Input; } export interface PlanWorkflowStepParallelConfigStepExecutionApprovalConfig { /** * ARN of the IAM role for approval. */ approvalRole: pulumi.Input; /** * Timeout in minutes for the approval. */ timeoutMinutes?: pulumi.Input; } export interface PlanWorkflowStepParallelConfigStepGlobalAuroraConfig { /** * Behavior for Aurora operations. Valid values: `switchoverOnly`, `failover`. */ behavior: pulumi.Input; /** * ARN of the cross-account role to assume. */ crossAccountRole?: pulumi.Input; /** * List of database cluster ARNs. */ databaseClusterArns: pulumi.Input[]>; /** * External ID for cross-account role assumption. */ externalId?: pulumi.Input; /** * Global cluster identifier. */ globalClusterIdentifier: pulumi.Input; /** * Timeout in minutes. */ timeoutMinutes?: pulumi.Input; /** * Ungraceful behavior configuration. See Ungraceful Aurora below. */ ungracefuls?: pulumi.Input[]>; } export interface PlanWorkflowStepParallelConfigStepGlobalAuroraConfigUngraceful { ungraceful: pulumi.Input; } export interface PlanWorkflowStepParallelConfigStepRegionSwitchPlanConfig { /** * ARN of the nested region switch plan. */ arn: pulumi.Input; /** * ARN of the cross-account role to assume. */ crossAccountRole?: pulumi.Input; /** * External ID for cross-account role assumption. */ externalId?: pulumi.Input; } export interface PlanWorkflowStepParallelConfigStepRoute53HealthCheckConfig { /** * ARN of the cross-account role to assume. */ crossAccountRole?: pulumi.Input; /** * External ID for cross-account role assumption. */ externalId?: pulumi.Input; /** * Route53 hosted zone ID. */ hostedZoneId: pulumi.Input; /** * DNS record name. */ recordName: pulumi.Input; /** * Configuration block for record sets. See Record Set below. */ recordSets?: pulumi.Input[]>; /** * Timeout in minutes. */ timeoutMinutes?: pulumi.Input; } export interface PlanWorkflowStepParallelConfigStepRoute53HealthCheckConfigRecordSet { /** * Record set identifier. */ recordSetIdentifier: pulumi.Input; /** * AWS region. */ region: pulumi.Input; } export interface PlanWorkflowStepRegionSwitchPlanConfig { /** * ARN of the nested region switch plan. */ arn: pulumi.Input; /** * ARN of the cross-account role to assume. */ crossAccountRole?: pulumi.Input; /** * External ID for cross-account role assumption. */ externalId?: pulumi.Input; } export interface PlanWorkflowStepRoute53HealthCheckConfig { /** * ARN of the cross-account role to assume. */ crossAccountRole?: pulumi.Input; /** * External ID for cross-account role assumption. */ externalId?: pulumi.Input; /** * Route53 hosted zone ID. */ hostedZoneId: pulumi.Input; /** * DNS record name. */ recordName: pulumi.Input; /** * Configuration block for record sets. See Record Set below. */ recordSets?: pulumi.Input[]>; /** * Timeout in minutes. */ timeoutMinutes?: pulumi.Input; } export interface PlanWorkflowStepRoute53HealthCheckConfigRecordSet { /** * Record set identifier. */ recordSetIdentifier: pulumi.Input; /** * AWS region. */ region: pulumi.Input; } } export namespace athena { export interface CapacityReservationTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface DatabaseAclConfiguration { /** * Amazon S3 canned ACL that Athena should specify when storing query results. Valid value is `BUCKET_OWNER_FULL_CONTROL`. * * > **NOTE:** When Athena queries are executed, result files may be created in the specified bucket. Consider using `forceDestroy` on the bucket too in order to avoid any problems when destroying the bucket. */ s3AclOption: pulumi.Input; } export interface DatabaseEncryptionConfiguration { /** * Type of key; one of `SSE_S3`, `SSE_KMS`, `CSE_KMS` */ encryptionOption: pulumi.Input; /** * KMS key ARN or ID; required for key types `SSE_KMS` and `CSE_KMS`. */ kmsKey?: pulumi.Input; } export interface WorkgroupConfiguration { /** * Integer for the upper data usage limit (cutoff) for the amount of bytes a single query in a workgroup is allowed to scan. Must be at least `10485760`. */ bytesScannedCutoffPerQuery?: pulumi.Input; /** * Configuration block to specify the KMS key that is used to encrypt the user's data stores in Athena. This setting applies to the PySpark engine for Athena notebooks. See Customer Content Encryption Configuration below. */ customerContentEncryptionConfiguration?: pulumi.Input; /** * Boolean indicating whether a minimum level of encryption is enforced for the workgroup for query and calculation results written to Amazon S3. */ enableMinimumEncryptionConfiguration?: pulumi.Input; /** * Boolean whether the settings for the workgroup override client-side settings. For more information, see [Workgroup Settings Override Client-Side Settings](https://docs.aws.amazon.com/athena/latest/ug/workgroups-settings-override.html). Defaults to `true`. */ enforceWorkgroupConfiguration?: pulumi.Input; /** * Configuration block for the Athena Engine Versioning. For more information, see [Athena Engine Versioning](https://docs.aws.amazon.com/athena/latest/ug/engine-versions.html). See Engine Version below. */ engineVersion?: pulumi.Input; /** * Role used to access user resources in notebook sessions and IAM Identity Center enabled workgroups. The property is required for IAM Identity Center enabled workgroups. */ executionRole?: pulumi.Input; /** * Configuration block to set up an IAM Identity Center enabled workgroup. See Identity Center Configuration below. */ identityCenterConfiguration?: pulumi.Input; /** * Configuration block for storing results in Athena owned storage. See Managed Query Results Configuration below. */ managedQueryResultsConfiguration?: pulumi.Input; /** * Configuration block for managed log persistence, delivering logs to Amazon S3 buckets, Amazon CloudWatch log groups etc. Only applicable to Apache Spark engine. See Monitoring Configuration below. */ monitoringConfiguration?: pulumi.Input; /** * Boolean whether Amazon CloudWatch metrics are enabled for the workgroup. Defaults to `true`. */ publishCloudwatchMetricsEnabled?: pulumi.Input; /** * If set to true , allows members assigned to a workgroup to reference Amazon S3 Requester Pays buckets in queries. If set to false , workgroup members cannot query data from Requester Pays buckets, and queries that retrieve data from Requester Pays buckets cause an error. The default is false . For more information about Requester Pays buckets, see [Requester Pays Buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/RequesterPaysBuckets.html) in the Amazon Simple Storage Service Developer Guide. */ requesterPaysEnabled?: pulumi.Input; /** * Configuration block with result settings. See Result Configuration below. */ resultConfiguration?: pulumi.Input; } export interface WorkgroupConfigurationCustomerContentEncryptionConfiguration { kmsKey?: pulumi.Input; } export interface WorkgroupConfigurationEngineVersion { /** * The engine version on which the query runs. If `selectedEngineVersion` is set to `AUTO`, the effective engine version is chosen by Athena. */ effectiveEngineVersion?: pulumi.Input; /** * Requested engine version. Defaults to `AUTO`. */ selectedEngineVersion?: pulumi.Input; } export interface WorkgroupConfigurationIdentityCenterConfiguration { /** * Specifies whether the workgroup is IAM Identity Center supported. */ enableIdentityCenter?: pulumi.Input; /** * The IAM Identity Center instance ARN that the workgroup associates to. */ identityCenterInstanceArn?: pulumi.Input; } export interface WorkgroupConfigurationManagedQueryResultsConfiguration { /** * If set to `true`, allows you to store query results in Athena owned storage. If set to `false`, workgroup member stores query results in the location specified under `result_configuration.output_location`. The default is `false`. A workgroup cannot have the `result_configuration.output_location` set when this is `true`. */ enabled?: pulumi.Input; /** * Configuration block for the encryption configuration. See Managed Query Results Encryption Configuration below. */ encryptionConfiguration?: pulumi.Input; } export interface WorkgroupConfigurationManagedQueryResultsConfigurationEncryptionConfiguration { kmsKey?: pulumi.Input; } export interface WorkgroupConfigurationMonitoringConfiguration { /** * Configuration block for delivering logs to Amazon CloudWatch log groups. See CloudWatch Logging Configuration below. */ cloudWatchLoggingConfiguration?: pulumi.Input; /** * Configuration block for managed log persistence. See Managed Logging Configuration below. */ managedLoggingConfiguration?: pulumi.Input; /** * Configuration block for delivering logs to Amazon S3 buckets. See S3 Logging Configuration below. */ s3LoggingConfiguration?: pulumi.Input; } export interface WorkgroupConfigurationMonitoringConfigurationCloudWatchLoggingConfiguration { enabled: pulumi.Input; /** * Name of the log group in Amazon CloudWatch Logs where you want to publish your logs. */ logGroup?: pulumi.Input; /** * Prefix for the CloudWatch log stream name. */ logStreamNamePrefix?: pulumi.Input; /** * Repeatable block defining log types to be delivered to CloudWatch. */ logTypes?: pulumi.Input[]>; } export interface WorkgroupConfigurationMonitoringConfigurationCloudWatchLoggingConfigurationLogType { /** * Type of worker to deliver logs to CloudWatch (for example, `SPARK_DRIVER` and `SPARK_EXECUTOR`). */ key: pulumi.Input; /** * List of log types to be delivered to CloudWatch (for example, `STDOUT` and `STDERR`). */ values: pulumi.Input[]>; } export interface WorkgroupConfigurationMonitoringConfigurationManagedLoggingConfiguration { /** * Boolean whether managed log persistence is enabled for the workgroup. */ enabled: pulumi.Input; kmsKey?: pulumi.Input; } export interface WorkgroupConfigurationMonitoringConfigurationS3LoggingConfiguration { /** * Boolean whether Amazon S3 logging is enabled for the workgroup. */ enabled: pulumi.Input; /** * KMS key ARN to encrypt the logs published to the given Amazon S3 destination. */ kmsKey?: pulumi.Input; /** * Amazon S3 destination URI (`s3://bucket/prefix`) for log publishing. */ logLocation?: pulumi.Input; } export interface WorkgroupConfigurationResultConfiguration { /** * That an Amazon S3 canned ACL should be set to control ownership of stored query results. See ACL Configuration below. */ aclConfiguration?: pulumi.Input; /** * Configuration block with encryption settings. See Encryption Configuration below. */ encryptionConfiguration?: pulumi.Input; /** * AWS account ID that you expect to be the owner of the Amazon S3 bucket. */ expectedBucketOwner?: pulumi.Input; /** * Location in Amazon S3 where your query results are stored, such as `s3://path/to/query/bucket/`. For more information, see [Queries and Query Result Files](https://docs.aws.amazon.com/athena/latest/ug/querying.html). */ outputLocation?: pulumi.Input; } export interface WorkgroupConfigurationResultConfigurationAclConfiguration { /** * Amazon S3 canned ACL that Athena should specify when storing query results. Valid value is `BUCKET_OWNER_FULL_CONTROL`. */ s3AclOption: pulumi.Input; } export interface WorkgroupConfigurationResultConfigurationEncryptionConfiguration { /** * Whether Amazon S3 server-side encryption with Amazon S3-managed keys (`SSE_S3`), server-side encryption with KMS-managed keys (`SSE_KMS`), or client-side encryption with KMS-managed keys (`CSE_KMS`) is used. If a query runs in a workgroup and the workgroup overrides client-side settings, then the workgroup's setting for encryption is used. It specifies whether query results must be encrypted, for all queries that run in this workgroup. */ encryptionOption?: pulumi.Input; /** * For `SSE_KMS` and `CSE_KMS`, this is the KMS key ARN. */ kmsKeyArn?: pulumi.Input; } } export namespace auditmanager { export interface AssessmentAssessmentReportsDestination { /** * Destination of the assessment report. This value be in the form `s3://{bucket_name}`. */ destination: pulumi.Input; /** * Destination type. Currently, `S3` is the only valid value. */ destinationType: pulumi.Input; } export interface AssessmentRole { /** * Amazon Resource Name (ARN) of the IAM role. */ roleArn: pulumi.Input; /** * Type of customer persona. For assessment creation, type must always be `PROCESS_OWNER`. */ roleType: pulumi.Input; } export interface AssessmentRolesAll { /** * Amazon Resource Name (ARN) of the IAM role. */ roleArn: pulumi.Input; /** * Type of customer persona. For assessment creation, type must always be `PROCESS_OWNER`. */ roleType: pulumi.Input; } export interface AssessmentScope { /** * Amazon Web Services accounts that are in scope for the assessment. See `awsAccounts` below. */ awsAccounts?: pulumi.Input[]>; /** * Amazon Web Services services that are included in the scope of the assessment. See `awsServices` below. */ awsServices?: pulumi.Input[]>; } export interface AssessmentScopeAwsAccount { /** * Identifier for the Amazon Web Services account. */ id: pulumi.Input; } export interface AssessmentScopeAwsService { /** * Name of the Amazon Web Service. */ serviceName: pulumi.Input; } export interface ControlControlMappingSource { /** * Description of the source. */ sourceDescription?: pulumi.Input; /** * Frequency of evidence collection. Valid values are `DAILY`, `WEEKLY`, or `MONTHLY`. */ sourceFrequency?: pulumi.Input; sourceId?: pulumi.Input; /** * The keyword to search for in CloudTrail logs, Config rules, Security Hub checks, and Amazon Web Services API names. See `sourceKeyword` below. */ sourceKeyword?: pulumi.Input; /** * Name of the source. */ sourceName: pulumi.Input; /** * The setup option for the data source. This option reflects if the evidence collection is automated or manual. Valid values are `System_Controls_Mapping` (automated) and `Procedural_Controls_Mapping` (manual). */ sourceSetUpOption: pulumi.Input; /** * Type of data source for evidence collection. If `sourceSetUpOption` is manual, the only valid value is `MANUAL`. If `sourceSetUpOption` is automated, valid values are `AWS_Cloudtrail`, `AWS_Config`, `AWS_Security_Hub`, or `AWS_API_Call`. * * The following arguments are optional: */ sourceType: pulumi.Input; /** * Instructions for troubleshooting the control. */ troubleshootingText?: pulumi.Input; } export interface ControlControlMappingSourceSourceKeyword { /** * Input method for the keyword. Valid values are `INPUT_TEXT`, `SELECT_FROM_LIST`, or `UPLOAD_FILE`. */ keywordInputType: pulumi.Input; /** * The value of the keyword that's used when mapping a control data source. For example, this can be a CloudTrail event name, a rule name for Config, a Security Hub control, or the name of an Amazon Web Services API call. See the [Audit Manager supported control data sources documentation](https://docs.aws.amazon.com/audit-manager/latest/userguide/control-data-sources.html) for more information. */ keywordValue: pulumi.Input; } export interface FrameworkControlSet { /** * Configuration block(s) for the controls within the control set. See `controls` Block below for details. */ controls?: pulumi.Input[]>; /** * Unique identifier for the framework. */ id?: pulumi.Input; /** * Name of the control set. */ name: pulumi.Input; } export interface FrameworkControlSetControl { /** * Unique identifier of the control. */ id: pulumi.Input; } } export namespace autoscaling { export interface GetAmiIdsFilter { /** * Name of the DescribeAutoScalingGroup filter. The recommended values are: `tag-key`, `tag-value`, and `tag:` */ name: string; /** * Value of the filter. */ values: string[]; } export interface GetAmiIdsFilterArgs { /** * Name of the DescribeAutoScalingGroup filter. The recommended values are: `tag-key`, `tag-value`, and `tag:` */ name: pulumi.Input; /** * Value of the filter. */ values: pulumi.Input[]>; } export interface GroupAvailabilityZoneDistribution { /** * The strategy to use for distributing capacity across the Availability Zones. Valid values are `balanced-only` and `balanced-best-effort`. Default is `balanced-best-effort`. */ capacityDistributionStrategy?: pulumi.Input; } export interface GroupCapacityReservationSpecification { /** * Capacity Reservation preference helps you use Capacity Reservations efficiently by prioritizing reserved capacity in a Capacity Reservation before using On-Demand capacity. Valid values are `default`, `capacity-reservations-only`, `capacity-reservations-first` and `none`. Default is `default`. */ capacityReservationPreference?: pulumi.Input; /** * Describes a target Capacity Reservation or Capacity Reservation resource group. */ capacityReservationTarget?: pulumi.Input; } export interface GroupCapacityReservationSpecificationCapacityReservationTarget { /** * List of On-Demand Capacity Reservation Ids. Conflicts with `capacityReservationResourceGroupArns`. */ capacityReservationIds?: pulumi.Input[]>; /** * List of On-Demand Capacity Reservation Resource Group Arns. Conflicts with `capacityReservationIds`. */ capacityReservationResourceGroupArns?: pulumi.Input[]>; } export interface GroupInitialLifecycleHook { defaultResult?: pulumi.Input; heartbeatTimeout?: pulumi.Input; lifecycleTransition: pulumi.Input; /** * Name of the Auto Scaling Group. By default generated by Pulumi. Conflicts with `namePrefix`. */ name: pulumi.Input; notificationMetadata?: pulumi.Input; notificationTargetArn?: pulumi.Input; roleArn?: pulumi.Input; } export interface GroupInstanceMaintenancePolicy { /** * Specifies the upper limit on the number of instances that are in the InService or Pending state with a healthy status during an instance replacement activity. */ maxHealthyPercentage: pulumi.Input; /** * Specifies the lower limit on the number of instances that must be in the InService state with a healthy status during an instance replacement activity. */ minHealthyPercentage: pulumi.Input; } export interface GroupInstanceRefresh { /** * Override default parameters for Instance Refresh. */ preferences?: pulumi.Input; /** * Strategy to use for instance refresh. The only allowed value is `Rolling`. See [StartInstanceRefresh Action](https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_StartInstanceRefresh.html#API_StartInstanceRefresh_RequestParameters) for more information. */ strategy: pulumi.Input; /** * Set of additional property names that will trigger an Instance Refresh. A refresh will always be triggered by a change in any of `launchConfiguration`, `launchTemplate`, or `mixedInstancesPolicy`. * * > **NOTE:** A refresh is started when any of the following Auto Scaling Group properties change: `launchConfiguration`, `launchTemplate`, `mixedInstancesPolicy`. Additional properties can be specified in the `triggers` property of `instanceRefresh`. * * > **NOTE:** A refresh will not start when `version = "$Latest"` is configured in the `launchTemplate` block. To trigger the instance refresh when a launch template is changed, configure `version` to use the `latestVersion` attribute of the `aws.ec2.LaunchTemplate` resource. * * > **NOTE:** Auto Scaling Groups support up to one active instance refresh at a time. When this resource is updated, any existing refresh is cancelled. * * > **NOTE:** Depending on health check settings and group size, an instance refresh may take a long time or fail. This resource does not wait for the instance refresh to complete. */ triggers?: pulumi.Input[]>; } export interface GroupInstanceRefreshPreferences { /** * Alarm Specification for Instance Refresh. */ alarmSpecification?: pulumi.Input; /** * Automatically rollback if instance refresh fails. Defaults to `false`. This option may only be set to `true` when specifying a `launchTemplate` or `mixedInstancesPolicy`. */ autoRollback?: pulumi.Input; /** * Number of seconds to wait after a checkpoint. Defaults to `3600`. */ checkpointDelay?: pulumi.Input; /** * List of percentages for each checkpoint. Values must be unique and in ascending order. To replace all instances, the final number must be `100`. */ checkpointPercentages?: pulumi.Input[]>; /** * Number of seconds until a newly launched instance is configured and ready to use. Default behavior is to use the Auto Scaling Group's health check grace period. */ instanceWarmup?: pulumi.Input; /** * Amount of capacity in the Auto Scaling group that can be in service and healthy, or pending, to support your workload when an instance refresh is in place, as a percentage of the desired capacity of the Auto Scaling group. Values must be between `100` and `200`, defaults to `100`. */ maxHealthyPercentage?: pulumi.Input; /** * Amount of capacity in the Auto Scaling group that must remain healthy during an instance refresh to allow the operation to continue, as a percentage of the desired capacity of the Auto Scaling group. Defaults to `90`. */ minHealthyPercentage?: pulumi.Input; /** * Behavior when encountering instances protected from scale in are found. Available behaviors are `Refresh`, `Ignore`, and `Wait`. Default is `Ignore`. */ scaleInProtectedInstances?: pulumi.Input; /** * Skip replacing instances that already have your desired configuration. Defaults to `false`. */ skipMatching?: pulumi.Input; /** * Behavior when encountering instances in the `Standby` state in are found. Available behaviors are `Terminate`, `Ignore`, and `Wait`. Default is `Ignore`. */ standbyInstances?: pulumi.Input; } export interface GroupInstanceRefreshPreferencesAlarmSpecification { /** * List of Cloudwatch alarms. If any of these alarms goes into ALARM state, Instance Refresh is failed. */ alarms?: pulumi.Input[]>; } export interface GroupLaunchTemplate { /** * ID of the launch template. Conflicts with `name`. */ id?: pulumi.Input; /** * Name of the launch template. Conflicts with `id`. */ name?: pulumi.Input; /** * Template version. Can be version number, `$Latest`, or `$Default`. (Default: `$Default`). */ version?: pulumi.Input; } export interface GroupMixedInstancesPolicy { /** * Nested argument containing settings on how to mix on-demand and Spot instances in the Auto Scaling group. Defined below. */ instancesDistribution?: pulumi.Input; /** * Nested argument containing launch template settings along with the overrides to specify multiple instance types and weights. Defined below. */ launchTemplate: pulumi.Input; } export interface GroupMixedInstancesPolicyInstancesDistribution { /** * Strategy to use when launching on-demand instances. Valid values: `prioritized`, `lowest-price`. Default: `prioritized`. */ onDemandAllocationStrategy?: pulumi.Input; /** * Absolute minimum amount of desired capacity that must be fulfilled by on-demand instances. Default: `0`. */ onDemandBaseCapacity?: pulumi.Input; /** * Percentage split between on-demand and Spot instances above the base on-demand capacity. Default: `100`. */ onDemandPercentageAboveBaseCapacity?: pulumi.Input; /** * How to allocate capacity across the Spot pools. Valid values: `lowest-price`, `capacity-optimized`, `capacity-optimized-prioritized`, and `price-capacity-optimized`. Default: `lowest-price`. */ spotAllocationStrategy?: pulumi.Input; /** * Number of Spot pools per availability zone to allocate capacity. EC2 Auto Scaling selects the cheapest Spot pools and evenly allocates Spot capacity across the number of Spot pools that you specify. Only available with `spotAllocationStrategy` set to `lowest-price`. Otherwise it must be set to `0`, if it has been defined before. Default: `2`. */ spotInstancePools?: pulumi.Input; /** * Maximum price per unit hour that the user is willing to pay for the Spot instances. Default: an empty string which means the on-demand price. */ spotMaxPrice?: pulumi.Input; } export interface GroupMixedInstancesPolicyLaunchTemplate { /** * Override the instance launch template specification in the Launch Template. */ launchTemplateSpecification: pulumi.Input; /** * List of nested arguments provides the ability to specify multiple instance types. This will override the same parameter in the launch template. For on-demand instances, Auto Scaling considers the order of preference of instance types to launch based on the order specified in the overrides list. Defined below. */ overrides?: pulumi.Input[]>; } export interface GroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification { /** * ID of the launch template. Conflicts with `launchTemplateName`. */ launchTemplateId?: pulumi.Input; /** * Name of the launch template. Conflicts with `launchTemplateId`. */ launchTemplateName?: pulumi.Input; version?: pulumi.Input; } export interface GroupMixedInstancesPolicyLaunchTemplateOverride { /** * Override the instance type in the Launch Template with instance types that satisfy the requirements. */ instanceRequirements?: pulumi.Input; /** * Override the instance type in the Launch Template. */ instanceType?: pulumi.Input; /** * Override the instance launch template specification in the Launch Template. */ launchTemplateSpecification?: pulumi.Input; /** * Number of capacity units, which gives the instance type a proportional weight to other instance types. */ weightedCapacity?: pulumi.Input; } export interface GroupMixedInstancesPolicyLaunchTemplateOverrideInstanceRequirements { /** * Block describing the minimum and maximum number of accelerators (GPUs, FPGAs, or AWS Inferentia chips). Default is no minimum or maximum. */ acceleratorCount?: pulumi.Input; /** * List of accelerator manufacturer names. Default is any manufacturer. * * ``` * Valid names: * * amazon-web-services * * amd * * nvidia * * xilinx * ``` */ acceleratorManufacturers?: pulumi.Input[]>; /** * List of accelerator names. Default is any acclerator. * * ``` * Valid names: * * a100 - NVIDIA A100 GPUs * * v100 - NVIDIA V100 GPUs * * k80 - NVIDIA K80 GPUs * * t4 - NVIDIA T4 GPUs * * m60 - NVIDIA M60 GPUs * * radeon-pro-v520 - AMD Radeon Pro V520 GPUs * * vu9p - Xilinx VU9P FPGAs * ``` */ acceleratorNames?: pulumi.Input[]>; /** * Block describing the minimum and maximum total memory of the accelerators. Default is no minimum or maximum. */ acceleratorTotalMemoryMib?: pulumi.Input; /** * List of accelerator types. Default is any accelerator type. * * ``` * Valid types: * * fpga * * gpu * * inference * ``` */ acceleratorTypes?: pulumi.Input[]>; /** * List of instance types to apply your specified attributes against. All other instance types are ignored, even if they match your specified attributes. You can use strings with one or more wild cards, represented by an asterisk (\*), to allow an instance type, size, or generation. The following are examples: `m5.8xlarge`, `c5*.*`, `m5a.*`, `r*`, `*3*`. For example, if you specify `c5*`, you are allowing the entire C5 instance family, which includes all C5a and C5n instance types. If you specify `m5a.*`, you are allowing all the M5a instance types, but not the M5n instance types. Maximum of 400 entries in the list; each entry is limited to 30 characters. Default is all instance types. * * > **NOTE:** If you specify `allowedInstanceTypes`, you can't specify `excludedInstanceTypes`. */ allowedInstanceTypes?: pulumi.Input[]>; /** * Indicate whether bare metal instace types should be `included`, `excluded`, or `required`. Default is `excluded`. */ bareMetal?: pulumi.Input; /** * Block describing the minimum and maximum baseline EBS bandwidth, in Mbps. Default is no minimum or maximum. */ baselineEbsBandwidthMbps?: pulumi.Input; /** * Indicate whether burstable performance instance types should be `included`, `excluded`, or `required`. Default is `excluded`. */ burstablePerformance?: pulumi.Input; /** * List of CPU manufacturer names. Default is any manufacturer. * * > **NOTE:** Don't confuse the CPU hardware manufacturer with the CPU hardware architecture. Instances will be launched with a compatible CPU architecture based on the Amazon Machine Image (AMI) that you specify in your launch template. * * ``` * Valid names: * * amazon-web-services * * amd * * intel * ``` */ cpuManufacturers?: pulumi.Input[]>; /** * List of instance types to exclude. You can use strings with one or more wild cards, represented by an asterisk (\*), to exclude an instance type, size, or generation. The following are examples: `m5.8xlarge`, `c5*.*`, `m5a.*`, `r*`, `*3*`. For example, if you specify `c5*`, you are excluding the entire C5 instance family, which includes all C5a and C5n instance types. If you specify `m5a.*`, you are excluding all the M5a instance types, but not the M5n instance types. Maximum of 400 entries in the list; each entry is limited to 30 characters. Default is no excluded instance types. * * > **NOTE:** If you specify `excludedInstanceTypes`, you can't specify `allowedInstanceTypes`. */ excludedInstanceTypes?: pulumi.Input[]>; /** * List of instance generation names. Default is any generation. * * ``` * Valid names: * * current - Recommended for best performance. * * previous - For existing applications optimized for older instance types. * ``` */ instanceGenerations?: pulumi.Input[]>; /** * Indicate whether instance types with local storage volumes are `included`, `excluded`, or `required`. Default is `included`. */ localStorage?: pulumi.Input; /** * List of local storage type names. Default any storage type. * * ``` * Value names: * * hdd - hard disk drive * * ssd - solid state drive * ``` */ localStorageTypes?: pulumi.Input[]>; /** * The price protection threshold for Spot Instances. This is the maximum you’ll pay for a Spot Instance, expressed as a percentage higher than the cheapest M, C, or R instance type with your specified attributes. When Amazon EC2 Auto Scaling selects instance types with your attributes, we will exclude instance types whose price is higher than your threshold. The parameter accepts an integer, which Amazon EC2 Auto Scaling interprets as a percentage. To turn off price protection, specify a high value, such as 999999. Conflicts with `spotMaxPricePercentageOverLowestPrice` */ maxSpotPriceAsPercentageOfOptimalOnDemandPrice?: pulumi.Input; /** * Block describing the minimum and maximum amount of memory (GiB) per vCPU. Default is no minimum or maximum. */ memoryGibPerVcpu?: pulumi.Input; /** * Block describing the minimum and maximum amount of memory (MiB). Default is no maximum. */ memoryMib?: pulumi.Input; /** * Block describing the minimum and maximum amount of network bandwidth, in gigabits per second (Gbps). Default is no minimum or maximum. */ networkBandwidthGbps?: pulumi.Input; /** * Block describing the minimum and maximum number of network interfaces. Default is no minimum or maximum. */ networkInterfaceCount?: pulumi.Input; /** * Price protection threshold for On-Demand Instances. This is the maximum you’ll pay for an On-Demand Instance, expressed as a percentage higher than the cheapest M, C, or R instance type with your specified attributes. When Amazon EC2 Auto Scaling selects instance types with your attributes, we will exclude instance types whose price is higher than your threshold. The parameter accepts an integer, which Amazon EC2 Auto Scaling interprets as a percentage. To turn off price protection, specify a high value, such as 999999. Default is 20. * * If you set DesiredCapacityType to vcpu or memory-mib, the price protection threshold is applied based on the per vCPU or per memory price instead of the per instance price. */ onDemandMaxPricePercentageOverLowestPrice?: pulumi.Input; /** * Indicate whether instance types must support On-Demand Instance Hibernation, either `true` or `false`. Default is `false`. */ requireHibernateSupport?: pulumi.Input; /** * Price protection threshold for Spot Instances. This is the maximum you’ll pay for a Spot Instance, expressed as a percentage higher than the cheapest M, C, or R instance type with your specified attributes. When Amazon EC2 Auto Scaling selects instance types with your attributes, we will exclude instance types whose price is higher than your threshold. The parameter accepts an integer, which Amazon EC2 Auto Scaling interprets as a percentage. To turn off price protection, specify a high value, such as 999999. Default is 100. Conflicts with `maxSpotPriceAsPercentageOfOptimalOnDemandPrice` * * If you set DesiredCapacityType to vcpu or memory-mib, the price protection threshold is applied based on the per vCPU or per memory price instead of the per instance price. */ spotMaxPricePercentageOverLowestPrice?: pulumi.Input; /** * Block describing the minimum and maximum total local storage (GB). Default is no minimum or maximum. */ totalLocalStorageGb?: pulumi.Input; /** * Block describing the minimum and maximum number of vCPUs. Default is no maximum. */ vcpuCount?: pulumi.Input; } export interface GroupMixedInstancesPolicyLaunchTemplateOverrideInstanceRequirementsAcceleratorCount { max?: pulumi.Input; min?: pulumi.Input; } export interface GroupMixedInstancesPolicyLaunchTemplateOverrideInstanceRequirementsAcceleratorTotalMemoryMib { max?: pulumi.Input; min?: pulumi.Input; } export interface GroupMixedInstancesPolicyLaunchTemplateOverrideInstanceRequirementsBaselineEbsBandwidthMbps { max?: pulumi.Input; min?: pulumi.Input; } export interface GroupMixedInstancesPolicyLaunchTemplateOverrideInstanceRequirementsMemoryGibPerVcpu { max?: pulumi.Input; min?: pulumi.Input; } export interface GroupMixedInstancesPolicyLaunchTemplateOverrideInstanceRequirementsMemoryMib { max?: pulumi.Input; min?: pulumi.Input; } export interface GroupMixedInstancesPolicyLaunchTemplateOverrideInstanceRequirementsNetworkBandwidthGbps { max?: pulumi.Input; min?: pulumi.Input; } export interface GroupMixedInstancesPolicyLaunchTemplateOverrideInstanceRequirementsNetworkInterfaceCount { max?: pulumi.Input; min?: pulumi.Input; } export interface GroupMixedInstancesPolicyLaunchTemplateOverrideInstanceRequirementsTotalLocalStorageGb { max?: pulumi.Input; min?: pulumi.Input; } export interface GroupMixedInstancesPolicyLaunchTemplateOverrideInstanceRequirementsVcpuCount { max?: pulumi.Input; min?: pulumi.Input; } export interface GroupMixedInstancesPolicyLaunchTemplateOverrideLaunchTemplateSpecification { /** * ID of the launch template. Conflicts with `launchTemplateName`. */ launchTemplateId?: pulumi.Input; /** * Name of the launch template. Conflicts with `launchTemplateId`. */ launchTemplateName?: pulumi.Input; version?: pulumi.Input; } export interface GroupTag { /** * Key */ key: pulumi.Input; /** * Enables propagation of the tag to * Amazon EC2 instances launched via this ASG * * To declare multiple tags, additional `tag` blocks can be specified. * * > **NOTE:** Other AWS APIs may automatically add special tags to their associated Auto Scaling Group for management purposes, such as ECS Capacity Providers adding the `AmazonECSManaged` tag. These generally should be included in the configuration so the provider does not attempt to remove them and so if the `minSize` was greater than zero on creation, that these tag(s) are applied to any initial EC2 Instances in the Auto Scaling Group. If these tag(s) were missing in the Auto Scaling Group configuration on creation, affected EC2 Instances missing the tags may require manual intervention of adding the tags to ensure they work properly with the other AWS service. */ propagateAtLaunch: pulumi.Input; /** * Value */ value: pulumi.Input; } export interface GroupTrafficSource { /** * Identifies the traffic source. For Application Load Balancers, Gateway Load Balancers, Network Load Balancers, and VPC Lattice, this will be the Amazon Resource Name (ARN) for a target group in this account and Region. For Classic Load Balancers, this will be the name of the Classic Load Balancer in this account and Region. */ identifier: pulumi.Input; /** * Provides additional context for the value of Identifier. * The following lists the valid values: * `elb` if `identifier` is the name of a Classic Load Balancer. * `elbv2` if `identifier` is the ARN of an Application Load Balancer, Gateway Load Balancer, or Network Load Balancer target group. * `vpc-lattice` if `identifier` is the ARN of a VPC Lattice target group. */ type?: pulumi.Input; } export interface GroupWarmPool { /** * Whether instances in the Auto Scaling group can be returned to the warm pool on scale in. The default is to terminate instances in the Auto Scaling group when the group scales in. */ instanceReusePolicy?: pulumi.Input; /** * Total maximum number of instances that are allowed to be in the warm pool or in any state except Terminated for the Auto Scaling group. */ maxGroupPreparedCapacity?: pulumi.Input; /** * Minimum number of instances to maintain in the warm pool. This helps you to ensure that there is always a certain number of warmed instances available to handle traffic spikes. Defaults to 0 if not specified. */ minSize?: pulumi.Input; /** * Sets the instance state to transition to after the lifecycle hooks finish. Valid values are: Stopped (default), Running or Hibernated. */ poolState?: pulumi.Input; } export interface GroupWarmPoolInstanceReusePolicy { /** * Whether instances in the Auto Scaling group can be returned to the warm pool on scale in. */ reuseOnScaleIn?: pulumi.Input; } export interface PolicyPredictiveScalingConfiguration { /** * Defines the behavior that should be applied if the forecast capacity approaches or exceeds the maximum capacity of the Auto Scaling group. Valid values are `HonorMaxCapacity` or `IncreaseMaxCapacity`. Default is `HonorMaxCapacity`. */ maxCapacityBreachBehavior?: pulumi.Input; /** * Size of the capacity buffer to use when the forecast capacity is close to or exceeds the maximum capacity. Valid range is `0` to `100`. If set to `0`, Amazon EC2 Auto Scaling may scale capacity higher than the maximum capacity to equal but not exceed forecast capacity. */ maxCapacityBuffer?: pulumi.Input; /** * This structure includes the metrics and target utilization to use for predictive scaling. */ metricSpecification: pulumi.Input; /** * Predictive scaling mode. Valid values are `ForecastAndScale` and `ForecastOnly`. Default is `ForecastOnly`. */ mode?: pulumi.Input; /** * Amount of time, in seconds, by which the instance launch time can be advanced. Minimum is `0`. */ schedulingBufferTime?: pulumi.Input; } export interface PolicyPredictiveScalingConfigurationMetricSpecification { /** * Customized capacity metric specification. The field is only valid when you use `customizedLoadMetricSpecification` */ customizedCapacityMetricSpecification?: pulumi.Input; /** * Customized load metric specification. */ customizedLoadMetricSpecification?: pulumi.Input; /** * Customized scaling metric specification. */ customizedScalingMetricSpecification?: pulumi.Input; /** * Predefined load metric specification. */ predefinedLoadMetricSpecification?: pulumi.Input; /** * Metric pair specification from which Amazon EC2 Auto Scaling determines the appropriate scaling metric and load metric to use. */ predefinedMetricPairSpecification?: pulumi.Input; /** * Predefined scaling metric specification. */ predefinedScalingMetricSpecification?: pulumi.Input; /** * Target value for the metric. */ targetValue: pulumi.Input; } export interface PolicyPredictiveScalingConfigurationMetricSpecificationCustomizedCapacityMetricSpecification { /** * List of up to 10 structures that defines custom capacity metric in predictive scaling policy */ metricDataQueries: pulumi.Input[]>; } export interface PolicyPredictiveScalingConfigurationMetricSpecificationCustomizedCapacityMetricSpecificationMetricDataQuery { /** * Math expression used on the returned metric. You must specify either `expression` or `metricStat`, but not both. */ expression?: pulumi.Input; /** * Short name for the metric used in predictive scaling policy. */ id: pulumi.Input; /** * Human-readable label for this metric or expression. */ label?: pulumi.Input; /** * Structure that defines CloudWatch metric to be used in predictive scaling policy. You must specify either `expression` or `metricStat`, but not both. */ metricStat?: pulumi.Input; /** * Boolean that indicates whether to return the timestamps and raw data values of this metric, the default is true */ returnData?: pulumi.Input; } export interface PolicyPredictiveScalingConfigurationMetricSpecificationCustomizedCapacityMetricSpecificationMetricDataQueryMetricStat { /** * Structure that defines the CloudWatch metric to return, including the metric name, namespace, and dimensions. */ metric: pulumi.Input; /** * Statistic of the metrics to return. */ stat: pulumi.Input; /** * Unit of the metrics to return. */ unit?: pulumi.Input; } export interface PolicyPredictiveScalingConfigurationMetricSpecificationCustomizedCapacityMetricSpecificationMetricDataQueryMetricStatMetric { /** * Dimensions of the metric. */ dimensions?: pulumi.Input[]>; /** * Name of the metric. */ metricName: pulumi.Input; /** * Namespace of the metric. */ namespace: pulumi.Input; } export interface PolicyPredictiveScalingConfigurationMetricSpecificationCustomizedCapacityMetricSpecificationMetricDataQueryMetricStatMetricDimension { /** * Name of the dimension. */ name: pulumi.Input; /** * Value of the dimension. */ value: pulumi.Input; } export interface PolicyPredictiveScalingConfigurationMetricSpecificationCustomizedLoadMetricSpecification { /** * List of up to 10 structures that defines custom load metric in predictive scaling policy */ metricDataQueries: pulumi.Input[]>; } export interface PolicyPredictiveScalingConfigurationMetricSpecificationCustomizedLoadMetricSpecificationMetricDataQuery { /** * Math expression used on the returned metric. You must specify either `expression` or `metricStat`, but not both. */ expression?: pulumi.Input; /** * Short name for the metric used in predictive scaling policy. */ id: pulumi.Input; /** * Human-readable label for this metric or expression. */ label?: pulumi.Input; /** * Structure that defines CloudWatch metric to be used in predictive scaling policy. You must specify either `expression` or `metricStat`, but not both. */ metricStat?: pulumi.Input; /** * Boolean that indicates whether to return the timestamps and raw data values of this metric, the default is true */ returnData?: pulumi.Input; } export interface PolicyPredictiveScalingConfigurationMetricSpecificationCustomizedLoadMetricSpecificationMetricDataQueryMetricStat { /** * Structure that defines the CloudWatch metric to return, including the metric name, namespace, and dimensions. */ metric: pulumi.Input; /** * Statistic of the metrics to return. */ stat: pulumi.Input; /** * Unit of the metrics to return. */ unit?: pulumi.Input; } export interface PolicyPredictiveScalingConfigurationMetricSpecificationCustomizedLoadMetricSpecificationMetricDataQueryMetricStatMetric { /** * Dimensions of the metric. */ dimensions?: pulumi.Input[]>; /** * Name of the metric. */ metricName: pulumi.Input; /** * Namespace of the metric. */ namespace: pulumi.Input; } export interface PolicyPredictiveScalingConfigurationMetricSpecificationCustomizedLoadMetricSpecificationMetricDataQueryMetricStatMetricDimension { /** * Name of the dimension. */ name: pulumi.Input; /** * Value of the dimension. */ value: pulumi.Input; } export interface PolicyPredictiveScalingConfigurationMetricSpecificationCustomizedScalingMetricSpecification { /** * List of up to 10 structures that defines custom scaling metric in predictive scaling policy */ metricDataQueries: pulumi.Input[]>; } export interface PolicyPredictiveScalingConfigurationMetricSpecificationCustomizedScalingMetricSpecificationMetricDataQuery { /** * Math expression used on the returned metric. You must specify either `expression` or `metricStat`, but not both. */ expression?: pulumi.Input; /** * Short name for the metric used in predictive scaling policy. */ id: pulumi.Input; /** * Human-readable label for this metric or expression. */ label?: pulumi.Input; /** * Structure that defines CloudWatch metric to be used in predictive scaling policy. You must specify either `expression` or `metricStat`, but not both. */ metricStat?: pulumi.Input; /** * Boolean that indicates whether to return the timestamps and raw data values of this metric, the default is true */ returnData?: pulumi.Input; } export interface PolicyPredictiveScalingConfigurationMetricSpecificationCustomizedScalingMetricSpecificationMetricDataQueryMetricStat { /** * Structure that defines the CloudWatch metric to return, including the metric name, namespace, and dimensions. */ metric: pulumi.Input; /** * Statistic of the metrics to return. */ stat: pulumi.Input; /** * Unit of the metrics to return. */ unit?: pulumi.Input; } export interface PolicyPredictiveScalingConfigurationMetricSpecificationCustomizedScalingMetricSpecificationMetricDataQueryMetricStatMetric { /** * Dimensions of the metric. */ dimensions?: pulumi.Input[]>; /** * Name of the metric. */ metricName: pulumi.Input; /** * Namespace of the metric. */ namespace: pulumi.Input; } export interface PolicyPredictiveScalingConfigurationMetricSpecificationCustomizedScalingMetricSpecificationMetricDataQueryMetricStatMetricDimension { /** * Name of the dimension. */ name: pulumi.Input; /** * Value of the dimension. */ value: pulumi.Input; } export interface PolicyPredictiveScalingConfigurationMetricSpecificationPredefinedLoadMetricSpecification { /** * Metric type. Valid values are `ASGTotalCPUUtilization`, `ASGTotalNetworkIn`, `ASGTotalNetworkOut`, or `ALBTargetGroupRequestCount`. */ predefinedMetricType: pulumi.Input; /** * Label that uniquely identifies a specific Application Load Balancer target group from which to determine the request count served by your Auto Scaling group. You create the resource label by appending the final portion of the load balancer ARN and the final portion of the target group ARN into a single value, separated by a forward slash (/). Refer to [PredefinedMetricSpecification](https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_PredefinedMetricSpecification.html) for more information. */ resourceLabel?: pulumi.Input; } export interface PolicyPredictiveScalingConfigurationMetricSpecificationPredefinedMetricPairSpecification { /** * Which metrics to use. There are two different types of metrics for each metric type: one is a load metric and one is a scaling metric. For example, if the metric type is `ASGCPUUtilization`, the Auto Scaling group's total CPU metric is used as the load metric, and the average CPU metric is used for the scaling metric. Valid values are `ASGCPUUtilization`, `ASGNetworkIn`, `ASGNetworkOut`, or `ALBRequestCount`. */ predefinedMetricType: pulumi.Input; /** * Label that uniquely identifies a specific Application Load Balancer target group from which to determine the request count served by your Auto Scaling group. You create the resource label by appending the final portion of the load balancer ARN and the final portion of the target group ARN into a single value, separated by a forward slash (/). Refer to [PredefinedMetricSpecification](https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_PredefinedMetricSpecification.html) for more information. */ resourceLabel?: pulumi.Input; } export interface PolicyPredictiveScalingConfigurationMetricSpecificationPredefinedScalingMetricSpecification { /** * Describes a scaling metric for a predictive scaling policy. Valid values are `ASGAverageCPUUtilization`, `ASGAverageNetworkIn`, `ASGAverageNetworkOut`, or `ALBRequestCountPerTarget`. */ predefinedMetricType: pulumi.Input; /** * Label that uniquely identifies a specific Application Load Balancer target group from which to determine the request count served by your Auto Scaling group. You create the resource label by appending the final portion of the load balancer ARN and the final portion of the target group ARN into a single value, separated by a forward slash (/). Refer to [PredefinedMetricSpecification](https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_PredefinedMetricSpecification.html) for more information. */ resourceLabel?: pulumi.Input; } export interface PolicyStepAdjustment { /** * Lower bound for the * difference between the alarm threshold and the CloudWatch metric. * Without a value, AWS will treat this bound as negative infinity. */ metricIntervalLowerBound?: pulumi.Input; /** * Upper bound for the * difference between the alarm threshold and the CloudWatch metric. * Without a value, AWS will treat this bound as positive infinity. The upper bound * must be greater than the lower bound. * * Notice the bounds are **relative** to the alarm threshold, meaning that the starting point is not 0%, but the alarm threshold. Check the official [docs](https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-scaling-simple-step.html#as-scaling-steps) for a detailed example. * * The following arguments are only available to "TargetTrackingScaling" type policies: */ metricIntervalUpperBound?: pulumi.Input; /** * Number of members by which to * scale, when the adjustment bounds are breached. A positive value scales * up. A negative value scales down. */ scalingAdjustment: pulumi.Input; } export interface PolicyTargetTrackingConfiguration { /** * Customized metric. Conflicts with `predefinedMetricSpecification`. */ customizedMetricSpecification?: pulumi.Input; /** * Whether scale in by the target tracking policy is disabled. */ disableScaleIn?: pulumi.Input; /** * Predefined metric. Conflicts with `customizedMetricSpecification`. */ predefinedMetricSpecification?: pulumi.Input; /** * Target value for the metric. */ targetValue: pulumi.Input; } export interface PolicyTargetTrackingConfigurationCustomizedMetricSpecification { /** * Dimensions of the metric. */ metricDimensions?: pulumi.Input[]>; /** * Name of the metric. */ metricName?: pulumi.Input; /** * Metrics to include, as a metric data query. */ metrics?: pulumi.Input[]>; /** * Namespace of the metric. */ namespace?: pulumi.Input; /** * The period of the metric in seconds. */ period?: pulumi.Input; /** * Statistic of the metric. */ statistic?: pulumi.Input; /** * Unit of the metric. */ unit?: pulumi.Input; } export interface PolicyTargetTrackingConfigurationCustomizedMetricSpecificationMetric { /** * Math expression used on the returned metric. You must specify either `expression` or `metricStat`, but not both. */ expression?: pulumi.Input; /** * Short name for the metric used in target tracking scaling policy. */ id: pulumi.Input; /** * Human-readable label for this metric or expression. */ label?: pulumi.Input; /** * Structure that defines CloudWatch metric to be used in target tracking scaling policy. You must specify either `expression` or `metricStat`, but not both. */ metricStat?: pulumi.Input; /** * Boolean that indicates whether to return the timestamps and raw data values of this metric, the default is true */ returnData?: pulumi.Input; } export interface PolicyTargetTrackingConfigurationCustomizedMetricSpecificationMetricDimension { /** * Name of the dimension. */ name: pulumi.Input; /** * Value of the dimension. */ value: pulumi.Input; } export interface PolicyTargetTrackingConfigurationCustomizedMetricSpecificationMetricMetricStat { /** * Structure that defines the CloudWatch metric to return, including the metric name, namespace, and dimensions. */ metric: pulumi.Input; /** * The period of the metric in seconds. */ period?: pulumi.Input; /** * Statistic of the metrics to return. */ stat: pulumi.Input; /** * Unit of the metrics to return. */ unit?: pulumi.Input; } export interface PolicyTargetTrackingConfigurationCustomizedMetricSpecificationMetricMetricStatMetric { /** * Dimensions of the metric. */ dimensions?: pulumi.Input[]>; /** * Name of the metric. */ metricName: pulumi.Input; /** * Namespace of the metric. */ namespace: pulumi.Input; } export interface PolicyTargetTrackingConfigurationCustomizedMetricSpecificationMetricMetricStatMetricDimension { /** * Name of the dimension. */ name: pulumi.Input; /** * Value of the dimension. */ value: pulumi.Input; } export interface PolicyTargetTrackingConfigurationPredefinedMetricSpecification { /** * Metric type. */ predefinedMetricType: pulumi.Input; /** * Identifies the resource associated with the metric type. */ resourceLabel?: pulumi.Input; } export interface TagTag { /** * Tag name. */ key: pulumi.Input; /** * Whether to propagate the tags to instances launched by the ASG. */ propagateAtLaunch: pulumi.Input; /** * Tag value. */ value: pulumi.Input; } export interface TrafficSourceAttachmentTrafficSource { /** * Identifies the traffic source. For Application Load Balancers, Gateway Load Balancers, Network Load Balancers, and VPC Lattice, this will be the Amazon Resource Name (ARN) for a target group in this account and Region. For Classic Load Balancers, this will be the name of the Classic Load Balancer in this account and Region. */ identifier: pulumi.Input; /** * Provides additional context for the value of `identifier`. * The following lists the valid values: * `elb` if `identifier` is the name of a Classic Load Balancer. * `elbv2` if `identifier` is the ARN of an Application Load Balancer, Gateway Load Balancer, or Network Load Balancer target group. * `vpc-lattice` if `identifier` is the ARN of a VPC Lattice target group. */ type: pulumi.Input; } } export namespace autoscalingplans { export interface ScalingPlanApplicationSource { /** * ARN of a AWS CloudFormation stack. */ cloudformationStackArn?: pulumi.Input; /** * Set of tags. */ tagFilters?: pulumi.Input[]>; } export interface ScalingPlanApplicationSourceTagFilter { /** * Tag key. */ key: pulumi.Input; /** * Tag values. */ values?: pulumi.Input[]>; } export interface ScalingPlanScalingInstruction { /** * Customized load metric to use for predictive scaling. You must specify either `customizedLoadMetricSpecification` or `predefinedLoadMetricSpecification` when configuring predictive scaling. * More details can be found in the [AWS Auto Scaling API Reference](https://docs.aws.amazon.com/autoscaling/plans/APIReference/API_CustomizedLoadMetricSpecification.html). */ customizedLoadMetricSpecification?: pulumi.Input; /** * Boolean controlling whether dynamic scaling by AWS Auto Scaling is disabled. Defaults to `false`. */ disableDynamicScaling?: pulumi.Input; /** * Maximum capacity of the resource. The exception to this upper limit is if you specify a non-default setting for `predictiveScalingMaxCapacityBehavior`. */ maxCapacity: pulumi.Input; /** * Minimum capacity of the resource. */ minCapacity: pulumi.Input; /** * Predefined load metric to use for predictive scaling. You must specify either `predefinedLoadMetricSpecification` or `customizedLoadMetricSpecification` when configuring predictive scaling. * More details can be found in the [AWS Auto Scaling API Reference](https://docs.aws.amazon.com/autoscaling/plans/APIReference/API_PredefinedLoadMetricSpecification.html). */ predefinedLoadMetricSpecification?: pulumi.Input; /** * Defines the behavior that should be applied if the forecast capacity approaches or exceeds the maximum capacity specified for the resource. * Valid values: `SetForecastCapacityToMaxCapacity`, `SetMaxCapacityAboveForecastCapacity`, `SetMaxCapacityToForecastCapacity`. */ predictiveScalingMaxCapacityBehavior?: pulumi.Input; /** * Size of the capacity buffer to use when the forecast capacity is close to or exceeds the maximum capacity. */ predictiveScalingMaxCapacityBuffer?: pulumi.Input; /** * Predictive scaling mode. Valid values: `ForecastAndScale`, `ForecastOnly`. */ predictiveScalingMode?: pulumi.Input; /** * ID of the resource. This string consists of the resource type and unique identifier. */ resourceId: pulumi.Input; /** * Scalable dimension associated with the resource. Valid values: `autoscaling:autoScalingGroup:DesiredCapacity`, `dynamodb:index:ReadCapacityUnits`, `dynamodb:index:WriteCapacityUnits`, `dynamodb:table:ReadCapacityUnits`, `dynamodb:table:WriteCapacityUnits`, `ecs:service:DesiredCount`, `ec2:spot-fleet-request:TargetCapacity`, `rds:cluster:ReadReplicaCount`. */ scalableDimension: pulumi.Input; /** * Controls whether a resource's externally created scaling policies are kept or replaced. Valid values: `KeepExternalPolicies`, `ReplaceExternalPolicies`. Defaults to `KeepExternalPolicies`. */ scalingPolicyUpdateBehavior?: pulumi.Input; /** * Amount of time, in seconds, to buffer the run time of scheduled scaling actions when scaling out. */ scheduledActionBufferTime?: pulumi.Input; /** * Namespace of the AWS service. Valid values: `autoscaling`, `dynamodb`, `ecs`, `ec2`, `rds`. */ serviceNamespace: pulumi.Input; /** * Structure that defines new target tracking configurations. Each of these structures includes a specific scaling metric and a target value for the metric, along with various parameters to use with dynamic scaling. * More details can be found in the [AWS Auto Scaling API Reference](https://docs.aws.amazon.com/autoscaling/plans/APIReference/API_TargetTrackingConfiguration.html). */ targetTrackingConfigurations: pulumi.Input[]>; } export interface ScalingPlanScalingInstructionCustomizedLoadMetricSpecification { /** * Dimensions of the metric. */ dimensions?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Name of the metric. */ metricName: pulumi.Input; /** * Namespace of the metric. */ namespace: pulumi.Input; /** * Statistic of the metric. Currently, the value must always be `Sum`. */ statistic: pulumi.Input; /** * Unit of the metric. */ unit?: pulumi.Input; } export interface ScalingPlanScalingInstructionPredefinedLoadMetricSpecification { /** * Metric type. Valid values: `ALBTargetGroupRequestCount`, `ASGTotalCPUUtilization`, `ASGTotalNetworkIn`, `ASGTotalNetworkOut`. */ predefinedLoadMetricType: pulumi.Input; /** * Identifies the resource associated with the metric type. */ resourceLabel?: pulumi.Input; } export interface ScalingPlanScalingInstructionTargetTrackingConfiguration { /** * Customized metric. You can specify either `customizedScalingMetricSpecification` or `predefinedScalingMetricSpecification`. * More details can be found in the [AWS Auto Scaling API Reference](https://docs.aws.amazon.com/autoscaling/plans/APIReference/API_CustomizedScalingMetricSpecification.html). */ customizedScalingMetricSpecification?: pulumi.Input; /** * Boolean indicating whether scale in by the target tracking scaling policy is disabled. Defaults to `false`. */ disableScaleIn?: pulumi.Input; /** * Estimated time, in seconds, until a newly launched instance can contribute to the CloudWatch metrics. * This value is used only if the resource is an Auto Scaling group. */ estimatedInstanceWarmup?: pulumi.Input; /** * Predefined metric. You can specify either `predefinedScalingMetricSpecification` or `customizedScalingMetricSpecification`. * More details can be found in the [AWS Auto Scaling API Reference](https://docs.aws.amazon.com/autoscaling/plans/APIReference/API_PredefinedScalingMetricSpecification.html). */ predefinedScalingMetricSpecification?: pulumi.Input; /** * Amount of time, in seconds, after a scale in activity completes before another scale in activity can start. * This value is not used if the scalable resource is an Auto Scaling group. */ scaleInCooldown?: pulumi.Input; /** * Amount of time, in seconds, after a scale-out activity completes before another scale-out activity can start. * This value is not used if the scalable resource is an Auto Scaling group. */ scaleOutCooldown?: pulumi.Input; /** * Target value for the metric. */ targetValue: pulumi.Input; } export interface ScalingPlanScalingInstructionTargetTrackingConfigurationCustomizedScalingMetricSpecification { /** * Dimensions of the metric. */ dimensions?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Name of the metric. */ metricName: pulumi.Input; /** * Namespace of the metric. */ namespace: pulumi.Input; /** * Statistic of the metric. Valid values: `Average`, `Maximum`, `Minimum`, `SampleCount`, `Sum`. */ statistic: pulumi.Input; /** * Unit of the metric. */ unit?: pulumi.Input; } export interface ScalingPlanScalingInstructionTargetTrackingConfigurationPredefinedScalingMetricSpecification { /** * Metric type. Valid values: `ALBRequestCountPerTarget`, `ASGAverageCPUUtilization`, `ASGAverageNetworkIn`, `ASGAverageNetworkOut`, `DynamoDBReadCapacityUtilization`, `DynamoDBWriteCapacityUtilization`, `ECSServiceAverageCPUUtilization`, `ECSServiceAverageMemoryUtilization`, `EC2SpotFleetRequestAverageCPUUtilization`, `EC2SpotFleetRequestAverageNetworkIn`, `EC2SpotFleetRequestAverageNetworkOut`, `RDSReaderAverageCPUUtilization`, `RDSReaderAverageDatabaseConnections`. */ predefinedScalingMetricType: pulumi.Input; /** * Identifies the resource associated with the metric type. */ resourceLabel?: pulumi.Input; } } export namespace backup { export interface FrameworkControl { /** * One or more input parameter blocks. An example of a control with two parameters is: "backup plan frequency is at least daily and the retention period is at least 1 year". The first parameter is daily. The second parameter is 1 year. Detailed below. */ inputParameters?: pulumi.Input[]>; /** * The name of a control. This name is between 1 and 256 characters. */ name: pulumi.Input; /** * The scope of a control. The control scope defines what the control will evaluate. Three examples of control scopes are: a specific backup plan, all backup plans with a specific tag, or all backup plans. Detailed below. */ scope?: pulumi.Input; } export interface FrameworkControlInputParameter { /** * The name of a parameter, for example, BackupPlanFrequency. */ name?: pulumi.Input; /** * The value of parameter, for example, hourly. */ value?: pulumi.Input; } export interface FrameworkControlScope { /** * The ID of the only AWS resource that you want your control scope to contain. Minimum number of 1 item. Maximum number of 100 items. */ complianceResourceIds?: pulumi.Input[]>; /** * Describes whether the control scope includes one or more types of resources, such as EFS or RDS. */ complianceResourceTypes?: pulumi.Input[]>; /** * The tag key-value pair applied to those AWS resources that you want to trigger an evaluation for a rule. A maximum of one key-value pair can be provided. */ tags?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface LogicallyAirGappedVaultTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; } export interface PlanAdvancedBackupSetting { /** * Specifies the backup option for a selected resource. This option is only available for Windows VSS backup jobs. Set to `{ WindowsVSS = "enabled" }` to enable Windows VSS backup option and create a VSS Windows backup. */ backupOptions: pulumi.Input<{[key: string]: pulumi.Input}>; /** * The type of AWS resource to be backed up. For VSS Windows backups, the only supported resource type is Amazon EC2. Valid values: `EC2`. */ resourceType: pulumi.Input; } export interface PlanRule { /** * The amount of time in minutes AWS Backup attempts a backup before canceling the job and returning an error. */ completionWindow?: pulumi.Input; /** * Configuration block(s) with copy operation settings. Detailed below. */ copyActions?: pulumi.Input[]>; /** * Enable continuous backups for supported resources. */ enableContinuousBackup?: pulumi.Input; /** * The lifecycle defines when a protected resource is transitioned to cold storage and when it expires. Fields documented below. */ lifecycle?: pulumi.Input; /** * Metadata that you can assign to help organize the resources that you create. */ recoveryPointTags?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * An display name for a backup rule. */ ruleName: pulumi.Input; /** * Block for scanning configuration for the backup rule and includes the malware scanner, and scan mode of either full or incremental. */ scanActions?: pulumi.Input[]>; /** * A CRON expression specifying when AWS Backup initiates a backup job. */ schedule?: pulumi.Input; /** * The timezone in which the schedule expression is set. Default value: `"Etc/UTC"`. */ scheduleExpressionTimezone?: pulumi.Input; /** * The amount of time in minutes before beginning a backup. */ startWindow?: pulumi.Input; /** * The ARN of a logically air-gapped vault. ARN must be in the same account and region. If provided, supported fully managed resources back up directly to logically air-gapped vault, while other supported resources create a temporary (billable) snapshot in backup vault, then copy it to logically air-gapped vault. Unsupported resources only back up to the specified backup vault. */ targetLogicallyAirGappedBackupVaultArn?: pulumi.Input; /** * The name of a logical container where backups are stored. */ targetVaultName: pulumi.Input; } export interface PlanRuleCopyAction { /** * An Amazon Resource Name (ARN) that uniquely identifies the destination backup vault for the copied backup. */ destinationVaultArn: pulumi.Input; /** * The lifecycle defines when a protected resource is copied over to a backup vault and when it expires. Fields documented above. */ lifecycle?: pulumi.Input; } export interface PlanRuleCopyActionLifecycle { /** * Specifies the number of days after creation that a recovery point is moved to cold storage. */ coldStorageAfter?: pulumi.Input; /** * Specifies the number of days after creation that a recovery point is deleted. Must be 90 days greater than `coldStorageAfter`. */ deleteAfter?: pulumi.Input; /** * This setting will instruct your backup plan to transition supported resources to archive (cold) storage tier in accordance with your lifecycle settings. */ optInToArchiveForSupportedResources?: pulumi.Input; } export interface PlanRuleLifecycle { /** * Specifies the number of days after creation that a recovery point is moved to cold storage. */ coldStorageAfter?: pulumi.Input; /** * Specifies the number of days after creation that a recovery point is deleted. Must be 90 days greater than `coldStorageAfter`. */ deleteAfter?: pulumi.Input; /** * This setting will instruct your backup plan to transition supported resources to archive (cold) storage tier in accordance with your lifecycle settings. */ optInToArchiveForSupportedResources?: pulumi.Input; } export interface PlanRuleScanAction { /** * Malware scanner to use for the scan action. Currently only `GUARDDUTY` is supported. */ malwareScanner: pulumi.Input; /** * Scanning mode to use for the scan action. Valid values are `FULL_SCAN` and `INCREMENTAL_SCAN`. */ scanMode: pulumi.Input; } export interface PlanScanSetting { /** * Malware scanner to use for the scan setting. Currently only `GUARDDUTY` is supported. */ malwareScanner: pulumi.Input; /** * List of resource types to apply the scan setting to. Valid values are `EBS`, `EC2`, `S3` and `ALL`. */ resourceTypes: pulumi.Input[]>; /** * ARN of the IAM role that AWS Backup uses to scan resources. See [the AWS documentation](https://docs.aws.amazon.com/guardduty/latest/ug/malware-protection-backup-iam-permissions.html) for details. */ scannerRoleArn: pulumi.Input; } export interface ReportPlanReportDeliveryChannel { /** * A list of the format of your reports: CSV, JSON, or both. If not specified, the default format is CSV. */ formats?: pulumi.Input[]>; /** * The unique name of the S3 bucket that receives your reports. */ s3BucketName: pulumi.Input; /** * The prefix for where Backup Audit Manager delivers your reports to Amazon S3. The prefix is this part of the following path: s3://your-bucket-name/prefix/Backup/us-west-2/year/month/day/report-name. If not specified, there is no prefix. */ s3KeyPrefix?: pulumi.Input; } export interface ReportPlanReportSetting { /** * Specifies the list of accounts a report covers. */ accounts?: pulumi.Input[]>; /** * Specifies the Amazon Resource Names (ARNs) of the frameworks a report covers. */ frameworkArns?: pulumi.Input[]>; /** * Specifies the number of frameworks a report covers. */ numberOfFrameworks?: pulumi.Input; /** * Specifies the list of Organizational Units a report covers. */ organizationUnits?: pulumi.Input[]>; /** * Specifies the list of regions a report covers. */ regions?: pulumi.Input[]>; /** * Identifies the report template for the report. Reports are built using a report template. The report templates are: `RESOURCE_COMPLIANCE_REPORT` | `CONTROL_COMPLIANCE_REPORT` | `BACKUP_JOB_REPORT` | `COPY_JOB_REPORT` | `RESTORE_JOB_REPORT`. */ reportTemplate: pulumi.Input; } export interface RestoreTestingPlanRecoveryPointSelection { /** * Specifies the algorithm used for selecting recovery points. Valid values are "RANDOM_WITHIN_WINDOW" and "LATEST_WITHIN_WINDOW". */ algorithm: pulumi.Input; /** * Specifies the backup vaults to exclude from the recovery point selection. Each value must be a valid AWS ARN for a backup vault or "*" to exclude all backup vaults. */ excludeVaults?: pulumi.Input[]>; /** * Specifies the backup vaults to include in the recovery point selection. Each value must be a valid AWS ARN for a backup vault or "*" to include all backup vaults. */ includeVaults: pulumi.Input[]>; /** * Specifies the types of recovery points to include in the selection. Valid values are "CONTINUOUS" and "SNAPSHOT". */ recoveryPointTypes: pulumi.Input[]>; /** * Specifies the number of days within which the recovery points should be selected. Must be a value between 1 and 365. */ selectionWindowDays?: pulumi.Input; } export interface RestoreTestingSelectionProtectedResourceConditions { /** * The list of string equals conditions for resource tags. Filters the values of your tagged resources for only those resources that you tagged with the same value. Also called "exact matching.". See the structure for details */ stringEquals?: pulumi.Input[]>; /** * The list of string not equals conditions for resource tags. Filters the values of your tagged resources for only those resources that you tagged that do not have the same value. Also called "negated matching.". See the structure for details */ stringNotEquals?: pulumi.Input[]>; } export interface RestoreTestingSelectionProtectedResourceConditionsStringEqual { /** * The Tag name, must start with one of the following prefixes: [aws:ResourceTag/] with a Minimum length of 1. Maximum length of 128, and can contain characters that are letters, white space, and numbers that can be represented in UTF-8 and the following characters: `+ - = . _ : /`. */ key: pulumi.Input; /** * The value of the Tag. Maximum length of 256. */ value: pulumi.Input; } export interface RestoreTestingSelectionProtectedResourceConditionsStringNotEqual { /** * The Tag name, must start with one of the following prefixes: [aws:ResourceTag/] with a Minimum length of 1. Maximum length of 128, and can contain characters that are letters, white space, and numbers that can be represented in UTF-8 and the following characters: `+ - = . _ : /`. */ key: pulumi.Input; /** * The value of the Tag. Maximum length of 256. */ value: pulumi.Input; } export interface SelectionCondition { /** * Filters the values of your tagged resources for only those resources that you tagged with the same value. Also called "exact matching". See below for details. */ stringEquals?: pulumi.Input[]>; /** * Filters the values of your tagged resources for matching tag values with the use of a wildcard character (`*`) anywhere in the string. For example, `prod*` or `*rod*` matches the tag value `production`. See below for details. */ stringLikes?: pulumi.Input[]>; /** * Filters the values of your tagged resources for only those resources that you tagged that do not have the same value. Also called "negated matching". See below for details. */ stringNotEquals?: pulumi.Input[]>; /** * Filters the values of your tagged resources for non-matching tag values with the use of a wildcard character (`*`) anywhere in the string. See below for details. */ stringNotLikes?: pulumi.Input[]>; } export interface SelectionConditionStringEqual { /** * Key for the filter. */ key: pulumi.Input; /** * Value for the filter. */ value: pulumi.Input; } export interface SelectionConditionStringLike { /** * Key for the filter. */ key: pulumi.Input; /** * Value for the filter. */ value: pulumi.Input; } export interface SelectionConditionStringNotEqual { /** * Key for the filter. */ key: pulumi.Input; /** * Value for the filter. */ value: pulumi.Input; } export interface SelectionConditionStringNotLike { /** * Key for the filter. */ key: pulumi.Input; /** * Value for the filter. */ value: pulumi.Input; } export interface SelectionSelectionTag { /** * Key for the filter. */ key: pulumi.Input; /** * An operation, such as `STRINGEQUALS`, that is applied to the key-value pair used to filter resources in a selection. */ type: pulumi.Input; /** * Value for the filter. */ value: pulumi.Input; } } export namespace batch { export interface ComputeEnvironmentComputeResources { /** * The allocation strategy to use for the compute resource in case not enough instances of the best fitting instance type can be allocated. For valid values, refer to the [AWS documentation](https://docs.aws.amazon.com/batch/latest/APIReference/API_ComputeResource.html#Batch-Type-ComputeResource-allocationStrategy). Defaults to `BEST_FIT`. This parameter isn't applicable to jobs running on Fargate resources, and shouldn't be specified. */ allocationStrategy?: pulumi.Input; /** * Integer of maximum percentage that a Spot Instance price can be when compared with the On-Demand price for that instance type before instances are launched. For example, if your bid percentage is 20% (`20`), then the Spot price must be below 20% of the current On-Demand price for that EC2 instance. If you leave this field empty, the default value is 100% of the On-Demand price. This parameter isn't applicable to jobs running on Fargate resources, and shouldn't be specified. */ bidPercentage?: pulumi.Input; /** * The desired number of EC2 vCPUS in the compute environment. This parameter isn't applicable to jobs running on Fargate resources, and shouldn't be specified. */ desiredVcpus?: pulumi.Input; /** * Provides information used to select Amazon Machine Images (AMIs) for EC2 instances in the compute environment. If Ec2Configuration isn't specified, the default is ECS_AL2. This parameter isn't applicable to jobs that are running on Fargate resources, and shouldn't be specified. */ ec2Configurations?: pulumi.Input[]>; /** * The EC2 key pair that is used for instances launched in the compute environment. This parameter isn't applicable to jobs running on Fargate resources, and shouldn't be specified. */ ec2KeyPair?: pulumi.Input; /** * The Amazon Machine Image (AMI) ID used for instances launched in the compute environment. This parameter isn't applicable to jobs running on Fargate resources, and shouldn't be specified. (Deprecated, use `ec2Configuration` `imageIdOverride` instead) */ imageId?: pulumi.Input; /** * The Amazon ECS instance role applied to Amazon EC2 instances in a compute environment. This parameter isn't applicable to jobs running on Fargate resources, and shouldn't be specified. */ instanceRole?: pulumi.Input; /** * A list of instance types that may be launched. This parameter isn't applicable to jobs running on Fargate resources, and shouldn't be specified. */ instanceTypes?: pulumi.Input[]>; /** * The launch template to use for your compute resources. See details below. This parameter isn't applicable to jobs running on Fargate resources, and shouldn't be specified. */ launchTemplate?: pulumi.Input; /** * The maximum number of EC2 vCPUs that an environment can reach. */ maxVcpus: pulumi.Input; /** * The minimum number of EC2 vCPUs that an environment should maintain. For `EC2` or `SPOT` compute environments, if the parameter is not explicitly defined, a `0` default value will be set. This parameter isn't applicable to jobs running on Fargate resources, and shouldn't be specified. */ minVcpus?: pulumi.Input; /** * The Amazon EC2 placement group to associate with your compute resources. */ placementGroup?: pulumi.Input; /** * A list of EC2 security group that are associated with instances launched in the compute environment. This parameter is required for Fargate compute environments. */ securityGroupIds?: pulumi.Input[]>; /** * The Amazon Resource Name (ARN) of the Amazon EC2 Spot Fleet IAM role applied to a SPOT compute environment. This parameter is required for SPOT compute environments. This parameter isn't applicable to jobs running on Fargate resources, and shouldn't be specified. */ spotIamFleetRole?: pulumi.Input; /** * A list of VPC subnets into which the compute resources are launched. */ subnets: pulumi.Input[]>; /** * Key-value pair tags to be applied to resources that are launched in the compute environment. This parameter isn't applicable to jobs running on Fargate resources, and shouldn't be specified. */ tags?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * The type of compute environment. Valid items are `EC2`, `SPOT`, `FARGATE` or `FARGATE_SPOT`. */ type: pulumi.Input; } export interface ComputeEnvironmentComputeResourcesEc2Configuration { /** * The AMI ID used for instances launched in the compute environment that match the image type. This setting overrides the `imageId` argument in the `computeResources` block. */ imageIdOverride?: pulumi.Input; /** * The Kubernetes version for the compute environment. If you don't specify a value, the latest version that AWS Batch supports is used. See [Supported Kubernetes versions](https://docs.aws.amazon.com/batch/latest/userguide/supported_kubernetes_version.html) for the list of Kubernetes versions supported by AWS Batch on Amazon EKS. */ imageKubernetesVersion?: pulumi.Input; /** * The image type to match with the instance type to select an AMI. If the `imageIdOverride` parameter isn't specified, then a recent [Amazon ECS-optimized Amazon Linux 2 AMI](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html#al2ami) (`ECS_AL2`) is used. */ imageType?: pulumi.Input; } export interface ComputeEnvironmentComputeResourcesLaunchTemplate { /** * ID of the launch template. You must specify either the launch template ID or launch template name in the request, but not both. */ launchTemplateId?: pulumi.Input; /** * Name of the launch template. */ launchTemplateName?: pulumi.Input; /** * The version number of the launch template. Default: The default version of the launch template. */ version?: pulumi.Input; } export interface ComputeEnvironmentEksConfiguration { /** * The Amazon Resource Name (ARN) of the Amazon EKS cluster. */ eksClusterArn: pulumi.Input; /** * The namespace of the Amazon EKS cluster. AWS Batch manages pods in this namespace. */ kubernetesNamespace: pulumi.Input; } export interface ComputeEnvironmentUpdatePolicy { /** * Specifies the job timeout (in minutes) when the compute environment infrastructure is updated. */ jobExecutionTimeoutMinutes?: pulumi.Input; /** * Specifies whether jobs are automatically terminated when the compute environment infrastructure is updated. */ terminateJobsOnUpdate?: pulumi.Input; } export interface JobDefinitionEksProperties { /** * Properties for the Kubernetes pod resources of a job. See `podProperties` below. */ podProperties: pulumi.Input; } export interface JobDefinitionEksPropertiesPodProperties { /** * Properties of the container that's used on the Amazon EKS pod. See containers below. */ containers: pulumi.Input[]>; /** * DNS policy for the pod. The default value is `ClusterFirst`. If the `hostNetwork` argument is not specified, the default is `ClusterFirstWithHostNet`. `ClusterFirst` indicates that any DNS query that does not match the configured cluster domain suffix is forwarded to the upstream nameserver inherited from the node. For more information, see Pod's DNS policy in the Kubernetes documentation. */ dnsPolicy?: pulumi.Input; /** * Whether the pod uses the hosts' network IP address. The default value is `true`. Setting this to `false` enables the Kubernetes pod networking model. Most AWS Batch workloads are egress-only and don't require the overhead of IP allocation for each pod for incoming connections. */ hostNetwork?: pulumi.Input; /** * List of Kubernetes secret resources. See `imagePullSecret` below. */ imagePullSecrets?: pulumi.Input[]>; /** * Containers which run before application containers, always runs to completion, and must complete successfully before the next container starts. These containers are registered with the Amazon EKS Connector agent and persists the registration information in the Kubernetes backend data store. See containers below. */ initContainers?: pulumi.Input[]>; /** * Metadata about the Kubernetes pod. */ metadata?: pulumi.Input; /** * Name of the service account that's used to run the pod. */ serviceAccountName?: pulumi.Input; /** * Indicates if the processes in a container are shared, or visible, to other containers in the same pod. */ shareProcessNamespace?: pulumi.Input; /** * Volumes for a job definition that uses Amazon EKS resources. AWS Batch supports emptyDir, hostPath, and secret volume types. */ volumes?: pulumi.Input[]>; } export interface JobDefinitionEksPropertiesPodPropertiesContainer { /** * Array of arguments to the entrypoint. If this isn't specified, the CMD of the container image is used. This corresponds to the args member in the Entrypoint portion of the Pod in Kubernetes. Environment variable references are expanded using the container's environment. */ args?: pulumi.Input[]>; /** * Entrypoint for the container. This isn't run within a shell. If this isn't specified, the ENTRYPOINT of the container image is used. Environment variable references are expanded using the container's environment. */ commands?: pulumi.Input[]>; /** * Environment variables to pass to a container. See EKS Environment below. */ envs?: pulumi.Input[]>; /** * Docker image used to start the container. */ image: pulumi.Input; /** * Image pull policy for the container. Supported values are `Always`, `IfNotPresent`, and `Never`. */ imagePullPolicy?: pulumi.Input; /** * Name of the container. If the name isn't specified, the default name "Default" is used. Each container in a pod must have a unique name. */ name?: pulumi.Input; /** * Type and amount of resources to assign to a container. The supported resources include `memory`, `cpu`, and `nvidia.com/gpu`. */ resources?: pulumi.Input; /** * Security context for a job. See `securityContext` below. */ securityContext?: pulumi.Input; /** * Volume mounts for the container. */ volumeMounts?: pulumi.Input[]>; } export interface JobDefinitionEksPropertiesPodPropertiesContainerEnv { /** * Name of the job definition. */ name: pulumi.Input; /** * Value of the environment variable. */ value: pulumi.Input; } export interface JobDefinitionEksPropertiesPodPropertiesContainerResources { limits?: pulumi.Input<{[key: string]: pulumi.Input}>; requests?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface JobDefinitionEksPropertiesPodPropertiesContainerSecurityContext { /** * Whether or not a container or a Kubernetes pod is allowed to gain more privileges than its parent process. The default value is `false`. */ allowPrivilegeEscalation?: pulumi.Input; /** * When this parameter is `true`, the container is given elevated permissions on the host container instance. The level of permissions are similar to the root user permissions. The default value is `false`. */ privileged?: pulumi.Input; readOnlyRootFileSystem?: pulumi.Input; /** * When this parameter is specified, the container is run as the specified group ID (gid). If this parameter isn't specified, the default is the group that's specified in the image metadata. */ runAsGroup?: pulumi.Input; /** * When this parameter is specified, the container is run as a user with a uid other than 0. If this parameter isn't specified, so such rule is enforced. */ runAsNonRoot?: pulumi.Input; /** * When this parameter is specified, the container is run as the specified user ID (uid). If this parameter isn't specified, the default is the user that's specified in the image metadata. */ runAsUser?: pulumi.Input; } export interface JobDefinitionEksPropertiesPodPropertiesContainerVolumeMount { mountPath: pulumi.Input; /** * Name of the job definition. */ name: pulumi.Input; readOnly?: pulumi.Input; } export interface JobDefinitionEksPropertiesPodPropertiesImagePullSecret { /** * Unique identifier. */ name: pulumi.Input; } export interface JobDefinitionEksPropertiesPodPropertiesInitContainer { /** * Array of arguments to the entrypoint. If this isn't specified, the CMD of the container image is used. This corresponds to the args member in the Entrypoint portion of the Pod in Kubernetes. Environment variable references are expanded using the container's environment. */ args?: pulumi.Input[]>; /** * Entrypoint for the container. This isn't run within a shell. If this isn't specified, the ENTRYPOINT of the container image is used. Environment variable references are expanded using the container's environment. */ commands?: pulumi.Input[]>; /** * Environment variables to pass to a container. See EKS Environment below. */ envs?: pulumi.Input[]>; /** * Docker image used to start the container. */ image: pulumi.Input; /** * Image pull policy for the container. Supported values are `Always`, `IfNotPresent`, and `Never`. */ imagePullPolicy?: pulumi.Input; /** * Name of the job definition. */ name?: pulumi.Input; /** * Type and amount of resources to assign to a container. The supported resources include `memory`, `cpu`, and `nvidia.com/gpu`. */ resources?: pulumi.Input; /** * Security context for a job. See `securityContext` below. */ securityContext?: pulumi.Input; /** * Volume mounts for the container. */ volumeMounts?: pulumi.Input[]>; } export interface JobDefinitionEksPropertiesPodPropertiesInitContainerEnv { /** * Name of the job definition. */ name: pulumi.Input; /** * Value of the environment variable. */ value: pulumi.Input; } export interface JobDefinitionEksPropertiesPodPropertiesInitContainerResources { limits?: pulumi.Input<{[key: string]: pulumi.Input}>; requests?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface JobDefinitionEksPropertiesPodPropertiesInitContainerSecurityContext { /** * Whether or not a container or a Kubernetes pod is allowed to gain more privileges than its parent process. The default value is `false`. */ allowPrivilegeEscalation?: pulumi.Input; /** * When this parameter is `true`, the container is given elevated permissions on the host container instance. The level of permissions are similar to the root user permissions. The default value is `false`. */ privileged?: pulumi.Input; readOnlyRootFileSystem?: pulumi.Input; /** * When this parameter is specified, the container is run as the specified group ID (gid). If this parameter isn't specified, the default is the group that's specified in the image metadata. */ runAsGroup?: pulumi.Input; /** * When this parameter is specified, the container is run as a user with a uid other than 0. If this parameter isn't specified, so such rule is enforced. */ runAsNonRoot?: pulumi.Input; /** * When this parameter is specified, the container is run as the specified user ID (uid). If this parameter isn't specified, the default is the user that's specified in the image metadata. */ runAsUser?: pulumi.Input; } export interface JobDefinitionEksPropertiesPodPropertiesInitContainerVolumeMount { mountPath: pulumi.Input; /** * Name of the job definition. */ name: pulumi.Input; readOnly?: pulumi.Input; } export interface JobDefinitionEksPropertiesPodPropertiesMetadata { /** * Key-value pairs used to identify, sort, and organize kubernetes resources. */ labels?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface JobDefinitionEksPropertiesPodPropertiesVolume { emptyDir?: pulumi.Input; hostPath?: pulumi.Input; /** * Name of the job definition. */ name?: pulumi.Input; secret?: pulumi.Input; } export interface JobDefinitionEksPropertiesPodPropertiesVolumeEmptyDir { /** * Medium to store the volume. The default value is an empty string, which uses the storage of the node. */ medium?: pulumi.Input; /** * Maximum size of the volume. By default, there's no maximum size defined. */ sizeLimit: pulumi.Input; } export interface JobDefinitionEksPropertiesPodPropertiesVolumeHostPath { /** * Path of the file or directory on the host to mount into containers on the pod. */ path: pulumi.Input; } export interface JobDefinitionEksPropertiesPodPropertiesVolumeSecret { /** * Whether the secret or the secret's keys must be defined. */ optional?: pulumi.Input; /** * Name of the secret. The name must be allowed as a DNS subdomain name. */ secretName: pulumi.Input; } export interface JobDefinitionRetryStrategy { /** * Number of times to move a job to the `RUNNABLE` status. You may specify between `1` and `10` attempts. */ attempts?: pulumi.Input; /** * Evaluate on exit conditions under which the job should be retried or failed. If this parameter is specified, then the `attempts` parameter must also be specified. You may specify up to 5 configuration blocks. */ evaluateOnExits?: pulumi.Input[]>; } export interface JobDefinitionRetryStrategyEvaluateOnExit { /** * Action to take if all of the specified conditions are met. The values are not case sensitive. Valid values: `retry`, `exit`. */ action: pulumi.Input; /** * Glob pattern to match against the decimal representation of the exit code returned for a job. */ onExitCode?: pulumi.Input; /** * Glob pattern to match against the reason returned for a job. */ onReason?: pulumi.Input; /** * Glob pattern to match against the status reason returned for a job. */ onStatusReason?: pulumi.Input; } export interface JobDefinitionTimeout { /** * Time duration in seconds after which AWS Batch terminates your jobs if they have not finished. The minimum value for the timeout is `60` seconds. */ attemptDurationSeconds?: pulumi.Input; } export interface JobQueueComputeEnvironmentOrder { /** * The Amazon Resource Name (ARN) of the compute environment. */ computeEnvironment: pulumi.Input; /** * The order of the compute environment. Compute environments are tried in ascending order. For example, if two compute environments are associated with a job queue, the compute environment with a lower order integer value is tried for job placement first. */ order: pulumi.Input; } export interface JobQueueJobStateTimeLimitAction { /** * The action to take when a job is at the head of the job queue in the specified state for the specified period of time. Valid values include `"CANCEL"` */ action: pulumi.Input; /** * The approximate amount of time, in seconds, that must pass with the job in the specified state before the action is taken. Valid values include integers between `600` & `86400` */ maxTimeSeconds: pulumi.Input; /** * The reason to log for the action being taken. */ reason: pulumi.Input; /** * The state of the job needed to trigger the action. Valid values include `"RUNNABLE"`. */ state: pulumi.Input; } export interface JobQueueTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface SchedulingPolicyFairSharePolicy { /** * A value used to reserve some of the available maximum vCPU for fair share identifiers that have not yet been used. For more information, see [FairsharePolicy](https://docs.aws.amazon.com/batch/latest/APIReference/API_FairsharePolicy.html). */ computeReservation?: pulumi.Input; shareDecaySeconds?: pulumi.Input; /** * One or more share distribution blocks which define the weights for the fair share identifiers for the fair share policy. For more information, see [FairsharePolicy](https://docs.aws.amazon.com/batch/latest/APIReference/API_FairsharePolicy.html). The `shareDistribution` block is documented below. */ shareDistributions?: pulumi.Input[]>; } export interface SchedulingPolicyFairSharePolicyShareDistribution { /** * A fair share identifier or fair share identifier prefix. For more information, see [ShareAttributes](https://docs.aws.amazon.com/batch/latest/APIReference/API_ShareAttributes.html). */ shareIdentifier: pulumi.Input; /** * The weight factor for the fair share identifier. For more information, see [ShareAttributes](https://docs.aws.amazon.com/batch/latest/APIReference/API_ShareAttributes.html). */ weightFactor?: pulumi.Input; } } export namespace bcmdata { export interface ExportExport { /** * Data query for this specific data export. See the `dataQuery` argument reference below. */ dataQueries?: pulumi.Input[]>; /** * Description for this specific data export. */ description?: pulumi.Input; /** * Destination configuration for this specific data export. See the `destinationConfigurations` argument reference below. */ destinationConfigurations?: pulumi.Input[]>; exportArn?: pulumi.Input; /** * Name of this specific data export. */ name: pulumi.Input; /** * Cadence for Amazon Web Services to update the export in your S3 bucket. See the `refreshCadence` argument reference below. */ refreshCadences?: pulumi.Input[]>; } export interface ExportExportDataQuery { /** * Query statement. The SQL table name for CUR 2.0 is `COST_AND_USAGE_REPORT`. See the [AWS documentation](https://docs.aws.amazon.com/cur/latest/userguide/table-dictionary-cur2.html) for a list of available columns. */ queryStatement: pulumi.Input; /** * Table configuration. See the [AWS documentation](https://docs.aws.amazon.com/cur/latest/userguide/table-dictionary-cur2.html#cur2-table-configurations) for the available configurations. In addition to those listed in the documentation, `BILLING_VIEW_ARN` must also be included, as shown in the example above. */ tableConfigurations?: pulumi.Input<{[key: string]: pulumi.Input<{[key: string]: pulumi.Input}>}>; } export interface ExportExportDestinationConfiguration { /** * Object that describes the destination of the data exports file. See the `s3Destination` argument reference below. */ s3Destinations?: pulumi.Input[]>; } export interface ExportExportDestinationConfigurationS3Destination { /** * Name of the Amazon S3 bucket used as the destination of a data export file. */ s3Bucket: pulumi.Input; /** * Output configuration for the data export. See the `s3OutputConfigurations` argument reference below. */ s3OutputConfigurations?: pulumi.Input[]>; /** * S3 path prefix you want prepended to the name of your data export. */ s3Prefix: pulumi.Input; /** * S3 bucket region. */ s3Region: pulumi.Input; } export interface ExportExportDestinationConfigurationS3DestinationS3OutputConfiguration { /** * Compression type for the data export. Valid values `GZIP`, `PARQUET`. */ compression: pulumi.Input; /** * File format for the data export. Valid values `TEXT_OR_CSV` or `PARQUET`. */ format: pulumi.Input; /** * Output type for the data export. Valid value `CUSTOM`. */ outputType: pulumi.Input; /** * The rule to follow when generating a version of the data export file. You have the choice to overwrite the previous version or to be delivered in addition to the previous versions. Overwriting exports can save on Amazon S3 storage costs. Creating new export versions allows you to track the changes in cost and usage data over time. Valid values `CREATE_NEW_REPORT` or `OVERWRITE_REPORT`. */ overwrite: pulumi.Input; } export interface ExportExportRefreshCadence { /** * Frequency that data exports are updated. The export refreshes each time the source data updates, up to three times daily. Valid values `SYNCHRONOUS`. */ frequency: pulumi.Input; } export interface ExportTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } } export namespace bedrock { export interface AgentAgentActionGroupActionGroupExecutor { /** * Custom control method for handling the information elicited from the user. Valid values: `RETURN_CONTROL`. * To skip using a Lambda function and instead return the predicted action group, in addition to the parameters and information required for it, in the `InvokeAgent` response, specify `RETURN_CONTROL`. * Only one of `customControl` or `lambda` can be specified. */ customControl?: pulumi.Input; /** * ARN of the Lambda function containing the business logic that is carried out upon invoking the action. * Only one of `lambda` or `customControl` can be specified. */ lambda?: pulumi.Input; } export interface AgentAgentActionGroupApiSchema { /** * JSON or YAML-formatted payload defining the OpenAPI schema for the action group. * Only one of `payload` or `s3` can be specified. */ payload?: pulumi.Input; /** * Details about the S3 object containing the OpenAPI schema for the action group. See `s3` Block for details. * Only one of `s3` or `payload` can be specified. */ s3?: pulumi.Input; } export interface AgentAgentActionGroupApiSchemaS3 { /** * Name of the S3 bucket. */ s3BucketName?: pulumi.Input; /** * S3 object key containing the resource. */ s3ObjectKey?: pulumi.Input; } export interface AgentAgentActionGroupFunctionSchema { /** * Contains a list of functions. * Each function describes and action in the action group. * See `memberFunctions` Block for details. */ memberFunctions?: pulumi.Input; } export interface AgentAgentActionGroupFunctionSchemaMemberFunctions { /** * Functions that each define an action in the action group. See `functions` Block for details. */ functions?: pulumi.Input[]>; } export interface AgentAgentActionGroupFunctionSchemaMemberFunctionsFunction { /** * Description of the function and its purpose. */ description?: pulumi.Input; /** * Name for the function. */ name: pulumi.Input; /** * Parameters that the agent elicits from the user to fulfill the function. See `parameters` Block for details. */ parameters?: pulumi.Input[]>; } export interface AgentAgentActionGroupFunctionSchemaMemberFunctionsFunctionParameter { /** * Description of the parameter. Helps the foundation model determine how to elicit the parameters from the user. */ description?: pulumi.Input; /** * Name of the parameter. * * **Note:** The argument name `mapBlockKey` may seem out of context, but is necessary for backward compatibility reasons in the provider. */ mapBlockKey: pulumi.Input; /** * Whether the parameter is required for the agent to complete the function for action group invocation. */ required?: pulumi.Input; /** * Data type of the parameter. Valid values: `string`, `number`, `integer`, `boolean`, `array`. */ type: pulumi.Input; } export interface AgentAgentActionGroupTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface AgentAgentAliasRoutingConfiguration { /** * Version of the agent with which the alias is associated. */ agentVersion: pulumi.Input; /** * ARN of the Provisioned Throughput assigned to the agent alias. */ provisionedThroughput: pulumi.Input; } export interface AgentAgentAliasTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface AgentAgentCollaboratorAgentDescriptor { /** * ARN of the Alias of an Agent to use as the collaborator. */ aliasArn: pulumi.Input; } export interface AgentAgentCollaboratorTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface AgentAgentGuardrailConfiguration { /** * Unique identifier of the guardrail. */ guardrailIdentifier: pulumi.Input; /** * Version of the guardrail. */ guardrailVersion: pulumi.Input; } export interface AgentAgentKnowledgeBaseAssociationTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface AgentAgentMemoryConfiguration { /** * The type of memory being stored by the agent. See [AWS API documentation](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_agent_MemoryConfiguration.html) for possible values. */ enabledMemoryTypes: pulumi.Input[]>; /** * Configuration block for `SESSION_SUMMARY` memory type enabled for the agent. See `sessionSummaryConfiguration` Block for details. */ sessionSummaryConfigurations: pulumi.Input[]>; /** * The number of days the agent is configured to retain the conversational context. Minimum value of 0, maximum value of 30. */ storageDays: pulumi.Input; } export interface AgentAgentMemoryConfigurationSessionSummaryConfiguration { /** * Maximum number of recent session summaries to include in the agent's prompt context. */ maxRecentSessions: pulumi.Input; } export interface AgentAgentPromptOverrideConfiguration { /** * ARN of the Lambda function to use when parsing the raw foundation model output in parts of the agent sequence. If you specify this field, at least one of the `promptConfigurations` block must contain a `parserMode` value that is set to `OVERRIDDEN`. */ overrideLambda: pulumi.Input; /** * Configurations to override a prompt template in one part of an agent sequence. See `promptConfigurations` Block for details. */ promptConfigurations: pulumi.Input[]>; } export interface AgentAgentPromptOverrideConfigurationPromptConfiguration { /** * prompt template with which to replace the default prompt template. You can use placeholder variables in the base prompt template to customize the prompt. For more information, see [Prompt template placeholder variables](https://docs.aws.amazon.com/bedrock/latest/userguide/prompt-placeholders.html). */ basePromptTemplate: pulumi.Input; /** * Inference parameters to use when the agent invokes a foundation model in the part of the agent sequence defined by the `promptType`. For more information, see [Inference parameters for foundation models](https://docs.aws.amazon.com/bedrock/latest/userguide/model-parameters.html). See `inferenceConfiguration` Block for details. */ inferenceConfigurations: pulumi.Input[]>; /** * Whether to override the default parser Lambda function when parsing the raw foundation model output in the part of the agent sequence defined by the `promptType`. If you set the argument as `OVERRIDDEN`, the `overrideLambda` argument in the `promptOverrideConfiguration` block must be specified with the ARN of a Lambda function. Valid values: `DEFAULT`, `OVERRIDDEN`. */ parserMode: pulumi.Input; /** * Whether to override the default prompt template for this `promptType`. Set this argument to `OVERRIDDEN` to use the prompt that you provide in the `basePromptTemplate`. If you leave it as `DEFAULT`, the agent uses a default prompt template. Valid values: `DEFAULT`, `OVERRIDDEN`. */ promptCreationMode: pulumi.Input; /** * Whether to allow the agent to carry out the step specified in the `promptType`. If you set this argument to `DISABLED`, the agent skips that step. Valid Values: `ENABLED`, `DISABLED`. */ promptState: pulumi.Input; /** * Step in the agent sequence that this prompt configuration applies to. Valid values: `PRE_PROCESSING`, `ORCHESTRATION`, `POST_PROCESSING`, `KNOWLEDGE_BASE_RESPONSE_GENERATION`. */ promptType: pulumi.Input; } export interface AgentAgentPromptOverrideConfigurationPromptConfigurationInferenceConfiguration { /** * Maximum number of tokens to allow in the generated response. */ maxLength: pulumi.Input; /** * List of stop sequences. A stop sequence is a sequence of characters that causes the model to stop generating the response. */ stopSequences: pulumi.Input[]>; /** * Likelihood of the model selecting higher-probability options while generating a response. A lower value makes the model more likely to choose higher-probability options, while a higher value makes the model more likely to choose lower-probability options. */ temperature: pulumi.Input; /** * Number of top most-likely candidates, between 0 and 500, from which the model chooses the next token in the sequence. */ topK: pulumi.Input; /** * Top percentage of the probability distribution of next tokens, between 0 and 1 (denoting 0% and 100%), from which the model chooses the next token in the sequence. */ topP: pulumi.Input; } export interface AgentAgentTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface AgentDataSourceDataSourceConfiguration { /** * Details about the configuration of the Confluence data source. See `confluenceDataSourceConfiguration` block for details. */ confluenceConfiguration?: pulumi.Input; /** * Details about the configuration of the S3 object containing the data source. See `s3DataSourceConfiguration` block for details. */ s3Configuration?: pulumi.Input; /** * Details about the configuration of the Salesforce data source. See `salesforceDataSourceConfiguration` block for details. */ salesforceConfiguration?: pulumi.Input; /** * Details about the configuration of the SharePoint data source. See `sharePointDataSourceConfiguration` block for details. */ sharePointConfiguration?: pulumi.Input; /** * Type of storage for the data source. Valid values: `S3`, `WEB`, `CONFLUENCE`, `SALESFORCE`, `SHAREPOINT`, `CUSTOM`, `REDSHIFT_METADATA`. */ type: pulumi.Input; /** * Details about the configuration of the web data source. See `webDataSourceConfiguration` block for details. */ webConfiguration?: pulumi.Input; } export interface AgentDataSourceDataSourceConfigurationConfluenceConfiguration { crawlerConfiguration?: pulumi.Input; sourceConfiguration?: pulumi.Input; } export interface AgentDataSourceDataSourceConfigurationConfluenceConfigurationCrawlerConfiguration { /** * The Salesforce standard object configuration. See `filterConfiguration` block for details. */ filterConfiguration?: pulumi.Input; } export interface AgentDataSourceDataSourceConfigurationConfluenceConfigurationCrawlerConfigurationFilterConfiguration { /** * The configuration of filtering certain objects or content types of the data source. See `patternObjectFilter` block for details. */ patternObjectFilters?: pulumi.Input[]>; /** * The type of filtering that you want to apply to certain objects or content of the data source. For example, the PATTERN type is regular expression patterns you can apply to filter your content. */ type: pulumi.Input; } export interface AgentDataSourceDataSourceConfigurationConfluenceConfigurationCrawlerConfigurationFilterConfigurationPatternObjectFilter { /** * The configuration of specific filters applied to your data source content. Minimum of 1 filter and maximum of 25 filters. * * Each filter object should contain the following configuration: */ filters?: pulumi.Input[]>; } export interface AgentDataSourceDataSourceConfigurationConfluenceConfigurationCrawlerConfigurationFilterConfigurationPatternObjectFilterFilter { exclusionFilters?: pulumi.Input[]>; inclusionFilters?: pulumi.Input[]>; /** * The supported object type or content type of the data source. */ objectType: pulumi.Input; } export interface AgentDataSourceDataSourceConfigurationConfluenceConfigurationSourceConfiguration { /** * The supported authentication type to authenticate and connect to your SharePoint site. Valid values: `OAUTH2_CLIENT_CREDENTIALS`, `OAUTH2_SHAREPOINT_APP_ONLY_CLIENT_CREDENTIALS`. */ authType: pulumi.Input; /** * The Amazon Resource Name of an AWS Secrets Manager secret that stores your authentication credentials for your SharePoint site. For more information on the key-value pairs that must be included in your secret, depending on your authentication type, see SharePoint connection configuration. Pattern: ^arn:aws(|-cn|-us-gov):secretsmanager:[a-z0-9-]{1,20}:([0-9]{12}|):secret:[a-zA-Z0-9!/_+=.@-]{1,512}$. */ credentialsSecretArn: pulumi.Input; /** * The supported host type, whether online/cloud or server/on-premises. Valid values: `ONLINE`. */ hostType: pulumi.Input; /** * The Salesforce host URL or instance URL. Pattern: `^https://[A-Za-z0-9][^\s]*$`. */ hostUrl: pulumi.Input; } export interface AgentDataSourceDataSourceConfigurationS3Configuration { /** * ARN of the bucket that contains the data source. */ bucketArn: pulumi.Input; /** * Bucket account owner ID for the S3 bucket. */ bucketOwnerAccountId?: pulumi.Input; /** * List of S3 prefixes that define the object containing the data sources. For more information, see [Organizing objects using prefixes](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-prefixes.html). */ inclusionPrefixes?: pulumi.Input[]>; } export interface AgentDataSourceDataSourceConfigurationSalesforceConfiguration { crawlerConfiguration?: pulumi.Input; sourceConfiguration?: pulumi.Input; } export interface AgentDataSourceDataSourceConfigurationSalesforceConfigurationCrawlerConfiguration { /** * The Salesforce standard object configuration. See `filterConfiguration` block for details. */ filterConfiguration?: pulumi.Input; } export interface AgentDataSourceDataSourceConfigurationSalesforceConfigurationCrawlerConfigurationFilterConfiguration { /** * The configuration of filtering certain objects or content types of the data source. See `patternObjectFilter` block for details. */ patternObjectFilters?: pulumi.Input[]>; /** * The type of filtering that you want to apply to certain objects or content of the data source. For example, the PATTERN type is regular expression patterns you can apply to filter your content. */ type: pulumi.Input; } export interface AgentDataSourceDataSourceConfigurationSalesforceConfigurationCrawlerConfigurationFilterConfigurationPatternObjectFilter { /** * The configuration of specific filters applied to your data source content. Minimum of 1 filter and maximum of 25 filters. * * Each filter object should contain the following configuration: */ filters?: pulumi.Input[]>; } export interface AgentDataSourceDataSourceConfigurationSalesforceConfigurationCrawlerConfigurationFilterConfigurationPatternObjectFilterFilter { exclusionFilters?: pulumi.Input[]>; inclusionFilters?: pulumi.Input[]>; /** * The supported object type or content type of the data source. */ objectType: pulumi.Input; } export interface AgentDataSourceDataSourceConfigurationSalesforceConfigurationSourceConfiguration { /** * The supported authentication type to authenticate and connect to your SharePoint site. Valid values: `OAUTH2_CLIENT_CREDENTIALS`, `OAUTH2_SHAREPOINT_APP_ONLY_CLIENT_CREDENTIALS`. */ authType: pulumi.Input; /** * The Amazon Resource Name of an AWS Secrets Manager secret that stores your authentication credentials for your SharePoint site. For more information on the key-value pairs that must be included in your secret, depending on your authentication type, see SharePoint connection configuration. Pattern: ^arn:aws(|-cn|-us-gov):secretsmanager:[a-z0-9-]{1,20}:([0-9]{12}|):secret:[a-zA-Z0-9!/_+=.@-]{1,512}$. */ credentialsSecretArn: pulumi.Input; /** * The Salesforce host URL or instance URL. Pattern: `^https://[A-Za-z0-9][^\s]*$`. */ hostUrl: pulumi.Input; } export interface AgentDataSourceDataSourceConfigurationSharePointConfiguration { crawlerConfiguration?: pulumi.Input; sourceConfiguration?: pulumi.Input; } export interface AgentDataSourceDataSourceConfigurationSharePointConfigurationCrawlerConfiguration { /** * The Salesforce standard object configuration. See `filterConfiguration` block for details. */ filterConfiguration?: pulumi.Input; } export interface AgentDataSourceDataSourceConfigurationSharePointConfigurationCrawlerConfigurationFilterConfiguration { /** * The configuration of filtering certain objects or content types of the data source. See `patternObjectFilter` block for details. */ patternObjectFilters?: pulumi.Input[]>; /** * The type of filtering that you want to apply to certain objects or content of the data source. For example, the PATTERN type is regular expression patterns you can apply to filter your content. */ type: pulumi.Input; } export interface AgentDataSourceDataSourceConfigurationSharePointConfigurationCrawlerConfigurationFilterConfigurationPatternObjectFilter { /** * The configuration of specific filters applied to your data source content. Minimum of 1 filter and maximum of 25 filters. * * Each filter object should contain the following configuration: */ filters?: pulumi.Input[]>; } export interface AgentDataSourceDataSourceConfigurationSharePointConfigurationCrawlerConfigurationFilterConfigurationPatternObjectFilterFilter { exclusionFilters?: pulumi.Input[]>; inclusionFilters?: pulumi.Input[]>; /** * The supported object type or content type of the data source. */ objectType: pulumi.Input; } export interface AgentDataSourceDataSourceConfigurationSharePointConfigurationSourceConfiguration { /** * The supported authentication type to authenticate and connect to your SharePoint site. Valid values: `OAUTH2_CLIENT_CREDENTIALS`, `OAUTH2_SHAREPOINT_APP_ONLY_CLIENT_CREDENTIALS`. */ authType: pulumi.Input; /** * The Amazon Resource Name of an AWS Secrets Manager secret that stores your authentication credentials for your SharePoint site. For more information on the key-value pairs that must be included in your secret, depending on your authentication type, see SharePoint connection configuration. Pattern: ^arn:aws(|-cn|-us-gov):secretsmanager:[a-z0-9-]{1,20}:([0-9]{12}|):secret:[a-zA-Z0-9!/_+=.@-]{1,512}$. */ credentialsSecretArn: pulumi.Input; /** * The domain of your SharePoint instance or site URL/URLs. */ domain: pulumi.Input; /** * The supported host type, whether online/cloud or server/on-premises. Valid values: `ONLINE`. */ hostType: pulumi.Input; /** * A list of one or more SharePoint site URLs. */ siteUrls: pulumi.Input[]>; /** * The identifier of your Microsoft 365 tenant. */ tenantId?: pulumi.Input; } export interface AgentDataSourceDataSourceConfigurationWebConfiguration { crawlerConfiguration?: pulumi.Input; sourceConfiguration?: pulumi.Input; } export interface AgentDataSourceDataSourceConfigurationWebConfigurationCrawlerConfiguration { /** * Configuration of crawl limits for the web URLs. See `crawlerLimits` block for details. */ crawlerLimits?: pulumi.Input; /** * List of one or more exclusion regular expression patterns to exclude certain object types that adhere to the pattern. */ exclusionFilters?: pulumi.Input[]>; /** * List of one or more inclusion regular expression patterns to include certain object types that adhere to the pattern. */ inclusionFilters?: pulumi.Input[]>; /** * Scope of what is crawled for your URLs. */ scope?: pulumi.Input; /** * String used for identifying the crawler or a bot when it accesses a web server. Default value is `bedrockbot_UUID`. */ userAgent?: pulumi.Input; } export interface AgentDataSourceDataSourceConfigurationWebConfigurationCrawlerConfigurationCrawlerLimits { /** * Max number of web pages crawled from your source URLs, up to 25,000 pages. */ maxPages?: pulumi.Input; /** * Max rate at which pages are crawled, up to 300 per minute per host. */ rateLimit?: pulumi.Input; } export interface AgentDataSourceDataSourceConfigurationWebConfigurationSourceConfiguration { /** * The URL configuration of your web data source. See `urlConfiguration` block for details. */ urlConfiguration: pulumi.Input; } export interface AgentDataSourceDataSourceConfigurationWebConfigurationSourceConfigurationUrlConfiguration { /** * List of one or more seed URLs to crawl. See `seedUrls` block for details. */ seedUrls?: pulumi.Input[]>; } export interface AgentDataSourceDataSourceConfigurationWebConfigurationSourceConfigurationUrlConfigurationSeedUrl { /** * Seed or starting point URL. Must match the pattern `^https?://[A-Za-z0-9][^\s]*$`. */ url?: pulumi.Input; } export interface AgentDataSourceServerSideEncryptionConfiguration { /** * ARN of the AWS KMS key used to encrypt the resource. */ kmsKeyArn?: pulumi.Input; } export interface AgentDataSourceTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; } export interface AgentDataSourceVectorIngestionConfiguration { /** * Details about how to chunk the documents in the data source. A chunk refers to an excerpt from a data source that is returned when the knowledge base that it belongs to is queried. See `chunkingConfiguration` block for details. */ chunkingConfiguration?: pulumi.Input; /** * Configuration for custom transformation of data source documents. */ customTransformationConfiguration?: pulumi.Input; /** * Configuration for custom parsing of data source documents. See `parsingConfiguration` block for details. */ parsingConfiguration?: pulumi.Input; } export interface AgentDataSourceVectorIngestionConfigurationChunkingConfiguration { /** * Option for chunking your source data, either in fixed-sized chunks or as one chunk. Valid values: `FIXED_SIZE`, `HIERARCHICAL`, `SEMANTIC`, `NONE`. */ chunkingStrategy: pulumi.Input; /** * Configurations for when you choose fixed-size chunking. Requires chunkingStrategy as `FIXED_SIZE`. See `fixedSizeChunkingConfiguration` for details. */ fixedSizeChunkingConfiguration?: pulumi.Input; /** * Configurations for when you choose hierarchical chunking. Requires chunkingStrategy as `HIERARCHICAL`. See `hierarchicalChunkingConfiguration` for details. */ hierarchicalChunkingConfiguration?: pulumi.Input; /** * Configurations for when you choose semantic chunking. Requires chunkingStrategy as `SEMANTIC`. See `semanticChunkingConfiguration` for details. */ semanticChunkingConfiguration?: pulumi.Input; } export interface AgentDataSourceVectorIngestionConfigurationChunkingConfigurationFixedSizeChunkingConfiguration { /** * Maximum number of tokens to include in a chunk. */ maxTokens: pulumi.Input; /** * Percentage of overlap between adjacent chunks of a data source. */ overlapPercentage: pulumi.Input; } export interface AgentDataSourceVectorIngestionConfigurationChunkingConfigurationHierarchicalChunkingConfiguration { /** * Maximum number of tokens to include in a chunk. Must contain two `levelConfigurations`. See `levelConfigurations` for details. */ levelConfigurations?: pulumi.Input[]>; /** * The number of tokens to repeat across chunks in the same layer. */ overlapTokens: pulumi.Input; } export interface AgentDataSourceVectorIngestionConfigurationChunkingConfigurationHierarchicalChunkingConfigurationLevelConfiguration { /** * The maximum number of tokens that a chunk can contain in this layer. */ maxTokens: pulumi.Input; } export interface AgentDataSourceVectorIngestionConfigurationChunkingConfigurationSemanticChunkingConfiguration { /** * The dissimilarity threshold for splitting chunks. */ breakpointPercentileThreshold: pulumi.Input; /** * The buffer size. */ bufferSize: pulumi.Input; /** * The maximum number of tokens a chunk can contain. */ maxToken: pulumi.Input; } export interface AgentDataSourceVectorIngestionConfigurationCustomTransformationConfiguration { /** * The intermediate storage for custom transformation. */ intermediateStorage?: pulumi.Input; /** * A custom processing step for documents moving through the data source ingestion pipeline. */ transformation?: pulumi.Input; } export interface AgentDataSourceVectorIngestionConfigurationCustomTransformationConfigurationIntermediateStorage { /** * Configuration block for intermedia S3 storage. */ s3Location?: pulumi.Input; } export interface AgentDataSourceVectorIngestionConfigurationCustomTransformationConfigurationIntermediateStorageS3Location { /** * S3 URI for intermediate storage. */ uri: pulumi.Input; } export interface AgentDataSourceVectorIngestionConfigurationCustomTransformationConfigurationTransformation { /** * When the service applies the transformation. Currently only `POST_CHUNKING` is supported. */ stepToApply: pulumi.Input; /** * The lambda function that processes documents. */ transformationFunction?: pulumi.Input; } export interface AgentDataSourceVectorIngestionConfigurationCustomTransformationConfigurationTransformationTransformationFunction { /** * The configuration of the lambda function. */ transformationLambdaConfiguration?: pulumi.Input; } export interface AgentDataSourceVectorIngestionConfigurationCustomTransformationConfigurationTransformationTransformationFunctionTransformationLambdaConfiguration { /** * The ARN of the lambda to use for custom transformation. */ lambdaArn: pulumi.Input; } export interface AgentDataSourceVectorIngestionConfigurationParsingConfiguration { /** * Settings for using Amazon Bedrock Data Automation to parse documents. See `bedrockDataAutomationConfiguration` block for details. */ bedrockDataAutomationConfiguration?: pulumi.Input; /** * Settings for a foundation model used to parse documents in a data source. See `bedrockFoundationModelConfiguration` block for details. */ bedrockFoundationModelConfiguration?: pulumi.Input; /** * The parsing strategy to use. Valid values: `BEDROCK_FOUNDATION_MODEL`, `BEDROCK_DATA_AUTOMATION`. */ parsingStrategy: pulumi.Input; } export interface AgentDataSourceVectorIngestionConfigurationParsingConfigurationBedrockDataAutomationConfiguration { /** * Specifies whether to enable parsing of multimodal data, including both text and images. Valid value: `MULTIMODAL`. */ parsingModality?: pulumi.Input; } export interface AgentDataSourceVectorIngestionConfigurationParsingConfigurationBedrockFoundationModelConfiguration { /** * The ARN of the model used to parse documents */ modelArn: pulumi.Input; /** * Specifies whether to enable parsing of multimodal data, including both text and images. Valid values: `MULTIMODAL`. */ parsingModality?: pulumi.Input; /** * Instructions for interpreting the contents of the document. See `parsingPrompt` block for details. */ parsingPrompt?: pulumi.Input; } export interface AgentDataSourceVectorIngestionConfigurationParsingConfigurationBedrockFoundationModelConfigurationParsingPrompt { /** * Instructions for interpreting the contents of the document. */ parsingPromptString: pulumi.Input; } export interface AgentFlowDefinition { /** * A list of connection definitions in the flow. See Connection for more information. */ connections?: pulumi.Input[]>; /** * A list of node definitions in the flow. See Node for more information. */ nodes?: pulumi.Input[]>; } export interface AgentFlowDefinitionConnection { /** * Configuration of the connection. See Connection Configuration for more information. */ configuration?: pulumi.Input; /** * A name for the connection that you can reference. */ name: pulumi.Input; /** * The node that the connection starts at. */ source: pulumi.Input; /** * The node that the connection ends at. */ target: pulumi.Input; /** * Whether the source node that the connection begins from is a condition node `Conditional` or not `Data`. */ type: pulumi.Input; } export interface AgentFlowDefinitionConnectionConfiguration { /** * The configuration of a connection originating from a Condition node. See Conditional Connection Configuration for more information. */ conditional?: pulumi.Input; /** * The configuration of a connection originating from a node that isn’t a Condition node. See Data Connection Configuration for more information. */ data?: pulumi.Input; } export interface AgentFlowDefinitionConnectionConfigurationConditional { condition: pulumi.Input; } export interface AgentFlowDefinitionConnectionConfigurationData { /** * The name of the output in the source node that the connection begins from. */ sourceOutput: pulumi.Input; /** * The name of the input in the target node that the connection ends at. */ targetInput: pulumi.Input; } export interface AgentFlowDefinitionNode { /** * Contains configurations for the node. See Node Configuration for more information. */ configuration?: pulumi.Input; /** * A list of objects containing information about an input into the node. See Node Input for more information. */ inputs?: pulumi.Input[]>; /** * A name for the node. */ name: pulumi.Input; /** * A list of objects containing information about an output from the node. See Node Output for more information. */ outputs?: pulumi.Input[]>; /** * The type of node. This value must match the name of the key that you provide in the configuration. Valid values: `Agent`, `Collector`, `Condition`, `Input`, `Iterator`, `KnowledgeBase`, `LambdaFunction`, `Lex`, `Output`, `Prompt`, `Retrieval`, `Storage` */ type: pulumi.Input; } export interface AgentFlowDefinitionNodeConfiguration { /** * Contains configurations for an agent node in your flow. Invokes an alias of an agent and returns the response. See Agent Node Configuration for more information. */ agent?: pulumi.Input; /** * Contains configurations for a collector node in your flow. Collects an iteration of inputs and consolidates them into an array of outputs. This object has no fields. */ collector?: pulumi.Input; condition?: pulumi.Input; /** * Contains configurations for an inline code node in your flow. See Inline Code Node Configuration for more information. */ inlineCode?: pulumi.Input; input?: pulumi.Input; /** * Contains configurations for an iterator node in your flow. Takes an input that is an array and iteratively sends each item of the array as an output to the following node. The size of the array is also returned in the output. The output flow node at the end of the flow iteration will return a response for each member of the array. To return only one response, you can include a collector node downstream from the iterator node. This object has no fields. */ iterator?: pulumi.Input; /** * Contains configurations for a knowledge base node in your flow. Queries a knowledge base and returns the retrieved results or generated response. See Knowledge Base Node Configuration for more information. */ knowledgeBase?: pulumi.Input; /** * Contains configurations for a Lambda function node in your flow. Invokes a Lambda function. See Lambda Function Node Configuration for more information. */ lambdaFunction?: pulumi.Input; /** * Contains configurations for a Lex node in your flow. Invokes an Amazon Lex bot to identify the intent of the input and return the intent as the output. See Lex Node Configuration for more information. */ lex?: pulumi.Input; output?: pulumi.Input; /** * Contains configurations for a prompt node in your flow. Runs a prompt and generates the model response as the output. You can use a prompt from Prompt management or you can configure one in this node. See Prompt Node Configuration for more information. */ prompt?: pulumi.Input; /** * Contains configurations for a Retrieval node in your flow. Retrieves data from an Amazon S3 location and returns it as the output. See Retrieval Node Configuration for more information. */ retrieval?: pulumi.Input; /** * Contains configurations for a Storage node in your flow. Stores an input in an Amazon S3 location. See Storage Node Configuration for more information. */ storage?: pulumi.Input; } export interface AgentFlowDefinitionNodeConfigurationAgent { /** * The Amazon Resource Name (ARN) of the alias of the agent to invoke. */ agentAliasArn: pulumi.Input; } export interface AgentFlowDefinitionNodeConfigurationCollector { } export interface AgentFlowDefinitionNodeConfigurationCondition { conditions?: pulumi.Input[]>; } export interface AgentFlowDefinitionNodeConfigurationConditionCondition { expression?: pulumi.Input; /** * A name for the flow. */ name: pulumi.Input; } export interface AgentFlowDefinitionNodeConfigurationInlineCode { /** * The code that's executed in your inline code node. */ code: pulumi.Input; /** * The programming language used by your inline code node. */ language: pulumi.Input; } export interface AgentFlowDefinitionNodeConfigurationInput { } export interface AgentFlowDefinitionNodeConfigurationIterator { } export interface AgentFlowDefinitionNodeConfigurationKnowledgeBase { /** * Contains configurations for a guardrail to apply during query and response generation for the knowledge base in this configuration. See Guardrail Configuration for more information. */ guardrailConfiguration?: pulumi.Input; /** * Contains inference configurations for the prompt. See Prompt Inference Configuration for more information. */ inferenceConfiguration?: pulumi.Input; /** * The unique identifier of the knowledge base to query. */ knowledgeBaseId: pulumi.Input; modelId: pulumi.Input; numberOfResults?: pulumi.Input; } export interface AgentFlowDefinitionNodeConfigurationKnowledgeBaseGuardrailConfiguration { /** * The unique identifier of the guardrail. */ guardrailIdentifier: pulumi.Input; /** * The version of the guardrail. */ guardrailVersion: pulumi.Input; } export interface AgentFlowDefinitionNodeConfigurationKnowledgeBaseInferenceConfiguration { text?: pulumi.Input; } export interface AgentFlowDefinitionNodeConfigurationKnowledgeBaseInferenceConfigurationText { /** * Maximum number of tokens to return in the response. */ maxTokens?: pulumi.Input; /** * List of strings that define sequences after which the model will stop generating. */ stopSequences?: pulumi.Input[]>; /** * Controls the randomness of the response. Choose a lower value for more predictable outputs and a higher value for more surprising outputs. */ temperature?: pulumi.Input; /** * Percentage of most-likely candidates that the model considers for the next token. */ topP?: pulumi.Input; } export interface AgentFlowDefinitionNodeConfigurationLambdaFunction { /** * The Amazon Resource Name (ARN) of the Lambda function to invoke. */ lambdaArn: pulumi.Input; } export interface AgentFlowDefinitionNodeConfigurationLex { /** * The Amazon Resource Name (ARN) of the Amazon Lex bot alias to invoke. */ botAliasArn: pulumi.Input; /** * The Region to invoke the Amazon Lex bot in */ localeId: pulumi.Input; } export interface AgentFlowDefinitionNodeConfigurationOutput { } export interface AgentFlowDefinitionNodeConfigurationPrompt { /** * Contains configurations for a guardrail to apply during query and response generation for the knowledge base in this configuration. See Guardrail Configuration for more information. */ guardrailConfiguration?: pulumi.Input; sourceConfiguration?: pulumi.Input; } export interface AgentFlowDefinitionNodeConfigurationPromptGuardrailConfiguration { /** * The unique identifier of the guardrail. */ guardrailIdentifier: pulumi.Input; /** * The version of the guardrail. */ guardrailVersion: pulumi.Input; } export interface AgentFlowDefinitionNodeConfigurationPromptSourceConfiguration { /** * Contains configurations for a prompt that is defined inline. See Prompt Inline Configuration for more information. */ inline?: pulumi.Input; /** * Contains configurations for a prompt from Prompt management. See Prompt Resource Configuration for more information. */ resource?: pulumi.Input; } export interface AgentFlowDefinitionNodeConfigurationPromptSourceConfigurationInline { /** * Additional fields to be included in the model request for the Prompt node. */ additionalModelRequestFields?: pulumi.Input; /** * Contains inference configurations for the prompt. See Prompt Inference Configuration for more information. */ inferenceConfiguration?: pulumi.Input; modelId: pulumi.Input; /** * Contains a prompt and variables in the prompt that can be replaced with values at runtime. See Prompt Template Configuration for more information. */ templateConfiguration?: pulumi.Input; /** * The type of prompt template. Valid values: `TEXT`, `CHAT`. */ templateType: pulumi.Input; } export interface AgentFlowDefinitionNodeConfigurationPromptSourceConfigurationInlineInferenceConfiguration { text?: pulumi.Input; } export interface AgentFlowDefinitionNodeConfigurationPromptSourceConfigurationInlineInferenceConfigurationText { /** * Maximum number of tokens to return in the response. */ maxTokens?: pulumi.Input; /** * List of strings that define sequences after which the model will stop generating. */ stopSequences?: pulumi.Input[]>; /** * Controls the randomness of the response. Choose a lower value for more predictable outputs and a higher value for more surprising outputs. */ temperature?: pulumi.Input; /** * Percentage of most-likely candidates that the model considers for the next token. */ topP?: pulumi.Input; } export interface AgentFlowDefinitionNodeConfigurationPromptSourceConfigurationInlineTemplateConfiguration { /** * Contains configurations to use the prompt in a conversational format. See Chat Template Configuration for more information. */ chat?: pulumi.Input; text?: pulumi.Input; } export interface AgentFlowDefinitionNodeConfigurationPromptSourceConfigurationInlineTemplateConfigurationChat { inputVariables?: pulumi.Input[]>; /** * A list of messages in the chat for the prompt. See Message for more information. */ messages: pulumi.Input[]>; /** * A list of system prompts to provide context to the model or to describe how it should behave. See System for more information. */ systems?: pulumi.Input[]>; /** * Configuration information for the tools that the model can use when generating a response. See Tool Configuration for more information. */ toolConfiguration?: pulumi.Input; } export interface AgentFlowDefinitionNodeConfigurationPromptSourceConfigurationInlineTemplateConfigurationChatInputVariable { /** * The name of the variable. */ name: pulumi.Input; } export interface AgentFlowDefinitionNodeConfigurationPromptSourceConfigurationInlineTemplateConfigurationChatMessage { /** * Contains the content for the message you pass to, or receive from a model. See [Message Content] for more information. */ content?: pulumi.Input; /** * The role that the message belongs to. */ role: pulumi.Input; } export interface AgentFlowDefinitionNodeConfigurationPromptSourceConfigurationInlineTemplateConfigurationChatMessageContent { cachePoint?: pulumi.Input; text?: pulumi.Input; } export interface AgentFlowDefinitionNodeConfigurationPromptSourceConfigurationInlineTemplateConfigurationChatMessageContentCachePoint { /** * Indicates that the CachePointBlock is of the default type. Valid values: `default`. */ type: pulumi.Input; } export interface AgentFlowDefinitionNodeConfigurationPromptSourceConfigurationInlineTemplateConfigurationChatSystem { /** * Creates a cache checkpoint within a tool designation. See Cache Point for more information. */ cachePoint?: pulumi.Input; /** * The text in the system prompt. */ text?: pulumi.Input; } export interface AgentFlowDefinitionNodeConfigurationPromptSourceConfigurationInlineTemplateConfigurationChatSystemCachePoint { /** * Indicates that the CachePointBlock is of the default type. Valid values: `default`. */ type: pulumi.Input; } export interface AgentFlowDefinitionNodeConfigurationPromptSourceConfigurationInlineTemplateConfigurationChatToolConfiguration { /** * Defines which tools the model should request when invoked. See Tool Choice for more information. */ toolChoice?: pulumi.Input; /** * A list of tools to pass to a model. See Tool for more information. */ tools?: pulumi.Input[]>; } export interface AgentFlowDefinitionNodeConfigurationPromptSourceConfigurationInlineTemplateConfigurationChatToolConfigurationTool { /** * Creates a cache checkpoint within a tool designation. See Cache Point for more information. */ cachePoint?: pulumi.Input; /** * The specification for the tool. See Tool Specification for more information. */ toolSpec?: pulumi.Input; } export interface AgentFlowDefinitionNodeConfigurationPromptSourceConfigurationInlineTemplateConfigurationChatToolConfigurationToolCachePoint { /** * Indicates that the CachePointBlock is of the default type. Valid values: `default`. */ type: pulumi.Input; } export interface AgentFlowDefinitionNodeConfigurationPromptSourceConfigurationInlineTemplateConfigurationChatToolConfigurationToolChoice { /** * Defines tools, at least one of which must be requested by the model. No text is generated but the results of tool use are sent back to the model to help generate a response. This object has no fields. */ any?: pulumi.Input; /** * Defines tools. The model automatically decides whether to call a tool or to generate text instead. This object has no fields. */ auto?: pulumi.Input; /** * Defines a specific tool that the model must request. No text is generated but the results of tool use are sent back to the model to help generate a response. See Named Tool for more information. */ tool?: pulumi.Input; } export interface AgentFlowDefinitionNodeConfigurationPromptSourceConfigurationInlineTemplateConfigurationChatToolConfigurationToolChoiceAny { } export interface AgentFlowDefinitionNodeConfigurationPromptSourceConfigurationInlineTemplateConfigurationChatToolConfigurationToolChoiceAuto { } export interface AgentFlowDefinitionNodeConfigurationPromptSourceConfigurationInlineTemplateConfigurationChatToolConfigurationToolChoiceTool { /** * A name for the flow. */ name: pulumi.Input; } export interface AgentFlowDefinitionNodeConfigurationPromptSourceConfigurationInlineTemplateConfigurationChatToolConfigurationToolToolSpec { /** * A description for the flow. */ description?: pulumi.Input; /** * The input schema of the tool. See Tool Input Schema for more information. */ inputSchema?: pulumi.Input; /** * A name for the flow. */ name: pulumi.Input; } export interface AgentFlowDefinitionNodeConfigurationPromptSourceConfigurationInlineTemplateConfigurationChatToolConfigurationToolToolSpecInputSchema { /** * A JSON object defining the input schema for the tool. */ json?: pulumi.Input; } export interface AgentFlowDefinitionNodeConfigurationPromptSourceConfigurationInlineTemplateConfigurationText { cachePoint?: pulumi.Input; inputVariables?: pulumi.Input[]>; text: pulumi.Input; } export interface AgentFlowDefinitionNodeConfigurationPromptSourceConfigurationInlineTemplateConfigurationTextCachePoint { /** * Indicates that the CachePointBlock is of the default type. Valid values: `default`. */ type: pulumi.Input; } export interface AgentFlowDefinitionNodeConfigurationPromptSourceConfigurationInlineTemplateConfigurationTextInputVariable { /** * The name of the variable. */ name: pulumi.Input; } export interface AgentFlowDefinitionNodeConfigurationPromptSourceConfigurationResource { /** * The Amazon Resource Name (ARN) of the prompt from Prompt management. */ promptArn: pulumi.Input; } export interface AgentFlowDefinitionNodeConfigurationRetrieval { serviceConfiguration?: pulumi.Input; } export interface AgentFlowDefinitionNodeConfigurationRetrievalServiceConfiguration { s3?: pulumi.Input; } export interface AgentFlowDefinitionNodeConfigurationRetrievalServiceConfigurationS3 { bucketName: pulumi.Input; } export interface AgentFlowDefinitionNodeConfigurationStorage { serviceConfiguration?: pulumi.Input; } export interface AgentFlowDefinitionNodeConfigurationStorageServiceConfiguration { s3?: pulumi.Input; } export interface AgentFlowDefinitionNodeConfigurationStorageServiceConfigurationS3 { bucketName: pulumi.Input; } export interface AgentFlowDefinitionNodeInput { /** * How input data flows between iterations in a DoWhile loop. */ category?: pulumi.Input; expression: pulumi.Input; /** * A name for the flow. */ name: pulumi.Input; type: pulumi.Input; } export interface AgentFlowDefinitionNodeOutput { /** * A name for the flow. */ name: pulumi.Input; type: pulumi.Input; } export interface AgentFlowTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface AgentKnowledgeBaseKnowledgeBaseConfiguration { /** * Settings for an Amazon Kendra knowledge base. See `kendraKnowledgeBaseConfiguration` block for details. */ kendraKnowledgeBaseConfiguration?: pulumi.Input; /** * Configurations for a knowledge base connected to an SQL database. See `sqlKnowledgeBaseConfiguration` block for details. */ sqlKnowledgeBaseConfiguration?: pulumi.Input; /** * Type of data that the data source is converted into for the knowledge base. Valid Values: `VECTOR`, `KENDRA`, `SQL`. */ type: pulumi.Input; /** * Details about the model that's used to convert the data source into vector embeddings. See `vectorKnowledgeBaseConfiguration` block for details. */ vectorKnowledgeBaseConfiguration?: pulumi.Input; } export interface AgentKnowledgeBaseKnowledgeBaseConfigurationKendraKnowledgeBaseConfiguration { /** * ARN of the Amazon Kendra index. */ kendraIndexArn: pulumi.Input; } export interface AgentKnowledgeBaseKnowledgeBaseConfigurationSqlKnowledgeBaseConfiguration { /** * Configurations for a knowledge base connected to an Amazon Redshift database. See `redshiftConfiguration` block for details. */ redshiftConfiguration?: pulumi.Input; /** * Type of SQL database to connect to the knowledge base. Valid values: `REDSHIFT`. */ type: pulumi.Input; } export interface AgentKnowledgeBaseKnowledgeBaseConfigurationSqlKnowledgeBaseConfigurationRedshiftConfiguration { /** * Configurations for an Amazon Redshift query engine. See `queryEngineConfiguration` block for details. */ queryEngineConfiguration: pulumi.Input; /** * Configurations for generating queries. See `queryGenerationConfiguration` block for details. */ queryGenerationConfiguration?: pulumi.Input; /** * Configurations for Amazon Redshift database storage. See `storageConfiguration` block for details. */ storageConfiguration: pulumi.Input; } export interface AgentKnowledgeBaseKnowledgeBaseConfigurationSqlKnowledgeBaseConfigurationRedshiftConfigurationQueryEngineConfiguration { /** * Configurations for a provisioned Amazon Redshift query engine. See `provisionedConfiguration` block for details. */ provisionedConfiguration?: pulumi.Input; /** * Configurations for a serverless Amazon Redshift query engine. See `serverlessConfiguration` block for details. */ serverlessConfiguration?: pulumi.Input; /** * Type of query engine. Valid values: `SERVERLESS`, `PROVISIONED`. */ type: pulumi.Input; } export interface AgentKnowledgeBaseKnowledgeBaseConfigurationSqlKnowledgeBaseConfigurationRedshiftConfigurationQueryEngineConfigurationProvisionedConfiguration { /** * Configurations for authentication to Amazon Redshift. See `authConfiguration` block for details. */ authConfiguration: pulumi.Input; /** * ID of the Amazon Redshift cluster. */ clusterIdentifier: pulumi.Input; } export interface AgentKnowledgeBaseKnowledgeBaseConfigurationSqlKnowledgeBaseConfigurationRedshiftConfigurationQueryEngineConfigurationProvisionedConfigurationAuthConfiguration { /** * Database username for authentication to an Amazon Redshift provisioned data warehouse. */ databaseUser?: pulumi.Input; /** * Type of authentication to use. Valid values: `IAM`, `USERNAME_PASSWORD`. */ type: pulumi.Input; /** * ARN of a Secrets Manager secret for authentication. */ usernamePasswordSecretArn?: pulumi.Input; } export interface AgentKnowledgeBaseKnowledgeBaseConfigurationSqlKnowledgeBaseConfigurationRedshiftConfigurationQueryEngineConfigurationServerlessConfiguration { /** * Configurations for authentication to a Redshift Serverless. See `authConfiguration` block for details. */ authConfiguration: pulumi.Input; /** * ARN of the Amazon Redshift workgroup. */ workgroupArn: pulumi.Input; } export interface AgentKnowledgeBaseKnowledgeBaseConfigurationSqlKnowledgeBaseConfigurationRedshiftConfigurationQueryEngineConfigurationServerlessConfigurationAuthConfiguration { /** * Type of authentication to use. Valid values: `IAM`, `USERNAME_PASSWORD`. */ type: pulumi.Input; /** * ARN of a Secrets Manager secret for authentication. */ usernamePasswordSecretArn?: pulumi.Input; } export interface AgentKnowledgeBaseKnowledgeBaseConfigurationSqlKnowledgeBaseConfigurationRedshiftConfigurationQueryGenerationConfiguration { /** * Time after which query generation will time out. */ executionTimeoutSeconds?: pulumi.Input; /** * Configurations for context to use during query generation. See `generationContext` block for details. */ generationContext?: pulumi.Input; } export interface AgentKnowledgeBaseKnowledgeBaseConfigurationSqlKnowledgeBaseConfigurationRedshiftConfigurationQueryGenerationConfigurationGenerationContext { /** * Information about example queries to help the query engine generate appropriate SQL queries. See `curatedQuery` block for details. */ curatedQueries?: pulumi.Input[]>; /** * Information about a table in the database. See `table` block for details. */ tables?: pulumi.Input[]>; } export interface AgentKnowledgeBaseKnowledgeBaseConfigurationSqlKnowledgeBaseConfigurationRedshiftConfigurationQueryGenerationConfigurationGenerationContextCuratedQuery { /** * Example natural language query. */ naturalLanguage: pulumi.Input; /** * SQL equivalent of `naturalLanguage`. */ sql: pulumi.Input; } export interface AgentKnowledgeBaseKnowledgeBaseConfigurationSqlKnowledgeBaseConfigurationRedshiftConfigurationQueryGenerationConfigurationGenerationContextTable { /** * Information about a column in the table. See `column` block for details. */ columns?: pulumi.Input[]>; /** * Description of the table that helps the query engine understand the contents of the table. */ description?: pulumi.Input; /** * Whether to include or exclude the table during query generation. Valid values `INCLUDE`, `EXCLUDE`. */ inclusion?: pulumi.Input; /** * Name of the table for which the other fields in this object apply. */ name: pulumi.Input; } export interface AgentKnowledgeBaseKnowledgeBaseConfigurationSqlKnowledgeBaseConfigurationRedshiftConfigurationQueryGenerationConfigurationGenerationContextTableColumn { /** * Description of the column that helps the query engine understand the contents of the column. */ description?: pulumi.Input; /** * Whether to include or exclude the column during query generation. Valid values `INCLUDE`, `EXCLUDE`. */ inclusion?: pulumi.Input; /** * Name of the column for which the other fields in this object apply. */ name?: pulumi.Input; } export interface AgentKnowledgeBaseKnowledgeBaseConfigurationSqlKnowledgeBaseConfigurationRedshiftConfigurationStorageConfiguration { /** * Configurations for storage in AWS Glue Data Catalog. See `awsDataCatalogConfiguration` block for details. */ awsDataCatalogConfiguration?: pulumi.Input; /** * Configurations for storage in Amazon Redshift. See `redshiftConfiguration` block for details. */ redshiftConfiguration?: pulumi.Input; /** * Vector store service in which the knowledge base is stored. Valid Values: `MONGO_DB_ATLAS`, `OPENSEARCH_SERVERLESS`, `OPENSEARCH_MANAGED_CLUSTER`, `PINECONE`, `REDIS_ENTERPRISE_CLOUD`, `RDS`, `S3_VECTORS`, `NEPTUNE_ANALYTICS`. */ type: pulumi.Input; } export interface AgentKnowledgeBaseKnowledgeBaseConfigurationSqlKnowledgeBaseConfigurationRedshiftConfigurationStorageConfigurationAwsDataCatalogConfiguration { /** * List of names of the tables to use. */ tableNames: pulumi.Input[]>; } export interface AgentKnowledgeBaseKnowledgeBaseConfigurationSqlKnowledgeBaseConfigurationRedshiftConfigurationStorageConfigurationRedshiftConfiguration { /** * Name of the Amazon Redshift database. */ databaseName: pulumi.Input; } export interface AgentKnowledgeBaseKnowledgeBaseConfigurationVectorKnowledgeBaseConfiguration { /** * ARN of the model used to create vector embeddings for the knowledge base. */ embeddingModelArn: pulumi.Input; /** * The embeddings model configuration details for the vector model used in Knowledge Base. See `embeddingModelConfiguration` block for details. */ embeddingModelConfiguration?: pulumi.Input; /** * supplemental_data_storage_configuration. See `supplementalDataStorageConfiguration` block for details. */ supplementalDataStorageConfiguration?: pulumi.Input; } export interface AgentKnowledgeBaseKnowledgeBaseConfigurationVectorKnowledgeBaseConfigurationEmbeddingModelConfiguration { /** * The vector configuration details on the Bedrock embeddings model. See `bedrockEmbeddingModelConfiguration` block for details. */ bedrockEmbeddingModelConfiguration?: pulumi.Input; } export interface AgentKnowledgeBaseKnowledgeBaseConfigurationVectorKnowledgeBaseConfigurationEmbeddingModelConfigurationBedrockEmbeddingModelConfiguration { /** * Dimension details for the vector configuration used on the Bedrock embeddings model. */ dimensions?: pulumi.Input; /** * Data type for the vectors when using a model to convert text into vector embeddings. The model must support the specified data type for vector embeddings. Valid values are `FLOAT32` and `BINARY`. */ embeddingDataType?: pulumi.Input; } export interface AgentKnowledgeBaseKnowledgeBaseConfigurationVectorKnowledgeBaseConfigurationSupplementalDataStorageConfiguration { /** * A storage location specification for images extracted from multimodal documents in your data source. See `storageLocation` block for details. */ storageLocations: pulumi.Input[]>; } export interface AgentKnowledgeBaseKnowledgeBaseConfigurationVectorKnowledgeBaseConfigurationSupplementalDataStorageConfigurationStorageLocation { /** * Contains information about the Amazon S3 location for the extracted images. See `s3Location` block for details. */ s3Location?: pulumi.Input; /** * Storage service used for this location. `S3` is the only valid value. */ type: pulumi.Input; } export interface AgentKnowledgeBaseKnowledgeBaseConfigurationVectorKnowledgeBaseConfigurationSupplementalDataStorageConfigurationStorageLocationS3Location { /** * URI of the location. */ uri: pulumi.Input; } export interface AgentKnowledgeBaseStorageConfiguration { /** * The storage configuration of the knowledge base in MongoDB Atlas. See `mongoDbAtlasConfiguration` block for details. */ mongoDbAtlasConfiguration?: pulumi.Input; /** * The storage configuration of the knowledge base in Amazon Neptune Analytics. See `neptuneAnalyticsConfiguration` block for details. */ neptuneAnalyticsConfiguration?: pulumi.Input; /** * The storage configuration of the knowledge base in Amazon OpenSearch Service Managed Cluster. See `opensearchManagedClusterConfiguration` block for details. */ opensearchManagedClusterConfiguration?: pulumi.Input; /** * The storage configuration of the knowledge base in Amazon OpenSearch Service Serverless. See `opensearchServerlessConfiguration` block for details. */ opensearchServerlessConfiguration?: pulumi.Input; /** * The storage configuration of the knowledge base in Pinecone. See `pineconeConfiguration` block for details. */ pineconeConfiguration?: pulumi.Input; /** * Details about the storage configuration of the knowledge base in Amazon RDS. For more information, see [Create a vector index in Amazon RDS](https://docs.aws.amazon.com/bedrock/latest/userguide/knowledge-base-setup.html). See `rdsConfiguration` block for details. */ rdsConfiguration?: pulumi.Input; /** * The storage configuration of the knowledge base in Redis Enterprise Cloud. See `redisEnterpriseCloudConfiguration` block for details. */ redisEnterpriseCloudConfiguration?: pulumi.Input; /** * The storage configuration of the knowledge base in Amazon S3 Vectors. See `s3VectorsConfiguration` block for details. */ s3VectorsConfiguration?: pulumi.Input; /** * Vector store service in which the knowledge base is stored. Valid Values: `MONGO_DB_ATLAS`, `OPENSEARCH_SERVERLESS`, `OPENSEARCH_MANAGED_CLUSTER`, `PINECONE`, `REDIS_ENTERPRISE_CLOUD`, `RDS`, `S3_VECTORS`, `NEPTUNE_ANALYTICS`. */ type: pulumi.Input; } export interface AgentKnowledgeBaseStorageConfigurationMongoDbAtlasConfiguration { /** * The name of the collection in the MongoDB Atlas database. */ collectionName: pulumi.Input; /** * The ARN of the secret that you created in AWS Secrets Manager that is linked to your MongoDB Atlas database. */ credentialsSecretArn: pulumi.Input; /** * The name of the database in the MongoDB Atlas database. */ databaseName: pulumi.Input; /** * The endpoint URL of the MongoDB Atlas database. */ endpoint: pulumi.Input; /** * The name of the service that hosts the MongoDB Atlas database. */ endpointServiceName?: pulumi.Input; /** * Contains the names of the fields to which to map information about the vector store. */ fieldMapping: pulumi.Input; /** * The name of the vector index. */ textIndexName?: pulumi.Input; /** * The name of the vector index. */ vectorIndexName: pulumi.Input; } export interface AgentKnowledgeBaseStorageConfigurationMongoDbAtlasConfigurationFieldMapping { /** * The name of the field in which Amazon Bedrock stores metadata about the vector store. */ metadataField: pulumi.Input; /** * The name of the field in which Amazon Bedrock stores the raw text from your data. The text is split according to the chunking strategy you choose. */ textField: pulumi.Input; /** * The name of the field in which Amazon Bedrock stores the vector embeddings for your data sources. */ vectorField: pulumi.Input; } export interface AgentKnowledgeBaseStorageConfigurationNeptuneAnalyticsConfiguration { /** * The names of the fields to which to map information about the vector store. This block supports the following arguments: */ fieldMapping: pulumi.Input; /** * ARN of the Neptune Analytics vector store. */ graphArn: pulumi.Input; } export interface AgentKnowledgeBaseStorageConfigurationNeptuneAnalyticsConfigurationFieldMapping { /** * Name of the field in which Amazon Bedrock stores metadata about the vector store. */ metadataField: pulumi.Input; /** * Name of the field in which Amazon Bedrock stores the raw text from your data. The text is split according to the chunking strategy you choose. */ textField: pulumi.Input; } export interface AgentKnowledgeBaseStorageConfigurationOpensearchManagedClusterConfiguration { /** * ARN of the OpenSearch domain. */ domainArn: pulumi.Input; /** * Endpoint URL of the OpenSearch domain. */ domainEndpoint: pulumi.Input; /** * The names of the fields to which to map information about the vector store. This block supports the following arguments: */ fieldMapping: pulumi.Input; /** * Name of the vector store. */ vectorIndexName: pulumi.Input; } export interface AgentKnowledgeBaseStorageConfigurationOpensearchManagedClusterConfigurationFieldMapping { /** * Name of the field in which Amazon Bedrock stores metadata about the vector store. */ metadataField: pulumi.Input; /** * Name of the field in which Amazon Bedrock stores the raw text from your data. The text is split according to the chunking strategy you choose. */ textField: pulumi.Input; /** * Name of the field in which Amazon Bedrock stores the vector embeddings for your data sources. */ vectorField: pulumi.Input; } export interface AgentKnowledgeBaseStorageConfigurationOpensearchServerlessConfiguration { /** * ARN of the OpenSearch Service vector store. */ collectionArn: pulumi.Input; /** * The names of the fields to which to map information about the vector store. This block supports the following arguments: */ fieldMapping: pulumi.Input; /** * Name of the vector store. */ vectorIndexName: pulumi.Input; } export interface AgentKnowledgeBaseStorageConfigurationOpensearchServerlessConfigurationFieldMapping { /** * Name of the field in which Amazon Bedrock stores metadata about the vector store. */ metadataField: pulumi.Input; /** * Name of the field in which Amazon Bedrock stores the raw text from your data. The text is split according to the chunking strategy you choose. */ textField: pulumi.Input; /** * Name of the field in which Amazon Bedrock stores the vector embeddings for your data sources. */ vectorField: pulumi.Input; } export interface AgentKnowledgeBaseStorageConfigurationPineconeConfiguration { /** * Endpoint URL for your index management page. */ connectionString: pulumi.Input; /** * ARN of the secret that you created in AWS Secrets Manager that is linked to your Pinecone API key. */ credentialsSecretArn: pulumi.Input; /** * The names of the fields to which to map information about the vector store. This block supports the following arguments: */ fieldMapping: pulumi.Input; /** * Namespace to be used to write new data to your database. */ namespace?: pulumi.Input; } export interface AgentKnowledgeBaseStorageConfigurationPineconeConfigurationFieldMapping { /** * Name of the field in which Amazon Bedrock stores metadata about the vector store. */ metadataField: pulumi.Input; /** * Name of the field in which Amazon Bedrock stores the raw text from your data. The text is split according to the chunking strategy you choose. */ textField: pulumi.Input; } export interface AgentKnowledgeBaseStorageConfigurationRdsConfiguration { /** * ARN of the secret that you created in AWS Secrets Manager that is linked to your Amazon RDS database. */ credentialsSecretArn: pulumi.Input; /** * Name of your Amazon RDS database. */ databaseName: pulumi.Input; /** * Names of the fields to which to map information about the vector store. This block supports the following arguments: */ fieldMapping: pulumi.Input; /** * ARN of the vector store. */ resourceArn: pulumi.Input; /** * Name of the table in the database. */ tableName: pulumi.Input; } export interface AgentKnowledgeBaseStorageConfigurationRdsConfigurationFieldMapping { /** * Name for the universal metadata field where Amazon Bedrock will store any custom metadata from your data source. */ customMetadataField?: pulumi.Input; /** * Name of the field in which Amazon Bedrock stores metadata about the vector store. */ metadataField: pulumi.Input; /** * Name of the field in which Amazon Bedrock stores the ID for each entry. */ primaryKeyField: pulumi.Input; /** * Name of the field in which Amazon Bedrock stores the raw text from your data. The text is split according to the chunking strategy you choose. */ textField: pulumi.Input; /** * Name of the field in which Amazon Bedrock stores the vector embeddings for your data sources. */ vectorField: pulumi.Input; } export interface AgentKnowledgeBaseStorageConfigurationRedisEnterpriseCloudConfiguration { /** * ARN of the secret that you created in AWS Secrets Manager that is linked to your Redis Enterprise Cloud database. */ credentialsSecretArn: pulumi.Input; /** * Endpoint URL of the Redis Enterprise Cloud database. */ endpoint: pulumi.Input; /** * The names of the fields to which to map information about the vector store. This block supports the following arguments: */ fieldMapping: pulumi.Input; /** * Name of the vector index. */ vectorIndexName: pulumi.Input; } export interface AgentKnowledgeBaseStorageConfigurationRedisEnterpriseCloudConfigurationFieldMapping { /** * Name of the field in which Amazon Bedrock stores metadata about the vector store. */ metadataField?: pulumi.Input; /** * Name of the field in which Amazon Bedrock stores the raw text from your data. The text is split according to the chunking strategy you choose. */ textField?: pulumi.Input; /** * Name of the field in which Amazon Bedrock stores the vector embeddings for your data sources. */ vectorField?: pulumi.Input; } export interface AgentKnowledgeBaseStorageConfigurationS3VectorsConfiguration { /** * ARN of the S3 Vectors index. Conflicts with `indexName` and `vectorBucketArn`. */ indexArn?: pulumi.Input; /** * Name of the S3 Vectors index. Must be specified with `vectorBucketArn`. Conflicts with `indexArn`. */ indexName?: pulumi.Input; /** * ARN of the S3 Vectors vector bucket. Must be specified with `indexName`. Conflicts with `indexArn`. */ vectorBucketArn?: pulumi.Input; } export interface AgentKnowledgeBaseTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface AgentPromptVariant { /** * Contains model-specific inference configurations that aren’t in the inferenceConfiguration field. To see model-specific inference parameters, see [Inference request parameters and response fields for foundation models](https://docs.aws.amazon.com/bedrock/latest/userguide/model-parameters.html). */ additionalModelRequestFields?: pulumi.Input; /** * Specifies a generative AI resource with which to use the prompt. If this is not supplied, then a `genAiResource` must be defined. See Generative AI Resource for more information. */ genAiResource?: pulumi.Input; /** * Contains inference configurations for the prompt variant. See Inference Configuration for more information. */ inferenceConfiguration?: pulumi.Input; /** * A list of objects, each containing a key-value pair that defines a metadata tag and value to attach to a prompt variant. See Metadata for more information. */ metadatas?: pulumi.Input[]>; /** * Unique identifier of the model or [inference profile](https://docs.aws.amazon.com/bedrock/latest/userguide/cross-region-inference.html) with which to run inference on the prompt. If this is not supplied, then a `genAiResource` must be defined. */ modelId?: pulumi.Input; /** * Name of the prompt variant. */ name: pulumi.Input; /** * Contains configurations for the prompt template. See Template Configuration for more information. */ templateConfiguration?: pulumi.Input; /** * Type of prompt template to use. Valid values: `CHAT`, `TEXT`. */ templateType: pulumi.Input; } export interface AgentPromptVariantGenAiResource { /** * Specifies an Amazon Bedrock agent with which to use the prompt. See Agent Configuration for more information. */ agent?: pulumi.Input; } export interface AgentPromptVariantGenAiResourceAgent { /** * ARN of the agent with which to use the prompt. */ agentIdentifier: pulumi.Input; } export interface AgentPromptVariantInferenceConfiguration { /** * Contains inference configurations for the prompt variant. See Text Inference Configuration for more information. */ text?: pulumi.Input; } export interface AgentPromptVariantInferenceConfigurationText { /** * Maximum number of tokens to return in the response. */ maxTokens?: pulumi.Input; /** * List of strings that define sequences after which the model will stop generating. */ stopSequences?: pulumi.Input[]>; /** * Controls the randomness of the response. Choose a lower value for more predictable outputs and a higher value for more surprising outputs. */ temperature?: pulumi.Input; /** * Percentage of most-likely candidates that the model considers for the next token. */ topP?: pulumi.Input; } export interface AgentPromptVariantMetadata { /** * Key of a metadata tag for a prompt variant. */ key: pulumi.Input; /** * Value of a metadata tag for a prompt variant. */ value: pulumi.Input; } export interface AgentPromptVariantTemplateConfiguration { /** * Contains configurations to use the prompt in a conversational format. See Chat Template Configuration for more information. */ chat?: pulumi.Input; /** * Contains configurations for the text in a message for a prompt. See Text Template Configuration */ text?: pulumi.Input; } export interface AgentPromptVariantTemplateConfigurationChat { inputVariables?: pulumi.Input[]>; /** * A list of messages in the chat for the prompt. See Message for more information. */ messages: pulumi.Input[]>; /** * A list of system prompts to provide context to the model or to describe how it should behave. See System for more information. */ systems?: pulumi.Input[]>; /** * Configuration information for the tools that the model can use when generating a response. See Tool Configuration for more information. */ toolConfiguration?: pulumi.Input; } export interface AgentPromptVariantTemplateConfigurationChatInputVariable { /** * The name of the variable. */ name: pulumi.Input; } export interface AgentPromptVariantTemplateConfigurationChatMessage { /** * Contains the content for the message you pass to, or receive from a model. See [Message Content] for more information. */ content?: pulumi.Input; /** * The role that the message belongs to. */ role: pulumi.Input; } export interface AgentPromptVariantTemplateConfigurationChatMessageContent { cachePoint?: pulumi.Input; text?: pulumi.Input; } export interface AgentPromptVariantTemplateConfigurationChatMessageContentCachePoint { /** * Indicates that the CachePointBlock is of the default type. Valid values: `default`. */ type: pulumi.Input; } export interface AgentPromptVariantTemplateConfigurationChatSystem { /** * Creates a cache checkpoint within a tool designation. See Cache Point for more information. */ cachePoint?: pulumi.Input; /** * The text in the system prompt. */ text?: pulumi.Input; } export interface AgentPromptVariantTemplateConfigurationChatSystemCachePoint { /** * Indicates that the CachePointBlock is of the default type. Valid values: `default`. */ type: pulumi.Input; } export interface AgentPromptVariantTemplateConfigurationChatToolConfiguration { /** * Defines which tools the model should request when invoked. See Tool Choice for more information. */ toolChoice?: pulumi.Input; /** * A list of tools to pass to a model. See Tool for more information. */ tools?: pulumi.Input[]>; } export interface AgentPromptVariantTemplateConfigurationChatToolConfigurationTool { /** * Creates a cache checkpoint within a tool designation. See Cache Point for more information. */ cachePoint?: pulumi.Input; /** * The specification for the tool. See Tool Specification for more information. */ toolSpec?: pulumi.Input; } export interface AgentPromptVariantTemplateConfigurationChatToolConfigurationToolCachePoint { /** * Indicates that the CachePointBlock is of the default type. Valid values: `default`. */ type: pulumi.Input; } export interface AgentPromptVariantTemplateConfigurationChatToolConfigurationToolChoice { /** * Defines tools, at least one of which must be requested by the model. No text is generated but the results of tool use are sent back to the model to help generate a response. This object has no fields. */ any?: pulumi.Input; /** * Defines tools. The model automatically decides whether to call a tool or to generate text instead. This object has no fields. */ auto?: pulumi.Input; /** * Defines a specific tool that the model must request. No text is generated but the results of tool use are sent back to the model to help generate a response. See Named Tool for more information. */ tool?: pulumi.Input; } export interface AgentPromptVariantTemplateConfigurationChatToolConfigurationToolChoiceAny { } export interface AgentPromptVariantTemplateConfigurationChatToolConfigurationToolChoiceAuto { } export interface AgentPromptVariantTemplateConfigurationChatToolConfigurationToolChoiceTool { /** * Name of the prompt. * * The following arguments are optional: */ name: pulumi.Input; } export interface AgentPromptVariantTemplateConfigurationChatToolConfigurationToolToolSpec { /** * Description of the prompt. */ description?: pulumi.Input; /** * The input schema of the tool. See Tool Input Schema for more information. */ inputSchema?: pulumi.Input; /** * Name of the prompt. * * The following arguments are optional: */ name: pulumi.Input; } export interface AgentPromptVariantTemplateConfigurationChatToolConfigurationToolToolSpecInputSchema { /** * A JSON object defining the input schema for the tool. */ json?: pulumi.Input; } export interface AgentPromptVariantTemplateConfigurationText { cachePoint?: pulumi.Input; inputVariables?: pulumi.Input[]>; text: pulumi.Input; } export interface AgentPromptVariantTemplateConfigurationTextCachePoint { /** * Indicates that the CachePointBlock is of the default type. Valid values: `default`. */ type: pulumi.Input; } export interface AgentPromptVariantTemplateConfigurationTextInputVariable { /** * The name of the variable. */ name: pulumi.Input; } export interface AgentcoreAgentRuntimeAgentRuntimeArtifact { /** * Code configuration block for the agent runtime artifact, including the source code location and execution settings. Exactly one of `codeConfiguration` or `containerConfiguration` must be specified. See `codeConfiguration` below. */ codeConfiguration?: pulumi.Input; /** * Container configuration block for the agent artifact. Exactly one of `codeConfiguration` or `containerConfiguration` must be specified. See `containerConfiguration` below. */ containerConfiguration?: pulumi.Input; } export interface AgentcoreAgentRuntimeAgentRuntimeArtifactCodeConfiguration { /** * Configuration block for the source code location and configuration details. See `code` below. */ code?: pulumi.Input; /** * Array specifying the entry point for code execution, indicating the function or method to invoke when the code runs. The array must contain 1 or 2 elements. Examples: `["main.py"]`, `["opentelemetry-instrument", "main.py"]`. */ entryPoints: pulumi.Input[]>; /** * Runtime environment used to execute the code. Valid values: `PYTHON_3_10`, `PYTHON_3_11`, `PYTHON_3_12`, `PYTHON_3_13`. */ runtime: pulumi.Input; } export interface AgentcoreAgentRuntimeAgentRuntimeArtifactCodeConfigurationCode { /** * Configuration block for the Amazon S3 object that contains the source code for the agent runtime. See `s3` below. */ s3?: pulumi.Input; } export interface AgentcoreAgentRuntimeAgentRuntimeArtifactCodeConfigurationCodeS3 { /** * Name of the Amazon S3 bucket. */ bucket: pulumi.Input; /** * Key of the object containing the ZIP file of the source code for the agent runtime in the Amazon S3 bucket. */ prefix: pulumi.Input; /** * Version ID of the Amazon S3 object. If not specified, the latest version of the object is used. */ versionId?: pulumi.Input; } export interface AgentcoreAgentRuntimeAgentRuntimeArtifactContainerConfiguration { /** * URI of the container image in Amazon ECR. */ containerUri: pulumi.Input; } export interface AgentcoreAgentRuntimeAuthorizerConfiguration { /** * JWT-based authorization configuration block. See `customJwtAuthorizer` below. */ customJwtAuthorizer?: pulumi.Input; } export interface AgentcoreAgentRuntimeAuthorizerConfigurationCustomJwtAuthorizer { /** * Set of allowed audience values for JWT token validation. */ allowedAudiences?: pulumi.Input[]>; /** * Set of allowed client IDs for JWT token validation. */ allowedClients?: pulumi.Input[]>; /** * URL used to fetch OpenID Connect configuration or authorization server metadata. Must end with `.well-known/openid-configuration`. */ discoveryUrl: pulumi.Input; } export interface AgentcoreAgentRuntimeEndpointTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface AgentcoreAgentRuntimeLifecycleConfiguration { /** * Timeout in seconds for idle runtime sessions. */ idleRuntimeSessionTimeout: pulumi.Input; /** * Maximum lifetime for the instance in seconds. */ maxLifetime: pulumi.Input; } export interface AgentcoreAgentRuntimeNetworkConfiguration { /** * Network mode for the agent runtime. Valid values: `PUBLIC`, `VPC`. */ networkMode: pulumi.Input; /** * Network mode configuration. See `networkModeConfig` below. */ networkModeConfig?: pulumi.Input; } export interface AgentcoreAgentRuntimeNetworkConfigurationNetworkModeConfig { /** * Security groups associated with the VPC configuration. */ securityGroups: pulumi.Input[]>; /** * Subnets associated with the VPC configuration. */ subnets: pulumi.Input[]>; } export interface AgentcoreAgentRuntimeProtocolConfiguration { /** * Server protocol for the agent runtime. Valid values: `HTTP`, `MCP`, `A2A`. */ serverProtocol?: pulumi.Input; } export interface AgentcoreAgentRuntimeRequestHeaderConfiguration { /** * A list of HTTP request headers that are allowed to be passed through to the runtime. */ requestHeaderAllowlists?: pulumi.Input[]>; } export interface AgentcoreAgentRuntimeTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface AgentcoreAgentRuntimeWorkloadIdentityDetail { /** * ARN of the workload identity. */ workloadIdentityArn: pulumi.Input; } export interface AgentcoreApiKeyCredentialProviderApiKeySecretArn { /** * ARN of the secret in AWS Secrets Manager. */ secretArn: pulumi.Input; } export interface AgentcoreBrowserNetworkConfiguration { /** * Network mode for the browser. Valid values: `PUBLIC`, `VPC`. */ networkMode: pulumi.Input; /** * VPC configuration when `networkMode` is `VPC`. See `vpcConfig` below. */ vpcConfig?: pulumi.Input; } export interface AgentcoreBrowserNetworkConfigurationVpcConfig { /** * Set of security group IDs for the VPC configuration. */ securityGroups: pulumi.Input[]>; /** * Set of subnet IDs for the VPC configuration. */ subnets: pulumi.Input[]>; } export interface AgentcoreBrowserRecording { /** * Whether to enable recording for browser sessions. Defaults to `false`. */ enabled?: pulumi.Input; /** * S3 location where browser session recordings are stored. See `s3Location` below. */ s3Location?: pulumi.Input; } export interface AgentcoreBrowserRecordingS3Location { /** * Name of the S3 bucket where recordings are stored. */ bucket: pulumi.Input; /** * S3 key prefix for recording files. */ prefix: pulumi.Input; } export interface AgentcoreBrowserTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; } export interface AgentcoreCodeInterpreterNetworkConfiguration { /** * Network mode for the code interpreter. Valid values: `PUBLIC`, `SANDBOX`, `VPC`. */ networkMode: pulumi.Input; /** * VPC configuration. See `vpcConfig` below. */ vpcConfig?: pulumi.Input; } export interface AgentcoreCodeInterpreterNetworkConfigurationVpcConfig { /** * Security groups associated with the VPC configuration. */ securityGroups: pulumi.Input[]>; /** * Subnets associated with the VPC configuration. */ subnets: pulumi.Input[]>; } export interface AgentcoreCodeInterpreterTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; } export interface AgentcoreGatewayAuthorizerConfiguration { /** * JWT-based authorization configuration block. See `customJwtAuthorizer` below. */ customJwtAuthorizer?: pulumi.Input; } export interface AgentcoreGatewayAuthorizerConfigurationCustomJwtAuthorizer { /** * Set of allowed audience values for JWT token validation. */ allowedAudiences?: pulumi.Input[]>; /** * Set of allowed client IDs for JWT token validation. */ allowedClients?: pulumi.Input[]>; /** * URL used to fetch OpenID Connect configuration or authorization server metadata. Must end with `.well-known/openid-configuration`. */ discoveryUrl: pulumi.Input; } export interface AgentcoreGatewayInterceptorConfiguration { /** * Input configuration for the interceptor. See `inputConfiguration` below. */ inputConfiguration?: pulumi.Input; /** * Set of interception points. Valid values: `REQUEST`, `RESPONSE`. */ interceptionPoints: pulumi.Input[]>; /** * Interceptor infrastructure configuration. See `interceptor` below. */ interceptor?: pulumi.Input; } export interface AgentcoreGatewayInterceptorConfigurationInputConfiguration { /** * Whether to pass request headers to the interceptor. */ passRequestHeaders: pulumi.Input; } export interface AgentcoreGatewayInterceptorConfigurationInterceptor { /** * Lambda function configuration for the interceptor. See `lambda` below. */ lambda?: pulumi.Input; } export interface AgentcoreGatewayInterceptorConfigurationInterceptorLambda { /** * ARN of the Lambda function to invoke for the interceptor. */ arn: pulumi.Input; } export interface AgentcoreGatewayProtocolConfiguration { /** * Model Context Protocol (MCP) configuration block. See `mcp` below. */ mcp?: pulumi.Input; } export interface AgentcoreGatewayProtocolConfigurationMcp { /** * Instructions for the MCP protocol configuration. */ instructions?: pulumi.Input; /** * Search type for MCP. Valid values: `SEMANTIC`. */ searchType?: pulumi.Input; /** * Set of supported MCP protocol versions. */ supportedVersions?: pulumi.Input[]>; } export interface AgentcoreGatewayTargetCredentialProviderConfiguration { /** * API key-based authentication configuration. See `apiKey` below. */ apiKey?: pulumi.Input; /** * Use the gateway's IAM role for authentication. This is an empty configuration block. */ gatewayIamRole?: pulumi.Input; /** * OAuth-based authentication configuration. See `oauth` below. */ oauth?: pulumi.Input; } export interface AgentcoreGatewayTargetCredentialProviderConfigurationApiKey { /** * Location where the API key credential is provided. Valid values: `HEADER`, `QUERY_PARAMETER`. */ credentialLocation?: pulumi.Input; /** * Name of the parameter containing the API key credential. */ credentialParameterName?: pulumi.Input; /** * Prefix to add to the API key credential value. */ credentialPrefix?: pulumi.Input; /** * ARN of the OIDC provider for API key authentication. */ providerArn: pulumi.Input; } export interface AgentcoreGatewayTargetCredentialProviderConfigurationGatewayIamRole { } export interface AgentcoreGatewayTargetCredentialProviderConfigurationOauth { /** * Map of custom parameters to include in OAuth requests. */ customParameters?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * ARN of the OIDC provider for OAuth authentication. */ providerArn: pulumi.Input; /** * Set of OAuth scopes to request. */ scopes: pulumi.Input[]>; } export interface AgentcoreGatewayTargetTargetConfiguration { /** * Model Context Protocol (MCP) configuration. See `mcp` below. */ mcp?: pulumi.Input; } export interface AgentcoreGatewayTargetTargetConfigurationMcp { /** * Lambda function target configuration. See `lambda` below. */ lambda?: pulumi.Input; /** * MCP server target configuration. See `mcpServer` below. */ mcpServer?: pulumi.Input; /** * OpenAPI schema-based target configuration. See `apiSchemaConfiguration` below. */ openApiSchema?: pulumi.Input; /** * Smithy model-based target configuration. See `apiSchemaConfiguration` below. */ smithyModel?: pulumi.Input; } export interface AgentcoreGatewayTargetTargetConfigurationMcpLambda { /** * ARN of the Lambda function to invoke. */ lambdaArn: pulumi.Input; /** * Schema definition for the tool. See `toolSchema` below. */ toolSchema: pulumi.Input; } export interface AgentcoreGatewayTargetTargetConfigurationMcpLambdaToolSchema { /** * Inline tool definition. See `inlinePayload` below. */ inlinePayloads?: pulumi.Input[]>; /** * S3-based tool definition. See `s3` below. */ s3?: pulumi.Input; } export interface AgentcoreGatewayTargetTargetConfigurationMcpLambdaToolSchemaInlinePayload { /** * Description of what the tool does. */ description: pulumi.Input; /** * Schema for the tool's input. See `schemaDefinition` below. */ inputSchema: pulumi.Input; /** * Name of the tool. */ name: pulumi.Input; /** * Schema for the tool's output. See `schemaDefinition` below. */ outputSchema?: pulumi.Input; } export interface AgentcoreGatewayTargetTargetConfigurationMcpLambdaToolSchemaInlinePayloadInputSchema { /** * Description of the gateway target. */ description?: pulumi.Input; items?: pulumi.Input; properties?: pulumi.Input[]>; type: pulumi.Input; } export interface AgentcoreGatewayTargetTargetConfigurationMcpLambdaToolSchemaInlinePayloadInputSchemaItems { /** * Description of the array items. */ description?: pulumi.Input; /** * Nested items definition for arrays of arrays. */ items?: pulumi.Input; /** * Set of property definitions for arrays of objects. See `property` below. */ properties?: pulumi.Input[]>; /** * Data type of the array items. */ type: pulumi.Input; } export interface AgentcoreGatewayTargetTargetConfigurationMcpLambdaToolSchemaInlinePayloadInputSchemaItemsItems { /** * Description of the array items. */ description?: pulumi.Input; /** * JSON-encoded schema definition for array items. Used for complex nested structures. Cannot be used with `propertiesJson`. */ itemsJson?: pulumi.Input; /** * JSON-encoded schema definition for object properties. Used for complex nested structures. Cannot be used with `itemsJson`. */ propertiesJson?: pulumi.Input; /** * Data type of the array items. */ type: pulumi.Input; } export interface AgentcoreGatewayTargetTargetConfigurationMcpLambdaToolSchemaInlinePayloadInputSchemaItemsProperty { /** * Description of the property. */ description?: pulumi.Input; /** * JSON-encoded schema definition for array items. Used for complex nested structures. Cannot be used with `propertiesJson`. */ itemsJson?: pulumi.Input; /** * Name of the property. */ name: pulumi.Input; /** * JSON-encoded schema definition for object properties. Used for complex nested structures. Cannot be used with `itemsJson`. */ propertiesJson?: pulumi.Input; /** * Whether this property is required. Defaults to `false`. */ required?: pulumi.Input; /** * Data type of the property. */ type: pulumi.Input; } export interface AgentcoreGatewayTargetTargetConfigurationMcpLambdaToolSchemaInlinePayloadInputSchemaProperty { /** * Description of the property. */ description?: pulumi.Input; /** * Items definition for array properties. See `items` above. */ items?: pulumi.Input; /** * Name of the property. */ name: pulumi.Input; /** * Set of nested property definitions for object properties. */ properties?: pulumi.Input[]>; /** * Whether this property is required. Defaults to `false`. */ required?: pulumi.Input; /** * Data type of the property. */ type: pulumi.Input; } export interface AgentcoreGatewayTargetTargetConfigurationMcpLambdaToolSchemaInlinePayloadInputSchemaPropertyItems { /** * Description of the array items. */ description?: pulumi.Input; /** * Nested items definition for arrays of arrays. */ items?: pulumi.Input; /** * Set of property definitions for arrays of objects. See `property` below. */ properties?: pulumi.Input[]>; /** * Data type of the array items. */ type: pulumi.Input; } export interface AgentcoreGatewayTargetTargetConfigurationMcpLambdaToolSchemaInlinePayloadInputSchemaPropertyItemsItems { /** * Description of the array items. */ description?: pulumi.Input; /** * JSON-encoded schema definition for array items. Used for complex nested structures. Cannot be used with `propertiesJson`. */ itemsJson?: pulumi.Input; /** * JSON-encoded schema definition for object properties. Used for complex nested structures. Cannot be used with `itemsJson`. */ propertiesJson?: pulumi.Input; /** * Data type of the array items. */ type: pulumi.Input; } export interface AgentcoreGatewayTargetTargetConfigurationMcpLambdaToolSchemaInlinePayloadInputSchemaPropertyItemsProperty { /** * Description of the property. */ description?: pulumi.Input; /** * JSON-encoded schema definition for array items. Used for complex nested structures. Cannot be used with `propertiesJson`. */ itemsJson?: pulumi.Input; /** * Name of the property. */ name: pulumi.Input; /** * JSON-encoded schema definition for object properties. Used for complex nested structures. Cannot be used with `itemsJson`. */ propertiesJson?: pulumi.Input; /** * Whether this property is required. Defaults to `false`. */ required?: pulumi.Input; /** * Data type of the property. */ type: pulumi.Input; } export interface AgentcoreGatewayTargetTargetConfigurationMcpLambdaToolSchemaInlinePayloadInputSchemaPropertyProperty { /** * Description of the property. */ description?: pulumi.Input; /** * JSON-encoded schema definition for array items. Used for complex nested structures. Cannot be used with `propertiesJson`. */ itemsJson?: pulumi.Input; /** * Name of the property. */ name: pulumi.Input; /** * JSON-encoded schema definition for object properties. Used for complex nested structures. Cannot be used with `itemsJson`. */ propertiesJson?: pulumi.Input; /** * Whether this property is required. Defaults to `false`. */ required?: pulumi.Input; /** * Data type of the property. */ type: pulumi.Input; } export interface AgentcoreGatewayTargetTargetConfigurationMcpLambdaToolSchemaInlinePayloadOutputSchema { /** * Description of the gateway target. */ description?: pulumi.Input; items?: pulumi.Input; properties?: pulumi.Input[]>; type: pulumi.Input; } export interface AgentcoreGatewayTargetTargetConfigurationMcpLambdaToolSchemaInlinePayloadOutputSchemaItems { /** * Description of the array items. */ description?: pulumi.Input; /** * Nested items definition for arrays of arrays. */ items?: pulumi.Input; /** * Set of property definitions for arrays of objects. See `property` below. */ properties?: pulumi.Input[]>; /** * Data type of the array items. */ type: pulumi.Input; } export interface AgentcoreGatewayTargetTargetConfigurationMcpLambdaToolSchemaInlinePayloadOutputSchemaItemsItems { /** * Description of the array items. */ description?: pulumi.Input; /** * JSON-encoded schema definition for array items. Used for complex nested structures. Cannot be used with `propertiesJson`. */ itemsJson?: pulumi.Input; /** * JSON-encoded schema definition for object properties. Used for complex nested structures. Cannot be used with `itemsJson`. */ propertiesJson?: pulumi.Input; /** * Data type of the array items. */ type: pulumi.Input; } export interface AgentcoreGatewayTargetTargetConfigurationMcpLambdaToolSchemaInlinePayloadOutputSchemaItemsProperty { /** * Description of the property. */ description?: pulumi.Input; /** * JSON-encoded schema definition for array items. Used for complex nested structures. Cannot be used with `propertiesJson`. */ itemsJson?: pulumi.Input; /** * Name of the property. */ name: pulumi.Input; /** * JSON-encoded schema definition for object properties. Used for complex nested structures. Cannot be used with `itemsJson`. */ propertiesJson?: pulumi.Input; /** * Whether this property is required. Defaults to `false`. */ required?: pulumi.Input; /** * Data type of the property. */ type: pulumi.Input; } export interface AgentcoreGatewayTargetTargetConfigurationMcpLambdaToolSchemaInlinePayloadOutputSchemaProperty { /** * Description of the property. */ description?: pulumi.Input; /** * Items definition for array properties. See `items` above. */ items?: pulumi.Input; /** * Name of the property. */ name: pulumi.Input; /** * Set of nested property definitions for object properties. */ properties?: pulumi.Input[]>; /** * Whether this property is required. Defaults to `false`. */ required?: pulumi.Input; /** * Data type of the property. */ type: pulumi.Input; } export interface AgentcoreGatewayTargetTargetConfigurationMcpLambdaToolSchemaInlinePayloadOutputSchemaPropertyItems { /** * Description of the array items. */ description?: pulumi.Input; /** * Nested items definition for arrays of arrays. */ items?: pulumi.Input; /** * Set of property definitions for arrays of objects. See `property` below. */ properties?: pulumi.Input[]>; /** * Data type of the array items. */ type: pulumi.Input; } export interface AgentcoreGatewayTargetTargetConfigurationMcpLambdaToolSchemaInlinePayloadOutputSchemaPropertyItemsItems { /** * Description of the array items. */ description?: pulumi.Input; /** * JSON-encoded schema definition for array items. Used for complex nested structures. Cannot be used with `propertiesJson`. */ itemsJson?: pulumi.Input; /** * JSON-encoded schema definition for object properties. Used for complex nested structures. Cannot be used with `itemsJson`. */ propertiesJson?: pulumi.Input; /** * Data type of the array items. */ type: pulumi.Input; } export interface AgentcoreGatewayTargetTargetConfigurationMcpLambdaToolSchemaInlinePayloadOutputSchemaPropertyItemsProperty { /** * Description of the property. */ description?: pulumi.Input; /** * JSON-encoded schema definition for array items. Used for complex nested structures. Cannot be used with `propertiesJson`. */ itemsJson?: pulumi.Input; /** * Name of the property. */ name: pulumi.Input; /** * JSON-encoded schema definition for object properties. Used for complex nested structures. Cannot be used with `itemsJson`. */ propertiesJson?: pulumi.Input; /** * Whether this property is required. Defaults to `false`. */ required?: pulumi.Input; /** * Data type of the property. */ type: pulumi.Input; } export interface AgentcoreGatewayTargetTargetConfigurationMcpLambdaToolSchemaInlinePayloadOutputSchemaPropertyProperty { /** * Description of the property. */ description?: pulumi.Input; /** * JSON-encoded schema definition for array items. Used for complex nested structures. Cannot be used with `propertiesJson`. */ itemsJson?: pulumi.Input; /** * Name of the property. */ name: pulumi.Input; /** * JSON-encoded schema definition for object properties. Used for complex nested structures. Cannot be used with `itemsJson`. */ propertiesJson?: pulumi.Input; /** * Whether this property is required. Defaults to `false`. */ required?: pulumi.Input; /** * Data type of the property. */ type: pulumi.Input; } export interface AgentcoreGatewayTargetTargetConfigurationMcpLambdaToolSchemaS3 { /** * Account ID of the S3 bucket owner. */ bucketOwnerAccountId?: pulumi.Input; /** * S3 URI where the schema is stored. */ uri?: pulumi.Input; } export interface AgentcoreGatewayTargetTargetConfigurationMcpMcpServer { /** * Endpoint for the MCP server target configuration. */ endpoint: pulumi.Input; } export interface AgentcoreGatewayTargetTargetConfigurationMcpOpenApiSchema { inlinePayload?: pulumi.Input; s3?: pulumi.Input; } export interface AgentcoreGatewayTargetTargetConfigurationMcpOpenApiSchemaInlinePayload { /** * The inline schema payload content. */ payload: pulumi.Input; } export interface AgentcoreGatewayTargetTargetConfigurationMcpOpenApiSchemaS3 { /** * Account ID of the S3 bucket owner. */ bucketOwnerAccountId?: pulumi.Input; /** * S3 URI where the schema is stored. */ uri?: pulumi.Input; } export interface AgentcoreGatewayTargetTargetConfigurationMcpSmithyModel { inlinePayload?: pulumi.Input; s3?: pulumi.Input; } export interface AgentcoreGatewayTargetTargetConfigurationMcpSmithyModelInlinePayload { /** * The inline schema payload content. */ payload: pulumi.Input; } export interface AgentcoreGatewayTargetTargetConfigurationMcpSmithyModelS3 { /** * Account ID of the S3 bucket owner. */ bucketOwnerAccountId?: pulumi.Input; /** * S3 URI where the schema is stored. */ uri?: pulumi.Input; } export interface AgentcoreGatewayTargetTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface AgentcoreGatewayTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface AgentcoreGatewayWorkloadIdentityDetail { /** * ARN of the workload identity. */ workloadIdentityArn: pulumi.Input; } export interface AgentcoreMemoryStrategyConfiguration { /** * Consolidation configuration for processing and organizing memory content. See `consolidation` below. Once added, this block cannot be removed without recreating the resource. */ consolidation?: pulumi.Input; /** * Extraction configuration for identifying and extracting relevant information. See `extraction` below. Cannot be used with `type` set to `SUMMARY_OVERRIDE`. Once added, this block cannot be removed without recreating the resource. */ extraction?: pulumi.Input; /** * Type of custom override. Valid values: `SEMANTIC_OVERRIDE`, `SUMMARY_OVERRIDE`, `USER_PREFERENCE_OVERRIDE`. Changing this forces a new resource. */ type: pulumi.Input; } export interface AgentcoreMemoryStrategyConfigurationConsolidation { /** * Additional text to append to the model prompt for consolidation processing. */ appendToPrompt: pulumi.Input; /** * ID of the foundation model to use for consolidation processing. */ modelId: pulumi.Input; } export interface AgentcoreMemoryStrategyConfigurationExtraction { /** * Additional text to append to the model prompt for extraction processing. */ appendToPrompt: pulumi.Input; /** * ID of the foundation model to use for extraction processing. */ modelId: pulumi.Input; } export interface AgentcoreMemoryStrategyTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface AgentcoreMemoryTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; } export interface AgentcoreOauth2CredentialProviderClientSecretArn { /** * ARN of the secret in AWS Secrets Manager. */ secretArn: pulumi.Input; } export interface AgentcoreOauth2CredentialProviderOauth2ProviderConfig { /** * Custom OAuth2 provider configuration. See `custom` below. */ customOauth2ProviderConfig?: pulumi.Input; /** * GitHub OAuth provider configuration. See `github` below. */ githubOauth2ProviderConfig?: pulumi.Input; /** * Google OAuth provider configuration. See `google` below. */ googleOauth2ProviderConfig?: pulumi.Input; /** * Microsoft OAuth provider configuration. See `microsoft` below. */ microsoftOauth2ProviderConfig?: pulumi.Input; /** * Salesforce OAuth provider configuration. See `salesforce` below. */ salesforceOauth2ProviderConfig?: pulumi.Input; /** * Slack OAuth provider configuration. See `slack` below. */ slackOauth2ProviderConfig?: pulumi.Input; } export interface AgentcoreOauth2CredentialProviderOauth2ProviderConfigCustomOauth2ProviderConfig { /** * Used together with write-only credentials to trigger an update. Increment this value when an update to `clientIdWo` or `clientSecretWo` is required. * * **OAuth Discovery Configuration:** */ clientCredentialsWoVersion?: pulumi.Input; /** * OAuth2 client ID. Cannot be used with `clientIdWo`. Must be used together with `clientSecret`. */ clientId?: pulumi.Input; /** * **NOTE:** This field is write-only and its value will not be updated in state as part of read operations. * Write-only OAuth2 client ID. Cannot be used with `clientId`. Must be used together with `clientSecretWo` and `clientCredentialsWoVersion`. */ clientIdWo?: pulumi.Input; /** * OAuth2 client secret. Cannot be used with `clientSecretWo`. Must be used together with `clientId`. * * **Write-Only Credentials (choose one pair):** */ clientSecret?: pulumi.Input; /** * **NOTE:** This field is write-only and its value will not be updated in state as part of read operations. * Write-only OAuth2 client secret. Cannot be used with `clientSecret`. Must be used together with `clientIdWo` and `clientCredentialsWoVersion`. */ clientSecretWo?: pulumi.Input; /** * OAuth discovery configuration. See `oauthDiscovery` below. */ oauthDiscovery?: pulumi.Input; } export interface AgentcoreOauth2CredentialProviderOauth2ProviderConfigCustomOauth2ProviderConfigOauthDiscovery { /** * Manual OAuth2 authorization server metadata configuration. Cannot be used together with `discoveryUrl`. See `authorizationServerMetadata` below. */ authorizationServerMetadata?: pulumi.Input; /** * OpenID Connect discovery URL (e.g., `https://provider.com/.well-known/openid-configuration`). Cannot be used together with `authorizationServerMetadata`. */ discoveryUrl?: pulumi.Input; } export interface AgentcoreOauth2CredentialProviderOauth2ProviderConfigCustomOauth2ProviderConfigOauthDiscoveryAuthorizationServerMetadata { /** * OAuth2 authorization endpoint URL. */ authorizationEndpoint: pulumi.Input; /** * OAuth2 authorization server issuer identifier. */ issuer: pulumi.Input; /** * Set of OAuth2 response types supported by the authorization server. */ responseTypes?: pulumi.Input[]>; /** * OAuth2 token endpoint URL. */ tokenEndpoint: pulumi.Input; } export interface AgentcoreOauth2CredentialProviderOauth2ProviderConfigGithubOauth2ProviderConfig { clientCredentialsWoVersion?: pulumi.Input; clientId?: pulumi.Input; /** * **NOTE:** This field is write-only and its value will not be updated in state as part of read operations. */ clientIdWo?: pulumi.Input; clientSecret?: pulumi.Input; /** * **NOTE:** This field is write-only and its value will not be updated in state as part of read operations. */ clientSecretWo?: pulumi.Input; /** * OAuth discovery configuration. See `oauthDiscovery` below. */ oauthDiscoveries?: pulumi.Input[]>; } export interface AgentcoreOauth2CredentialProviderOauth2ProviderConfigGithubOauth2ProviderConfigOauthDiscovery { /** * Manual OAuth2 authorization server metadata configuration. Cannot be used together with `discoveryUrl`. See `authorizationServerMetadata` below. */ authorizationServerMetadatas: pulumi.Input[]>; /** * OpenID Connect discovery URL (e.g., `https://provider.com/.well-known/openid-configuration`). Cannot be used together with `authorizationServerMetadata`. */ discoveryUrl: pulumi.Input; } export interface AgentcoreOauth2CredentialProviderOauth2ProviderConfigGithubOauth2ProviderConfigOauthDiscoveryAuthorizationServerMetadata { /** * OAuth2 authorization endpoint URL. */ authorizationEndpoint: pulumi.Input; /** * OAuth2 authorization server issuer identifier. */ issuer: pulumi.Input; /** * Set of OAuth2 response types supported by the authorization server. */ responseTypes: pulumi.Input[]>; /** * OAuth2 token endpoint URL. */ tokenEndpoint: pulumi.Input; } export interface AgentcoreOauth2CredentialProviderOauth2ProviderConfigGoogleOauth2ProviderConfig { clientCredentialsWoVersion?: pulumi.Input; clientId?: pulumi.Input; /** * **NOTE:** This field is write-only and its value will not be updated in state as part of read operations. */ clientIdWo?: pulumi.Input; clientSecret?: pulumi.Input; /** * **NOTE:** This field is write-only and its value will not be updated in state as part of read operations. */ clientSecretWo?: pulumi.Input; /** * OAuth discovery configuration. See `oauthDiscovery` below. */ oauthDiscoveries?: pulumi.Input[]>; } export interface AgentcoreOauth2CredentialProviderOauth2ProviderConfigGoogleOauth2ProviderConfigOauthDiscovery { /** * Manual OAuth2 authorization server metadata configuration. Cannot be used together with `discoveryUrl`. See `authorizationServerMetadata` below. */ authorizationServerMetadatas: pulumi.Input[]>; /** * OpenID Connect discovery URL (e.g., `https://provider.com/.well-known/openid-configuration`). Cannot be used together with `authorizationServerMetadata`. */ discoveryUrl: pulumi.Input; } export interface AgentcoreOauth2CredentialProviderOauth2ProviderConfigGoogleOauth2ProviderConfigOauthDiscoveryAuthorizationServerMetadata { /** * OAuth2 authorization endpoint URL. */ authorizationEndpoint: pulumi.Input; /** * OAuth2 authorization server issuer identifier. */ issuer: pulumi.Input; /** * Set of OAuth2 response types supported by the authorization server. */ responseTypes: pulumi.Input[]>; /** * OAuth2 token endpoint URL. */ tokenEndpoint: pulumi.Input; } export interface AgentcoreOauth2CredentialProviderOauth2ProviderConfigMicrosoftOauth2ProviderConfig { clientCredentialsWoVersion?: pulumi.Input; clientId?: pulumi.Input; /** * **NOTE:** This field is write-only and its value will not be updated in state as part of read operations. */ clientIdWo?: pulumi.Input; clientSecret?: pulumi.Input; /** * **NOTE:** This field is write-only and its value will not be updated in state as part of read operations. */ clientSecretWo?: pulumi.Input; /** * OAuth discovery configuration. See `oauthDiscovery` below. */ oauthDiscoveries?: pulumi.Input[]>; } export interface AgentcoreOauth2CredentialProviderOauth2ProviderConfigMicrosoftOauth2ProviderConfigOauthDiscovery { /** * Manual OAuth2 authorization server metadata configuration. Cannot be used together with `discoveryUrl`. See `authorizationServerMetadata` below. */ authorizationServerMetadatas: pulumi.Input[]>; /** * OpenID Connect discovery URL (e.g., `https://provider.com/.well-known/openid-configuration`). Cannot be used together with `authorizationServerMetadata`. */ discoveryUrl: pulumi.Input; } export interface AgentcoreOauth2CredentialProviderOauth2ProviderConfigMicrosoftOauth2ProviderConfigOauthDiscoveryAuthorizationServerMetadata { /** * OAuth2 authorization endpoint URL. */ authorizationEndpoint: pulumi.Input; /** * OAuth2 authorization server issuer identifier. */ issuer: pulumi.Input; /** * Set of OAuth2 response types supported by the authorization server. */ responseTypes: pulumi.Input[]>; /** * OAuth2 token endpoint URL. */ tokenEndpoint: pulumi.Input; } export interface AgentcoreOauth2CredentialProviderOauth2ProviderConfigSalesforceOauth2ProviderConfig { clientCredentialsWoVersion?: pulumi.Input; clientId?: pulumi.Input; /** * **NOTE:** This field is write-only and its value will not be updated in state as part of read operations. */ clientIdWo?: pulumi.Input; clientSecret?: pulumi.Input; /** * **NOTE:** This field is write-only and its value will not be updated in state as part of read operations. */ clientSecretWo?: pulumi.Input; /** * OAuth discovery configuration. See `oauthDiscovery` below. */ oauthDiscoveries?: pulumi.Input[]>; } export interface AgentcoreOauth2CredentialProviderOauth2ProviderConfigSalesforceOauth2ProviderConfigOauthDiscovery { /** * Manual OAuth2 authorization server metadata configuration. Cannot be used together with `discoveryUrl`. See `authorizationServerMetadata` below. */ authorizationServerMetadatas: pulumi.Input[]>; /** * OpenID Connect discovery URL (e.g., `https://provider.com/.well-known/openid-configuration`). Cannot be used together with `authorizationServerMetadata`. */ discoveryUrl: pulumi.Input; } export interface AgentcoreOauth2CredentialProviderOauth2ProviderConfigSalesforceOauth2ProviderConfigOauthDiscoveryAuthorizationServerMetadata { /** * OAuth2 authorization endpoint URL. */ authorizationEndpoint: pulumi.Input; /** * OAuth2 authorization server issuer identifier. */ issuer: pulumi.Input; /** * Set of OAuth2 response types supported by the authorization server. */ responseTypes: pulumi.Input[]>; /** * OAuth2 token endpoint URL. */ tokenEndpoint: pulumi.Input; } export interface AgentcoreOauth2CredentialProviderOauth2ProviderConfigSlackOauth2ProviderConfig { clientCredentialsWoVersion?: pulumi.Input; clientId?: pulumi.Input; /** * **NOTE:** This field is write-only and its value will not be updated in state as part of read operations. */ clientIdWo?: pulumi.Input; clientSecret?: pulumi.Input; /** * **NOTE:** This field is write-only and its value will not be updated in state as part of read operations. */ clientSecretWo?: pulumi.Input; /** * OAuth discovery configuration. See `oauthDiscovery` below. */ oauthDiscoveries?: pulumi.Input[]>; } export interface AgentcoreOauth2CredentialProviderOauth2ProviderConfigSlackOauth2ProviderConfigOauthDiscovery { /** * Manual OAuth2 authorization server metadata configuration. Cannot be used together with `discoveryUrl`. See `authorizationServerMetadata` below. */ authorizationServerMetadatas: pulumi.Input[]>; /** * OpenID Connect discovery URL (e.g., `https://provider.com/.well-known/openid-configuration`). Cannot be used together with `authorizationServerMetadata`. */ discoveryUrl: pulumi.Input; } export interface AgentcoreOauth2CredentialProviderOauth2ProviderConfigSlackOauth2ProviderConfigOauthDiscoveryAuthorizationServerMetadata { /** * OAuth2 authorization endpoint URL. */ authorizationEndpoint: pulumi.Input; /** * OAuth2 authorization server issuer identifier. */ issuer: pulumi.Input; /** * Set of OAuth2 response types supported by the authorization server. */ responseTypes: pulumi.Input[]>; /** * OAuth2 token endpoint URL. */ tokenEndpoint: pulumi.Input; } export interface AgentcoreTokenVaultCmkKmsConfiguration { /** * Type of KMS key. Valid values: `CustomerManagedKey`, `ServiceManagedKey`. */ keyType: pulumi.Input; /** * ARN of the KMS key. */ kmsKeyArn?: pulumi.Input; } export interface CustomModelOutputDataConfig { /** * The S3 URI where the output data is stored. */ s3Uri: pulumi.Input; } export interface CustomModelTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; } export interface CustomModelTrainingDataConfig { /** * The S3 URI where the training data is stored. */ s3Uri: pulumi.Input; } export interface CustomModelTrainingMetric { /** * Loss metric associated with the customization job. */ trainingLoss: pulumi.Input; } export interface CustomModelValidationDataConfig { /** * Information about the validators. */ validators: pulumi.Input[]>; } export interface CustomModelValidationDataConfigValidator { /** * The S3 URI where the validation data is stored. */ s3Uri: pulumi.Input; } export interface CustomModelValidationMetric { /** * The validation loss associated with the validator. */ validationLoss: pulumi.Input; } export interface CustomModelVpcConfig { /** * VPC configuration security group IDs. */ securityGroupIds: pulumi.Input[]>; /** * VPC configuration subnets. */ subnetIds: pulumi.Input[]>; } export interface GetAgentAgentVersionsAgentVersionSummary { /** * Name of agent to which the version belongs. */ agentName?: string; /** * Status of the agent to which the version belongs. */ agentStatus?: string; /** * Version of the agent. */ agentVersion?: string; /** * Time at which the version was created. */ createdAt?: string; /** * Description of the version of the agent. * * `GuardrailConfiguration` - Details aout the guardrail associated with the agent. See Guardrail Configuration */ description?: string; guardrailConfigurations?: inputs.bedrock.GetAgentAgentVersionsAgentVersionSummaryGuardrailConfiguration[]; /** * Time at which the version was last updated. */ updatedAt?: string; } export interface GetAgentAgentVersionsAgentVersionSummaryArgs { /** * Name of agent to which the version belongs. */ agentName?: pulumi.Input; /** * Status of the agent to which the version belongs. */ agentStatus?: pulumi.Input; /** * Version of the agent. */ agentVersion?: pulumi.Input; /** * Time at which the version was created. */ createdAt?: pulumi.Input; /** * Description of the version of the agent. * * `GuardrailConfiguration` - Details aout the guardrail associated with the agent. See Guardrail Configuration */ description?: pulumi.Input; guardrailConfigurations?: pulumi.Input[]>; /** * Time at which the version was last updated. */ updatedAt?: pulumi.Input; } export interface GetAgentAgentVersionsAgentVersionSummaryGuardrailConfiguration { /** * Unique identifier of the guardrail. */ guardrailIdentifier?: string; /** * Version of the guardrail. */ guardrailVersion?: string; } export interface GetAgentAgentVersionsAgentVersionSummaryGuardrailConfigurationArgs { /** * Unique identifier of the guardrail. */ guardrailIdentifier?: pulumi.Input; /** * Version of the guardrail. */ guardrailVersion?: pulumi.Input; } export interface GuardrailContentPolicyConfig { /** * Set of content filter configs in content policy. * See Filters Config for more information. */ filtersConfigs?: pulumi.Input[]>; /** * Configuration block for the content policy tier. See Tier Config for more information. */ tierConfigs?: pulumi.Input[]>; } export interface GuardrailContentPolicyConfigFiltersConfig { /** * Action to take when harmful content is detected. Valid values: `BLOCK`, `NONE`. */ inputAction?: pulumi.Input; /** * Toggles guardrail evaluation on input. */ inputEnabled?: pulumi.Input; /** * List of selected input modalities. Valid values: `IMAGE`, `TEXT`. */ inputModalities?: pulumi.Input[]>; /** * Strength for filters. Valid values: `NONE`, `LOW`, `MEDIUM`, `HIGH`. */ inputStrength: pulumi.Input; /** * Action to take when harmful content is detected. Valid values: `BLOCK`, `NONE`. */ outputAction?: pulumi.Input; /** * Toggles guardrail evaluation on output. */ outputEnabled?: pulumi.Input; /** * List of selected output modalities. Valid values: `IMAGE`, `TEXT`. */ outputModalities?: pulumi.Input[]>; /** * Strength for filters. Valid values: `NONE`, `LOW`, `MEDIUM`, `HIGH`. */ outputStrength: pulumi.Input; /** * Type of contextual grounding filter. */ type: pulumi.Input; } export interface GuardrailContentPolicyConfigTierConfig { /** * The name of the content policy tier. Valid values include STANDARD or CLASSIC. */ tierName: pulumi.Input; } export interface GuardrailContextualGroundingPolicyConfig { /** * One or more blocks defining contextual grounding filter configs. See Contextual Grounding Filters Config for more information. */ filtersConfigs?: pulumi.Input[]>; } export interface GuardrailContextualGroundingPolicyConfigFiltersConfig { /** * The threshold for this filter. */ threshold: pulumi.Input; /** * Type of contextual grounding filter. */ type: pulumi.Input; } export interface GuardrailCrossRegionConfig { /** * Guardrail profile ARN. */ guardrailProfileIdentifier: pulumi.Input; } export interface GuardrailSensitiveInformationPolicyConfig { /** * List of entities. See PII Entities Config for more information. */ piiEntitiesConfigs?: pulumi.Input[]>; /** * List of regex. See Regexes Config for more information. */ regexesConfigs?: pulumi.Input[]>; } export interface GuardrailSensitiveInformationPolicyConfigPiiEntitiesConfig { /** * Options for sensitive information action. Valid values: `BLOCK`, `ANONYMIZE`, `NONE`. */ action: pulumi.Input; /** * Action to take when harmful content is detected in the input. Valid values: `BLOCK`, `ANONYMIZE`, `NONE`. */ inputAction?: pulumi.Input; /** * Whether to enable guardrail evaluation on the input. When disabled, you aren't charged for the evaluation. */ inputEnabled?: pulumi.Input; /** * Action to take when harmful content is detected in the output. Valid values: `BLOCK`, `ANONYMIZE`, `NONE`. */ outputAction?: pulumi.Input; /** * Whether to enable guardrail evaluation on the output. When disabled, you aren't charged for the evaluation. */ outputEnabled?: pulumi.Input; /** * The currently supported PII entities. */ type: pulumi.Input; } export interface GuardrailSensitiveInformationPolicyConfigRegexesConfig { /** * Options for sensitive information action. Valid values: `BLOCK`, `ANONYMIZE`, `NONE`. */ action: pulumi.Input; /** * The regex description. */ description?: pulumi.Input; /** * Action to take when harmful content is detected in the input. Valid values: `BLOCK`, `ANONYMIZE`, `NONE`. */ inputAction?: pulumi.Input; /** * Whether to enable guardrail evaluation on the input. When disabled, you aren't charged for the evaluation. */ inputEnabled?: pulumi.Input; /** * The regex name. */ name: pulumi.Input; /** * Action to take when harmful content is detected in the output. Valid values: `BLOCK`, `ANONYMIZE`, `NONE`. */ outputAction?: pulumi.Input; /** * Whether to enable guardrail evaluation on the output. When disabled, you aren't charged for the evaluation. */ outputEnabled?: pulumi.Input; /** * The regex pattern. */ pattern: pulumi.Input; } export interface GuardrailTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface GuardrailTopicPolicyConfig { /** * Configuration block for the topic policy tier. See Tier Config for more information. */ tierConfigs?: pulumi.Input[]>; /** * List of topic configs in topic policy. See Topics Config for more information. */ topicsConfigs?: pulumi.Input[]>; } export interface GuardrailTopicPolicyConfigTierConfig { /** * The name of the content policy tier. Valid values include STANDARD or CLASSIC. */ tierName: pulumi.Input; } export interface GuardrailTopicPolicyConfigTopicsConfig { /** * Definition of topic in topic policy. */ definition: pulumi.Input; /** * List of text examples. */ examples?: pulumi.Input[]>; /** * Name of topic in topic policy. */ name: pulumi.Input; /** * Type of topic in a policy. */ type: pulumi.Input; } export interface GuardrailVersionTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; } export interface GuardrailWordPolicyConfig { /** * A config for the list of managed words. See Managed Word Lists Config for more information. */ managedWordListsConfigs?: pulumi.Input[]>; /** * List of custom word configs. See Words Config for more information. */ wordsConfigs?: pulumi.Input[]>; } export interface GuardrailWordPolicyConfigManagedWordListsConfig { /** * Action to take when harmful content is detected in the input. Valid values: `BLOCK`, `NONE`. */ inputAction?: pulumi.Input; /** * Whether to enable guardrail evaluation on the input. When disabled, you aren't charged for the evaluation. */ inputEnabled?: pulumi.Input; /** * Action to take when harmful content is detected in the output. Valid values: `BLOCK`, `NONE`. */ outputAction?: pulumi.Input; /** * Whether to enable guardrail evaluation on the output. When disabled, you aren't charged for the evaluation. */ outputEnabled?: pulumi.Input; /** * Options for managed words. */ type: pulumi.Input; } export interface GuardrailWordPolicyConfigWordsConfig { /** * Action to take when harmful content is detected in the input. Valid values: `BLOCK`, `NONE`. */ inputAction?: pulumi.Input; /** * Whether to enable guardrail evaluation on the input. When disabled, you aren't charged for the evaluation. */ inputEnabled?: pulumi.Input; /** * Action to take when harmful content is detected in the output. Valid values: `BLOCK`, `NONE`. */ outputAction?: pulumi.Input; /** * Whether to enable guardrail evaluation on the output. When disabled, you aren't charged for the evaluation. */ outputEnabled?: pulumi.Input; /** * The custom word text. */ text: pulumi.Input; } export interface InferenceProfileModel { /** * The Amazon Resource Name (ARN) of the model. */ modelArn: pulumi.Input; } export interface InferenceProfileModelSource { /** * The Amazon Resource Name (ARN) of the model. */ copyFrom: pulumi.Input; } export interface InferenceProfileTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface ProvisionedModelThroughputTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; } } export namespace bedrockfoundation { } export namespace bedrockmodel { export interface InvocationLoggingConfigurationLoggingConfig { /** * CloudWatch logging configuration. See `cloudwatchConfig` Block for details. */ cloudwatchConfig?: pulumi.Input; /** * Set to include embeddings data in the log delivery. Defaults to `true`. */ embeddingDataDeliveryEnabled?: pulumi.Input; /** * Set to include image data in the log delivery. Defaults to `true`. */ imageDataDeliveryEnabled?: pulumi.Input; /** * S3 configuration for storing log data. See `s3Config` Block for details. */ s3Config?: pulumi.Input; /** * Set to include text data in the log delivery. Defaults to `true`. */ textDataDeliveryEnabled?: pulumi.Input; /** * Set to include text data in the log delivery. Defaults to `true`. */ videoDataDeliveryEnabled?: pulumi.Input; } export interface InvocationLoggingConfigurationLoggingConfigCloudwatchConfig { /** * S3 configuration for delivering a large amount of data. See `largeDataDeliveryS3Config` Block for details. */ largeDataDeliveryS3Config?: pulumi.Input; /** * Log group name. */ logGroupName: pulumi.Input; /** * The role ARN. */ roleArn: pulumi.Input; } export interface InvocationLoggingConfigurationLoggingConfigCloudwatchConfigLargeDataDeliveryS3Config { /** * S3 bucket name. */ bucketName: pulumi.Input; /** * S3 prefix. */ keyPrefix?: pulumi.Input; } export interface InvocationLoggingConfigurationLoggingConfigS3Config { /** * S3 bucket name. */ bucketName: pulumi.Input; /** * S3 prefix. */ keyPrefix?: pulumi.Input; } } export namespace billing { export interface ViewDataFilterExpression { /** * Dimension to use for `expression`. Refer to #dimensions for more details. */ dimensions?: pulumi.Input; /** * List of key value map specifying tags associated to the billing view being created. */ tags?: pulumi.Input[]>; /** * Time range to use for `expression`. Refer to #time-range for more details. */ timeRange?: pulumi.Input; } export interface ViewDataFilterExpressionDimensions { /** * Key of the dimension. Possible values are `LINKED_ACCOUNT`. */ key: pulumi.Input; /** * List of metadata values that you can use to filter and group your results. */ values: pulumi.Input[]>; } export interface ViewDataFilterExpressionTag { /** * Key of the tag. */ key: pulumi.Input; /** * List of values for the tag. */ values: pulumi.Input[]>; } export interface ViewDataFilterExpressionTimeRange { /** * Inclusive end date of the time range. */ beginDateInclusive: pulumi.Input; endDateInclusive: pulumi.Input; } export interface ViewTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } } export namespace budgets { export interface BudgetActionActionThreshold { /** * The type of threshold for a notification. Valid values are `PERCENTAGE` or `ABSOLUTE_VALUE`. */ actionThresholdType: pulumi.Input; /** * The threshold of a notification. */ actionThresholdValue: pulumi.Input; } export interface BudgetActionDefinition { /** * The AWS Identity and Access Management (IAM) action definition details. See IAM Action Definition. */ iamActionDefinition?: pulumi.Input; /** * The service control policies (SCPs) action definition details. See SCP Action Definition. */ scpActionDefinition?: pulumi.Input; /** * The AWS Systems Manager (SSM) action definition details. See SSM Action Definition. */ ssmActionDefinition?: pulumi.Input; } export interface BudgetActionDefinitionIamActionDefinition { /** * A list of groups to be attached. There must be at least one group. */ groups?: pulumi.Input[]>; /** * The Amazon Resource Name (ARN) of the policy to be attached. */ policyArn: pulumi.Input; /** * A list of roles to be attached. There must be at least one role. */ roles?: pulumi.Input[]>; /** * A list of users to be attached. There must be at least one user. */ users?: pulumi.Input[]>; } export interface BudgetActionDefinitionScpActionDefinition { /** * The policy ID attached. */ policyId: pulumi.Input; /** * A list of target IDs. */ targetIds: pulumi.Input[]>; } export interface BudgetActionDefinitionSsmActionDefinition { /** * The action subType. Valid values are `STOP_EC2_INSTANCES` or `STOP_RDS_INSTANCES`. */ actionSubType: pulumi.Input; /** * The EC2 and RDS instance IDs. */ instanceIds: pulumi.Input[]>; /** * The Region to run the SSM document. */ region: pulumi.Input; } export interface BudgetActionSubscriber { /** * The address that AWS sends budget notifications to, either an SNS topic or an email. */ address: pulumi.Input; /** * The type of notification that AWS sends to a subscriber. Valid values are `SNS` or `EMAIL`. */ subscriptionType: pulumi.Input; } export interface BudgetAutoAdjustData { /** * (Required) - The string that defines whether your budget auto-adjusts based on historical or forecasted data. Valid values: `FORECAST`,`HISTORICAL` */ autoAdjustType: pulumi.Input; /** * (Optional) - Configuration block of Historical Options. Required for `autoAdjustType` of `HISTORICAL` Configuration block that defines the historical data that your auto-adjusting budget is based on. */ historicalOptions?: pulumi.Input; /** * (Optional) - The last time that your budget was auto-adjusted. */ lastAutoAdjustTime?: pulumi.Input; } export interface BudgetAutoAdjustDataHistoricalOptions { /** * (Required) - The number of budget periods included in the moving-average calculation that determines your auto-adjusted budget amount. */ budgetAdjustmentPeriod: pulumi.Input; /** * (Optional) - The integer that describes how many budget periods in your BudgetAdjustmentPeriod are included in the calculation of your current budget limit. If the first budget period in your BudgetAdjustmentPeriod has no cost data, then that budget period isn’t included in the average that determines your budget limit. You can’t set your own LookBackAvailablePeriods. The value is automatically calculated from the `budgetAdjustmentPeriod` and your historical cost data. */ lookbackAvailablePeriods?: pulumi.Input; } export interface BudgetCostFilter { /** * The name of a budget. Unique within accounts. */ name: pulumi.Input; values: pulumi.Input[]>; } export interface BudgetCostTypes { /** * A boolean value whether to include credits in the cost budget. Defaults to `true` */ includeCredit?: pulumi.Input; /** * Whether a budget includes discounts. Defaults to `true` */ includeDiscount?: pulumi.Input; /** * A boolean value whether to include other subscription costs in the cost budget. Defaults to `true` */ includeOtherSubscription?: pulumi.Input; /** * A boolean value whether to include recurring costs in the cost budget. Defaults to `true` */ includeRecurring?: pulumi.Input; /** * A boolean value whether to include refunds in the cost budget. Defaults to `true` */ includeRefund?: pulumi.Input; /** * A boolean value whether to include subscriptions in the cost budget. Defaults to `true` */ includeSubscription?: pulumi.Input; /** * A boolean value whether to include support costs in the cost budget. Defaults to `true` */ includeSupport?: pulumi.Input; /** * A boolean value whether to include tax in the cost budget. Defaults to `true` */ includeTax?: pulumi.Input; /** * A boolean value whether to include upfront costs in the cost budget. Defaults to `true` */ includeUpfront?: pulumi.Input; /** * Whether a budget uses the amortized rate. Defaults to `false` */ useAmortized?: pulumi.Input; /** * A boolean value whether to use blended costs in the cost budget. Defaults to `false` */ useBlended?: pulumi.Input; } export interface BudgetNotification { /** * (Required) Comparison operator to use to evaluate the condition. Can be `LESS_THAN`, `EQUAL_TO` or `GREATER_THAN`. */ comparisonOperator: pulumi.Input; /** * (Required) What kind of budget value to notify on. Can be `ACTUAL` or `FORECASTED` */ notificationType: pulumi.Input; /** * (Optional) E-Mail addresses to notify. Either this or `subscriberSnsTopicArns` is required. */ subscriberEmailAddresses?: pulumi.Input[]>; /** * (Optional) SNS topics to notify. Either this or `subscriberEmailAddresses` is required. */ subscriberSnsTopicArns?: pulumi.Input[]>; /** * (Required) Threshold when the notification should be sent. */ threshold: pulumi.Input; /** * (Required) What kind of threshold is defined. Can be `PERCENTAGE` OR `ABSOLUTE_VALUE`. */ thresholdType: pulumi.Input; } export interface BudgetPlannedLimit { /** * (Required) The amount of cost or usage being measured for a budget. */ amount: pulumi.Input; /** * (Required) The start time of the budget limit. Format: `2017-01-01_12:00`. See [PlannedBudgetLimits](https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_budgets_Budget.html#awscostmanagement-Type-budgets_Budget-PlannedBudgetLimits) documentation. */ startTime: pulumi.Input; /** * (Required) The unit of measurement used for the budget forecast, actual spend, or budget threshold, such as dollars or GB. See [Spend](http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/data-type-spend.html) documentation. */ unit: pulumi.Input; } } export namespace cfg { export interface ConfigurationAggregatorAccountAggregationSource { /** * List of 12-digit account IDs of the account(s) being aggregated. */ accountIds: pulumi.Input[]>; /** * If true, aggregate existing AWS Config regions and future regions. */ allRegions?: pulumi.Input; /** * List of source regions being aggregated. * * Either `regions` or `allRegions` (as true) must be specified. */ regions?: pulumi.Input[]>; } export interface ConfigurationAggregatorOrganizationAggregationSource { /** * If true, aggregate existing AWS Config regions and future regions. */ allRegions?: pulumi.Input; /** * List of source regions being aggregated. */ regions?: pulumi.Input[]>; /** * ARN of the IAM role used to retrieve AWS Organization details associated with the aggregator account. * * Either `regions` or `allRegions` (as true) must be specified. */ roleArn: pulumi.Input; } export interface ConformancePackInputParameter { /** * The input key. */ parameterName: pulumi.Input; /** * The input value. */ parameterValue: pulumi.Input; } export interface DeliveryChannelSnapshotDeliveryProperties { /** * The frequency with which AWS Config recurringly delivers configuration snapshotsE.g., `One_Hour` or `Three_Hours`. Valid values are listed [here](https://docs.aws.amazon.com/config/latest/APIReference/API_ConfigSnapshotDeliveryProperties.html#API_ConfigSnapshotDeliveryProperties_Contents). */ deliveryFrequency?: pulumi.Input; } export interface OrganizationConformancePackInputParameter { /** * The input key. */ parameterName: pulumi.Input; /** * The input value. */ parameterValue: pulumi.Input; } export interface RecorderRecordingGroup { /** * Specifies whether AWS Config records configuration changes for every supported type of regional resource (which includes any new type that will become supported in the future). Conflicts with `resourceTypes`. Defaults to `true`. */ allSupported?: pulumi.Input; /** * An object that specifies how AWS Config excludes resource types from being recorded by the configuration recorder.To use this option, you must set the useOnly field of RecordingStrategy to `EXCLUSION_BY_RESOURCE_TYPES` Requires `allSupported = false`. Conflicts with `resourceTypes`. */ exclusionByResourceTypes?: pulumi.Input[]>; /** * Specifies whether AWS Config includes all supported types of _global resources_ with the resources that it records. Requires `allSupported = true`. Conflicts with `resourceTypes`. */ includeGlobalResourceTypes?: pulumi.Input; /** * Recording Strategy. Detailed below. */ recordingStrategies?: pulumi.Input[]>; /** * A list that specifies the types of AWS resources for which AWS Config records configuration changes (for example, `AWS::EC2::Instance` or `AWS::CloudTrail::Trail`). See [relevant part of AWS Docs](http://docs.aws.amazon.com/config/latest/APIReference/API_ResourceIdentifier.html#config-Type-ResourceIdentifier-resourceType) for available types. In order to use this attribute, `allSupported` must be set to false. */ resourceTypes?: pulumi.Input[]>; } export interface RecorderRecordingGroupExclusionByResourceType { /** * A list that specifies the types of AWS resources for which AWS Config excludes records configuration changes. See [relevant part of AWS Docs](http://docs.aws.amazon.com/config/latest/APIReference/API_ResourceIdentifier.html#config-Type-ResourceIdentifier-resourceType) for available types. */ resourceTypes?: pulumi.Input[]>; } export interface RecorderRecordingGroupRecordingStrategy { useOnly?: pulumi.Input; } export interface RecorderRecordingMode { /** * Default recording frequency. `CONTINUOUS` or `DAILY`. */ recordingFrequency?: pulumi.Input; /** * Recording mode overrides. Detailed below. */ recordingModeOverride?: pulumi.Input; } export interface RecorderRecordingModeRecordingModeOverride { /** * A description you provide of the override. */ description?: pulumi.Input; /** * The recording frequency for the resources in the override block. `CONTINUOUS` or `DAILY`. */ recordingFrequency: pulumi.Input; /** * A list that specifies the types of AWS resources for which the override applies to. See [restrictions in the AWS Docs](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingModeOverride.html) */ resourceTypes: pulumi.Input[]>; } export interface RemediationConfigurationExecutionControls { /** * Configuration block for SSM controls. See below. */ ssmControls?: pulumi.Input; } export interface RemediationConfigurationExecutionControlsSsmControls { /** * Maximum percentage of remediation actions allowed to run in parallel on the non-compliant resources for that specific rule. The default value is 10%. */ concurrentExecutionRatePercentage?: pulumi.Input; /** * Percentage of errors that are allowed before SSM stops running automations on non-compliant resources for that specific rule. The default is 50%. */ errorPercentage?: pulumi.Input; } export interface RemediationConfigurationParameter { /** * Name of the attribute. */ name: pulumi.Input; /** * Value is dynamic and changes at run-time. */ resourceValue?: pulumi.Input; /** * Value is static and does not change at run-time. */ staticValue?: pulumi.Input; /** * List of static values. */ staticValues?: pulumi.Input[]>; } export interface RuleEvaluationMode { /** * The mode of an evaluation. */ mode?: pulumi.Input; } export interface RuleScope { /** * The IDs of the only AWS resource that you want to trigger an evaluation for the rule. If you specify a resource ID, you must specify one resource type for `complianceResourceTypes`. */ complianceResourceId?: pulumi.Input; /** * A list of resource types of only those AWS resources that you want to trigger an evaluation for the ruleE.g., `AWS::EC2::Instance`. You can only specify one type if you also specify a resource ID for `complianceResourceId`. See [relevant part of AWS Docs](http://docs.aws.amazon.com/config/latest/APIReference/API_ResourceIdentifier.html#config-Type-ResourceIdentifier-resourceType) for available types. */ complianceResourceTypes?: pulumi.Input[]>; /** * The tag key that is applied to only those AWS resources that you want you want to trigger an evaluation for the rule. */ tagKey?: pulumi.Input; /** * The tag value applied to only those AWS resources that you want to trigger an evaluation for the rule. */ tagValue?: pulumi.Input; } export interface RuleSource { /** * Provides the runtime system, policy definition, and whether debug logging is enabled. Required when owner is set to `CUSTOM_POLICY`. See Custom Policy Details Below. */ customPolicyDetails?: pulumi.Input; /** * Indicates whether AWS or the customer owns and manages the AWS Config rule. Valid values are `AWS`, `CUSTOM_LAMBDA` or `CUSTOM_POLICY`. For more information about managed rules, see the [AWS Config Managed Rules documentation](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_use-managed-rules.html). For more information about custom rules, see the [AWS Config Custom Rules documentation](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_develop-rules.html). Custom Lambda Functions require permissions to allow the AWS Config service to invoke them, e.g., via the `aws.lambda.Permission` resource. */ owner: pulumi.Input; /** * Provides the source and type of the event that causes AWS Config to evaluate your AWS resources. Only valid if `owner` is `CUSTOM_LAMBDA` or `CUSTOM_POLICY`. See Source Detail Below. */ sourceDetails?: pulumi.Input[]>; /** * For AWS Config managed rules, a predefined identifier, e.g `IAM_PASSWORD_POLICY`. For custom Lambda rules, the identifier is the ARN of the Lambda Function, such as `arn:aws:lambda:us-east-1:123456789012:function:custom_rule_name` or the `arn` attribute of the `aws.lambda.Function` resource. */ sourceIdentifier?: pulumi.Input; } export interface RuleSourceCustomPolicyDetails { /** * The boolean expression for enabling debug logging for your Config Custom Policy rule. The default value is `false`. */ enableDebugLogDelivery?: pulumi.Input; /** * The runtime system for your Config Custom Policy rule. Guard is a policy-as-code language that allows you to write policies that are enforced by Config Custom Policy rules. For more information about Guard, see the [Guard GitHub Repository](https://github.com/aws-cloudformation/cloudformation-guard). */ policyRuntime: pulumi.Input; /** * The policy definition containing the logic for your Config Custom Policy rule. */ policyText: pulumi.Input; } export interface RuleSourceSourceDetail { /** * The source of the event, such as an AWS service, that triggers AWS Config to evaluate your AWSresources. This defaults to `aws.config` and is the only valid value. */ eventSource?: pulumi.Input; /** * The frequency that you want AWS Config to run evaluations for a rule that istriggered periodically. If specified, requires `messageType` to be `ScheduledNotification`. */ maximumExecutionFrequency?: pulumi.Input; /** * The type of notification that triggers AWS Config to run an evaluation for a rule. You canspecify the following notification types: * * `ConfigurationItemChangeNotification` - Triggers an evaluation when AWS Config delivers a configuration item as a result of a resource change. * * `OversizedConfigurationItemChangeNotification` - Triggers an evaluation when AWS Config delivers an oversized configuration item. AWS Config may generate this notification type when a resource changes and the notification exceeds the maximum size allowed by Amazon SNS. * * `ScheduledNotification` - Triggers a periodic evaluation at the frequency specified for `maximumExecutionFrequency`. * * `ConfigurationSnapshotDeliveryCompleted` - Triggers a periodic evaluation when AWS Config delivers a configuration snapshot. */ messageType?: pulumi.Input; } } export namespace chatbot { export interface SlackChannelConfigurationTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface TeamsChannelConfigurationTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } } export namespace chime { export interface SdkvoiceGlobalSettingsVoiceConnector { /** * The S3 bucket that stores the Voice Connector's call detail records. */ cdrBucket?: pulumi.Input; } export interface SdkvoiceSipMediaApplicationEndpoints { /** * Valid Amazon Resource Name (ARN) of the Lambda function, version, or alias. The function must be created in the same AWS Region as the SIP media application. */ lambdaArn: pulumi.Input; } export interface SdkvoiceSipRuleTargetApplication { /** * The AWS Region of the target application. */ awsRegion: pulumi.Input; /** * Priority of the SIP media application in the target list. */ priority: pulumi.Input; /** * The SIP media application ID. */ sipMediaApplicationId: pulumi.Input; } export interface SdkvoiceVoiceProfileDomainServerSideEncryptionConfiguration { /** * ARN for KMS Key. * * The following arguments are optional: */ kmsKeyArn: pulumi.Input; } export interface VoiceConnectorGroupConnector { /** * The priority associated with the Amazon Chime Voice Connector, with 1 being the highest priority. Higher priority Amazon Chime Voice Connectors are attempted first. */ priority: pulumi.Input; /** * The Amazon Chime Voice Connector ID. */ voiceConnectorId: pulumi.Input; } export interface VoiceConnectorOriginationRoute { /** * The FQDN or IP address to contact for origination traffic. */ host: pulumi.Input; /** * The designated origination route port. Defaults to `5060`. */ port?: pulumi.Input; /** * The priority associated with the host, with 1 being the highest priority. Higher priority hosts are attempted first. */ priority: pulumi.Input; /** * The protocol to use for the origination route. Encryption-enabled Amazon Chime Voice Connectors use TCP protocol by default. */ protocol: pulumi.Input; /** * The weight associated with the host. If hosts are equal in priority, calls are redistributed among them based on their relative weight. */ weight: pulumi.Input; } export interface VoiceConnectorStreamingMediaInsightsConfiguration { /** * The media insights configuration that will be invoked by the Voice Connector. */ configurationArn?: pulumi.Input; /** * When `true`, the media insights configuration is not enabled. Defaults to `false`. */ disabled?: pulumi.Input; } export interface VoiceConnectorTerminationCredentialsCredential { /** * RFC2617 compliant password associated with the SIP credentials. */ password: pulumi.Input; /** * RFC2617 compliant username associated with the SIP credentials. */ username: pulumi.Input; } } export namespace chimesdkmediapipelines { export interface MediaInsightsPipelineConfigurationElement { /** * Configuration for Amazon Transcribe Call Analytics processor. */ amazonTranscribeCallAnalyticsProcessorConfiguration?: pulumi.Input; /** * Configuration for Amazon Transcribe processor. */ amazonTranscribeProcessorConfiguration?: pulumi.Input; /** * Configuration for Kinesis Data Stream sink. */ kinesisDataStreamSinkConfiguration?: pulumi.Input; /** * Configuration for Lambda Function sink. */ lambdaFunctionSinkConfiguration?: pulumi.Input; /** * Configuration for S3 recording sink. */ s3RecordingSinkConfiguration?: pulumi.Input; /** * Configuration for SNS Topic sink. */ snsTopicSinkConfiguration?: pulumi.Input; /** * Configuration for SQS Queue sink. */ sqsQueueSinkConfiguration?: pulumi.Input; /** * Element type. */ type: pulumi.Input; /** * Configuration for Voice analytics processor. */ voiceAnalyticsProcessorConfiguration?: pulumi.Input; } export interface MediaInsightsPipelineConfigurationElementAmazonTranscribeCallAnalyticsProcessorConfiguration { /** * Filter for category events to be delivered to insights target. */ callAnalyticsStreamCategories?: pulumi.Input[]>; /** * Labels all personally identifiable information (PII) identified in Utterance events. */ contentIdentificationType?: pulumi.Input; /** * Redacts all personally identifiable information (PII) identified in Utterance events. */ contentRedactionType?: pulumi.Input; /** * Enables partial result stabilization in Utterance events. */ enablePartialResultsStabilization?: pulumi.Input; /** * Filters partial Utterance events from delivery to the insights target. */ filterPartialResults?: pulumi.Input; /** * Language code for the transcription model. */ languageCode: pulumi.Input; /** * Name of custom language model for transcription. */ languageModelName?: pulumi.Input; /** * Level of stability to use when partial results stabilization is enabled. */ partialResultsStability?: pulumi.Input; /** * Types of personally identifiable information (PII) to redact from an Utterance event. */ piiEntityTypes?: pulumi.Input; /** * Settings for post call analytics. */ postCallAnalyticsSettings?: pulumi.Input; /** * Method for applying a vocabulary filter to Utterance events. */ vocabularyFilterMethod?: pulumi.Input; /** * Name of the custom vocabulary filter to use when processing Utterance events. */ vocabularyFilterName?: pulumi.Input; /** * Name of the custom vocabulary to use when processing Utterance events. */ vocabularyName?: pulumi.Input; } export interface MediaInsightsPipelineConfigurationElementAmazonTranscribeCallAnalyticsProcessorConfigurationPostCallAnalyticsSettings { /** * Should output be redacted. */ contentRedactionOutput?: pulumi.Input; /** * ARN of the role used by AWS Transcribe to upload your post call analysis. */ dataAccessRoleArn: pulumi.Input; /** * ID of the KMS key used to encrypt the output. */ outputEncryptionKmsKeyId?: pulumi.Input; /** * The Amazon S3 location where you want your Call Analytics post-call transcription output stored. */ outputLocation: pulumi.Input; } export interface MediaInsightsPipelineConfigurationElementAmazonTranscribeProcessorConfiguration { /** * Labels all personally identifiable information (PII) identified in Transcript events. */ contentIdentificationType?: pulumi.Input; /** * Redacts all personally identifiable information (PII) identified in Transcript events. */ contentRedactionType?: pulumi.Input; /** * Enables partial result stabilization in Transcript events. */ enablePartialResultsStabilization?: pulumi.Input; /** * Filters partial Utterance events from delivery to the insights target. */ filterPartialResults?: pulumi.Input; /** * Language code for the transcription model. */ languageCode: pulumi.Input; /** * Name of custom language model for transcription. */ languageModelName?: pulumi.Input; /** * Level of stability to use when partial results stabilization is enabled. */ partialResultsStability?: pulumi.Input; /** * Types of personally identifiable information (PII) to redact from a Transcript event. */ piiEntityTypes?: pulumi.Input; /** * Enables speaker partitioning (diarization) in your Transcript events. */ showSpeakerLabel?: pulumi.Input; /** * Method for applying a vocabulary filter to Transcript events. */ vocabularyFilterMethod?: pulumi.Input; /** * Name of the custom vocabulary filter to use when processing Transcript events. */ vocabularyFilterName?: pulumi.Input; /** * Name of the custom vocabulary to use when processing Transcript events. */ vocabularyName?: pulumi.Input; } export interface MediaInsightsPipelineConfigurationElementKinesisDataStreamSinkConfiguration { /** * Kinesis Data Stream to deliver results. */ insightsTarget: pulumi.Input; } export interface MediaInsightsPipelineConfigurationElementLambdaFunctionSinkConfiguration { /** * Lambda Function to deliver results. */ insightsTarget: pulumi.Input; } export interface MediaInsightsPipelineConfigurationElementS3RecordingSinkConfiguration { /** * S3 URI to deliver recordings. */ destination?: pulumi.Input; } export interface MediaInsightsPipelineConfigurationElementSnsTopicSinkConfiguration { /** * SNS topic to deliver results. */ insightsTarget: pulumi.Input; } export interface MediaInsightsPipelineConfigurationElementSqsQueueSinkConfiguration { /** * SQS queue to deliver results. */ insightsTarget: pulumi.Input; } export interface MediaInsightsPipelineConfigurationElementVoiceAnalyticsProcessorConfiguration { /** * Enable speaker search. */ speakerSearchStatus: pulumi.Input; /** * Enable voice tone analysis. */ voiceToneAnalysisStatus: pulumi.Input; } export interface MediaInsightsPipelineConfigurationRealTimeAlertConfiguration { /** * Disables real time alert rules. */ disabled?: pulumi.Input; /** * Collection of real time alert rules */ rules: pulumi.Input[]>; } export interface MediaInsightsPipelineConfigurationRealTimeAlertConfigurationRule { /** * Configuration for an issue detection rule. */ issueDetectionConfiguration?: pulumi.Input; /** * Configuration for a keyword match rule. */ keywordMatchConfiguration?: pulumi.Input; /** * Configuration for a sentiment rule. */ sentimentConfiguration?: pulumi.Input; /** * Rule type. */ type: pulumi.Input; } export interface MediaInsightsPipelineConfigurationRealTimeAlertConfigurationRuleIssueDetectionConfiguration { /** * Rule name. */ ruleName: pulumi.Input; } export interface MediaInsightsPipelineConfigurationRealTimeAlertConfigurationRuleKeywordMatchConfiguration { /** * Collection of keywords to match. */ keywords: pulumi.Input[]>; /** * Negate the rule. */ negate?: pulumi.Input; /** * Rule name. */ ruleName: pulumi.Input; } export interface MediaInsightsPipelineConfigurationRealTimeAlertConfigurationRuleSentimentConfiguration { /** * Rule name. */ ruleName: pulumi.Input; /** * Sentiment type to match. */ sentimentType: pulumi.Input; /** * Analysis interval. */ timePeriod: pulumi.Input; } } export namespace cleanrooms { export interface CollaborationDataEncryptionMetadata { /** * Whether encrypted tables can contain cleartext data. This is a boolean field. */ allowClearText: pulumi.Input; /** * Whether Fingerprint columns can contain duplicate entries. This is a boolean field. */ allowDuplicates: pulumi.Input; /** * Whether Fingerprint columns can be joined on any other Fingerprint column with a different name. This is a boolean field. */ allowJoinsOnColumnsWithDifferentNames: pulumi.Input; /** * Whether NULL values are to be copied as NULL to encrypted tables (true) or cryptographically processed (false). */ preserveNulls: pulumi.Input; } export interface CollaborationMember { /** * Account ID for the invited member. */ accountId: pulumi.Input; /** * Display name for the invited member. */ displayName: pulumi.Input; /** * List of abilities for the invited member. Valid values [may be found here](https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_CreateCollaboration.html#API-CreateCollaboration-request-creatorMemberAbilities). */ memberAbilities: pulumi.Input[]>; /** * For each member included in the collaboration an additional computed attribute of status is added. These values [may be found here](https://docs.aws.amazon.com/clean-rooms/latest/apireference/API_MemberSummary.html#API-Type-MemberSummary-status). */ status?: pulumi.Input; } export interface ConfiguredTableTableReference { databaseName: pulumi.Input; tableName: pulumi.Input; } export interface MembershipDefaultResultConfiguration { outputConfiguration: pulumi.Input; /** * The ARN of the IAM role which will be used to create the membership. * - `output_configuration.s3.bucket` - (Required) - The name of the S3 bucket where the query results will be stored. * - `output_configuration.s3.result_format` - (Required) - The format of the query results. Valid values are `PARQUET` and `CSV`. * - `output_configuration.s3.key_prefix` - (Optional) - The prefix used for the query results. */ roleArn?: pulumi.Input; } export interface MembershipDefaultResultConfigurationOutputConfiguration { s3: pulumi.Input; } export interface MembershipDefaultResultConfigurationOutputConfigurationS3 { bucket: pulumi.Input; keyPrefix?: pulumi.Input; resultFormat: pulumi.Input; } export interface MembershipPaymentConfiguration { queryCompute: pulumi.Input; } export interface MembershipPaymentConfigurationQueryCompute { /** * Indicates whether the collaboration member has accepted to pay for query compute costs. */ isResponsible: pulumi.Input; } } export namespace cloudformation { export interface CloudFormationTypeLoggingConfig { /** * Name of the CloudWatch Log Group where CloudFormation sends error logging information when invoking the type's handlers. */ logGroupName: pulumi.Input; /** * Amazon Resource Name (ARN) of the IAM Role CloudFormation assumes when sending error logging information to CloudWatch Logs. */ logRoleArn: pulumi.Input; } export interface StackInstancesDeploymentTargets { /** * Limit deployment targets to individual accounts or include additional accounts with provided OUs. Valid values: `INTERSECTION`, `DIFFERENCE`, `UNION`, `NONE`. */ accountFilterType?: pulumi.Input; /** * List of accounts to deploy stack set updates. */ accounts?: pulumi.Input[]>; /** * S3 URL of the file containing the list of accounts. */ accountsUrl?: pulumi.Input; /** * Organization root ID or organizational unit (OU) IDs to which stack sets deploy. */ organizationalUnitIds?: pulumi.Input[]>; } export interface StackInstancesOperationPreferences { /** * How the concurrency level behaves during the operation execution. Valid values are `STRICT_FAILURE_TOLERANCE` and `SOFT_FAILURE_TOLERANCE`. */ concurrencyMode?: pulumi.Input; /** * Number of accounts, per region, for which this operation can fail before CloudFormation stops the operation in that region. */ failureToleranceCount?: pulumi.Input; /** * Percentage of accounts, per region, for which this stack operation can fail before CloudFormation stops the operation in that region. */ failureTolerancePercentage?: pulumi.Input; /** * Maximum number of accounts in which to perform this operation at one time. */ maxConcurrentCount?: pulumi.Input; /** * Maximum percentage of accounts in which to perform this operation at one time. */ maxConcurrentPercentage?: pulumi.Input; /** * Concurrency type of deploying stack sets operations in regions, could be in parallel or one region at a time. Valid values are `SEQUENTIAL` and `PARALLEL`. */ regionConcurrencyType?: pulumi.Input; /** * Order of the regions where you want to perform the stack operation. */ regionOrders?: pulumi.Input[]>; } export interface StackInstancesStackInstanceSummary { /** * Account ID in which the instance is deployed. */ accountId?: pulumi.Input; /** * Detailed status of the stack instance. Values include `PENDING`, `RUNNING`, `SUCCEEDED`, `FAILED`, `CANCELLED`, `INOPERABLE`, `SKIPPED_SUSPENDED_ACCOUNT`, `FAILED_IMPORT`. */ detailedStatus?: pulumi.Input; /** * Status of the stack instance's actual configuration compared to the expected template and parameter configuration of the stack set to which it belongs. Values include `DRIFTED`, `IN_SYNC`, `UNKNOWN`, `NOT_CHECKED`. */ driftStatus?: pulumi.Input; /** * Organization root ID or organizational unit (OU) IDs that you specified for `deploymentTargets`. */ organizationalUnitId?: pulumi.Input; /** * Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration. */ region?: pulumi.Input; /** * ID of the stack instance. */ stackId?: pulumi.Input; /** * Name or unique ID of the stack set that the stack instance is associated with. */ stackSetId?: pulumi.Input; /** * Status of the stack instance, in terms of its synchronization with its associated stack set. Values include `CURRENT`, `OUTDATED`, `INOPERABLE`. */ status?: pulumi.Input; /** * Explanation for the specific status code assigned to this stack instance. */ statusReason?: pulumi.Input; } export interface StackSetAutoDeployment { /** * Whether or not auto-deployment is enabled. */ enabled?: pulumi.Input; /** * Whether or not to retain stacks when the account is removed. */ retainStacksOnAccountRemoval?: pulumi.Input; } export interface StackSetInstanceDeploymentTargets { /** * Limit deployment targets to individual accounts or include additional accounts with provided OUs. Valid values: `INTERSECTION`, `DIFFERENCE`, `UNION`, `NONE`. */ accountFilterType?: pulumi.Input; /** * List of accounts to deploy stack set updates. */ accounts?: pulumi.Input[]>; /** * S3 URL of the file containing the list of accounts. */ accountsUrl?: pulumi.Input; /** * Organization root ID or organizational unit (OU) IDs to which StackSets deploys. */ organizationalUnitIds?: pulumi.Input[]>; } export interface StackSetInstanceOperationPreferences { /** * Specifies how the concurrency level behaves during the operation execution. Valid values are `STRICT_FAILURE_TOLERANCE` and `SOFT_FAILURE_TOLERANCE`. */ concurrencyMode?: pulumi.Input; /** * Number of accounts, per Region, for which this operation can fail before AWS CloudFormation stops the operation in that Region. */ failureToleranceCount?: pulumi.Input; /** * Percentage of accounts, per Region, for which this stack operation can fail before AWS CloudFormation stops the operation in that Region. */ failureTolerancePercentage?: pulumi.Input; /** * Maximum number of accounts in which to perform this operation at one time. */ maxConcurrentCount?: pulumi.Input; /** * Maximum percentage of accounts in which to perform this operation at one time. */ maxConcurrentPercentage?: pulumi.Input; /** * Concurrency type of deploying StackSets operations in Regions, could be in parallel or one Region at a time. Valid values are `SEQUENTIAL` and `PARALLEL`. */ regionConcurrencyType?: pulumi.Input; /** * Order of the Regions in where you want to perform the stack operation. */ regionOrders?: pulumi.Input[]>; } export interface StackSetInstanceStackInstanceSummary { /** * Target AWS Account ID to create a Stack based on the StackSet. Defaults to current account. */ accountId?: pulumi.Input; /** * Organizational unit ID in which the stack is deployed. */ organizationalUnitId?: pulumi.Input; /** * Stack identifier. */ stackId?: pulumi.Input; } export interface StackSetManagedExecution { /** * When set to true, StackSets performs non-conflicting operations concurrently and queues conflicting operations. After conflicting operations finish, StackSets starts queued operations in request order. Default is false. */ active?: pulumi.Input; } export interface StackSetOperationPreferences { /** * The number of accounts, per Region, for which this operation can fail before AWS CloudFormation stops the operation in that Region. */ failureToleranceCount?: pulumi.Input; /** * The percentage of accounts, per Region, for which this stack operation can fail before AWS CloudFormation stops the operation in that Region. */ failureTolerancePercentage?: pulumi.Input; /** * The maximum number of accounts in which to perform this operation at one time. */ maxConcurrentCount?: pulumi.Input; /** * The maximum percentage of accounts in which to perform this operation at one time. */ maxConcurrentPercentage?: pulumi.Input; /** * The concurrency type of deploying StackSets operations in Regions, could be in parallel or one Region at a time. */ regionConcurrencyType?: pulumi.Input; /** * The order of the Regions in where you want to perform the stack operation. */ regionOrders?: pulumi.Input[]>; } } export namespace cloudfront { export interface AnycastIpListTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; } export interface CachePolicyParametersInCacheKeyAndForwardedToOrigin { /** * Whether any cookies in viewer requests are included in the cache key and automatically included in requests that CloudFront sends to the origin. See Cookies Config for more information. */ cookiesConfig: pulumi.Input; /** * Flag determines whether the Accept-Encoding HTTP header is included in the cache key and in requests that CloudFront sends to the origin. */ enableAcceptEncodingBrotli?: pulumi.Input; /** * Whether the Accept-Encoding HTTP header is included in the cache key and in requests sent to the origin by CloudFront. */ enableAcceptEncodingGzip?: pulumi.Input; /** * Whether any HTTP headers are included in the cache key and automatically included in requests that CloudFront sends to the origin. See Headers Config for more information. */ headersConfig: pulumi.Input; /** * Whether any URL query strings in viewer requests are included in the cache key. It also automatically includes these query strings in requests that CloudFront sends to the origin. Please refer to the Query String Config for more information. */ queryStringsConfig: pulumi.Input; } export interface CachePolicyParametersInCacheKeyAndForwardedToOriginCookiesConfig { /** * Whether any cookies in viewer requests are included in the cache key and automatically included in requests that CloudFront sends to the origin. Valid values for `cookieBehavior` are `none`, `whitelist`, `allExcept`, and `all`. */ cookieBehavior: pulumi.Input; /** * Object that contains a list of cookie names. See Items for more information. */ cookies?: pulumi.Input; } export interface CachePolicyParametersInCacheKeyAndForwardedToOriginCookiesConfigCookies { /** * List of item names, such as cookies, headers, or query strings. */ items?: pulumi.Input[]>; } export interface CachePolicyParametersInCacheKeyAndForwardedToOriginHeadersConfig { /** * Whether any HTTP headers are included in the cache key and automatically included in requests that CloudFront sends to the origin. Valid values for `headerBehavior` are `none` and `whitelist`. */ headerBehavior?: pulumi.Input; /** * Object contains a list of header names. See Items for more information. */ headers?: pulumi.Input; } export interface CachePolicyParametersInCacheKeyAndForwardedToOriginHeadersConfigHeaders { /** * List of item names, such as cookies, headers, or query strings. */ items?: pulumi.Input[]>; } export interface CachePolicyParametersInCacheKeyAndForwardedToOriginQueryStringsConfig { /** * Whether URL query strings in viewer requests are included in the cache key and automatically included in requests that CloudFront sends to the origin. Valid values for `queryStringBehavior` are `none`, `whitelist`, `allExcept`, and `all`. */ queryStringBehavior: pulumi.Input; /** * Configuration parameter that contains a list of query string names. See Items for more information. */ queryStrings?: pulumi.Input; } export interface CachePolicyParametersInCacheKeyAndForwardedToOriginQueryStringsConfigQueryStrings { /** * List of item names, such as cookies, headers, or query strings. */ items?: pulumi.Input[]>; } export interface ConnectionFunctionConnectionFunctionConfig { /** * Comment to describe the function. */ comment: pulumi.Input; /** * Key value store associations. See `keyValueStoreAssociation` below. */ keyValueStoreAssociation?: pulumi.Input; /** * Runtime environment for the function. Valid values are `cloudfront-js-1.0` and `cloudfront-js-2.0`. */ runtime: pulumi.Input; } export interface ConnectionFunctionConnectionFunctionConfigKeyValueStoreAssociation { /** * ARN of the key value store. */ keyValueStoreArn: pulumi.Input; } export interface ConnectionGroupTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Default is 90 minutes. */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Default is 90 minutes. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Default is 90 minutes. */ update?: pulumi.Input; } export interface ContinuousDeploymentPolicyStagingDistributionDnsNames { /** * A list of CloudFront domain names for the staging distribution. */ items?: pulumi.Input[]>; /** * Number of CloudFront domain names in the staging distribution. */ quantity: pulumi.Input; } export interface ContinuousDeploymentPolicyTrafficConfig { /** * Determines which HTTP requests are sent to the staging distribution. See `singleHeaderConfig`. */ singleHeaderConfig?: pulumi.Input; /** * Contains the percentage of traffic to send to the staging distribution. See `singleWeightConfig`. */ singleWeightConfig?: pulumi.Input; /** * Type of traffic configuration. Valid values are `SingleWeight` and `SingleHeader`. */ type: pulumi.Input; } export interface ContinuousDeploymentPolicyTrafficConfigSingleHeaderConfig { /** * Request header name to send to the staging distribution. The header must contain the prefix `aws-cf-cd-`. */ header: pulumi.Input; /** * Request header value. */ value: pulumi.Input; } export interface ContinuousDeploymentPolicyTrafficConfigSingleWeightConfig { /** * Session stickiness provides the ability to define multiple requests from a single viewer as a single session. This prevents the potentially inconsistent experience of sending some of a given user's requests to the staging distribution, while others are sent to the primary distribution. Define the session duration using TTL values. See `sessionStickinessConfig`. */ sessionStickinessConfig?: pulumi.Input; /** * The percentage of traffic to send to a staging distribution, expressed as a decimal number between `0` and `.15`. */ weight: pulumi.Input; } export interface ContinuousDeploymentPolicyTrafficConfigSingleWeightConfigSessionStickinessConfig { /** * The amount of time in seconds after which sessions will cease if no requests are received. Valid values are `300` - `3600` (5–60 minutes). The value must be less than or equal to `maximumTtl`. */ idleTtl: pulumi.Input; /** * The maximum amount of time in seconds to consider requests from the viewer as being part of the same session. Valid values are `300` - `3600` (5–60 minutes). The value must be greater than or equal to `idleTtl`. */ maximumTtl: pulumi.Input; } export interface DistributionConnectionFunctionAssociation { /** * Identifier for the distribution. For example: `EDFDVBD632BHDS5`. */ id: pulumi.Input; } export interface DistributionCustomErrorResponse { /** * Minimum amount of time you want HTTP error codes to stay in CloudFront caches before CloudFront queries your origin to see whether the object has been updated. */ errorCachingMinTtl?: pulumi.Input; /** * 4xx or 5xx HTTP status code that you want to customize. */ errorCode: pulumi.Input; /** * HTTP status code that you want CloudFront to return with the custom error page to the viewer. */ responseCode?: pulumi.Input; /** * Path of the custom error page (for example, `/custom_404.html`). */ responsePagePath?: pulumi.Input; } export interface DistributionDefaultCacheBehavior { /** * Controls which HTTP methods CloudFront processes and forwards to your Amazon S3 bucket or your custom origin. */ allowedMethods: pulumi.Input[]>; /** * Unique identifier of the cache policy that is attached to the cache behavior. If configuring the `defaultCacheBehavior` either `cachePolicyId` or `forwardedValues` must be set. */ cachePolicyId?: pulumi.Input; /** * Controls whether CloudFront caches the response to requests using the specified HTTP methods. */ cachedMethods: pulumi.Input[]>; /** * Whether you want CloudFront to automatically compress content for web requests that include `Accept-Encoding: gzip` in the request header (default: `false`). */ compress?: pulumi.Input; /** * Default amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request in the absence of an `Cache-Control max-age` or `Expires` header. The TTL defined in Cache Policy overrides this configuration. */ defaultTtl?: pulumi.Input; /** * Field level encryption configuration ID. */ fieldLevelEncryptionId?: pulumi.Input; /** * The forwarded values configuration that specifies how CloudFront handles query strings, cookies and headers (maximum one). */ forwardedValues?: pulumi.Input; /** * A config block that triggers a cloudfront function with specific actions (maximum 2). */ functionAssociations?: pulumi.Input[]>; /** * A config block that sets the grpc config. */ grpcConfig?: pulumi.Input; /** * A config block that triggers a lambda function with specific actions (maximum 4). */ lambdaFunctionAssociations?: pulumi.Input[]>; /** * Maximum amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request to your origin to determine whether the object has been updated. Only effective in the presence of `Cache-Control max-age`, `Cache-Control s-maxage`, and `Expires` headers. The TTL defined in Cache Policy overrides this configuration. */ maxTtl?: pulumi.Input; /** * Minimum amount of time that you want objects to stay in CloudFront caches before CloudFront queries your origin to see whether the object has been updated. Defaults to 0 seconds. The TTL defined in Cache Policy overrides this configuration. */ minTtl?: pulumi.Input; /** * Unique identifier of the origin request policy that is attached to the behavior. */ originRequestPolicyId?: pulumi.Input; /** * ARN of the real-time log configuration that is attached to this cache behavior. */ realtimeLogConfigArn?: pulumi.Input; /** * Identifier for a response headers policy. */ responseHeadersPolicyId?: pulumi.Input; /** * Indicates whether you want to distribute media files in Microsoft Smooth Streaming format using the origin that is associated with this cache behavior. */ smoothStreaming?: pulumi.Input; /** * Value of ID for the origin that you want CloudFront to route requests to when a request matches the path pattern either for a cache behavior or for the default cache behavior. */ targetOriginId: pulumi.Input; /** * List of nested attributes for active trusted key groups, if the distribution is set up to serve private content with signed URLs. */ trustedKeyGroups?: pulumi.Input[]>; /** * List of nested attributes for active trusted signers, if the distribution is set up to serve private content with signed URLs. */ trustedSigners?: pulumi.Input[]>; /** * Use this element to specify the protocol that users can use to access the files in the origin specified by TargetOriginId when a request matches the path pattern in PathPattern. One of `allow-all`, `https-only`, or `redirect-to-https`. */ viewerProtocolPolicy: pulumi.Input; } export interface DistributionDefaultCacheBehaviorForwardedValues { /** * The forwarded values cookies that specifies how CloudFront handles cookies (maximum one). */ cookies: pulumi.Input; /** * Headers, if any, that you want CloudFront to vary upon for this cache behavior. Specify `*` to include all headers. */ headers?: pulumi.Input[]>; /** * Indicates whether you want CloudFront to forward query strings to the origin that is associated with this cache behavior. */ queryString: pulumi.Input; /** * When specified, along with a value of `true` for `queryString`, all query strings are forwarded, however only the query string keys listed in this argument are cached. When omitted with a value of `true` for `queryString`, all query string keys are cached. */ queryStringCacheKeys?: pulumi.Input[]>; } export interface DistributionDefaultCacheBehaviorForwardedValuesCookies { /** * Whether you want CloudFront to forward cookies to the origin that is associated with this cache behavior. You can specify `all`, `none` or `whitelist`. If `whitelist`, you must include the subsequent `whitelistedNames`. */ forward: pulumi.Input; /** * If you have specified `whitelist` to `forward`, the whitelisted cookies that you want CloudFront to forward to your origin. */ whitelistedNames?: pulumi.Input[]>; } export interface DistributionDefaultCacheBehaviorFunctionAssociation { /** * Specific event to trigger this function. Valid values: `viewer-request` or `viewer-response`. */ eventType: pulumi.Input; /** * ARN of the CloudFront function. */ functionArn: pulumi.Input; } export interface DistributionDefaultCacheBehaviorGrpcConfig { /** * Whether the distribution is enabled to accept end user requests for content. */ enabled?: pulumi.Input; } export interface DistributionDefaultCacheBehaviorLambdaFunctionAssociation { /** * Specific event to trigger this function. Valid values: `viewer-request`, `origin-request`, `viewer-response`, `origin-response`. */ eventType: pulumi.Input; /** * When set to true it exposes the request body to the lambda function. Defaults to false. Valid values: `true`, `false`. */ includeBody?: pulumi.Input; /** * ARN of the Lambda function. */ lambdaArn: pulumi.Input; } export interface DistributionLoggingConfig { /** * Amazon S3 bucket for V1 logging where access logs are stored, for example, `myawslogbucket.s3.amazonaws.com`. V1 logging is enabled when this argument is specified. The bucket must have correct ACL attached with "FULL_CONTROL" permission for "awslogsdelivery" account (Canonical ID: "c4c1ede66af53448b93c283ce9448c4ba468c9432aa01d700d3878632f77d2d0") for log transfer to work. */ bucket?: pulumi.Input; /** * Whether to include cookies in access logs (default: `false`). This argument applies to both V1 and V2 logging. */ includeCookies?: pulumi.Input; /** * Prefix added to the access log file names for V1 logging, for example, `myprefix/`. This argument is effective only when V1 logging is enabled. */ prefix?: pulumi.Input; } export interface DistributionOrderedCacheBehavior { /** * Controls which HTTP methods CloudFront processes and forwards to your Amazon S3 bucket or your custom origin. */ allowedMethods: pulumi.Input[]>; /** * Unique identifier of the cache policy that is attached to the cache behavior. If configuring the `defaultCacheBehavior` either `cachePolicyId` or `forwardedValues` must be set. */ cachePolicyId?: pulumi.Input; /** * Controls whether CloudFront caches the response to requests using the specified HTTP methods. */ cachedMethods: pulumi.Input[]>; /** * Whether you want CloudFront to automatically compress content for web requests that include `Accept-Encoding: gzip` in the request header (default: `false`). */ compress?: pulumi.Input; /** * Default amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request in the absence of an `Cache-Control max-age` or `Expires` header. The TTL defined in Cache Policy overrides this configuration. */ defaultTtl?: pulumi.Input; /** * Field level encryption configuration ID. */ fieldLevelEncryptionId?: pulumi.Input; /** * The forwarded values configuration that specifies how CloudFront handles query strings, cookies and headers (maximum one). */ forwardedValues?: pulumi.Input; /** * A config block that triggers a cloudfront function with specific actions (maximum 2). */ functionAssociations?: pulumi.Input[]>; /** * A config block that sets the grpc config. */ grpcConfig?: pulumi.Input; /** * A config block that triggers a lambda function with specific actions (maximum 4). */ lambdaFunctionAssociations?: pulumi.Input[]>; /** * Maximum amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request to your origin to determine whether the object has been updated. Only effective in the presence of `Cache-Control max-age`, `Cache-Control s-maxage`, and `Expires` headers. The TTL defined in Cache Policy overrides this configuration. */ maxTtl?: pulumi.Input; /** * Minimum amount of time that you want objects to stay in CloudFront caches before CloudFront queries your origin to see whether the object has been updated. Defaults to 0 seconds. The TTL defined in Cache Policy overrides this configuration. */ minTtl?: pulumi.Input; /** * Unique identifier of the origin request policy that is attached to the behavior. */ originRequestPolicyId?: pulumi.Input; /** * Pattern (for example, `images/*.jpg`) that specifies which requests you want this cache behavior to apply to. */ pathPattern: pulumi.Input; /** * ARN of the real-time log configuration that is attached to this cache behavior. */ realtimeLogConfigArn?: pulumi.Input; /** * Identifier for a response headers policy. */ responseHeadersPolicyId?: pulumi.Input; /** * Indicates whether you want to distribute media files in Microsoft Smooth Streaming format using the origin that is associated with this cache behavior. */ smoothStreaming?: pulumi.Input; /** * Value of ID for the origin that you want CloudFront to route requests to when a request matches the path pattern either for a cache behavior or for the default cache behavior. */ targetOriginId: pulumi.Input; /** * List of nested attributes for active trusted key groups, if the distribution is set up to serve private content with signed URLs. */ trustedKeyGroups?: pulumi.Input[]>; /** * List of nested attributes for active trusted signers, if the distribution is set up to serve private content with signed URLs. */ trustedSigners?: pulumi.Input[]>; /** * Use this element to specify the protocol that users can use to access the files in the origin specified by TargetOriginId when a request matches the path pattern in PathPattern. One of `allow-all`, `https-only`, or `redirect-to-https`. */ viewerProtocolPolicy: pulumi.Input; } export interface DistributionOrderedCacheBehaviorForwardedValues { /** * The forwarded values cookies that specifies how CloudFront handles cookies (maximum one). */ cookies: pulumi.Input; /** * Headers, if any, that you want CloudFront to vary upon for this cache behavior. Specify `*` to include all headers. */ headers?: pulumi.Input[]>; /** * Indicates whether you want CloudFront to forward query strings to the origin that is associated with this cache behavior. */ queryString: pulumi.Input; /** * When specified, along with a value of `true` for `queryString`, all query strings are forwarded, however only the query string keys listed in this argument are cached. When omitted with a value of `true` for `queryString`, all query string keys are cached. */ queryStringCacheKeys?: pulumi.Input[]>; } export interface DistributionOrderedCacheBehaviorForwardedValuesCookies { /** * Whether you want CloudFront to forward cookies to the origin that is associated with this cache behavior. You can specify `all`, `none` or `whitelist`. If `whitelist`, you must include the subsequent `whitelistedNames`. */ forward: pulumi.Input; /** * If you have specified `whitelist` to `forward`, the whitelisted cookies that you want CloudFront to forward to your origin. */ whitelistedNames?: pulumi.Input[]>; } export interface DistributionOrderedCacheBehaviorFunctionAssociation { /** * Specific event to trigger this function. Valid values: `viewer-request` or `viewer-response`. */ eventType: pulumi.Input; /** * ARN of the CloudFront function. */ functionArn: pulumi.Input; } export interface DistributionOrderedCacheBehaviorGrpcConfig { /** * Whether the distribution is enabled to accept end user requests for content. */ enabled?: pulumi.Input; } export interface DistributionOrderedCacheBehaviorLambdaFunctionAssociation { /** * Specific event to trigger this function. Valid values: `viewer-request`, `origin-request`, `viewer-response`, `origin-response`. */ eventType: pulumi.Input; /** * When set to true it exposes the request body to the lambda function. Defaults to false. Valid values: `true`, `false`. */ includeBody?: pulumi.Input; /** * ARN of the Lambda function. */ lambdaArn: pulumi.Input; } export interface DistributionOrigin { /** * Number of times that CloudFront attempts to connect to the origin. Must be between 1-3. Defaults to 3. */ connectionAttempts?: pulumi.Input; /** * Number of seconds that CloudFront waits when trying to establish a connection to the origin. Must be between 1-10. Defaults to 10. */ connectionTimeout?: pulumi.Input; /** * One or more sub-resources with `name` and `value` parameters that specify header data that will be sent to the origin (multiples allowed). */ customHeaders?: pulumi.Input[]>; /** * The CloudFront custom origin configuration information. If an S3 origin is required, use `originAccessControlId` or `s3OriginConfig` instead. */ customOriginConfig?: pulumi.Input; /** * Domain name corresponding to the distribution. For example: `d604721fxaaqy9.cloudfront.net`. */ domainName: pulumi.Input; /** * Unique identifier of a [CloudFront origin access control][8] for this origin. */ originAccessControlId?: pulumi.Input; originId: pulumi.Input; /** * Optional element that causes CloudFront to request your content from a directory in your Amazon S3 bucket or your custom origin. */ originPath?: pulumi.Input; /** * CloudFront Origin Shield configuration information. Using Origin Shield can help reduce the load on your origin. For more information, see [Using Origin Shield](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/origin-shield.html) in the Amazon CloudFront Developer Guide. */ originShield?: pulumi.Input; /** * Time (in seconds) that a request from CloudFront to the origin can stay open and wait for a response. Must be integer greater than or equal to the value of `originReadTimeout`. If omitted or explicitly set to `0`, no maximum value is enforced. */ responseCompletionTimeout?: pulumi.Input; /** * CloudFront S3 origin configuration information. If a custom origin is required, use `customOriginConfig` instead. */ s3OriginConfig?: pulumi.Input; /** * The VPC origin configuration. */ vpcOriginConfig?: pulumi.Input; } export interface DistributionOriginCustomHeader { name: pulumi.Input; value: pulumi.Input; } export interface DistributionOriginCustomOriginConfig { /** * HTTP port the custom origin listens on. */ httpPort: pulumi.Input; /** * HTTPS port the custom origin listens on. */ httpsPort: pulumi.Input; /** * IP protocol CloudFront uses when connecting to your origin. Valid values: `ipv4`, `ipv6`, `dualstack`. */ ipAddressType?: pulumi.Input; originKeepaliveTimeout?: pulumi.Input; /** * Origin protocol policy to apply to your origin. One of `http-only`, `https-only`, or `match-viewer`. */ originProtocolPolicy: pulumi.Input; originReadTimeout?: pulumi.Input; /** * List of SSL/TLS protocols that CloudFront can use when connecting to your origin over HTTPS. Valid values: `SSLv3`, `TLSv1`, `TLSv1.1`, `TLSv1.2`. For more information, see [Minimum Origin SSL Protocol](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesOriginSSLProtocols) in the Amazon CloudFront Developer Guide. */ originSslProtocols: pulumi.Input[]>; } export interface DistributionOriginGroup { /** * The failover criteria for when to failover to the secondary origin. */ failoverCriteria: pulumi.Input; /** * Ordered member configuration blocks assigned to the origin group, where the first member is the primary origin. You must specify two members. */ members: pulumi.Input[]>; originId: pulumi.Input; } export interface DistributionOriginGroupFailoverCriteria { /** * List of HTTP status codes for the origin group. */ statusCodes: pulumi.Input[]>; } export interface DistributionOriginGroupMember { originId: pulumi.Input; } export interface DistributionOriginOriginShield { /** * Whether the distribution is enabled to accept end user requests for content. */ enabled: pulumi.Input; /** * AWS Region for Origin Shield. To specify a region, use the region code, not the region name. For example, specify the US East (Ohio) region as `us-east-2`. */ originShieldRegion?: pulumi.Input; } export interface DistributionOriginS3OriginConfig { /** * The CloudFront origin access identity to associate with the origin. */ originAccessIdentity: pulumi.Input; } export interface DistributionOriginVpcOriginConfig { originKeepaliveTimeout?: pulumi.Input; originReadTimeout?: pulumi.Input; /** * The AWS account ID that owns the VPC origin. Required when referencing a VPC origin from a different AWS account for cross-account VPC origin access. */ ownerAccountId?: pulumi.Input; /** * The VPC origin ID. */ vpcOriginId: pulumi.Input; } export interface DistributionRestrictions { geoRestriction: pulumi.Input; } export interface DistributionRestrictionsGeoRestriction { /** * [ISO 3166-1-alpha-2 codes][4] for which you want CloudFront either to distribute your content (`whitelist`) or not distribute your content (`blacklist`). If the type is specified as `none` an empty array can be used. */ locations?: pulumi.Input[]>; /** * Method that you want to use to restrict distribution of your content by country: `none`, `whitelist`, or `blacklist`. */ restrictionType: pulumi.Input; } export interface DistributionTenantCustomizations { /** * Certificate configuration for the tenant (maximum one). */ certificate?: pulumi.Input; /** * Geographic restrictions configuration for the tenant (maximum one). */ geoRestriction?: pulumi.Input; /** * Web ACL configuration for the tenant (maximum one). */ webAcl?: pulumi.Input; } export interface DistributionTenantCustomizationsCertificate { /** * ARN of the distribution tenant. */ arn?: pulumi.Input; } export interface DistributionTenantCustomizationsGeoRestriction { /** * Set of ISO 3166-1-alpha-2 country codes for the restriction. Required if `restrictionType` is `whitelist` or `blacklist`. */ locations?: pulumi.Input[]>; /** * Method to restrict distribution by country: `none`, `whitelist`, or `blacklist`. */ restrictionType?: pulumi.Input; } export interface DistributionTenantCustomizationsWebAcl { /** * Action to take for the web ACL. Valid values: `allow`, `block`. */ action?: pulumi.Input; /** * ARN of the distribution tenant. */ arn?: pulumi.Input; } export interface DistributionTenantDomain { /** * Set of domains associated with the distribution tenant. */ domain: pulumi.Input; /** * Current status of the distribution tenant. */ status?: pulumi.Input; } export interface DistributionTenantManagedCertificateRequest { /** * Certificate transparency logging preference. Valid values: `enabled`, `disabled`. */ certificateTransparencyLoggingPreference?: pulumi.Input; /** * Primary domain name for the certificate. */ primaryDomainName?: pulumi.Input; /** * Host for validation token. Valid values: `cloudfront`, `domain`. */ validationTokenHost?: pulumi.Input; } export interface DistributionTenantParameter { /** * Name of the distribution tenant. */ name: pulumi.Input; /** * Value of the parameter. */ value: pulumi.Input; } export interface DistributionTenantTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface DistributionTrustedKeyGroup { /** * Whether the distribution is enabled to accept end user requests for content. */ enabled?: pulumi.Input; /** * List of nested attributes for each trusted signer */ items?: pulumi.Input[]>; } export interface DistributionTrustedKeyGroupItem { /** * ID of the key group that contains the public keys. */ keyGroupId?: pulumi.Input; /** * Set of active CloudFront key pairs associated with the signer account */ keyPairIds?: pulumi.Input[]>; } export interface DistributionTrustedSigner { /** * Whether the distribution is enabled to accept end user requests for content. */ enabled?: pulumi.Input; /** * List of nested attributes for each trusted signer */ items?: pulumi.Input[]>; } export interface DistributionTrustedSignerItem { /** * AWS account ID or `self` */ awsAccountNumber?: pulumi.Input; /** * Set of active CloudFront key pairs associated with the signer account */ keyPairIds?: pulumi.Input[]>; } export interface DistributionViewerCertificate { /** * ARN of the [AWS Certificate Manager](https://aws.amazon.com/certificate-manager/) certificate that you wish to use with this distribution. Specify this, `cloudfrontDefaultCertificate`, or `iamCertificateId`. The ACM certificate must be in US-EAST-1. */ acmCertificateArn?: pulumi.Input; /** * `true` if you want viewers to use HTTPS to request your objects and you're using the CloudFront domain name for your distribution. Specify this, `acmCertificateArn`, or `iamCertificateId`. */ cloudfrontDefaultCertificate?: pulumi.Input; /** * IAM certificate identifier of the custom viewer certificate for this distribution if you are using a custom domain. Specify this, `acmCertificateArn`, or `cloudfrontDefaultCertificate`. */ iamCertificateId?: pulumi.Input; /** * Minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections. Can only be set if `cloudfrontDefaultCertificate = false`. See all possible values in [this](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/secure-connections-supported-viewer-protocols-ciphers.html) table under "Security policy." Some examples include: `TLSv1.2_2019` and `TLSv1.2_2021`. Default: `TLSv1`. **NOTE**: If you are using a custom certificate (specified with `acmCertificateArn` or `iamCertificateId`), and have specified `sni-only` in `sslSupportMethod`, `TLSv1` or later must be specified. If you have specified `vip` in `sslSupportMethod`, only `SSLv3` or `TLSv1` can be specified. If you have specified `cloudfrontDefaultCertificate`, `TLSv1` must be specified. */ minimumProtocolVersion?: pulumi.Input; /** * How you want CloudFront to serve HTTPS requests. One of `vip`, `sni-only`, or `static-ip`. Required if you specify `acmCertificateArn` or `iamCertificateId`. **NOTE:** `vip` causes CloudFront to use a dedicated IP address and may incur extra charges. */ sslSupportMethod?: pulumi.Input; } export interface DistributionViewerMtlsConfig { /** * The mode for viewer mTLS. Valid values: `required`, `optional`. */ mode?: pulumi.Input; /** * The trust store configuration for viewer mTLS (maximum one). */ trustStoreConfig?: pulumi.Input; } export interface DistributionViewerMtlsConfigTrustStoreConfig { /** * Whether to advertise the trust store CA names to clients. Defaults to `false`. */ advertiseTrustStoreCaNames?: pulumi.Input; /** * Whether to ignore certificate expiry for viewer mTLS. Defaults to `false`. */ ignoreCertificateExpiry?: pulumi.Input; /** * Identifier of the trust store to use for viewer mTLS. */ trustStoreId: pulumi.Input; } export interface FieldLevelEncryptionConfigContentTypeProfileConfig { /** * Object that contains an attribute `items` that contains the list of configurations for a field-level encryption content type-profile. See Content Type Profile. */ contentTypeProfiles: pulumi.Input; /** * specifies what to do when an unknown content type is provided for the profile. If true, content is forwarded without being encrypted when the content type is unknown. If false (the default), an error is returned when the content type is unknown. */ forwardWhenContentTypeIsUnknown: pulumi.Input; } export interface FieldLevelEncryptionConfigContentTypeProfileConfigContentTypeProfiles { items: pulumi.Input[]>; } export interface FieldLevelEncryptionConfigContentTypeProfileConfigContentTypeProfilesItem { /** * he content type for a field-level encryption content type-profile mapping. Valid value is `application/x-www-form-urlencoded`. */ contentType: pulumi.Input; /** * The format for a field-level encryption content type-profile mapping. Valid value is `URLEncoded`. */ format: pulumi.Input; profileId?: pulumi.Input; } export interface FieldLevelEncryptionConfigQueryArgProfileConfig { /** * Flag to set if you want a request to be forwarded to the origin even if the profile specified by the field-level encryption query argument, fle-profile, is unknown. */ forwardWhenQueryArgProfileIsUnknown: pulumi.Input; /** * Object that contains an attribute `items` that contains the list ofrofiles specified for query argument-profile mapping for field-level encryption. see Query Arg Profile. */ queryArgProfiles?: pulumi.Input; } export interface FieldLevelEncryptionConfigQueryArgProfileConfigQueryArgProfiles { items?: pulumi.Input[]>; } export interface FieldLevelEncryptionConfigQueryArgProfileConfigQueryArgProfilesItem { profileId: pulumi.Input; /** * Query argument for field-level encryption query argument-profile mapping. */ queryArg: pulumi.Input; } export interface FieldLevelEncryptionProfileEncryptionEntities { items?: pulumi.Input[]>; } export interface FieldLevelEncryptionProfileEncryptionEntitiesItem { /** * Object that contains an attribute `items` that contains the list of field patterns in a field-level encryption content type profile specify the fields that you want to be encrypted. */ fieldPatterns: pulumi.Input; /** * The provider associated with the public key being used for encryption. */ providerId: pulumi.Input; /** * The public key associated with a set of field-level encryption patterns, to be used when encrypting the fields that match the patterns. */ publicKeyId: pulumi.Input; } export interface FieldLevelEncryptionProfileEncryptionEntitiesItemFieldPatterns { items?: pulumi.Input[]>; } export interface KeyValueStoreTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; } export interface KeyvaluestoreKeysExclusiveResourceKeyValuePair { /** * Key to put. */ key: pulumi.Input; /** * Value to put. */ value: pulumi.Input; } export interface MonitoringSubscriptionMonitoringSubscription { /** * A subscription configuration for additional CloudWatch metrics. See below. */ realtimeMetricsSubscriptionConfig: pulumi.Input; } export interface MonitoringSubscriptionMonitoringSubscriptionRealtimeMetricsSubscriptionConfig { /** * A flag that indicates whether additional CloudWatch metrics are enabled for a given CloudFront distribution. Valid values are `Enabled` and `Disabled`. See below. */ realtimeMetricsSubscriptionStatus: pulumi.Input; } export interface MultitenantDistributionActiveTrustedKeyGroup { /** * Whether any of the key groups have public keys that CloudFront can use to verify the signatures of signed URLs and signed cookies. */ enabled?: pulumi.Input; /** * List of key groups. See Key Group Items below. */ items?: pulumi.Input[]>; } export interface MultitenantDistributionActiveTrustedKeyGroupItem { /** * ID of the key group that contains the public keys. */ keyGroupId?: pulumi.Input; /** * Set of active CloudFront key pairs associated with the signer that can be used to verify the signatures of signed URLs and signed cookies. */ keyPairIds?: pulumi.Input[]>; } export interface MultitenantDistributionCacheBehavior { /** * Controls which HTTP methods CloudFront processes and forwards to your Amazon S3 bucket or your custom origin. */ allowedMethods: pulumi.Input; /** * Unique identifier of the cache policy that is attached to the cache behavior. */ cachePolicyId?: pulumi.Input; /** * Whether you want CloudFront to automatically compress content for web requests that include `Accept-Encoding: gzip` in the request header. Default: `false`. */ compress?: pulumi.Input; /** * Field level encryption configuration ID. */ fieldLevelEncryptionId?: pulumi.Input; /** * Configuration block for CloudFront Functions associations. See Function Association below. */ functionAssociations?: pulumi.Input[]>; /** * Configuration block for Lambda@Edge associations. See Lambda Function Association below. */ lambdaFunctionAssociations?: pulumi.Input[]>; /** * Unique identifier of the origin request policy that is attached to the behavior. */ originRequestPolicyId?: pulumi.Input; /** * Pattern that specifies which requests you want this cache behavior to apply to. */ pathPattern: pulumi.Input; /** * ARN of the real-time log configuration that is attached to this cache behavior. */ realtimeLogConfigArn?: pulumi.Input; /** * Identifier for a response headers policy. */ responseHeadersPolicyId?: pulumi.Input; /** * Value of ID for the origin that you want CloudFront to route requests to when a request matches the path pattern either for a cache behavior or for the default cache behavior. */ targetOriginId: pulumi.Input; /** * List of key group IDs that CloudFront can use to validate signed URLs or signed cookies. */ trustedKeyGroups?: pulumi.Input; /** * Use this element to specify the protocol that users can use to access the files in the origin specified by TargetOriginId when a request matches the path pattern in PathPattern. One of `allow-all`, `https-only`, or `redirect-to-https`. */ viewerProtocolPolicy: pulumi.Input; } export interface MultitenantDistributionCacheBehaviorAllowedMethods { /** * Controls whether CloudFront caches the response to requests using the specified HTTP methods. */ cachedMethods: pulumi.Input[]>; items: pulumi.Input[]>; } export interface MultitenantDistributionCacheBehaviorFunctionAssociation { /** * Specific event to trigger this function. Valid values: `viewer-request`, `origin-request`, `viewer-response`, `origin-response`. */ eventType: pulumi.Input; /** * ARN of the CloudFront function. */ functionArn: pulumi.Input; } export interface MultitenantDistributionCacheBehaviorLambdaFunctionAssociation { /** * Specific event to trigger this function. Valid values: `viewer-request`, `origin-request`, `viewer-response`, `origin-response`. */ eventType: pulumi.Input; /** * When set to true, the request body is exposed to the Lambda function. Default: `false`. */ includeBody?: pulumi.Input; /** * ARN of the Lambda function. */ lambdaFunctionArn: pulumi.Input; } export interface MultitenantDistributionCacheBehaviorTrustedKeyGroups { /** * Whether the distribution is enabled to accept end user requests for content. */ enabled?: pulumi.Input; items?: pulumi.Input[]>; } export interface MultitenantDistributionCustomErrorResponse { /** * Minimum amount of time that you want CloudFront to cache the HTTP status code specified in ErrorCode. */ errorCachingMinTtl?: pulumi.Input; /** * HTTP status code for which you want to specify a custom error page and/or a caching duration. */ errorCode: pulumi.Input; /** * HTTP status code that you want CloudFront to return to the viewer along with the custom error page. */ responseCode?: pulumi.Input; /** * Path to the custom error page that you want CloudFront to return to a viewer when your origin returns the HTTP status code specified by ErrorCode. */ responsePagePath?: pulumi.Input; } export interface MultitenantDistributionDefaultCacheBehavior { /** * Controls which HTTP methods CloudFront processes and forwards to your Amazon S3 bucket or your custom origin. */ allowedMethods: pulumi.Input; /** * Unique identifier of the cache policy that is attached to the cache behavior. */ cachePolicyId?: pulumi.Input; /** * Whether you want CloudFront to automatically compress content for web requests that include `Accept-Encoding: gzip` in the request header. Default: `false`. */ compress?: pulumi.Input; /** * Field level encryption configuration ID. */ fieldLevelEncryptionId?: pulumi.Input; /** * Configuration block for CloudFront Functions associations. See Function Association below. */ functionAssociations?: pulumi.Input[]>; /** * Configuration block for Lambda@Edge associations. See Lambda Function Association below. */ lambdaFunctionAssociations?: pulumi.Input[]>; /** * Unique identifier of the origin request policy that is attached to the behavior. */ originRequestPolicyId?: pulumi.Input; /** * ARN of the real-time log configuration that is attached to this cache behavior. */ realtimeLogConfigArn?: pulumi.Input; /** * Identifier for a response headers policy. */ responseHeadersPolicyId?: pulumi.Input; /** * Value of ID for the origin that you want CloudFront to route requests to when a request matches the path pattern either for a cache behavior or for the default cache behavior. */ targetOriginId: pulumi.Input; /** * List of key group IDs that CloudFront can use to validate signed URLs or signed cookies. */ trustedKeyGroups?: pulumi.Input; /** * Use this element to specify the protocol that users can use to access the files in the origin specified by TargetOriginId when a request matches the path pattern in PathPattern. One of `allow-all`, `https-only`, or `redirect-to-https`. */ viewerProtocolPolicy: pulumi.Input; } export interface MultitenantDistributionDefaultCacheBehaviorAllowedMethods { /** * Controls whether CloudFront caches the response to requests using the specified HTTP methods. */ cachedMethods: pulumi.Input[]>; items: pulumi.Input[]>; } export interface MultitenantDistributionDefaultCacheBehaviorFunctionAssociation { /** * Specific event to trigger this function. Valid values: `viewer-request`, `origin-request`, `viewer-response`, `origin-response`. */ eventType: pulumi.Input; /** * ARN of the CloudFront function. */ functionArn: pulumi.Input; } export interface MultitenantDistributionDefaultCacheBehaviorLambdaFunctionAssociation { /** * Specific event to trigger this function. Valid values: `viewer-request`, `origin-request`, `viewer-response`, `origin-response`. */ eventType: pulumi.Input; /** * When set to true, the request body is exposed to the Lambda function. Default: `false`. */ includeBody?: pulumi.Input; /** * ARN of the Lambda function. */ lambdaFunctionArn: pulumi.Input; } export interface MultitenantDistributionDefaultCacheBehaviorTrustedKeyGroups { /** * Whether the distribution is enabled to accept end user requests for content. */ enabled?: pulumi.Input; items?: pulumi.Input[]>; } export interface MultitenantDistributionOrigin { /** * Number of times that CloudFront attempts to connect to the origin. Must be between 1-3. Default: 3. */ connectionAttempts?: pulumi.Input; /** * Number of seconds that CloudFront waits when trying to establish a connection to the origin. Must be between 1-10. Default: 10. */ connectionTimeout?: pulumi.Input; /** * One or more sub-resources with `name` and `value` parameters that specify header data that will be sent to the origin. See Custom Header below. */ customHeaders?: pulumi.Input[]>; /** * CloudFront origin access identity to associate with the origin. See Custom Origin Config below. */ customOriginConfigs?: pulumi.Input[]>; /** * DNS domain name of either the S3 bucket, or web site of your custom origin. */ domainName: pulumi.Input; /** * Identifier for the distribution. */ id: pulumi.Input; /** * CloudFront origin access control identifier to associate with the origin. */ originAccessControlId?: pulumi.Input; /** * Optional element that causes CloudFront to request your content from a directory in your Amazon S3 bucket or your custom origin. */ originPath?: pulumi.Input; /** * CloudFront Origin Shield configuration information. See Origin Shield below. */ originShields?: pulumi.Input[]>; /** * Number of seconds that CloudFront waits for a response after forwarding a request to the origin. Default: 30. */ responseCompletionTimeout?: pulumi.Input; /** * CloudFront VPC origin configuration. See VPC Origin Config below. */ vpcOriginConfigs?: pulumi.Input[]>; } export interface MultitenantDistributionOriginCustomHeader { /** * Name of the header. */ headerName: pulumi.Input; /** * Value for the header. */ headerValue: pulumi.Input; } export interface MultitenantDistributionOriginCustomOriginConfig { /** * HTTP port the custom origin listens on. */ httpPort: pulumi.Input; /** * HTTPS port the custom origin listens on. */ httpsPort: pulumi.Input; /** * Type of IP addresses used by your origins. Valid values are `ipv4` and `dualstack`. */ ipAddressType?: pulumi.Input; /** * Custom keep-alive timeout, in seconds. Default: 5. */ originKeepaliveTimeout?: pulumi.Input; /** * Origin protocol policy to apply to your origin. Valid values are `http-only`, `https-only`, and `match-viewer`. */ originProtocolPolicy: pulumi.Input; /** * Custom read timeout, in seconds. Default: 30. */ originReadTimeout?: pulumi.Input; /** * List of SSL/TLS protocols that you want CloudFront to use when communicating with your origin over HTTPS. */ originSslProtocols: pulumi.Input[]>; } export interface MultitenantDistributionOriginGroup { /** * Failover criteria for when to failover to the secondary origin. See Failover Criteria below. */ failoverCriteria: pulumi.Input; /** * Identifier for the distribution. */ id: pulumi.Input; /** * List of origins in this origin group. Must contain exactly 2 members. See Origin Group Member below. */ members: pulumi.Input[]>; } export interface MultitenantDistributionOriginGroupFailoverCriteria { /** * List of HTTP status codes that trigger a failover to the secondary origin. */ statusCodes: pulumi.Input[]>; } export interface MultitenantDistributionOriginGroupMember { originId: pulumi.Input; } export interface MultitenantDistributionOriginOriginShield { /** * Whether Origin Shield is enabled. */ enabled: pulumi.Input; /** * AWS Region for Origin Shield. Required when `enabled` is `true`. */ originShieldRegion?: pulumi.Input; } export interface MultitenantDistributionOriginVpcOriginConfig { /** * Custom keep-alive timeout, in seconds. By default, CloudFront uses a default timeout. Default: 5. */ originKeepaliveTimeout?: pulumi.Input; /** * Custom read timeout, in seconds. By default, CloudFront uses a default timeout. Default: 30. */ originReadTimeout?: pulumi.Input; /** * ID of the VPC origin that you want CloudFront to route requests to. */ vpcOriginId: pulumi.Input; } export interface MultitenantDistributionRestrictions { /** * Geographic restriction configuration. See Geo Restriction below. */ geoRestriction: pulumi.Input; } export interface MultitenantDistributionRestrictionsGeoRestriction { /** * List of ISO 3166-1-alpha-2 country codes for which you want CloudFront either to distribute your content (`whitelist`) or not distribute your content (`blacklist`). Required when `restrictionType` is `whitelist` or `blacklist`. */ items?: pulumi.Input[]>; /** * Method to restrict distribution of your content by country. Valid values are `none`, `whitelist`, and `blacklist`. */ restrictionType: pulumi.Input; } export interface MultitenantDistributionTenantConfig { /** * One or more parameter definitions for the tenant configuration. See Parameter Definition below. */ parameterDefinitions?: pulumi.Input[]>; } export interface MultitenantDistributionTenantConfigParameterDefinition { /** * Definition of the parameter schema. See Parameter Definition Schema below. */ definitions?: pulumi.Input[]>; /** * Name of the parameter. */ name: pulumi.Input; } export interface MultitenantDistributionTenantConfigParameterDefinitionDefinition { /** * String schema configuration. See String Schema below. */ stringSchemas?: pulumi.Input[]>; } export interface MultitenantDistributionTenantConfigParameterDefinitionDefinitionStringSchema { /** * Comment describing the parameter. */ comment?: pulumi.Input; /** * Default value for the parameter. */ defaultValue?: pulumi.Input; /** * Whether the parameter is required. */ required: pulumi.Input; } export interface MultitenantDistributionTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface MultitenantDistributionViewerCertificate { /** * ARN of the AWS Certificate Manager certificate that you wish to use with this distribution. Required when using a custom SSL certificate. */ acmCertificateArn?: pulumi.Input; /** * Whether to use the CloudFront default certificate. Cannot be used with `acmCertificateArn`. */ cloudfrontDefaultCertificate?: pulumi.Input; /** * Minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections. Default: `TLSv1`. */ minimumProtocolVersion?: pulumi.Input; /** * How you want CloudFront to serve HTTPS requests. Valid values are `sni-only` and `vip`. Required when `acmCertificateArn` is specified. */ sslSupportMethod?: pulumi.Input; } export interface OriginRequestPolicyCookiesConfig { cookieBehavior: pulumi.Input; cookies?: pulumi.Input; } export interface OriginRequestPolicyCookiesConfigCookies { items?: pulumi.Input[]>; } export interface OriginRequestPolicyHeadersConfig { headerBehavior?: pulumi.Input; headers?: pulumi.Input; } export interface OriginRequestPolicyHeadersConfigHeaders { items?: pulumi.Input[]>; } export interface OriginRequestPolicyQueryStringsConfig { queryStringBehavior: pulumi.Input; queryStrings?: pulumi.Input; } export interface OriginRequestPolicyQueryStringsConfigQueryStrings { items?: pulumi.Input[]>; } export interface RealtimeLogConfigEndpoint { /** * The Amazon Kinesis data stream configuration. */ kinesisStreamConfig: pulumi.Input; /** * The type of data stream where real-time log data is sent. The only valid value is `Kinesis`. */ streamType: pulumi.Input; } export interface RealtimeLogConfigEndpointKinesisStreamConfig { /** * The ARN of an IAM role that CloudFront can use to send real-time log data to the Kinesis data stream. * See the [AWS documentation](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/real-time-logs.html#understand-real-time-log-config-iam-role) for more information. */ roleArn: pulumi.Input; /** * The ARN of the Kinesis data stream. */ streamArn: pulumi.Input; } export interface ResponseHeadersPolicyCorsConfig { /** * A Boolean value that CloudFront uses as the value for the `Access-Control-Allow-Credentials` HTTP response header. */ accessControlAllowCredentials: pulumi.Input; /** * Object that contains an attribute `items` that contains a list of HTTP header names that CloudFront includes as values for the `Access-Control-Allow-Headers` HTTP response header. */ accessControlAllowHeaders: pulumi.Input; /** * Object that contains an attribute `items` that contains a list of HTTP methods that CloudFront includes as values for the `Access-Control-Allow-Methods` HTTP response header. Valid values: `GET` | `POST` | `OPTIONS` | `PUT` | `DELETE` | `HEAD` | `ALL` */ accessControlAllowMethods: pulumi.Input; /** * Object that contains an attribute `items` that contains a list of origins that CloudFront can use as the value for the `Access-Control-Allow-Origin` HTTP response header. */ accessControlAllowOrigins: pulumi.Input; /** * Object that contains an attribute `items` that contains a list of HTTP headers that CloudFront includes as values for the `Access-Control-Expose-Headers` HTTP response header. */ accessControlExposeHeaders?: pulumi.Input; /** * A number that CloudFront uses as the value for the `Access-Control-Max-Age` HTTP response header. */ accessControlMaxAgeSec?: pulumi.Input; /** * A Boolean value that determines how CloudFront behaves for the HTTP response header. */ originOverride: pulumi.Input; } export interface ResponseHeadersPolicyCorsConfigAccessControlAllowHeaders { items?: pulumi.Input[]>; } export interface ResponseHeadersPolicyCorsConfigAccessControlAllowMethods { items?: pulumi.Input[]>; } export interface ResponseHeadersPolicyCorsConfigAccessControlAllowOrigins { items?: pulumi.Input[]>; } export interface ResponseHeadersPolicyCorsConfigAccessControlExposeHeaders { items?: pulumi.Input[]>; } export interface ResponseHeadersPolicyCustomHeadersConfig { items?: pulumi.Input[]>; } export interface ResponseHeadersPolicyCustomHeadersConfigItem { header: pulumi.Input; override: pulumi.Input; /** * The value for the HTTP response header. */ value: pulumi.Input; } export interface ResponseHeadersPolicyRemoveHeadersConfig { items?: pulumi.Input[]>; } export interface ResponseHeadersPolicyRemoveHeadersConfigItem { header: pulumi.Input; } export interface ResponseHeadersPolicySecurityHeadersConfig { /** * The policy directives and their values that CloudFront includes as values for the `Content-Security-Policy` HTTP response header. See Content Security Policy for more information. */ contentSecurityPolicy?: pulumi.Input; /** * Determines whether CloudFront includes the `X-Content-Type-Options` HTTP response header with its value set to `nosniff`. See Content Type Options for more information. */ contentTypeOptions?: pulumi.Input; /** * Determines whether CloudFront includes the `X-Frame-Options` HTTP response header and the header’s value. See Frame Options for more information. */ frameOptions?: pulumi.Input; /** * Determines whether CloudFront includes the `Referrer-Policy` HTTP response header and the header’s value. See Referrer Policy for more information. */ referrerPolicy?: pulumi.Input; /** * Determines whether CloudFront includes the `Strict-Transport-Security` HTTP response header and the header’s value. See Strict Transport Security for more information. */ strictTransportSecurity?: pulumi.Input; /** * Determine whether CloudFront includes the `X-XSS-Protection` HTTP response header and the header’s value. See XSS Protection for more information. */ xssProtection?: pulumi.Input; } export interface ResponseHeadersPolicySecurityHeadersConfigContentSecurityPolicy { /** * The policy directives and their values that CloudFront includes as values for the `Content-Security-Policy` HTTP response header. */ contentSecurityPolicy: pulumi.Input; /** * Whether CloudFront overrides the `Content-Security-Policy` HTTP response header received from the origin with the one specified in this response headers policy. */ override: pulumi.Input; } export interface ResponseHeadersPolicySecurityHeadersConfigContentTypeOptions { /** * Whether CloudFront overrides the `X-Content-Type-Options` HTTP response header received from the origin with the one specified in this response headers policy. */ override: pulumi.Input; } export interface ResponseHeadersPolicySecurityHeadersConfigFrameOptions { /** * The value of the `X-Frame-Options` HTTP response header. Valid values: `DENY` | `SAMEORIGIN` */ frameOption: pulumi.Input; /** * Whether CloudFront overrides the `X-Frame-Options` HTTP response header received from the origin with the one specified in this response headers policy. */ override: pulumi.Input; } export interface ResponseHeadersPolicySecurityHeadersConfigReferrerPolicy { /** * Whether CloudFront overrides the `Referrer-Policy` HTTP response header received from the origin with the one specified in this response headers policy. */ override: pulumi.Input; /** * The value of the `Referrer-Policy` HTTP response header. Valid Values: `no-referrer` | `no-referrer-when-downgrade` | `origin` | `origin-when-cross-origin` | `same-origin` | `strict-origin` | `strict-origin-when-cross-origin` | `unsafe-url` */ referrerPolicy: pulumi.Input; } export interface ResponseHeadersPolicySecurityHeadersConfigStrictTransportSecurity { /** * A number that CloudFront uses as the value for the `max-age` directive in the `Strict-Transport-Security` HTTP response header. */ accessControlMaxAgeSec: pulumi.Input; /** * Whether CloudFront includes the `includeSubDomains` directive in the `Strict-Transport-Security` HTTP response header. */ includeSubdomains?: pulumi.Input; /** * Whether CloudFront overrides the `Strict-Transport-Security` HTTP response header received from the origin with the one specified in this response headers policy. */ override: pulumi.Input; /** * Whether CloudFront includes the `preload` directive in the `Strict-Transport-Security` HTTP response header. */ preload?: pulumi.Input; } export interface ResponseHeadersPolicySecurityHeadersConfigXssProtection { /** * Whether CloudFront includes the `mode=block` directive in the `X-XSS-Protection` header. */ modeBlock?: pulumi.Input; /** * Whether CloudFront overrides the `X-XSS-Protection` HTTP response header received from the origin with the one specified in this response headers policy. */ override: pulumi.Input; /** * A Boolean value that determines the value of the `X-XSS-Protection` HTTP response header. When this setting is `true`, the value of the `X-XSS-Protection` header is `1`. When this setting is `false`, the value of the `X-XSS-Protection` header is `0`. */ protection: pulumi.Input; /** * A reporting URI, which CloudFront uses as the value of the report directive in the `X-XSS-Protection` header. You cannot specify a `reportUri` when `modeBlock` is `true`. */ reportUri?: pulumi.Input; } export interface ResponseHeadersPolicyServerTimingHeadersConfig { /** * A Whether CloudFront adds the `Server-Timing` header to HTTP responses that it sends in response to requests that match a cache behavior that's associated with this response headers policy. */ enabled: pulumi.Input; /** * A number 0–100 (inclusive) that specifies the percentage of responses that you want CloudFront to add the Server-Timing header to. Valid range: Minimum value of 0.0. Maximum value of 100.0. */ samplingRate: pulumi.Input; } export interface TrustStoreCaCertificatesBundleSource { /** * Configuration block for the S3 location of the CA certificates bundle. See `caCertificatesBundleS3Location` below. */ caCertificatesBundleS3Location: pulumi.Input; } export interface TrustStoreCaCertificatesBundleSourceCaCertificatesBundleS3Location { /** * S3 bucket name containing the CA certificates bundle. */ bucket: pulumi.Input; /** * S3 object key for the CA certificates bundle. */ key: pulumi.Input; /** * AWS region of the S3 bucket. */ region: pulumi.Input; /** * S3 object version ID for the CA certificates bundle. */ version?: pulumi.Input; } export interface TrustStoreTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface VpcOriginTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface VpcOriginVpcOriginEndpointConfig { /** * The VPC origin ARN. */ arn: pulumi.Input; /** * The HTTP port for the CloudFront VPC origin endpoint configuration. */ httpPort: pulumi.Input; /** * The HTTPS port for the CloudFront VPC origin endpoint configuration. */ httpsPort: pulumi.Input; /** * The name of the CloudFront VPC origin endpoint configuration. */ name: pulumi.Input; /** * The origin protocol policy for the CloudFront VPC origin endpoint configuration. */ originProtocolPolicy: pulumi.Input; /** * A complex type that contains information about the SSL/TLS protocols that CloudFront can use when establishing an HTTPS connection with your origin. */ originSslProtocols: pulumi.Input; } export interface VpcOriginVpcOriginEndpointConfigOriginSslProtocols { items: pulumi.Input[]>; quantity: pulumi.Input; } } export namespace cloudhsmv2 { export interface ClusterClusterCertificate { /** * The HSM hardware certificate issued (signed) by AWS CloudHSM. */ awsHardwareCertificate?: pulumi.Input; /** * The cluster certificate issued (signed) by the issuing certificate authority (CA) of the cluster's owner. */ clusterCertificate?: pulumi.Input; /** * The certificate signing request (CSR). Available only in `UNINITIALIZED` state after an HSM instance is added to the cluster. */ clusterCsr?: pulumi.Input; /** * The HSM certificate issued (signed) by the HSM hardware. */ hsmCertificate?: pulumi.Input; /** * The HSM hardware certificate issued (signed) by the hardware manufacturer. */ manufacturerHardwareCertificate?: pulumi.Input; } } export namespace cloudsearch { export interface DomainEndpointOptions { /** * Enables or disables the requirement that all requests to the domain arrive over HTTPS. */ enforceHttps?: pulumi.Input; /** * The minimum required TLS version. See the [AWS documentation](https://docs.aws.amazon.com/cloudsearch/latest/developerguide/API_DomainEndpointOptions.html) for valid values. */ tlsSecurityPolicy?: pulumi.Input; } export interface DomainIndexField { /** * The analysis scheme you want to use for a `text` field. The analysis scheme specifies the language-specific text processing options that are used during indexing. */ analysisScheme?: pulumi.Input; /** * The default value for the field. This value is used when no value is specified for the field in the document data. */ defaultValue?: pulumi.Input; /** * You can get facet information by enabling this. */ facet?: pulumi.Input; /** * You can highlight information. */ highlight?: pulumi.Input; /** * A unique name for the field. Field names must begin with a letter and be at least 1 and no more than 64 characters long. The allowed characters are: `a`-`z` (lower-case letters), `0`-`9`, and `_` (underscore). The name `score` is reserved and cannot be used as a field name. */ name: pulumi.Input; /** * You can enable returning the value of all searchable fields. */ return?: pulumi.Input; /** * You can set whether this index should be searchable or not. */ search?: pulumi.Input; /** * You can enable the property to be sortable. */ sort?: pulumi.Input; /** * A comma-separated list of source fields to map to the field. Specifying a source field copies data from one field to another, enabling you to use the same source data in different ways by configuring different options for the fields. */ sourceFields?: pulumi.Input; /** * The field type. Valid values: `date`, `date-array`, `double`, `double-array`, `int`, `int-array`, `literal`, `literal-array`, `text`, `text-array`. */ type: pulumi.Input; } export interface DomainScalingParameters { /** * The instance type that you want to preconfigure for your domain. See the [AWS documentation](https://docs.aws.amazon.com/cloudsearch/latest/developerguide/API_ScalingParameters.html) for valid values. */ desiredInstanceType?: pulumi.Input; /** * The number of partitions you want to preconfigure for your domain. Only valid when you select `search.2xlarge` as the instance type. */ desiredPartitionCount?: pulumi.Input; /** * The number of replicas you want to preconfigure for each index partition. */ desiredReplicationCount?: pulumi.Input; } } export namespace cloudtrail { export interface EventDataStoreAdvancedEventSelector { /** * Specifies the selector statements in an advanced event selector. Fields documented below. */ fieldSelectors?: pulumi.Input[]>; /** * Specifies the name of the advanced event selector. */ name?: pulumi.Input; } export interface EventDataStoreAdvancedEventSelectorFieldSelector { /** * A list of values that includes events that match the last few characters of the event record field specified as the value of `field`. */ endsWiths?: pulumi.Input[]>; /** * A list of values that includes events that match the exact value of the event record field specified as the value of `field`. This is the only valid operator that you can use with the `readOnly`, `eventCategory`, and `resources.type` fields. */ equals?: pulumi.Input[]>; /** * Specifies a field in an event record on which to filter events to be logged. You can specify only the following values: `readOnly`, `eventSource`, `eventName`, `eventCategory`, `resources.type`, `resources.ARN`. */ field?: pulumi.Input; /** * A list of values that excludes events that match the last few characters of the event record field specified as the value of `field`. */ notEndsWiths?: pulumi.Input[]>; /** * A list of values that excludes events that match the exact value of the event record field specified as the value of `field`. */ notEquals?: pulumi.Input[]>; /** * A list of values that excludes events that match the first few characters of the event record field specified as the value of `field`. */ notStartsWiths?: pulumi.Input[]>; /** * A list of values that includes events that match the first few characters of the event record field specified as the value of `field`. */ startsWiths?: pulumi.Input[]>; } export interface TrailAdvancedEventSelector { /** * Specifies the selector statements in an advanced event selector. Fields documented below. */ fieldSelectors: pulumi.Input[]>; /** * Name of the trail. */ name?: pulumi.Input; } export interface TrailAdvancedEventSelectorFieldSelector { /** * A list of values that includes events that match the last few characters of the event record field specified as the value of `field`. */ endsWiths?: pulumi.Input[]>; /** * A list of values that includes events that match the exact value of the event record field specified as the value of `field`. This is the only valid operator that you can use with the `readOnly`, `eventCategory`, and `resources.type` fields. */ equals?: pulumi.Input[]>; /** * Field in an event record on which to filter events to be logged. You can specify only the following values: `readOnly`, `eventSource`, `eventName`, `eventCategory`, `resources.type`, `resources.ARN`. */ field: pulumi.Input; /** * A list of values that excludes events that match the last few characters of the event record field specified as the value of `field`. */ notEndsWiths?: pulumi.Input[]>; /** * A list of values that excludes events that match the exact value of the event record field specified as the value of `field`. */ notEquals?: pulumi.Input[]>; /** * A list of values that excludes events that match the first few characters of the event record field specified as the value of `field`. */ notStartsWiths?: pulumi.Input[]>; /** * A list of values that includes events that match the first few characters of the event record field specified as the value of `field`. */ startsWiths?: pulumi.Input[]>; } export interface TrailEventSelector { /** * Configuration block for data events. See details below. */ dataResources?: pulumi.Input[]>; /** * A set of event sources to exclude. Valid values include: `kms.amazonaws.com` and `rdsdata.amazonaws.com`. `includeManagementEvents` must be set to`true` to allow this. */ excludeManagementEventSources?: pulumi.Input[]>; /** * Whether to include management events for your trail. Defaults to `true`. */ includeManagementEvents?: pulumi.Input; /** * Type of events to log. Valid values are `ReadOnly`, `WriteOnly`, `All`. Default value is `All`. */ readWriteType?: pulumi.Input; } export interface TrailEventSelectorDataResource { /** * Resource type in which you want to log data events. You can specify only the following value: "AWS::S3::Object", "AWS::Lambda::Function" and "AWS::DynamoDB::Table". */ type: pulumi.Input; /** * List of ARN strings or partial ARN strings to specify selectors for data audit events over data resources. ARN list is specific to single-valued `type`. For example, `arn:aws:s3:::/` for all objects in a bucket, `arn:aws:s3:::/key` for specific objects, `arn:aws:lambda` for all lambda events within an account, `arn:aws:lambda:::function:` for a specific Lambda function, `arn:aws:dynamodb` for all DDB events for all tables within an account, or `arn:aws:dynamodb:::table/` for a specific DynamoDB table. */ values: pulumi.Input[]>; } export interface TrailInsightSelector { /** * Type of insights to log on a trail. Valid values are: `ApiCallRateInsight` and `ApiErrorRateInsight`. */ insightType: pulumi.Input; } } export namespace cloudwatch { export interface CompositeAlarmActionsSuppressor { /** * Can be an AlarmName or an Amazon Resource Name (ARN) from an existing alarm. */ alarm: pulumi.Input; /** * The maximum time in seconds that the composite alarm waits after suppressor alarm goes out of the `ALARM` state. After this time, the composite alarm performs its actions. */ extensionPeriod: pulumi.Input; /** * The maximum time in seconds that the composite alarm waits for the suppressor alarm to go into the `ALARM` state. After this time, the composite alarm performs its actions. */ waitPeriod: pulumi.Input; } export interface EventBusDeadLetterConfig { /** * The ARN of the SQS queue specified as the target for the dead-letter queue. */ arn?: pulumi.Input; } export interface EventBusLogConfig { /** * Whether EventBridge include detailed event information in the records it generates. Valid values are `NONE` and `FULL`. */ includeDetail?: pulumi.Input; /** * Level of logging detail to include. Valid values are `OFF`, `ERROR`, `INFO`, and `TRACE`. */ level?: pulumi.Input; } export interface EventConnectionAuthParameters { /** * Parameters used for API_KEY authorization. An API key to include in the header for each authentication request. A maximum of 1 are allowed. Conflicts with `basic` and `oauth`. Documented below. */ apiKey?: pulumi.Input; /** * Parameters used for BASIC authorization. A maximum of 1 are allowed. Conflicts with `apiKey` and `oauth`. Documented below. */ basic?: pulumi.Input; /** * Invocation Http Parameters are additional credentials used to sign each Invocation of the ApiDestination created from this Connection. If the ApiDestination Rule Target has additional HttpParameters, the values will be merged together, with the Connection Invocation Http Parameters taking precedence. Secret values are stored and managed by AWS Secrets Manager. A maximum of 1 are allowed. Documented below. */ invocationHttpParameters?: pulumi.Input; /** * Parameters used for OAUTH_CLIENT_CREDENTIALS authorization. A maximum of 1 are allowed. Conflicts with `basic` and `apiKey`. Documented below. */ oauth?: pulumi.Input; } export interface EventConnectionAuthParametersApiKey { /** * Header Name. */ key: pulumi.Input; /** * Header Value. Created and stored in AWS Secrets Manager. */ value: pulumi.Input; } export interface EventConnectionAuthParametersBasic { /** * A password for the authorization. Created and stored in AWS Secrets Manager. */ password: pulumi.Input; /** * A username for the authorization. */ username: pulumi.Input; } export interface EventConnectionAuthParametersInvocationHttpParameters { /** * Contains additional body string parameters for the connection. You can include up to 100 additional body string parameters per request. Each additional parameter counts towards the event payload size, which cannot exceed 64 KB. Each parameter can contain the following: */ bodies?: pulumi.Input[]>; /** * Contains additional header parameters for the connection. You can include up to 100 additional body string parameters per request. Each additional parameter counts towards the event payload size, which cannot exceed 64 KB. Each parameter can contain the following: */ headers?: pulumi.Input[]>; /** * Contains additional query string parameters for the connection. You can include up to 100 additional body string parameters per request. Each additional parameter counts towards the event payload size, which cannot exceed 64 KB. Each parameter can contain the following: */ queryStrings?: pulumi.Input[]>; } export interface EventConnectionAuthParametersInvocationHttpParametersBody { /** * Specified whether the value is secret. */ isValueSecret?: pulumi.Input; /** * The key for the parameter. */ key?: pulumi.Input; /** * The value associated with the key. Created and stored in AWS Secrets Manager if is secret. */ value?: pulumi.Input; } export interface EventConnectionAuthParametersInvocationHttpParametersHeader { /** * Specified whether the value is secret. */ isValueSecret?: pulumi.Input; /** * The key for the parameter. */ key?: pulumi.Input; /** * The value associated with the key. Created and stored in AWS Secrets Manager if is secret. */ value?: pulumi.Input; } export interface EventConnectionAuthParametersInvocationHttpParametersQueryString { /** * Specified whether the value is secret. */ isValueSecret?: pulumi.Input; /** * The key for the parameter. */ key?: pulumi.Input; /** * The value associated with the key. Created and stored in AWS Secrets Manager if is secret. */ value?: pulumi.Input; } export interface EventConnectionAuthParametersOauth { /** * The URL to the authorization endpoint. */ authorizationEndpoint: pulumi.Input; /** * Contains the client parameters for OAuth authorization. Contains the following two parameters. */ clientParameters?: pulumi.Input; /** * A password for the authorization. Created and stored in AWS Secrets Manager. */ httpMethod: pulumi.Input; /** * OAuth Http Parameters are additional credentials used to sign the request to the authorization endpoint to exchange the OAuth Client information for an access token. Secret values are stored and managed by AWS Secrets Manager. A maximum of 1 are allowed. Documented below. */ oauthHttpParameters: pulumi.Input; } export interface EventConnectionAuthParametersOauthClientParameters { /** * The client ID for the credentials to use for authorization. Created and stored in AWS Secrets Manager. */ clientId: pulumi.Input; /** * The client secret for the credentials to use for authorization. Created and stored in AWS Secrets Manager. */ clientSecret: pulumi.Input; } export interface EventConnectionAuthParametersOauthOauthHttpParameters { /** * Contains additional body string parameters for the connection. You can include up to 100 additional body string parameters per request. Each additional parameter counts towards the event payload size, which cannot exceed 64 KB. Each parameter can contain the following: */ bodies?: pulumi.Input[]>; /** * Contains additional header parameters for the connection. You can include up to 100 additional body string parameters per request. Each additional parameter counts towards the event payload size, which cannot exceed 64 KB. Each parameter can contain the following: */ headers?: pulumi.Input[]>; /** * Contains additional query string parameters for the connection. You can include up to 100 additional body string parameters per request. Each additional parameter counts towards the event payload size, which cannot exceed 64 KB. Each parameter can contain the following: */ queryStrings?: pulumi.Input[]>; } export interface EventConnectionAuthParametersOauthOauthHttpParametersBody { /** * Specified whether the value is secret. */ isValueSecret?: pulumi.Input; /** * The key for the parameter. */ key?: pulumi.Input; /** * The value associated with the key. Created and stored in AWS Secrets Manager if is secret. */ value?: pulumi.Input; } export interface EventConnectionAuthParametersOauthOauthHttpParametersHeader { /** * Specified whether the value is secret. */ isValueSecret?: pulumi.Input; /** * The key for the parameter. */ key?: pulumi.Input; /** * The value associated with the key. Created and stored in AWS Secrets Manager if is secret. */ value?: pulumi.Input; } export interface EventConnectionAuthParametersOauthOauthHttpParametersQueryString { /** * Specified whether the value is secret. */ isValueSecret?: pulumi.Input; /** * The key for the parameter. */ key?: pulumi.Input; /** * The value associated with the key. Created and stored in AWS Secrets Manager if is secret. */ value?: pulumi.Input; } export interface EventConnectionInvocationConnectivityParameters { /** * The parameters for EventBridge to use when invoking the resource endpoint. Documented below. */ resourceParameters: pulumi.Input; } export interface EventConnectionInvocationConnectivityParametersResourceParameters { resourceAssociationArn?: pulumi.Input; /** * ARN of the Amazon VPC Lattice resource configuration for the resource endpoint. */ resourceConfigurationArn: pulumi.Input; } export interface EventEndpointEventBus { /** * The ARN of the event bus the endpoint is associated with. */ eventBusArn: pulumi.Input; } export interface EventEndpointReplicationConfig { /** * The state of event replication. Valid values: `ENABLED`, `DISABLED`. The default state is `ENABLED`, which means you must supply a `roleArn`. If you don't have a `roleArn` or you don't want event replication enabled, set `state` to `DISABLED`. */ state?: pulumi.Input; } export interface EventEndpointRoutingConfig { /** * Parameters used for failover. This includes what triggers failover and what happens when it's triggered. Documented below. */ failoverConfig: pulumi.Input; } export interface EventEndpointRoutingConfigFailoverConfig { /** * Parameters used for the primary Region. Documented below. */ primary: pulumi.Input; /** * Parameters used for the secondary Region, the Region that events are routed to when failover is triggered or event replication is enabled. Documented below. */ secondary: pulumi.Input; } export interface EventEndpointRoutingConfigFailoverConfigPrimary { /** * The ARN of the health check used by the endpoint to determine whether failover is triggered. */ healthCheck?: pulumi.Input; } export interface EventEndpointRoutingConfigFailoverConfigSecondary { /** * The name of the secondary Region. */ route?: pulumi.Input; } export interface EventPermissionCondition { /** * Key for the condition. Valid values: `aws:PrincipalOrgID`. */ key: pulumi.Input; /** * Type of condition. Value values: `StringEquals`. */ type: pulumi.Input; /** * Value for the key. */ value: pulumi.Input; } export interface EventTargetAppsyncTarget { /** * Contains the GraphQL mutation to be parsed and executed. */ graphqlOperation?: pulumi.Input; } export interface EventTargetBatchTarget { /** * The size of the array, if this is an array batch job. Valid values are integers between 2 and 10,000. */ arraySize?: pulumi.Input; /** * The number of times to attempt to retry, if the job fails. Valid values are 1 to 10. */ jobAttempts?: pulumi.Input; /** * The ARN or name of the job definition to use if the event target is an AWS Batch job. This job definition must already exist. */ jobDefinition: pulumi.Input; /** * The name to use for this execution of the job, if the target is an AWS Batch job. */ jobName: pulumi.Input; } export interface EventTargetDeadLetterConfig { /** * ARN of the SQS queue specified as the target for the dead-letter queue. */ arn?: pulumi.Input; } export interface EventTargetEcsTarget { /** * The capacity provider strategy to use for the task. If a `capacityProviderStrategy` specified, the `launchType` parameter must be omitted. If no `capacityProviderStrategy` or `launchType` is specified, the default capacity provider strategy for the cluster is used. Can be one or more. See below. */ capacityProviderStrategies?: pulumi.Input[]>; /** * Specifies whether to enable Amazon ECS managed tags for the task. */ enableEcsManagedTags?: pulumi.Input; /** * Whether or not to enable the execute command functionality for the containers in this task. If true, this enables execute command functionality on all containers in the task. */ enableExecuteCommand?: pulumi.Input; /** * Specifies an ECS task group for the task. The maximum length is 255 characters. */ group?: pulumi.Input; /** * Specifies the launch type on which your task is running. The launch type that you specify here must match one of the launch type (compatibilities) of the target task. Valid values include: `EC2`, `EXTERNAL`, or `FARGATE`. */ launchType?: pulumi.Input; /** * Use this if the ECS task uses the awsvpc network mode. This specifies the VPC subnets and security groups associated with the task, and whether a public IP address is to be used. Required if `launchType` is `FARGATE` because the awsvpc mode is required for Fargate tasks. */ networkConfiguration?: pulumi.Input; /** * An array of placement strategy objects to use for the task. You can specify a maximum of five strategy rules per task. */ orderedPlacementStrategies?: pulumi.Input[]>; /** * An array of placement constraint objects to use for the task. You can specify up to 10 constraints per task (including constraints in the task definition and those specified at runtime). See Below. */ placementConstraints?: pulumi.Input[]>; /** * Specifies the platform version for the task. Specify only the numeric portion of the platform version, such as `1.1.0`. This is used only if LaunchType is FARGATE. For more information about valid platform versions, see [AWS Fargate Platform Versions](http://docs.aws.amazon.com/AmazonECS/latest/developerguide/platform_versions.html). */ platformVersion?: pulumi.Input; /** * Specifies whether to propagate the tags from the task definition to the task. If no value is specified, the tags are not propagated. Tags can only be propagated to the task during task creation. The only valid value is: `TASK_DEFINITION`. */ propagateTags?: pulumi.Input; /** * A map of tags to assign to ecs resources. */ tags?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * The number of tasks to create based on the TaskDefinition. Defaults to `1`. */ taskCount?: pulumi.Input; /** * The ARN of the task definition to use if the event target is an Amazon ECS cluster. */ taskDefinitionArn: pulumi.Input; } export interface EventTargetEcsTargetCapacityProviderStrategy { /** * The base value designates how many tasks, at a minimum, to run on the specified capacity provider. Only one capacity provider in a capacity provider strategy can have a base defined. Defaults to `0`. */ base?: pulumi.Input; /** * Short name of the capacity provider. */ capacityProvider: pulumi.Input; /** * The weight value designates the relative percentage of the total number of tasks launched that should use the specified capacity provider. The weight value is taken into consideration after the base value, if defined, is satisfied. */ weight?: pulumi.Input; } export interface EventTargetEcsTargetNetworkConfiguration { /** * Assign a public IP address to the ENI (Fargate launch type only). Valid values are `true` or `false`. Defaults to `false`. * * For more information, see [Task Networking](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html) */ assignPublicIp?: pulumi.Input; /** * The security groups associated with the task or service. If you do not specify a security group, the default security group for the VPC is used. */ securityGroups?: pulumi.Input[]>; /** * The subnets associated with the task or service. */ subnets: pulumi.Input[]>; } export interface EventTargetEcsTargetOrderedPlacementStrategy { /** * The field to apply the placement strategy against. For the `spread` placement strategy, valid values are `instanceId` (or `host`, which has the same effect), or any platform or custom attribute that is applied to a container instance, such as `attribute:ecs.availability-zone`. For the `binpack` placement strategy, valid values are `cpu` and `memory`. For the `random` placement strategy, this field is not used. For more information, see [Amazon ECS task placement strategies](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-placement-strategies.html). */ field?: pulumi.Input; /** * Type of placement strategy. The only valid values at this time are `binpack`, `random` and `spread`. */ type: pulumi.Input; } export interface EventTargetEcsTargetPlacementConstraint { /** * Cluster Query Language expression to apply to the constraint. Does not need to be specified for the `distinctInstance` type. For more information, see [Cluster Query Language in the Amazon EC2 Container Service Developer Guide](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/cluster-query-language.html). */ expression?: pulumi.Input; /** * Type of constraint. The only valid values at this time are `memberOf` and `distinctInstance`. */ type: pulumi.Input; } export interface EventTargetHttpTarget { /** * Enables you to specify HTTP headers to add to the request. */ headerParameters?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * The list of values that correspond sequentially to any path variables in your endpoint ARN (for example `arn:aws:execute-api:us-east-1:123456:myapi/*/POST/pets/*`). */ pathParameterValues?: pulumi.Input[]>; /** * Represents keys/values of query string parameters that are appended to the invoked endpoint. */ queryStringParameters?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface EventTargetInputTransformer { /** * Key value pairs specified in the form of JSONPath (for example, time = $.time) * * You can have as many as 100 key-value pairs. * * You must use JSON dot notation, not bracket notation. * * The keys can't start with "AWS". */ inputPaths?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Template to customize data sent to the target. Must be valid JSON. To send a string value, the string value must include double quotes. */ inputTemplate: pulumi.Input; } export interface EventTargetKinesisTarget { /** * The JSON path to be extracted from the event and used as the partition key. */ partitionKeyPath?: pulumi.Input; } export interface EventTargetRedshiftTarget { /** * The name of the database. */ database: pulumi.Input; /** * The database user name. */ dbUser?: pulumi.Input; /** * The name or ARN of the secret that enables access to the database. */ secretsManagerArn?: pulumi.Input; /** * The SQL statement text to run. */ sql?: pulumi.Input; /** * The name of the SQL statement. */ statementName?: pulumi.Input; /** * Indicates whether to send an event back to EventBridge after the SQL statement runs. */ withEvent?: pulumi.Input; } export interface EventTargetRetryPolicy { /** * The age in seconds to continue to make retry attempts. */ maximumEventAgeInSeconds?: pulumi.Input; /** * maximum number of retry attempts to make before the request fails */ maximumRetryAttempts?: pulumi.Input; } export interface EventTargetRunCommandTarget { /** * Can be either `tag:tag-key` or `InstanceIds`. */ key: pulumi.Input; /** * If Key is `tag:tag-key`, Values is a list of tag values. If Key is `InstanceIds`, Values is a list of Amazon EC2 instance IDs. */ values: pulumi.Input[]>; } export interface EventTargetSagemakerPipelineTarget { /** * List of Parameter names and values for SageMaker AI Model Building Pipeline execution. */ pipelineParameterLists?: pulumi.Input[]>; } export interface EventTargetSagemakerPipelineTargetPipelineParameterList { /** * Name of parameter to start execution of a SageMaker AI Model Building Pipeline. */ name: pulumi.Input; /** * Value of parameter to start execution of a SageMaker AI Model Building Pipeline. */ value: pulumi.Input; } export interface EventTargetSqsTarget { /** * The FIFO message group ID to use as the target. */ messageGroupId?: pulumi.Input; } export interface GetLogDataProtectionPolicyDocumentConfiguration { /** * Configures custom regular expressions to detect sensitive data. Read more in [Custom data identifiers](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL-custom-data-identifiers.html). */ customDataIdentifiers?: inputs.cloudwatch.GetLogDataProtectionPolicyDocumentConfigurationCustomDataIdentifier[]; } export interface GetLogDataProtectionPolicyDocumentConfigurationArgs { /** * Configures custom regular expressions to detect sensitive data. Read more in [Custom data identifiers](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL-custom-data-identifiers.html). */ customDataIdentifiers?: pulumi.Input[]>; } export interface GetLogDataProtectionPolicyDocumentConfigurationCustomDataIdentifier { /** * Name of the custom data idenfitier */ name: string; /** * Regular expression to match sensitive data */ regex: string; } export interface GetLogDataProtectionPolicyDocumentConfigurationCustomDataIdentifierArgs { /** * Name of the custom data idenfitier */ name: pulumi.Input; /** * Regular expression to match sensitive data */ regex: pulumi.Input; } export interface GetLogDataProtectionPolicyDocumentStatement { /** * Set of at least 1 sensitive data identifiers that you want to mask. Read more in [Types of data that you can protect](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/protect-sensitive-log-data-types.html). */ dataIdentifiers: string[]; /** * Configures the data protection operation applied by this statement. */ operation: inputs.cloudwatch.GetLogDataProtectionPolicyDocumentStatementOperation; /** * Name of this statement. */ sid?: string; } export interface GetLogDataProtectionPolicyDocumentStatementArgs { /** * Set of at least 1 sensitive data identifiers that you want to mask. Read more in [Types of data that you can protect](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/protect-sensitive-log-data-types.html). */ dataIdentifiers: pulumi.Input[]>; /** * Configures the data protection operation applied by this statement. */ operation: pulumi.Input; /** * Name of this statement. */ sid?: pulumi.Input; } export interface GetLogDataProtectionPolicyDocumentStatementOperation { /** * Configures the detection of sensitive data. */ audit?: inputs.cloudwatch.GetLogDataProtectionPolicyDocumentStatementOperationAudit; /** * Configures the masking of sensitive data. * * > Every policy statement must specify exactly one operation. */ deidentify?: inputs.cloudwatch.GetLogDataProtectionPolicyDocumentStatementOperationDeidentify; } export interface GetLogDataProtectionPolicyDocumentStatementOperationArgs { /** * Configures the detection of sensitive data. */ audit?: pulumi.Input; /** * Configures the masking of sensitive data. * * > Every policy statement must specify exactly one operation. */ deidentify?: pulumi.Input; } export interface GetLogDataProtectionPolicyDocumentStatementOperationAudit { /** * Configures destinations to send audit findings to. */ findingsDestination: inputs.cloudwatch.GetLogDataProtectionPolicyDocumentStatementOperationAuditFindingsDestination; } export interface GetLogDataProtectionPolicyDocumentStatementOperationAuditArgs { /** * Configures destinations to send audit findings to. */ findingsDestination: pulumi.Input; } export interface GetLogDataProtectionPolicyDocumentStatementOperationAuditFindingsDestination { /** * Configures CloudWatch Logs as a findings destination. */ cloudwatchLogs?: inputs.cloudwatch.GetLogDataProtectionPolicyDocumentStatementOperationAuditFindingsDestinationCloudwatchLogs; /** * Configures Kinesis Firehose as a findings destination. */ firehose?: inputs.cloudwatch.GetLogDataProtectionPolicyDocumentStatementOperationAuditFindingsDestinationFirehose; /** * Configures S3 as a findings destination. */ s3?: inputs.cloudwatch.GetLogDataProtectionPolicyDocumentStatementOperationAuditFindingsDestinationS3; } export interface GetLogDataProtectionPolicyDocumentStatementOperationAuditFindingsDestinationArgs { /** * Configures CloudWatch Logs as a findings destination. */ cloudwatchLogs?: pulumi.Input; /** * Configures Kinesis Firehose as a findings destination. */ firehose?: pulumi.Input; /** * Configures S3 as a findings destination. */ s3?: pulumi.Input; } export interface GetLogDataProtectionPolicyDocumentStatementOperationAuditFindingsDestinationCloudwatchLogs { /** * Name of the CloudWatch Log Group to send findings to. */ logGroup: string; } export interface GetLogDataProtectionPolicyDocumentStatementOperationAuditFindingsDestinationCloudwatchLogsArgs { /** * Name of the CloudWatch Log Group to send findings to. */ logGroup: pulumi.Input; } export interface GetLogDataProtectionPolicyDocumentStatementOperationAuditFindingsDestinationFirehose { /** * Name of the Kinesis Firehose Delivery Stream to send findings to. */ deliveryStream: string; } export interface GetLogDataProtectionPolicyDocumentStatementOperationAuditFindingsDestinationFirehoseArgs { /** * Name of the Kinesis Firehose Delivery Stream to send findings to. */ deliveryStream: pulumi.Input; } export interface GetLogDataProtectionPolicyDocumentStatementOperationAuditFindingsDestinationS3 { /** * Name of the S3 Bucket to send findings to. */ bucket: string; } export interface GetLogDataProtectionPolicyDocumentStatementOperationAuditFindingsDestinationS3Args { /** * Name of the S3 Bucket to send findings to. */ bucket: pulumi.Input; } export interface GetLogDataProtectionPolicyDocumentStatementOperationDeidentify { /** * An empty object that configures masking. */ maskConfig: inputs.cloudwatch.GetLogDataProtectionPolicyDocumentStatementOperationDeidentifyMaskConfig; } export interface GetLogDataProtectionPolicyDocumentStatementOperationDeidentifyArgs { /** * An empty object that configures masking. */ maskConfig: pulumi.Input; } export interface GetLogDataProtectionPolicyDocumentStatementOperationDeidentifyMaskConfig { } export interface GetLogDataProtectionPolicyDocumentStatementOperationDeidentifyMaskConfigArgs { } export interface InternetMonitorHealthEventsConfig { /** * The health event threshold percentage set for availability scores. */ availabilityScoreThreshold?: pulumi.Input; /** * The health event threshold percentage set for performance scores. */ performanceScoreThreshold?: pulumi.Input; } export interface InternetMonitorInternetMeasurementsLogDelivery { s3Config?: pulumi.Input; } export interface InternetMonitorInternetMeasurementsLogDeliveryS3Config { bucketName: pulumi.Input; bucketPrefix?: pulumi.Input; logDeliveryStatus?: pulumi.Input; } export interface LogDeliveryDestinationDeliveryDestinationConfiguration { /** * The ARN of the AWS destination that this delivery destination represents. Required when `deliveryDestinationConfiguration` is specified. */ destinationResourceArn?: pulumi.Input; } export interface LogDeliveryS3DeliveryConfiguration { /** * This parameter causes the S3 objects that contain delivered logs to use a prefix structure that allows for integration with Apache Hive. */ enableHiveCompatiblePath: pulumi.Input; /** * This string allows re-configuring the S3 object prefix to contain either static or variable sections. The valid variables to use in the suffix path will vary by each log source. */ suffixPath: pulumi.Input; } export interface LogMetricFilterMetricTransformation { /** * The value to emit when a filter pattern does not match a log event. Conflicts with `dimensions`. */ defaultValue?: pulumi.Input; /** * Map of fields to use as dimensions for the metric. Up to 3 dimensions are allowed. Conflicts with `defaultValue`. */ dimensions?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * The name of the CloudWatch metric to which the monitored log information should be published (e.g., `ErrorCount`) */ name: pulumi.Input; /** * The destination namespace of the CloudWatch metric. */ namespace: pulumi.Input; /** * The unit to assign to the metric. If you omit this, the unit is set as `None`. */ unit?: pulumi.Input; /** * What to publish to the metric. For example, if you're counting the occurrences of a particular term like "Error", the value will be "1" for each occurrence. If you're counting the bytes transferred the published value will be the value in the log event. */ value: pulumi.Input; } export interface LogTransformerTransformerConfig { /** * Adds new key-value pairs to the log event. See `addKeys` below for details. */ addKeys?: pulumi.Input; /** * Copies values within a log event. See `copyValue` below for details. */ copyValue?: pulumi.Input; /** * Parses comma-separated values (CSV) from the log events into columns. See `csv` below for details. */ csvs?: pulumi.Input[]>; /** * Converts a datetime string into a format that you specify. See `dateTimeConverter` below for details. */ dateTimeConverters?: pulumi.Input[]>; /** * Deletes entry from a log event. See `deleteKeys` below for details. */ deleteKeys?: pulumi.Input[]>; /** * Parses and structures unstructured data by using pattern matching. See `grok` below for details. */ grok?: pulumi.Input; /** * Converts list of objects that contain key fields into a map of target keys. See `listToMap` below for details. */ listToMaps?: pulumi.Input[]>; /** * Converts a string to lowercase. See `lowerCaseString` below for details. */ lowerCaseStrings?: pulumi.Input[]>; /** * Moves a key from one field to another. See `moveKeys` below for details. */ moveKeys?: pulumi.Input[]>; /** * Parses CloudFront vended logs, extracts fields, and converts them into JSON format. See `parseCloudfront` below for details. */ parseCloudfront?: pulumi.Input; /** * Parses log events that are in JSON format. See `parseJson` below for details. */ parseJsons?: pulumi.Input[]>; /** * Parses a specified field in the original log event into key-value pairs. See `parseKeyValue` below for details. */ parseKeyValues?: pulumi.Input[]>; /** * Parses RDS for PostgreSQL vended logs, extracts fields, and and convert them into a JSON format. See `parsePostgres` below for details. */ parsePostgres?: pulumi.Input; /** * Parses Route 53 vended logs, extracts fields, and converts them into JSON format. See `parseRoute53` below for details. */ parseRoute53?: pulumi.Input; /** * Parses logs events and converts them into Open Cybersecurity Schema Framework (OCSF) events. See `parseToOcsf` below for details. */ parseToOcsf?: pulumi.Input; /** * Parses Amazon VPC vended logs, extracts fields, and converts them into JSON format. See `parseVpc` below for details. */ parseVpc?: pulumi.Input; /** * Parses AWS WAF vended logs, extracts fields, and converts them into JSON format. See `parseWaf` below for details. */ parseWaf?: pulumi.Input; /** * Renames keys in a log event. See `renameKeys` below for details. */ renameKeys?: pulumi.Input[]>; /** * Splits a field into an array of strings using a delimiting character. See `splitString` below for details. */ splitStrings?: pulumi.Input[]>; /** * Matches a key’s value against a regular expression and replaces all matches with a replacement string. See `substituteString` below for details. */ substituteStrings?: pulumi.Input[]>; /** * Removes leading and trailing whitespace from a string. See `trimString` below for details. */ trimStrings?: pulumi.Input[]>; /** * Converts a value type associated with the specified key to the specified type. See `typeConverter` below for details. */ typeConverters?: pulumi.Input[]>; /** * Converts a string to uppercase. See `upperCaseString` below for details. */ upperCaseStrings?: pulumi.Input[]>; } export interface LogTransformerTransformerConfigAddKeys { /** * Objects containing the information about the keys to add to the log event. You must include at least one entry, and five at most. See `addKeys` `entry` below for details. */ entries: pulumi.Input[]>; } export interface LogTransformerTransformerConfigAddKeysEntry { /** * Specifies the key with the value that will be converted to a different type. */ key: pulumi.Input; /** * Specifies whether to overwrite the value if the destination key already exists. Defaults to `false`. * * `renameTo` - (Required) Specifies the new name of the key. */ overwriteIfExists?: pulumi.Input; /** * Specifies the value of the new entry to be added to the log event. */ value: pulumi.Input; } export interface LogTransformerTransformerConfigCopyValue { /** * Objects containing the information about the values to copy to the log event. You must include at least one entry, and five at most. See `copyValue` `entry` below for details. */ entries: pulumi.Input[]>; } export interface LogTransformerTransformerConfigCopyValueEntry { /** * Specifies whether to overwrite the value if the destination key already exists. Defaults to `false`. * * `renameTo` - (Required) Specifies the new name of the key. */ overwriteIfExists?: pulumi.Input; /** * Specifies the key to modify. */ source: pulumi.Input; /** * Specifies the key to move to. */ target: pulumi.Input; } export interface LogTransformerTransformerConfigCsv { /** * Specifies the names to use for the columns in the transformed log event. If not specified, default column names (`[column_1, column2 ...]`) are used. */ columns?: pulumi.Input[]>; /** * Specifies the character used to separate each column in the original comma-separated value log event. Defaults to the comma `,` character. */ delimiter?: pulumi.Input; /** * Specifies the character used as a text qualifier for a single column of data. Defaults to the double quotation mark `"` character. */ quoteCharacter?: pulumi.Input; /** * Specifies the path to the field in the log event that has the comma separated values to be parsed. If omitted, the whole log message is processed. */ source?: pulumi.Input; } export interface LogTransformerTransformerConfigDateTimeConverter { /** * Specifies the locale of the source field. Defaults to `locale.ROOT`. */ locale?: pulumi.Input; /** * Specifies the list of patterns to match against the `source` field. */ matchPatterns: pulumi.Input[]>; /** * Specifies the key to apply the date conversion to. */ source: pulumi.Input; /** * Specifies the time zone of the source field. Defaults to `UTC`. */ sourceTimezone?: pulumi.Input; /** * Specifies the JSON field to store the result in. */ target: pulumi.Input; /** * Specifies the datetime format to use for the converted data in the target field. Defaults to `yyyy-MM-dd'T'HH:mm:ss.SSS'Z`. */ targetFormat?: pulumi.Input; /** * Specifies the time zone of the target field. Defaults to `UTC`. */ targetTimezone?: pulumi.Input; } export interface LogTransformerTransformerConfigDeleteKey { /** * Specifies the keys to be deleted. */ withKeys: pulumi.Input[]>; } export interface LogTransformerTransformerConfigGrok { /** * Specifies the grok pattern to match against the log event. */ match: pulumi.Input; /** * Specifies the path to the field in the log event that has the comma separated values to be parsed. If omitted, the whole log message is processed. */ source?: pulumi.Input; } export interface LogTransformerTransformerConfigListToMap { /** * Specifies whether the list will be flattened into single items. Defaults to `false`. */ flatten?: pulumi.Input; /** * Required if `flatten` is set to true. Specifies the element to keep. Allowed values are `first` and `last`. */ flattenedElement?: pulumi.Input; /** * Specifies the key of the field to be extracted as keys in the generated map. */ key: pulumi.Input; /** * Specifies the key in the log event that has a list of objects that will be converted to a map. */ source: pulumi.Input; /** * Specifies the key of the field that will hold the generated map. */ target?: pulumi.Input; /** * Specifies the values that will be extracted from the source objects and put into the values of the generated map. If omitted, original objects in the source list will be put into the values of the generated map. */ valueKey?: pulumi.Input; } export interface LogTransformerTransformerConfigLowerCaseString { /** * Specifies the keys of the fields to convert to lowercase. */ withKeys: pulumi.Input[]>; } export interface LogTransformerTransformerConfigMoveKey { /** * Objects containing the information about the keys to move to the log event. You must include at least one entry, and five at most. See `moveKeys` `entry` below for details. */ entries: pulumi.Input[]>; } export interface LogTransformerTransformerConfigMoveKeyEntry { /** * Specifies whether to overwrite the value if the destination key already exists. Defaults to `false`. * * `renameTo` - (Required) Specifies the new name of the key. */ overwriteIfExists?: pulumi.Input; /** * Specifies the key to modify. */ source: pulumi.Input; /** * Specifies the key to move to. */ target: pulumi.Input; } export interface LogTransformerTransformerConfigParseCloudfront { /** * Specifies the source field to be parsed. The only allowed value is `@message`. If omitted, the whole log message is processed. */ source?: pulumi.Input; } export interface LogTransformerTransformerConfigParseJson { /** * Specifies the location to put the parsed key value pair into. If omitted, it will be placed under the root node. */ destination?: pulumi.Input; /** * Specifies the path to the field in the log event that will be parsed. Defaults to `@message`. */ source?: pulumi.Input; } export interface LogTransformerTransformerConfigParseKeyValue { /** * Specifies the destination field to put the extracted key-value pairs into. */ destination?: pulumi.Input; /** * Specifies the field delimiter string that is used between key-value pairs in the original log events. Defaults to the ampersand `&` character. */ fieldDelimiter?: pulumi.Input; /** * Specifies a prefix that will be added to all transformed keys. */ keyPrefix?: pulumi.Input; /** * Specifies the delimiter string to use between the key and value in each pair in the transformed log event. Defaults to the equal `=` character. */ keyValueDelimiter?: pulumi.Input; /** * Specifies a value to insert into the value field in the result if a key-value pair is not successfully split. */ nonMatchValue?: pulumi.Input; /** * Specifies whether to overwrite the value if the destination key already exists. Defaults to `false`. */ overwriteIfExists?: pulumi.Input; /** * Specifies the path to the field in the log event that will be parsed. Defaults to `@message`. */ source?: pulumi.Input; } export interface LogTransformerTransformerConfigParsePostgres { /** * Specifies the source field to be parsed. The only allowed value is `@message`. If omitted, the whole log message is processed. */ source?: pulumi.Input; } export interface LogTransformerTransformerConfigParseRoute53 { /** * Specifies the source field to be parsed. The only allowed value is `@message`. If omitted, the whole log message is processed. */ source?: pulumi.Input; } export interface LogTransformerTransformerConfigParseToOcsf { eventSource: pulumi.Input; /** * Specifies the version of the OCSF schema to use for the transformed log events. The only allowed value is `V1.1`. */ ocsfVersion: pulumi.Input; /** * Specifies the source field to be parsed. The only allowed value is `@message`. If omitted, the whole log message is processed. */ source?: pulumi.Input; } export interface LogTransformerTransformerConfigParseVpc { /** * Specifies the source field to be parsed. The only allowed value is `@message`. If omitted, the whole log message is processed. */ source?: pulumi.Input; } export interface LogTransformerTransformerConfigParseWaf { /** * Specifies the source field to be parsed. The only allowed value is `@message`. If omitted, the whole log message is processed. */ source?: pulumi.Input; } export interface LogTransformerTransformerConfigRenameKey { /** * Objects containing the information about the keys to rename. You must include at least one entry, and five at most. See `renameKeys` `entry` below for details. */ entries: pulumi.Input[]>; } export interface LogTransformerTransformerConfigRenameKeyEntry { /** * Specifies the key with the value that will be converted to a different type. */ key: pulumi.Input; /** * Specifies whether to overwrite the value if the destination key already exists. Defaults to `false`. * * `renameTo` - (Required) Specifies the new name of the key. */ overwriteIfExists?: pulumi.Input; renameTo: pulumi.Input; } export interface LogTransformerTransformerConfigSplitString { /** * Objects containing the information about the fields to split. You must include at least one entry, and ten at most. See `splitString` `entry` below for details. */ entries: pulumi.Input[]>; } export interface LogTransformerTransformerConfigSplitStringEntry { /** * Specifies the separator characters to split the string entry on. */ delimiter: pulumi.Input; /** * Specifies the key to modify. */ source: pulumi.Input; } export interface LogTransformerTransformerConfigSubstituteString { /** * Objects containing the information about the fields to substitute. You must include at least one entry, and ten at most. See `substituteString` `entry` below for details. */ entries: pulumi.Input[]>; } export interface LogTransformerTransformerConfigSubstituteStringEntry { /** * Specifies the regular expression string to be replaced. */ from: pulumi.Input; /** * Specifies the key to modify. */ source: pulumi.Input; /** * Specifies the string to be substituted for each match of `from`. */ to: pulumi.Input; } export interface LogTransformerTransformerConfigTrimString { /** * Specifies the keys of the fields to trim. */ withKeys: pulumi.Input[]>; } export interface LogTransformerTransformerConfigTypeConverter { /** * Objects containing the information about the fields to change the type of. You must include at least one entry, and five at most. See `typeConverter` `entry` below for details. */ entries: pulumi.Input[]>; } export interface LogTransformerTransformerConfigTypeConverterEntry { /** * Specifies the key with the value that will be converted to a different type. */ key: pulumi.Input; /** * Specifies the type to convert the field value to. Allowed values are: `integer`, `double`, `string` and `boolean`. */ type: pulumi.Input; } export interface LogTransformerTransformerConfigUpperCaseString { /** * Specifies the keys of the fields to convert to uppercase. */ withKeys: pulumi.Input[]>; } export interface MetricAlarmMetricQuery { /** * The ID of the account where the metrics are located, if this is a cross-account alarm. */ accountId?: pulumi.Input; /** * A Metrics Insights query or a metric math expression to be evaluated on the returned data. * For details about Metrics Insights queries, see [Metrics Insights query components and syntax](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cloudwatch-metrics-insights-querylanguage) in the AWS documentation. * For details about metric math expressions, see [Metric Math Syntax and Functions](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/using-metric-math.html#metric-math-syntax) in the AWS documentation. */ expression?: pulumi.Input; /** * A short name used to tie this object to the results in the response. If you are performing math expressions on this set of data, this name represents that data and can serve as a variable in the mathematical expression. The valid characters are letters, numbers, and underscore. The first character must be a lowercase letter. */ id: pulumi.Input; /** * A human-readable label for this metric or expression. This is especially useful if this is an expression, so that you know what the value represents. */ label?: pulumi.Input; /** * The metric to be returned, along with statistics, period, and units. Use this parameter only if this object is retrieving a metric and not performing a math expression on returned data. */ metric?: pulumi.Input; /** * Granularity in seconds of returned data points. * For metrics with regular resolution, valid values are any multiple of `60`. * For high-resolution metrics, valid values are `1`, `5`, `10`, `20`, `30`, or any multiple of `60`. */ period?: pulumi.Input; /** * Specify exactly one `metricQuery` to be `true` to use that `metricQuery` result as the alarm. * * > **NOTE:** You must specify either `metric` or `expression`. Not both. */ returnData?: pulumi.Input; } export interface MetricAlarmMetricQueryMetric { /** * The dimensions for this metric. For the list of available dimensions see the AWS documentation [here](http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/CW_Support_For_AWS.html). */ dimensions?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * The name for this metric. * See docs for [supported metrics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/CW_Support_For_AWS.html). */ metricName: pulumi.Input; /** * The namespace for this metric. See docs for the [list of namespaces](https://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/aws-namespaces.html). * See docs for [supported metrics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/CW_Support_For_AWS.html). */ namespace?: pulumi.Input; /** * Granularity in seconds of returned data points. * For metrics with regular resolution, valid values are any multiple of `60`. * For high-resolution metrics, valid values are `1`, `5`, `10`, `20`, `30`, or any multiple of `60`. */ period: pulumi.Input; /** * The statistic to apply to this metric. * See docs for [supported statistics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Statistics-definitions.html). */ stat: pulumi.Input; /** * The unit for this metric. */ unit?: pulumi.Input; } export interface MetricStreamExcludeFilter { /** * An array that defines the metrics you want to exclude for this metric namespace */ metricNames?: pulumi.Input[]>; /** * Name of the metric namespace in the filter. */ namespace: pulumi.Input; } export interface MetricStreamIncludeFilter { /** * An array that defines the metrics you want to include for this metric namespace */ metricNames?: pulumi.Input[]>; /** * Name of the metric namespace in the filter. */ namespace: pulumi.Input; } export interface MetricStreamStatisticsConfiguration { /** * The additional statistics to stream for the metrics listed in `includeMetrics`. */ additionalStatistics: pulumi.Input[]>; /** * An array that defines the metrics that are to have additional statistics streamed. See details below. */ includeMetrics: pulumi.Input[]>; } export interface MetricStreamStatisticsConfigurationIncludeMetric { /** * The name of the metric. */ metricName: pulumi.Input; namespace: pulumi.Input; } /** * Represents an AWS IAM policy document that defines permissions for AWS resources and actions. */ export interface PolicyDocument { Id?: pulumi.Input; Statement: pulumi.Input[]>; Version: pulumi.Input; } } export namespace codeartifact { export interface RepositoryExternalConnections { /** * The name of the external connection associated with a repository. */ externalConnectionName: pulumi.Input; packageFormat?: pulumi.Input; status?: pulumi.Input; } export interface RepositoryUpstream { /** * The name of an upstream repository. */ repositoryName: pulumi.Input; } } export namespace codebuild { export interface FleetComputeConfiguration { /** * Amount of disk space of the instance type included in the fleet. */ disk?: pulumi.Input; /** * EC2 instance type to be launched in the fleet. Specify only if `computeType` is set to `CUSTOM_INSTANCE_TYPE`. See [Supported instance families](https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-compute-types.html#environment-reserved-capacity.instance-types). */ instanceType?: pulumi.Input; /** * Machine type of the instance type included in the fleet. Valid values: `GENERAL`, `NVME`. Specify only if `computeType` is set to `ATTRIBUTE_BASED_COMPUTE`. */ machineType?: pulumi.Input; /** * Amount of memory of the instance type included in the fleet. Specify only if `computeType` is set to `ATTRIBUTE_BASED_COMPUTE`. */ memory?: pulumi.Input; /** * Number of vCPUs of the instance type included in the fleet. Specify only if `computeType` is set to `ATTRIBUTE_BASED_COMPUTE`. */ vcpu?: pulumi.Input; } export interface FleetScalingConfiguration { desiredCapacity?: pulumi.Input; /** * Maximum number of instances in the fleet when auto-scaling. */ maxCapacity?: pulumi.Input; /** * Scaling type for a compute fleet. Valid value: `TARGET_TRACKING_SCALING`. */ scalingType?: pulumi.Input; /** * Configuration block. Detailed below. */ targetTrackingScalingConfigs?: pulumi.Input[]>; } export interface FleetScalingConfigurationTargetTrackingScalingConfig { /** * Metric type to determine auto-scaling. Valid value: `FLEET_UTILIZATION_RATE`. */ metricType?: pulumi.Input; /** * Value of metricType when to start scaling. */ targetValue?: pulumi.Input; } export interface FleetStatus { /** * Additional information about a compute fleet. */ context?: pulumi.Input; /** * Message associated with the status of a compute fleet. */ message?: pulumi.Input; /** * Status code of the compute fleet. */ statusCode?: pulumi.Input; } export interface FleetVpcConfig { /** * A list of one or more security groups IDs in your Amazon VPC. */ securityGroupIds: pulumi.Input[]>; /** * A list of one or more subnet IDs in your Amazon VPC. */ subnets: pulumi.Input[]>; /** * The ID of the Amazon VPC. */ vpcId: pulumi.Input; } export interface ProjectArtifacts { /** * Artifact identifier. Must be the same specified inside the AWS CodeBuild build * specification. */ artifactIdentifier?: pulumi.Input; /** * Specifies the bucket owner's access for objects that another account uploads to * their Amazon S3 bucket. By default, only the account that uploads the objects to the bucket has access to these * objects. This property allows you to give the bucket owner access to these objects. Valid values are `NONE`, * `READ_ONLY`, and `FULL`. your CodeBuild service role must have the `s3:PutBucketAcl` permission. This permission * allows CodeBuild to modify the access control list for the bucket. */ bucketOwnerAccess?: pulumi.Input; /** * Whether to disable encrypting output artifacts. If `type` is set to `NO_ARTIFACTS`, * this value is ignored. Defaults to `false`. */ encryptionDisabled?: pulumi.Input; /** * Information about the build output artifact location. If `type` is set to `CODEPIPELINE` or * `NO_ARTIFACTS`, this value is ignored. If `type` is set to `S3`, this is the name of the output bucket. */ location?: pulumi.Input; /** * Name of the project. If `type` is set to `S3`, this is the name of the output artifact object */ name?: pulumi.Input; /** * Namespace to use in storing build artifacts. If `type` is set to `S3`, then valid values * are `BUILD_ID`, `NONE`. */ namespaceType?: pulumi.Input; /** * Whether a name specified in the build specification overrides the artifact name. */ overrideArtifactName?: pulumi.Input; /** * Type of build output artifact to create. If `type` is set to `S3`, valid values are `NONE`, * `ZIP` */ packaging?: pulumi.Input; /** * If `type` is set to `S3`, this is the path to the output artifact. */ path?: pulumi.Input; /** * Build output artifact's type. Valid values: `CODEPIPELINE`, `NO_ARTIFACTS`, `S3`. */ type: pulumi.Input; } export interface ProjectBuildBatchConfig { /** * Specifies if the build artifacts for the batch build should be combined into a single * artifact location. */ combineArtifacts?: pulumi.Input; /** * Configuration block specifying the restrictions for the batch build. Detailed below. */ restrictions?: pulumi.Input; /** * Specifies the service role ARN for the batch build project. */ serviceRole: pulumi.Input; /** * Specifies the maximum amount of time, in minutes, that the batch build must be * completed in. */ timeoutInMins?: pulumi.Input; } export interface ProjectBuildBatchConfigRestrictions { /** * An array of strings that specify the compute types that are allowed for the batch * build. * See [Build environment compute types](https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-compute-types.html) * in the AWS CodeBuild User Guide for these values. */ computeTypesAlloweds?: pulumi.Input[]>; /** * Specifies the maximum number of builds allowed. */ maximumBuildsAllowed?: pulumi.Input; } export interface ProjectCache { /** * Namespace that determines the scope in which a cache is shared across multiple projects. */ cacheNamespace?: pulumi.Input; /** * Location where the AWS CodeBuild project stores cached resources. For * type `S3`, the value must be a valid S3 bucket name/prefix. */ location?: pulumi.Input; /** * Specifies settings that AWS CodeBuild uses to store and reuse build * dependencies. Valid values: `LOCAL_SOURCE_CACHE`, `LOCAL_DOCKER_LAYER_CACHE`, `LOCAL_CUSTOM_CACHE`. */ modes?: pulumi.Input[]>; /** * Type of storage that will be used for the AWS CodeBuild project cache. Valid values: `NO_CACHE`, * `LOCAL`, `S3`. Defaults to `NO_CACHE`. */ type?: pulumi.Input; } export interface ProjectEnvironment { /** * ARN of the S3 bucket, path prefix and object key that contains the PEM-encoded certificate. */ certificate?: pulumi.Input; /** * Information about the compute resources the build project will use. Valid values: * `BUILD_GENERAL1_SMALL`, `BUILD_GENERAL1_MEDIUM`, `BUILD_GENERAL1_LARGE`, `BUILD_GENERAL1_XLARGE`, `BUILD_GENERAL1_2XLARGE`, `BUILD_LAMBDA_1GB`, * `BUILD_LAMBDA_2GB`, `BUILD_LAMBDA_4GB`, `BUILD_LAMBDA_8GB`, `BUILD_LAMBDA_10GB`. For additional information, see * the [CodeBuild User Guide](https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-compute-types.html). */ computeType: pulumi.Input; /** * Configuration block. Detailed below. */ dockerServer?: pulumi.Input; /** * Configuration block. Detailed below. */ environmentVariables?: pulumi.Input[]>; /** * Configuration block. Detailed below. */ fleet?: pulumi.Input; /** * Docker image to use for this build project. Valid values * include [Docker images provided by CodeBuild](https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-available.html) ( * e.g `aws/codebuild/amazonlinux2-x86_64-standard:4.0`), [Docker Hub images](https://hub.docker.com/) (e.g., * `pulumi/pulumi:latest`), and full Docker repository URIs such as those for ECR (e.g., * `137112412989.dkr.ecr.us-west-2.amazonaws.com/amazonlinux:latest`). */ image: pulumi.Input; /** * Type of credentials AWS CodeBuild uses to pull images in your build. Valid * values: `CODEBUILD`, `SERVICE_ROLE`. When you use a cross-account or private registry image, you must use SERVICE_ROLE * credentials. When you use an AWS CodeBuild curated image, you must use CodeBuild credentials. Defaults to `CODEBUILD`. */ imagePullCredentialsType?: pulumi.Input; /** * Whether to enable running the Docker daemon inside a Docker container. Defaults to * `false`. */ privilegedMode?: pulumi.Input; /** * Configuration block. Detailed below. */ registryCredential?: pulumi.Input; /** * Type of build environment to use for related builds. Valid values: `WINDOWS_CONTAINER` (deprecated), `LINUX_CONTAINER`, * `LINUX_GPU_CONTAINER`, `ARM_CONTAINER`, `WINDOWS_SERVER_2019_CONTAINER`, `WINDOWS_SERVER_2022_CONTAINER`, * `LINUX_LAMBDA_CONTAINER`, `ARM_LAMBDA_CONTAINER`, `LINUX_EC2`, `ARM_EC2`, `WINDOWS_EC2`, `MAC_ARM`. For additional information, see * the [CodeBuild User Guide](https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-compute-types.html). */ type: pulumi.Input; } export interface ProjectEnvironmentDockerServer { /** * Compute type for the Docker server. Valid values: `BUILD_GENERAL1_SMALL`, `BUILD_GENERAL1_MEDIUM`, `BUILD_GENERAL1_LARGE`, `BUILD_GENERAL1_XLARGE`, and `BUILD_GENERAL1_2XLARGE`. */ computeType: pulumi.Input; /** * List of security group IDs to assign to the Docker server. */ securityGroupIds?: pulumi.Input[]>; } export interface ProjectEnvironmentEnvironmentVariable { /** * Environment variable's name or key. */ name: pulumi.Input; /** * Type of environment variable. Valid values: `PARAMETER_STORE`, `PLAINTEXT`, `SECRETS_MANAGER`. */ type?: pulumi.Input; /** * Environment variable's value. */ value: pulumi.Input; } export interface ProjectEnvironmentFleet { /** * Compute fleet ARN for the build project. */ fleetArn?: pulumi.Input; } export interface ProjectEnvironmentRegistryCredential { /** * ARN or name of credentials created using AWS Secrets Manager. */ credential: pulumi.Input; /** * Service that created the credentials to access a private Docker registry. Valid * value: `SECRETS_MANAGER` (AWS Secrets Manager). */ credentialProvider: pulumi.Input; } export interface ProjectFileSystemLocation { /** * The name used to access a file system created by Amazon EFS. CodeBuild creates an * environment variable by appending the identifier in all capital letters to CODEBUILD\_. For example, if you specify * my-efs for identifier, a new environment variable is create named CODEBUILD_MY-EFS. */ identifier?: pulumi.Input; /** * A string that specifies the location of the file system created by Amazon EFS. Its format is * `efs-dns-name:/directory-path`. */ location?: pulumi.Input; /** * The mount options for a file system created by AWS EFS. */ mountOptions?: pulumi.Input; /** * The location in the container where you mount the file system. */ mountPoint?: pulumi.Input; /** * The type of the file system. The one supported type is `EFS`. */ type?: pulumi.Input; } export interface ProjectLogsConfig { /** * Configuration block. Detailed below. */ cloudwatchLogs?: pulumi.Input; /** * Configuration block. Detailed below. */ s3Logs?: pulumi.Input; } export interface ProjectLogsConfigCloudwatchLogs { /** * Group name of the logs in CloudWatch Logs. */ groupName?: pulumi.Input; /** * Current status of logs in CloudWatch Logs for a build project. Valid values: `ENABLED`, * `DISABLED`. Defaults to `ENABLED`. */ status?: pulumi.Input; /** * Prefix of the log stream name of the logs in CloudWatch Logs. */ streamName?: pulumi.Input; } export interface ProjectLogsConfigS3Logs { /** * Specifies the bucket owner's access for objects that another account uploads to * their Amazon S3 bucket. By default, only the account that uploads the objects to the bucket has access to these * objects. This property allows you to give the bucket owner access to these objects. Valid values are `NONE`, * `READ_ONLY`, and `FULL`. your CodeBuild service role must have the `s3:PutBucketAcl` permission. This permission * allows CodeBuild to modify the access control list for the bucket. */ bucketOwnerAccess?: pulumi.Input; /** * Whether to disable encrypting S3 logs. Defaults to `false`. */ encryptionDisabled?: pulumi.Input; /** * Name of the S3 bucket and the path prefix for S3 logs. Must be set if status is `ENABLED`, * otherwise it must be empty. */ location?: pulumi.Input; /** * Current status of logs in S3 for a build project. Valid values: `ENABLED`, `DISABLED`. Defaults * to `DISABLED`. */ status?: pulumi.Input; } export interface ProjectSecondaryArtifact { /** * Artifact identifier. Must be the same specified inside the AWS CodeBuild build * specification. */ artifactIdentifier: pulumi.Input; /** * Specifies the bucket owner's access for objects that another account uploads to * their Amazon S3 bucket. By default, only the account that uploads the objects to the bucket has access to these * objects. This property allows you to give the bucket owner access to these objects. Valid values are `NONE`, * `READ_ONLY`, and `FULL`. The CodeBuild service role must have the `s3:PutBucketAcl` permission. This permission allows * CodeBuild to modify the access control list for the bucket. */ bucketOwnerAccess?: pulumi.Input; /** * Whether to disable encrypting output artifacts. If `type` is set to `NO_ARTIFACTS`, * this value is ignored. Defaults to `false`. */ encryptionDisabled?: pulumi.Input; /** * Information about the build output artifact location. If `type` is set to `CODEPIPELINE` or * `NO_ARTIFACTS`, this value is ignored if specified. If `type` is set to `S3`, this is the name of the output bucket. * If `path` is not specified, `location` can specify the path of the output artifact in the output bucket. */ location?: pulumi.Input; /** * Name of the project. If `type` is set to `CODEPIPELINE` or `NO_ARTIFACTS`, this value is ignored * if specified. If `type` is set to `S3`, this is the name of the output artifact object. */ name?: pulumi.Input; /** * Namespace to use in storing build artifacts. If `type` is set to `CODEPIPELINE` or * `NO_ARTIFACTS`, this value is ignored if specified. If `type` is set to `S3`, valid values are `BUILD_ID` or `NONE`. */ namespaceType?: pulumi.Input; /** * Whether a name specified in the build specification overrides the artifact name. */ overrideArtifactName?: pulumi.Input; /** * Type of build output artifact to create. If `type` is set to `CODEPIPELINE` or * `NO_ARTIFACTS`, this value is ignored if specified. If `type` is set to `S3`, valid values are `NONE` or `ZIP`. */ packaging?: pulumi.Input; /** * Along with `namespaceType` and `name`, the pattern that AWS CodeBuild uses to name and store the * output artifact. If `type` is set to `CODEPIPELINE` or `NO_ARTIFACTS`, this value is ignored if specified. If `type` * is set to `S3`, this is the path to the output artifact. */ path?: pulumi.Input; /** * Build output artifact's type. Valid values `CODEPIPELINE`, `NO_ARTIFACTS`, and `S3`. */ type: pulumi.Input; } export interface ProjectSecondarySource { /** * Information about the strategy CodeBuild should use when authenticating with the source code host. * Detailed below. */ auth?: pulumi.Input; /** * Configuration block that contains information that defines how the build project * reports the build status to the source provider. This option is only used when the source provider is GitHub, GitHub * Enterprise, GitLab, GitLab Self Managed, or Bitbucket. `buildStatusConfig` blocks are documented below. */ buildStatusConfig?: pulumi.Input; /** * The build spec declaration to use for this build project's related builds. This must be set * when `type` is `NO_SOURCE`. It can either be a path to a file residing in the repository to be built or a local file * path leveraging the `file()` built-in. */ buildspec?: pulumi.Input; /** * Truncate git history to this many commits. Use `0` for a `Full` checkout which you need * to run commands like `git branch --show-current`. * See [AWS CodePipeline User Guide: Tutorial: Use full clone with a GitHub pipeline source](https://docs.aws.amazon.com/codepipeline/latest/userguide/tutorials-github-gitclone.html) * for details. */ gitCloneDepth?: pulumi.Input; /** * Configuration block. Detailed below. */ gitSubmodulesConfig?: pulumi.Input; /** * Ignore SSL warnings when connecting to source control. */ insecureSsl?: pulumi.Input; /** * Location of the source code from git or s3. */ location?: pulumi.Input; /** * Whether to report the status of a build's start and finish to your source provider. * This option is valid only when your source provider is GitHub, GitHub Enterprise, GitLab, GitLab Self Managed, or * Bitbucket. */ reportBuildStatus?: pulumi.Input; /** * An identifier for this project source. The identifier can only contain alphanumeric * characters and underscores, and must be less than 128 characters in length. */ sourceIdentifier: pulumi.Input; /** * Type of repository that contains the source code to be built. Valid values: `BITBUCKET`, * `CODECOMMIT`, `CODEPIPELINE`, `GITHUB`, `GITHUB_ENTERPRISE`, `GITLAB`, `GITLAB_SELF_MANAGED`, `NO_SOURCE`, `S3`. */ type: pulumi.Input; } export interface ProjectSecondarySourceAuth { /** * The ARN of the resource to use for authentication. For type `CODECONNECTIONS` this should be * an AWS CodeStar Connection. For type `SECRETS_MANAGER` this should be an AWS Secrets Manager secret. */ resource: pulumi.Input; /** * The type of authentication AWS CodeBuild should perform. Valid values are `CODECONNECTIONS` and * `SECRETS_MANAGER`. */ type: pulumi.Input; } export interface ProjectSecondarySourceBuildStatusConfig { /** * Specifies the context of the build status CodeBuild sends to the source provider. The usage of * this parameter depends on the source provider. */ context?: pulumi.Input; /** * Specifies the target url of the build status CodeBuild sends to the source provider. The * usage of this parameter depends on the source provider. */ targetUrl?: pulumi.Input; } export interface ProjectSecondarySourceGitSubmodulesConfig { /** * Whether to fetch Git submodules for the AWS CodeBuild build project. */ fetchSubmodules: pulumi.Input; } export interface ProjectSecondarySourceVersion { /** * An identifier for a source in the build project. */ sourceIdentifier: pulumi.Input; /** * The source version for the corresponding source identifier. * See [AWS docs](https://docs.aws.amazon.com/codebuild/latest/APIReference/API_ProjectSourceVersion.html#CodeBuild-Type-ProjectSourceVersion-sourceVersion) * for more details. */ sourceVersion: pulumi.Input; } export interface ProjectSource { /** * Information about the strategy CodeBuild should use when authenticating with the source code host. * Detailed below. */ auth?: pulumi.Input; /** * Configuration block that contains information that defines how the build project * reports the build status to the source provider. This option is only used when the source provider is GitHub, GitHub * Enterprise, GitLab, GitLab Self Managed, or Bitbucket. `buildStatusConfig` blocks are documented below. */ buildStatusConfig?: pulumi.Input; /** * Build specification to use for this build project's related builds. This must be set when * `type` is `NO_SOURCE`. Also, if a non-default buildspec file name or file path aside from the root is used, it must be * specified. */ buildspec?: pulumi.Input; /** * Truncate git history to this many commits. Use `0` for a `Full` checkout which you need * to run commands like `git branch --show-current`. * See [AWS CodePipeline User Guide: Tutorial: Use full clone with a GitHub pipeline source](https://docs.aws.amazon.com/codepipeline/latest/userguide/tutorials-github-gitclone.html) * for details. */ gitCloneDepth?: pulumi.Input; /** * Configuration block. Detailed below. */ gitSubmodulesConfig?: pulumi.Input; /** * Ignore SSL warnings when connecting to source control. */ insecureSsl?: pulumi.Input; /** * Location of the source code from git or s3. */ location?: pulumi.Input; /** * Whether to report the status of a build's start and finish to your source provider. * This option is valid only when your source provider is GitHub, GitHub Enterprise, GitLab, GitLab Self Managed, or * Bitbucket. */ reportBuildStatus?: pulumi.Input; /** * Type of repository that contains the source code to be built. Valid values: `BITBUCKET`, * `CODECOMMIT`, `CODEPIPELINE`, `GITHUB`, `GITHUB_ENTERPRISE`, `GITLAB`, `GITLAB_SELF_MANAGED`, `NO_SOURCE`, `S3`. */ type: pulumi.Input; } export interface ProjectSourceAuth { /** * The ARN of the resource to use for authentication. For type `CODECONNECTIONS` this should be * an AWS CodeStar Connection. For type `SECRETS_MANAGER` this should be an AWS Secrets Manager secret. */ resource: pulumi.Input; /** * The type of authentication AWS CodeBuild should perform. Valid values are `CODECONNECTIONS` and * `SECRETS_MANAGER`. */ type: pulumi.Input; } export interface ProjectSourceBuildStatusConfig { /** * Specifies the context of the build status CodeBuild sends to the source provider. The usage of * this parameter depends on the source provider. */ context?: pulumi.Input; /** * Specifies the target url of the build status CodeBuild sends to the source provider. The * usage of this parameter depends on the source provider. */ targetUrl?: pulumi.Input; } export interface ProjectSourceGitSubmodulesConfig { /** * Whether to fetch Git submodules for the AWS CodeBuild build project. */ fetchSubmodules: pulumi.Input; } export interface ProjectVpcConfig { /** * Security group IDs to assign to running builds. */ securityGroupIds: pulumi.Input[]>; /** * Subnet IDs within which to run builds. */ subnets: pulumi.Input[]>; /** * ID of the VPC within which to run builds. */ vpcId: pulumi.Input; } export interface ReportGroupExportConfig { /** * contains information about the S3 bucket where the run of a report is exported. see S3 Destination documented below. */ s3Destination?: pulumi.Input; /** * The export configuration type. Valid values are `S3` and `NO_EXPORT`. */ type: pulumi.Input; } export interface ReportGroupExportConfigS3Destination { /** * The name of the S3 bucket where the raw data of a report are exported. */ bucket: pulumi.Input; /** * A boolean value that specifies if the results of a report are encrypted. * **Note: the API does not currently allow setting encryption as disabled** */ encryptionDisabled?: pulumi.Input; /** * The encryption key for the report's encrypted raw data. The KMS key ARN. */ encryptionKey: pulumi.Input; /** * The type of build output artifact to create. Valid values are: `NONE` (default) and `ZIP`. */ packaging?: pulumi.Input; /** * The path to the exported report's raw data results. */ path?: pulumi.Input; } export interface WebhookFilterGroup { /** * A webhook filter for the group. See filter for details. */ filters?: pulumi.Input[]>; } export interface WebhookFilterGroupFilter { /** * If set to `true`, the specified filter does *not* trigger a build. Defaults to `false`. */ excludeMatchedPattern?: pulumi.Input; /** * For a filter that uses `EVENT` type, a comma-separated string that specifies one event: `PUSH`, `PULL_REQUEST_CREATED`, `PULL_REQUEST_UPDATED`, `PULL_REQUEST_REOPENED`. `PULL_REQUEST_MERGED`, `WORKFLOW_JOB_QUEUED` works with GitHub & GitHub Enterprise only. For a filter that uses any of the other filter types, a regular expression. */ pattern: pulumi.Input; /** * The webhook filter group's type. Valid values for this parameter are: `EVENT`, `BASE_REF`, `HEAD_REF`, `ACTOR_ACCOUNT_ID`, `FILE_PATH`, `COMMIT_MESSAGE`, `WORKFLOW_NAME`, `TAG_NAME`, `RELEASE_NAME`. At least one filter group must specify `EVENT` as its type. */ type: pulumi.Input; } export interface WebhookPullRequestBuildPolicy { /** * List of repository roles that have approval privileges for pull request builds when comment approval is required. This argument must be specified only when `requiresCommentApproval` is not `DISABLED`. See the [AWS documentation](https://docs.aws.amazon.com/codebuild/latest/userguide/pull-request-build-policy.html#pull-request-build-policy.configuration) for valid values and defaults. */ approverRoles?: pulumi.Input[]>; /** * Specifies when comment-based approval is required before triggering a build on pull requests. Valid values are: `DISABLED`, `ALL_PULL_REQUESTS`, and `FORK_PULL_REQUESTS`. */ requiresCommentApproval: pulumi.Input; } export interface WebhookScopeConfiguration { /** * The domain of the GitHub Enterprise organization. Required if your project's source type is GITHUB_ENTERPRISE. */ domain?: pulumi.Input; /** * The name of either the enterprise or organization. */ name: pulumi.Input; /** * The type of scope for a GitHub webhook. Valid values for this parameter are: `GITHUB_ORGANIZATION`, `GITHUB_GLOBAL`. */ scope: pulumi.Input; } } export namespace codecatalyst { export interface DevEnvironmentIdes { /** * The name of the IDE. Valid values include Cloud9, IntelliJ, PyCharm, GoLand, and VSCode. */ name?: pulumi.Input; /** * A link to the IDE runtime image. This parameter is not required if the name is VSCode. Values of the runtime can be for example public.ecr.aws/jetbrains/py,public.ecr.aws/jetbrains/go */ runtime?: pulumi.Input; } export interface DevEnvironmentPersistentStorage { /** * The size of the persistent storage in gigabytes (specifically GiB). Valid values for storage are based on memory sizes in 16GB increments. Valid values are 16, 32, and 64. */ size: pulumi.Input; } export interface DevEnvironmentRepository { /** * The name of the branch in a source repository. * * persistent storage (` persistentStorage`) supports the following: */ branchName?: pulumi.Input; /** * The name of the source repository. */ repositoryName: pulumi.Input; } export interface GetDevEnvironmentRepository { branchName?: string; repositoryName?: string; } export interface GetDevEnvironmentRepositoryArgs { branchName?: pulumi.Input; repositoryName?: pulumi.Input; } } export namespace codecommit { export interface TriggerTrigger { /** * The branches that will be included in the trigger configuration. If no branches are specified, the trigger will apply to all branches. */ branches?: pulumi.Input[]>; /** * Any custom data associated with the trigger that will be included in the information sent to the target of the trigger. */ customData?: pulumi.Input; /** * The ARN of the resource that is the target for a trigger. For example, the ARN of a topic in Amazon Simple Notification Service (SNS). */ destinationArn: pulumi.Input; /** * The repository events that will cause the trigger to run actions in another service, such as sending a notification through Amazon Simple Notification Service (SNS). If no events are specified, the trigger will run for all repository events. Event types include: `all`, `updateReference`, `createReference`, `deleteReference`. */ events: pulumi.Input[]>; /** * The name of the trigger. */ name: pulumi.Input; } } export namespace codeconnections { export interface ConnectionTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface HostTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface HostVpcConfiguration { /** * ID of the security group or security groups associated with the Amazon VPC connected to the infrastructure where your provider type is installed. */ securityGroupIds: pulumi.Input[]>; /** * The ID of the subnet or subnets associated with the Amazon VPC connected to the infrastructure where your provider type is installed. */ subnetIds: pulumi.Input[]>; /** * The value of the Transport Layer Security (TLS) certificate associated with the infrastructure where your provider type is installed. */ tlsCertificate?: pulumi.Input; /** * The ID of the Amazon VPC connected to the infrastructure where your provider type is installed. */ vpcId: pulumi.Input; } } export namespace codedeploy { export interface DeploymentConfigMinimumHealthyHosts { /** * The type can either be `FLEET_PERCENT` or `HOST_COUNT`. */ type?: pulumi.Input; /** * The value when the type is `FLEET_PERCENT` represents the minimum number of healthy instances as * a percentage of the total number of instances in the deployment. If you specify FLEET_PERCENT, at the start of the * deployment, AWS CodeDeploy converts the percentage to the equivalent number of instance and rounds up fractional instances. * When the type is `HOST_COUNT`, the value represents the minimum number of healthy instances as an absolute value. */ value?: pulumi.Input; } export interface DeploymentConfigTrafficRoutingConfig { /** * The time based canary configuration information. If `type` is `TimeBasedLinear`, use `timeBasedLinear` instead. */ timeBasedCanary?: pulumi.Input; /** * The time based linear configuration information. If `type` is `TimeBasedCanary`, use `timeBasedCanary` instead. */ timeBasedLinear?: pulumi.Input; /** * Type of traffic routing config. One of `TimeBasedCanary`, `TimeBasedLinear`, `AllAtOnce`. */ type?: pulumi.Input; } export interface DeploymentConfigTrafficRoutingConfigTimeBasedCanary { /** * The number of minutes between the first and second traffic shifts of a `TimeBasedCanary` deployment. */ interval?: pulumi.Input; /** * The percentage of traffic to shift in the first increment of a `TimeBasedCanary` deployment. */ percentage?: pulumi.Input; } export interface DeploymentConfigTrafficRoutingConfigTimeBasedLinear { /** * The number of minutes between each incremental traffic shift of a `TimeBasedLinear` deployment. */ interval?: pulumi.Input; /** * The percentage of traffic that is shifted at the start of each increment of a `TimeBasedLinear` deployment. */ percentage?: pulumi.Input; } export interface DeploymentConfigZonalConfig { /** * The period of time, in seconds, that CodeDeploy must wait after completing a deployment to the first Availability Zone. CodeDeploy will wait this amount of time before starting a deployment to the second Availability Zone. If you don't specify a value for `firstZoneMonitorDurationInSeconds`, then CodeDeploy uses the `monitorDurationInSeconds` value for the first Availability Zone. */ firstZoneMonitorDurationInSeconds?: pulumi.Input; /** * The number or percentage of instances that must remain available per Availability Zone during a deployment. If you don't specify a value under `minimumHealthyHostsPerZone`, then CodeDeploy uses a default value of 0 percent. This block is more documented below. */ minimumHealthyHostsPerZone?: pulumi.Input; /** * The period of time, in seconds, that CodeDeploy must wait after completing a deployment to an Availability Zone. CodeDeploy will wait this amount of time before starting a deployment to the next Availability Zone. If you don't specify a `monitorDurationInSeconds`, CodeDeploy starts deploying to the next Availability Zone immediately. */ monitorDurationInSeconds?: pulumi.Input; } export interface DeploymentConfigZonalConfigMinimumHealthyHostsPerZone { /** * The type can either be `FLEET_PERCENT` or `HOST_COUNT`. */ type?: pulumi.Input; /** * The value when the type is `FLEET_PERCENT` represents the minimum number of healthy instances as a percentage of the total number of instances in the Availability Zone during a deployment. If you specify FLEET_PERCENT, at the start of the deployment, AWS CodeDeploy converts the percentage to the equivalent number of instance and rounds up fractional instances. When the type is `HOST_COUNT`, the value represents the minimum number of healthy instances in the Availability Zone as an absolute value. */ value?: pulumi.Input; } export interface DeploymentGroupAlarmConfiguration { /** * A list of alarms configured for the deployment group. */ alarms?: pulumi.Input[]>; /** * Indicates whether the alarm configuration is enabled. This option is useful when you want to temporarily deactivate alarm monitoring for a deployment group without having to add the same alarms again later. */ enabled?: pulumi.Input; /** * Indicates whether a deployment should continue if information about the current state of alarms cannot be retrieved from CloudWatch. The default value is `false`. */ ignorePollAlarmFailure?: pulumi.Input; } export interface DeploymentGroupAutoRollbackConfiguration { /** * Indicates whether a defined automatic rollback configuration is currently enabled for this Deployment Group. If you enable automatic rollback, you must specify at least one event type. */ enabled?: pulumi.Input; /** * The event type or types that trigger a rollback. Supported types are `DEPLOYMENT_FAILURE`, `DEPLOYMENT_STOP_ON_ALARM` and `DEPLOYMENT_STOP_ON_REQUEST`. * * _Only one `autoRollbackConfiguration` is allowed_. */ events?: pulumi.Input[]>; } export interface DeploymentGroupBlueGreenDeploymentConfig { /** * Information about the action to take when newly provisioned instances are ready to receive traffic in a blue/green deployment (documented below). */ deploymentReadyOption?: pulumi.Input; /** * Information about how instances are provisioned for a replacement environment in a blue/green deployment (documented below). */ greenFleetProvisioningOption?: pulumi.Input; /** * Information about whether to terminate instances in the original fleet during a blue/green deployment (documented below). * * _Only one `blueGreenDeploymentConfig` is allowed_. */ terminateBlueInstancesOnDeploymentSuccess?: pulumi.Input; } export interface DeploymentGroupBlueGreenDeploymentConfigDeploymentReadyOption { /** * When to reroute traffic from an original environment to a replacement environment in a blue/green deployment. * * `CONTINUE_DEPLOYMENT`: Register new instances with the load balancer immediately after the new application revision is installed on the instances in the replacement environment. * * `STOP_DEPLOYMENT`: Do not register new instances with load balancer unless traffic is rerouted manually. If traffic is not rerouted manually before the end of the specified wait period, the deployment status is changed to Stopped. */ actionOnTimeout?: pulumi.Input; /** * The number of minutes to wait before the status of a blue/green deployment changed to Stopped if rerouting is not started manually. Applies only to the `STOP_DEPLOYMENT` option for `actionOnTimeout`. */ waitTimeInMinutes?: pulumi.Input; } export interface DeploymentGroupBlueGreenDeploymentConfigGreenFleetProvisioningOption { /** * The method used to add instances to a replacement environment. * * `DISCOVER_EXISTING`: Use instances that already exist or will be created manually. * * `COPY_AUTO_SCALING_GROUP`: Use settings from a specified **Auto Scaling** group to define and create instances in a new Auto Scaling group. _Exactly one Auto Scaling group must be specified_ when selecting `COPY_AUTO_SCALING_GROUP`. Use `autoscalingGroups` to specify the Auto Scaling group. */ action?: pulumi.Input; } export interface DeploymentGroupBlueGreenDeploymentConfigTerminateBlueInstancesOnDeploymentSuccess { /** * The action to take on instances in the original environment after a successful blue/green deployment. * * `TERMINATE`: Instances are terminated after a specified wait time. * * `KEEP_ALIVE`: Instances are left running after they are deregistered from the load balancer and removed from the deployment group. */ action?: pulumi.Input; /** * The number of minutes to wait after a successful blue/green deployment before terminating instances from the original environment. */ terminationWaitTimeInMinutes?: pulumi.Input; } export interface DeploymentGroupDeploymentStyle { /** * Indicates whether to route deployment traffic behind a load balancer. Valid Values are `WITH_TRAFFIC_CONTROL` or `WITHOUT_TRAFFIC_CONTROL`. Default is `WITHOUT_TRAFFIC_CONTROL`. */ deploymentOption?: pulumi.Input; /** * Indicates whether to run an in-place deployment or a blue/green deployment. Valid Values are `IN_PLACE` or `BLUE_GREEN`. Default is `IN_PLACE`. * * _Only one `deploymentStyle` is allowed_. */ deploymentType?: pulumi.Input; } export interface DeploymentGroupEc2TagFilter { /** * The key of the tag filter. */ key?: pulumi.Input; /** * The type of the tag filter, either `KEY_ONLY`, `VALUE_ONLY`, or `KEY_AND_VALUE`. */ type?: pulumi.Input; /** * The value of the tag filter. * * Multiple occurrences of `ec2TagFilter` are allowed, where any instance that matches to at least one of the tag filters is selected. */ value?: pulumi.Input; } export interface DeploymentGroupEc2TagSet { /** * Tag filters associated with the deployment group. See the AWS docs for details. */ ec2TagFilters?: pulumi.Input[]>; } export interface DeploymentGroupEc2TagSetEc2TagFilter { /** * The key of the tag filter. */ key?: pulumi.Input; /** * The type of the tag filter, either `KEY_ONLY`, `VALUE_ONLY`, or `KEY_AND_VALUE`. */ type?: pulumi.Input; /** * The value of the tag filter. * * Multiple occurrences of `ec2TagFilter` are allowed, where any instance that matches to at least one of the tag filters is selected. */ value?: pulumi.Input; } export interface DeploymentGroupEcsService { /** * The name of the ECS cluster. */ clusterName: pulumi.Input; /** * The name of the ECS service. */ serviceName: pulumi.Input; } export interface DeploymentGroupLoadBalancerInfo { /** * The Classic Elastic Load Balancer to use in a deployment. Conflicts with `targetGroupInfo` and `targetGroupPairInfo`. */ elbInfos?: pulumi.Input[]>; /** * The (Application/Network Load Balancer) target group to use in a deployment. Conflicts with `elbInfo` and `targetGroupPairInfo`. */ targetGroupInfos?: pulumi.Input[]>; /** * The (Application/Network Load Balancer) target group pair to use in a deployment. Conflicts with `elbInfo` and `targetGroupInfo`. */ targetGroupPairInfo?: pulumi.Input; } export interface DeploymentGroupLoadBalancerInfoElbInfo { /** * The name of the load balancer that will be used to route traffic from original instances to replacement instances in a blue/green deployment. For in-place deployments, the name of the load balancer that instances are deregistered from so they are not serving traffic during a deployment, and then re-registered with after the deployment completes. */ name?: pulumi.Input; } export interface DeploymentGroupLoadBalancerInfoTargetGroupInfo { /** * The name of the target group that instances in the original environment are deregistered from, and instances in the replacement environment registered with. For in-place deployments, the name of the target group that instances are deregistered from, so they are not serving traffic during a deployment, and then re-registered with after the deployment completes. */ name?: pulumi.Input; } export interface DeploymentGroupLoadBalancerInfoTargetGroupPairInfo { /** * Configuration block for the production traffic route (documented below). */ prodTrafficRoute: pulumi.Input; /** * Configuration blocks for a target group within a target group pair (documented below). */ targetGroups: pulumi.Input[]>; /** * Configuration block for the test traffic route (documented below). */ testTrafficRoute?: pulumi.Input; } export interface DeploymentGroupLoadBalancerInfoTargetGroupPairInfoProdTrafficRoute { /** * List of Amazon Resource Names (ARNs) of the load balancer listeners. Must contain exactly one listener ARN. */ listenerArns: pulumi.Input[]>; } export interface DeploymentGroupLoadBalancerInfoTargetGroupPairInfoTargetGroup { /** * Name of the target group. */ name: pulumi.Input; } export interface DeploymentGroupLoadBalancerInfoTargetGroupPairInfoTestTrafficRoute { /** * List of Amazon Resource Names (ARNs) of the load balancer listeners. */ listenerArns: pulumi.Input[]>; } export interface DeploymentGroupOnPremisesInstanceTagFilter { /** * The key of the tag filter. */ key?: pulumi.Input; /** * The type of the tag filter, either `KEY_ONLY`, `VALUE_ONLY`, or `KEY_AND_VALUE`. */ type?: pulumi.Input; /** * The value of the tag filter. */ value?: pulumi.Input; } export interface DeploymentGroupTriggerConfiguration { /** * The event type or types for which notifications are triggered. Some values that are supported: `DeploymentStart`, `DeploymentSuccess`, `DeploymentFailure`, `DeploymentStop`, `DeploymentRollback`, `InstanceStart`, `InstanceSuccess`, `InstanceFailure`. See [the CodeDeploy documentation](http://docs.aws.amazon.com/codedeploy/latest/userguide/monitoring-sns-event-notifications-create-trigger.html) for all possible values. */ triggerEvents: pulumi.Input[]>; /** * The name of the notification trigger. */ triggerName: pulumi.Input; /** * The ARN of the SNS topic through which notifications are sent. */ triggerTargetArn: pulumi.Input; } } export namespace codeguruprofiler { export interface ProfilingGroupAgentOrchestrationConfig { /** * (Required) Boolean that specifies whether the profiling agent collects profiling data or */ profilingEnabled: pulumi.Input; } } export namespace codegurureviewer { export interface RepositoryAssociationKmsKeyDetails { /** * The encryption option for a repository association. It is either owned by AWS Key Management Service (KMS) (`AWS_OWNED_CMK`) or customer managed (`CUSTOMER_MANAGED_CMK`). */ encryptionOption?: pulumi.Input; /** * The ID of the AWS KMS key that is associated with a repository association. */ kmsKeyId?: pulumi.Input; } export interface RepositoryAssociationRepository { bitbucket?: pulumi.Input; codecommit?: pulumi.Input; githubEnterpriseServer?: pulumi.Input; s3Bucket?: pulumi.Input; } export interface RepositoryAssociationRepositoryBitbucket { /** * The Amazon Resource Name (ARN) of an AWS CodeStar Connections connection. */ connectionArn: pulumi.Input; /** * The name of the third party source repository. */ name: pulumi.Input; /** * The username for the account that owns the repository. */ owner: pulumi.Input; } export interface RepositoryAssociationRepositoryCodecommit { /** * The name of the AWS CodeCommit repository. */ name: pulumi.Input; } export interface RepositoryAssociationRepositoryGithubEnterpriseServer { /** * The Amazon Resource Name (ARN) of an AWS CodeStar Connections connection. */ connectionArn: pulumi.Input; /** * The name of the third party source repository. */ name: pulumi.Input; /** * The username for the account that owns the repository. */ owner: pulumi.Input; } export interface RepositoryAssociationRepositoryS3Bucket { /** * The name of the S3 bucket used for associating a new S3 repository. Note: The name must begin with `codeguru-reviewer-`. */ bucketName: pulumi.Input; /** * The name of the repository in the S3 bucket. */ name: pulumi.Input; } export interface RepositoryAssociationS3RepositoryDetail { /** * The name of the S3 bucket used for associating a new S3 repository. Note: The name must begin with `codeguru-reviewer-`. */ bucketName?: pulumi.Input; codeArtifacts?: pulumi.Input[]>; } export interface RepositoryAssociationS3RepositoryDetailCodeArtifact { buildArtifactsObjectKey?: pulumi.Input; sourceCodeArtifactsObjectKey?: pulumi.Input; } } export namespace codepipeline { export interface CustomActionTypeConfigurationProperty { /** * The description of the action configuration property. */ description?: pulumi.Input; /** * Whether the configuration property is a key. */ key: pulumi.Input; /** * The name of the action configuration property. */ name: pulumi.Input; /** * Indicates that the property will be used in conjunction with PollForJobs. */ queryable?: pulumi.Input; /** * Whether the configuration property is a required value. */ required: pulumi.Input; /** * Whether the configuration property is secret. */ secret: pulumi.Input; /** * The type of the configuration property. Valid values: `String`, `Number`, `Boolean` */ type?: pulumi.Input; } export interface CustomActionTypeInputArtifactDetails { /** * The maximum number of artifacts allowed for the action type. Min: 0, Max: 5 */ maximumCount: pulumi.Input; /** * The minimum number of artifacts allowed for the action type. Min: 0, Max: 5 */ minimumCount: pulumi.Input; } export interface CustomActionTypeOutputArtifactDetails { /** * The maximum number of artifacts allowed for the action type. Min: 0, Max: 5 */ maximumCount: pulumi.Input; /** * The minimum number of artifacts allowed for the action type. Min: 0, Max: 5 */ minimumCount: pulumi.Input; } export interface CustomActionTypeSettings { /** * The URL returned to the AWS CodePipeline console that provides a deep link to the resources of the external system. */ entityUrlTemplate?: pulumi.Input; /** * The URL returned to the AWS CodePipeline console that contains a link to the top-level landing page for the external system. */ executionUrlTemplate?: pulumi.Input; /** * The URL returned to the AWS CodePipeline console that contains a link to the page where customers can update or change the configuration of the external action. */ revisionUrlTemplate?: pulumi.Input; /** * The URL of a sign-up page where users can sign up for an external service and perform initial configuration of the action provided by that service. */ thirdPartyConfigurationUrl?: pulumi.Input; } export interface PipelineArtifactStore { /** * The encryption key block AWS CodePipeline uses to encrypt the data in the artifact store, such as an AWS Key Management Service (AWS KMS) key. If you don't specify a key, AWS CodePipeline uses the default key for Amazon Simple Storage Service (Amazon S3). An `encryptionKey` block is documented below. */ encryptionKey?: pulumi.Input; /** * The location where AWS CodePipeline stores artifacts for a pipeline; currently only `S3` is supported. */ location: pulumi.Input; /** * The region where the artifact store is located. Required for a cross-region CodePipeline, do not provide for a single-region CodePipeline. */ region?: pulumi.Input; /** * The type of the artifact store, such as Amazon S3 */ type: pulumi.Input; } export interface PipelineArtifactStoreEncryptionKey { /** * The KMS key ARN or ID */ id: pulumi.Input; /** * The type of key; currently only `KMS` is supported */ type: pulumi.Input; } export interface PipelineStage { /** * The action(s) to include in the stage. Defined as an `action` block below */ actions: pulumi.Input[]>; /** * The method to use when a stage allows entry. For example, configuring this field for conditions will allow entry to the stage when the conditions are met. */ beforeEntry?: pulumi.Input; /** * The name of the stage. */ name: pulumi.Input; /** * The method to use when a stage has not completed successfully. For example, configuring this field for rollback will roll back a failed stage automatically to the last successful pipeline execution in the stage. */ onFailure?: pulumi.Input; /** * The method to use when a stage has succeeded. For example, configuring this field for conditions will allow the stage to succeed when the conditions are met. */ onSuccess?: pulumi.Input; } export interface PipelineStageAction { /** * A category defines what kind of action can be taken in the stage, and constrains the provider type for the action. Possible values are `Approval`, `Build`, `Deploy`, `Invoke`, `Source` and `Test`. */ category: pulumi.Input; /** * A map of the action declaration's configuration. Configurations options for action types and providers can be found in the [Pipeline Structure Reference](http://docs.aws.amazon.com/codepipeline/latest/userguide/reference-pipeline-structure.html#action-requirements) and [Action Structure Reference](https://docs.aws.amazon.com/codepipeline/latest/userguide/action-reference.html) documentation. Note: The `DetectChanges` parameter (optional, default value is true) in the `configuration` section causes CodePipeline to automatically start your pipeline upon new commits. Please refer to AWS Documentation for more details: https://docs.aws.amazon.com/codepipeline/latest/userguide/action-reference-CodestarConnectionSource.html#action-reference-CodestarConnectionSource-config. */ configuration?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * A list of artifact names to be worked on. */ inputArtifacts?: pulumi.Input[]>; /** * The action declaration's name. */ name: pulumi.Input; /** * The namespace all output variables will be accessed from. */ namespace?: pulumi.Input; /** * A list of artifact names to output. Output artifact names must be unique within a pipeline. */ outputArtifacts?: pulumi.Input[]>; /** * The creator of the action being called. Possible values are `AWS`, `Custom` and `ThirdParty`. */ owner: pulumi.Input; /** * The provider of the service being called by the action. Valid providers are determined by the action category. Provider names are listed in the [Action Structure Reference](https://docs.aws.amazon.com/codepipeline/latest/userguide/action-reference.html) documentation. */ provider: pulumi.Input; /** * The region in which to run the action. */ region?: pulumi.Input; /** * The ARN of the IAM service role that will perform the declared action. This is assumed through the roleArn for the pipeline. */ roleArn?: pulumi.Input; /** * The order in which actions are run. */ runOrder?: pulumi.Input; /** * The action timeout for the rule. */ timeoutInMinutes?: pulumi.Input; /** * A string that identifies the action type. */ version: pulumi.Input; } export interface PipelineStageBeforeEntry { /** * The conditions that are configured as entry condition. Defined as a `condition` block below. */ condition: pulumi.Input; } export interface PipelineStageBeforeEntryCondition { /** * The action to be done when the condition is met. For example, rolling back an execution for a failure condition. Possible values are `ROLLBACK`, `FAIL`, `RETRY` and `SKIP`. */ result?: pulumi.Input; /** * The rules that make up the condition. Defined as a `rule` block below. */ rules: pulumi.Input[]>; } export interface PipelineStageBeforeEntryConditionRule { /** * The shell commands to run with your commands rule in CodePipeline. All commands are supported except multi-line formats. */ commands?: pulumi.Input[]>; /** * The action configuration fields for the rule. Configurations options for rule types and providers can be found in the [Rule structure reference](https://docs.aws.amazon.com/codepipeline/latest/userguide/rule-reference.html). */ configuration?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * The list of the input artifacts fields for the rule, such as specifying an input file for the rule. */ inputArtifacts?: pulumi.Input[]>; /** * The name of the rule that is created for the condition, such as `VariableCheck`. */ name: pulumi.Input; /** * The Region for the condition associated with the rule. */ region?: pulumi.Input; /** * The pipeline role ARN associated with the rule. */ roleArn?: pulumi.Input; /** * The ID for the rule type, which is made up of the combined values for `category`, `owner`, `provider`, and `version`. Defined as an `ruleTypeId` block below. */ ruleTypeId: pulumi.Input; /** * The action timeout for the rule. */ timeoutInMinutes?: pulumi.Input; } export interface PipelineStageBeforeEntryConditionRuleRuleTypeId { /** * A category defines what kind of rule can be run in the stage, and constrains the provider type for the rule. The valid category is `Rule`. */ category: pulumi.Input; /** * The creator of the rule being called. The valid value for the Owner field in the rule category is `AWS`. */ owner?: pulumi.Input; /** * The rule provider, such as the DeploymentWindow rule. For a list of rule provider names, see the rules listed in the [AWS CodePipeline rule reference](https://docs.aws.amazon.com/codepipeline/latest/userguide/rule-reference.html). */ provider: pulumi.Input; /** * A string that describes the rule version. */ version?: pulumi.Input; } export interface PipelineStageOnFailure { /** * The conditions that are failure conditions. Defined as a `condition` block below. */ condition?: pulumi.Input; /** * The conditions that are configured as failure conditions. Possible values are `ROLLBACK`, `FAIL`, `RETRY` and `SKIP`. */ result?: pulumi.Input; /** * The retry configuration specifies automatic retry for a failed stage, along with the configured retry mode. Defined as a `retryConfiguration` block below. */ retryConfiguration?: pulumi.Input; } export interface PipelineStageOnFailureCondition { /** * The action to be done when the condition is met. For example, rolling back an execution for a failure condition. Possible values are `ROLLBACK`, `FAIL`, `RETRY` and `SKIP`. */ result?: pulumi.Input; /** * The rules that make up the condition. Defined as a `rule` block below. */ rules: pulumi.Input[]>; } export interface PipelineStageOnFailureConditionRule { /** * The shell commands to run with your commands rule in CodePipeline. All commands are supported except multi-line formats. */ commands?: pulumi.Input[]>; /** * The action configuration fields for the rule. Configurations options for rule types and providers can be found in the [Rule structure reference](https://docs.aws.amazon.com/codepipeline/latest/userguide/rule-reference.html). */ configuration?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * The list of the input artifacts fields for the rule, such as specifying an input file for the rule. */ inputArtifacts?: pulumi.Input[]>; /** * The name of the rule that is created for the condition, such as `VariableCheck`. */ name: pulumi.Input; /** * The Region for the condition associated with the rule. */ region?: pulumi.Input; /** * The pipeline role ARN associated with the rule. */ roleArn?: pulumi.Input; /** * The ID for the rule type, which is made up of the combined values for `category`, `owner`, `provider`, and `version`. Defined as an `ruleTypeId` block below. */ ruleTypeId: pulumi.Input; /** * The action timeout for the rule. */ timeoutInMinutes?: pulumi.Input; } export interface PipelineStageOnFailureConditionRuleRuleTypeId { /** * A category defines what kind of rule can be run in the stage, and constrains the provider type for the rule. The valid category is `Rule`. */ category: pulumi.Input; /** * The creator of the rule being called. The valid value for the Owner field in the rule category is `AWS`. */ owner?: pulumi.Input; /** * The rule provider, such as the DeploymentWindow rule. For a list of rule provider names, see the rules listed in the [AWS CodePipeline rule reference](https://docs.aws.amazon.com/codepipeline/latest/userguide/rule-reference.html). */ provider: pulumi.Input; /** * A string that describes the rule version. */ version?: pulumi.Input; } export interface PipelineStageOnFailureRetryConfiguration { /** * The method that you want to configure for automatic stage retry on stage failure. You can specify to retry only failed action in the stage or all actions in the stage. Possible values are `FAILED_ACTIONS` and `ALL_ACTIONS`. */ retryMode?: pulumi.Input; } export interface PipelineStageOnSuccess { /** * The conditions that are success conditions. Defined as a `condition` block below. */ condition: pulumi.Input; } export interface PipelineStageOnSuccessCondition { /** * The action to be done when the condition is met. For example, rolling back an execution for a failure condition. Possible values are `ROLLBACK`, `FAIL`, `RETRY` and `SKIP`. */ result?: pulumi.Input; /** * The rules that make up the condition. Defined as a `rule` block below. */ rules: pulumi.Input[]>; } export interface PipelineStageOnSuccessConditionRule { /** * The shell commands to run with your commands rule in CodePipeline. All commands are supported except multi-line formats. */ commands?: pulumi.Input[]>; /** * The action configuration fields for the rule. Configurations options for rule types and providers can be found in the [Rule structure reference](https://docs.aws.amazon.com/codepipeline/latest/userguide/rule-reference.html). */ configuration?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * The list of the input artifacts fields for the rule, such as specifying an input file for the rule. */ inputArtifacts?: pulumi.Input[]>; /** * The name of the rule that is created for the condition, such as `VariableCheck`. */ name: pulumi.Input; /** * The Region for the condition associated with the rule. */ region?: pulumi.Input; /** * The pipeline role ARN associated with the rule. */ roleArn?: pulumi.Input; /** * The ID for the rule type, which is made up of the combined values for `category`, `owner`, `provider`, and `version`. Defined as an `ruleTypeId` block below. */ ruleTypeId: pulumi.Input; /** * The action timeout for the rule. */ timeoutInMinutes?: pulumi.Input; } export interface PipelineStageOnSuccessConditionRuleRuleTypeId { /** * A category defines what kind of rule can be run in the stage, and constrains the provider type for the rule. The valid category is `Rule`. */ category: pulumi.Input; /** * The creator of the rule being called. The valid value for the Owner field in the rule category is `AWS`. */ owner?: pulumi.Input; /** * The rule provider, such as the DeploymentWindow rule. For a list of rule provider names, see the rules listed in the [AWS CodePipeline rule reference](https://docs.aws.amazon.com/codepipeline/latest/userguide/rule-reference.html). */ provider: pulumi.Input; /** * A string that describes the rule version. */ version?: pulumi.Input; } export interface PipelineTrigger { /** * Provides the filter criteria and the source stage for the repository event that starts the pipeline. For more information, refer to the [AWS documentation](https://docs.aws.amazon.com/codepipeline/latest/userguide/pipelines-filter.html). A `gitConfiguration` block is documented below. */ gitConfiguration: pulumi.Input; /** * The source provider for the event. Possible value is `CodeStarSourceConnection`. */ providerType: pulumi.Input; } export interface PipelineTriggerAll { /** * Provides the filter criteria and the source stage for the repository event that starts the pipeline. For more information, refer to the [AWS documentation](https://docs.aws.amazon.com/codepipeline/latest/userguide/pipelines-filter.html). A `gitConfiguration` block is documented below. */ gitConfigurations?: pulumi.Input[]>; /** * The source provider for the event. Possible value is `CodeStarSourceConnection`. */ providerType?: pulumi.Input; } export interface PipelineTriggerAllGitConfiguration { /** * The field where the repository event that will start the pipeline is specified as pull requests. A `pullRequest` block is documented below. */ pullRequests?: pulumi.Input[]>; /** * The field where the repository event that will start the pipeline, such as pushing Git tags, is specified with details. A `push` block is documented below. */ pushes?: pulumi.Input[]>; /** * The name of the pipeline source action where the trigger configuration, such as Git tags, is specified. The trigger configuration will start the pipeline upon the specified change only. */ sourceActionName?: pulumi.Input; } export interface PipelineTriggerAllGitConfigurationPullRequest { /** * The field that specifies to filter on branches for the pull request trigger configuration. A `branches` block is documented below. */ branches?: pulumi.Input[]>; /** * A list that specifies which pull request events to filter on (opened, updated, closed) for the trigger configuration. Possible values are `OPEN`, `UPDATED ` and `CLOSED`. */ events?: pulumi.Input[]>; /** * The field that specifies to filter on file paths for the pull request trigger configuration. A `filePaths` block is documented below. */ filePaths?: pulumi.Input[]>; } export interface PipelineTriggerAllGitConfigurationPullRequestBranch { /** * A list of patterns of Git branches that, when a commit is pushed, are to be excluded from starting the pipeline. */ excludes?: pulumi.Input[]>; /** * A list of patterns of Git branches that, when a commit is pushed, are to be included as criteria that starts the pipeline. */ includes?: pulumi.Input[]>; } export interface PipelineTriggerAllGitConfigurationPullRequestFilePath { /** * A list of patterns of Git repository file paths that, when a commit is pushed, are to be excluded from starting the pipeline. */ excludes?: pulumi.Input[]>; /** * A list of patterns of Git repository file paths that, when a commit is pushed, are to be included as criteria that starts the pipeline. */ includes?: pulumi.Input[]>; } export interface PipelineTriggerAllGitConfigurationPush { /** * The field that specifies to filter on branches for the push trigger configuration. A `branches` block is documented below. */ branches?: pulumi.Input[]>; /** * The field that specifies to filter on file paths for the push trigger configuration. A `filePaths` block is documented below. */ filePaths?: pulumi.Input[]>; /** * The field that contains the details for the Git tags trigger configuration. A `tags` block is documented below. */ tags?: pulumi.Input[]>; } export interface PipelineTriggerAllGitConfigurationPushBranch { /** * A list of patterns of Git branches that, when a commit is pushed, are to be excluded from starting the pipeline. */ excludes?: pulumi.Input[]>; /** * A list of patterns of Git branches that, when a commit is pushed, are to be included as criteria that starts the pipeline. */ includes?: pulumi.Input[]>; } export interface PipelineTriggerAllGitConfigurationPushFilePath { /** * A list of patterns of Git repository file paths that, when a commit is pushed, are to be excluded from starting the pipeline. */ excludes?: pulumi.Input[]>; /** * A list of patterns of Git repository file paths that, when a commit is pushed, are to be included as criteria that starts the pipeline. */ includes?: pulumi.Input[]>; } export interface PipelineTriggerAllGitConfigurationPushTag { /** * A list of patterns of Git tags that, when pushed, are to be excluded from starting the pipeline. */ excludes?: pulumi.Input[]>; /** * A list of patterns of Git tags that, when pushed, are to be included as criteria that starts the pipeline. */ includes?: pulumi.Input[]>; } export interface PipelineTriggerGitConfiguration { /** * The field where the repository event that will start the pipeline is specified as pull requests. A `pullRequest` block is documented below. */ pullRequests?: pulumi.Input[]>; /** * The field where the repository event that will start the pipeline, such as pushing Git tags, is specified with details. A `push` block is documented below. */ pushes?: pulumi.Input[]>; /** * The name of the pipeline source action where the trigger configuration, such as Git tags, is specified. The trigger configuration will start the pipeline upon the specified change only. */ sourceActionName: pulumi.Input; } export interface PipelineTriggerGitConfigurationPullRequest { /** * The field that specifies to filter on branches for the pull request trigger configuration. A `branches` block is documented below. */ branches?: pulumi.Input; /** * A list that specifies which pull request events to filter on (opened, updated, closed) for the trigger configuration. Possible values are `OPEN`, `UPDATED ` and `CLOSED`. */ events?: pulumi.Input[]>; /** * The field that specifies to filter on file paths for the pull request trigger configuration. A `filePaths` block is documented below. */ filePaths?: pulumi.Input; } export interface PipelineTriggerGitConfigurationPullRequestBranches { /** * A list of patterns of Git branches that, when a commit is pushed, are to be excluded from starting the pipeline. */ excludes?: pulumi.Input[]>; /** * A list of patterns of Git branches that, when a commit is pushed, are to be included as criteria that starts the pipeline. */ includes?: pulumi.Input[]>; } export interface PipelineTriggerGitConfigurationPullRequestFilePaths { /** * A list of patterns of Git repository file paths that, when a commit is pushed, are to be excluded from starting the pipeline. */ excludes?: pulumi.Input[]>; /** * A list of patterns of Git repository file paths that, when a commit is pushed, are to be included as criteria that starts the pipeline. */ includes?: pulumi.Input[]>; } export interface PipelineTriggerGitConfigurationPush { /** * The field that specifies to filter on branches for the push trigger configuration. A `branches` block is documented below. */ branches?: pulumi.Input; /** * The field that specifies to filter on file paths for the push trigger configuration. A `filePaths` block is documented below. */ filePaths?: pulumi.Input; /** * The field that contains the details for the Git tags trigger configuration. A `tags` block is documented below. */ tags?: pulumi.Input; } export interface PipelineTriggerGitConfigurationPushBranches { /** * A list of patterns of Git branches that, when a commit is pushed, are to be excluded from starting the pipeline. */ excludes?: pulumi.Input[]>; /** * A list of patterns of Git branches that, when a commit is pushed, are to be included as criteria that starts the pipeline. */ includes?: pulumi.Input[]>; } export interface PipelineTriggerGitConfigurationPushFilePaths { /** * A list of patterns of Git repository file paths that, when a commit is pushed, are to be excluded from starting the pipeline. */ excludes?: pulumi.Input[]>; /** * A list of patterns of Git repository file paths that, when a commit is pushed, are to be included as criteria that starts the pipeline. */ includes?: pulumi.Input[]>; } export interface PipelineTriggerGitConfigurationPushTags { /** * A list of patterns of Git tags that, when pushed, are to be excluded from starting the pipeline. */ excludes?: pulumi.Input[]>; /** * A list of patterns of Git tags that, when pushed, are to be included as criteria that starts the pipeline. */ includes?: pulumi.Input[]>; } export interface PipelineVariable { /** * The default value of a pipeline-level variable. */ defaultValue?: pulumi.Input; /** * The description of a pipeline-level variable. */ description?: pulumi.Input; /** * The name of a pipeline-level variable. */ name: pulumi.Input; } export interface WebhookAuthenticationConfiguration { /** * A valid CIDR block for `IP` filtering. Required for `IP`. */ allowedIpRange?: pulumi.Input; /** * The shared secret for the GitHub repository webhook. Set this as `secret` in your `githubRepositoryWebhook`'s `configuration` block. Required for `GITHUB_HMAC`. */ secretToken?: pulumi.Input; } export interface WebhookFilter { /** * The [JSON path](https://github.com/json-path/JsonPath) to filter on. */ jsonPath: pulumi.Input; /** * The value to match on (e.g., `refs/heads/{Branch}`). See [AWS docs](https://docs.aws.amazon.com/codepipeline/latest/APIReference/API_WebhookFilterRule.html) for details. */ matchEquals: pulumi.Input; } } export namespace codestarconnections { export interface HostVpcConfiguration { /** * ID of the security group or security groups associated with the Amazon VPC connected to the infrastructure where your provider type is installed. */ securityGroupIds: pulumi.Input[]>; /** * The ID of the subnet or subnets associated with the Amazon VPC connected to the infrastructure where your provider type is installed. */ subnetIds: pulumi.Input[]>; /** * The value of the Transport Layer Security (TLS) certificate associated with the infrastructure where your provider type is installed. */ tlsCertificate?: pulumi.Input; /** * The ID of the Amazon VPC connected to the infrastructure where your provider type is installed. */ vpcId: pulumi.Input; } } export namespace codestarnotifications { export interface NotificationRuleTarget { /** * The ARN of the Amazon Q Developer in chat applications topic or Amazon Q Developer in chat applications client. */ address: pulumi.Input; /** * The status of the notification rule. Possible values are `ENABLED` and `DISABLED`, default is `ENABLED`. */ status?: pulumi.Input; /** * The type of the notification target. Valid values are `SNS`, `AWSChatbotSlack`, and `AWSChatbotMicrosoftTeams`. Default value is `SNS`. */ type?: pulumi.Input; } } export namespace cognito { export interface IdentityPoolCognitoIdentityProvider { /** * The client ID for the Amazon Cognito Identity User Pool. */ clientId?: pulumi.Input; /** * The provider name for an Amazon Cognito Identity User Pool. */ providerName?: pulumi.Input; /** * Whether server-side token validation is enabled for the identity provider’s token or not. */ serverSideTokenCheck?: pulumi.Input; } export interface IdentityPoolRoleAttachmentRoleMapping { /** * Specifies the action to be taken if either no rules match the claim value for the Rules type, or there is no cognito:preferred_role claim and there are multiple cognito:roles matches for the Token type. `Required` if you specify Token or Rules as the Type. */ ambiguousRoleResolution?: pulumi.Input; /** * A string identifying the identity provider, for example, "graph.facebook.com" or "cognito-idp.us-east-1.amazonaws.com/us-east-1_abcdefghi:app_client_id". Depends on `cognitoIdentityProviders` set on `aws.cognito.IdentityPool` resource or a `aws.cognito.IdentityProvider` resource. */ identityProvider: pulumi.Input; /** * The Rules Configuration to be used for mapping users to roles. You can specify up to 25 rules per identity provider. Rules are evaluated in order. The first one to match specifies the role. */ mappingRules?: pulumi.Input[]>; /** * The role mapping type. */ type: pulumi.Input; } export interface IdentityPoolRoleAttachmentRoleMappingMappingRule { /** * The claim name that must be present in the token, for example, "isAdmin" or "paid". */ claim: pulumi.Input; /** * The match condition that specifies how closely the claim value in the IdP token must match Value. */ matchType: pulumi.Input; /** * The role ARN. */ roleArn: pulumi.Input; /** * A brief string that the claim must match, for example, "paid" or "yes". */ value: pulumi.Input; } export interface LogDeliveryConfigurationLogConfiguration { /** * Configuration for CloudWatch Logs delivery. See CloudWatch Logs Configuration below. */ cloudWatchLogsConfiguration?: pulumi.Input; /** * The event source to configure logging for. Valid values are `userNotification` and `userAuthEvents`. */ eventSource: pulumi.Input; /** * Configuration for Kinesis Data Firehose delivery. See Firehose Configuration below. */ firehoseConfiguration?: pulumi.Input; /** * The log level to set for the event source. Valid values are `ERROR` and `INFO`. */ logLevel: pulumi.Input; /** * Configuration for S3 delivery. See S3 Configuration below. * * > **Note:** At least one destination configuration (`cloudWatchLogsConfiguration`, `firehoseConfiguration`, or `s3Configuration`) must be specified for each log configuration. */ s3Configuration?: pulumi.Input; } export interface LogDeliveryConfigurationLogConfigurationCloudWatchLogsConfiguration { /** * The ARN of the CloudWatch Logs log group to which the logs should be delivered. */ logGroupArn?: pulumi.Input; } export interface LogDeliveryConfigurationLogConfigurationFirehoseConfiguration { /** * The ARN of the Kinesis Data Firehose delivery stream to which the logs should be delivered. */ streamArn?: pulumi.Input; } export interface LogDeliveryConfigurationLogConfigurationS3Configuration { /** * The ARN of the S3 bucket to which the logs should be delivered. */ bucketArn?: pulumi.Input; } export interface ManagedLoginBrandingAsset { /** * Image file, in Base64-encoded binary. */ bytes?: pulumi.Input; /** * Category that the image corresponds to. See [AWS documentation](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AssetType.html#CognitoUserPools-Type-AssetType-Category) for valid values. */ category: pulumi.Input; /** * Display-mode target of the asset. Valid values: `LIGHT`, `DARK`, `DYNAMIC`. */ colorMode: pulumi.Input; extension: pulumi.Input; /** * Asset ID. */ resourceId?: pulumi.Input; } export interface ManagedUserPoolClientAnalyticsConfiguration { /** * Application ARN for an Amazon Pinpoint application. It conflicts with `externalId` and `roleArn`. */ applicationArn?: pulumi.Input; /** * Unique identifier for an Amazon Pinpoint application. */ applicationId?: pulumi.Input; /** * ID for the Analytics Configuration and conflicts with `applicationArn`. */ externalId?: pulumi.Input; /** * ARN of an IAM role that authorizes Amazon Cognito to publish events to Amazon Pinpoint analytics. It conflicts with `applicationArn`. */ roleArn?: pulumi.Input; /** * If `userDataShared` is set to `true`, Amazon Cognito will include user data in the events it publishes to Amazon Pinpoint analytics. */ userDataShared?: pulumi.Input; } export interface ManagedUserPoolClientRefreshTokenRotation { /** * The state of refresh token rotation for the current app client. Valid values are `ENABLED` or `DISABLED`. */ feature: pulumi.Input; /** * A period of time in seconds that the user has to use the old refresh token before it is invalidated. Valid values are between `0` and `60`. */ retryGracePeriodSeconds?: pulumi.Input; } export interface ManagedUserPoolClientTokenValidityUnits { /** * Time unit for the value in `accessTokenValidity` and defaults to `hours`. */ accessToken?: pulumi.Input; /** * Time unit for the value in `idTokenValidity`, and it defaults to `hours`. */ idToken?: pulumi.Input; /** * Time unit for the value in `refreshTokenValidity` and defaults to `days`. */ refreshToken?: pulumi.Input; } export interface ResourceServerScope { /** * The scope description. */ scopeDescription: pulumi.Input; /** * The scope name. */ scopeName: pulumi.Input; } export interface RiskConfigurationAccountTakeoverRiskConfiguration { /** * Account takeover risk configuration actions. See details below. */ actions: pulumi.Input; /** * The notify configuration used to construct email notifications. See details below. */ notifyConfiguration?: pulumi.Input; } export interface RiskConfigurationAccountTakeoverRiskConfigurationActions { /** * Action to take for a high risk. See action block below. */ highAction?: pulumi.Input; /** * Action to take for a low risk. See action block below. */ lowAction?: pulumi.Input; /** * Action to take for a medium risk. See action block below. */ mediumAction?: pulumi.Input; } export interface RiskConfigurationAccountTakeoverRiskConfigurationActionsHighAction { eventAction: pulumi.Input; /** * Whether to send a notification. */ notify: pulumi.Input; } export interface RiskConfigurationAccountTakeoverRiskConfigurationActionsLowAction { eventAction: pulumi.Input; /** * Whether to send a notification. */ notify: pulumi.Input; } export interface RiskConfigurationAccountTakeoverRiskConfigurationActionsMediumAction { eventAction: pulumi.Input; /** * Whether to send a notification. */ notify: pulumi.Input; } export interface RiskConfigurationAccountTakeoverRiskConfigurationNotifyConfiguration { /** * Email template used when a detected risk event is blocked. See notify email type below. */ blockEmail?: pulumi.Input; /** * The email address that is sending the email. The address must be either individually verified with Amazon Simple Email Service, or from a domain that has been verified with Amazon SES. */ from?: pulumi.Input; /** * The multi-factor authentication (MFA) email template used when MFA is challenged as part of a detected risk. See notify email type below. */ mfaEmail?: pulumi.Input; /** * The email template used when a detected risk event is allowed. See notify email type below. */ noActionEmail?: pulumi.Input; /** * The destination to which the receiver of an email should reply to. */ replyTo?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the identity that is associated with the sending authorization policy. This identity permits Amazon Cognito to send for the email address specified in the From parameter. */ sourceArn: pulumi.Input; } export interface RiskConfigurationAccountTakeoverRiskConfigurationNotifyConfigurationBlockEmail { /** * The email HTML body. */ htmlBody: pulumi.Input; /** * The email subject. */ subject: pulumi.Input; /** * The email text body. */ textBody: pulumi.Input; } export interface RiskConfigurationAccountTakeoverRiskConfigurationNotifyConfigurationMfaEmail { /** * The email HTML body. */ htmlBody: pulumi.Input; /** * The email subject. */ subject: pulumi.Input; /** * The email text body. */ textBody: pulumi.Input; } export interface RiskConfigurationAccountTakeoverRiskConfigurationNotifyConfigurationNoActionEmail { /** * The email HTML body. */ htmlBody: pulumi.Input; /** * The email subject. */ subject: pulumi.Input; /** * The email text body. */ textBody: pulumi.Input; } export interface RiskConfigurationCompromisedCredentialsRiskConfiguration { /** * The compromised credentials risk configuration actions. See details below. */ actions: pulumi.Input; /** * Perform the action for these events. The default is to perform all events if no event filter is specified. Valid values are `SIGN_IN`, `PASSWORD_CHANGE`, and `SIGN_UP`. */ eventFilters?: pulumi.Input[]>; } export interface RiskConfigurationCompromisedCredentialsRiskConfigurationActions { /** * The event action. Valid values are `BLOCK` or `NO_ACTION`. */ eventAction: pulumi.Input; } export interface RiskConfigurationRiskExceptionConfiguration { /** * Overrides the risk decision to always block the pre-authentication requests. * The IP range is in CIDR notation, a compact representation of an IP address and its routing prefix. * Can contain a maximum of 200 items. */ blockedIpRangeLists?: pulumi.Input[]>; /** * Risk detection isn't performed on the IP addresses in this range list. * The IP range is in CIDR notation. * Can contain a maximum of 200 items. */ skippedIpRangeLists?: pulumi.Input[]>; } export interface UserPoolAccountRecoverySetting { /** * List of Account Recovery Options of the following structure: */ recoveryMechanisms?: pulumi.Input[]>; } export interface UserPoolAccountRecoverySettingRecoveryMechanism { /** * Recovery method for a user. Can be of the following: `verifiedEmail`, `verifiedPhoneNumber`, and `adminOnly`. */ name: pulumi.Input; /** * Positive integer specifying priority of a method with 1 being the highest priority. */ priority: pulumi.Input; } export interface UserPoolAdminCreateUserConfig { /** * Set to True if only the administrator is allowed to create user profiles. Set to False if users can sign themselves up via an app. */ allowAdminCreateUserOnly?: pulumi.Input; /** * Invite message template structure. Detailed below. */ inviteMessageTemplate?: pulumi.Input; } export interface UserPoolAdminCreateUserConfigInviteMessageTemplate { /** * Message template for email messages. Must contain `{username}` and `{####}` placeholders, for username and temporary password, respectively. */ emailMessage?: pulumi.Input; /** * Subject line for email messages. */ emailSubject?: pulumi.Input; /** * Message template for SMS messages. Must contain `{username}` and `{####}` placeholders, for username and temporary password, respectively. */ smsMessage?: pulumi.Input; } export interface UserPoolClientAnalyticsConfiguration { /** * Application ARN for an Amazon Pinpoint application. Conflicts with `externalId` and `roleArn`. */ applicationArn?: pulumi.Input; /** * Application ID for an Amazon Pinpoint application. */ applicationId?: pulumi.Input; /** * ID for the Analytics Configuration. Conflicts with `applicationArn`. */ externalId?: pulumi.Input; /** * ARN of an IAM role that authorizes Amazon Cognito to publish events to Amazon Pinpoint analytics. Conflicts with `applicationArn`. */ roleArn?: pulumi.Input; /** * If set to `true`, Amazon Cognito will include user data in the events it publishes to Amazon Pinpoint analytics. */ userDataShared?: pulumi.Input; } export interface UserPoolClientRefreshTokenRotation { /** * The state of refresh token rotation for the current app client. Valid values are `ENABLED` or `DISABLED`. */ feature: pulumi.Input; /** * A period of time in seconds that the user has to use the old refresh token before it is invalidated. Valid values are between `0` and `60`. */ retryGracePeriodSeconds?: pulumi.Input; } export interface UserPoolClientTokenValidityUnits { /** * Time unit in for the value in `accessTokenValidity`, defaults to `hours`. */ accessToken?: pulumi.Input; /** * Time unit in for the value in `idTokenValidity`, defaults to `hours`. */ idToken?: pulumi.Input; /** * Time unit in for the value in `refreshTokenValidity`, defaults to `days`. */ refreshToken?: pulumi.Input; } export interface UserPoolDeviceConfiguration { /** * Whether a challenge is required on a new device. Only applicable to a new device. */ challengeRequiredOnNewDevice?: pulumi.Input; /** * Whether a device is only remembered on user prompt. `false` equates to "Always" remember, `true` is "User Opt In," and not using a `deviceConfiguration` block is "No." */ deviceOnlyRememberedOnUserPrompt?: pulumi.Input; } export interface UserPoolEmailConfiguration { /** * Email configuration set name from SES. */ configurationSet?: pulumi.Input; /** * Email delivery method to use. `COGNITO_DEFAULT` for the default email functionality built into Cognito or `DEVELOPER` to use your Amazon SES configuration. Required to be `DEVELOPER` if `fromEmailAddress` is set. */ emailSendingAccount?: pulumi.Input; /** * Sender’s email address or sender’s display name with their email address (e.g., `john@example.com`, `John Smith ` or `\"John Smith Ph.D.\" `). Escaped double quotes are required around display names that contain certain characters as specified in [RFC 5322](https://tools.ietf.org/html/rfc5322). */ fromEmailAddress?: pulumi.Input; /** * REPLY-TO email address. */ replyToEmailAddress?: pulumi.Input; /** * ARN of the SES verified email identity to use. Required if `emailSendingAccount` is set to `DEVELOPER`. */ sourceArn?: pulumi.Input; } export interface UserPoolEmailMfaConfiguration { /** * The template for the email messages that your user pool sends to users with codes for MFA and sign-in with email OTPs. The message must contain the {####} placeholder. In the message, Amazon Cognito replaces this placeholder with the code. If you don't provide this parameter, Amazon Cognito sends messages in the default format. */ message?: pulumi.Input; /** * The subject of the email messages that your user pool sends to users with codes for MFA and email OTP sign-in. */ subject?: pulumi.Input; } export interface UserPoolLambdaConfig { /** * ARN of the lambda creating an authentication challenge. */ createAuthChallenge?: pulumi.Input; /** * A custom email sender AWS Lambda trigger. See customEmailSender Below. */ customEmailSender?: pulumi.Input; /** * Custom Message AWS Lambda trigger. */ customMessage?: pulumi.Input; /** * A custom SMS sender AWS Lambda trigger. See customSmsSender Below. */ customSmsSender?: pulumi.Input; /** * Defines the authentication challenge. */ defineAuthChallenge?: pulumi.Input; /** * The Amazon Resource Name of Key Management Service Customer master keys. Amazon Cognito uses the key to encrypt codes and temporary passwords sent to CustomEmailSender and CustomSMSSender. */ kmsKeyId?: pulumi.Input; /** * Post-authentication AWS Lambda trigger. */ postAuthentication?: pulumi.Input; /** * Post-confirmation AWS Lambda trigger. */ postConfirmation?: pulumi.Input; /** * Pre-authentication AWS Lambda trigger. */ preAuthentication?: pulumi.Input; /** * Pre-registration AWS Lambda trigger. */ preSignUp?: pulumi.Input; /** * Allow to customize identity token claims before token generation. Set this parameter for legacy purposes; for new instances of pre token generation triggers, set the lambdaArn of `preTokenGenerationConfig`. */ preTokenGeneration?: pulumi.Input; /** * Allow to customize access tokens. See pre_token_configuration_type */ preTokenGenerationConfig?: pulumi.Input; /** * User migration Lambda config type. */ userMigration?: pulumi.Input; /** * Verifies the authentication challenge response. */ verifyAuthChallengeResponse?: pulumi.Input; } export interface UserPoolLambdaConfigCustomEmailSender { /** * The Lambda Amazon Resource Name of the Lambda function that Amazon Cognito triggers to send email notifications to users. */ lambdaArn: pulumi.Input; /** * The Lambda version represents the signature of the "request" attribute in the "event" information Amazon Cognito passes to your custom email Lambda function. The only supported value is `V1_0`. */ lambdaVersion: pulumi.Input; } export interface UserPoolLambdaConfigCustomSmsSender { /** * The Lambda Amazon Resource Name of the Lambda function that Amazon Cognito triggers to send SMS notifications to users. */ lambdaArn: pulumi.Input; /** * The Lambda version represents the signature of the "request" attribute in the "event" information Amazon Cognito passes to your custom SMS Lambda function. The only supported value is `V1_0`. */ lambdaVersion: pulumi.Input; } export interface UserPoolLambdaConfigPreTokenGenerationConfig { lambdaArn: pulumi.Input; lambdaVersion: pulumi.Input; } export interface UserPoolPasswordPolicy { /** * Minimum length of the password policy that you have set. */ minimumLength?: pulumi.Input; /** * Number of previous passwords that you want Amazon Cognito to restrict each user from reusing. Users can't set a password that matches any of number of previous passwords specified by this argument. A value of 0 means that password history is not enforced. Valid values are between 0 and 24. * * **Note:** This argument requires advanced security features to be active in the user pool. */ passwordHistorySize?: pulumi.Input; /** * Whether you have required users to use at least one lowercase letter in their password. */ requireLowercase?: pulumi.Input; /** * Whether you have required users to use at least one number in their password. */ requireNumbers?: pulumi.Input; /** * Whether you have required users to use at least one symbol in their password. */ requireSymbols?: pulumi.Input; /** * Whether you have required users to use at least one uppercase letter in their password. */ requireUppercase?: pulumi.Input; /** * In the password policy you have set, refers to the number of days a temporary password is valid. If the user does not sign-in during this time, their password will need to be reset by an administrator. */ temporaryPasswordValidityDays?: pulumi.Input; } export interface UserPoolSchema { /** * Attribute data type. Must be one of `Boolean`, `Number`, `String`, `DateTime`. */ attributeDataType: pulumi.Input; /** * Whether the attribute type is developer only. */ developerOnlyAttribute?: pulumi.Input; /** * Whether the attribute can be changed once it has been created. */ mutable?: pulumi.Input; /** * Name of the attribute. */ name: pulumi.Input; /** * Configuration block for the constraints for an attribute of the number type. Detailed below. */ numberAttributeConstraints?: pulumi.Input; /** * Whether a user pool attribute is required. If the attribute is required and the user does not provide a value, registration or sign-in will fail. */ required?: pulumi.Input; /** * Constraints for an attribute of the string type. Detailed below. */ stringAttributeConstraints?: pulumi.Input; } export interface UserPoolSchemaNumberAttributeConstraints { /** * Maximum value of an attribute that is of the number data type. */ maxValue?: pulumi.Input; /** * Minimum value of an attribute that is of the number data type. */ minValue?: pulumi.Input; } export interface UserPoolSchemaStringAttributeConstraints { /** * Maximum length of an attribute value of the string type. */ maxLength?: pulumi.Input; /** * Minimum length of an attribute value of the string type. */ minLength?: pulumi.Input; } export interface UserPoolSignInPolicy { /** * The sign in methods your user pool supports as the first factor. This is a list of strings, allowed values are `PASSWORD`, `EMAIL_OTP`, `SMS_OTP`, and `WEB_AUTHN`. */ allowedFirstAuthFactors?: pulumi.Input[]>; } export interface UserPoolSmsConfiguration { /** * External ID used in IAM role trust relationships. For more information about using external IDs, see [How to Use an External ID When Granting Access to Your AWS Resources to a Third Party](http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html). */ externalId: pulumi.Input; /** * ARN of the Amazon SNS caller. This is usually the IAM role that you've given Cognito permission to assume. */ snsCallerArn: pulumi.Input; /** * The AWS Region to use with Amazon SNS integration. You can choose the same Region as your user pool, or a supported Legacy Amazon SNS alternate Region. Amazon Cognito resources in the Asia Pacific (Seoul) AWS Region must use your Amazon SNS configuration in the Asia Pacific (Tokyo) Region. For more information, see [SMS message settings for Amazon Cognito user pools](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html). */ snsRegion?: pulumi.Input; } export interface UserPoolSoftwareTokenMfaConfiguration { /** * Boolean whether to enable software token Multi-Factor (MFA) tokens, such as Time-based One-Time Password (TOTP). To disable software token MFA When `smsConfiguration` is not present, the `mfaConfiguration` argument must be set to `OFF` and the `softwareTokenMfaConfiguration` configuration block must be fully removed. */ enabled: pulumi.Input; } export interface UserPoolUserAttributeUpdateSettings { /** * A list of attributes requiring verification before update. If set, the provided value(s) must also be set in `autoVerifiedAttributes`. Valid values: `email`, `phoneNumber`. */ attributesRequireVerificationBeforeUpdates: pulumi.Input[]>; } export interface UserPoolUserPoolAddOns { /** * A block to specify the threat protection configuration options for additional authentication types in your user pool, including custom authentication. Detailed below. */ advancedSecurityAdditionalFlows?: pulumi.Input; /** * Mode for advanced security, must be one of `OFF`, `AUDIT` or `ENFORCED`. */ advancedSecurityMode: pulumi.Input; } export interface UserPoolUserPoolAddOnsAdvancedSecurityAdditionalFlows { /** * Mode of threat protection operation in custom authentication. Valid values are `AUDIT` or `ENFORCED`. The default value is `AUDIT`. */ customAuthMode?: pulumi.Input; } export interface UserPoolUsernameConfiguration { /** * Whether username case sensitivity will be applied for all users in the user pool through Cognito APIs. */ caseSensitive?: pulumi.Input; } export interface UserPoolVerificationMessageTemplate { /** * Default email option. Must be either `CONFIRM_WITH_CODE` or `CONFIRM_WITH_LINK`. Defaults to `CONFIRM_WITH_CODE`. */ defaultEmailOption?: pulumi.Input; /** * Email message template. Must contain the `{####}` placeholder. Conflicts with `emailVerificationMessage` argument. */ emailMessage?: pulumi.Input; /** * Email message template for sending a confirmation link to the user, it must contain the `{##Click Here##}` placeholder. */ emailMessageByLink?: pulumi.Input; /** * Subject line for the email message template. Conflicts with `emailVerificationSubject` argument. */ emailSubject?: pulumi.Input; /** * Subject line for the email message template for sending a confirmation link to the user. */ emailSubjectByLink?: pulumi.Input; /** * SMS message template. Must contain the `{####}` placeholder. Conflicts with `smsVerificationMessage` argument. */ smsMessage?: pulumi.Input; } export interface UserPoolWebAuthnConfiguration { /** * The authentication domain that passkeys providers use as a relying party. */ relyingPartyId?: pulumi.Input; /** * If your user pool should require a passkey. Must be one of `required` or `preferred`. */ userVerification?: pulumi.Input; } } export namespace comprehend { export interface DocumentClassifierInputDataConfig { /** * List of training datasets produced by Amazon SageMaker AI Ground Truth. * Used if `dataFormat` is `AUGMENTED_MANIFEST`. * See the `augmentedManifests` Configuration Block section below. */ augmentedManifests?: pulumi.Input[]>; /** * The format for the training data. * One of `COMPREHEND_CSV` or `AUGMENTED_MANIFEST`. */ dataFormat?: pulumi.Input; /** * Delimiter between labels when training a multi-label classifier. * Valid values are `|`, `~`, `!`, `@`, `#`, `$`, `%`, `^`, `*`, `-`, `_`, `+`, `=`, `\`, `:`, `;`, `>`, `?`, `/`, ``, and ``. * Default is `|`. */ labelDelimiter?: pulumi.Input; /** * Location of training documents. * Used if `dataFormat` is `COMPREHEND_CSV`. */ s3Uri?: pulumi.Input; testS3Uri?: pulumi.Input; } export interface DocumentClassifierInputDataConfigAugmentedManifest { /** * Location of annotation files. */ annotationDataS3Uri?: pulumi.Input; /** * The JSON attribute that contains the annotations for the training documents. */ attributeNames: pulumi.Input[]>; /** * Type of augmented manifest. * One of `PLAIN_TEXT_DOCUMENT` or `SEMI_STRUCTURED_DOCUMENT`. */ documentType?: pulumi.Input; /** * Location of augmented manifest file. */ s3Uri: pulumi.Input; /** * Location of source PDF files. */ sourceDocumentsS3Uri?: pulumi.Input; /** * Purpose of data in augmented manifest. * One of `TRAIN` or `TEST`. */ split?: pulumi.Input; } export interface DocumentClassifierOutputDataConfig { /** * KMS Key used to encrypt the output documents. * Can be a KMS Key ID, a KMS Key ARN, a KMS Alias name, or a KMS Alias ARN. */ kmsKeyId?: pulumi.Input; /** * Full path for the output documents. */ outputS3Uri?: pulumi.Input; /** * Destination path for the output documents. * The full path to the output file will be returned in `outputS3Uri`. */ s3Uri: pulumi.Input; } export interface DocumentClassifierVpcConfig { /** * List of security group IDs. */ securityGroupIds: pulumi.Input[]>; /** * List of VPC subnets. */ subnets: pulumi.Input[]>; } export interface EntityRecognizerInputDataConfig { /** * Specifies location of the document annotation data. * See the `annotations` Configuration Block section below. * One of `annotations` or `entityList` is required. */ annotations?: pulumi.Input; /** * List of training datasets produced by Amazon SageMaker AI Ground Truth. * Used if `dataFormat` is `AUGMENTED_MANIFEST`. * See the `augmentedManifests` Configuration Block section below. */ augmentedManifests?: pulumi.Input[]>; /** * The format for the training data. * One of `COMPREHEND_CSV` or `AUGMENTED_MANIFEST`. */ dataFormat?: pulumi.Input; /** * Specifies a collection of training documents. * Used if `dataFormat` is `COMPREHEND_CSV`. * See the `documents` Configuration Block section below. */ documents?: pulumi.Input; /** * Specifies location of the entity list data. * See the `entityList` Configuration Block section below. * One of `entityList` or `annotations` is required. */ entityList?: pulumi.Input; /** * Set of entity types to be recognized. * Has a maximum of 25 items. * See the `entityTypes` Configuration Block section below. */ entityTypes: pulumi.Input[]>; } export interface EntityRecognizerInputDataConfigAnnotations { /** * Location of training annotations. */ s3Uri: pulumi.Input; testS3Uri?: pulumi.Input; } export interface EntityRecognizerInputDataConfigAugmentedManifest { /** * Location of annotation files. */ annotationDataS3Uri?: pulumi.Input; /** * The JSON attribute that contains the annotations for the training documents. */ attributeNames: pulumi.Input[]>; /** * Type of augmented manifest. * One of `PLAIN_TEXT_DOCUMENT` or `SEMI_STRUCTURED_DOCUMENT`. */ documentType?: pulumi.Input; /** * Location of augmented manifest file. */ s3Uri: pulumi.Input; /** * Location of source PDF files. */ sourceDocumentsS3Uri?: pulumi.Input; /** * Purpose of data in augmented manifest. * One of `TRAIN` or `TEST`. */ split?: pulumi.Input; } export interface EntityRecognizerInputDataConfigDocuments { /** * Specifies how the input files should be processed. * One of `ONE_DOC_PER_LINE` or `ONE_DOC_PER_FILE`. */ inputFormat?: pulumi.Input; /** * Location of training documents. */ s3Uri: pulumi.Input; testS3Uri?: pulumi.Input; } export interface EntityRecognizerInputDataConfigEntityList { /** * Location of entity list. */ s3Uri: pulumi.Input; } export interface EntityRecognizerInputDataConfigEntityType { /** * An entity type to be matched by the Entity Recognizer. * Cannot contain a newline (`\n`), carriage return (`\r`), or tab (`\t`). */ type: pulumi.Input; } export interface EntityRecognizerVpcConfig { /** * List of security group IDs. */ securityGroupIds: pulumi.Input[]>; /** * List of VPC subnets. */ subnets: pulumi.Input[]>; } } export namespace computeoptimizer { export interface EnrollmentStatusTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface RecommendationPreferencesExternalMetricsPreference { /** * The source options for external metrics preferences. Valid values: `Datadog`, `Dynatrace`, `NewRelic`, `Instana`. */ source: pulumi.Input; } export interface RecommendationPreferencesPreferredResource { /** * The preferred resource type values to exclude from the recommendation candidates. If this isn’t specified, all supported resources are included by default. */ excludeLists?: pulumi.Input[]>; /** * The preferred resource type values to include in the recommendation candidates. You can specify the exact resource type value, such as `"m5.large"`, or use wild card expressions, such as `"m5"`. If this isn’t specified, all supported resources are included by default. */ includeLists?: pulumi.Input[]>; name: pulumi.Input; } export interface RecommendationPreferencesScope { /** * The name of the scope. Valid values: `Organization`, `AccountId`, `ResourceArn`. */ name: pulumi.Input; /** * The value of the scope. `ALL_ACCOUNTS` for `Organization` scopes, AWS account ID for `AccountId` scopes, ARN of an EC2 instance or an Auto Scaling group for `ResourceArn` scopes. */ value: pulumi.Input; } export interface RecommendationPreferencesUtilizationPreference { /** * The name of the resource utilization metric name to customize. Valid values: `CpuUtilization`, `MemoryUtilization`. */ metricName: pulumi.Input; /** * The parameters to set when customizing the resource utilization thresholds. */ metricParameters: pulumi.Input; } export interface RecommendationPreferencesUtilizationPreferenceMetricParameters { /** * The headroom value in percentage used for the specified metric parameter. Valid values: `PERCENT_30`, `PERCENT_20`, `PERCENT_10`, `PERCENT_0`. */ headroom: pulumi.Input; /** * The threshold value used for the specified metric parameter. You can only specify the threshold value for CPU utilization. Valid values: `P90`, `P95`, `P99_5`. */ threshold?: pulumi.Input; } } export namespace config { } export namespace connect { export interface BotAssociationLexBot { /** * The Region that the Amazon Lex (V1) bot was created in. Defaults to current region. */ lexRegion?: pulumi.Input; /** * The name of the Amazon Lex (V1) bot. */ name: pulumi.Input; } export interface GetBotAssociationLexBot { /** * Region that the Amazon Lex (V1) bot was created in. */ lexRegion?: string; /** * Name of the Amazon Lex (V1) bot. */ name: string; } export interface GetBotAssociationLexBotArgs { /** * Region that the Amazon Lex (V1) bot was created in. */ lexRegion?: pulumi.Input; /** * Name of the Amazon Lex (V1) bot. */ name: pulumi.Input; } export interface HoursOfOperationConfig { /** * Specifies the day that the hours of operation applies to. */ day: pulumi.Input; /** * A end time block specifies the time that your contact center closes. The `endTime` is documented below. */ endTime: pulumi.Input; /** * A start time block specifies the time that your contact center opens. The `startTime` is documented below. */ startTime: pulumi.Input; } export interface HoursOfOperationConfigEndTime { /** * Specifies the hour of closing. */ hours: pulumi.Input; /** * Specifies the minute of closing. */ minutes: pulumi.Input; } export interface HoursOfOperationConfigStartTime { /** * Specifies the hour of opening. */ hours: pulumi.Input; /** * Specifies the minute of opening. */ minutes: pulumi.Input; } export interface InstanceStorageConfigStorageConfig { /** * A block that specifies the configuration of the Kinesis Firehose delivery stream. Documented below. */ kinesisFirehoseConfig?: pulumi.Input; /** * A block that specifies the configuration of the Kinesis data stream. Documented below. */ kinesisStreamConfig?: pulumi.Input; /** * A block that specifies the configuration of the Kinesis video stream. Documented below. */ kinesisVideoStreamConfig?: pulumi.Input; /** * A block that specifies the configuration of S3 Bucket. Documented below. */ s3Config?: pulumi.Input; /** * A valid storage type. Valid Values: `S3` | `KINESIS_VIDEO_STREAM` | `KINESIS_STREAM` | `KINESIS_FIREHOSE`. */ storageType: pulumi.Input; } export interface InstanceStorageConfigStorageConfigKinesisFirehoseConfig { /** * The Amazon Resource Name (ARN) of the delivery stream. */ firehoseArn: pulumi.Input; } export interface InstanceStorageConfigStorageConfigKinesisStreamConfig { /** * The Amazon Resource Name (ARN) of the data stream. */ streamArn: pulumi.Input; } export interface InstanceStorageConfigStorageConfigKinesisVideoStreamConfig { /** * The encryption configuration. Documented below. */ encryptionConfig: pulumi.Input; /** * The prefix of the video stream. Minimum length of `1`. Maximum length of `128`. When read from the state, the value returned is `-connect--contact-` since the API appends additional details to the `prefix`. */ prefix: pulumi.Input; /** * The number of hours data is retained in the stream. Kinesis Video Streams retains the data in a data store that is associated with the stream. Minimum value of `0`. Maximum value of `87600`. A value of `0`, indicates that the stream does not persist data. */ retentionPeriodHours: pulumi.Input; } export interface InstanceStorageConfigStorageConfigKinesisVideoStreamConfigEncryptionConfig { /** * The type of encryption. Valid Values: `KMS`. */ encryptionType: pulumi.Input; /** * The full ARN of the encryption key. Be sure to provide the full ARN of the encryption key, not just the ID. */ keyId: pulumi.Input; } export interface InstanceStorageConfigStorageConfigS3Config { /** * The S3 bucket name. */ bucketName: pulumi.Input; /** * The S3 bucket prefix. */ bucketPrefix: pulumi.Input; /** * The encryption configuration. Documented below. */ encryptionConfig?: pulumi.Input; } export interface InstanceStorageConfigStorageConfigS3ConfigEncryptionConfig { /** * The type of encryption. Valid Values: `KMS`. */ encryptionType: pulumi.Input; /** * The full ARN of the encryption key. Be sure to provide the full ARN of the encryption key, not just the ID. */ keyId: pulumi.Input; } export interface PhoneNumberStatus { /** * The status message. */ message?: pulumi.Input; /** * The status of the phone number. Valid Values: `CLAIMED` | `IN_PROGRESS` | `FAILED`. */ status?: pulumi.Input; } export interface QueueOutboundCallerConfig { /** * Specifies the caller ID name. */ outboundCallerIdName?: pulumi.Input; /** * Specifies the caller ID number. */ outboundCallerIdNumberId?: pulumi.Input; /** * Specifies outbound whisper flow to be used during an outbound call. */ outboundFlowId?: pulumi.Input; } export interface QuickConnectQuickConnectConfig { /** * Specifies the phone configuration of the Quick Connect. This is required only if `quickConnectType` is `PHONE_NUMBER`. The `phoneConfig` block is documented below. */ phoneConfigs?: pulumi.Input[]>; /** * Specifies the queue configuration of the Quick Connect. This is required only if `quickConnectType` is `QUEUE`. The `queueConfig` block is documented below. */ queueConfigs?: pulumi.Input[]>; /** * Specifies the configuration type of the quick connect. valid values are `PHONE_NUMBER`, `QUEUE`, `USER`. */ quickConnectType: pulumi.Input; /** * Specifies the user configuration of the Quick Connect. This is required only if `quickConnectType` is `USER`. The `userConfig` block is documented below. */ userConfigs?: pulumi.Input[]>; } export interface QuickConnectQuickConnectConfigPhoneConfig { /** * Specifies the phone number in in E.164 format. */ phoneNumber: pulumi.Input; } export interface QuickConnectQuickConnectConfigQueueConfig { /** * Specifies the identifier of the contact flow. */ contactFlowId: pulumi.Input; /** * Specifies the identifier for the queue. */ queueId: pulumi.Input; } export interface QuickConnectQuickConnectConfigUserConfig { /** * Specifies the identifier of the contact flow. */ contactFlowId: pulumi.Input; /** * Specifies the identifier for the user. */ userId: pulumi.Input; } export interface RoutingProfileMediaConcurrency { /** * Specifies the channels that agents can handle in the Contact Control Panel (CCP). Valid values are `VOICE`, `CHAT`, `TASK`. */ channel: pulumi.Input; /** * Specifies the number of contacts an agent can have on a channel simultaneously. Valid Range for `VOICE`: Minimum value of `1`. Maximum value of `1`. Valid Range for `CHAT`: Minimum value of `1`. Maximum value of `10`. Valid Range for `TASK`: Minimum value of `1`. Maximum value of `10`. */ concurrency: pulumi.Input; crossChannelBehavior?: pulumi.Input; } export interface RoutingProfileMediaConcurrencyCrossChannelBehavior { /** * Specifies the cross-channel behavior for routing contacts across multiple channels. Valid values are `ROUTE_CURRENT_CHANNEL_ONLY` and `ROUTE_ANY_CHANNEL`. `ROUTE_CURRENT_CHANNEL_ONLY` restricts agents to receive contacts only from the channel they are currently handling. `ROUTE_ANY_CHANNEL` allows agents to receive contacts from any channel regardless of what they are currently handling. */ behaviorType: pulumi.Input; } export interface RoutingProfileQueueConfig { /** * Specifies the channels agents can handle in the Contact Control Panel (CCP) for this routing profile. Valid values are `VOICE`, `CHAT`, `TASK`. */ channel: pulumi.Input; /** * Specifies the delay, in seconds, that a contact should be in the queue before they are routed to an available agent */ delay: pulumi.Input; /** * Specifies the order in which contacts are to be handled for the queue. */ priority: pulumi.Input; /** * ARN for the queue. */ queueArn?: pulumi.Input; /** * Specifies the identifier for the queue. */ queueId: pulumi.Input; /** * Name for the queue. */ queueName?: pulumi.Input; } export interface UserHierarchyGroupHierarchyPath { /** * A block that defines the details of level five. The level block is documented below. */ levelFives?: pulumi.Input[]>; /** * A block that defines the details of level four. The level block is documented below. */ levelFours?: pulumi.Input[]>; /** * A block that defines the details of level one. The level block is documented below. */ levelOnes?: pulumi.Input[]>; /** * A block that defines the details of level three. The level block is documented below. */ levelThrees?: pulumi.Input[]>; /** * A block that defines the details of level two. The level block is documented below. */ levelTwos?: pulumi.Input[]>; } export interface UserHierarchyGroupHierarchyPathLevelFife { /** * The Amazon Resource Name (ARN) of the hierarchy group. */ arn?: pulumi.Input; /** * The identifier of the hierarchy group. */ id?: pulumi.Input; /** * The name of the user hierarchy group. Must not be more than 100 characters. */ name?: pulumi.Input; } export interface UserHierarchyGroupHierarchyPathLevelFour { /** * The Amazon Resource Name (ARN) of the hierarchy group. */ arn?: pulumi.Input; /** * The identifier of the hierarchy group. */ id?: pulumi.Input; /** * The name of the user hierarchy group. Must not be more than 100 characters. */ name?: pulumi.Input; } export interface UserHierarchyGroupHierarchyPathLevelOne { /** * The Amazon Resource Name (ARN) of the hierarchy group. */ arn?: pulumi.Input; /** * The identifier of the hierarchy group. */ id?: pulumi.Input; /** * The name of the user hierarchy group. Must not be more than 100 characters. */ name?: pulumi.Input; } export interface UserHierarchyGroupHierarchyPathLevelThree { /** * The Amazon Resource Name (ARN) of the hierarchy group. */ arn?: pulumi.Input; /** * The identifier of the hierarchy group. */ id?: pulumi.Input; /** * The name of the user hierarchy group. Must not be more than 100 characters. */ name?: pulumi.Input; } export interface UserHierarchyGroupHierarchyPathLevelTwo { /** * The Amazon Resource Name (ARN) of the hierarchy group. */ arn?: pulumi.Input; /** * The identifier of the hierarchy group. */ id?: pulumi.Input; /** * The name of the user hierarchy group. Must not be more than 100 characters. */ name?: pulumi.Input; } export interface UserHierarchyStructureHierarchyStructure { /** * A block that defines the details of level five. The level block is documented below. * * Each level block supports the following arguments: */ levelFive?: pulumi.Input; /** * A block that defines the details of level four. The level block is documented below. */ levelFour?: pulumi.Input; /** * A block that defines the details of level one. The level block is documented below. */ levelOne?: pulumi.Input; /** * A block that defines the details of level three. The level block is documented below. */ levelThree?: pulumi.Input; /** * A block that defines the details of level two. The level block is documented below. */ levelTwo?: pulumi.Input; } export interface UserHierarchyStructureHierarchyStructureLevelFive { /** * The Amazon Resource Name (ARN) of the hierarchy level. */ arn?: pulumi.Input; /** * The identifier of the hierarchy level. */ id?: pulumi.Input; /** * The name of the user hierarchy level. Must not be more than 50 characters. */ name: pulumi.Input; } export interface UserHierarchyStructureHierarchyStructureLevelFour { /** * The Amazon Resource Name (ARN) of the hierarchy level. */ arn?: pulumi.Input; /** * The identifier of the hierarchy level. */ id?: pulumi.Input; /** * The name of the user hierarchy level. Must not be more than 50 characters. */ name: pulumi.Input; } export interface UserHierarchyStructureHierarchyStructureLevelOne { /** * The Amazon Resource Name (ARN) of the hierarchy level. */ arn?: pulumi.Input; /** * The identifier of the hierarchy level. */ id?: pulumi.Input; /** * The name of the user hierarchy level. Must not be more than 50 characters. */ name: pulumi.Input; } export interface UserHierarchyStructureHierarchyStructureLevelThree { /** * The Amazon Resource Name (ARN) of the hierarchy level. */ arn?: pulumi.Input; /** * The identifier of the hierarchy level. */ id?: pulumi.Input; /** * The name of the user hierarchy level. Must not be more than 50 characters. */ name: pulumi.Input; } export interface UserHierarchyStructureHierarchyStructureLevelTwo { /** * The Amazon Resource Name (ARN) of the hierarchy level. */ arn?: pulumi.Input; /** * The identifier of the hierarchy level. */ id?: pulumi.Input; /** * The name of the user hierarchy level. Must not be more than 50 characters. */ name: pulumi.Input; } export interface UserIdentityInfo { /** * The email address. If you are using SAML for identity management and include this parameter, an error is returned. Note that updates to the `email` is supported. From the [UpdateUserIdentityInfo API documentation](https://docs.aws.amazon.com/connect/latest/APIReference/API_UpdateUserIdentityInfo.html) it is strongly recommended to limit who has the ability to invoke `UpdateUserIdentityInfo`. Someone with that ability can change the login credentials of other users by changing their email address. This poses a security risk to your organization. They can change the email address of a user to the attacker's email address, and then reset the password through email. For more information, see [Best Practices for Security Profiles](https://docs.aws.amazon.com/connect/latest/adminguide/security-profile-best-practices.html) in the Amazon Connect Administrator Guide. */ email?: pulumi.Input; /** * The first name. This is required if you are using Amazon Connect or SAML for identity management. Minimum length of 1. Maximum length of 100. */ firstName?: pulumi.Input; /** * The last name. This is required if you are using Amazon Connect or SAML for identity management. Minimum length of 1. Maximum length of 100. */ lastName?: pulumi.Input; /** * The secondary email address. If present, email notifications will be sent to this email address instead of the primary one. */ secondaryEmail?: pulumi.Input; } export interface UserPhoneConfig { /** * The After Call Work (ACW) timeout setting, in seconds. Minimum value of 0. */ afterContactWorkTimeLimit?: pulumi.Input; /** * When Auto-Accept Call is enabled for an available agent, the agent connects to contacts automatically. */ autoAccept?: pulumi.Input; /** * The phone number for the user's desk phone. Required if `phoneType` is set as `DESK_PHONE`. */ deskPhoneNumber?: pulumi.Input; /** * The phone type. Valid values are `DESK_PHONE` and `SOFT_PHONE`. */ phoneType: pulumi.Input; } } export namespace controltower { export interface BaselineParameters { /** * The key of the parameter. */ key: pulumi.Input; /** * The value of the parameter. */ value: pulumi.Input; } export interface BaselineTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface ControlTowerControlParameter { /** * The name of the parameter. */ key: pulumi.Input; /** * The value of the parameter. */ value: pulumi.Input; } export interface LandingZoneDriftStatus { /** * The drift status of the landing zone. */ status?: pulumi.Input; } } export namespace costexplorer { export interface AnomalySubscriptionSubscriber { /** * The address of the subscriber. If type is `SNS`, this will be the arn of the sns topic. If type is `EMAIL`, this will be the destination email address. */ address: pulumi.Input; /** * The type of subscription. Valid Values: `SNS` | `EMAIL`. */ type: pulumi.Input; } export interface AnomalySubscriptionThresholdExpression { /** * Return results that match both Dimension objects. */ ands?: pulumi.Input[]>; /** * Configuration block for the filter that's based on values. See Cost Category below. */ costCategory?: pulumi.Input; /** * Configuration block for the specific Dimension to use for. */ dimension?: pulumi.Input; /** * Return results that do not match the Dimension object. */ not?: pulumi.Input; /** * Return results that match either Dimension object. */ ors?: pulumi.Input[]>; /** * Configuration block for the specific Tag to use for. See Tags below. */ tags?: pulumi.Input; } export interface AnomalySubscriptionThresholdExpressionAnd { /** * Configuration block for the filter that's based on values. See Cost Category below. */ costCategory?: pulumi.Input; /** * Configuration block for the specific Dimension to use for. */ dimension?: pulumi.Input; /** * A map of tags to assign to the resource. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. */ tags?: pulumi.Input; } export interface AnomalySubscriptionThresholdExpressionAndCostCategory { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface AnomalySubscriptionThresholdExpressionAndDimension { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface AnomalySubscriptionThresholdExpressionAndTags { /** * Key for the tag. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface AnomalySubscriptionThresholdExpressionCostCategory { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface AnomalySubscriptionThresholdExpressionDimension { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface AnomalySubscriptionThresholdExpressionNot { /** * Configuration block for the filter that's based on values. See Cost Category below. */ costCategory?: pulumi.Input; /** * Configuration block for the specific Dimension to use for. */ dimension?: pulumi.Input; /** * A map of tags to assign to the resource. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. */ tags?: pulumi.Input; } export interface AnomalySubscriptionThresholdExpressionNotCostCategory { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface AnomalySubscriptionThresholdExpressionNotDimension { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface AnomalySubscriptionThresholdExpressionNotTags { /** * Key for the tag. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface AnomalySubscriptionThresholdExpressionOr { /** * Configuration block for the filter that's based on values. See Cost Category below. */ costCategory?: pulumi.Input; /** * Configuration block for the specific Dimension to use for. */ dimension?: pulumi.Input; /** * A map of tags to assign to the resource. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. */ tags?: pulumi.Input; } export interface AnomalySubscriptionThresholdExpressionOrCostCategory { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface AnomalySubscriptionThresholdExpressionOrDimension { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface AnomalySubscriptionThresholdExpressionOrTags { /** * Key for the tag. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface AnomalySubscriptionThresholdExpressionTags { /** * Key for the tag. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRule { /** * Configuration block for the value the line item is categorized as if the line item contains the matched dimension. See below. */ inheritedValue?: pulumi.Input; /** * Configuration block for the `Expression` object used to categorize costs. See below. */ rule?: pulumi.Input; /** * You can define the CostCategoryRule rule type as either `REGULAR` or `INHERITED_VALUE`. */ type?: pulumi.Input; /** * Default value for the cost category. */ value?: pulumi.Input; } export interface CostCategoryRuleInheritedValue { /** * Key to extract cost category values. */ dimensionKey?: pulumi.Input; /** * Name of the dimension that's used to group costs. If you specify `LINKED_ACCOUNT_NAME`, the cost category value is based on account name. If you specify `TAG`, the cost category value will be based on the value of the specified tag key. Valid values are `LINKED_ACCOUNT_NAME`, `TAG` */ dimensionName?: pulumi.Input; } export interface CostCategoryRuleRule { /** * Return results that match both `Dimension` objects. */ ands?: pulumi.Input[]>; /** * Configuration block for the filter that's based on `CostCategory` values. See below. */ costCategory?: pulumi.Input; /** * Configuration block for the specific `Dimension` to use for `Expression`. See below. */ dimension?: pulumi.Input; /** * Return results that match both `Dimension` object. */ not?: pulumi.Input; /** * Return results that match both `Dimension` object. */ ors?: pulumi.Input[]>; /** * Configuration block for the specific `Tag` to use for `Expression`. See below. */ tags?: pulumi.Input; } export interface CostCategoryRuleRuleAnd { /** * Return results that match both `Dimension` objects. */ ands?: pulumi.Input[]>; /** * Configuration block for the filter that's based on `CostCategory` values. See below. */ costCategory?: pulumi.Input; /** * Configuration block for the specific `Dimension` to use for `Expression`. See below. */ dimension?: pulumi.Input; /** * Return results that match both `Dimension` object. */ not?: pulumi.Input; /** * Return results that match both `Dimension` object. */ ors?: pulumi.Input[]>; /** * Key-value mapping of resource tags. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. */ tags?: pulumi.Input; } export interface CostCategoryRuleRuleAndAnd { /** * Configuration block for the filter that's based on `CostCategory` values. See below. */ costCategory?: pulumi.Input; /** * Configuration block for the specific `Dimension` to use for `Expression`. See below. */ dimension?: pulumi.Input; /** * Key-value mapping of resource tags. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. */ tags?: pulumi.Input; } export interface CostCategoryRuleRuleAndAndCostCategory { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleAndAndDimension { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleAndAndTags { /** * Key for the tag. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleAndCostCategory { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleAndDimension { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleAndNot { /** * Configuration block for the filter that's based on `CostCategory` values. See below. */ costCategory?: pulumi.Input; /** * Configuration block for the specific `Dimension` to use for `Expression`. See below. */ dimension?: pulumi.Input; /** * Key-value mapping of resource tags. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. */ tags?: pulumi.Input; } export interface CostCategoryRuleRuleAndNotCostCategory { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleAndNotDimension { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleAndNotTags { /** * Key for the tag. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleAndOr { /** * Configuration block for the filter that's based on `CostCategory` values. See below. */ costCategory?: pulumi.Input; /** * Configuration block for the specific `Dimension` to use for `Expression`. See below. */ dimension?: pulumi.Input; /** * Key-value mapping of resource tags. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. */ tags?: pulumi.Input; } export interface CostCategoryRuleRuleAndOrCostCategory { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleAndOrDimension { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleAndOrTags { /** * Key for the tag. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleAndTags { /** * Key for the tag. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleCostCategory { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleDimension { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleNot { /** * Return results that match both `Dimension` objects. */ ands?: pulumi.Input[]>; /** * Configuration block for the filter that's based on `CostCategory` values. See below. */ costCategory?: pulumi.Input; /** * Configuration block for the specific `Dimension` to use for `Expression`. See below. */ dimension?: pulumi.Input; /** * Return results that match both `Dimension` object. */ not?: pulumi.Input; /** * Return results that match both `Dimension` object. */ ors?: pulumi.Input[]>; /** * Key-value mapping of resource tags. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. */ tags?: pulumi.Input; } export interface CostCategoryRuleRuleNotAnd { /** * Configuration block for the filter that's based on `CostCategory` values. See below. */ costCategory?: pulumi.Input; /** * Configuration block for the specific `Dimension` to use for `Expression`. See below. */ dimension?: pulumi.Input; /** * Key-value mapping of resource tags. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. */ tags?: pulumi.Input; } export interface CostCategoryRuleRuleNotAndCostCategory { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleNotAndDimension { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleNotAndTags { /** * Key for the tag. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleNotCostCategory { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleNotDimension { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleNotNot { /** * Configuration block for the filter that's based on `CostCategory` values. See below. */ costCategory?: pulumi.Input; /** * Configuration block for the specific `Dimension` to use for `Expression`. See below. */ dimension?: pulumi.Input; /** * Key-value mapping of resource tags. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. */ tags?: pulumi.Input; } export interface CostCategoryRuleRuleNotNotCostCategory { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleNotNotDimension { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleNotNotTags { /** * Key for the tag. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleNotOr { /** * Configuration block for the filter that's based on `CostCategory` values. See below. */ costCategory?: pulumi.Input; /** * Configuration block for the specific `Dimension` to use for `Expression`. See below. */ dimension?: pulumi.Input; /** * Key-value mapping of resource tags. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. */ tags?: pulumi.Input; } export interface CostCategoryRuleRuleNotOrCostCategory { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleNotOrDimension { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleNotOrTags { /** * Key for the tag. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleNotTags { /** * Key for the tag. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleOr { /** * Return results that match both `Dimension` objects. */ ands?: pulumi.Input[]>; /** * Configuration block for the filter that's based on `CostCategory` values. See below. */ costCategory?: pulumi.Input; /** * Configuration block for the specific `Dimension` to use for `Expression`. See below. */ dimension?: pulumi.Input; /** * Return results that match both `Dimension` object. */ not?: pulumi.Input; /** * Return results that match both `Dimension` object. */ ors?: pulumi.Input[]>; /** * Key-value mapping of resource tags. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. */ tags?: pulumi.Input; } export interface CostCategoryRuleRuleOrAnd { /** * Configuration block for the filter that's based on `CostCategory` values. See below. */ costCategory?: pulumi.Input; /** * Configuration block for the specific `Dimension` to use for `Expression`. See below. */ dimension?: pulumi.Input; /** * Key-value mapping of resource tags. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. */ tags?: pulumi.Input; } export interface CostCategoryRuleRuleOrAndCostCategory { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleOrAndDimension { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleOrAndTags { /** * Key for the tag. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleOrCostCategory { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleOrDimension { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleOrNot { /** * Configuration block for the filter that's based on `CostCategory` values. See below. */ costCategory?: pulumi.Input; /** * Configuration block for the specific `Dimension` to use for `Expression`. See below. */ dimension?: pulumi.Input; /** * Key-value mapping of resource tags. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. */ tags?: pulumi.Input; } export interface CostCategoryRuleRuleOrNotCostCategory { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleOrNotDimension { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleOrNotTags { /** * Key for the tag. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleOrOr { /** * Configuration block for the filter that's based on `CostCategory` values. See below. */ costCategory?: pulumi.Input; /** * Configuration block for the specific `Dimension` to use for `Expression`. See below. */ dimension?: pulumi.Input; /** * Key-value mapping of resource tags. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. */ tags?: pulumi.Input; } export interface CostCategoryRuleRuleOrOrCostCategory { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleOrOrDimension { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleOrOrTags { /** * Key for the tag. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleOrTags { /** * Key for the tag. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleTags { /** * Key for the tag. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategorySplitChargeRule { /** * Method that's used to define how to split your source costs across your targets. Valid values are `FIXED`, `PROPORTIONAL`, `EVEN` */ method: pulumi.Input; /** * Configuration block for the parameters for a split charge method. This is only required for the `FIXED` method. See below. */ parameters?: pulumi.Input[]>; /** * Cost Category value that you want to split. */ source: pulumi.Input; /** * Cost Category values that you want to split costs across. These values can't be used as a source in other split charge rules. */ targets: pulumi.Input[]>; } export interface CostCategorySplitChargeRuleParameter { /** * Parameter type. */ type?: pulumi.Input; /** * Parameter values. */ values?: pulumi.Input[]>; } export interface GetTagsFilter { /** * Return results that match both `Dimension` objects. */ ands?: inputs.costexplorer.GetTagsFilterAnd[]; /** * Configuration block for the filter that's based on `CostCategory` values. See `costCategory` block below for details. */ costCategory?: inputs.costexplorer.GetTagsFilterCostCategory; /** * Configuration block for the specific `Dimension` to use for `Expression`. See `dimension` block below for details. */ dimension?: inputs.costexplorer.GetTagsFilterDimension; /** * Return results that match both `Dimension` object. */ not?: inputs.costexplorer.GetTagsFilterNot; /** * Return results that match both `Dimension` object. */ ors?: inputs.costexplorer.GetTagsFilterOr[]; /** * Tags that match your request. */ tags?: inputs.costexplorer.GetTagsFilterTags; } export interface GetTagsFilterArgs { /** * Return results that match both `Dimension` objects. */ ands?: pulumi.Input[]>; /** * Configuration block for the filter that's based on `CostCategory` values. See `costCategory` block below for details. */ costCategory?: pulumi.Input; /** * Configuration block for the specific `Dimension` to use for `Expression`. See `dimension` block below for details. */ dimension?: pulumi.Input; /** * Return results that match both `Dimension` object. */ not?: pulumi.Input; /** * Return results that match both `Dimension` object. */ ors?: pulumi.Input[]>; /** * Tags that match your request. */ tags?: pulumi.Input; } export interface GetTagsFilterAnd { /** * Configuration block for the filter that's based on `CostCategory` values. See `costCategory` block below for details. */ costCategory?: inputs.costexplorer.GetTagsFilterAndCostCategory; /** * Configuration block for the specific `Dimension` to use for `Expression`. See `dimension` block below for details. */ dimension?: inputs.costexplorer.GetTagsFilterAndDimension; /** * Tags that match your request. */ tags?: inputs.costexplorer.GetTagsFilterAndTags; } export interface GetTagsFilterAndArgs { /** * Configuration block for the filter that's based on `CostCategory` values. See `costCategory` block below for details. */ costCategory?: pulumi.Input; /** * Configuration block for the specific `Dimension` to use for `Expression`. See `dimension` block below for details. */ dimension?: pulumi.Input; /** * Tags that match your request. */ tags?: pulumi.Input; } export interface GetTagsFilterAndCostCategory { /** * Unique name of the Cost Category. */ key?: string; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: string[]; /** * Specific value of the Cost Category. */ values?: string[]; } export interface GetTagsFilterAndCostCategoryArgs { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface GetTagsFilterAndDimension { /** * Unique name of the Cost Category. */ key?: string; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: string[]; /** * Specific value of the Cost Category. */ values?: string[]; } export interface GetTagsFilterAndDimensionArgs { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface GetTagsFilterAndTags { key?: string; matchOptions?: string[]; values?: string[]; } export interface GetTagsFilterAndTagsArgs { key?: pulumi.Input; matchOptions?: pulumi.Input[]>; values?: pulumi.Input[]>; } export interface GetTagsFilterCostCategory { /** * Unique name of the Cost Category. */ key?: string; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: string[]; /** * Specific value of the Cost Category. */ values?: string[]; } export interface GetTagsFilterCostCategoryArgs { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface GetTagsFilterDimension { /** * Unique name of the Cost Category. */ key?: string; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: string[]; /** * Specific value of the Cost Category. */ values?: string[]; } export interface GetTagsFilterDimensionArgs { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface GetTagsFilterNot { /** * Configuration block for the filter that's based on `CostCategory` values. See `costCategory` block below for details. */ costCategory?: inputs.costexplorer.GetTagsFilterNotCostCategory; /** * Configuration block for the specific `Dimension` to use for `Expression`. See `dimension` block below for details. */ dimension?: inputs.costexplorer.GetTagsFilterNotDimension; /** * Tags that match your request. */ tags?: inputs.costexplorer.GetTagsFilterNotTags; } export interface GetTagsFilterNotArgs { /** * Configuration block for the filter that's based on `CostCategory` values. See `costCategory` block below for details. */ costCategory?: pulumi.Input; /** * Configuration block for the specific `Dimension` to use for `Expression`. See `dimension` block below for details. */ dimension?: pulumi.Input; /** * Tags that match your request. */ tags?: pulumi.Input; } export interface GetTagsFilterNotCostCategory { /** * Unique name of the Cost Category. */ key?: string; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: string[]; /** * Specific value of the Cost Category. */ values?: string[]; } export interface GetTagsFilterNotCostCategoryArgs { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface GetTagsFilterNotDimension { /** * Unique name of the Cost Category. */ key?: string; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: string[]; /** * Specific value of the Cost Category. */ values?: string[]; } export interface GetTagsFilterNotDimensionArgs { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface GetTagsFilterNotTags { key?: string; matchOptions?: string[]; values?: string[]; } export interface GetTagsFilterNotTagsArgs { key?: pulumi.Input; matchOptions?: pulumi.Input[]>; values?: pulumi.Input[]>; } export interface GetTagsFilterOr { /** * Configuration block for the filter that's based on `CostCategory` values. See `costCategory` block below for details. */ costCategory?: inputs.costexplorer.GetTagsFilterOrCostCategory; /** * Configuration block for the specific `Dimension` to use for `Expression`. See `dimension` block below for details. */ dimension?: inputs.costexplorer.GetTagsFilterOrDimension; /** * Tags that match your request. */ tags?: inputs.costexplorer.GetTagsFilterOrTags; } export interface GetTagsFilterOrArgs { /** * Configuration block for the filter that's based on `CostCategory` values. See `costCategory` block below for details. */ costCategory?: pulumi.Input; /** * Configuration block for the specific `Dimension` to use for `Expression`. See `dimension` block below for details. */ dimension?: pulumi.Input; /** * Tags that match your request. */ tags?: pulumi.Input; } export interface GetTagsFilterOrCostCategory { /** * Unique name of the Cost Category. */ key?: string; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: string[]; /** * Specific value of the Cost Category. */ values?: string[]; } export interface GetTagsFilterOrCostCategoryArgs { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface GetTagsFilterOrDimension { /** * Unique name of the Cost Category. */ key?: string; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: string[]; /** * Specific value of the Cost Category. */ values?: string[]; } export interface GetTagsFilterOrDimensionArgs { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface GetTagsFilterOrTags { key?: string; matchOptions?: string[]; values?: string[]; } export interface GetTagsFilterOrTagsArgs { key?: pulumi.Input; matchOptions?: pulumi.Input[]>; values?: pulumi.Input[]>; } export interface GetTagsFilterTags { key?: string; matchOptions?: string[]; values?: string[]; } export interface GetTagsFilterTagsArgs { key?: pulumi.Input; matchOptions?: pulumi.Input[]>; values?: pulumi.Input[]>; } export interface GetTagsSortBy { /** * key that's used to sort the data. Valid values are: `BlendedCost`, `UnblendedCost`, `AmortizedCost`, `NetAmortizedCost`, `NetUnblendedCost`, `UsageQuantity`, `NormalizedUsageAmount`. */ key?: string; /** * order that's used to sort the data. Valid values are: `ASCENDING`, `DESCENDING`. */ sortOrder?: string; } export interface GetTagsSortByArgs { /** * key that's used to sort the data. Valid values are: `BlendedCost`, `UnblendedCost`, `AmortizedCost`, `NetAmortizedCost`, `NetUnblendedCost`, `UsageQuantity`, `NormalizedUsageAmount`. */ key?: pulumi.Input; /** * order that's used to sort the data. Valid values are: `ASCENDING`, `DESCENDING`. */ sortOrder?: pulumi.Input; } export interface GetTagsTimePeriod { /** * Beginning of the time period. */ end: string; /** * End of the time period. */ start: string; } export interface GetTagsTimePeriodArgs { /** * Beginning of the time period. */ end: pulumi.Input; /** * End of the time period. */ start: pulumi.Input; } } export namespace customerprofiles { export interface DomainMatching { /** * A block that specifies the configuration about the auto-merging process. Documented below. */ autoMerging?: pulumi.Input; /** * The flag that enables the matching process of duplicate profiles. */ enabled: pulumi.Input; /** * A block that specifies the configuration for exporting Identity Resolution results. Documented below. */ exportingConfig?: pulumi.Input; /** * A block that specifies the day and time when you want to start the Identity Resolution Job every week. Documented below. */ jobSchedule?: pulumi.Input; } export interface DomainMatchingAutoMerging { /** * A block that specifies how the auto-merging process should resolve conflicts between different profiles. Documented below. */ conflictResolution?: pulumi.Input; /** * A block that specifies a list of matching attributes that represent matching criteria. If two profiles meet at least one of the requirements in the matching attributes list, they will be merged. Documented below. * * `minAllowedConfidenceScoreForMerging ` - (Optional) A number between 0 and 1 that represents the minimum confidence score required for profiles within a matching group to be merged during the auto-merge process. A higher score means higher similarity required to merge profiles. */ consolidation?: pulumi.Input; /** * The flag that enables the auto-merging of duplicate profiles. */ enabled: pulumi.Input; minAllowedConfidenceScoreForMerging?: pulumi.Input; } export interface DomainMatchingAutoMergingConflictResolution { /** * How the auto-merging process should resolve conflicts between different profiles. Valid values are `RECENCY` and `SOURCE` */ conflictResolvingModel: pulumi.Input; /** * The `ObjectType` name that is used to resolve profile merging conflicts when choosing `SOURCE` as the `ConflictResolvingModel`. */ sourceName?: pulumi.Input; } export interface DomainMatchingAutoMergingConsolidation { /** * A list of matching criteria. */ matchingAttributesLists: pulumi.Input[]>[]>; } export interface DomainMatchingExportingConfig { s3Exporting?: pulumi.Input; } export interface DomainMatchingExportingConfigS3Exporting { /** * The name of the S3 bucket where Identity Resolution Jobs write result files. */ s3BucketName: pulumi.Input; /** * The S3 key name of the location where Identity Resolution Jobs write result files. */ s3KeyName?: pulumi.Input; } export interface DomainMatchingJobSchedule { /** * The day when the Identity Resolution Job should run every week. */ dayOfTheWeek: pulumi.Input; /** * The time when the Identity Resolution Job should run every week. */ time: pulumi.Input; } export interface DomainRuleBasedMatching { /** * A block that configures information about the `AttributeTypesSelector` where the rule-based identity resolution uses to match profiles. Documented below. */ attributeTypesSelector?: pulumi.Input; /** * A block that specifies how the auto-merging process should resolve conflicts between different profiles. Documented below. */ conflictResolution?: pulumi.Input; /** * The flag that enables the rule-based matching process of duplicate profiles. */ enabled: pulumi.Input; /** * A block that specifies the configuration for exporting Identity Resolution results. Documented below. */ exportingConfig?: pulumi.Input; /** * A block that configures how the rule-based matching process should match profiles. You can have up to 15 `rule` in the `natchingRules`. Documented below. */ matchingRules?: pulumi.Input[]>; /** * Indicates the maximum allowed rule level for matching. */ maxAllowedRuleLevelForMatching?: pulumi.Input; /** * Indicates the maximum allowed rule level for merging. */ maxAllowedRuleLevelForMerging?: pulumi.Input; status?: pulumi.Input; } export interface DomainRuleBasedMatchingAttributeTypesSelector { /** * The `Address` type. You can choose from `Address`, `BusinessAddress`, `MaillingAddress`, and `ShippingAddress`. */ addresses?: pulumi.Input[]>; /** * Configures the `AttributeMatchingModel`, you can either choose `ONE_TO_ONE` or `MANY_TO_MANY`. */ attributeMatchingModel: pulumi.Input; /** * The `Email` type. You can choose from `EmailAddress`, `BusinessEmailAddress` and `PersonalEmailAddress`. */ emailAddresses?: pulumi.Input[]>; /** * The `PhoneNumber` type. You can choose from `PhoneNumber`, `HomePhoneNumber`, and `MobilePhoneNumber`. */ phoneNumbers?: pulumi.Input[]>; } export interface DomainRuleBasedMatchingConflictResolution { /** * How the auto-merging process should resolve conflicts between different profiles. Valid values are `RECENCY` and `SOURCE` */ conflictResolvingModel: pulumi.Input; /** * The `ObjectType` name that is used to resolve profile merging conflicts when choosing `SOURCE` as the `ConflictResolvingModel`. */ sourceName?: pulumi.Input; } export interface DomainRuleBasedMatchingExportingConfig { s3Exporting?: pulumi.Input; } export interface DomainRuleBasedMatchingExportingConfigS3Exporting { /** * The name of the S3 bucket where Identity Resolution Jobs write result files. */ s3BucketName: pulumi.Input; /** * The S3 key name of the location where Identity Resolution Jobs write result files. */ s3KeyName?: pulumi.Input; } export interface DomainRuleBasedMatchingMatchingRule { /** * A single rule level of the `matchRules`. Configures how the rule-based matching process should match profiles. */ rules: pulumi.Input[]>; } export interface ProfileAddress { /** * The first line of a customer address. */ address1?: pulumi.Input; /** * The second line of a customer address. */ address2?: pulumi.Input; /** * The third line of a customer address. */ address3?: pulumi.Input; /** * The fourth line of a customer address. */ address4?: pulumi.Input; /** * The city in which a customer lives. */ city?: pulumi.Input; /** * The country in which a customer lives. */ country?: pulumi.Input; /** * The county in which a customer lives. */ county?: pulumi.Input; /** * The postal code of a customer address. */ postalCode?: pulumi.Input; /** * The province in which a customer lives. */ province?: pulumi.Input; /** * The state in which a customer lives. */ state?: pulumi.Input; } export interface ProfileBillingAddress { /** * The first line of a customer address. */ address1?: pulumi.Input; /** * The second line of a customer address. */ address2?: pulumi.Input; /** * The third line of a customer address. */ address3?: pulumi.Input; /** * The fourth line of a customer address. */ address4?: pulumi.Input; /** * The city in which a customer lives. */ city?: pulumi.Input; /** * The country in which a customer lives. */ country?: pulumi.Input; /** * The county in which a customer lives. */ county?: pulumi.Input; /** * The postal code of a customer address. */ postalCode?: pulumi.Input; /** * The province in which a customer lives. */ province?: pulumi.Input; /** * The state in which a customer lives. */ state?: pulumi.Input; } export interface ProfileMailingAddress { /** * The first line of a customer address. */ address1?: pulumi.Input; /** * The second line of a customer address. */ address2?: pulumi.Input; /** * The third line of a customer address. */ address3?: pulumi.Input; /** * The fourth line of a customer address. */ address4?: pulumi.Input; /** * The city in which a customer lives. */ city?: pulumi.Input; /** * The country in which a customer lives. */ country?: pulumi.Input; /** * The county in which a customer lives. */ county?: pulumi.Input; /** * The postal code of a customer address. */ postalCode?: pulumi.Input; /** * The province in which a customer lives. */ province?: pulumi.Input; /** * The state in which a customer lives. */ state?: pulumi.Input; } export interface ProfileShippingAddress { /** * The first line of a customer address. */ address1?: pulumi.Input; /** * The second line of a customer address. */ address2?: pulumi.Input; /** * The third line of a customer address. */ address3?: pulumi.Input; /** * The fourth line of a customer address. */ address4?: pulumi.Input; /** * The city in which a customer lives. */ city?: pulumi.Input; /** * The country in which a customer lives. */ country?: pulumi.Input; /** * The county in which a customer lives. */ county?: pulumi.Input; /** * The postal code of a customer address. */ postalCode?: pulumi.Input; /** * The province in which a customer lives. */ province?: pulumi.Input; /** * The state in which a customer lives. */ state?: pulumi.Input; } } export namespace dataexchange { export interface EventActionAction { /** * Configuration for an Export Revision to S3 action. * Described in `exportRevisionToS3` Configuration Block */ exportRevisionToS3: pulumi.Input; } export interface EventActionActionExportRevisionToS3 { /** * Configures server-side encryption of the exported revision. * Described in `encryption` Configuration Block below. */ encryption?: pulumi.Input; /** * Configures the S3 destination of the exported revision. * Described in `revisionDestination` Configuration Block below. */ revisionDestination: pulumi.Input; } export interface EventActionActionExportRevisionToS3Encryption { /** * ARN of the KMS key used for encryption. */ kmsKeyArn?: pulumi.Input; /** * Type of server-side encryption. * Valid values are `aws:kms` or `aws:s3`. */ type?: pulumi.Input; } export interface EventActionActionExportRevisionToS3RevisionDestination { /** * The S3 bucket where the revision will be exported. */ bucket: pulumi.Input; /** * Pattern for naming revisions in the S3 bucket. * Defaults to `${Revision.CreatedAt}/${Asset.Name}`. */ keyPattern?: pulumi.Input; } export interface EventActionEvent { /** * Configuration for a Revision Published event. * Described in `revisionPublished` Configuration Block below. */ revisionPublished: pulumi.Input; } export interface EventActionEventRevisionPublished { /** * The ID of the data set to monitor for revision publications. * Changing this value will recreate the resource. */ dataSetId: pulumi.Input; } export interface RevisionAssetsAsset { /** * The ARN of the Data Exchange Revision Assets. */ arn?: pulumi.Input; /** * A block to create S3 data access from an S3 bucket. See Create S3 Data Access from S3 Bucket for more details. */ createS3DataAccessFromS3Bucket?: pulumi.Input; /** * The timestamp when the revision was created, in RFC3339 format. */ createdAt?: pulumi.Input; /** * The unique identifier for the revision. */ id?: pulumi.Input; /** * A block to import assets from S3. See Import Assets from S3 for more details. */ importAssetsFromS3?: pulumi.Input; /** * A block to import assets from a signed URL. See Import Assets from Signed URL for more details. */ importAssetsFromSignedUrl?: pulumi.Input; name?: pulumi.Input; /** * The timestamp when the revision was last updated, in RFC3339 format. */ updatedAt?: pulumi.Input; } export interface RevisionAssetsAssetCreateS3DataAccessFromS3Bucket { accessPointAlias?: pulumi.Input; accessPointArn?: pulumi.Input; /** * A block specifying the source bucket for the asset. This block supports the following: */ assetSource?: pulumi.Input; } export interface RevisionAssetsAssetCreateS3DataAccessFromS3BucketAssetSource { /** * The name of the S3 bucket. */ bucket: pulumi.Input; /** * List of key prefixes in the S3 bucket. */ keyPrefixes?: pulumi.Input[]>; /** * List of object keys in the S3 bucket. */ keys?: pulumi.Input[]>; kmsKeysToGrants?: pulumi.Input[]>; } export interface RevisionAssetsAssetCreateS3DataAccessFromS3BucketAssetSourceKmsKeysToGrant { /** * The ARN of the KMS key. */ kmsKeyArn: pulumi.Input; } export interface RevisionAssetsAssetImportAssetsFromS3 { /** * A block specifying the source bucket and key for the asset. This block supports the following: */ assetSource?: pulumi.Input; } export interface RevisionAssetsAssetImportAssetsFromS3AssetSource { /** * The name of the S3 bucket. */ bucket: pulumi.Input; /** * The key of the object in the S3 bucket. */ key: pulumi.Input; } export interface RevisionAssetsAssetImportAssetsFromSignedUrl { /** * The name of the file to import. */ filename: pulumi.Input; } export interface RevisionAssetsTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; } } export namespace datapipeline { export interface GetPipelineDefinitionParameterValue { /** * ID of the object. */ id?: string; /** * Field value, expressed as a String. */ stringValue?: string; } export interface GetPipelineDefinitionParameterValueArgs { /** * ID of the object. */ id?: pulumi.Input; /** * Field value, expressed as a String. */ stringValue?: pulumi.Input; } export interface PipelineDefinitionParameterObject { /** * Configuration block for attributes of the parameter object. See below */ attributes?: pulumi.Input[]>; /** * ID of the parameter object. */ id: pulumi.Input; } export interface PipelineDefinitionParameterObjectAttribute { /** * Field identifier. */ key: pulumi.Input; /** * Field value, expressed as a String. */ stringValue: pulumi.Input; } export interface PipelineDefinitionParameterValue { /** * ID of the parameter value. */ id: pulumi.Input; /** * Field value, expressed as a String. */ stringValue: pulumi.Input; } export interface PipelineDefinitionPipelineObject { /** * Configuration block for Key-value pairs that define the properties of the object. See below */ fields?: pulumi.Input[]>; /** * ID of the object. */ id: pulumi.Input; /** * ARN of the storage connector. */ name: pulumi.Input; } export interface PipelineDefinitionPipelineObjectField { /** * Field identifier. */ key: pulumi.Input; /** * Field value, expressed as the identifier of another object */ refValue?: pulumi.Input; /** * Field value, expressed as a String. */ stringValue?: pulumi.Input; } } export namespace datasync { export interface EfsLocationEc2Config { /** * List of Amazon Resource Names (ARNs) of the EC2 Security Groups that are associated with the EFS Mount Target. */ securityGroupArns: pulumi.Input[]>; /** * Amazon Resource Name (ARN) of the EC2 Subnet that is associated with the EFS Mount Target. */ subnetArn: pulumi.Input; } export interface FsxOpenZfsFileSystemProtocol { /** * Represents the Network File System (NFS) protocol that DataSync uses to access your FSx for OpenZFS file system. See below. */ nfs: pulumi.Input; } export interface FsxOpenZfsFileSystemProtocolNfs { /** * Represents the mount options that are available for DataSync to access an NFS location. See below. */ mountOptions: pulumi.Input; } export interface FsxOpenZfsFileSystemProtocolNfsMountOptions { /** * The specific NFS version that you want DataSync to use for mounting your NFS share. Valid values: `AUTOMATIC`, `NFS3`, `NFS4_0` and `NFS4_1`. Default: `AUTOMATIC` */ version?: pulumi.Input; } export interface LocationAzureBlobSasConfiguration { /** * A SAS token that provides permissions to access your Azure Blob Storage. */ token: pulumi.Input; } export interface LocationFsxOntapFileSystemProtocol { /** * Network File System (NFS) protocol that DataSync uses to access your FSx ONTAP file system. See NFS below. */ nfs?: pulumi.Input; /** * Server Message Block (SMB) protocol that DataSync uses to access your FSx ONTAP file system. See [SMB] (#smb) below. */ smb?: pulumi.Input; } export interface LocationFsxOntapFileSystemProtocolNfs { /** * Mount options that are available for DataSync to access an NFS location. See NFS Mount Options below. */ mountOptions: pulumi.Input; } export interface LocationFsxOntapFileSystemProtocolNfsMountOptions { version?: pulumi.Input; } export interface LocationFsxOntapFileSystemProtocolSmb { /** * Fully qualified domain name of the Microsoft Active Directory (AD) that your storage virtual machine belongs to. */ domain?: pulumi.Input; /** * Mount options that are available for DataSync to access an SMB location. See SMB Mount Options below. */ mountOptions: pulumi.Input; /** * Password of a user who has permission to access your SVM. */ password: pulumi.Input; /** * Username that can mount the location and access the files, folders, and metadata that you need in the SVM. */ user: pulumi.Input; } export interface LocationFsxOntapFileSystemProtocolSmbMountOptions { version?: pulumi.Input; } export interface LocationHdfsNameNode { /** * The hostname of the NameNode in the HDFS cluster. This value is the IP address or Domain Name Service (DNS) name of the NameNode. An agent that's installed on-premises uses this hostname to communicate with the NameNode in the network. */ hostname: pulumi.Input; /** * The port that the NameNode uses to listen to client requests. */ port: pulumi.Input; } export interface LocationHdfsQopConfiguration { /** * The data transfer protection setting configured on the HDFS cluster. This setting corresponds to your dfs.data.transfer.protection setting in the hdfs-site.xml file on your Hadoop cluster. Valid values are `DISABLED`, `AUTHENTICATION`, `INTEGRITY` and `PRIVACY`. */ dataTransferProtection?: pulumi.Input; /** * The RPC protection setting configured on the HDFS cluster. This setting corresponds to your hadoop.rpc.protection setting in your core-site.xml file on your Hadoop cluster. Valid values are `DISABLED`, `AUTHENTICATION`, `INTEGRITY` and `PRIVACY`. */ rpcProtection?: pulumi.Input; } export interface LocationSmbMountOptions { /** * The specific SMB version that you want DataSync to use for mounting your SMB share. Valid values: `AUTOMATIC`, `SMB2`, and `SMB3`. Default: `AUTOMATIC` */ version?: pulumi.Input; } export interface NfsLocationMountOptions { /** * The specific NFS version that you want DataSync to use for mounting your NFS share. Valid values: `AUTOMATIC`, `NFS3`, `NFS4_0` and `NFS4_1`. Default: `AUTOMATIC` */ version?: pulumi.Input; } export interface NfsLocationOnPremConfig { /** * List of Amazon Resource Names (ARNs) of the DataSync Agents used to connect to the NFS server. */ agentArns: pulumi.Input[]>; } export interface S3LocationS3Config { /** * ARN of the IAM Role used to connect to the S3 Bucket. */ bucketAccessRoleArn: pulumi.Input; } export interface TaskExcludes { /** * The type of filter rule to apply. Valid values: `SIMPLE_PATTERN`. */ filterType?: pulumi.Input; /** * A single filter string that consists of the patterns to exclude. The patterns are delimited by "|" (that is, a pipe), for example: `/folder1|/folder2` */ value?: pulumi.Input; } export interface TaskIncludes { /** * The type of filter rule to apply. Valid values: `SIMPLE_PATTERN`. */ filterType?: pulumi.Input; /** * A single filter string that consists of the patterns to include. The patterns are delimited by "|" (that is, a pipe), for example: `/folder1|/folder2` */ value?: pulumi.Input; } export interface TaskOptions { /** * A file metadata that shows the last time a file was accessed (that is when the file was read or written to). If set to `BEST_EFFORT`, the DataSync Task attempts to preserve the original (that is, the version before sync `PREPARING` phase) `atime` attribute on all source files. Valid values: `BEST_EFFORT`, `NONE`. Default: `BEST_EFFORT`. */ atime?: pulumi.Input; /** * Limits the bandwidth utilized. For example, to set a maximum of 1 MB, set this value to `1048576`. Value values: `-1` or greater. Default: `-1` (unlimited). */ bytesPerSecond?: pulumi.Input; /** * Group identifier of the file's owners. Valid values: `BOTH`, `INT_VALUE`, `NAME`, `NONE`. Default: `INT_VALUE` (preserve integer value of the ID). */ gid?: pulumi.Input; /** * Determines the type of logs that DataSync publishes to a log stream in the Amazon CloudWatch log group that you provide. Valid values: `OFF`, `BASIC`, `TRANSFER`. Default: `OFF`. */ logLevel?: pulumi.Input; /** * A file metadata that indicates the last time a file was modified (written to) before the sync `PREPARING` phase. Value values: `NONE`, `PRESERVE`. Default: `PRESERVE`. */ mtime?: pulumi.Input; /** * Specifies whether object tags are maintained when transferring between object storage systems. If you want your DataSync task to ignore object tags, specify the NONE value. Valid values: `PRESERVE`, `NONE`. Default value: `PRESERVE`. */ objectTags?: pulumi.Input; /** * Determines whether files at the destination should be overwritten or preserved when copying files. Valid values: `ALWAYS`, `NEVER`. Default: `ALWAYS`. */ overwriteMode?: pulumi.Input; /** * Determines which users or groups can access a file for a specific purpose such as reading, writing, or execution of the file. Valid values: `NONE`, `PRESERVE`. Default: `PRESERVE`. */ posixPermissions?: pulumi.Input; /** * Whether files deleted in the source should be removed or preserved in the destination file system. Valid values: `PRESERVE`, `REMOVE`. Default: `PRESERVE`. */ preserveDeletedFiles?: pulumi.Input; /** * Whether the DataSync Task should preserve the metadata of block and character devices in the source files system, and recreate the files with that device name and metadata on the destination. The DataSync Task can’t sync the actual contents of such devices, because many of the devices are non-terminal and don’t return an end of file (EOF) marker. Valid values: `NONE`, `PRESERVE`. Default: `NONE` (ignore special devices). */ preserveDevices?: pulumi.Input; /** * Determines which components of the SMB security descriptor are copied from source to destination objects. This value is only used for transfers between SMB and Amazon FSx for Windows File Server locations, or between two Amazon FSx for Windows File Server locations. Valid values: `NONE`, `OWNER_DACL`, `OWNER_DACL_SACL`. Default: `OWNER_DACL`. */ securityDescriptorCopyFlags?: pulumi.Input; /** * Determines whether tasks should be queued before executing the tasks. Valid values: `ENABLED`, `DISABLED`. Default `ENABLED`. */ taskQueueing?: pulumi.Input; /** * Determines whether DataSync transfers only the data and metadata that differ between the source and the destination location, or whether DataSync transfers all the content from the source, without comparing to the destination location. Valid values: `CHANGED`, `ALL`. Default: `CHANGED` */ transferMode?: pulumi.Input; /** * User identifier of the file's owners. Valid values: `BOTH`, `INT_VALUE`, `NAME`, `NONE`. Default: `INT_VALUE` (preserve integer value of the ID). */ uid?: pulumi.Input; /** * Whether a data integrity verification should be performed at the end of a task execution after all data and metadata have been transferred. Valid values: `NONE`, `POINT_IN_TIME_CONSISTENT`, `ONLY_FILES_TRANSFERRED`. Default: `POINT_IN_TIME_CONSISTENT`. */ verifyMode?: pulumi.Input; } export interface TaskSchedule { /** * Specifies the schedule you want your task to use for repeated executions. For more information, see [Schedule Expressions for Rules](https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/ScheduledEvents.html). */ scheduleExpression: pulumi.Input; } export interface TaskTaskReportConfig { /** * Specifies the type of task report you'd like. Valid values: `SUMMARY_ONLY` and `STANDARD`. */ outputType?: pulumi.Input; /** * Specifies whether you want your task report to include only what went wrong with your transfer or a list of what succeeded and didn't. Valid values: `ERRORS_ONLY` and `SUCCESSES_AND_ERRORS`. */ reportLevel?: pulumi.Input; /** * Configuration block containing the configuration of the reporting level for aspects of your task report. See `reportOverrides` below. */ reportOverrides?: pulumi.Input; /** * Configuration block containing the configuration for the Amazon S3 bucket where DataSync uploads your task report. See `s3Destination` below. */ s3Destination: pulumi.Input; /** * Specifies whether your task report includes the new version of each object transferred into an S3 bucket. This only applies if you enable versioning on your bucket. Keep in mind that setting this to INCLUDE can increase the duration of your task execution. Valid values: `INCLUDE` and `NONE`. */ s3ObjectVersioning?: pulumi.Input; } export interface TaskTaskReportConfigReportOverrides { /** * Specifies the level of reporting for the files, objects, and directories that DataSync attempted to delete in your destination location. This only applies if you configure your task to delete data in the destination that isn't in the source. Valid values: `ERRORS_ONLY` and `SUCCESSES_AND_ERRORS`. */ deletedOverride?: pulumi.Input; /** * Specifies the level of reporting for the files, objects, and directories that DataSync attempted to skip during your transfer. Valid values: `ERRORS_ONLY` and `SUCCESSES_AND_ERRORS`. */ skippedOverride?: pulumi.Input; /** * Specifies the level of reporting for the files, objects, and directories that DataSync attempted to transfer. Valid values: `ERRORS_ONLY` and `SUCCESSES_AND_ERRORS`. */ transferredOverride?: pulumi.Input; /** * Specifies the level of reporting for the files, objects, and directories that DataSync attempted to verify at the end of your transfer. Valid values: `ERRORS_ONLY` and `SUCCESSES_AND_ERRORS`. * * > **NOTE:** If any `reportOverrides` are set to the same value as `task_report_config.report_level`, they will always be flagged as changed. Only set overrides to a value that differs from `task_report_config.report_level`. */ verifiedOverride?: pulumi.Input; } export interface TaskTaskReportConfigS3Destination { /** * Specifies the Amazon Resource Name (ARN) of the IAM policy that allows DataSync to upload a task report to your S3 bucket. */ bucketAccessRoleArn: pulumi.Input; /** * Specifies the ARN of the S3 bucket where DataSync uploads your report. */ s3BucketArn: pulumi.Input; /** * Specifies a bucket prefix for your report. */ subdirectory?: pulumi.Input; } } export namespace datazone { export interface AssetTypeFormsInput { mapBlockKey: pulumi.Input; required?: pulumi.Input; typeIdentifier: pulumi.Input; typeRevision: pulumi.Input; } export interface AssetTypeTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; } export interface DomainSingleSignOn { type?: pulumi.Input; userAssignment?: pulumi.Input; } export interface DomainTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; } export interface EnvironmentLastDeployment { deploymentId: pulumi.Input; deploymentStatus: pulumi.Input; deploymentType: pulumi.Input; failureReasons: pulumi.Input[]>; isDeploymentComplete: pulumi.Input; messages: pulumi.Input[]>; } export interface EnvironmentLastDeploymentFailureReason { code: pulumi.Input; message: pulumi.Input; } export interface EnvironmentProfileUserParameter { /** * Name of the environment profile parameter. */ name?: pulumi.Input; /** * Value of the environment profile parameter. */ value?: pulumi.Input; } export interface EnvironmentProvisionedResource { /** * The name of the environment. */ name: pulumi.Input; provider: pulumi.Input; type: pulumi.Input; /** * The value of an environment profile parameter. */ value: pulumi.Input; } export interface EnvironmentTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface EnvironmentUserParameter { /** * The name of an environment profile parameter. */ name?: pulumi.Input; /** * The value of an environment profile parameter. */ value?: pulumi.Input; } export interface FormTypeImport { /** * Name of the form type. Must be the name of the structure in smithy document. */ name: pulumi.Input; /** * Revision of the Form Type. */ revision: pulumi.Input; } export interface FormTypeModel { /** * Smithy document that indicates the model of the API. Must be between the lengths 1 and 100,000 and be encoded as a smithy document. * * The following arguments are optional: */ smithy: pulumi.Input; } export interface FormTypeTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; } export interface GlossaryTermTermRelations { /** * String array that calssifies the term relations. */ classifies?: pulumi.Input[]>; isAs?: pulumi.Input[]>; } export interface GlossaryTermTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; } export interface ProjectFailureReason { code: pulumi.Input; message: pulumi.Input; } export interface ProjectTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; } export interface UserProfileDetail { iams: pulumi.Input[]>; ssos: pulumi.Input[]>; } export interface UserProfileDetailIam { arn: pulumi.Input; } export interface UserProfileDetailSso { firstName: pulumi.Input; lastName: pulumi.Input; userName: pulumi.Input; } export interface UserProfileTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } } export namespace dax { export interface ClusterNode { address?: pulumi.Input; availabilityZone?: pulumi.Input; id?: pulumi.Input; /** * The port used by the configuration endpoint */ port?: pulumi.Input; } export interface ClusterServerSideEncryption { /** * Whether to enable encryption at rest. Defaults to `false`. */ enabled?: pulumi.Input; } export interface ParameterGroupParameter { /** * The name of the parameter. */ name: pulumi.Input; /** * The value for the parameter. */ value: pulumi.Input; } } export namespace devicefarm { export interface DevicePoolRule { /** * The rule's stringified attribute. Valid values are: `APPIUM_VERSION`, `ARN`, `AVAILABILITY`, `FLEET_TYPE`, `FORM_FACTOR`, `INSTANCE_ARN`, `INSTANCE_LABELS`, `MANUFACTURER`, `MODEL`, `OS_VERSION`, `PLATFORM`, `REMOTE_ACCESS_ENABLED`, `REMOTE_DEBUG_ENABLED`. */ attribute?: pulumi.Input; /** * Specifies how Device Farm compares the rule's attribute to the value. For the operators that are supported by each attribute. Valid values are: `EQUALS`, `NOT_IN`, `IN`, `GREATER_THAN`, `GREATER_THAN_OR_EQUALS`, `LESS_THAN`, `LESS_THAN_OR_EQUALS`, `CONTAINS`. */ operator?: pulumi.Input; /** * The rule's value. */ value?: pulumi.Input; } export interface TestGridProjectVpcConfig { /** * A list of VPC security group IDs in your Amazon VPC. */ securityGroupIds: pulumi.Input[]>; /** * A list of VPC subnet IDs in your Amazon VPC. */ subnetIds: pulumi.Input[]>; /** * The ID of the Amazon VPC. */ vpcId: pulumi.Input; } } export namespace devopsguru { export interface EventSourcesConfigEventSource { /** * Stores whether DevOps Guru is configured to consume recommendations which are generated from AWS CodeGuru Profiler. See `amazonCodeGuruProfiler` below. */ amazonCodeGuruProfilers: pulumi.Input[]>; } export interface EventSourcesConfigEventSourceAmazonCodeGuruProfiler { /** * Status of the CodeGuru Profiler integration. Valid values are `ENABLED` and `DISABLED`. */ status: pulumi.Input; } export interface GetNotificationChannelFilter { /** * Events to receive notifications for. */ messageTypes?: string[]; /** * Severity levels to receive notifications for. */ severities?: string[]; } export interface GetNotificationChannelFilterArgs { /** * Events to receive notifications for. */ messageTypes?: pulumi.Input[]>; /** * Severity levels to receive notifications for. */ severities?: pulumi.Input[]>; } export interface GetNotificationChannelSn { /** * Amazon Resource Name (ARN) of an Amazon Simple Notification Service topic. */ topicArn?: string; } export interface GetNotificationChannelSnArgs { /** * Amazon Resource Name (ARN) of an Amazon Simple Notification Service topic. */ topicArn?: pulumi.Input; } export interface NotificationChannelFilters { /** * Events to receive notifications for. Valid values are `NEW_INSIGHT`, `CLOSED_INSIGHT`, `NEW_ASSOCIATION`, `SEVERITY_UPGRADED`, and `NEW_RECOMMENDATION`. */ messageTypes?: pulumi.Input[]>; /** * Severity levels to receive notifications for. Valid values are `LOW`, `MEDIUM`, and `HIGH`. */ severities?: pulumi.Input[]>; } export interface NotificationChannelSns { /** * Amazon Resource Name (ARN) of an Amazon Simple Notification Service topic. */ topicArn: pulumi.Input; } export interface ResourceCollectionCloudformation { /** * Array of the names of the AWS CloudFormation stacks. If `type` is `AWS_SERVICE` (all acccount resources) this array should be a single item containing a wildcard (`"*"`). */ stackNames: pulumi.Input[]>; } export interface ResourceCollectionTags { /** * An AWS tag key that is used to identify the AWS resources that DevOps Guru analyzes. All AWS resources in your account and Region tagged with this key make up your DevOps Guru application and analysis boundary. The key must begin with the prefix `DevOps-Guru-`. Any casing can be used for the prefix, but the associated tags __must use the same casing__ in their tag key. */ appBoundaryKey: pulumi.Input; /** * Array of tag values. These can be used to further filter for specific resources within the application boundary. To analyze all resources tagged with the `appBoundaryKey` regardless of the corresponding tag value, this array should be a single item containing a wildcard (`"*"`). */ tagValues: pulumi.Input[]>; } export interface ServiceIntegrationKmsServerSideEncryption { /** * KMS key ID. This value can be a key ID, key ARN, alias name, or alias ARN. */ kmsKeyId?: pulumi.Input; /** * Specifies whether KMS integration is enabled. Valid values are `DISABLED` and `ENABLED`. */ optInStatus?: pulumi.Input; /** * Type of KMS key used. Valid values are `CUSTOMER_MANAGED_KEY` and `AWS_OWNED_KMS_KEY`. */ type?: pulumi.Input; } export interface ServiceIntegrationLogsAnomalyDetection { /** * Specifies if DevOps Guru is configured to perform log anomaly detection on CloudWatch log groups. Valid values are `DISABLED` and `ENABLED`. */ optInStatus?: pulumi.Input; } export interface ServiceIntegrationOpsCenter { /** * Specifies if DevOps Guru is enabled to create an AWS Systems Manager OpsItem for each created insight. Valid values are `DISABLED` and `ENABLED`. */ optInStatus?: pulumi.Input; } } export namespace directconnect { } export namespace directoryservice { export interface DirectoryConnectSettings { availabilityZones?: pulumi.Input[]>; /** * The IP addresses of the AD Connector servers. */ connectIps?: pulumi.Input[]>; /** * The DNS IP addresses of the domain to connect to. */ customerDnsIps: pulumi.Input[]>; /** * The username corresponding to the password provided. */ customerUsername: pulumi.Input; /** * The identifiers of the subnets for the directory servers (2 subnets in 2 different AZs). */ subnetIds: pulumi.Input[]>; /** * The identifier of the VPC that the directory is in. */ vpcId: pulumi.Input; } export interface DirectoryVpcSettings { availabilityZones?: pulumi.Input[]>; /** * The identifiers of the subnets for the directory servers (2 subnets in 2 different AZs). */ subnetIds: pulumi.Input[]>; /** * The identifier of the VPC that the directory is in. */ vpcId: pulumi.Input; } export interface ServiceRegionVpcSettings { /** * The identifiers of the subnets for the directory servers. */ subnetIds: pulumi.Input[]>; /** * The identifier of the VPC in which to create the directory. */ vpcId: pulumi.Input; } export interface SharedDirectoryTarget { /** * Identifier of the directory consumer account. */ id: pulumi.Input; /** * Type of identifier to be used in the `id` field. Valid value is `ACCOUNT`. Default is `ACCOUNT`. */ type?: pulumi.Input; } } export namespace dlm { export interface LifecyclePolicyPolicyDetails { /** * The actions to be performed when the event-based policy is triggered. You can specify only one action per policy. This parameter is required for event-based policies only. If you are creating a snapshot or AMI policy, omit this parameter. See the `action` configuration block. */ action?: pulumi.Input; copyTags?: pulumi.Input; /** * How often the policy should run and create snapshots or AMIs. valid values range from `1` to `7`. Default value is `1`. */ createInterval?: pulumi.Input; /** * The event that triggers the event-based policy. This parameter is required for event-based policies only. If you are creating a snapshot or AMI policy, omit this parameter. See the `eventSource` configuration block. */ eventSource?: pulumi.Input; /** * Specifies exclusion parameters for volumes or instances for which you do not want to create snapshots or AMIs. See the `exclusions` configuration block. */ exclusions?: pulumi.Input; /** * snapshot or AMI retention behavior for the policy if the source volume or instance is deleted, or if the policy enters the error, disabled, or deleted state. Default value is `false`. */ extendDeletion?: pulumi.Input; parameters?: pulumi.Input; /** * Type of policy to create. `SIMPLIFIED` To create a default policy. `STANDARD` To create a custom policy. */ policyLanguage?: pulumi.Input; /** * The valid target resource types and actions a policy can manage. Specify `EBS_SNAPSHOT_MANAGEMENT` to create a lifecycle policy that manages the lifecycle of Amazon EBS snapshots. Specify `IMAGE_MANAGEMENT` to create a lifecycle policy that manages the lifecycle of EBS-backed AMIs. Specify `EVENT_BASED_POLICY` to create an event-based policy that performs specific actions when a defined event occurs in your AWS account. Default value is `EBS_SNAPSHOT_MANAGEMENT`. */ policyType?: pulumi.Input; /** * The location of the resources to backup. If the source resources are located in an AWS Region, specify `CLOUD`. If the source resources are located on an Outpost in your account, specify `OUTPOST`. If the source resources are located in a Local Zone, specify `LOCAL_ZONE`. Valid values are `CLOUD`, `LOCAL_ZONE`, and `OUTPOST`. */ resourceLocations?: pulumi.Input; /** * Type of default policy to create. Valid values are `VOLUME` and `INSTANCE`. */ resourceType?: pulumi.Input; /** * A list of resource types that should be targeted by the lifecycle policy. Valid values are `VOLUME` and `INSTANCE`. */ resourceTypes?: pulumi.Input[]>; /** * Specifies how long the policy should retain snapshots or AMIs before deleting them. valid values range from `2` to `14`. Default value is `7`. */ retainInterval?: pulumi.Input; /** * See the `schedule` configuration block. */ schedules?: pulumi.Input[]>; /** * A map of tag keys and their values. Any resources that match the `resourceTypes` and are tagged with _any_ of these tags will be targeted. Required when `policyType` is `EBS_SNAPSHOT_MANAGEMENT` or `IMAGE_MANAGEMENT`. Must not be specified when `policyType` is `EVENT_BASED_POLICY`. * * > Note: You cannot have overlapping lifecycle policies that share the same `targetTags`. Pulumi is unable to detect this at plan time but it will fail during apply. */ targetTags?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface LifecyclePolicyPolicyDetailsAction { /** * The rule for copying shared snapshots across Regions. See the `crossRegionCopy` configuration block. */ crossRegionCopies: pulumi.Input[]>; name: pulumi.Input; } export interface LifecyclePolicyPolicyDetailsActionCrossRegionCopy { /** * The encryption settings for the copied snapshot. See the `encryptionConfiguration` block. Max of 1 per action. */ encryptionConfiguration: pulumi.Input; retainRule?: pulumi.Input; target: pulumi.Input; } export interface LifecyclePolicyPolicyDetailsActionCrossRegionCopyEncryptionConfiguration { cmkArn?: pulumi.Input; encrypted?: pulumi.Input; } export interface LifecyclePolicyPolicyDetailsActionCrossRegionCopyRetainRule { interval: pulumi.Input; intervalUnit: pulumi.Input; } export interface LifecyclePolicyPolicyDetailsEventSource { parameters: pulumi.Input; /** * The source of the event. Currently only managed CloudWatch Events rules are supported. Valid values are `MANAGED_CWE`. */ type: pulumi.Input; } export interface LifecyclePolicyPolicyDetailsEventSourceParameters { /** * The snapshot description that can trigger the policy. The description pattern is specified using a regular expression. The policy runs only if a snapshot with a description that matches the specified pattern is shared with your account. */ descriptionRegex: pulumi.Input; /** * The type of event. Currently, only `shareSnapshot` events are supported. */ eventType: pulumi.Input; /** * The IDs of the AWS accounts that can trigger policy by sharing snapshots with your account. The policy only runs if one of the specified AWS accounts shares a snapshot with your account. */ snapshotOwners: pulumi.Input[]>; } export interface LifecyclePolicyPolicyDetailsExclusions { /** * Indicates whether to exclude volumes that are attached to instances as the boot volume. To exclude boot volumes, specify `true`. */ excludeBootVolumes?: pulumi.Input; /** * Map specifies whether to exclude volumes that have specific tags. */ excludeTags?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * List specifies the volume types to exclude. */ excludeVolumeTypes?: pulumi.Input[]>; } export interface LifecyclePolicyPolicyDetailsParameters { /** * Indicates whether to exclude the root volume from snapshots created using CreateSnapshots. The default is `false`. */ excludeBootVolume?: pulumi.Input; /** * Applies to AMI lifecycle policies only. Indicates whether targeted instances are rebooted when the lifecycle policy runs. `true` indicates that targeted instances are not rebooted when the policy runs. `false` indicates that target instances are rebooted when the policy runs. The default is `true` (instances are not rebooted). */ noReboot?: pulumi.Input; } export interface LifecyclePolicyPolicyDetailsSchedule { /** * Specifies a snapshot archiving rule for a schedule. See `archiveRule` block. */ archiveRule?: pulumi.Input; copyTags?: pulumi.Input; /** * See the `createRule` block. Max of 1 per schedule. */ createRule: pulumi.Input; /** * See the `crossRegionCopyRule` block. Max of 3 per schedule. */ crossRegionCopyRules?: pulumi.Input[]>; deprecateRule?: pulumi.Input; /** * See the `fastRestoreRule` block. Max of 1 per schedule. */ fastRestoreRule?: pulumi.Input; name: pulumi.Input; retainRule: pulumi.Input; /** * See the `shareRule` block. Max of 1 per schedule. */ shareRule?: pulumi.Input; /** * A map of tag keys and their values. DLM lifecycle policies will already tag the snapshot with the tags on the volume. This configuration adds extra tags on top of these. */ tagsToAdd?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * A map of tag keys and variable values, where the values are determined when the policy is executed. Only `$(instance-id)` or `$(timestamp)` are valid values. Can only be used when `resourceTypes` is `INSTANCE`. */ variableTags?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface LifecyclePolicyPolicyDetailsScheduleArchiveRule { /** * Information about the retention period for the snapshot archiving rule. See the `archiveRetainRule` block. */ archiveRetainRule: pulumi.Input; } export interface LifecyclePolicyPolicyDetailsScheduleArchiveRuleArchiveRetainRule { /** * Information about retention period in the Amazon EBS Snapshots Archive. See the `retentionArchiveTier` block. */ retentionArchiveTier: pulumi.Input; } export interface LifecyclePolicyPolicyDetailsScheduleArchiveRuleArchiveRetainRuleRetentionArchiveTier { count?: pulumi.Input; interval?: pulumi.Input; intervalUnit?: pulumi.Input; } export interface LifecyclePolicyPolicyDetailsScheduleCreateRule { /** * The schedule, as a Cron expression. The schedule interval must be between 1 hour and 1 year. Conflicts with `interval`, `intervalUnit`, and `times`. For details on valid Cron expressions, see [here](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-scheduled-rule-pattern.html#eb-cron-expressions). */ cronExpression?: pulumi.Input; interval?: pulumi.Input; intervalUnit?: pulumi.Input; /** * Specifies the destination for snapshots created by the policy. To create snapshots in the same Region as the source resource, specify `CLOUD`. To create snapshots on the same Outpost as the source resource, specify `OUTPOST_LOCAL`. If you omit this parameter, `CLOUD` is used by default. If the policy targets resources in an AWS Region, then you must create snapshots in the same Region as the source resource. If the policy targets resources on an Outpost, then you can create snapshots on the same Outpost as the source resource, or in the Region of that Outpost. Valid values are `CLOUD` and `OUTPOST_LOCAL`. */ location?: pulumi.Input; /** * Specifies pre and/or post scripts for a snapshot lifecycle policy that targets instances. Valid only when `resourceType` is INSTANCE. See the `scripts` configuration block. */ scripts?: pulumi.Input; /** * A list of times in 24 hour clock format that sets when the lifecycle policy should be evaluated. Max of 1. Conflicts with `cronExpression`. Must be set if `interval` is set. */ times?: pulumi.Input; } export interface LifecyclePolicyPolicyDetailsScheduleCreateRuleScripts { /** * Indicates whether Amazon Data Lifecycle Manager should default to crash-consistent snapshots if the pre script fails. The default is `true`. */ executeOperationOnScriptFailure?: pulumi.Input; /** * The SSM document that includes the pre and/or post scripts to run. In case automating VSS backups, specify `AWS_VSS_BACKUP`. In case automating application-consistent snapshots for SAP HANA workloads, specify `AWSSystemsManagerSAP-CreateDLMSnapshotForSAPHANA`. If you are using a custom SSM document that you own, specify either the name or ARN of the SSM document. */ executionHandler: pulumi.Input; /** * Indicates the service used to execute the pre and/or post scripts. If using custom SSM documents or automating application-consistent snapshots of SAP HANA workloads, specify `AWS_SYSTEMS_MANAGER`. In case automating VSS Backups, omit this parameter. The default is `AWS_SYSTEMS_MANAGER`. */ executionHandlerService?: pulumi.Input; /** * Specifies a timeout period, in seconds, after which Amazon Data Lifecycle Manager fails the script run attempt if it has not completed. In case automating VSS Backups, omit this parameter. The default is `10`. */ executionTimeout?: pulumi.Input; /** * Specifies the number of times Amazon Data Lifecycle Manager should retry scripts that fail. Must be an integer between `0` and `3`. The default is `0`. */ maximumRetryCount?: pulumi.Input; /** * List to indicate which scripts Amazon Data Lifecycle Manager should run on target instances. Pre scripts run before Amazon Data Lifecycle Manager initiates snapshot creation. Post scripts run after Amazon Data Lifecycle Manager initiates snapshot creation. Valid values: `PRE` and `POST`. The default is `PRE` and `POST` */ stages?: pulumi.Input[]>; } export interface LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRule { cmkArn?: pulumi.Input; copyTags?: pulumi.Input; deprecateRule?: pulumi.Input; encrypted: pulumi.Input; retainRule?: pulumi.Input; target?: pulumi.Input; /** * Use only for DLM policies of `policy_type=IMAGE_MANAGEMENT`. The target Region or the Amazon Resource Name (ARN) of the target Outpost for the snapshot copies. */ targetRegion?: pulumi.Input; } export interface LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleDeprecateRule { interval: pulumi.Input; intervalUnit: pulumi.Input; } export interface LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleRetainRule { interval: pulumi.Input; intervalUnit: pulumi.Input; } export interface LifecyclePolicyPolicyDetailsScheduleDeprecateRule { count?: pulumi.Input; interval?: pulumi.Input; intervalUnit?: pulumi.Input; } export interface LifecyclePolicyPolicyDetailsScheduleFastRestoreRule { /** * The Availability Zones in which to enable fast snapshot restore. */ availabilityZones: pulumi.Input[]>; count?: pulumi.Input; interval?: pulumi.Input; intervalUnit?: pulumi.Input; } export interface LifecyclePolicyPolicyDetailsScheduleRetainRule { count?: pulumi.Input; interval?: pulumi.Input; intervalUnit?: pulumi.Input; } export interface LifecyclePolicyPolicyDetailsScheduleShareRule { /** * The IDs of the AWS accounts with which to share the snapshots. */ targetAccounts: pulumi.Input[]>; /** * The period after which snapshots that are shared with other AWS accounts are automatically unshared. */ unshareInterval?: pulumi.Input; /** * The unit of time for the automatic unsharing interval. Valid values are `DAYS`, `WEEKS`, `MONTHS`, `YEARS`. */ unshareIntervalUnit?: pulumi.Input; } } export namespace dms { export interface EndpointElasticsearchSettings { /** * Endpoint for the OpenSearch cluster. */ endpointUri: pulumi.Input; /** * Maximum number of seconds for which DMS retries failed API requests to the OpenSearch cluster. Default is `300`. */ errorRetryDuration?: pulumi.Input; /** * Maximum percentage of records that can fail to be written before a full load operation stops. Default is `10`. */ fullLoadErrorPercentage?: pulumi.Input; /** * ARN of the IAM Role with permissions to write to the OpenSearch cluster. */ serviceAccessRoleArn: pulumi.Input; /** * Enable to migrate documentation using the documentation type `_doc`. OpenSearch and an Elasticsearch clusters only support the _doc documentation type in versions 7.x and later. The default value is `false`. */ useNewMappingType?: pulumi.Input; } export interface EndpointKafkaSettings { /** * Kafka broker location. Specify in the form broker-hostname-or-ip:port. */ broker: pulumi.Input; /** * Shows detailed control information for table definition, column definition, and table and column changes in the Kafka message output. Default is `false`. */ includeControlDetails?: pulumi.Input; /** * Include NULL and empty columns for records migrated to the endpoint. Default is `false`. */ includeNullAndEmpty?: pulumi.Input; /** * Shows the partition value within the Kafka message output unless the partition type is `schema-table-type`. Default is `false`. */ includePartitionValue?: pulumi.Input; /** * Includes any data definition language (DDL) operations that change the table in the control data, such as `rename-table`, `drop-table`, `add-column`, `drop-column`, and `rename-column`. Default is `false`. */ includeTableAlterOperations?: pulumi.Input; /** * Provides detailed transaction information from the source database. This information includes a commit timestamp, a log position, and values for `transactionId`, previous `transactionId`, and `transactionRecordId` (the record offset within a transaction). Default is `false`. */ includeTransactionDetails?: pulumi.Input; /** * Output format for the records created on the endpoint. Message format is `JSON` (default) or `JSON_UNFORMATTED` (a single line with no tab). */ messageFormat?: pulumi.Input; /** * Maximum size in bytes for records created on the endpoint Default is `1,000,000`. */ messageMaxBytes?: pulumi.Input; /** * Set this optional parameter to true to avoid adding a '0x' prefix to raw data in hexadecimal format. For example, by default, AWS DMS adds a '0x' prefix to the LOB column type in hexadecimal format moving from an Oracle source to a Kafka target. Use the `noHexPrefix` endpoint setting to enable migration of RAW data type columns without adding the `'0x'` prefix. */ noHexPrefix?: pulumi.Input; /** * Prefixes schema and table names to partition values, when the partition type is `primary-key-type`. Doing this increases data distribution among Kafka partitions. For example, suppose that a SysBench schema has thousands of tables and each table has only limited range for a primary key. In this case, the same primary key is sent from thousands of tables to the same partition, which causes throttling. Default is `false`. */ partitionIncludeSchemaTable?: pulumi.Input; /** * For SASL/SSL authentication, AWS DMS supports the `scram-sha-512` mechanism by default. AWS DMS versions 3.5.0 and later also support the PLAIN mechanism. To use the PLAIN mechanism, set this parameter to `plain`. */ saslMechanism?: pulumi.Input; /** * Secure password you created when you first set up your MSK cluster to validate a client identity and make an encrypted connection between server and client using SASL-SSL authentication. */ saslPassword?: pulumi.Input; /** * Secure user name you created when you first set up your MSK cluster to validate a client identity and make an encrypted connection between server and client using SASL-SSL authentication. */ saslUsername?: pulumi.Input; /** * Set secure connection to a Kafka target endpoint using Transport Layer Security (TLS). Options include `ssl-encryption`, `ssl-authentication`, and `sasl-ssl`. `sasl-ssl` requires `saslUsername` and `saslPassword`. */ securityProtocol?: pulumi.Input; /** * ARN for the private certificate authority (CA) cert that AWS DMS uses to securely connect to your Kafka target endpoint. */ sslCaCertificateArn?: pulumi.Input; /** * ARN of the client certificate used to securely connect to a Kafka target endpoint. */ sslClientCertificateArn?: pulumi.Input; /** * ARN for the client private key used to securely connect to a Kafka target endpoint. */ sslClientKeyArn?: pulumi.Input; /** * Password for the client private key used to securely connect to a Kafka target endpoint. */ sslClientKeyPassword?: pulumi.Input; /** * Kafka topic for migration. Default is `kafka-default-topic`. */ topic?: pulumi.Input; } export interface EndpointKinesisSettings { /** * Shows detailed control information for table definition, column definition, and table and column changes in the Kinesis message output. Default is `false`. */ includeControlDetails?: pulumi.Input; /** * Include NULL and empty columns in the target. Default is `false`. */ includeNullAndEmpty?: pulumi.Input; /** * Shows the partition value within the Kinesis message output, unless the partition type is schema-table-type. Default is `false`. */ includePartitionValue?: pulumi.Input; /** * Includes any data definition language (DDL) operations that change the table in the control data. Default is `false`. */ includeTableAlterOperations?: pulumi.Input; /** * Provides detailed transaction information from the source database. Default is `false`. */ includeTransactionDetails?: pulumi.Input; /** * Output format for the records created. Default is `json`. Valid values are `json` and `json-unformatted` (a single line with no tab). */ messageFormat?: pulumi.Input; /** * Prefixes schema and table names to partition values, when the partition type is primary-key-type. Default is `false`. */ partitionIncludeSchemaTable?: pulumi.Input; /** * ARN of the IAM Role with permissions to write to the Kinesis data stream. */ serviceAccessRoleArn?: pulumi.Input; /** * ARN of the Kinesis data stream. */ streamArn?: pulumi.Input; /** * Use up to 18 digit int instead of casting ints as doubles, available from AWS DMS version 3.5.4. Default is `false`. */ useLargeIntegerValue?: pulumi.Input; } export interface EndpointMongodbSettings { /** * Authentication mechanism to access the MongoDB source endpoint. Default is `default`. */ authMechanism?: pulumi.Input; /** * Authentication database name. Not used when `authType` is `no`. Default is `admin`. */ authSource?: pulumi.Input; /** * Authentication type to access the MongoDB source endpoint. Default is `password`. */ authType?: pulumi.Input; /** * Number of documents to preview to determine the document organization. Use this setting when `nestingLevel` is set to `one`. Default is `1000`. */ docsToInvestigate?: pulumi.Input; /** * Document ID. Use this setting when `nestingLevel` is set to `none`. Default is `false`. */ extractDocId?: pulumi.Input; /** * Specifies either document or table mode. Default is `none`. Valid values are `one` (table mode) and `none` (document mode). */ nestingLevel?: pulumi.Input; } export interface EndpointMysqlSettings { /** * Script to run immediately after AWS DMS connects to the endpoint. */ afterConnectScript?: pulumi.Input; /** * Authentication method to use. Valid values: `password`, `iam`. */ authenticationMethod?: pulumi.Input; /** * Whether to clean and recreate table metadata information on the replication instance when a mismatch occurs. */ cleanSourceMetadataOnMismatch?: pulumi.Input; /** * Time interval to check the binary log for new changes/events when the database is idle. Default is `5`. */ eventsPollInterval?: pulumi.Input; /** * Client statement timeout (in seconds) for a MySQL source endpoint. */ executeTimeout?: pulumi.Input; /** * Maximum size (in KB) of any .csv file used to transfer data to a MySQL-compatible database. */ maxFileSize?: pulumi.Input; /** * Number of threads to use to load the data into the MySQL-compatible target database. */ parallelLoadThreads?: pulumi.Input; /** * Time zone for the source MySQL database. */ serverTimezone?: pulumi.Input; /** * ARN of the IAM role to authenticate when connecting to the endpoint. */ serviceAccessRoleArn?: pulumi.Input; /** * Where to migrate source tables on the target. Valid values are `specific-database` and `multiple-databases`. */ targetDbType?: pulumi.Input; } export interface EndpointOracleSettings { /** * Authentication mechanism to access the Oracle source endpoint. Default is `password`. Valid values are `password` and `kerberos`. */ authenticationMethod?: pulumi.Input; } export interface EndpointPostgresSettings { /** * For use with change data capture (CDC) only, this attribute has AWS DMS bypass foreign keys and user triggers to reduce the time it takes to bulk load data. */ afterConnectScript?: pulumi.Input; /** * Specifies the authentication method. Valid values: `password`, `iam`. */ authenticationMethod?: pulumi.Input; /** * The Babelfish for Aurora PostgreSQL database name for the endpoint. */ babelfishDatabaseName?: pulumi.Input; /** * To capture DDL events, AWS DMS creates various artifacts in the PostgreSQL database when the task starts. */ captureDdls?: pulumi.Input; /** * Specifies the default behavior of the replication's handling of PostgreSQL- compatible endpoints that require some additional configuration, such as Babelfish endpoints. */ databaseMode?: pulumi.Input; /** * Sets the schema in which the operational DDL database artifacts are created. Default is `public`. */ ddlArtifactsSchema?: pulumi.Input; /** * Sets the client statement timeout for the PostgreSQL instance, in seconds. Default value is `60`. */ executeTimeout?: pulumi.Input; /** * When set to `true`, this value causes a task to fail if the actual size of a LOB column is greater than the specified `LobMaxSize`. Default is `false`. */ failTasksOnLobTruncation?: pulumi.Input; /** * The write-ahead log (WAL) heartbeat feature mimics a dummy transaction. By doing this, it prevents idle logical replication slots from holding onto old WAL logs, which can result in storage full situations on the source. */ heartbeatEnable?: pulumi.Input; /** * Sets the WAL heartbeat frequency (in minutes). Default value is `5`. */ heartbeatFrequency?: pulumi.Input; /** * Sets the schema in which the heartbeat artifacts are created. Default value is `public`. */ heartbeatSchema?: pulumi.Input; /** * You can use PostgreSQL endpoint settings to map a boolean as a boolean from your PostgreSQL source to a Amazon Redshift target. Default value is `false`. */ mapBooleanAsBoolean?: pulumi.Input; /** * Optional When true, DMS migrates JSONB values as CLOB. */ mapJsonbAsClob?: pulumi.Input; /** * Optional When true, DMS migrates LONG values as VARCHAR. */ mapLongVarcharAs?: pulumi.Input; /** * Specifies the maximum size (in KB) of any .csv file used to transfer data to PostgreSQL. Default is `32,768 KB`. */ maxFileSize?: pulumi.Input; /** * Specifies the plugin to use to create a replication slot. Valid values: `pglogical`, `test-decoding`. */ pluginName?: pulumi.Input; /** * Specifies the IAM role to use to authenticate the connection. */ serviceAccessRoleArn?: pulumi.Input; /** * Sets the name of a previously created logical replication slot for a CDC load of the PostgreSQL source instance. */ slotName?: pulumi.Input; } export interface EndpointRedisSettings { /** * The password provided with the auth-role and auth-token options of the AuthType setting for a Redis target endpoint. */ authPassword?: pulumi.Input; /** * The type of authentication to perform when connecting to a Redis target. Options include `none`, `auth-token`, and `auth-role`. The `auth-token` option requires an `authPassword` value to be provided. The `auth-role` option requires `authUserName` and `authPassword` values to be provided. */ authType: pulumi.Input; /** * The username provided with the `auth-role` option of the AuthType setting for a Redis target endpoint. */ authUserName?: pulumi.Input; /** * Transmission Control Protocol (TCP) port for the endpoint. */ port: pulumi.Input; /** * Fully qualified domain name of the endpoint. */ serverName: pulumi.Input; /** * The Amazon Resource Name (ARN) for the certificate authority (CA) that DMS uses to connect to your Redis target endpoint. */ sslCaCertificateArn?: pulumi.Input; /** * The plaintext option doesn't provide Transport Layer Security (TLS) encryption for traffic between endpoint and database. Options include `plaintext`, `ssl-encryption`. The default is `ssl-encryption`. */ sslSecurityProtocol?: pulumi.Input; } export interface EndpointRedshiftSettings { /** * Custom S3 Bucket Object prefix for intermediate storage. */ bucketFolder?: pulumi.Input; /** * Custom S3 Bucket name for intermediate storage. */ bucketName?: pulumi.Input; /** * The server-side encryption mode that you want to encrypt your intermediate .csv object files copied to S3. Defaults to `SSE_S3`. Valid values are `SSE_S3` and `SSE_KMS`. */ encryptionMode?: pulumi.Input; /** * ARN or Id of KMS Key to use when `encryptionMode` is `SSE_KMS`. */ serverSideEncryptionKmsKeyId?: pulumi.Input; /** * Amazon Resource Name (ARN) of the IAM Role with permissions to read from or write to the S3 Bucket for intermediate storage. */ serviceAccessRoleArn?: pulumi.Input; } export interface ReplicationConfigComputeConfig { /** * The Availability Zone where the DMS Serverless replication using this configuration will run. The default value is a random. */ availabilityZone?: pulumi.Input; /** * A list of custom DNS name servers supported for the DMS Serverless replication to access your source or target database. */ dnsNameServers?: pulumi.Input; /** * An Key Management Service (KMS) key Amazon Resource Name (ARN) that is used to encrypt the data during DMS Serverless replication. If you don't specify a value for the KmsKeyId parameter, DMS uses your default encryption key. */ kmsKeyId?: pulumi.Input; /** * Specifies the maximum value of the DMS capacity units (DCUs) for which a given DMS Serverless replication can be provisioned. A single DCU is 2GB of RAM, with 1 DCUs as the minimum value allowed. The list of valid DCU values includes 1, 2, 4, 8, 16, 32, 64, 128, 192, 256, and 384. */ maxCapacityUnits?: pulumi.Input; /** * Specifies the minimum value of the DMS capacity units (DCUs) for which a given DMS Serverless replication can be provisioned. The list of valid DCU values includes 1, 2, 4, 8, 16, 32, 64, 128, 192, 256, and 384. If this value isn't set DMS sets the lowest allowed value, 1. */ minCapacityUnits?: pulumi.Input; /** * Specifies if the replication instance is a multi-az deployment. You cannot set the `availabilityZone` parameter if the `multiAz` parameter is set to `true`. */ multiAz?: pulumi.Input; /** * The weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC). * * - Default: A 30-minute window selected at random from an 8-hour block of time per region, occurring on a random day of the week. * - Format: `ddd:hh24:mi-ddd:hh24:mi` * - Valid Days: `mon, tue, wed, thu, fri, sat, sun` * - Constraints: Minimum 30-minute window. */ preferredMaintenanceWindow?: pulumi.Input; /** * Specifies a subnet group identifier to associate with the DMS Serverless replication. */ replicationSubnetGroupId: pulumi.Input; /** * Specifies the virtual private cloud (VPC) security group to use with the DMS Serverless replication. The VPC security group must work with the VPC containing the replication. */ vpcSecurityGroupIds?: pulumi.Input[]>; } export interface ReplicationInstanceKerberosAuthenticationSettings { /** * ARN of the IAM role that grants AWS DMS access to the secret containing key cache file for the Kerberos authentication. */ keyCacheSecretIamArn: pulumi.Input; /** * Secret ID that stores the key cache file required for Kerberos authentication. */ keyCacheSecretId: pulumi.Input; /** * Contents of krb5 configuration file required for Kerberos authentication. */ krb5FileContents: pulumi.Input; } } export namespace docdb { export interface ClusterMasterUserSecret { /** * The ARN for the KMS encryption key. When specifying `kmsKeyId`, `storageEncrypted` needs to be set to true. */ kmsKeyId?: pulumi.Input; secretArn?: pulumi.Input; secretStatus?: pulumi.Input; } export interface ClusterParameterGroupParameter { /** * Valid values are `immediate` and `pending-reboot`. Defaults to `pending-reboot`. */ applyMethod?: pulumi.Input; /** * The name of the DocumentDB parameter. */ name: pulumi.Input; /** * The value of the DocumentDB parameter. */ value: pulumi.Input; } export interface ClusterRestoreToPointInTime { /** * The date and time to restore from. Value must be a time in Universal Coordinated Time (UTC) format and must be before the latest restorable time for the DB instance. Cannot be specified with `useLatestRestorableTime`. */ restoreToTime?: pulumi.Input; /** * The type of restore to be performed. Valid values are `full-copy`, `copy-on-write`. */ restoreType?: pulumi.Input; /** * The identifier of the source DB cluster from which to restore. Must match the identifier of an existing DB cluster. */ sourceClusterIdentifier: pulumi.Input; /** * A boolean value that indicates whether the DB cluster is restored from the latest backup time. Defaults to `false`. Cannot be specified with `restoreToTime`. */ useLatestRestorableTime?: pulumi.Input; } export interface ClusterServerlessV2ScalingConfiguration { /** * Maximum number of Amazon DocumentDB capacity units (DCUs) for an instance in an Amazon DocumentDB Serverless cluster. Valid values are multiples of 0.5 between 1 and 256. */ maxCapacity: pulumi.Input; /** * Minimum number of Amazon DocumentDB capacity units (DCUs) for an instance in an Amazon DocumentDB Serverless cluster. Valid values are multiples of 0.5 between 0.5 and 256. */ minCapacity: pulumi.Input; } export interface ElasticClusterTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface GlobalClusterGlobalClusterMember { /** * Amazon Resource Name (ARN) of member DB Cluster. */ dbClusterArn?: pulumi.Input; /** * Whether the member is the primary DB Cluster. */ isWriter?: pulumi.Input; } } export namespace drs { export interface ReplicationConfigurationTemplatePitPolicy { /** * Whether this rule is enabled or not. */ enabled?: pulumi.Input; /** * How often, in the chosen units, a snapshot should be taken. */ interval: pulumi.Input; /** * Duration to retain a snapshot for, in the chosen `units`. */ retentionDuration: pulumi.Input; /** * ID of the rule. Valid values are integers. */ ruleId?: pulumi.Input; /** * Units used to measure the `interval` and `retentionDuration`. Valid values are `MINUTE`, `HOUR`, and `DAY`. */ units: pulumi.Input; } export interface ReplicationConfigurationTemplateTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } } export namespace dsql { export interface ClusterEncryptionDetail { /** * The status of encryption for the DSQL Cluster. */ encryptionStatus: pulumi.Input; /** * The type of encryption that protects the data on the DSQL Cluster. */ encryptionType: pulumi.Input; } export interface ClusterMultiRegionProperties { /** * List of DSQL Cluster ARNs peered to this cluster. */ clusters?: pulumi.Input[]>; /** * Witness region for the multi-region clusters. Setting this makes this cluster a multi-region cluster. Changing it recreates the resource. */ witnessRegion?: pulumi.Input; } export interface ClusterPeeringTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; } export interface ClusterTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } } export namespace dynamodb { export interface GetTableServerSideEncryption { enabled?: boolean; kmsKeyArn?: string; } export interface GetTableServerSideEncryptionArgs { enabled?: pulumi.Input; kmsKeyArn?: pulumi.Input; } export interface GlobalSecondaryIndexKeySchema { /** * Name of the attribute. */ attributeName: pulumi.Input; /** * Type of the attribute in the index. * Valid values are `S` (string), `N` (number), or `B` (binary). */ attributeType: pulumi.Input; /** * Key type. * Valid values are `HASH` or `RANGE`. */ keyType: pulumi.Input; } export interface GlobalSecondaryIndexOnDemandThroughput { /** * Maximum number of read request units for this index. */ maxReadRequestUnits?: pulumi.Input; /** * Maximum number of write request units for this index. */ maxWriteRequestUnits?: pulumi.Input; } export interface GlobalSecondaryIndexProjection { /** * Specifies which additional attributes to include in the index. * Only valid when `projectionType` is `INCLUDE`.` */ nonKeyAttributes?: pulumi.Input[]>; /** * The set of attributes represented in the index. * One of `ALL`, `INCLUDE`, or `KEYS_ONLY`. */ projectionType: pulumi.Input; } export interface GlobalSecondaryIndexProvisionedThroughput { /** * Number of read capacity units for this index. */ readCapacityUnits?: pulumi.Input; /** * Number of write capacity units for this index. */ writeCapacityUnits?: pulumi.Input; } export interface GlobalSecondaryIndexTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface GlobalSecondaryIndexWarmThroughput { /** * Number of read operations this index can instantaneously support. */ readUnitsPerSecond: pulumi.Input; /** * Number of write operations this index can instantaneously support. */ writeUnitsPerSecond: pulumi.Input; } export interface GlobalTableReplica { /** * AWS region name of replica DynamoDB TableE.g., `us-east-1` */ regionName: pulumi.Input; } export interface TableAttribute { /** * Name of the attribute */ name: pulumi.Input; /** * Attribute type. Valid values are `S` (string), `N` (number), `B` (binary). */ type: pulumi.Input; } export interface TableExportIncrementalExportSpecification { exportFromTime?: pulumi.Input; exportToTime?: pulumi.Input; exportViewType?: pulumi.Input; } export interface TableGlobalSecondaryIndex { /** * and `hashKeys` are `mutually exclusive`, but one is `required`. Refer to [AWS SDK Documentation](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/GSI.DesignPattern.MultiAttributeKeys.html) * * @deprecated hash_key is deprecated. Use keySchema instead. */ hashKey?: pulumi.Input; keySchemas?: pulumi.Input[]>; /** * Name of the index. */ name: pulumi.Input; /** * Only required with `INCLUDE` as a projection type; a list of attributes to project into the index. These do not need to be defined as attributes on the table. */ nonKeyAttributes?: pulumi.Input[]>; /** * Sets the maximum number of read and write units for the specified on-demand index. See below. */ onDemandThroughput?: pulumi.Input; /** * One of `ALL`, `INCLUDE` or `KEYS_ONLY` where `ALL` projects every attribute into the index, `KEYS_ONLY` projects into the index only the table and index hashKey and sortKey attributes , `INCLUDE` projects into the index all of the attributes that are defined in `nonKeyAttributes` in addition to the attributes that that`KEYS_ONLY` project. */ projectionType: pulumi.Input; /** * and `rangeKeys` are `mutually exclusive`, but are both `optional`. Refer to [AWS SDK Documentation](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/GSI.DesignPattern.MultiAttributeKeys.html) * * @deprecated range_key is deprecated. Use keySchema instead. */ rangeKey?: pulumi.Input; /** * Number of read units for this index. Must be set if billingMode is set to PROVISIONED. */ readCapacity?: pulumi.Input; /** * Sets the number of warm read and write units for this index. See below. */ warmThroughput?: pulumi.Input; /** * Number of write units for this index. Must be set if billingMode is set to PROVISIONED. */ writeCapacity?: pulumi.Input; } export interface TableGlobalSecondaryIndexKeySchema { /** * Name of the table attribute to store the TTL timestamp in. * Required if `enabled` is `true`, must not be set otherwise. */ attributeName: pulumi.Input; keyType: pulumi.Input; } export interface TableGlobalSecondaryIndexOnDemandThroughput { /** * Maximum number of read request units for the specified table. To specify set the value greater than or equal to 1. To remove set the value to -1. */ maxReadRequestUnits?: pulumi.Input; /** * Maximum number of write request units for the specified table. To specify set the value greater than or equal to 1. To remove set the value to -1. */ maxWriteRequestUnits?: pulumi.Input; } export interface TableGlobalSecondaryIndexWarmThroughput { /** * Number of read operations a table or index can instantaneously support. For the base table, decreasing this value will force a new resource. For a global secondary index, this value can be increased or decreased without recreation. Minimum value of `12000` (default). */ readUnitsPerSecond?: pulumi.Input; /** * Number of write operations a table or index can instantaneously support. For the base table, decreasing this value will force a new resource. For a global secondary index, this value can be increased or decreased without recreation. Minimum value of `4000` (default). */ writeUnitsPerSecond?: pulumi.Input; } export interface TableGlobalTableWitness { /** * Name of the AWS Region that serves as a witness for the MRSC global table. */ regionName?: pulumi.Input; } export interface TableImportTable { /** * Type of compression to be used on the input coming from the imported table. * Valid values are `GZIP`, `ZSTD` and `NONE`. */ inputCompressionType?: pulumi.Input; /** * The format of the source data. * Valid values are `CSV`, `DYNAMODB_JSON`, and `ION`. */ inputFormat: pulumi.Input; /** * Describe the format options for the data that was imported into the target table. * There is one value, `csv`. * See below. */ inputFormatOptions?: pulumi.Input; /** * Values for the S3 bucket the source file is imported from. * See below. */ s3BucketSource: pulumi.Input; } export interface TableImportTableInputFormatOptions { /** * This block contains the processing options for the CSV file being imported: */ csv?: pulumi.Input; } export interface TableImportTableInputFormatOptionsCsv { /** * The delimiter used for separating items in the CSV file being imported. */ delimiter?: pulumi.Input; /** * List of the headers used to specify a common header for all source CSV files being imported. */ headerLists?: pulumi.Input[]>; } export interface TableImportTableS3BucketSource { /** * The S3 bucket that is being imported from. */ bucket: pulumi.Input; /** * The account number of the S3 bucket that is being imported from. */ bucketOwner?: pulumi.Input; /** * The key prefix shared by all S3 Objects that are being imported. */ keyPrefix?: pulumi.Input; } export interface TableLocalSecondaryIndex { /** * Name of the index */ name: pulumi.Input; /** * Only required with `INCLUDE` as a projection type; a list of attributes to project into the index. These do not need to be defined as attributes on the table. */ nonKeyAttributes?: pulumi.Input[]>; /** * One of `ALL`, `INCLUDE` or `KEYS_ONLY` where `ALL` projects every attribute into the index, `KEYS_ONLY` projects into the index only the table and index hashKey and sortKey attributes , `INCLUDE` projects into the index all of the attributes that are defined in `nonKeyAttributes` in addition to the attributes that that`KEYS_ONLY` project. */ projectionType: pulumi.Input; /** * Name of the range key. */ rangeKey: pulumi.Input; } export interface TableOnDemandThroughput { /** * Maximum number of read request units for the specified table. To specify set the value greater than or equal to 1. To remove set the value to -1. */ maxReadRequestUnits?: pulumi.Input; /** * Maximum number of write request units for the specified table. To specify set the value greater than or equal to 1. To remove set the value to -1. */ maxWriteRequestUnits?: pulumi.Input; } export interface TablePointInTimeRecovery { /** * Whether to enable point-in-time recovery. It can take 10 minutes to enable for new tables. If the `pointInTimeRecovery` block is not provided, this defaults to `false`. */ enabled: pulumi.Input; /** * Number of preceding days for which continuous backups are taken and maintained. Default is 35. */ recoveryPeriodInDays?: pulumi.Input; } export interface TableReplica { /** * ARN of the table */ arn?: pulumi.Input; /** * Whether this global table will be using `STRONG` consistency mode or `EVENTUAL` consistency mode. Default value is `EVENTUAL`. */ consistencyMode?: pulumi.Input; /** * Whether deletion protection is enabled (true) or disabled (false) on the replica. Default is `false`. */ deletionProtectionEnabled?: pulumi.Input; /** * ARN of the CMK that should be used for the AWS KMS encryption. * This argument should only be used if the key is different from the default KMS-managed DynamoDB key, `alias/aws/dynamodb`. * **Note:** This attribute will _not_ be populated with the ARN of _default_ keys. * **Note:** Changing this value will recreate the replica. */ kmsKeyArn?: pulumi.Input; /** * Whether to enable Point In Time Recovery for the replica. Default is `false`. */ pointInTimeRecovery?: pulumi.Input; /** * Whether to propagate the global table's tags to a replica. * Default is `false`. * Changes to tags only move in one direction: from global (source) to replica. * Tag drift on a replica will not trigger an update. * Tag changes on the global table are propagated to replicas. * Changing from `true` to `false` on a subsequent `apply` leaves replica tags as-is and no longer manages them. */ propagateTags?: pulumi.Input; /** * Region name of the replica. */ regionName: pulumi.Input; /** * ARN of the Table Stream. Only available when `streamEnabled = true` */ streamArn?: pulumi.Input; /** * Timestamp, in ISO 8601 format, for this stream. Note that this timestamp is not a unique identifier for the stream on its own. However, the combination of AWS customer ID, table name and this field is guaranteed to be unique. It can be used for creating CloudWatch Alarms. Only available when `streamEnabled = true`. */ streamLabel?: pulumi.Input; } export interface TableServerSideEncryption { /** * Whether or not to enable encryption at rest using an AWS managed KMS customer master key (CMK). If `enabled` is `false` then server-side encryption is set to AWS-_owned_ key (shown as `DEFAULT` in the AWS console). Potentially confusingly, if `enabled` is `true` and no `kmsKeyArn` is specified then server-side encryption is set to the _default_ KMS-_managed_ key (shown as `KMS` in the AWS console). The [AWS KMS documentation](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html) explains the difference between AWS-_owned_ and KMS-_managed_ keys. */ enabled: pulumi.Input; /** * ARN of the CMK that should be used for the AWS KMS encryption. This argument should only be used if the key is different from the default KMS-managed DynamoDB key, `alias/aws/dynamodb`. **Note:** This attribute will _not_ be populated with the ARN of _default_ keys. */ kmsKeyArn?: pulumi.Input; } export interface TableTtl { /** * Name of the table attribute to store the TTL timestamp in. * Required if `enabled` is `true`, must not be set otherwise. */ attributeName?: pulumi.Input; /** * Whether TTL is enabled. * Default value is `false`. */ enabled?: pulumi.Input; } export interface TableWarmThroughput { /** * Number of read operations a table or index can instantaneously support. For the base table, decreasing this value will force a new resource. For a global secondary index, this value can be increased or decreased without recreation. Minimum value of `12000` (default). */ readUnitsPerSecond?: pulumi.Input; /** * Number of write operations a table or index can instantaneously support. For the base table, decreasing this value will force a new resource. For a global secondary index, this value can be increased or decreased without recreation. Minimum value of `4000` (default). */ writeUnitsPerSecond?: pulumi.Input; } } export namespace ebs { export interface FastSnapshotRestoreTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; } export interface GetEbsVolumesFilter { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeVolumes.html). * For example, if matching against the `size` filter, use: * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * const tenOrTwentyGbVolumes = aws.ebs.getEbsVolumes({ * filters: [{ * name: "size", * values: [ * "10", * "20", * ], * }], * }); * ``` */ name: string; /** * Set of values that are accepted for the given field. * EBS Volume IDs will be selected if any one of the given values match. */ values: string[]; } export interface GetEbsVolumesFilterArgs { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeVolumes.html). * For example, if matching against the `size` filter, use: * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * const tenOrTwentyGbVolumes = aws.ebs.getEbsVolumes({ * filters: [{ * name: "size", * values: [ * "10", * "20", * ], * }], * }); * ``` */ name: pulumi.Input; /** * Set of values that are accepted for the given field. * EBS Volume IDs will be selected if any one of the given values match. */ values: pulumi.Input[]>; } export interface GetSnapshotFilter { name: string; values: string[]; } export interface GetSnapshotFilterArgs { name: pulumi.Input; values: pulumi.Input[]>; } export interface GetSnapshotIdsFilter { name: string; values: string[]; } export interface GetSnapshotIdsFilterArgs { name: pulumi.Input; values: pulumi.Input[]>; } export interface GetVolumeFilter { name: string; values: string[]; } export interface GetVolumeFilterArgs { name: pulumi.Input; values: pulumi.Input[]>; } export interface SnapshotImportClientData { /** * A user-defined comment about the disk upload. */ comment?: pulumi.Input; /** * The time that the disk upload ends. */ uploadEnd?: pulumi.Input; /** * The size of the uploaded disk image, in GiB. */ uploadSize?: pulumi.Input; /** * The time that the disk upload starts. */ uploadStart?: pulumi.Input; } export interface SnapshotImportDiskContainer { /** * The description of the disk image being imported. */ description?: pulumi.Input; /** * The format of the disk image being imported. One of `VHD` or `VMDK`. */ format: pulumi.Input; /** * The URL to the Amazon S3-based disk image being imported. It can either be a https URL (https://..) or an Amazon S3 URL (s3://..). One of `url` or `userBucket` must be set. */ url?: pulumi.Input; /** * The Amazon S3 bucket for the disk image. One of `url` or `userBucket` must be set. Detailed below. */ userBucket?: pulumi.Input; } export interface SnapshotImportDiskContainerUserBucket { /** * The name of the Amazon S3 bucket where the disk image is located. */ s3Bucket: pulumi.Input; /** * The file name of the disk image. */ s3Key: pulumi.Input; } } export namespace ec2 { export interface AllowedImagesSettingsImageCriterion { /** * Condition based on AMI creation date. See `creationDateCondition` below. */ creationDateCondition?: pulumi.Input; /** * Condition based on AMI deprecation time. See `deprecationTimeCondition` below. */ deprecationTimeCondition?: pulumi.Input; /** * Set of AMI name patterns to allow. Maximum of 50 names. */ imageNames?: pulumi.Input[]>; /** * Set of image providers to allow. Maximum of 200 providers. Valid values include `amazon`, `aws-marketplace`, `aws-backup-vault`, `none`, or a 12-digit AWS account ID. */ imageProviders?: pulumi.Input[]>; /** * Set of AWS Marketplace product codes to allow. Maximum of 50 product codes. */ marketplaceProductCodes?: pulumi.Input[]>; } export interface AllowedImagesSettingsImageCriterionCreationDateCondition { /** * Maximum number of days since the AMI was created. */ maximumDaysSinceCreated?: pulumi.Input; } export interface AllowedImagesSettingsImageCriterionDeprecationTimeCondition { /** * Maximum number of days since the AMI was deprecated. Setting this to `0` means no deprecated images are allowed. */ maximumDaysSinceDeprecated?: pulumi.Input; } export interface AmiCopyEbsBlockDevice { /** * Boolean controlling whether the EBS volumes created to * support each created instance will be deleted once that instance is terminated. */ deleteOnTermination?: pulumi.Input; /** * Path at which the device is exposed to created instances. */ deviceName?: pulumi.Input; /** * Boolean controlling whether the created EBS volumes will be encrypted. Can't be used with `snapshotId`. */ encrypted?: pulumi.Input; /** * Number of I/O operations per second the * created volumes will support. */ iops?: pulumi.Input; /** * ARN of the Outpost on which the snapshot is stored. * * > **Note:** You can specify `encrypted` or `snapshotId` but not both. */ outpostArn?: pulumi.Input; /** * ID of an EBS snapshot that will be used to initialize the created * EBS volumes. If set, the `volumeSize` attribute must be at least as large as the referenced * snapshot. */ snapshotId?: pulumi.Input; /** * Throughput that the EBS volume supports, in MiB/s. Only valid for `volumeType` of `gp3`. */ throughput?: pulumi.Input; /** * Size of created volumes in GiB. * If `snapshotId` is set and `volumeSize` is omitted then the volume will have the same size * as the selected snapshot. */ volumeSize?: pulumi.Input; /** * Type of EBS volume to create. Can be `standard`, `gp2`, `gp3`, `io1`, `io2`, `sc1` or `st1` (Default: `standard`). */ volumeType?: pulumi.Input; } export interface AmiCopyEphemeralBlockDevice { /** * Path at which the device is exposed to created instances. */ deviceName?: pulumi.Input; /** * Name for the ephemeral device, of the form "ephemeralN" where * *N* is a volume number starting from zero. */ virtualName?: pulumi.Input; } export interface AmiEbsBlockDevice { /** * Boolean controlling whether the EBS volumes created to * support each created instance will be deleted once that instance is terminated. */ deleteOnTermination?: pulumi.Input; /** * Path at which the device is exposed to created instances. */ deviceName: pulumi.Input; /** * Boolean controlling whether the created EBS volumes will be encrypted. Can't be used with `snapshotId`. */ encrypted?: pulumi.Input; /** * Number of I/O operations per second the * created volumes will support. */ iops?: pulumi.Input; /** * ARN of the Outpost on which the snapshot is stored. * * > **Note:** You can specify `encrypted` or `snapshotId` but not both. */ outpostArn?: pulumi.Input; /** * ID of an EBS snapshot that will be used to initialize the created * EBS volumes. If set, the `volumeSize` attribute must be at least as large as the referenced * snapshot. */ snapshotId?: pulumi.Input; /** * Throughput that the EBS volume supports, in MiB/s. Only valid for `volumeType` of `gp3`. */ throughput?: pulumi.Input; /** * Size of created volumes in GiB. * If `snapshotId` is set and `volumeSize` is omitted then the volume will have the same size * as the selected snapshot. */ volumeSize?: pulumi.Input; /** * Type of EBS volume to create. Can be `standard`, `gp2`, `gp3`, `io1`, `io2`, `sc1` or `st1` (Default: `standard`). */ volumeType?: pulumi.Input; } export interface AmiEphemeralBlockDevice { /** * Path at which the device is exposed to created instances. */ deviceName: pulumi.Input; /** * Name for the ephemeral device, of the form "ephemeralN" where * *N* is a volume number starting from zero. */ virtualName: pulumi.Input; } export interface AmiFromInstanceEbsBlockDevice { /** * Boolean controlling whether the EBS volumes created to * support each created instance will be deleted once that instance is terminated. */ deleteOnTermination?: pulumi.Input; /** * Path at which the device is exposed to created instances. */ deviceName?: pulumi.Input; /** * Boolean controlling whether the created EBS volumes will be encrypted. Can't be used with `snapshotId`. */ encrypted?: pulumi.Input; /** * Number of I/O operations per second the * created volumes will support. */ iops?: pulumi.Input; /** * ARN of the Outpost on which the snapshot is stored. * * > **Note:** You can specify `encrypted` or `snapshotId` but not both. */ outpostArn?: pulumi.Input; /** * ID of an EBS snapshot that will be used to initialize the created * EBS volumes. If set, the `volumeSize` attribute must be at least as large as the referenced * snapshot. */ snapshotId?: pulumi.Input; /** * Throughput that the EBS volume supports, in MiB/s. Only valid for `volumeType` of `gp3`. */ throughput?: pulumi.Input; /** * Size of created volumes in GiB. * If `snapshotId` is set and `volumeSize` is omitted then the volume will have the same size * as the selected snapshot. */ volumeSize?: pulumi.Input; /** * Type of EBS volume to create. Can be `standard`, `gp2`, `gp3`, `io1`, `io2`, `sc1` or `st1` (Default: `standard`). */ volumeType?: pulumi.Input; } export interface AmiFromInstanceEphemeralBlockDevice { /** * Path at which the device is exposed to created instances. */ deviceName?: pulumi.Input; /** * Name for the ephemeral device, of the form "ephemeralN" where * *N* is a volume number starting from zero. */ virtualName?: pulumi.Input; } export interface CapacityBlockReservationTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; } export interface DefaultCreditSpecificationTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface DefaultNetworkAclEgress { /** * The action to take. */ action: pulumi.Input; /** * The CIDR block to match. This must be a valid network mask. */ cidrBlock?: pulumi.Input; /** * The from port to match. */ fromPort: pulumi.Input; /** * The ICMP type code to be used. Default 0. */ icmpCode?: pulumi.Input; /** * The ICMP type to be used. Default 0. */ icmpType?: pulumi.Input; /** * The IPv6 CIDR block. * * > For more information on ICMP types and codes, see [Internet Control Message Protocol (ICMP) Parameters](https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml). */ ipv6CidrBlock?: pulumi.Input; /** * The protocol to match. If using the -1 'all' protocol, you must specify a from and to port of 0. */ protocol: pulumi.Input; /** * The rule number. Used for ordering. */ ruleNo: pulumi.Input; /** * The to port to match. * * The following arguments are optional: */ toPort: pulumi.Input; } export interface DefaultNetworkAclIngress { /** * The action to take. */ action: pulumi.Input; /** * The CIDR block to match. This must be a valid network mask. */ cidrBlock?: pulumi.Input; /** * The from port to match. */ fromPort: pulumi.Input; /** * The ICMP type code to be used. Default 0. */ icmpCode?: pulumi.Input; /** * The ICMP type to be used. Default 0. */ icmpType?: pulumi.Input; /** * The IPv6 CIDR block. * * > For more information on ICMP types and codes, see [Internet Control Message Protocol (ICMP) Parameters](https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml). */ ipv6CidrBlock?: pulumi.Input; /** * The protocol to match. If using the -1 'all' protocol, you must specify a from and to port of 0. */ protocol: pulumi.Input; /** * The rule number. Used for ordering. */ ruleNo: pulumi.Input; /** * The to port to match. * * The following arguments are optional: */ toPort: pulumi.Input; } export interface DefaultRouteTableRoute { /** * The CIDR block of the route. */ cidrBlock?: pulumi.Input; /** * The Amazon Resource Name (ARN) of a core network. */ coreNetworkArn?: pulumi.Input; /** * The ID of a managed prefix list destination of the route. * * One of the following target arguments must be supplied: */ destinationPrefixListId?: pulumi.Input; /** * Identifier of a VPC Egress Only Internet Gateway. */ egressOnlyGatewayId?: pulumi.Input; /** * Identifier of a VPC internet gateway or a virtual private gateway. */ gatewayId?: pulumi.Input; /** * Identifier of an EC2 instance. */ instanceId?: pulumi.Input; /** * The Ipv6 CIDR block of the route */ ipv6CidrBlock?: pulumi.Input; /** * Identifier of a VPC NAT gateway. */ natGatewayId?: pulumi.Input; /** * Identifier of an EC2 network interface. */ networkInterfaceId?: pulumi.Input; /** * Identifier of an EC2 Transit Gateway. */ transitGatewayId?: pulumi.Input; /** * Identifier of a VPC Endpoint. This route must be removed prior to VPC Endpoint deletion. */ vpcEndpointId?: pulumi.Input; /** * Identifier of a VPC peering connection. * * Note that the default route, mapping the VPC's CIDR block to "local", is created implicitly and cannot be specified. */ vpcPeeringConnectionId?: pulumi.Input; } export interface DefaultSecurityGroupEgress { /** * List of CIDR blocks. */ cidrBlocks?: pulumi.Input[]>; /** * Description of this rule. */ description?: pulumi.Input; /** * Start port (or ICMP type number if protocol is `icmp`) */ fromPort: pulumi.Input; /** * List of IPv6 CIDR blocks. */ ipv6CidrBlocks?: pulumi.Input[]>; /** * List of prefix list IDs (for allowing access to VPC endpoints) */ prefixListIds?: pulumi.Input[]>; /** * Protocol. If you select a protocol of "-1" (semantically equivalent to `all`, which is not a valid value here), you must specify a `fromPort` and `toPort` equal to `0`. If not `icmp`, `tcp`, `udp`, or `-1` use the [protocol number](https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml). */ protocol: pulumi.Input; /** * List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID. */ securityGroups?: pulumi.Input[]>; /** * Whether the security group itself will be added as a source to this egress rule. */ self?: pulumi.Input; /** * End range port (or ICMP code if protocol is `icmp`). */ toPort: pulumi.Input; } export interface DefaultSecurityGroupIngress { /** * List of CIDR blocks. */ cidrBlocks?: pulumi.Input[]>; /** * Description of the security group. */ description?: pulumi.Input; /** * Start port (or ICMP type number if protocol is `icmp`) */ fromPort: pulumi.Input; /** * List of IPv6 CIDR blocks. */ ipv6CidrBlocks?: pulumi.Input[]>; /** * List of prefix list IDs (for allowing access to VPC endpoints) */ prefixListIds?: pulumi.Input[]>; /** * Protocol. If you select a protocol of "-1" (semantically equivalent to `all`, which is not a valid value here), you must specify a `fromPort` and `toPort` equal to `0`. If not `icmp`, `tcp`, `udp`, or `-1` use the [protocol number](https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml). */ protocol: pulumi.Input; /** * List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID. */ securityGroups?: pulumi.Input[]>; /** * Whether the security group itself will be added as a source to this egress rule. */ self?: pulumi.Input; /** * End range port (or ICMP code if protocol is `icmp`). */ toPort: pulumi.Input; } export interface EipDomainNameTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface EncryptionControlResourceExclusions { /** * `state` and `stateMessage` describing encryption enforcement state for Egress-Only Internet Gateways. */ egressOnlyInternetGateway: pulumi.Input; /** * `state` and `stateMessage` describing encryption enforcement state for Elastic File System (EFS). */ elasticFileSystem: pulumi.Input; /** * `state` and `stateMessage` describing encryption enforcement state for Internet Gateways. */ internetGateway: pulumi.Input; /** * `state` and `stateMessage` describing encryption enforcement state for Lambda Functions. */ lambda: pulumi.Input; /** * `state` and `stateMessage` describing encryption enforcement state for NAT Gateways. */ natGateway: pulumi.Input; /** * `state` and `stateMessage` describing encryption enforcement state for Virtual Private Gateways. */ virtualPrivateGateway: pulumi.Input; /** * `state` and `stateMessage` describing encryption enforcement state for VPC Lattice. */ vpcLattice: pulumi.Input; /** * `state` and `stateMessage` describing encryption enforcement state for peered VPCs. */ vpcPeering: pulumi.Input; } export interface EncryptionControlResourceExclusionsEgressOnlyInternetGateway { /** * The current state of the VPC Encryption Control. */ state: pulumi.Input; /** * A message providing additional information about the state of the VPC Encryption Control. */ stateMessage: pulumi.Input; } export interface EncryptionControlResourceExclusionsElasticFileSystem { /** * The current state of the VPC Encryption Control. */ state: pulumi.Input; /** * A message providing additional information about the state of the VPC Encryption Control. */ stateMessage: pulumi.Input; } export interface EncryptionControlResourceExclusionsInternetGateway { /** * The current state of the VPC Encryption Control. */ state: pulumi.Input; /** * A message providing additional information about the state of the VPC Encryption Control. */ stateMessage: pulumi.Input; } export interface EncryptionControlResourceExclusionsLambda { /** * The current state of the VPC Encryption Control. */ state: pulumi.Input; /** * A message providing additional information about the state of the VPC Encryption Control. */ stateMessage: pulumi.Input; } export interface EncryptionControlResourceExclusionsNatGateway { /** * The current state of the VPC Encryption Control. */ state: pulumi.Input; /** * A message providing additional information about the state of the VPC Encryption Control. */ stateMessage: pulumi.Input; } export interface EncryptionControlResourceExclusionsVirtualPrivateGateway { /** * The current state of the VPC Encryption Control. */ state: pulumi.Input; /** * A message providing additional information about the state of the VPC Encryption Control. */ stateMessage: pulumi.Input; } export interface EncryptionControlResourceExclusionsVpcLattice { /** * The current state of the VPC Encryption Control. */ state: pulumi.Input; /** * A message providing additional information about the state of the VPC Encryption Control. */ stateMessage: pulumi.Input; } export interface EncryptionControlResourceExclusionsVpcPeering { /** * The current state of the VPC Encryption Control. */ state: pulumi.Input; /** * A message providing additional information about the state of the VPC Encryption Control. */ stateMessage: pulumi.Input; } export interface EncryptionControlTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface FleetFleetInstanceSet { /** * The IDs of the instances. */ instanceIds?: pulumi.Input[]>; /** * The instance type. */ instanceType?: pulumi.Input; /** * Indicates if the instance that was launched is a Spot Instance or On-Demand Instance. */ lifecycle?: pulumi.Input; /** * The value is `Windows` for Windows instances. Otherwise, the value is blank. */ platform?: pulumi.Input; } export interface FleetLaunchTemplateConfig { /** * Nested argument containing EC2 Launch Template to use. Defined below. */ launchTemplateSpecification?: pulumi.Input; /** * Nested argument(s) containing parameters to override the same parameters in the Launch Template. Defined below. */ overrides?: pulumi.Input[]>; } export interface FleetLaunchTemplateConfigLaunchTemplateSpecification { /** * The ID of the launch template. */ launchTemplateId?: pulumi.Input; /** * The name of the launch template. */ launchTemplateName?: pulumi.Input; /** * The launch template version number, `$Latest`, or `$Default.` */ version: pulumi.Input; } export interface FleetLaunchTemplateConfigOverride { /** * Availability Zone in which to launch the instances. */ availabilityZone?: pulumi.Input; /** * Override the instance type in the Launch Template with instance types that satisfy the requirements. */ instanceRequirements?: pulumi.Input; /** * Instance type. */ instanceType?: pulumi.Input; /** * Maximum price per unit hour that you are willing to pay for a Spot Instance. */ maxPrice?: pulumi.Input; /** * Priority for the launch template override. If `onDemandOptions` `allocationStrategy` is set to `prioritized`, EC2 Fleet uses priority to determine which launch template override to use first in fulfilling On-Demand capacity. The highest priority is launched first. The lower the number, the higher the priority. If no number is set, the launch template override has the lowest priority. Valid values are whole numbers starting at 0. */ priority?: pulumi.Input; /** * ID of the subnet in which to launch the instances. */ subnetId?: pulumi.Input; /** * Number of units provided by the specified instance type. */ weightedCapacity?: pulumi.Input; } export interface FleetLaunchTemplateConfigOverrideInstanceRequirements { /** * Block describing the minimum and maximum number of accelerators (GPUs, FPGAs, or AWS Inferentia chips). Default is no minimum or maximum limits. */ acceleratorCount?: pulumi.Input; /** * List of accelerator manufacturer names. Default is any manufacturer. */ acceleratorManufacturers?: pulumi.Input[]>; /** * List of accelerator names. Default is any acclerator. */ acceleratorNames?: pulumi.Input[]>; /** * Block describing the minimum and maximum total memory of the accelerators. Default is no minimum or maximum. */ acceleratorTotalMemoryMib?: pulumi.Input; /** * The accelerator types that must be on the instance type. Default is any accelerator type. */ acceleratorTypes?: pulumi.Input[]>; /** * The instance types to apply your specified attributes against. All other instance types are ignored, even if they match your specified attributes. You can use strings with one or more wild cards,represented by an asterisk (\*). The following are examples: `c5*`, `m5a.*`, `r*`, `*3*`. For example, if you specify `c5*`, you are excluding the entire C5 instance family, which includes all C5a and C5n instance types. If you specify `m5a.*`, you are excluding all the M5a instance types, but not the M5n instance types. Maximum of 400 entries in the list; each entry is limited to 30 characters. Default is no excluded instance types. Default is any instance type. * * If you specify `AllowedInstanceTypes`, you can't specify `ExcludedInstanceTypes`. */ allowedInstanceTypes?: pulumi.Input[]>; /** * Indicate whether bare metal instace types should be `included`, `excluded`, or `required`. Default is `excluded`. */ bareMetal?: pulumi.Input; /** * Block describing the minimum and maximum baseline EBS bandwidth, in Mbps. Default is no minimum or maximum. */ baselineEbsBandwidthMbps?: pulumi.Input; /** * Indicates whether burstable performance T instance types are `included`, `excluded`, or `required`. Default is `excluded`. */ burstablePerformance?: pulumi.Input; /** * The CPU manufacturers to include. Default is any manufacturer. * > **NOTE:** Don't confuse the CPU hardware manufacturer with the CPU hardware architecture. Instances will be launched with a compatible CPU architecture based on the Amazon Machine Image (AMI) that you specify in your launch template. */ cpuManufacturers?: pulumi.Input[]>; /** * The instance types to exclude. You can use strings with one or more wild cards, represented by an asterisk (\*). The following are examples: `c5*`, `m5a.*`, `r*`, `*3*`. For example, if you specify `c5*`, you are excluding the entire C5 instance family, which includes all C5a and C5n instance types. If you specify `m5a.*`, you are excluding all the M5a instance types, but not the M5n instance types. Maximum of 400 entries in the list; each entry is limited to 30 characters. Default is no excluded instance types. * * If you specify `AllowedInstanceTypes`, you can't specify `ExcludedInstanceTypes`. */ excludedInstanceTypes?: pulumi.Input[]>; /** * Indicates whether current or previous generation instance types are included. The current generation instance types are recommended for use. Valid values are `current` and `previous`. Default is `current` and `previous` generation instance types. */ instanceGenerations?: pulumi.Input[]>; /** * Indicate whether instance types with local storage volumes are `included`, `excluded`, or `required`. Default is `included`. */ localStorage?: pulumi.Input; /** * List of local storage type names. Valid values are `hdd` and `ssd`. Default any storage type. */ localStorageTypes?: pulumi.Input[]>; /** * The price protection threshold for Spot Instances. This is the maximum you’ll pay for a Spot Instance, expressed as a percentage higher than the cheapest M, C, or R instance type with your specified attributes. When Amazon EC2 Auto Scaling selects instance types with your attributes, we will exclude instance types whose price is higher than your threshold. The parameter accepts an integer, which Amazon EC2 Auto Scaling interprets as a percentage. To turn off price protection, specify a high value, such as 999999. Conflicts with `spotMaxPricePercentageOverLowestPrice` */ maxSpotPriceAsPercentageOfOptimalOnDemandPrice?: pulumi.Input; /** * Block describing the minimum and maximum amount of memory (GiB) per vCPU. Default is no minimum or maximum. */ memoryGibPerVcpu?: pulumi.Input; /** * The minimum and maximum amount of memory per vCPU, in GiB. Default is no minimum or maximum limits. */ memoryMib: pulumi.Input; /** * The minimum and maximum amount of network bandwidth, in gigabits per second (Gbps). Default is No minimum or maximum. */ networkBandwidthGbps?: pulumi.Input; /** * Block describing the minimum and maximum number of network interfaces. Default is no minimum or maximum. */ networkInterfaceCount?: pulumi.Input; /** * The price protection threshold for On-Demand Instances. This is the maximum you’ll pay for an On-Demand Instance, expressed as a percentage higher than the cheapest M, C, or R instance type with your specified attributes. When Amazon EC2 Auto Scaling selects instance types with your attributes, we will exclude instance types whose price is higher than your threshold. The parameter accepts an integer, which Amazon EC2 Auto Scaling interprets as a percentage. To turn off price protection, specify a high value, such as 999999. Default is 20. * * If you set `targetCapacityUnitType` to `vcpu` or `memory-mib`, the price protection threshold is applied based on the per-vCPU or per-memory price instead of the per-instance price. */ onDemandMaxPricePercentageOverLowestPrice?: pulumi.Input; /** * Indicate whether instance types must support On-Demand Instance Hibernation, either `true` or `false`. Default is `false`. */ requireHibernateSupport?: pulumi.Input; /** * The price protection threshold for Spot Instances. This is the maximum you’ll pay for a Spot Instance, expressed as a percentage higher than the cheapest M, C, or R instance type with your specified attributes. When Amazon EC2 Auto Scaling selects instance types with your attributes, we will exclude instance types whose price is higher than your threshold. The parameter accepts an integer, which Amazon EC2 Auto Scaling interprets as a percentage. To turn off price protection, specify a high value, such as 999999. Default is 100. Conflicts with `maxSpotPriceAsPercentageOfOptimalOnDemandPrice` * * If you set DesiredCapacityType to vcpu or memory-mib, the price protection threshold is applied based on the per vCPU or per memory price instead of the per instance price. */ spotMaxPricePercentageOverLowestPrice?: pulumi.Input; /** * Block describing the minimum and maximum total local storage (GB). Default is no minimum or maximum. */ totalLocalStorageGb?: pulumi.Input; /** * Block describing the minimum and maximum number of vCPUs. Default is no maximum. */ vcpuCount: pulumi.Input; } export interface FleetLaunchTemplateConfigOverrideInstanceRequirementsAcceleratorCount { /** * Maximum. Set to `0` to exclude instance types with accelerators. */ max?: pulumi.Input; /** * Minimum. */ min?: pulumi.Input; } export interface FleetLaunchTemplateConfigOverrideInstanceRequirementsAcceleratorTotalMemoryMib { /** * The maximum amount of accelerator memory, in MiB. To specify no maximum limit, omit this parameter. */ max?: pulumi.Input; /** * The minimum amount of accelerator memory, in MiB. To specify no minimum limit, omit this parameter. */ min?: pulumi.Input; } export interface FleetLaunchTemplateConfigOverrideInstanceRequirementsBaselineEbsBandwidthMbps { /** * The maximum baseline bandwidth, in Mbps. To specify no maximum limit, omit this parameter.. */ max?: pulumi.Input; /** * The minimum baseline bandwidth, in Mbps. To specify no minimum limit, omit this parameter.. */ min?: pulumi.Input; } export interface FleetLaunchTemplateConfigOverrideInstanceRequirementsMemoryGibPerVcpu { /** * The maximum amount of memory per vCPU, in GiB. To specify no maximum limit, omit this parameter. */ max?: pulumi.Input; /** * The minimum amount of memory per vCPU, in GiB. To specify no minimum limit, omit this parameter. */ min?: pulumi.Input; } export interface FleetLaunchTemplateConfigOverrideInstanceRequirementsMemoryMib { /** * The maximum amount of memory, in MiB. To specify no maximum limit, omit this parameter. */ max?: pulumi.Input; /** * The minimum amount of memory, in MiB. To specify no minimum limit, specify `0`. */ min: pulumi.Input; } export interface FleetLaunchTemplateConfigOverrideInstanceRequirementsNetworkBandwidthGbps { /** * The maximum amount of network bandwidth, in Gbps. To specify no maximum limit, omit this parameter. */ max?: pulumi.Input; /** * The minimum amount of network bandwidth, in Gbps. To specify no minimum limit, omit this parameter. */ min?: pulumi.Input; } export interface FleetLaunchTemplateConfigOverrideInstanceRequirementsNetworkInterfaceCount { /** * The maximum number of network interfaces. To specify no maximum limit, omit this parameter. */ max?: pulumi.Input; /** * The minimum number of network interfaces. To specify no minimum limit, omit this parameter. */ min?: pulumi.Input; } export interface FleetLaunchTemplateConfigOverrideInstanceRequirementsTotalLocalStorageGb { /** * The maximum amount of total local storage, in GB. To specify no maximum limit, omit this parameter. */ max?: pulumi.Input; /** * The minimum amount of total local storage, in GB. To specify no minimum limit, omit this parameter. */ min?: pulumi.Input; } export interface FleetLaunchTemplateConfigOverrideInstanceRequirementsVcpuCount { /** * The maximum number of vCPUs. To specify no maximum limit, omit this parameter. */ max?: pulumi.Input; /** * The minimum number of vCPUs. To specify no minimum limit, specify `0`. */ min: pulumi.Input; } export interface FleetOnDemandOptions { /** * The order of the launch template overrides to use in fulfilling On-Demand capacity. Valid values: `lowestPrice`, `prioritized`. Default: `lowestPrice`. */ allocationStrategy?: pulumi.Input; /** * The strategy for using unused Capacity Reservations for fulfilling On-Demand capacity. Supported only for fleets of type `instant`. */ capacityReservationOptions?: pulumi.Input; /** * The maximum amount per hour for On-Demand Instances that you're willing to pay. */ maxTotalPrice?: pulumi.Input; /** * The minimum target capacity for On-Demand Instances in the fleet. If the minimum target capacity is not reached, the fleet launches no instances. Supported only for fleets of type `instant`. * If you specify `minTargetCapacity`, at least one of the following must be specified: `singleAvailabilityZone` or `singleInstanceType`. */ minTargetCapacity?: pulumi.Input; /** * Indicates that the fleet launches all On-Demand Instances into a single Availability Zone. Supported only for fleets of type `instant`. */ singleAvailabilityZone?: pulumi.Input; /** * Indicates that the fleet uses a single instance type to launch all On-Demand Instances in the fleet. Supported only for fleets of type `instant`. */ singleInstanceType?: pulumi.Input; } export interface FleetOnDemandOptionsCapacityReservationOptions { /** * Indicates whether to use unused Capacity Reservations for fulfilling On-Demand capacity. Valid values: `use-capacity-reservations-first`. */ usageStrategy?: pulumi.Input; } export interface FleetSpotOptions { /** * How to allocate the target capacity across the Spot pools. Valid values: `diversified`, `lowestPrice`, `capacity-optimized`, `capacity-optimized-prioritized` and `price-capacity-optimized`. Default: `lowestPrice`. */ allocationStrategy?: pulumi.Input; /** * Behavior when a Spot Instance is interrupted. Valid values: `hibernate`, `stop`, `terminate`. Default: `terminate`. */ instanceInterruptionBehavior?: pulumi.Input; /** * Number of Spot pools across which to allocate your target Spot capacity. Valid only when Spot `allocationStrategy` is set to `lowestPrice`. Default: `1`. */ instancePoolsToUseCount?: pulumi.Input; /** * Nested argument containing maintenance strategies for managing your Spot Instances that are at an elevated risk of being interrupted. Defined below. */ maintenanceStrategies?: pulumi.Input; /** * The maximum amount per hour for Spot Instances that you're willing to pay. */ maxTotalPrice?: pulumi.Input; /** * The minimum target capacity for Spot Instances in the fleet. If the minimum target capacity is not reached, the fleet launches no instances. Supported only for fleets of type `instant`. */ minTargetCapacity?: pulumi.Input; /** * Indicates that the fleet launches all Spot Instances into a single Availability Zone. Supported only for fleets of type `instant`. */ singleAvailabilityZone?: pulumi.Input; /** * Indicates that the fleet uses a single instance type to launch all Spot Instances in the fleet. Supported only for fleets of type `instant`. */ singleInstanceType?: pulumi.Input; } export interface FleetSpotOptionsMaintenanceStrategies { /** * Nested argument containing the capacity rebalance for your fleet request. Defined below. */ capacityRebalance?: pulumi.Input; } export interface FleetSpotOptionsMaintenanceStrategiesCapacityRebalance { /** * The replacement strategy to use. Only available for fleets of `type` set to `maintain`. Valid values: `launch`. */ replacementStrategy?: pulumi.Input; terminationDelay?: pulumi.Input; } export interface FleetTargetCapacitySpecification { /** * Default target capacity type. Valid values: `on-demand`, `spot`. */ defaultTargetCapacityType: pulumi.Input; /** * The number of On-Demand units to request. */ onDemandTargetCapacity?: pulumi.Input; /** * The number of Spot units to request. */ spotTargetCapacity?: pulumi.Input; /** * The unit for the target capacity. * If you specify `targetCapacityUnitType`, `instanceRequirements` must be specified. */ targetCapacityUnitType?: pulumi.Input; /** * The number of units to request, filled using `defaultTargetCapacityType`. */ totalTargetCapacity: pulumi.Input; } export interface FlowLogDestinationOptions { /** * File format for the flow log. Default value: `plain-text`. Valid values: `plain-text`, `parquet`. */ fileFormat?: pulumi.Input; /** * Indicates whether to use Hive-compatible prefixes for flow logs stored in Amazon S3. Default value: `false`. */ hiveCompatiblePartitions?: pulumi.Input; /** * Indicates whether to partition the flow log per hour. This reduces the cost and response time for queries. Default value: `false`. */ perHourPartition?: pulumi.Input; } export interface GetAmiFilter { /** * Name of the AMI that was provided during image creation. */ name: string; values: string[]; } export interface GetAmiFilterArgs { /** * Name of the AMI that was provided during image creation. */ name: pulumi.Input; values: pulumi.Input[]>; } export interface GetAmiIdsFilter { name: string; values: string[]; } export interface GetAmiIdsFilterArgs { name: pulumi.Input; values: pulumi.Input[]>; } export interface GetCoipPoolFilter { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeCoipPools.html). */ name: string; /** * Set of values that are accepted for the given field. * A COIP Pool will be selected if any one of the given values matches. */ values: string[]; } export interface GetCoipPoolFilterArgs { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeCoipPools.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given field. * A COIP Pool will be selected if any one of the given values matches. */ values: pulumi.Input[]>; } export interface GetCoipPoolsFilter { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeCoipPools.html). */ name: string; /** * Set of values that are accepted for the given field. * A COIP Pool will be selected if any one of the given values matches. */ values: string[]; } export interface GetCoipPoolsFilterArgs { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeCoipPools.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given field. * A COIP Pool will be selected if any one of the given values matches. */ values: pulumi.Input[]>; } export interface GetCustomerGatewayFilter { name: string; values: string[]; } export interface GetCustomerGatewayFilterArgs { name: pulumi.Input; values: pulumi.Input[]>; } export interface GetDedicatedHostFilter { /** * Name of the field to filter by, as defined by [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeHosts.html). */ name: string; /** * Set of values that are accepted for the given field. A host will be selected if any one of the given values matches. */ values: string[]; } export interface GetDedicatedHostFilterArgs { /** * Name of the field to filter by, as defined by [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeHosts.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given field. A host will be selected if any one of the given values matches. */ values: pulumi.Input[]>; } export interface GetEipsFilter { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeAddresses.html). */ name: string; /** * Set of values that are accepted for the given field. An Elastic IP will be selected if any one of the given values matches. */ values: string[]; } export interface GetEipsFilterArgs { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeAddresses.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given field. An Elastic IP will be selected if any one of the given values matches. */ values: pulumi.Input[]>; } export interface GetElasticIpFilter { name: string; values: string[]; } export interface GetElasticIpFilterArgs { name: pulumi.Input; values: pulumi.Input[]>; } export interface GetInstanceFilter { /** * Name of the filter. * For a full reference of filter names, see [describe-instances in the AWS CLI reference][1]. */ name: string; /** * One or more values to match. */ values: string[]; } export interface GetInstanceFilterArgs { /** * Name of the filter. * For a full reference of filter names, see [describe-instances in the AWS CLI reference][1]. */ name: pulumi.Input; /** * One or more values to match. */ values: pulumi.Input[]>; } export interface GetInstanceTypeOfferingFilter { /** * Name of the filter. The `location` filter depends on the top-level `locationType` argument and if not specified, defaults to the current region. */ name: string; /** * List of one or more values for the filter. */ values: string[]; } export interface GetInstanceTypeOfferingFilterArgs { /** * Name of the filter. The `location` filter depends on the top-level `locationType` argument and if not specified, defaults to the current region. */ name: pulumi.Input; /** * List of one or more values for the filter. */ values: pulumi.Input[]>; } export interface GetInstanceTypeOfferingsFilter { /** * Name of the filter. The `location` filter depends on the top-level `locationType` argument and if not specified, defaults to the current region. */ name: string; /** * List of one or more values for the filter. */ values: string[]; } export interface GetInstanceTypeOfferingsFilterArgs { /** * Name of the filter. The `location` filter depends on the top-level `locationType` argument and if not specified, defaults to the current region. */ name: pulumi.Input; /** * List of one or more values for the filter. */ values: pulumi.Input[]>; } export interface GetInstanceTypesFilter { /** * Name of the filter. */ name: string; /** * List of one or more values for the filter. */ values: string[]; } export interface GetInstanceTypesFilterArgs { /** * Name of the filter. */ name: pulumi.Input; /** * List of one or more values for the filter. */ values: pulumi.Input[]>; } export interface GetInstancesFilter { /** * Name of the filter. * For a full reference of filter names, see [describe-instances in the AWS CLI reference][1]. */ name: string; /** * One or more values to match. */ values: string[]; } export interface GetInstancesFilterArgs { /** * Name of the filter. * For a full reference of filter names, see [describe-instances in the AWS CLI reference][1]. */ name: pulumi.Input; /** * One or more values to match. */ values: pulumi.Input[]>; } export interface GetInternetGatewayFilter { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInternetGateways.html). */ name: string; /** * Set of values that are accepted for the given field. * An Internet Gateway will be selected if any one of the given values matches. */ values: string[]; } export interface GetInternetGatewayFilterArgs { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInternetGateways.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given field. * An Internet Gateway will be selected if any one of the given values matches. */ values: pulumi.Input[]>; } export interface GetKeyPairFilter { /** * Name of the filter field. Valid values can be found in the [EC2 DescribeKeyPairs API Reference](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeKeyPairs.html). */ name: string; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: string[]; } export interface GetKeyPairFilterArgs { /** * Name of the filter field. Valid values can be found in the [EC2 DescribeKeyPairs API Reference](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeKeyPairs.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: pulumi.Input[]>; } export interface GetLaunchTemplateFilter { /** * Name of the filter field. Valid values can be found in the [EC2 DescribeLaunchTemplates API Reference](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeLaunchTemplates.html). */ name: string; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: string[]; } export interface GetLaunchTemplateFilterArgs { /** * Name of the filter field. Valid values can be found in the [EC2 DescribeLaunchTemplates API Reference](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeLaunchTemplates.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: pulumi.Input[]>; } export interface GetLocalGatewayFilter { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeLocalGateways.html). */ name: string; /** * Set of values that are accepted for the given field. * A Local Gateway will be selected if any one of the given values matches. */ values: string[]; } export interface GetLocalGatewayFilterArgs { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeLocalGateways.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given field. * A Local Gateway will be selected if any one of the given values matches. */ values: pulumi.Input[]>; } export interface GetLocalGatewayRouteTableFilter { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeLocalGatewayRouteTables.html). */ name: string; /** * Set of values that are accepted for the given field. * A local gateway route table will be selected if any one of the given values matches. */ values: string[]; } export interface GetLocalGatewayRouteTableFilterArgs { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeLocalGatewayRouteTables.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given field. * A local gateway route table will be selected if any one of the given values matches. */ values: pulumi.Input[]>; } export interface GetLocalGatewayRouteTablesFilter { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeLocalGatewayRouteTables.html). */ name: string; /** * Set of values that are accepted for the given field. * A Local Gateway Route Table will be selected if any one of the given values matches. */ values: string[]; } export interface GetLocalGatewayRouteTablesFilterArgs { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeLocalGatewayRouteTables.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given field. * A Local Gateway Route Table will be selected if any one of the given values matches. */ values: pulumi.Input[]>; } export interface GetLocalGatewayVirtualInterfaceFilter { /** * Name of the filter. */ name: string; /** * List of one or more values for the filter. */ values: string[]; } export interface GetLocalGatewayVirtualInterfaceFilterArgs { /** * Name of the filter. */ name: pulumi.Input; /** * List of one or more values for the filter. */ values: pulumi.Input[]>; } export interface GetLocalGatewayVirtualInterfaceGroupFilter { /** * Name of the filter. */ name: string; /** * List of one or more values for the filter. */ values: string[]; } export interface GetLocalGatewayVirtualInterfaceGroupFilterArgs { /** * Name of the filter. */ name: pulumi.Input; /** * List of one or more values for the filter. */ values: pulumi.Input[]>; } export interface GetLocalGatewayVirtualInterfaceGroupsFilter { /** * Name of the filter. */ name: string; /** * List of one or more values for the filter. */ values: string[]; } export interface GetLocalGatewayVirtualInterfaceGroupsFilterArgs { /** * Name of the filter. */ name: pulumi.Input; /** * List of one or more values for the filter. */ values: pulumi.Input[]>; } export interface GetLocalGatewaysFilter { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeLocalGateways.html). */ name: string; /** * Set of values that are accepted for the given field. * A Local Gateway will be selected if any one of the given values matches. */ values: string[]; } export interface GetLocalGatewaysFilterArgs { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeLocalGateways.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given field. * A Local Gateway will be selected if any one of the given values matches. */ values: pulumi.Input[]>; } export interface GetManagedPrefixListFilter { /** * Name of the filter field. Valid values can be found in the EC2 [DescribeManagedPrefixLists](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeManagedPrefixLists.html) API Reference. */ name: string; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: string[]; } export interface GetManagedPrefixListFilterArgs { /** * Name of the filter field. Valid values can be found in the EC2 [DescribeManagedPrefixLists](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeManagedPrefixLists.html) API Reference. */ name: pulumi.Input; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: pulumi.Input[]>; } export interface GetManagedPrefixListsFilter { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeManagedPrefixLists.html). */ name: string; /** * Set of values that are accepted for the given field. * A managed prefix list will be selected if any one of the given values matches. */ values: string[]; } export interface GetManagedPrefixListsFilterArgs { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeManagedPrefixLists.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given field. * A managed prefix list will be selected if any one of the given values matches. */ values: pulumi.Input[]>; } export interface GetNatGatewayFilter { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeNatGateways.html). */ name: string; /** * Set of values that are accepted for the given field. * An Nat Gateway will be selected if any one of the given values matches. */ values: string[]; } export interface GetNatGatewayFilterArgs { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeNatGateways.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given field. * An Nat Gateway will be selected if any one of the given values matches. */ values: pulumi.Input[]>; } export interface GetNatGatewaysFilter { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeNatGateways.html). */ name: string; /** * Set of values that are accepted for the given field. * A Nat Gateway will be selected if any one of the given values matches. */ values: string[]; } export interface GetNatGatewaysFilterArgs { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeNatGateways.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given field. * A Nat Gateway will be selected if any one of the given values matches. */ values: pulumi.Input[]>; } export interface GetNetworkAclsFilter { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeNetworkAcls.html). */ name: string; /** * Set of values that are accepted for the given field. * A VPC will be selected if any one of the given values matches. */ values: string[]; } export interface GetNetworkAclsFilterArgs { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeNetworkAcls.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given field. * A VPC will be selected if any one of the given values matches. */ values: pulumi.Input[]>; } export interface GetNetworkInsightsAnalysisFilter { /** * Name of the filter field. Valid values can be found in the EC2 [`DescribeNetworkInsightsAnalyses`](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeNetworkInsightsAnalyses.html) API Reference. */ name: string; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: string[]; } export interface GetNetworkInsightsAnalysisFilterArgs { /** * Name of the filter field. Valid values can be found in the EC2 [`DescribeNetworkInsightsAnalyses`](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeNetworkInsightsAnalyses.html) API Reference. */ name: pulumi.Input; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: pulumi.Input[]>; } export interface GetNetworkInsightsPathFilter { /** * Name of the filter field. Valid values can be found in the EC2 [`DescribeNetworkInsightsPaths`](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeNetworkInsightsPaths.html) API Reference. */ name: string; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: string[]; } export interface GetNetworkInsightsPathFilterArgs { /** * Name of the filter field. Valid values can be found in the EC2 [`DescribeNetworkInsightsPaths`](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeNetworkInsightsPaths.html) API Reference. */ name: pulumi.Input; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: pulumi.Input[]>; } export interface GetNetworkInterfaceFilter { name: string; values: string[]; } export interface GetNetworkInterfaceFilterArgs { name: pulumi.Input; values: pulumi.Input[]>; } export interface GetNetworkInterfacesFilter { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeNetworkInterfaces.html). */ name: string; /** * Set of values that are accepted for the given field. */ values: string[]; } export interface GetNetworkInterfacesFilterArgs { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeNetworkInterfaces.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given field. */ values: pulumi.Input[]>; } export interface GetPrefixListFilter { /** * Name of the filter field. Valid values can be found in the [EC2 DescribePrefixLists API Reference](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribePrefixLists.html). */ name: string; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: string[]; } export interface GetPrefixListFilterArgs { /** * Name of the filter field. Valid values can be found in the [EC2 DescribePrefixLists API Reference](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribePrefixLists.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: pulumi.Input[]>; } export interface GetPublicIpv4PoolsFilter { /** * Name of the field to filter by, as defined by [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribePublicIpv4Pools.html). */ name: string; /** * Set of values that are accepted for the given field. Pool IDs will be selected if any one of the given values match. */ values: string[]; } export interface GetPublicIpv4PoolsFilterArgs { /** * Name of the field to filter by, as defined by [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribePublicIpv4Pools.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given field. Pool IDs will be selected if any one of the given values match. */ values: pulumi.Input[]>; } export interface GetRouteTableFilter { /** * Name of the field to filter by, as defined by [the underlying AWS API](http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeRouteTables.html). */ name: string; /** * Set of values that are accepted for the given field. A Route Table will be selected if any one of the given values matches. */ values: string[]; } export interface GetRouteTableFilterArgs { /** * Name of the field to filter by, as defined by [the underlying AWS API](http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeRouteTables.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given field. A Route Table will be selected if any one of the given values matches. */ values: pulumi.Input[]>; } export interface GetRouteTablesFilter { /** * Name of the field to filter by, as defined by * [the underlying AWS API](http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeRouteTables.html). */ name: string; /** * Set of values that are accepted for the given field. * A Route Table will be selected if any one of the given values matches. */ values: string[]; } export interface GetRouteTablesFilterArgs { /** * Name of the field to filter by, as defined by * [the underlying AWS API](http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeRouteTables.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given field. * A Route Table will be selected if any one of the given values matches. */ values: pulumi.Input[]>; } export interface GetSecurityGroupFilter { /** * Name of the field to filter by, as defined by * [the underlying AWS API](http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html). */ name: string; /** * Set of values that are accepted for the given field. * A Security Group will be selected if any one of the given values matches. */ values: string[]; } export interface GetSecurityGroupFilterArgs { /** * Name of the field to filter by, as defined by * [the underlying AWS API](http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given field. * A Security Group will be selected if any one of the given values matches. */ values: pulumi.Input[]>; } export interface GetSecurityGroupsFilter { name: string; values: string[]; } export interface GetSecurityGroupsFilterArgs { name: pulumi.Input; values: pulumi.Input[]>; } export interface GetSpotPriceFilter { /** * Name of the filter. */ name: string; /** * List of one or more values for the filter. */ values: string[]; } export interface GetSpotPriceFilterArgs { /** * Name of the filter. */ name: pulumi.Input; /** * List of one or more values for the filter. */ values: pulumi.Input[]>; } export interface GetSubnetFilter { /** * Name of the field to filter by, as defined by [the underlying AWS API](http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSubnets.html). */ name: string; /** * Set of values that are accepted for the given field. A subnet will be selected if any one of the given values matches. */ values: string[]; } export interface GetSubnetFilterArgs { /** * Name of the field to filter by, as defined by [the underlying AWS API](http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSubnets.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given field. A subnet will be selected if any one of the given values matches. */ values: pulumi.Input[]>; } export interface GetSubnetsFilter { /** * Name of the field to filter by, as defined by * [the underlying AWS API](http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSubnets.html). * For example, if matching against tag `Name`, use: */ name: string; /** * Set of values that are accepted for the given field. * Subnet IDs will be selected if any one of the given values match. */ values: string[]; } export interface GetSubnetsFilterArgs { /** * Name of the field to filter by, as defined by * [the underlying AWS API](http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSubnets.html). * For example, if matching against tag `Name`, use: */ name: pulumi.Input; /** * Set of values that are accepted for the given field. * Subnet IDs will be selected if any one of the given values match. */ values: pulumi.Input[]>; } export interface GetTransitGatewayRouteTablesFilter { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeTransitGatewayRouteTables.html). */ name: string; /** * Set of values that are accepted for the given field. * A Transit Gateway Route Table will be selected if any one of the given values matches. */ values: string[]; } export interface GetTransitGatewayRouteTablesFilterArgs { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeTransitGatewayRouteTables.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given field. * A Transit Gateway Route Table will be selected if any one of the given values matches. */ values: pulumi.Input[]>; } export interface GetVpcDhcpOptionsFilter { /** * Name of the field to filter. */ name: string; /** * Set of values for filtering. * * For more information about filtering, see the [EC2 API documentation](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeDhcpOptions.html). */ values: string[]; } export interface GetVpcDhcpOptionsFilterArgs { /** * Name of the field to filter. */ name: pulumi.Input; /** * Set of values for filtering. * * For more information about filtering, see the [EC2 API documentation](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeDhcpOptions.html). */ values: pulumi.Input[]>; } export interface GetVpcEndpointFilter { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeVpcEndpoints.html). */ name: string; /** * Set of values that are accepted for the given field. * A VPC Endpoint will be selected if any one of the given values matches. */ values: string[]; } export interface GetVpcEndpointFilterArgs { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeVpcEndpoints.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given field. * A VPC Endpoint will be selected if any one of the given values matches. */ values: pulumi.Input[]>; } export interface GetVpcEndpointServiceFilter { /** * Name of the filter field. Valid values can be found in the [EC2 DescribeVpcEndpointServices API Reference](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeVpcEndpointServices.html). */ name: string; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: string[]; } export interface GetVpcEndpointServiceFilterArgs { /** * Name of the filter field. Valid values can be found in the [EC2 DescribeVpcEndpointServices API Reference](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeVpcEndpointServices.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: pulumi.Input[]>; } export interface GetVpcFilter { /** * Name of the field to filter by, as defined by * [the underlying AWS API](http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeVpcs.html). */ name: string; /** * Set of values that are accepted for the given field. * A VPC will be selected if any one of the given values matches. */ values: string[]; } export interface GetVpcFilterArgs { /** * Name of the field to filter by, as defined by * [the underlying AWS API](http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeVpcs.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given field. * A VPC will be selected if any one of the given values matches. */ values: pulumi.Input[]>; } export interface GetVpcIpamPoolCidrsFilter { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_GetIpamPoolCidrs.html). */ name: string; /** * Set of values that are accepted for the given field. */ values: string[]; } export interface GetVpcIpamPoolCidrsFilterArgs { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_GetIpamPoolCidrs.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given field. */ values: pulumi.Input[]>; } export interface GetVpcIpamPoolFilter { /** * The name of the filter. Filter names are case-sensitive. */ name: string; /** * The filter values. Filter values are case-sensitive. */ values: string[]; } export interface GetVpcIpamPoolFilterArgs { /** * The name of the filter. Filter names are case-sensitive. */ name: pulumi.Input; /** * The filter values. Filter values are case-sensitive. */ values: pulumi.Input[]>; } export interface GetVpcIpamPoolsFilter { /** * The name of the filter. Filter names are case-sensitive. */ name: string; /** * The filter values. Filter values are case-sensitive. */ values: string[]; } export interface GetVpcIpamPoolsFilterArgs { /** * The name of the filter. Filter names are case-sensitive. */ name: pulumi.Input; /** * The filter values. Filter values are case-sensitive. */ values: pulumi.Input[]>; } export interface GetVpcIpamsFilter { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeIpams.html). */ name: string; /** * Set of values that are accepted for the given field. * An IPAM resource will be selected if any one of the given values matches. */ values: string[]; } export interface GetVpcIpamsFilterArgs { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeIpams.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given field. * An IPAM resource will be selected if any one of the given values matches. */ values: pulumi.Input[]>; } export interface GetVpcPeeringConnectionFilter { /** * Name of the field to filter by, as defined by * [the underlying AWS API](http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeVpcPeeringConnections.html). */ name: string; /** * Set of values that are accepted for the given field. * A VPC Peering Connection will be selected if any one of the given values matches. */ values: string[]; } export interface GetVpcPeeringConnectionFilterArgs { /** * Name of the field to filter by, as defined by * [the underlying AWS API](http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeVpcPeeringConnections.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given field. * A VPC Peering Connection will be selected if any one of the given values matches. */ values: pulumi.Input[]>; } export interface GetVpcPeeringConnectionsFilter { /** * Name of the field to filter by, as defined by * [the underlying AWS API](http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeVpcPeeringConnections.html). */ name: string; /** * Set of values that are accepted for the given field. * A VPC Peering Connection will be selected if any one of the given values matches. */ values: string[]; } export interface GetVpcPeeringConnectionsFilterArgs { /** * Name of the field to filter by, as defined by * [the underlying AWS API](http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeVpcPeeringConnections.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given field. * A VPC Peering Connection will be selected if any one of the given values matches. */ values: pulumi.Input[]>; } export interface GetVpcsFilter { /** * Name of the field to filter by, as defined by * [the underlying AWS API](http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeVpcs.html). */ name: string; /** * Set of values that are accepted for the given field. * A VPC will be selected if any one of the given values matches. */ values: string[]; } export interface GetVpcsFilterArgs { /** * Name of the field to filter by, as defined by * [the underlying AWS API](http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeVpcs.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given field. * A VPC will be selected if any one of the given values matches. */ values: pulumi.Input[]>; } export interface GetVpnConnectionFilter { /** * Name of the filter field. Valid values can be found in the [EC2 `DescribeVPNConnections` API Reference](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeVpnConnections.html). */ name: string; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: string[]; } export interface GetVpnConnectionFilterArgs { /** * Name of the filter field. Valid values can be found in the [EC2 `DescribeVPNConnections` API Reference](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeVpnConnections.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: pulumi.Input[]>; } export interface GetVpnGatewayFilter { /** * Name of the field to filter by, as defined by * [the underlying AWS API](http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeVpnGateways.html). */ name: string; /** * Set of values that are accepted for the given field. * A VPN Gateway will be selected if any one of the given values matches. */ values: string[]; } export interface GetVpnGatewayFilterArgs { /** * Name of the field to filter by, as defined by * [the underlying AWS API](http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeVpnGateways.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given field. * A VPN Gateway will be selected if any one of the given values matches. */ values: pulumi.Input[]>; } export interface InstanceCapacityReservationSpecification { /** * Indicates the instance's Capacity Reservation preferences. Can be `"open"` or `"none"`. (Default: `"open"`). */ capacityReservationPreference?: pulumi.Input; /** * Information about the target Capacity Reservation. See Capacity Reservation Target below for more details. * * For more information, see the documentation on [Capacity Reservations](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/capacity-reservations-using.html). */ capacityReservationTarget?: pulumi.Input; } export interface InstanceCapacityReservationSpecificationCapacityReservationTarget { /** * ID of the Capacity Reservation in which to run the instance. */ capacityReservationId?: pulumi.Input; /** * ARN of the Capacity Reservation resource group in which to run the instance. */ capacityReservationResourceGroupArn?: pulumi.Input; } export interface InstanceCpuOptions { /** * Indicates whether to enable the instance for AMD SEV-SNP. AMD SEV-SNP is supported with M6a, R6a, and C6a instance types only. Valid values are `enabled` and `disabled`. */ amdSevSnp?: pulumi.Input; /** * Sets the number of CPU cores for an instance. This option is only supported on creation of instance type that support CPU Options [CPU Cores and Threads Per CPU Core Per Instance Type](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-optimize-cpu.html#cpu-options-supported-instances-values) - specifying this option for unsupported instance types will return an error from the EC2 API. */ coreCount?: pulumi.Input; /** * If set to 1, hyperthreading is disabled on the launched instance. Defaults to 2 if not set. See [Optimizing CPU Options](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-optimize-cpu.html) for more information. * * For more information, see the documentation on [Optimizing CPU options](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-optimize-cpu.html). */ threadsPerCore?: pulumi.Input; } export interface InstanceCreditSpecification { /** * Credit option for CPU usage. Valid values include `standard` or `unlimited`. T3 instances are launched as unlimited by default. T2 instances are launched as standard by default. */ cpuCredits?: pulumi.Input; } export interface InstanceEbsBlockDevice { /** * Whether the volume should be destroyed on instance termination. Defaults to `true`. */ deleteOnTermination?: pulumi.Input; /** * Name of the device to mount. */ deviceName: pulumi.Input; /** * Enables [EBS encryption](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) on the volume. Defaults to `false`. Cannot be used with `snapshotId`. Must be configured to perform drift detection. */ encrypted?: pulumi.Input; /** * Amount of provisioned [IOPS](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-io-characteristics.html). Only valid for volumeType of `io1`, `io2` or `gp3`. */ iops?: pulumi.Input; /** * Amazon Resource Name (ARN) of the KMS Key to use when encrypting the volume. Must be configured to perform drift detection. */ kmsKeyId?: pulumi.Input; /** * Snapshot ID to mount. */ snapshotId?: pulumi.Input; /** * Map of tags to assign to the device. **Note:** Tags specified here are applied after instance creation via a separate API call. This means they cannot be used with IAM policies that require tags during resource creation (e.g., ABAC policies with `ec2:CreateAction` conditions or SCPs requiring volume tags). For ABAC compliance, use `volumeTags` instead, which applies uniform tags to all volumes during instance creation. */ tags?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block. */ tagsAll?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Throughput to provision for a volume in mebibytes per second (MiB/s). This is only valid for `volumeType` of `gp3`. */ throughput?: pulumi.Input; /** * ID of the volume. For example, the ID can be accessed like this, `aws_instance.web.root_block_device.0.volume_id`. */ volumeId?: pulumi.Input; /** * Size of the volume in gibibytes (GiB). */ volumeSize?: pulumi.Input; /** * Type of volume. Valid values include `standard`, `gp2`, `gp3`, `io1`, `io2`, `sc1`, or `st1`. Defaults to `gp2`. * * > **NOTE:** Currently, changes to the `ebsBlockDevice` configuration of _existing_ resources cannot be automatically detected by this provider. To manage changes and attachments of an EBS block to an instance, use the `aws.ebs.Volume` and `aws.ec2.VolumeAttachment` resources instead. If you use `ebsBlockDevice` on an `aws.ec2.Instance`, this provider will assume management over the full set of non-root EBS block devices for the instance, treating additional block devices as drift. For this reason, `ebsBlockDevice` cannot be mixed with external `aws.ebs.Volume` and `aws.ec2.VolumeAttachment` resources for a given instance. */ volumeType?: pulumi.Input; } export interface InstanceEnclaveOptions { /** * Whether Nitro Enclaves will be enabled on the instance. Defaults to `false`. * * For more information, see the documentation on [Nitro Enclaves](https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave.html). */ enabled?: pulumi.Input; } export interface InstanceEphemeralBlockDevice { /** * Name of the block device to mount on the instance. */ deviceName: pulumi.Input; /** * Suppresses the specified device included in the AMI's block device mapping. */ noDevice?: pulumi.Input; /** * [Instance Store Device Name](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html#InstanceStoreDeviceNames) (e.g., `ephemeral0`). * * Each AWS Instance type has a different set of Instance Store block devices available for attachment. AWS [publishes a list](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html#StorageOnInstanceTypes) of which ephemeral devices are available on each type. The devices are always identified by the `virtualName` in the format `ephemeral{0..N}`. */ virtualName?: pulumi.Input; } export interface InstanceInstanceMarketOptions { /** * Type of market for the instance. Valid values are `spot` and `capacity-block`. Defaults to `spot`. Required if `spotOptions` is specified. */ marketType?: pulumi.Input; /** * Block to configure the options for Spot Instances. See Spot Options below for details on attributes. */ spotOptions?: pulumi.Input; } export interface InstanceInstanceMarketOptionsSpotOptions { /** * The behavior when a Spot Instance is interrupted. Valid values include `hibernate`, `stop`, `terminate` . The default is `terminate`. */ instanceInterruptionBehavior?: pulumi.Input; /** * The maximum hourly price that you're willing to pay for a Spot Instance. */ maxPrice?: pulumi.Input; /** * The Spot Instance request type. Valid values include `one-time`, `persistent`. Persistent Spot Instance requests are only supported when the instance interruption behavior is either hibernate or stop. The default is `one-time`. */ spotInstanceType?: pulumi.Input; /** * The end date of the request, in UTC format (YYYY-MM-DDTHH:MM:SSZ). Supported only for persistent requests. */ validUntil?: pulumi.Input; } export interface InstanceLaunchTemplate { /** * ID of the launch template. Conflicts with `name`. */ id?: pulumi.Input; /** * Name of the launch template. Conflicts with `id`. */ name?: pulumi.Input; /** * Template version. Can be a specific version number, `$Latest` or `$Default`. The default value is `$Default`. */ version?: pulumi.Input; } export interface InstanceMaintenanceOptions { /** * Automatic recovery behavior of the Instance. Can be `"default"` or `"disabled"`. See [Recover your instance](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-recover.html) for more details. */ autoRecovery?: pulumi.Input; } export interface InstanceMetadataOptions { /** * Whether the metadata service is available. Valid values include `enabled` or `disabled`. Defaults to `enabled`. */ httpEndpoint?: pulumi.Input; /** * Whether the IPv6 endpoint for the instance metadata service is enabled. Defaults to `disabled`. */ httpProtocolIpv6?: pulumi.Input; /** * Desired HTTP PUT response hop limit for instance metadata requests. The larger the number, the further instance metadata requests can travel. Valid values are integer from `1` to `64`. Defaults to `1`. */ httpPutResponseHopLimit?: pulumi.Input; /** * Whether or not the metadata service requires session tokens, also referred to as _Instance Metadata Service Version 2 (IMDSv2)_. Valid values include `optional` or `required`. */ httpTokens?: pulumi.Input; /** * Enables or disables access to instance tags from the instance metadata service. Valid values include `enabled` or `disabled`. Defaults to `disabled`. * * For more information, see the documentation on the [Instance Metadata Service](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html). */ instanceMetadataTags?: pulumi.Input; } export interface InstanceNetworkInterface { /** * Whether or not to delete the network interface on instance termination. Defaults to `false`. Currently, the only valid value is `false`, as this is only supported when creating new network interfaces when launching an instance. */ deleteOnTermination?: pulumi.Input; /** * Integer index of the network interface attachment. Limited by instance type. */ deviceIndex: pulumi.Input; /** * Integer index of the network card. Limited by instance type. The default index is `0`. */ networkCardIndex?: pulumi.Input; /** * ID of the network interface to attach. */ networkInterfaceId: pulumi.Input; } export interface InstancePrimaryNetworkInterface { /** * Whether the network interface will be deleted when the instance terminates. */ deleteOnTermination?: pulumi.Input; /** * ID of the network interface to attach. */ networkInterfaceId: pulumi.Input; } export interface InstancePrivateDnsNameOptions { /** * Indicates whether to respond to DNS queries for instance hostnames with DNS A records. */ enableResourceNameDnsARecord?: pulumi.Input; /** * Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. */ enableResourceNameDnsAaaaRecord?: pulumi.Input; /** * Type of hostname for Amazon EC2 instances. For IPv4 only subnets, an instance DNS name must be based on the instance IPv4 address. For IPv6 native subnets, an instance DNS name must be based on the instance ID. For dual-stack subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: `ip-name` and `resource-name`. */ hostnameType?: pulumi.Input; } export interface InstanceRootBlockDevice { /** * Whether the volume should be destroyed on instance termination. Defaults to `true`. */ deleteOnTermination?: pulumi.Input; /** * Device name, e.g., `/dev/sdh` or `xvdh`. */ deviceName?: pulumi.Input; /** * Whether to enable volume encryption. Defaults to `false`. Must be configured to perform drift detection. */ encrypted?: pulumi.Input; /** * Amount of provisioned [IOPS](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-io-characteristics.html). Only valid for volumeType of `io1`, `io2` or `gp3`. */ iops?: pulumi.Input; /** * Amazon Resource Name (ARN) of the KMS Key to use when encrypting the volume. Must be configured to perform drift detection. */ kmsKeyId?: pulumi.Input; /** * Map of tags to assign to the device. **Note:** Tags specified here are applied after instance creation via a separate API call. This means they cannot be used with IAM policies that require tags during resource creation (e.g., ABAC policies with `ec2:CreateAction` conditions or SCPs requiring volume tags). For ABAC compliance, use `volumeTags` instead, which applies uniform tags to all volumes during instance creation. */ tags?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block. */ tagsAll?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Throughput to provision for a volume in mebibytes per second (MiB/s). This is only valid for `volumeType` of `gp3`. */ throughput?: pulumi.Input; /** * ID of the volume. For example, the ID can be accessed like this, `aws_instance.web.root_block_device.0.volume_id`. */ volumeId?: pulumi.Input; /** * Size of the volume in gibibytes (GiB). */ volumeSize?: pulumi.Input; /** * Type of volume. Valid values include `standard`, `gp2`, `gp3`, `io1`, `io2`, `sc1`, or `st1`. Defaults to the volume type that the AMI uses. * * Modifying the `encrypted` or `kmsKeyId` settings of the `rootBlockDevice` requires resource replacement. */ volumeType?: pulumi.Input; } export interface LaunchConfigurationEbsBlockDevice { deleteOnTermination?: pulumi.Input; deviceName: pulumi.Input; encrypted?: pulumi.Input; iops?: pulumi.Input; noDevice?: pulumi.Input; snapshotId?: pulumi.Input; throughput?: pulumi.Input; volumeSize?: pulumi.Input; volumeType?: pulumi.Input; } export interface LaunchConfigurationEphemeralBlockDevice { deviceName: pulumi.Input; noDevice?: pulumi.Input; virtualName?: pulumi.Input; } export interface LaunchConfigurationMetadataOptions { /** * The state of the metadata service: `enabled`, `disabled`. */ httpEndpoint?: pulumi.Input; /** * The desired HTTP PUT response hop limit for instance metadata requests. */ httpPutResponseHopLimit?: pulumi.Input; /** * If session tokens are required: `optional`, `required`. */ httpTokens?: pulumi.Input; } export interface LaunchConfigurationRootBlockDevice { deleteOnTermination?: pulumi.Input; encrypted?: pulumi.Input; iops?: pulumi.Input; throughput?: pulumi.Input; volumeSize?: pulumi.Input; volumeType?: pulumi.Input; } export interface LaunchTemplateBlockDeviceMapping { /** * The name of the device to mount. */ deviceName?: pulumi.Input; /** * Configure EBS volume properties. */ ebs?: pulumi.Input; /** * Suppresses the specified device included in the AMI's block device mapping. */ noDevice?: pulumi.Input; /** * The [Instance Store Device * Name](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html#InstanceStoreDeviceNames) * (e.g., `"ephemeral0"`). */ virtualName?: pulumi.Input; } export interface LaunchTemplateBlockDeviceMappingEbs { /** * Whether the volume should be destroyed on instance termination. * See [Preserving Amazon EBS Volumes on Instance Termination](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/preserving-volumes-on-termination.html) for more information. */ deleteOnTermination?: pulumi.Input; /** * Enables [EBS encryption](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) on the volume. * Cannot be used with `snapshotId`. */ encrypted?: pulumi.Input; /** * The amount of provisioned [IOPS](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-io-characteristics.html). * This must be set with a `volumeType` of `"io1/io2/gp3"`. */ iops?: pulumi.Input; /** * Identifier (key ID, key alias, key ARN, or alias ARN) of the customer managed KMS key to use for EBS encryption. * `encrypted` must be set to `true` when this is set. */ kmsKeyId?: pulumi.Input; /** * The Snapshot ID to mount. */ snapshotId?: pulumi.Input; /** * The throughput to provision for a `gp3` volume in MiB/s (specified as an integer, e.g., 500), with a maximum of 1,000 MiB/s. */ throughput?: pulumi.Input; /** * The volume initialization rate in MiB/s (specified as an integer, e.g. 100), with a minimum of 100 MiB/s and maximum of 300 MiB/s. */ volumeInitializationRate?: pulumi.Input; /** * The size of the volume in gigabytes. */ volumeSize?: pulumi.Input; /** * The volume type. * Can be one of `standard`, `gp2`, `gp3`, `io1`, `io2`, `sc1` or `st1`. */ volumeType?: pulumi.Input; } export interface LaunchTemplateCapacityReservationSpecification { /** * Indicates the instance's Capacity Reservation preferences. Can be `capacity-reservations-only`, `open` or `none`. If `capacityReservationId` or `capacityReservationResourceGroupArn` is specified in `capacityReservationTarget` block, either omit `capacityReservationPreference` or set it to `capacity-reservations-only`. */ capacityReservationPreference?: pulumi.Input; /** * Used to target a specific Capacity Reservation: */ capacityReservationTarget?: pulumi.Input; } export interface LaunchTemplateCapacityReservationSpecificationCapacityReservationTarget { /** * The ID of the Capacity Reservation in which to run the instance. */ capacityReservationId?: pulumi.Input; /** * The ARN of the Capacity Reservation resource group in which to run the instance. */ capacityReservationResourceGroupArn?: pulumi.Input; } export interface LaunchTemplateCpuOptions { /** * Indicates whether to enable the instance for AMD SEV-SNP. AMD SEV-SNP is supported with M6a, R6a, and C6a instance types only. Valid values are `enabled` and `disabled`. */ amdSevSnp?: pulumi.Input; /** * The number of CPU cores for the instance. */ coreCount?: pulumi.Input; /** * The number of threads per CPU core. * To disable Intel Hyper-Threading Technology for the instance, specify a value of 1. * Otherwise, specify the default value of 2. * * Both number of CPU cores and threads per core must be specified. Valid number of CPU cores and threads per core for the instance type can be found in the [CPU Options Documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-optimize-cpu.html?shortFooter=true#cpu-options-supported-instances-values) */ threadsPerCore?: pulumi.Input; } export interface LaunchTemplateCreditSpecification { /** * The credit option for CPU usage. * Can be `standard` or `unlimited`. * T3 instances are launched as `unlimited` by default. * T2 instances are launched as `standard` by default. */ cpuCredits?: pulumi.Input; } export interface LaunchTemplateEnclaveOptions { /** * If set to `true`, Nitro Enclaves will be enabled on the instance. * * For more information, see the documentation on [Nitro Enclaves](https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave.html). */ enabled?: pulumi.Input; } export interface LaunchTemplateHibernationOptions { /** * If set to `true`, the launched EC2 instance will hibernation enabled. */ configured: pulumi.Input; } export interface LaunchTemplateIamInstanceProfile { /** * The Amazon Resource Name (ARN) of the instance profile. Conflicts with `name`. */ arn?: pulumi.Input; /** * The name of the instance profile. */ name?: pulumi.Input; } export interface LaunchTemplateInstanceMarketOptions { /** * The market type. Can be `spot`. */ marketType?: pulumi.Input; /** * The options for [Spot Instance](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-spot-instances.html) */ spotOptions?: pulumi.Input; } export interface LaunchTemplateInstanceMarketOptionsSpotOptions { /** * The required duration in minutes. This value must be a multiple of 60. */ blockDurationMinutes?: pulumi.Input; /** * The behavior when a Spot Instance is interrupted. Can be `hibernate`, * `stop`, or `terminate`. (Default: `terminate`). */ instanceInterruptionBehavior?: pulumi.Input; /** * The maximum hourly price you're willing to pay for the Spot Instances. */ maxPrice?: pulumi.Input; /** * The Spot Instance request type. Can be `one-time`, or `persistent`. */ spotInstanceType?: pulumi.Input; /** * The end date of the request. */ validUntil?: pulumi.Input; } export interface LaunchTemplateInstanceRequirements { /** * Block describing the minimum and maximum number of accelerators (GPUs, FPGAs, or AWS Inferentia chips). Default is no minimum or maximum. */ acceleratorCount?: pulumi.Input; /** * List of accelerator manufacturer names. Default is any manufacturer. * * ``` * Valid names: * * amazon-web-services * * amd * * nvidia * * xilinx * ``` */ acceleratorManufacturers?: pulumi.Input[]>; /** * List of accelerator names. Default is any acclerator. * * ``` * Valid names: * * a100 - NVIDIA A100 GPUs * * v100 - NVIDIA V100 GPUs * * k80 - NVIDIA K80 GPUs * * t4 - NVIDIA T4 GPUs * * m60 - NVIDIA M60 GPUs * * radeon-pro-v520 - AMD Radeon Pro V520 GPUs * * vu9p - Xilinx VU9P FPGAs * ``` */ acceleratorNames?: pulumi.Input[]>; /** * Block describing the minimum and maximum total memory of the accelerators. Default is no minimum or maximum. */ acceleratorTotalMemoryMib?: pulumi.Input; /** * List of accelerator types. Default is any accelerator type. * * ``` * Valid types: * * fpga * * gpu * * inference * ``` */ acceleratorTypes?: pulumi.Input[]>; /** * List of instance types to apply your specified attributes against. All other instance types are ignored, even if they match your specified attributes. You can use strings with one or more wild cards, represented by an asterisk (\*), to allow an instance type, size, or generation. The following are examples: `m5.8xlarge`, `c5*.*`, `m5a.*`, `r*`, `*3*`. For example, if you specify `c5*`, you are allowing the entire C5 instance family, which includes all C5a and C5n instance types. If you specify `m5a.*`, you are allowing all the M5a instance types, but not the M5n instance types. Maximum of 400 entries in the list; each entry is limited to 30 characters. Default is all instance types. * * > **NOTE:** If you specify `allowedInstanceTypes`, you can't specify `excludedInstanceTypes`. */ allowedInstanceTypes?: pulumi.Input[]>; /** * Indicate whether bare metal instace types should be `included`, `excluded`, or `required`. Default is `excluded`. */ bareMetal?: pulumi.Input; /** * Block describing the minimum and maximum baseline EBS bandwidth, in Mbps. Default is no minimum or maximum. */ baselineEbsBandwidthMbps?: pulumi.Input; /** * Indicate whether burstable performance instance types should be `included`, `excluded`, or `required`. Default is `excluded`. */ burstablePerformance?: pulumi.Input; /** * List of CPU manufacturer names. Default is any manufacturer. * * > **NOTE:** Don't confuse the CPU hardware manufacturer with the CPU hardware architecture. Instances will be launched with a compatible CPU architecture based on the Amazon Machine Image (AMI) that you specify in your launch template. * * ``` * Valid names: * * amazon-web-services * * amd * * intel * ``` */ cpuManufacturers?: pulumi.Input[]>; /** * List of instance types to exclude. You can use strings with one or more wild cards, represented by an asterisk (\*), to exclude an instance type, size, or generation. The following are examples: `m5.8xlarge`, `c5*.*`, `m5a.*`, `r*`, `*3*`. For example, if you specify `c5*`, you are excluding the entire C5 instance family, which includes all C5a and C5n instance types. If you specify `m5a.*`, you are excluding all the M5a instance types, but not the M5n instance types. Maximum of 400 entries in the list; each entry is limited to 30 characters. Default is no excluded instance types. * * > **NOTE:** If you specify `excludedInstanceTypes`, you can't specify `allowedInstanceTypes`. */ excludedInstanceTypes?: pulumi.Input[]>; /** * List of instance generation names. Default is any generation. * * ``` * Valid names: * * current - Recommended for best performance. * * previous - For existing applications optimized for older instance types. * ``` */ instanceGenerations?: pulumi.Input[]>; /** * Indicate whether instance types with local storage volumes are `included`, `excluded`, or `required`. Default is `included`. */ localStorage?: pulumi.Input; /** * List of local storage type names. Default any storage type. * * ``` * Value names: * * hdd - hard disk drive * * ssd - solid state drive * ``` */ localStorageTypes?: pulumi.Input[]>; /** * The price protection threshold for Spot Instances. This is the maximum you’ll pay for a Spot Instance, expressed as a percentage higher than the cheapest M, C, or R instance type with your specified attributes. When Amazon EC2 Auto Scaling selects instance types with your attributes, we will exclude instance types whose price is higher than your threshold. The parameter accepts an integer, which Amazon EC2 Auto Scaling interprets as a percentage. To turn off price protection, specify a high value, such as 999999. Conflicts with `spotMaxPricePercentageOverLowestPrice` */ maxSpotPriceAsPercentageOfOptimalOnDemandPrice?: pulumi.Input; /** * Block describing the minimum and maximum amount of memory (GiB) per vCPU. Default is no minimum or maximum. */ memoryGibPerVcpu?: pulumi.Input; /** * Block describing the minimum and maximum amount of memory (MiB). Default is no maximum. */ memoryMib: pulumi.Input; /** * Block describing the minimum and maximum amount of network bandwidth, in gigabits per second (Gbps). Default is no minimum or maximum. */ networkBandwidthGbps?: pulumi.Input; /** * Block describing the minimum and maximum number of network interfaces. Default is no minimum or maximum. */ networkInterfaceCount?: pulumi.Input; /** * The price protection threshold for On-Demand Instances. This is the maximum you’ll pay for an On-Demand Instance, expressed as a percentage higher than the cheapest M, C, or R instance type with your specified attributes. When Amazon EC2 Auto Scaling selects instance types with your attributes, we will exclude instance types whose price is higher than your threshold. The parameter accepts an integer, which Amazon EC2 Auto Scaling interprets as a percentage. To turn off price protection, specify a high value, such as 999999. Default is 20. * * If you set DesiredCapacityType to vcpu or memory-mib, the price protection threshold is applied based on the per vCPU or per memory price instead of the per instance price. */ onDemandMaxPricePercentageOverLowestPrice?: pulumi.Input; /** * Indicate whether instance types must support On-Demand Instance Hibernation, either `true` or `false`. Default is `false`. */ requireHibernateSupport?: pulumi.Input; /** * The price protection threshold for Spot Instances. This is the maximum you’ll pay for a Spot Instance, expressed as a percentage higher than the cheapest M, C, or R instance type with your specified attributes. When Amazon EC2 Auto Scaling selects instance types with your attributes, we will exclude instance types whose price is higher than your threshold. The parameter accepts an integer, which Amazon EC2 Auto Scaling interprets as a percentage. To turn off price protection, specify a high value, such as 999999. Default is 100. Conflicts with `maxSpotPriceAsPercentageOfOptimalOnDemandPrice` * * If you set DesiredCapacityType to vcpu or memory-mib, the price protection threshold is applied based on the per vCPU or per memory price instead of the per instance price. */ spotMaxPricePercentageOverLowestPrice?: pulumi.Input; /** * Block describing the minimum and maximum total local storage (GB). Default is no minimum or maximum. */ totalLocalStorageGb?: pulumi.Input; /** * Block describing the minimum and maximum number of vCPUs. Default is no maximum. */ vcpuCount: pulumi.Input; } export interface LaunchTemplateInstanceRequirementsAcceleratorCount { /** * Maximum. Set to `0` to exclude instance types with accelerators. */ max?: pulumi.Input; /** * Minimum. */ min?: pulumi.Input; } export interface LaunchTemplateInstanceRequirementsAcceleratorTotalMemoryMib { /** * Maximum. */ max?: pulumi.Input; /** * Minimum. */ min?: pulumi.Input; } export interface LaunchTemplateInstanceRequirementsBaselineEbsBandwidthMbps { /** * Maximum. */ max?: pulumi.Input; /** * Minimum. */ min?: pulumi.Input; } export interface LaunchTemplateInstanceRequirementsMemoryGibPerVcpu { /** * Maximum. May be a decimal number, e.g. `0.5`. */ max?: pulumi.Input; /** * Minimum. May be a decimal number, e.g. `0.5`. */ min?: pulumi.Input; } export interface LaunchTemplateInstanceRequirementsMemoryMib { /** * Maximum. */ max?: pulumi.Input; /** * Minimum. */ min: pulumi.Input; } export interface LaunchTemplateInstanceRequirementsNetworkBandwidthGbps { /** * Maximum. */ max?: pulumi.Input; /** * Minimum. */ min?: pulumi.Input; } export interface LaunchTemplateInstanceRequirementsNetworkInterfaceCount { /** * Maximum. */ max?: pulumi.Input; /** * Minimum. */ min?: pulumi.Input; } export interface LaunchTemplateInstanceRequirementsTotalLocalStorageGb { /** * Maximum. May be a decimal number, e.g. `0.5`. */ max?: pulumi.Input; /** * Minimum. May be a decimal number, e.g. `0.5`. */ min?: pulumi.Input; } export interface LaunchTemplateInstanceRequirementsVcpuCount { /** * Maximum. */ max?: pulumi.Input; /** * Minimum. */ min: pulumi.Input; } export interface LaunchTemplateLicenseSpecification { /** * ARN of the license configuration. */ licenseConfigurationArn: pulumi.Input; } export interface LaunchTemplateMaintenanceOptions { /** * Disables the automatic recovery behavior of your instance or sets it to default. Can be `"default"` or `"disabled"`. See [Recover your instance](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-recover.html) for more details. */ autoRecovery?: pulumi.Input; } export interface LaunchTemplateMetadataOptions { /** * Whether the metadata service is available. Can be `"enabled"` or `"disabled"`. (Default: `"enabled"`). */ httpEndpoint?: pulumi.Input; /** * Enables or disables the IPv6 endpoint for the instance metadata service. Can be `"enabled"` or `"disabled"`. */ httpProtocolIpv6?: pulumi.Input; /** * The desired HTTP PUT response hop limit for instance metadata requests. The larger the number, the further instance metadata requests can travel. Can be an integer from `1` to `64`. (Default: `1`). */ httpPutResponseHopLimit?: pulumi.Input; /** * Whether or not the metadata service requires session tokens, also referred to as _Instance Metadata Service Version 2 (IMDSv2)_. Can be `"optional"` or `"required"`. (Default: `"optional"`). */ httpTokens?: pulumi.Input; /** * Enables or disables access to instance tags from the instance metadata service. Can be `"enabled"` or `"disabled"`. * * For more information, see the documentation on the [Instance Metadata Service](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html). */ instanceMetadataTags?: pulumi.Input; } export interface LaunchTemplateMonitoring { /** * If `true`, the launched EC2 instance will have detailed monitoring enabled. */ enabled?: pulumi.Input; } export interface LaunchTemplateNetworkInterface { /** * Associate a Carrier IP address with `eth0` for a new network interface. Use this option when you launch an instance in a Wavelength Zone and want to associate a Carrier IP address with the network interface. Boolean value, can be left unset. */ associateCarrierIpAddress?: pulumi.Input; /** * Associate a public ip address with the network interface. Boolean value, can be left unset. */ associatePublicIpAddress?: pulumi.Input; /** * The Connection Tracking Configuration for the network interface. See [Amazon EC2 security group connection tracking](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-connection-tracking.html#connection-tracking-timeouts) */ connectionTrackingSpecification?: pulumi.Input; /** * Whether the network interface should be destroyed on instance termination. */ deleteOnTermination?: pulumi.Input; /** * Description of the network interface. */ description?: pulumi.Input; /** * The integer index of the network interface attachment. */ deviceIndex?: pulumi.Input; /** * Configuration for Elastic Network Adapter (ENA) Express settings. Applies to network interfaces that use the [ena Express](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/enhanced-networking-ena-express.html) feature. See details below. */ enaSrdSpecification?: pulumi.Input; /** * The type of network interface. To create an Elastic Fabric Adapter (EFA), specify `efa`. */ interfaceType?: pulumi.Input; /** * The number of secondary private IPv4 addresses to assign to a network interface. Conflicts with `ipv4Addresses` */ ipv4AddressCount?: pulumi.Input; /** * One or more private IPv4 addresses to associate. Conflicts with `ipv4AddressCount` */ ipv4Addresses?: pulumi.Input[]>; /** * The number of IPv4 prefixes to be automatically assigned to the network interface. Conflicts with `ipv4Prefixes` */ ipv4PrefixCount?: pulumi.Input; /** * One or more IPv4 prefixes to be assigned to the network interface. Conflicts with `ipv4PrefixCount` */ ipv4Prefixes?: pulumi.Input[]>; /** * The number of IPv6 addresses to assign to a network interface. Conflicts with `ipv6Addresses` */ ipv6AddressCount?: pulumi.Input; /** * One or more specific IPv6 addresses from the IPv6 CIDR block range of your subnet. Conflicts with `ipv6AddressCount` */ ipv6Addresses?: pulumi.Input[]>; /** * The number of IPv6 prefixes to be automatically assigned to the network interface. Conflicts with `ipv6Prefixes` */ ipv6PrefixCount?: pulumi.Input; /** * One or more IPv6 prefixes to be assigned to the network interface. Conflicts with `ipv6PrefixCount` */ ipv6Prefixes?: pulumi.Input[]>; /** * The index of the network card. Some instance types support multiple network cards. The primary network interface must be assigned to network card index 0. The default is network card index 0. */ networkCardIndex?: pulumi.Input; /** * The ID of the network interface to attach. */ networkInterfaceId?: pulumi.Input; /** * Whether the first IPv6 GUA will be made the primary IPv6 address. */ primaryIpv6?: pulumi.Input; /** * The primary private IPv4 address. */ privateIpAddress?: pulumi.Input; /** * A list of security group IDs to associate. */ securityGroups?: pulumi.Input[]>; /** * The VPC Subnet ID to associate. */ subnetId?: pulumi.Input; } export interface LaunchTemplateNetworkInterfaceConnectionTrackingSpecification { /** * Timeout (in seconds) for idle TCP connections in an established state. Min: 60 seconds. Max: 432000 seconds (5 days). Default: 432000 seconds. Recommended: Less than 432000 seconds. */ tcpEstablishedTimeout?: pulumi.Input; /** * Timeout (in seconds) for idle UDP flows classified as streams which have seen more than one request-response transaction. Min: 60 seconds. Max: 180 seconds (3 minutes). Default: 180 seconds. */ udpStreamTimeout?: pulumi.Input; /** * Timeout (in seconds) for idle UDP flows that have seen traffic only in a single direction or a single request-response transaction. Min: 30 seconds. Max: 60 seconds. Default: 30 seconds. */ udpTimeout?: pulumi.Input; } export interface LaunchTemplateNetworkInterfaceEnaSrdSpecification { /** * Whether to enable ENA Express. ENA Express uses AWS Scalable Reliable Datagram (SRD) technology to improve the performance of TCP traffic. */ enaSrdEnabled?: pulumi.Input; /** * Configuration for ENA Express UDP optimization. See details below. */ enaSrdUdpSpecification?: pulumi.Input; } export interface LaunchTemplateNetworkInterfaceEnaSrdSpecificationEnaSrdUdpSpecification { /** * Whether to enable UDP traffic optimization through ENA Express. Requires `enaSrdEnabled` to be `true`. * * NOTE: ENA Express requires [specific instance types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/enhanced-networking-ena-express.html#ena-express-requirements) and minimum bandwidth of 25 Gbps. */ enaSrdUdpEnabled?: pulumi.Input; } export interface LaunchTemplateNetworkPerformanceOptions { /** * Specify the bandwidth weighting option to boost the associated type of baseline bandwidth. Valid values: `default`, `vpc-1`, `ebs-1`. Default value is `default`. Setting `vpc-1` boosts networking baseline bandwidth and reduces EBS baseline bandwidth. Setting `ebs-1` boosts EBS baseline bandwidth and reduces networking baseline bandwidth. Only supported on select instance types. See [AWS Documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configure-bandwidth-weighting.html) for more information. */ bandwidthWeighting?: pulumi.Input; } export interface LaunchTemplatePlacement { /** * The affinity setting for an instance on a Dedicated Host. */ affinity?: pulumi.Input; /** * The Availability Zone for the instance. */ availabilityZone?: pulumi.Input; /** * The ID of the placement group for the instance. Conflicts with `groupName`. */ groupId?: pulumi.Input; /** * The name of the placement group for the instance. Conflicts with `groupId`. */ groupName?: pulumi.Input; /** * The ID of the Dedicated Host for the instance. */ hostId?: pulumi.Input; /** * The ARN of the Host Resource Group in which to launch instances. */ hostResourceGroupArn?: pulumi.Input; /** * The number of the partition the instance should launch in. Valid only if the placement group strategy is set to partition. */ partitionNumber?: pulumi.Input; /** * Reserved for future use. */ spreadDomain?: pulumi.Input; /** * The tenancy of the instance (if the instance is running in a VPC). Can be `default`, `dedicated`, or `host`. */ tenancy?: pulumi.Input; } export interface LaunchTemplatePrivateDnsNameOptions { /** * Indicates whether to respond to DNS queries for instance hostnames with DNS A records. */ enableResourceNameDnsARecord?: pulumi.Input; /** * Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. */ enableResourceNameDnsAaaaRecord?: pulumi.Input; /** * The type of hostname for Amazon EC2 instances. For IPv4 only subnets, an instance DNS name must be based on the instance IPv4 address. For IPv6 native subnets, an instance DNS name must be based on the instance ID. For dual-stack subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: `ip-name` and `resource-name`. */ hostnameType?: pulumi.Input; } export interface LaunchTemplateTagSpecification { /** * The type of resource to tag. */ resourceType?: pulumi.Input; /** * A map of tags to assign to the resource. */ tags?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface ManagedPrefixListEntry { /** * CIDR block of this entry. */ cidr: pulumi.Input; /** * Description of this entry. Due to API limitations, updating only the description of an existing entry requires temporarily removing and re-adding the entry. */ description?: pulumi.Input; } export interface NatGatewayAvailabilityZoneAddress { /** * List of allocation IDs of the Elastic IP addresses (EIPs) to be used for handling outbound NAT traffic in this specific Availability Zone. */ allocationIds?: pulumi.Input[]>; /** * Availability Zone (e.g. `us-west-2a`) where this specific NAT gateway configuration will be active. Exactly one of `availabilityZone` or `availabilityZoneId` must be specified. */ availabilityZone?: pulumi.Input; /** * Availability Zone ID (e.g. `usw2-az2`) where this specific NAT gateway configuration will be active. Exactly one of `availabilityZone` or `availabilityZoneId` must be specified. */ availabilityZoneId?: pulumi.Input; } export interface NatGatewayEipAssociationTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; } export interface NatGatewayRegionalNatGatewayAddress { /** * The Allocation ID of the Elastic IP address for the NAT Gateway. Required when `connectivityType` is set to `public` and `availabilityMode` is set to `zonal`. When `availabilityMode` is set to `regional`, this must not be set; instead, use the `availabilityZoneAddress` block to specify EIPs for each AZ. */ allocationId?: pulumi.Input; /** * Association ID of the Elastic IP address. */ associationId?: pulumi.Input; /** * Availability Zone where this specific NAT gateway configuration is active. */ availabilityZone?: pulumi.Input; /** * Availability Zone ID where this specific NAT gateway configuration is active */ availabilityZoneId?: pulumi.Input; /** * ID of the network interface. */ networkInterfaceId?: pulumi.Input; /** * Public IP address. */ publicIp?: pulumi.Input; /** * Status of the NAT gateway address. */ status?: pulumi.Input; } export interface NetworkAclEgress { /** * The action to take. */ action: pulumi.Input; /** * The CIDR block to match. This must be a * valid network mask. */ cidrBlock?: pulumi.Input; /** * The from port to match. */ fromPort: pulumi.Input; /** * The ICMP type code to be used. Default 0. * * > Note: For more information on ICMP types and codes, see here: https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml */ icmpCode?: pulumi.Input; /** * The ICMP type to be used. Default 0. */ icmpType?: pulumi.Input; /** * The IPv6 CIDR block. */ ipv6CidrBlock?: pulumi.Input; /** * The protocol to match. If using the -1 'all' * protocol, you must specify a from and to port of 0. */ protocol: pulumi.Input; /** * The rule number. Used for ordering. */ ruleNo: pulumi.Input; /** * The to port to match. */ toPort: pulumi.Input; } export interface NetworkAclIngress { /** * The action to take. */ action: pulumi.Input; /** * The CIDR block to match. This must be a * valid network mask. */ cidrBlock?: pulumi.Input; /** * The from port to match. */ fromPort: pulumi.Input; /** * The ICMP type code to be used. Default 0. * * > Note: For more information on ICMP types and codes, see here: https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml */ icmpCode?: pulumi.Input; /** * The ICMP type to be used. Default 0. */ icmpType?: pulumi.Input; /** * The IPv6 CIDR block. */ ipv6CidrBlock?: pulumi.Input; /** * The protocol to match. If using the -1 'all' * protocol, you must specify a from and to port of 0. */ protocol: pulumi.Input; /** * The rule number. Used for ordering. */ ruleNo: pulumi.Input; /** * The to port to match. */ toPort: pulumi.Input; } export interface NetworkInsightsAnalysisAlternatePathHint { /** * The Amazon Resource Name (ARN) of the component. */ componentArn?: pulumi.Input; /** * The ID of the component. */ componentId?: pulumi.Input; } export interface NetworkInsightsAnalysisExplanation { aclRules?: pulumi.Input[]>; acls?: pulumi.Input[]>; address?: pulumi.Input; addresses?: pulumi.Input[]>; attachedTos?: pulumi.Input[]>; availabilityZones?: pulumi.Input[]>; cidrs?: pulumi.Input[]>; classicLoadBalancerListeners?: pulumi.Input[]>; components?: pulumi.Input[]>; customerGateways?: pulumi.Input[]>; destinationVpcs?: pulumi.Input[]>; destinations?: pulumi.Input[]>; direction?: pulumi.Input; elasticLoadBalancerListeners?: pulumi.Input[]>; explanationCode?: pulumi.Input; ingressRouteTables?: pulumi.Input[]>; internetGateways?: pulumi.Input[]>; loadBalancerArn?: pulumi.Input; loadBalancerListenerPort?: pulumi.Input; loadBalancerTargetGroup?: pulumi.Input[]>; loadBalancerTargetGroups?: pulumi.Input[]>; loadBalancerTargetPort?: pulumi.Input; missingComponent?: pulumi.Input; natGateways?: pulumi.Input[]>; networkInterfaces?: pulumi.Input[]>; packetField?: pulumi.Input; port?: pulumi.Input; portRanges?: pulumi.Input[]>; prefixLists?: pulumi.Input[]>; protocols?: pulumi.Input[]>; routeTableRoutes?: pulumi.Input[]>; routeTables?: pulumi.Input[]>; securityGroup?: pulumi.Input[]>; securityGroupRules?: pulumi.Input[]>; securityGroups?: pulumi.Input[]>; sourceVpcs?: pulumi.Input[]>; state?: pulumi.Input; subnetRouteTables?: pulumi.Input[]>; subnets?: pulumi.Input[]>; transitGatewayAttachments?: pulumi.Input[]>; transitGatewayRouteTableRoutes?: pulumi.Input[]>; transitGatewayRouteTables?: pulumi.Input[]>; transitGateways?: pulumi.Input[]>; vpcEndpoints?: pulumi.Input[]>; vpcPeeringConnections?: pulumi.Input[]>; vpcs?: pulumi.Input[]>; vpnConnections?: pulumi.Input[]>; vpnGateways?: pulumi.Input[]>; } export interface NetworkInsightsAnalysisExplanationAcl { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisExplanationAclRule { cidr?: pulumi.Input; egress?: pulumi.Input; portRanges?: pulumi.Input[]>; protocol?: pulumi.Input; ruleAction?: pulumi.Input; ruleNumber?: pulumi.Input; } export interface NetworkInsightsAnalysisExplanationAclRulePortRange { from?: pulumi.Input; to?: pulumi.Input; } export interface NetworkInsightsAnalysisExplanationAttachedTo { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisExplanationClassicLoadBalancerListener { instancePort?: pulumi.Input; loadBalancerPort?: pulumi.Input; } export interface NetworkInsightsAnalysisExplanationComponent { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisExplanationCustomerGateway { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisExplanationDestination { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisExplanationDestinationVpc { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisExplanationElasticLoadBalancerListener { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisExplanationIngressRouteTable { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisExplanationInternetGateway { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisExplanationLoadBalancerTargetGroup { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisExplanationNatGateway { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisExplanationNetworkInterface { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisExplanationPortRange { from?: pulumi.Input; to?: pulumi.Input; } export interface NetworkInsightsAnalysisExplanationPrefixList { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisExplanationRouteTable { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisExplanationRouteTableRoute { destinationCidr?: pulumi.Input; destinationPrefixListId?: pulumi.Input; egressOnlyInternetGatewayId?: pulumi.Input; gatewayId?: pulumi.Input; instanceId?: pulumi.Input; natGatewayId?: pulumi.Input; networkInterfaceId?: pulumi.Input; origin?: pulumi.Input; transitGatewayId?: pulumi.Input; vpcPeeringConnectionId?: pulumi.Input; } export interface NetworkInsightsAnalysisExplanationSecurityGroup { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisExplanationSecurityGroupRule { cidr?: pulumi.Input; direction?: pulumi.Input; portRanges?: pulumi.Input[]>; prefixListId?: pulumi.Input; protocol?: pulumi.Input; securityGroupId?: pulumi.Input; } export interface NetworkInsightsAnalysisExplanationSecurityGroupRulePortRange { from?: pulumi.Input; to?: pulumi.Input; } export interface NetworkInsightsAnalysisExplanationSourceVpc { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisExplanationSubnet { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisExplanationSubnetRouteTable { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisExplanationTransitGateway { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisExplanationTransitGatewayAttachment { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisExplanationTransitGatewayRouteTable { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisExplanationTransitGatewayRouteTableRoute { attachmentId?: pulumi.Input; destinationCidr?: pulumi.Input; prefixListId?: pulumi.Input; resourceId?: pulumi.Input; resourceType?: pulumi.Input; routeOrigin?: pulumi.Input; state?: pulumi.Input; } export interface NetworkInsightsAnalysisExplanationVpc { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisExplanationVpcEndpoint { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisExplanationVpcPeeringConnection { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisExplanationVpnConnection { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisExplanationVpnGateway { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisForwardPathComponent { aclRules?: pulumi.Input[]>; additionalDetails?: pulumi.Input[]>; attachedTos?: pulumi.Input[]>; components?: pulumi.Input[]>; destinationVpcs?: pulumi.Input[]>; inboundHeaders?: pulumi.Input[]>; outboundHeaders?: pulumi.Input[]>; routeTableRoutes?: pulumi.Input[]>; securityGroupRules?: pulumi.Input[]>; sequenceNumber?: pulumi.Input; sourceVpcs?: pulumi.Input[]>; subnets?: pulumi.Input[]>; transitGatewayRouteTableRoutes?: pulumi.Input[]>; transitGateways?: pulumi.Input[]>; vpcs?: pulumi.Input[]>; } export interface NetworkInsightsAnalysisForwardPathComponentAclRule { cidr?: pulumi.Input; egress?: pulumi.Input; portRanges?: pulumi.Input[]>; protocol?: pulumi.Input; ruleAction?: pulumi.Input; ruleNumber?: pulumi.Input; } export interface NetworkInsightsAnalysisForwardPathComponentAclRulePortRange { from?: pulumi.Input; to?: pulumi.Input; } export interface NetworkInsightsAnalysisForwardPathComponentAdditionalDetail { additionalDetailType?: pulumi.Input; components?: pulumi.Input[]>; } export interface NetworkInsightsAnalysisForwardPathComponentAdditionalDetailComponent { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisForwardPathComponentAttachedTo { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisForwardPathComponentComponent { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisForwardPathComponentDestinationVpc { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisForwardPathComponentInboundHeader { destinationAddresses?: pulumi.Input[]>; destinationPortRanges?: pulumi.Input[]>; protocol?: pulumi.Input; sourceAddresses?: pulumi.Input[]>; sourcePortRanges?: pulumi.Input[]>; } export interface NetworkInsightsAnalysisForwardPathComponentInboundHeaderDestinationPortRange { from?: pulumi.Input; to?: pulumi.Input; } export interface NetworkInsightsAnalysisForwardPathComponentInboundHeaderSourcePortRange { from?: pulumi.Input; to?: pulumi.Input; } export interface NetworkInsightsAnalysisForwardPathComponentOutboundHeader { destinationAddresses?: pulumi.Input[]>; destinationPortRanges?: pulumi.Input[]>; protocol?: pulumi.Input; sourceAddresses?: pulumi.Input[]>; sourcePortRanges?: pulumi.Input[]>; } export interface NetworkInsightsAnalysisForwardPathComponentOutboundHeaderDestinationPortRange { from?: pulumi.Input; to?: pulumi.Input; } export interface NetworkInsightsAnalysisForwardPathComponentOutboundHeaderSourcePortRange { from?: pulumi.Input; to?: pulumi.Input; } export interface NetworkInsightsAnalysisForwardPathComponentRouteTableRoute { destinationCidr?: pulumi.Input; destinationPrefixListId?: pulumi.Input; egressOnlyInternetGatewayId?: pulumi.Input; gatewayId?: pulumi.Input; instanceId?: pulumi.Input; natGatewayId?: pulumi.Input; networkInterfaceId?: pulumi.Input; origin?: pulumi.Input; transitGatewayId?: pulumi.Input; vpcPeeringConnectionId?: pulumi.Input; } export interface NetworkInsightsAnalysisForwardPathComponentSecurityGroupRule { cidr?: pulumi.Input; direction?: pulumi.Input; portRanges?: pulumi.Input[]>; prefixListId?: pulumi.Input; protocol?: pulumi.Input; securityGroupId?: pulumi.Input; } export interface NetworkInsightsAnalysisForwardPathComponentSecurityGroupRulePortRange { from?: pulumi.Input; to?: pulumi.Input; } export interface NetworkInsightsAnalysisForwardPathComponentSourceVpc { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisForwardPathComponentSubnet { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisForwardPathComponentTransitGateway { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisForwardPathComponentTransitGatewayRouteTableRoute { attachmentId?: pulumi.Input; destinationCidr?: pulumi.Input; prefixListId?: pulumi.Input; resourceId?: pulumi.Input; resourceType?: pulumi.Input; routeOrigin?: pulumi.Input; state?: pulumi.Input; } export interface NetworkInsightsAnalysisForwardPathComponentVpc { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisReturnPathComponent { aclRules?: pulumi.Input[]>; additionalDetails?: pulumi.Input[]>; attachedTos?: pulumi.Input[]>; components?: pulumi.Input[]>; destinationVpcs?: pulumi.Input[]>; inboundHeaders?: pulumi.Input[]>; outboundHeaders?: pulumi.Input[]>; routeTableRoutes?: pulumi.Input[]>; securityGroupRules?: pulumi.Input[]>; sequenceNumber?: pulumi.Input; sourceVpcs?: pulumi.Input[]>; subnets?: pulumi.Input[]>; transitGatewayRouteTableRoutes?: pulumi.Input[]>; transitGateways?: pulumi.Input[]>; vpcs?: pulumi.Input[]>; } export interface NetworkInsightsAnalysisReturnPathComponentAclRule { cidr?: pulumi.Input; egress?: pulumi.Input; portRanges?: pulumi.Input[]>; protocol?: pulumi.Input; ruleAction?: pulumi.Input; ruleNumber?: pulumi.Input; } export interface NetworkInsightsAnalysisReturnPathComponentAclRulePortRange { from?: pulumi.Input; to?: pulumi.Input; } export interface NetworkInsightsAnalysisReturnPathComponentAdditionalDetail { additionalDetailType?: pulumi.Input; components?: pulumi.Input[]>; } export interface NetworkInsightsAnalysisReturnPathComponentAdditionalDetailComponent { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisReturnPathComponentAttachedTo { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisReturnPathComponentComponent { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisReturnPathComponentDestinationVpc { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisReturnPathComponentInboundHeader { destinationAddresses?: pulumi.Input[]>; destinationPortRanges?: pulumi.Input[]>; protocol?: pulumi.Input; sourceAddresses?: pulumi.Input[]>; sourcePortRanges?: pulumi.Input[]>; } export interface NetworkInsightsAnalysisReturnPathComponentInboundHeaderDestinationPortRange { from?: pulumi.Input; to?: pulumi.Input; } export interface NetworkInsightsAnalysisReturnPathComponentInboundHeaderSourcePortRange { from?: pulumi.Input; to?: pulumi.Input; } export interface NetworkInsightsAnalysisReturnPathComponentOutboundHeader { destinationAddresses?: pulumi.Input[]>; destinationPortRanges?: pulumi.Input[]>; protocol?: pulumi.Input; sourceAddresses?: pulumi.Input[]>; sourcePortRanges?: pulumi.Input[]>; } export interface NetworkInsightsAnalysisReturnPathComponentOutboundHeaderDestinationPortRange { from?: pulumi.Input; to?: pulumi.Input; } export interface NetworkInsightsAnalysisReturnPathComponentOutboundHeaderSourcePortRange { from?: pulumi.Input; to?: pulumi.Input; } export interface NetworkInsightsAnalysisReturnPathComponentRouteTableRoute { destinationCidr?: pulumi.Input; destinationPrefixListId?: pulumi.Input; egressOnlyInternetGatewayId?: pulumi.Input; gatewayId?: pulumi.Input; instanceId?: pulumi.Input; natGatewayId?: pulumi.Input; networkInterfaceId?: pulumi.Input; origin?: pulumi.Input; transitGatewayId?: pulumi.Input; vpcPeeringConnectionId?: pulumi.Input; } export interface NetworkInsightsAnalysisReturnPathComponentSecurityGroupRule { cidr?: pulumi.Input; direction?: pulumi.Input; portRanges?: pulumi.Input[]>; prefixListId?: pulumi.Input; protocol?: pulumi.Input; securityGroupId?: pulumi.Input; } export interface NetworkInsightsAnalysisReturnPathComponentSecurityGroupRulePortRange { from?: pulumi.Input; to?: pulumi.Input; } export interface NetworkInsightsAnalysisReturnPathComponentSourceVpc { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisReturnPathComponentSubnet { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisReturnPathComponentTransitGateway { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisReturnPathComponentTransitGatewayRouteTableRoute { attachmentId?: pulumi.Input; destinationCidr?: pulumi.Input; prefixListId?: pulumi.Input; resourceId?: pulumi.Input; resourceType?: pulumi.Input; routeOrigin?: pulumi.Input; state?: pulumi.Input; } export interface NetworkInsightsAnalysisReturnPathComponentVpc { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsPathFilterAtDestination { /** * The destination IPv4 address. */ destinationAddress?: pulumi.Input; /** * The destination port range. See below for details. */ destinationPortRange?: pulumi.Input; /** * IP address of the source resource. */ sourceAddress?: pulumi.Input; /** * The source port range. See below for details. */ sourcePortRange?: pulumi.Input; } export interface NetworkInsightsPathFilterAtDestinationDestinationPortRange { /** * The first port in the range. */ fromPort?: pulumi.Input; /** * The last port in the range. */ toPort?: pulumi.Input; } export interface NetworkInsightsPathFilterAtDestinationSourcePortRange { /** * The first port in the range. */ fromPort?: pulumi.Input; /** * The last port in the range. */ toPort?: pulumi.Input; } export interface NetworkInsightsPathFilterAtSource { /** * The destination IPv4 address. */ destinationAddress?: pulumi.Input; /** * The destination port range. See below for details. */ destinationPortRange?: pulumi.Input; /** * IP address of the source resource. */ sourceAddress?: pulumi.Input; /** * The source port range. See below for details. */ sourcePortRange?: pulumi.Input; } export interface NetworkInsightsPathFilterAtSourceDestinationPortRange { /** * The first port in the range. */ fromPort?: pulumi.Input; /** * The last port in the range. */ toPort?: pulumi.Input; } export interface NetworkInsightsPathFilterAtSourceSourcePortRange { /** * The first port in the range. */ fromPort?: pulumi.Input; /** * The last port in the range. */ toPort?: pulumi.Input; } export interface NetworkInterfaceAttachment { attachmentId?: pulumi.Input; /** * Integer to define the devices index. */ deviceIndex: pulumi.Input; /** * ID of the instance to attach to. */ instance: pulumi.Input; /** * Index of the network card. Specify a value greater than 0 when using multiple network cards, which are supported by [some instance types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html#network-cards). The default is 0. */ networkCardIndex?: pulumi.Input; } export interface NetworkInterfacePermissionTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; } export interface PeeringConnectionOptionsAccepter { /** * Allow a local VPC to resolve public DNS hostnames to private IP addresses when queried from instances in the peer VPC. */ allowRemoteVpcDnsResolution?: pulumi.Input; } export interface PeeringConnectionOptionsRequester { /** * Allow a local VPC to resolve public DNS hostnames to private IP addresses when queried from instances in the peer VPC. */ allowRemoteVpcDnsResolution?: pulumi.Input; } export interface RouteTableRoute { /** * Identifier of a carrier gateway. This attribute can only be used when the VPC contains a subnet which is associated with a Wavelength Zone. */ carrierGatewayId?: pulumi.Input; /** * The CIDR block of the route. */ cidrBlock?: pulumi.Input; /** * The Amazon Resource Name (ARN) of a core network. */ coreNetworkArn?: pulumi.Input; /** * The ID of a managed prefix list destination of the route. * * One of the following target arguments must be supplied: */ destinationPrefixListId?: pulumi.Input; /** * Identifier of a VPC Egress Only Internet Gateway. */ egressOnlyGatewayId?: pulumi.Input; /** * Identifier of a VPC internet gateway, virtual private gateway, or `local`. `local` routes cannot be created but can be adopted or imported. See the example above. */ gatewayId?: pulumi.Input; /** * The Ipv6 CIDR block of the route. */ ipv6CidrBlock?: pulumi.Input; /** * Identifier of a Outpost local gateway. */ localGatewayId?: pulumi.Input; /** * Identifier of a VPC NAT gateway. */ natGatewayId?: pulumi.Input; /** * Identifier of an EC2 network interface. */ networkInterfaceId?: pulumi.Input; /** * Identifier of an EC2 Transit Gateway. */ transitGatewayId?: pulumi.Input; /** * Identifier of a VPC Endpoint. */ vpcEndpointId?: pulumi.Input; /** * Identifier of a VPC peering connection. * * Note that the default route, mapping the VPC's CIDR block to "local", is created implicitly and cannot be specified. */ vpcPeeringConnectionId?: pulumi.Input; } export interface SecurityGroupEgress { /** * List of CIDR blocks. */ cidrBlocks?: pulumi.Input[]>; /** * Description of this egress rule. */ description?: pulumi.Input; /** * Start port (or ICMP type number if protocol is `icmp`) */ fromPort: pulumi.Input; /** * List of IPv6 CIDR blocks. */ ipv6CidrBlocks?: pulumi.Input[]>; /** * List of Prefix List IDs. */ prefixListIds?: pulumi.Input[]>; /** * Protocol. If you select a protocol of `-1` (semantically equivalent to `all`, which is not a valid value here), you must specify a `fromPort` and `toPort` equal to 0. The supported values are defined in the `IpProtocol` argument in the [IpPermission](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_IpPermission.html) API reference. */ protocol: pulumi.Input; /** * List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID. */ securityGroups?: pulumi.Input[]>; /** * Whether the security group itself will be added as a source to this egress rule. */ self?: pulumi.Input; /** * End range port (or ICMP code if protocol is `icmp`). * * The following arguments are optional: * * > **Note** Although `cidrBlocks`, `ipv6CidrBlocks`, `prefixListIds`, and `securityGroups` are all marked as optional, you _must_ provide one of them in order to configure the destination of the traffic. */ toPort: pulumi.Input; } export interface SecurityGroupIngress { /** * List of CIDR blocks. */ cidrBlocks?: pulumi.Input[]>; /** * Description of this ingress rule. */ description?: pulumi.Input; /** * Start port (or ICMP type number if protocol is `icmp` or `icmpv6`). */ fromPort: pulumi.Input; /** * List of IPv6 CIDR blocks. */ ipv6CidrBlocks?: pulumi.Input[]>; /** * List of Prefix List IDs. */ prefixListIds?: pulumi.Input[]>; /** * Protocol. If you select a protocol of `-1` (semantically equivalent to `all`, which is not a valid value here), you must specify a `fromPort` and `toPort` equal to 0. The supported values are defined in the `IpProtocol` argument on the [IpPermission](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_IpPermission.html) API reference. * * The following arguments are optional: * * > **Note** Although `cidrBlocks`, `ipv6CidrBlocks`, `prefixListIds`, and `securityGroups` are all marked as optional, you _must_ provide one of them in order to configure the source of the traffic. */ protocol: pulumi.Input; /** * List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID. */ securityGroups?: pulumi.Input[]>; /** * Whether the security group itself will be added as a source to this ingress rule. */ self?: pulumi.Input; /** * End range port (or ICMP code if protocol is `icmp`). */ toPort: pulumi.Input; } export interface SpotFleetRequestLaunchSpecification { ami: pulumi.Input; associatePublicIpAddress?: pulumi.Input; /** * The availability zone in which to place the request. */ availabilityZone?: pulumi.Input; ebsBlockDevices?: pulumi.Input[]>; ebsOptimized?: pulumi.Input; ephemeralBlockDevices?: pulumi.Input[]>; iamInstanceProfile?: pulumi.Input; iamInstanceProfileArn?: pulumi.Input; /** * The type of instance to request. */ instanceType: pulumi.Input; keyName?: pulumi.Input; monitoring?: pulumi.Input; placementGroup?: pulumi.Input; placementTenancy?: pulumi.Input; rootBlockDevices?: pulumi.Input[]>; /** * The maximum bid price per unit hour. */ spotPrice?: pulumi.Input; /** * The subnet in which to launch the requested instance. */ subnetId?: pulumi.Input; /** * A map of tags to assign to the resource. .If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. */ tags?: pulumi.Input<{[key: string]: pulumi.Input}>; userData?: pulumi.Input; vpcSecurityGroupIds?: pulumi.Input[]>; /** * The capacity added to the fleet by a fulfilled request. */ weightedCapacity?: pulumi.Input; } export interface SpotFleetRequestLaunchSpecificationEbsBlockDevice { deleteOnTermination?: pulumi.Input; deviceName: pulumi.Input; encrypted?: pulumi.Input; iops?: pulumi.Input; kmsKeyId?: pulumi.Input; snapshotId?: pulumi.Input; throughput?: pulumi.Input; volumeSize?: pulumi.Input; volumeType?: pulumi.Input; } export interface SpotFleetRequestLaunchSpecificationEphemeralBlockDevice { deviceName: pulumi.Input; virtualName: pulumi.Input; } export interface SpotFleetRequestLaunchSpecificationRootBlockDevice { deleteOnTermination?: pulumi.Input; encrypted?: pulumi.Input; iops?: pulumi.Input; kmsKeyId?: pulumi.Input; throughput?: pulumi.Input; volumeSize?: pulumi.Input; volumeType?: pulumi.Input; } export interface SpotFleetRequestLaunchTemplateConfig { /** * Launch template specification. See Launch Template Specification below for more details. */ launchTemplateSpecification: pulumi.Input; /** * One or more override configurations. See Overrides below for more details. */ overrides?: pulumi.Input[]>; } export interface SpotFleetRequestLaunchTemplateConfigLaunchTemplateSpecification { /** * The ID of the launch template. Conflicts with `name`. */ id?: pulumi.Input; /** * The name of the launch template. Conflicts with `id`. */ name?: pulumi.Input; /** * Template version. Unlike the autoscaling equivalent, does not support `$Latest` or `$Default`, so use the launchTemplate resource's attribute, e.g., `"${aws_launch_template.foo.latest_version}"`. It will use the default version if omitted. * * **Note:** The specified launch template can specify only a subset of the * inputs of `aws.ec2.LaunchTemplate`. There are limitations on * what you can specify as spot fleet does not support all the attributes that are supported by autoscaling groups. [AWS documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-launch-templates.html#launch-templates-spot-fleet) is currently sparse, but at least `instanceInitiatedShutdownBehavior` is confirmed unsupported. */ version?: pulumi.Input; } export interface SpotFleetRequestLaunchTemplateConfigOverride { /** * The availability zone in which to place the request. */ availabilityZone?: pulumi.Input; /** * The instance requirements. See below. */ instanceRequirements?: pulumi.Input; /** * The type of instance to request. */ instanceType?: pulumi.Input; /** * The priority for the launch template override. The lower the number, the higher the priority. If no number is set, the launch template override has the lowest priority. */ priority?: pulumi.Input; /** * The maximum spot bid for this override request. */ spotPrice?: pulumi.Input; /** * The subnet in which to launch the requested instance. */ subnetId?: pulumi.Input; /** * The capacity added to the fleet by a fulfilled request. */ weightedCapacity?: pulumi.Input; } export interface SpotFleetRequestLaunchTemplateConfigOverrideInstanceRequirements { /** * Block describing the minimum and maximum number of accelerators (GPUs, FPGAs, or AWS Inferentia chips). Default is no minimum or maximum. */ acceleratorCount?: pulumi.Input; /** * List of accelerator manufacturer names. Default is any manufacturer. * * ``` * Valid names: * * amazon-web-services * * amd * * nvidia * * xilinx * ``` */ acceleratorManufacturers?: pulumi.Input[]>; /** * List of accelerator names. Default is any acclerator. * * ``` * Valid names: * * a100 - NVIDIA A100 GPUs * * v100 - NVIDIA V100 GPUs * * k80 - NVIDIA K80 GPUs * * t4 - NVIDIA T4 GPUs * * m60 - NVIDIA M60 GPUs * * radeon-pro-v520 - AMD Radeon Pro V520 GPUs * * vu9p - Xilinx VU9P FPGAs * ``` */ acceleratorNames?: pulumi.Input[]>; /** * Block describing the minimum and maximum total memory of the accelerators. Default is no minimum or maximum. */ acceleratorTotalMemoryMib?: pulumi.Input; /** * List of accelerator types. Default is any accelerator type. * * ``` * Valid types: * * fpga * * gpu * * inference * ``` */ acceleratorTypes?: pulumi.Input[]>; /** * List of instance types to apply your specified attributes against. All other instance types are ignored, even if they match your specified attributes. You can use strings with one or more wild cards, represented by an asterisk (\*), to allow an instance type, size, or generation. The following are examples: `m5.8xlarge`, `c5*.*`, `m5a.*`, `r*`, `*3*`. For example, if you specify `c5*`, you are allowing the entire C5 instance family, which includes all C5a and C5n instance types. If you specify `m5a.*`, you are allowing all the M5a instance types, but not the M5n instance types. Maximum of 400 entries in the list; each entry is limited to 30 characters. Default is all instance types. * * > **NOTE:** If you specify `allowedInstanceTypes`, you can't specify `excludedInstanceTypes`. */ allowedInstanceTypes?: pulumi.Input[]>; /** * Indicate whether bare metal instace types should be `included`, `excluded`, or `required`. Default is `excluded`. */ bareMetal?: pulumi.Input; /** * Block describing the minimum and maximum baseline EBS bandwidth, in Mbps. Default is no minimum or maximum. */ baselineEbsBandwidthMbps?: pulumi.Input; /** * Indicate whether burstable performance instance types should be `included`, `excluded`, or `required`. Default is `excluded`. */ burstablePerformance?: pulumi.Input; /** * List of CPU manufacturer names. Default is any manufacturer. * * > **NOTE:** Don't confuse the CPU hardware manufacturer with the CPU hardware architecture. Instances will be launched with a compatible CPU architecture based on the Amazon Machine Image (AMI) that you specify in your launch template. * * ``` * Valid names: * * amazon-web-services * * amd * * intel * ``` */ cpuManufacturers?: pulumi.Input[]>; /** * List of instance types to exclude. You can use strings with one or more wild cards, represented by an asterisk (\*), to exclude an instance type, size, or generation. The following are examples: `m5.8xlarge`, `c5*.*`, `m5a.*`, `r*`, `*3*`. For example, if you specify `c5*`, you are excluding the entire C5 instance family, which includes all C5a and C5n instance types. If you specify `m5a.*`, you are excluding all the M5a instance types, but not the M5n instance types. Maximum of 400 entries in the list; each entry is limited to 30 characters. Default is no excluded instance types. * * > **NOTE:** If you specify `excludedInstanceTypes`, you can't specify `allowedInstanceTypes`. */ excludedInstanceTypes?: pulumi.Input[]>; /** * List of instance generation names. Default is any generation. * * ``` * Valid names: * * current - Recommended for best performance. * * previous - For existing applications optimized for older instance types. * ``` */ instanceGenerations?: pulumi.Input[]>; /** * Indicate whether instance types with local storage volumes are `included`, `excluded`, or `required`. Default is `included`. */ localStorage?: pulumi.Input; /** * List of local storage type names. Default any storage type. * * ``` * Value names: * * hdd - hard disk drive * * ssd - solid state drive * ``` */ localStorageTypes?: pulumi.Input[]>; /** * Block describing the minimum and maximum amount of memory (GiB) per vCPU. Default is no minimum or maximum. */ memoryGibPerVcpu?: pulumi.Input; /** * Block describing the minimum and maximum amount of memory (MiB). Default is no maximum. */ memoryMib?: pulumi.Input; /** * Block describing the minimum and maximum amount of network bandwidth, in gigabits per second (Gbps). Default is no minimum or maximum. */ networkBandwidthGbps?: pulumi.Input; /** * Block describing the minimum and maximum number of network interfaces. Default is no minimum or maximum. */ networkInterfaceCount?: pulumi.Input; /** * The price protection threshold for On-Demand Instances. This is the maximum you’ll pay for an On-Demand Instance, expressed as a percentage higher than the cheapest M, C, or R instance type with your specified attributes. When Amazon EC2 Auto Scaling selects instance types with your attributes, we will exclude instance types whose price is higher than your threshold. The parameter accepts an integer, which Amazon EC2 Auto Scaling interprets as a percentage. To turn off price protection, specify a high value, such as 999999. Default is 20. * * If you set DesiredCapacityType to vcpu or memory-mib, the price protection threshold is applied based on the per vCPU or per memory price instead of the per instance price. */ onDemandMaxPricePercentageOverLowestPrice?: pulumi.Input; /** * Indicate whether instance types must support On-Demand Instance Hibernation, either `true` or `false`. Default is `false`. */ requireHibernateSupport?: pulumi.Input; /** * The price protection threshold for Spot Instances. This is the maximum you’ll pay for a Spot Instance, expressed as a percentage higher than the cheapest M, C, or R instance type with your specified attributes. When Amazon EC2 Auto Scaling selects instance types with your attributes, we will exclude instance types whose price is higher than your threshold. The parameter accepts an integer, which Amazon EC2 Auto Scaling interprets as a percentage. To turn off price protection, specify a high value, such as 999999. Default is 100. * * If you set DesiredCapacityType to vcpu or memory-mib, the price protection threshold is applied based on the per vCPU or per memory price instead of the per instance price. */ spotMaxPricePercentageOverLowestPrice?: pulumi.Input; /** * Block describing the minimum and maximum total local storage (GB). Default is no minimum or maximum. */ totalLocalStorageGb?: pulumi.Input; /** * Block describing the minimum and maximum number of vCPUs. Default is no maximum. */ vcpuCount?: pulumi.Input; } export interface SpotFleetRequestLaunchTemplateConfigOverrideInstanceRequirementsAcceleratorCount { /** * Maximum. Set to `0` to exclude instance types with accelerators. */ max?: pulumi.Input; /** * Minimum. */ min?: pulumi.Input; } export interface SpotFleetRequestLaunchTemplateConfigOverrideInstanceRequirementsAcceleratorTotalMemoryMib { /** * Maximum. */ max?: pulumi.Input; /** * Minimum. */ min?: pulumi.Input; } export interface SpotFleetRequestLaunchTemplateConfigOverrideInstanceRequirementsBaselineEbsBandwidthMbps { /** * Maximum. */ max?: pulumi.Input; /** * Minimum. */ min?: pulumi.Input; } export interface SpotFleetRequestLaunchTemplateConfigOverrideInstanceRequirementsMemoryGibPerVcpu { /** * Maximum. May be a decimal number, e.g. `0.5`. */ max?: pulumi.Input; /** * Minimum. May be a decimal number, e.g. `0.5`. */ min?: pulumi.Input; } export interface SpotFleetRequestLaunchTemplateConfigOverrideInstanceRequirementsMemoryMib { /** * Maximum. */ max?: pulumi.Input; /** * Minimum. */ min?: pulumi.Input; } export interface SpotFleetRequestLaunchTemplateConfigOverrideInstanceRequirementsNetworkBandwidthGbps { /** * Maximum. */ max?: pulumi.Input; /** * Minimum. */ min?: pulumi.Input; } export interface SpotFleetRequestLaunchTemplateConfigOverrideInstanceRequirementsNetworkInterfaceCount { /** * Maximum. */ max?: pulumi.Input; /** * Minimum. */ min?: pulumi.Input; } export interface SpotFleetRequestLaunchTemplateConfigOverrideInstanceRequirementsTotalLocalStorageGb { /** * Maximum. May be a decimal number, e.g. `0.5`. */ max?: pulumi.Input; /** * Minimum. May be a decimal number, e.g. `0.5`. */ min?: pulumi.Input; } export interface SpotFleetRequestLaunchTemplateConfigOverrideInstanceRequirementsVcpuCount { /** * Maximum. */ max?: pulumi.Input; /** * Minimum. */ min?: pulumi.Input; } export interface SpotFleetRequestSpotMaintenanceStrategies { /** * Nested argument containing the capacity rebalance for your fleet request. Defined below. */ capacityRebalance?: pulumi.Input; } export interface SpotFleetRequestSpotMaintenanceStrategiesCapacityRebalance { /** * The replacement strategy to use. Only available for spot fleets with `fleetType` set to `maintain`. Valid values: `launch`. */ replacementStrategy?: pulumi.Input; } export interface SpotInstanceRequestCapacityReservationSpecification { /** * Indicates the instance's Capacity Reservation preferences. Can be `"open"` or `"none"`. (Default: `"open"`). */ capacityReservationPreference?: pulumi.Input; /** * Information about the target Capacity Reservation. See Capacity Reservation Target below for more details. * * For more information, see the documentation on [Capacity Reservations](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/capacity-reservations-using.html). */ capacityReservationTarget?: pulumi.Input; } export interface SpotInstanceRequestCapacityReservationSpecificationCapacityReservationTarget { /** * ID of the Capacity Reservation in which to run the instance. */ capacityReservationId?: pulumi.Input; /** * ARN of the Capacity Reservation resource group in which to run the instance. */ capacityReservationResourceGroupArn?: pulumi.Input; } export interface SpotInstanceRequestCpuOptions { /** * Indicates whether to enable the instance for AMD SEV-SNP. AMD SEV-SNP is supported with M6a, R6a, and C6a instance types only. Valid values are `enabled` and `disabled`. */ amdSevSnp?: pulumi.Input; /** * Sets the number of CPU cores for an instance. This option is only supported on creation of instance type that support CPU Options [CPU Cores and Threads Per CPU Core Per Instance Type](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-optimize-cpu.html#cpu-options-supported-instances-values) - specifying this option for unsupported instance types will return an error from the EC2 API. */ coreCount?: pulumi.Input; /** * If set to 1, hyperthreading is disabled on the launched instance. Defaults to 2 if not set. See [Optimizing CPU Options](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-optimize-cpu.html) for more information. * * For more information, see the documentation on [Optimizing CPU options](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-optimize-cpu.html). */ threadsPerCore?: pulumi.Input; } export interface SpotInstanceRequestCreditSpecification { /** * Credit option for CPU usage. Valid values include `standard` or `unlimited`. T3 instances are launched as unlimited by default. T2 instances are launched as standard by default. */ cpuCredits?: pulumi.Input; } export interface SpotInstanceRequestEbsBlockDevice { /** * Whether the volume should be destroyed on instance termination. Defaults to `true`. */ deleteOnTermination?: pulumi.Input; /** * Name of the device to mount. */ deviceName: pulumi.Input; /** * Enables [EBS encryption](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) on the volume. Defaults to `false`. Cannot be used with `snapshotId`. Must be configured to perform drift detection. */ encrypted?: pulumi.Input; /** * Amount of provisioned [IOPS](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-io-characteristics.html). Only valid for volumeType of `io1`, `io2` or `gp3`. */ iops?: pulumi.Input; /** * Amazon Resource Name (ARN) of the KMS Key to use when encrypting the volume. Must be configured to perform drift detection. */ kmsKeyId?: pulumi.Input; /** * Snapshot ID to mount. */ snapshotId?: pulumi.Input; /** * Map of tags to assign to the device. **Note:** Tags specified here are applied after instance creation via a separate API call. This means they cannot be used with IAM policies that require tags during resource creation (e.g., ABAC policies with `ec2:CreateAction` conditions or SCPs requiring volume tags). For ABAC compliance, use `volumeTags` instead, which applies uniform tags to all volumes during instance creation. */ tags?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * A map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block. */ tagsAll?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Throughput to provision for a volume in mebibytes per second (MiB/s). This is only valid for `volumeType` of `gp3`. */ throughput?: pulumi.Input; volumeId?: pulumi.Input; /** * Size of the volume in gibibytes (GiB). */ volumeSize?: pulumi.Input; /** * Type of volume. Valid values include `standard`, `gp2`, `gp3`, `io1`, `io2`, `sc1`, or `st1`. Defaults to `gp2`. * * > **NOTE:** Currently, changes to the `ebsBlockDevice` configuration of _existing_ resources cannot be automatically detected by this provider. To manage changes and attachments of an EBS block to an instance, use the `aws.ebs.Volume` and `aws.ec2.VolumeAttachment` resources instead. If you use `ebsBlockDevice` on an `aws.ec2.Instance`, this provider will assume management over the full set of non-root EBS block devices for the instance, treating additional block devices as drift. For this reason, `ebsBlockDevice` cannot be mixed with external `aws.ebs.Volume` and `aws.ec2.VolumeAttachment` resources for a given instance. */ volumeType?: pulumi.Input; } export interface SpotInstanceRequestEnclaveOptions { /** * Whether Nitro Enclaves will be enabled on the instance. Defaults to `false`. * * For more information, see the documentation on [Nitro Enclaves](https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave.html). */ enabled?: pulumi.Input; } export interface SpotInstanceRequestEphemeralBlockDevice { /** * Name of the block device to mount on the instance. */ deviceName: pulumi.Input; /** * Suppresses the specified device included in the AMI's block device mapping. */ noDevice?: pulumi.Input; /** * [Instance Store Device Name](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html#InstanceStoreDeviceNames) (e.g., `ephemeral0`). * * Each AWS Instance type has a different set of Instance Store block devices available for attachment. AWS [publishes a list](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html#StorageOnInstanceTypes) of which ephemeral devices are available on each type. The devices are always identified by the `virtualName` in the format `ephemeral{0..N}`. */ virtualName?: pulumi.Input; } export interface SpotInstanceRequestLaunchTemplate { /** * ID of the launch template. Conflicts with `name`. */ id?: pulumi.Input; /** * Name of the launch template. Conflicts with `id`. */ name?: pulumi.Input; /** * Template version. Can be a specific version number, `$Latest` or `$Default`. The default value is `$Default`. */ version?: pulumi.Input; } export interface SpotInstanceRequestMaintenanceOptions { /** * Automatic recovery behavior of the Instance. Can be `"default"` or `"disabled"`. See [Recover your instance](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-recover.html) for more details. */ autoRecovery?: pulumi.Input; } export interface SpotInstanceRequestMetadataOptions { /** * Whether the metadata service is available. Valid values include `enabled` or `disabled`. Defaults to `enabled`. */ httpEndpoint?: pulumi.Input; /** * Whether the IPv6 endpoint for the instance metadata service is enabled. Defaults to `disabled`. */ httpProtocolIpv6?: pulumi.Input; /** * Desired HTTP PUT response hop limit for instance metadata requests. The larger the number, the further instance metadata requests can travel. Valid values are integer from `1` to `64`. Defaults to `1`. */ httpPutResponseHopLimit?: pulumi.Input; /** * Whether or not the metadata service requires session tokens, also referred to as _Instance Metadata Service Version 2 (IMDSv2)_. Valid values include `optional` or `required`. */ httpTokens?: pulumi.Input; /** * Enables or disables access to instance tags from the instance metadata service. Valid values include `enabled` or `disabled`. Defaults to `disabled`. * * For more information, see the documentation on the [Instance Metadata Service](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html). */ instanceMetadataTags?: pulumi.Input; } export interface SpotInstanceRequestNetworkInterface { /** * Whether or not to delete the network interface on instance termination. Defaults to `false`. Currently, the only valid value is `false`, as this is only supported when creating new network interfaces when launching an instance. */ deleteOnTermination?: pulumi.Input; /** * Integer index of the network interface attachment. Limited by instance type. */ deviceIndex: pulumi.Input; /** * Integer index of the network card. Limited by instance type. The default index is `0`. */ networkCardIndex?: pulumi.Input; /** * ID of the network interface to attach. */ networkInterfaceId: pulumi.Input; } export interface SpotInstanceRequestPrimaryNetworkInterface { /** * Whether the network interface will be deleted when the instance terminates. */ deleteOnTermination?: pulumi.Input; /** * ID of the network interface to attach. */ networkInterfaceId?: pulumi.Input; } export interface SpotInstanceRequestPrivateDnsNameOptions { /** * Indicates whether to respond to DNS queries for instance hostnames with DNS A records. */ enableResourceNameDnsARecord?: pulumi.Input; /** * Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. */ enableResourceNameDnsAaaaRecord?: pulumi.Input; /** * Type of hostname for Amazon EC2 instances. For IPv4 only subnets, an instance DNS name must be based on the instance IPv4 address. For IPv6 native subnets, an instance DNS name must be based on the instance ID. For dual-stack subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: `ip-name` and `resource-name`. */ hostnameType?: pulumi.Input; } export interface SpotInstanceRequestRootBlockDevice { /** * Whether the volume should be destroyed on instance termination. Defaults to `true`. */ deleteOnTermination?: pulumi.Input; deviceName?: pulumi.Input; /** * Whether to enable volume encryption. Defaults to `false`. Must be configured to perform drift detection. */ encrypted?: pulumi.Input; /** * Amount of provisioned [IOPS](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-io-characteristics.html). Only valid for volumeType of `io1`, `io2` or `gp3`. */ iops?: pulumi.Input; /** * Amazon Resource Name (ARN) of the KMS Key to use when encrypting the volume. Must be configured to perform drift detection. */ kmsKeyId?: pulumi.Input; /** * Map of tags to assign to the device. **Note:** Tags specified here are applied after instance creation via a separate API call. This means they cannot be used with IAM policies that require tags during resource creation (e.g., ABAC policies with `ec2:CreateAction` conditions or SCPs requiring volume tags). For ABAC compliance, use `volumeTags` instead, which applies uniform tags to all volumes during instance creation. */ tags?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * A map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block. */ tagsAll?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Throughput to provision for a volume in mebibytes per second (MiB/s). This is only valid for `volumeType` of `gp3`. */ throughput?: pulumi.Input; volumeId?: pulumi.Input; /** * Size of the volume in gibibytes (GiB). */ volumeSize?: pulumi.Input; /** * Type of volume. Valid values include `standard`, `gp2`, `gp3`, `io1`, `io2`, `sc1`, or `st1`. Defaults to the volume type that the AMI uses. * * Modifying the `encrypted` or `kmsKeyId` settings of the `rootBlockDevice` requires resource replacement. */ volumeType?: pulumi.Input; } export interface TrafficMirrorFilterRuleDestinationPortRange { /** * Starting port of the range */ fromPort?: pulumi.Input; /** * Ending port of the range */ toPort?: pulumi.Input; } export interface TrafficMirrorFilterRuleSourcePortRange { /** * Starting port of the range */ fromPort?: pulumi.Input; /** * Ending port of the range */ toPort?: pulumi.Input; } export interface VpcBlockPublicAccessExclusionTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface VpcBlockPublicAccessOptionsTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface VpcEncryptionControlResourceExclusions { /** * `state` and `stateMessage` describing encryption enforcement state for Egress-Only Internet Gateways. */ egressOnlyInternetGateway: pulumi.Input; /** * `state` and `stateMessage` describing encryption enforcement state for Elastic File System (EFS). */ elasticFileSystem: pulumi.Input; /** * `state` and `stateMessage` describing encryption enforcement state for Internet Gateways. */ internetGateway: pulumi.Input; /** * `state` and `stateMessage` describing encryption enforcement state for Lambda Functions. */ lambda: pulumi.Input; /** * `state` and `stateMessage` describing encryption enforcement state for NAT Gateways. */ natGateway: pulumi.Input; /** * `state` and `stateMessage` describing encryption enforcement state for Virtual Private Gateways. */ virtualPrivateGateway: pulumi.Input; /** * `state` and `stateMessage` describing encryption enforcement state for VPC Lattice. */ vpcLattice: pulumi.Input; /** * `state` and `stateMessage` describing encryption enforcement state for peered VPCs. */ vpcPeering: pulumi.Input; } export interface VpcEncryptionControlResourceExclusionsEgressOnlyInternetGateway { /** * The current state of the VPC Encryption Control. */ state: pulumi.Input; /** * A message providing additional information about the state of the VPC Encryption Control. */ stateMessage: pulumi.Input; } export interface VpcEncryptionControlResourceExclusionsElasticFileSystem { /** * The current state of the VPC Encryption Control. */ state: pulumi.Input; /** * A message providing additional information about the state of the VPC Encryption Control. */ stateMessage: pulumi.Input; } export interface VpcEncryptionControlResourceExclusionsInternetGateway { /** * The current state of the VPC Encryption Control. */ state: pulumi.Input; /** * A message providing additional information about the state of the VPC Encryption Control. */ stateMessage: pulumi.Input; } export interface VpcEncryptionControlResourceExclusionsLambda { /** * The current state of the VPC Encryption Control. */ state: pulumi.Input; /** * A message providing additional information about the state of the VPC Encryption Control. */ stateMessage: pulumi.Input; } export interface VpcEncryptionControlResourceExclusionsNatGateway { /** * The current state of the VPC Encryption Control. */ state: pulumi.Input; /** * A message providing additional information about the state of the VPC Encryption Control. */ stateMessage: pulumi.Input; } export interface VpcEncryptionControlResourceExclusionsVirtualPrivateGateway { /** * The current state of the VPC Encryption Control. */ state: pulumi.Input; /** * A message providing additional information about the state of the VPC Encryption Control. */ stateMessage: pulumi.Input; } export interface VpcEncryptionControlResourceExclusionsVpcLattice { /** * The current state of the VPC Encryption Control. */ state: pulumi.Input; /** * A message providing additional information about the state of the VPC Encryption Control. */ stateMessage: pulumi.Input; } export interface VpcEncryptionControlResourceExclusionsVpcPeering { /** * The current state of the VPC Encryption Control. */ state: pulumi.Input; /** * A message providing additional information about the state of the VPC Encryption Control. */ stateMessage: pulumi.Input; } export interface VpcEncryptionControlTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface VpcEndpointDnsEntry { /** * The DNS name. */ dnsName?: pulumi.Input; /** * The ID of the private hosted zone. */ hostedZoneId?: pulumi.Input; } export interface VpcEndpointDnsOptions { /** * The DNS records created for the endpoint. Valid values are `ipv4`, `dualstack`, `service-defined`, and `ipv6`. */ dnsRecordIpType?: pulumi.Input; /** * Boolean indicating whether to enable private DNS only for inbound endpoints. This option is available only for interface endpoints of services that support both gateway and interface endpoints. A gateway endpoint for the same service must be created before an interface endpoint is created. Traffic originating from the VPC is routed to the gateway endpoint, while traffic originating from on-premises is routed to the interface endpoint. Defaults to `false`. This argument can be specified only if `privateDnsEnabled` is `true`. */ privateDnsOnlyForInboundResolverEndpoint?: pulumi.Input; /** * Preference for which private domains have a private hosted zone created for and associated with the specified VPC. Valid values are `ALL_DOMAINS`, `VERIFIED_DOMAINS_ONLY`, `VERIFIED_DOMAINS_AND_SPECIFIED_DOMAINS`, and `SPECIFIED_DOMAINS_ONLY`. Only supported when `privateDnsEnabled` is `true` and when the `vpcEndpointType` is `ServiceNetwork` or `Resource`. */ privateDnsPreference?: pulumi.Input; /** * List of private domains to create private hosted zones for and associate with the specified VPC. Must be specified when `privateDnsEnabled` is `true` and `privateDnsPreference` is set to either `VERIFIED_DOMAINS_AND_SPECIFIED_DOMAINS` or `SPECIFIED_DOMAINS_ONLY`. In all other cases, this argument must not be specified. */ privateDnsSpecifiedDomains?: pulumi.Input[]>; } export interface VpcEndpointServicePrivateDnsNameConfiguration { /** * Name of the record subdomain the service provider needs to create. */ name?: pulumi.Input; /** * Verification state of the VPC endpoint service. Consumers of the endpoint service can use the private name only when the state is `verified`. */ state?: pulumi.Input; /** * Endpoint service verification type, for example `TXT`. */ type?: pulumi.Input; /** * Value the service provider adds to the private DNS name domain record before verification. */ value?: pulumi.Input; } export interface VpcEndpointSubnetConfiguration { /** * The IPv4 address to assign to the endpoint network interface in the subnet. You must provide an IPv4 address if the VPC endpoint supports IPv4. */ ipv4?: pulumi.Input; /** * The IPv6 address to assign to the endpoint network interface in the subnet. You must provide an IPv6 address if the VPC endpoint supports IPv6. */ ipv6?: pulumi.Input; /** * The ID of the subnet. Must have a corresponding subnet in the `subnetIds` argument. */ subnetId?: pulumi.Input; } export interface VpcIpamOperatingRegion { /** * The name of the Region you want to add to the IPAM. */ regionName: pulumi.Input; } export interface VpcIpamPoolCidrCidrAuthorizationContext { /** * The plain-text authorization message for the prefix and account. */ message?: pulumi.Input; /** * The signed authorization message for the prefix and account. */ signature?: pulumi.Input; } export interface VpcIpamPoolSourceResource { /** * ID of the resource. */ resourceId: pulumi.Input; /** * Owner of the resource. */ resourceOwner: pulumi.Input; /** * Region where the resource exists. Must match the `locale` of the parent IPAM Pool. */ resourceRegion: pulumi.Input; /** * Type of the resource. (`vpc`) */ resourceType: pulumi.Input; } export interface VpcIpamResourceDiscoveryOperatingRegion { /** * The name of the Region you want to add to the IPAM. */ regionName: pulumi.Input; } export interface VpcIpamResourceDiscoveryOrganizationalUnitExclusion { /** * AWS Organizations entity path. Build the path for the OU(s) using AWS Organizations IDs separated by a `/`. Include all child OUs by ending the path with `/*`. */ organizationsEntityPath: pulumi.Input; } export interface VpcPeeringConnectionAccepter { /** * Allow a local VPC to resolve public DNS hostnames to * private IP addresses when queried from instances in the peer VPC. */ allowRemoteVpcDnsResolution?: pulumi.Input; } export interface VpcPeeringConnectionAccepterAccepter { /** * Indicates whether a local VPC can resolve public DNS hostnames to * private IP addresses when queried from instances in a peer VPC. */ allowRemoteVpcDnsResolution?: pulumi.Input; } export interface VpcPeeringConnectionAccepterRequester { /** * Indicates whether a local VPC can resolve public DNS hostnames to * private IP addresses when queried from instances in a peer VPC. */ allowRemoteVpcDnsResolution?: pulumi.Input; } export interface VpcPeeringConnectionRequester { /** * Allow a local VPC to resolve public DNS hostnames to * private IP addresses when queried from instances in the peer VPC. */ allowRemoteVpcDnsResolution?: pulumi.Input; } export interface VpnConnectionRoute { /** * The CIDR block associated with the local subnet of the customer data center. */ destinationCidrBlock?: pulumi.Input; /** * Indicates how the routes were provided. */ source?: pulumi.Input; /** * The current state of the static route. */ state?: pulumi.Input; } export interface VpnConnectionTunnel1LogOptions { /** * Options for sending VPN tunnel logs to CloudWatch. See CloudWatch Log Options below for more details. */ cloudwatchLogOptions?: pulumi.Input; } export interface VpnConnectionTunnel1LogOptionsCloudwatchLogOptions { /** * Enable or disable BGP logging feature. The default is `false`. */ bgpLogEnabled?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the CloudWatch log group to send BGP logs to. */ bgpLogGroupArn?: pulumi.Input; /** * Set BGP log format. Default format is json. Possible values are: `json` and `text`. The default is `json`. */ bgpLogOutputFormat?: pulumi.Input; /** * Enable or disable VPN tunnel logging feature. The default is `false`. */ logEnabled?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the CloudWatch log group to send logs to. */ logGroupArn?: pulumi.Input; /** * Set log format. Default format is json. Possible values are: `json` and `text`. The default is `json`. */ logOutputFormat?: pulumi.Input; } export interface VpnConnectionTunnel2LogOptions { /** * Options for sending VPN tunnel logs to CloudWatch. See CloudWatch Log Options below for more details. */ cloudwatchLogOptions?: pulumi.Input; } export interface VpnConnectionTunnel2LogOptionsCloudwatchLogOptions { /** * Enable or disable BGP logging feature. The default is `false`. */ bgpLogEnabled?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the CloudWatch log group to send BGP logs to. */ bgpLogGroupArn?: pulumi.Input; /** * Set BGP log format. Default format is json. Possible values are: `json` and `text`. The default is `json`. */ bgpLogOutputFormat?: pulumi.Input; /** * Enable or disable VPN tunnel logging feature. The default is `false`. */ logEnabled?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the CloudWatch log group to send logs to. */ logGroupArn?: pulumi.Input; /** * Set log format. Default format is json. Possible values are: `json` and `text`. The default is `json`. */ logOutputFormat?: pulumi.Input; } export interface VpnConnectionVgwTelemetry { /** * The number of accepted routes. */ acceptedRouteCount?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the VPN tunnel endpoint certificate. */ certificateArn?: pulumi.Input; /** * The date and time of the last change in status. */ lastStatusChange?: pulumi.Input; /** * The Internet-routable IP address of the virtual private gateway's outside interface. */ outsideIpAddress?: pulumi.Input; /** * The status of the VPN tunnel. */ status?: pulumi.Input; /** * If an error occurs, a description of the error. */ statusMessage?: pulumi.Input; } } export namespace ec2clientvpn { export interface EndpointAuthenticationOption { /** * The ID of the Active Directory to be used for authentication if type is `directory-service-authentication`. */ activeDirectoryId?: pulumi.Input; /** * The ARN of the client certificate. The certificate must be signed by a certificate authority (CA) and it must be provisioned in AWS Certificate Manager (ACM). Only necessary when type is set to `certificate-authentication`. */ rootCertificateChainArn?: pulumi.Input; /** * The ARN of the IAM SAML identity provider if type is `federated-authentication`. */ samlProviderArn?: pulumi.Input; /** * The ARN of the IAM SAML identity provider for the self service portal if type is `federated-authentication`. */ selfServiceSamlProviderArn?: pulumi.Input; /** * The type of client authentication to be used. Specify `certificate-authentication` to use certificate-based authentication, `directory-service-authentication` to use Active Directory authentication, or `federated-authentication` to use Federated Authentication via SAML 2.0. */ type: pulumi.Input; } export interface EndpointClientConnectOptions { /** * Indicates whether client connect options are enabled. The default is `false` (not enabled). */ enabled?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Lambda function used for connection authorization. */ lambdaFunctionArn?: pulumi.Input; } export interface EndpointClientLoginBannerOptions { /** * Customizable text that will be displayed in a banner on AWS provided clients when a VPN session is established. UTF-8 encoded characters only. Maximum of 1400 characters. */ bannerText?: pulumi.Input; /** * Enable or disable a customizable text banner that will be displayed on AWS provided clients when a VPN session is established. The default is `false` (not enabled). */ enabled?: pulumi.Input; } export interface EndpointClientRouteEnforcementOptions { /** * Enable or disable Client Route Enforcement. The default is `false` (not enabled). */ enforced?: pulumi.Input; } export interface EndpointConnectionLogOptions { /** * The name of the CloudWatch Logs log group. */ cloudwatchLogGroup?: pulumi.Input; /** * The name of the CloudWatch Logs log stream to which the connection data is published. */ cloudwatchLogStream?: pulumi.Input; /** * Indicates whether connection logging is enabled. */ enabled: pulumi.Input; } export interface GetEndpointFilter { /** * Name of the field to filter by, as defined by [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeClientVpnEndpoints.html). */ name: string; /** * Set of values that are accepted for the given field. An endpoint will be selected if any one of the given values matches. */ values: string[]; } export interface GetEndpointFilterArgs { /** * Name of the field to filter by, as defined by [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeClientVpnEndpoints.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given field. An endpoint will be selected if any one of the given values matches. */ values: pulumi.Input[]>; } } export namespace ec2transitgateway { export interface DefaultRouteTableAssociationTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface DefaultRouteTablePropagationTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface GetAttachmentFilter { /** * Name of the field to filter by, as defined by the [underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeTransitGatewayAttachments.html). */ name: string; /** * List of one or more values for the filter. */ values: string[]; } export interface GetAttachmentFilterArgs { /** * Name of the field to filter by, as defined by the [underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeTransitGatewayAttachments.html). */ name: pulumi.Input; /** * List of one or more values for the filter. */ values: pulumi.Input[]>; } export interface GetAttachmentsFilter { /** * Name of the filter check available value on [official documentation](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeTransitGatewayAttachments.html) */ name: string; /** * List of one or more values for the filter. */ values: string[]; } export interface GetAttachmentsFilterArgs { /** * Name of the filter check available value on [official documentation](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeTransitGatewayAttachments.html) */ name: pulumi.Input; /** * List of one or more values for the filter. */ values: pulumi.Input[]>; } export interface GetConnectFilter { /** * Name of the filter. */ name: string; /** * List of one or more values for the filter. */ values: string[]; } export interface GetConnectFilterArgs { /** * Name of the filter. */ name: pulumi.Input; /** * List of one or more values for the filter. */ values: pulumi.Input[]>; } export interface GetConnectPeerFilter { /** * Name of the filter. */ name: string; /** * List of one or more values for the filter. */ values: string[]; } export interface GetConnectPeerFilterArgs { /** * Name of the filter. */ name: pulumi.Input; /** * List of one or more values for the filter. */ values: pulumi.Input[]>; } export interface GetDirectConnectGatewayAttachmentFilter { /** * Name of the filter field. Valid values can be found in the [EC2 DescribeTransitGatewayAttachments API Reference](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeTransitGatewayAttachments.html). */ name: string; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: string[]; } export interface GetDirectConnectGatewayAttachmentFilterArgs { /** * Name of the filter field. Valid values can be found in the [EC2 DescribeTransitGatewayAttachments API Reference](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeTransitGatewayAttachments.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: pulumi.Input[]>; } export interface GetMulticastDomainFilter { /** * Name of the field to filter by, as defined by [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeTransitGatewayMulticastDomains.html). */ name: string; /** * Set of values that are accepted for the given field. A multicast domain will be selected if any one of the given values matches. */ values: string[]; } export interface GetMulticastDomainFilterArgs { /** * Name of the field to filter by, as defined by [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeTransitGatewayMulticastDomains.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given field. A multicast domain will be selected if any one of the given values matches. */ values: pulumi.Input[]>; } export interface GetPeeringAttachmentFilter { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeTransitGatewayPeeringAttachments.html). */ name: string; /** * Set of values that are accepted for the given field. * An EC2 Transit Gateway Peering Attachment be selected if any one of the given values matches. */ values: string[]; } export interface GetPeeringAttachmentFilterArgs { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeTransitGatewayPeeringAttachments.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given field. * An EC2 Transit Gateway Peering Attachment be selected if any one of the given values matches. */ values: pulumi.Input[]>; } export interface GetPeeringAttachmentsFilter { /** * Name of the field to filter by, as defined by [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeTransitGatewayPeeringAttachments.html) */ name: string; /** * List of one or more values for the filter. */ values: string[]; } export interface GetPeeringAttachmentsFilterArgs { /** * Name of the field to filter by, as defined by [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeTransitGatewayPeeringAttachments.html) */ name: pulumi.Input; /** * List of one or more values for the filter. */ values: pulumi.Input[]>; } export interface GetRouteTableAssociationsFilter { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_GetTransitGatewayRouteTableAssociations.html). */ name: string; /** * Set of values that are accepted for the given field. * A Transit Gateway Route Table will be selected if any one of the given values matches. */ values: string[]; } export interface GetRouteTableAssociationsFilterArgs { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_GetTransitGatewayRouteTableAssociations.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given field. * A Transit Gateway Route Table will be selected if any one of the given values matches. */ values: pulumi.Input[]>; } export interface GetRouteTableFilter { /** * Name of the filter. */ name: string; /** * List of one or more values for the filter. */ values: string[]; } export interface GetRouteTableFilterArgs { /** * Name of the filter. */ name: pulumi.Input; /** * List of one or more values for the filter. */ values: pulumi.Input[]>; } export interface GetRouteTablePropagationsFilter { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_GetTransitGatewayRouteTablePropagations.html). */ name: string; /** * Set of values that are accepted for the given field. * A Transit Gateway Route Table will be selected if any one of the given values matches. */ values: string[]; } export interface GetRouteTablePropagationsFilterArgs { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_GetTransitGatewayRouteTablePropagations.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given field. * A Transit Gateway Route Table will be selected if any one of the given values matches. */ values: pulumi.Input[]>; } export interface GetRouteTableRoutesFilter { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_SearchTransitGatewayRoutes.html). */ name: string; /** * Set of values that are accepted for the given field. */ values: string[]; } export interface GetRouteTableRoutesFilterArgs { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_SearchTransitGatewayRoutes.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given field. */ values: pulumi.Input[]>; } export interface GetTransitGatewayFilter { /** * Name of the field to filter by, as defined by the [underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeTransitGateways.html). */ name: string; /** * List of one or more values for the filter. */ values: string[]; } export interface GetTransitGatewayFilterArgs { /** * Name of the field to filter by, as defined by the [underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeTransitGateways.html). */ name: pulumi.Input; /** * List of one or more values for the filter. */ values: pulumi.Input[]>; } export interface GetVpcAttachmentFilter { /** * Name of the filter. */ name: string; /** * List of one or more values for the filter. */ values: string[]; } export interface GetVpcAttachmentFilterArgs { /** * Name of the filter. */ name: pulumi.Input; /** * List of one or more values for the filter. */ values: pulumi.Input[]>; } export interface GetVpcAttachmentsFilter { /** * Name of the filter check available value on [official documentation](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeTransitGatewayVpcAttachments.html) */ name: string; /** * List of one or more values for the filter. */ values: string[]; } export interface GetVpcAttachmentsFilterArgs { /** * Name of the filter check available value on [official documentation](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeTransitGatewayVpcAttachments.html) */ name: pulumi.Input; /** * List of one or more values for the filter. */ values: pulumi.Input[]>; } export interface GetVpnAttachmentFilter { /** * Name of the filter field. Valid values can be found in the [EC2 DescribeTransitGatewayAttachments API Reference](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeTransitGatewayAttachments.html). */ name: string; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: string[]; } export interface GetVpnAttachmentFilterArgs { /** * Name of the filter field. Valid values can be found in the [EC2 DescribeTransitGatewayAttachments API Reference](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeTransitGatewayAttachments.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: pulumi.Input[]>; } export interface InstanceConnectEndpointTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; } export interface PeeringAttachmentOptions { /** * Indicates whether dynamic routing is enabled or disabled.. Supports `enable` and `disable`. */ dynamicRouting?: pulumi.Input; } } export namespace ecr { export interface GetLifecyclePolicyDocumentRule { /** * Specifies the action to take. */ action?: inputs.ecr.GetLifecyclePolicyDocumentRuleAction; /** * Describes the purpose of a rule within a lifecycle policy. */ description?: string; /** * Sets the order in which rules are evaluated, lowest to highest. When you add rules to a lifecycle policy, you must give them each a unique value for `priority`. Values do not need to be sequential across rules in a policy. A rule with a `tagStatus` value of `any` must have the highest value for `priority` and be evaluated last. */ priority: number; /** * Collects parameters describing the selection criteria for the ECR lifecycle policy: */ selection: inputs.ecr.GetLifecyclePolicyDocumentRuleSelection; } export interface GetLifecyclePolicyDocumentRuleArgs { /** * Specifies the action to take. */ action?: pulumi.Input; /** * Describes the purpose of a rule within a lifecycle policy. */ description?: pulumi.Input; /** * Sets the order in which rules are evaluated, lowest to highest. When you add rules to a lifecycle policy, you must give them each a unique value for `priority`. Values do not need to be sequential across rules in a policy. A rule with a `tagStatus` value of `any` must have the highest value for `priority` and be evaluated last. */ priority: pulumi.Input; /** * Collects parameters describing the selection criteria for the ECR lifecycle policy: */ selection: pulumi.Input; } export interface GetLifecyclePolicyDocumentRuleAction { /** * The storage class you want the lifecycle policy to transition the image to. `archive` is the only supported value. */ targetStorageClass?: string; /** * Specify an action type. The supported values are `expire` (to delete images) and `transition` (to move images to archive storage). */ type: string; } export interface GetLifecyclePolicyDocumentRuleActionArgs { /** * The storage class you want the lifecycle policy to transition the image to. `archive` is the only supported value. */ targetStorageClass?: pulumi.Input; /** * Specify an action type. The supported values are `expire` (to delete images) and `transition` (to move images to archive storage). */ type: pulumi.Input; } export interface GetLifecyclePolicyDocumentRuleSelection { /** * Specify a count number. If the `countType` used is `imageCountMoreThan`, then the value is the maximum number of images that you want to retain in your repository. If the `countType` used is `sinceImagePushed`, then the value is the maximum age limit for your images. If the `countType` used is `sinceImagePulled`, then the value is the maximum number of days since the image was last pulled. If the `countType` used is `sinceImageTransitioned`, then the value is the maximum number of days since the image was archived. */ countNumber: number; /** * Specify a count type to apply to the images. If `countType` is set to `imageCountMoreThan`, you also specify `countNumber` to create a rule that sets a limit on the number of images that exist in your repository. If `countType` is set to `sinceImagePushed`, `sinceImagePulled`, or `sinceImageTransitioned`, you also specify `countUnit` and `countNumber` to specify a time limit on the images that exist in your repository. */ countType: string; /** * Specify a count unit of `days` to indicate that as the unit of time, in addition to `countNumber`, which is the number of days. */ countUnit?: string; /** * The rule will only select images of this storage class. When using a `countType` of `imageCountMoreThan`, `sinceImagePushed`, or `sinceImagePulled`, the only supported value is `standard`. When using a `countType` of `sinceImageTransitioned`, this is required, and the only supported value is `archive`. If you omit this, the value of `standard` will be used. */ storageClass?: string; /** * You must specify a comma-separated list of image tag patterns that may contain wildcards (\*) on which to take action with your lifecycle policy. For example, if your images are tagged as `prod`, `prod1`, `prod2`, and so on, you would use the tag pattern list `["prod\*"]` to specify all of them. If you specify multiple tags, only the images with all specified tags are selected. There is a maximum limit of four wildcards (\*) per string. For example, `["*test*1*2*3", "test*1*2*3*"]` is valid but `["test*1*2*3*4*5*6"]` is invalid. */ tagPatternLists?: string[]; /** * You must specify a comma-separated list of image tag prefixes on which to take action with your lifecycle policy. For example, if your images are tagged as `prod`, `prod1`, `prod2`, and so on, you would use the tag prefix "prod" to specify all of them. If you specify multiple tags, only images with all specified tags are selected. */ tagPrefixLists?: string[]; /** * Determines whether the lifecycle policy rule that you are adding specifies a tag for an image. Acceptable options are `tagged`, `untagged`, or `any`. If you specify `any`, then all images have the rule evaluated against them. If you specify `tagged`, then you must also specify a `tagPrefixList` value or a `tagPatternList` value. If you specify `untagged`, then you must omit both `tagPrefixList` and `tagPatternList`. */ tagStatus: string; } export interface GetLifecyclePolicyDocumentRuleSelectionArgs { /** * Specify a count number. If the `countType` used is `imageCountMoreThan`, then the value is the maximum number of images that you want to retain in your repository. If the `countType` used is `sinceImagePushed`, then the value is the maximum age limit for your images. If the `countType` used is `sinceImagePulled`, then the value is the maximum number of days since the image was last pulled. If the `countType` used is `sinceImageTransitioned`, then the value is the maximum number of days since the image was archived. */ countNumber: pulumi.Input; /** * Specify a count type to apply to the images. If `countType` is set to `imageCountMoreThan`, you also specify `countNumber` to create a rule that sets a limit on the number of images that exist in your repository. If `countType` is set to `sinceImagePushed`, `sinceImagePulled`, or `sinceImageTransitioned`, you also specify `countUnit` and `countNumber` to specify a time limit on the images that exist in your repository. */ countType: pulumi.Input; /** * Specify a count unit of `days` to indicate that as the unit of time, in addition to `countNumber`, which is the number of days. */ countUnit?: pulumi.Input; /** * The rule will only select images of this storage class. When using a `countType` of `imageCountMoreThan`, `sinceImagePushed`, or `sinceImagePulled`, the only supported value is `standard`. When using a `countType` of `sinceImageTransitioned`, this is required, and the only supported value is `archive`. If you omit this, the value of `standard` will be used. */ storageClass?: pulumi.Input; /** * You must specify a comma-separated list of image tag patterns that may contain wildcards (\*) on which to take action with your lifecycle policy. For example, if your images are tagged as `prod`, `prod1`, `prod2`, and so on, you would use the tag pattern list `["prod\*"]` to specify all of them. If you specify multiple tags, only the images with all specified tags are selected. There is a maximum limit of four wildcards (\*) per string. For example, `["*test*1*2*3", "test*1*2*3*"]` is valid but `["test*1*2*3*4*5*6"]` is invalid. */ tagPatternLists?: pulumi.Input[]>; /** * You must specify a comma-separated list of image tag prefixes on which to take action with your lifecycle policy. For example, if your images are tagged as `prod`, `prod1`, `prod2`, and so on, you would use the tag prefix "prod" to specify all of them. If you specify multiple tags, only images with all specified tags are selected. */ tagPrefixLists?: pulumi.Input[]>; /** * Determines whether the lifecycle policy rule that you are adding specifies a tag for an image. Acceptable options are `tagged`, `untagged`, or `any`. If you specify `any`, then all images have the rule evaluated against them. If you specify `tagged`, then you must also specify a `tagPrefixList` value or a `tagPatternList` value. If you specify `untagged`, then you must omit both `tagPrefixList` and `tagPatternList`. */ tagStatus: pulumi.Input; } export interface LifecyclePolicyAction { /** * The type of action to take. Currently only 'expire' is supported. */ type: pulumi.Input; } /** * Represents an ECR lifecycle policy document. */ export interface LifecyclePolicyDocument { /** * The rules that comprise the lifecycle policy. */ rules: pulumi.Input[]>; } /** * Represents a rule in an ECR lifecycle policy. */ export interface LifecyclePolicyRule { /** * The action to take when the rule is triggered. */ action: pulumi.Input; /** * A description of the rule. */ description?: pulumi.Input; /** * The priority of the rule, must be unique within the policy. */ rulePriority: pulumi.Input; /** * The selection criteria for the rule. */ selection: pulumi.Input; } /** * Represents selection criteria for an ECR lifecycle policy rule. */ export interface LifecyclePolicySelection { /** * The count number to use with the count type. */ countNumber: pulumi.Input; /** * The type of count to perform. Either 'imageCountMoreThan' or 'sinceImagePushed'. */ countType: pulumi.Input; /** * The unit of time for sinceImagePushed. Either 'days'. */ countUnit?: pulumi.Input; /** * A list of image tag prefixes on which to take action. */ tagPrefixList?: pulumi.Input[]>; /** * The tag status of the image. Either 'tagged', 'untagged', or 'any'. */ tagStatus: pulumi.Input; } /** * Represents an AWS IAM policy document that defines permissions for AWS resources and actions. */ export interface PolicyDocument { Id?: pulumi.Input; Statement: pulumi.Input[]>; Version: pulumi.Input; } export interface RegistryScanningConfigurationRule { /** * One or more repository filter blocks, containing a `filter` (required string filtering repositories, see pattern regex [here](https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_ScanningRepositoryFilter.html)) and a `filterType` (required string, currently only `WILDCARD` is supported). */ repositoryFilters: pulumi.Input[]>; /** * The frequency that scans are performed at for a private registry. Can be `SCAN_ON_PUSH`, `CONTINUOUS_SCAN`, or `MANUAL`. */ scanFrequency: pulumi.Input; } export interface RegistryScanningConfigurationRuleRepositoryFilter { filter: pulumi.Input; filterType: pulumi.Input; } export interface ReplicationConfigurationReplicationConfiguration { /** * The replication rules for a replication configuration. A maximum of 10 are allowed per `replicationConfiguration`. See Rule */ rules: pulumi.Input[]>; } export interface ReplicationConfigurationReplicationConfigurationRule { /** * the details of a replication destination. A maximum of 25 are allowed per `rule`. See Destination. */ destinations: pulumi.Input[]>; /** * filters for a replication rule. See Repository Filter. */ repositoryFilters?: pulumi.Input[]>; } export interface ReplicationConfigurationReplicationConfigurationRuleDestination { /** * A Region to replicate to. */ region: pulumi.Input; /** * The account ID of the destination registry to replicate to. */ registryId: pulumi.Input; } export interface ReplicationConfigurationReplicationConfigurationRuleRepositoryFilter { /** * The repository filter details. */ filter: pulumi.Input; /** * The repository filter type. The only supported value is `PREFIX_MATCH`, which is a repository name prefix specified with the filter parameter. */ filterType: pulumi.Input; } export interface RepositoryCreationTemplateEncryptionConfiguration { /** * The encryption type to use for any created repositories. Valid values are `AES256` or `KMS`. Defaults to `AES256`. */ encryptionType?: pulumi.Input; /** * The ARN of the KMS key to use when `encryptionType` is `KMS`. If not specified, uses the default AWS managed key for ECR. */ kmsKey?: pulumi.Input; } export interface RepositoryCreationTemplateImageTagMutabilityExclusionFilter { /** * The filter pattern to use for excluding image tags from the mutability setting. Must contain only letters, numbers, and special characters (._*-). Each filter can be up to 128 characters long and can contain a maximum of 2 wildcards (*). */ filter: pulumi.Input; /** * The type of filter to use. Must be `WILDCARD`. */ filterType: pulumi.Input; } export interface RepositoryEncryptionConfiguration { /** * The encryption type to use for the repository. Valid values are `AES256` or `KMS`. Defaults to `AES256`. */ encryptionType?: pulumi.Input; /** * The ARN of the KMS key to use when `encryptionType` is `KMS`. If not specified, uses the default AWS managed key for ECR. */ kmsKey?: pulumi.Input; } export interface RepositoryImageScanningConfiguration { /** * Indicates whether images are scanned after being pushed to the repository (true) or not scanned (false). */ scanOnPush: pulumi.Input; } export interface RepositoryImageTagMutabilityExclusionFilter { /** * The filter pattern to use for excluding image tags from the mutability setting. Must contain only letters, numbers, and special characters (._*-). Each filter can be up to 128 characters long and can contain a maximum of 2 wildcards (*). */ filter: pulumi.Input; /** * The type of filter to use. Must be `WILDCARD`. */ filterType: pulumi.Input; } } export namespace ecrpublic { export interface GetImagesImageId { /** * Digest of the image manifest. */ imageDigest?: string; /** * Tag used for the image. */ imageTag?: string; } export interface GetImagesImageIdArgs { /** * Digest of the image manifest. */ imageDigest?: pulumi.Input; /** * Tag used for the image. */ imageTag?: pulumi.Input; } export interface RepositoryCatalogData { /** * A detailed description of the contents of the repository. It is publicly visible in the Amazon ECR Public Gallery. The text must be in markdown format. */ aboutText?: pulumi.Input; /** * The system architecture that the images in the repository are compatible with. On the Amazon ECR Public Gallery, the following supported architectures will appear as badges on the repository and are used as search filters: `ARM`, `ARM 64`, `x86`, `x86-64` */ architectures?: pulumi.Input[]>; /** * A short description of the contents of the repository. This text appears in both the image details and also when searching for repositories on the Amazon ECR Public Gallery. */ description?: pulumi.Input; /** * The base64-encoded repository logo payload. (Only visible for verified accounts) Note that drift detection is disabled for this attribute. */ logoImageBlob?: pulumi.Input; /** * The operating systems that the images in the repository are compatible with. On the Amazon ECR Public Gallery, the following supported operating systems will appear as badges on the repository and are used as search filters: `Linux`, `Windows` */ operatingSystems?: pulumi.Input[]>; /** * Detailed information on how to use the contents of the repository. It is publicly visible in the Amazon ECR Public Gallery. The usage text provides context, support information, and additional usage details for users of the repository. The text must be in markdown format. */ usageText?: pulumi.Input; } } export namespace ecs { export interface CapacityProviderAutoScalingGroupProvider { /** * ARN of the associated auto scaling group. */ autoScalingGroupArn: pulumi.Input; /** * Enables or disables a graceful shutdown of instances without disturbing workloads. Valid values are `ENABLED` and `DISABLED`. The default value is `ENABLED` when a capacity provider is created. */ managedDraining?: pulumi.Input; /** * Configuration block defining the parameters of the auto scaling. Detailed below. */ managedScaling?: pulumi.Input; /** * Enables or disables container-aware termination of instances in the auto scaling group when scale-in happens. Valid values are `ENABLED` and `DISABLED`. */ managedTerminationProtection?: pulumi.Input; } export interface CapacityProviderAutoScalingGroupProviderManagedScaling { /** * Period of time, in seconds, after a newly launched Amazon EC2 instance can contribute to CloudWatch metrics for Auto Scaling group. If this parameter is omitted, the default value of 300 seconds is used. * * For more information on how the instance warmup period contributes to managed scale-out behavior, see [Control the instances Amazon ECS terminates](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/managed-termination-protection.html) in the _Amazon Elastic Container Service Developer Guide_. */ instanceWarmupPeriod?: pulumi.Input; /** * Maximum step adjustment size. A number between 1 and 10,000. */ maximumScalingStepSize?: pulumi.Input; /** * Minimum step adjustment size. A number between 1 and 10,000. */ minimumScalingStepSize?: pulumi.Input; /** * Whether auto scaling is managed by ECS. Valid values are `ENABLED` and `DISABLED`. */ status?: pulumi.Input; /** * Target utilization for the capacity provider. A number between 1 and 100. */ targetCapacity?: pulumi.Input; } export interface CapacityProviderManagedInstancesProvider { /** * Defines how Amazon ECS Managed Instances optimizes the infrastructure in your capacity provider. Configure it to turn on or off the infrastructure optimization in your capacity provider, and to control the idle EC2 instances optimization delay. */ infrastructureOptimization?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the infrastructure role that Amazon ECS uses to manage instances on your behalf. This role must have permissions to launch, terminate, and manage Amazon EC2 instances, as well as access to other AWS services required for Amazon ECS Managed Instances functionality. For more information, see [Amazon ECS infrastructure IAM role](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/infrastructure_IAM_role.html) in the Amazon ECS Developer Guide. */ infrastructureRoleArn: pulumi.Input; /** * The launch template configuration that specifies how Amazon ECS should launch Amazon EC2 instances. This includes the instance profile, network configuration, storage settings, and instance requirements for attribute-based instance type selection. For more information, see [Store instance launch parameters in Amazon EC2 launch templates](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-launch-templates.html) in the Amazon EC2 User Guide. Detailed below. */ instanceLaunchTemplate: pulumi.Input; /** * Specifies whether to propagate tags from the capacity provider to the Amazon ECS Managed Instances. When enabled, tags applied to the capacity provider are automatically applied to all instances launched by this provider. Valid values are `CAPACITY_PROVIDER` and `NONE`. */ propagateTags?: pulumi.Input; } export interface CapacityProviderManagedInstancesProviderInfrastructureOptimization { /** * This parameter defines the number of seconds Amazon ECS Managed Instances waits before optimizing EC2 instances that have become idle or underutilized. A longer delay increases the likelihood of placing new tasks on idle instances, reducing startup time. A shorter delay helps reduce infrastructure costs by optimizing idle instances more quickly. Valid values are: * * Not set (null) - Uses the default optimization behavior. * * `-1` - Disables automatic infrastructure optimization. */ scaleInAfter?: pulumi.Input; } export interface CapacityProviderManagedInstancesProviderInstanceLaunchTemplate { /** * The purchasing option for the EC2 instances used in the capacity provider. Determines whether to use On-Demand or Spot instances. Valid values are `ON_DEMAND` and `SPOT`. Defaults to `ON_DEMAND` when not specified. Changing this value will trigger replacement of the capacity provider. For more information, see [Amazon EC2 billing and purchasing options](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-purchasing-options.html) in the Amazon EC2 User Guide. */ capacityOptionType?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the instance profile that Amazon ECS applies to Amazon ECS Managed Instances. This instance profile must include the necessary permissions for your tasks to access AWS services and resources. For more information, see [Amazon ECS instance profile for Managed Instances](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/instance_IAM_role.html) in the Amazon ECS Developer Guide. */ ec2InstanceProfileArn: pulumi.Input; /** * The instance requirements. You can specify the instance types and instance requirements such as vCPU count, memory, network performance, and accelerator specifications. Amazon ECS automatically selects the instances that match the specified criteria. Detailed below. */ instanceRequirements?: pulumi.Input; /** * CloudWatch provides two categories of monitoring: basic monitoring and detailed monitoring. By default, your managed instance is configured for basic monitoring. You can optionally enable detailed monitoring to help you more quickly identify and act on operational issues. You can enable or turn off detailed monitoring at launch or when the managed instance is running or stopped. For more information, see [Detailed monitoring for Amazon ECS Managed Instances](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/cloudwatch-metrics.html) in the Amazon ECS Developer Guide. Valid values are `BASIC` and `DETAILED`. */ monitoring?: pulumi.Input; /** * The network configuration for Amazon ECS Managed Instances. This specifies the subnets and security groups that instances use for network connectivity. Detailed below. */ networkConfiguration: pulumi.Input; /** * The storage configuration for Amazon ECS Managed Instances. This defines the root volume size and type for the instances. Detailed below. */ storageConfiguration?: pulumi.Input; } export interface CapacityProviderManagedInstancesProviderInstanceLaunchTemplateInstanceRequirements { /** * The minimum and maximum number of accelerators for the instance types. This is used when you need instances with specific numbers of GPUs or other accelerators. */ acceleratorCount?: pulumi.Input; /** * The accelerator manufacturers to include. You can specify `nvidia`, `amd`, `amazon-web-services`, `xilinx`, or `habana` depending on your accelerator requirements. Valid values are `amazon-web-services`, `amd`, `nvidia`, `xilinx`, `habana`. */ acceleratorManufacturers?: pulumi.Input[]>; /** * The specific accelerator names to include. For example, you can specify `a100`, `v100`, `k80`, or other specific accelerator models. Valid values are `a100`, `inferentia`, `k520`, `k80`, `m60`, `radeon-pro-v520`, `t4`, `vu9p`, `v100`, `a10g`, `h100`, `t4g`. */ acceleratorNames?: pulumi.Input[]>; /** * The minimum and maximum total accelerator memory in mebibytes (MiB). This is important for GPU workloads that require specific amounts of video memory. */ acceleratorTotalMemoryMib?: pulumi.Input; /** * The accelerator types to include. You can specify `gpu` for graphics processing units, `fpga` for field programmable gate arrays, or `inference` for machine learning inference accelerators. Valid values are `gpu`, `fpga`, `inference`. */ acceleratorTypes?: pulumi.Input[]>; /** * The instance types to include in the selection. When specified, Amazon ECS only considers these instance types, subject to the other requirements specified. Maximum of 400 instance types. You can specify instance type patterns using wildcards (e.g., `m5.*`). */ allowedInstanceTypes?: pulumi.Input[]>; /** * Indicates whether to include bare metal instance types. Set to `included` to allow bare metal instances, `excluded` to exclude them, or `required` to use only bare metal instances. Valid values are `included`, `excluded`, `required`. */ bareMetal?: pulumi.Input; /** * The minimum and maximum baseline Amazon EBS bandwidth in megabits per second (Mbps). This is important for workloads with high storage I/O requirements. */ baselineEbsBandwidthMbps?: pulumi.Input; /** * Indicates whether to include burstable performance instance types (T2, T3, T3a, T4g). Set to `included` to allow burstable instances, `excluded` to exclude them, or `required` to use only burstable instances. Valid values are `included`, `excluded`, `required`. */ burstablePerformance?: pulumi.Input; /** * The CPU manufacturers to include or exclude. You can specify `intel`, `amd`, or `amazon-web-services` to control which CPU types are used for your workloads. Valid values are `intel`, `amd`, `amazon-web-services`. */ cpuManufacturers?: pulumi.Input[]>; /** * The instance types to exclude from selection. Use this to prevent Amazon ECS from selecting specific instance types that may not be suitable for your workloads. Maximum of 400 instance types. */ excludedInstanceTypes?: pulumi.Input[]>; /** * The instance generations to include. You can specify `current` to use the latest generation instances, or `previous` to include previous generation instances for cost optimization. Valid values are `current`, `previous`. */ instanceGenerations?: pulumi.Input[]>; /** * Indicates whether to include instance types with local storage. Set to `included` to allow local storage, `excluded` to exclude it, or `required` to use only instances with local storage. Valid values are `included`, `excluded`, `required`. */ localStorage?: pulumi.Input; /** * The local storage types to include. You can specify `hdd` for hard disk drives, `ssd` for solid state drives, or both. Valid values are `hdd`, `ssd`. */ localStorageTypes?: pulumi.Input[]>; /** * The maximum price for Spot instances as a percentage of the optimal On-Demand price. This provides more precise cost control for Spot instance selection. */ maxSpotPriceAsPercentageOfOptimalOnDemandPrice?: pulumi.Input; /** * The minimum and maximum amount of memory per vCPU in gibibytes (GiB). This helps ensure that instance types have the appropriate memory-to-CPU ratio for your workloads. */ memoryGibPerVcpu?: pulumi.Input; /** * The minimum and maximum amount of memory in mebibytes (MiB) for the instance types. Amazon ECS selects instance types that have memory within this range. */ memoryMib: pulumi.Input; /** * The minimum and maximum network bandwidth in gigabits per second (Gbps). This is crucial for network-intensive workloads that require high throughput. */ networkBandwidthGbps?: pulumi.Input; /** * The minimum and maximum number of network interfaces for the instance types. This is useful for workloads that require multiple network interfaces. */ networkInterfaceCount?: pulumi.Input; /** * The price protection threshold for On-Demand Instances, as a percentage higher than an identified On-Demand price. The identified On-Demand price is the price of the lowest priced current generation C, M, or R instance type with your specified attributes. When Amazon ECS selects instance types with your attributes, it will exclude instance types whose price exceeds your specified threshold. */ onDemandMaxPricePercentageOverLowestPrice?: pulumi.Input; /** * Indicates whether the instance types must support hibernation. When set to `true`, only instance types that support hibernation are selected. */ requireHibernateSupport?: pulumi.Input; /** * The maximum price for Spot instances as a percentage over the lowest priced On-Demand instance. This helps control Spot instance costs while maintaining access to capacity. */ spotMaxPricePercentageOverLowestPrice?: pulumi.Input; /** * The minimum and maximum total local storage in gigabytes (GB) for instance types with local storage. */ totalLocalStorageGb?: pulumi.Input; /** * The minimum and maximum number of vCPUs for the instance types. Amazon ECS selects instance types that have vCPU counts within this range. */ vcpuCount: pulumi.Input; } export interface CapacityProviderManagedInstancesProviderInstanceLaunchTemplateInstanceRequirementsAcceleratorCount { max?: pulumi.Input; min?: pulumi.Input; } export interface CapacityProviderManagedInstancesProviderInstanceLaunchTemplateInstanceRequirementsAcceleratorTotalMemoryMib { max?: pulumi.Input; min?: pulumi.Input; } export interface CapacityProviderManagedInstancesProviderInstanceLaunchTemplateInstanceRequirementsBaselineEbsBandwidthMbps { max?: pulumi.Input; min?: pulumi.Input; } export interface CapacityProviderManagedInstancesProviderInstanceLaunchTemplateInstanceRequirementsMemoryGibPerVcpu { max?: pulumi.Input; min?: pulumi.Input; } export interface CapacityProviderManagedInstancesProviderInstanceLaunchTemplateInstanceRequirementsMemoryMib { max?: pulumi.Input; min: pulumi.Input; } export interface CapacityProviderManagedInstancesProviderInstanceLaunchTemplateInstanceRequirementsNetworkBandwidthGbps { max?: pulumi.Input; min?: pulumi.Input; } export interface CapacityProviderManagedInstancesProviderInstanceLaunchTemplateInstanceRequirementsNetworkInterfaceCount { max?: pulumi.Input; min?: pulumi.Input; } export interface CapacityProviderManagedInstancesProviderInstanceLaunchTemplateInstanceRequirementsTotalLocalStorageGb { max?: pulumi.Input; min?: pulumi.Input; } export interface CapacityProviderManagedInstancesProviderInstanceLaunchTemplateInstanceRequirementsVcpuCount { max?: pulumi.Input; min: pulumi.Input; } export interface CapacityProviderManagedInstancesProviderInstanceLaunchTemplateNetworkConfiguration { /** * The list of security group IDs to apply to Amazon ECS Managed Instances. These security groups control the network traffic allowed to and from the instances. */ securityGroups?: pulumi.Input[]>; /** * The list of subnet IDs where Amazon ECS can launch Amazon ECS Managed Instances. Instances are distributed across the specified subnets for high availability. All subnets must be in the same VPC. */ subnets: pulumi.Input[]>; } export interface CapacityProviderManagedInstancesProviderInstanceLaunchTemplateStorageConfiguration { /** * The size of the tasks volume in GiB. Must be at least 1. */ storageSizeGib: pulumi.Input; } export interface ClusterCapacityProvidersDefaultCapacityProviderStrategy { /** * The number of tasks, at a minimum, to run on the specified capacity provider. Only one capacity provider in a capacity provider strategy can have a base defined. Defaults to `0`. */ base?: pulumi.Input; /** * Name of the capacity provider. */ capacityProvider: pulumi.Input; /** * The relative percentage of the total number of launched tasks that should use the specified capacity provider. The `weight` value is taken into consideration after the `base` count of tasks has been satisfied. Defaults to `0`. */ weight?: pulumi.Input; } export interface ClusterConfiguration { /** * Details of the execute command configuration. See `executeCommandConfiguration` Block for details. */ executeCommandConfiguration?: pulumi.Input; /** * Details of the managed storage configuration. See `managedStorageConfiguration` Block for details. */ managedStorageConfiguration?: pulumi.Input; } export interface ClusterConfigurationExecuteCommandConfiguration { /** * AWS Key Management Service key ID to encrypt the data between the local client and the container. */ kmsKeyId?: pulumi.Input; /** * Log configuration for the results of the execute command actions. Required when `logging` is `OVERRIDE`. See `logConfiguration` Block for details. */ logConfiguration?: pulumi.Input; /** * Log setting to use for redirecting logs for your execute command results. Valid values: `NONE`, `DEFAULT`, `OVERRIDE`. */ logging?: pulumi.Input; } export interface ClusterConfigurationExecuteCommandConfigurationLogConfiguration { /** * Whether to enable encryption on the CloudWatch logs. If not specified, encryption will be disabled. */ cloudWatchEncryptionEnabled?: pulumi.Input; /** * The name of the CloudWatch log group to send logs to. */ cloudWatchLogGroupName?: pulumi.Input; /** * Whether to enable encryption on the logs sent to S3. If not specified, encryption will be disabled. */ s3BucketEncryptionEnabled?: pulumi.Input; /** * Name of the S3 bucket to send logs to. */ s3BucketName?: pulumi.Input; /** * Optional folder in the S3 bucket to place logs in. */ s3KeyPrefix?: pulumi.Input; } export interface ClusterConfigurationManagedStorageConfiguration { /** * AWS Key Management Service key ARN for the Fargate ephemeral storage. */ fargateEphemeralStorageKmsKeyId?: pulumi.Input; /** * AWS Key Management Service key ARN to encrypt the managed storage. */ kmsKeyId?: pulumi.Input; } export interface ClusterServiceConnectDefaults { /** * ARN of the `aws.servicediscovery.HttpNamespace` that's used when you create a service and don't specify a Service Connect configuration. */ namespace: pulumi.Input; } export interface ClusterSetting { /** * Name of the setting to manage. Valid values: `containerInsights`. */ name: pulumi.Input; /** * Value to assign to the setting. Valid values: `enhanced`, `enabled`, `disabled`. */ value: pulumi.Input; } export interface ExpressGatewayServiceIngressPath { accessType: pulumi.Input; endpoint: pulumi.Input; } export interface ExpressGatewayServiceNetworkConfiguration { /** * Security groups associated with the task. If not specified, the default security group for the VPC is used. */ securityGroups: pulumi.Input[]>; /** * Subnets associated with the task. At least 2 subnets must be specified when using network configuration. If not specified, default subnets will be used. */ subnets: pulumi.Input[]>; } export interface ExpressGatewayServicePrimaryContainer { awsLogsConfigurations?: pulumi.Input[]>; /** * Command to run in the container. Overrides the default command from the Docker image. */ commands?: pulumi.Input[]>; /** * Port on which the container listens for connections. */ containerPort?: pulumi.Input; environments?: pulumi.Input[]>; /** * Docker image to use for the container. */ image: pulumi.Input; repositoryCredentials?: pulumi.Input; secrets?: pulumi.Input[]>; } export interface ExpressGatewayServicePrimaryContainerAwsLogsConfiguration { /** * CloudWatch log group name. */ logGroup: pulumi.Input; /** * Prefix for log stream names. If not specified, a default prefix will be used. */ logStreamPrefix: pulumi.Input; } export interface ExpressGatewayServicePrimaryContainerEnvironment { /** * Name of the environment variable. */ name: pulumi.Input; /** * Value of the environment variable. */ value: pulumi.Input; } export interface ExpressGatewayServicePrimaryContainerRepositoryCredentials { /** * ARN of the AWS Systems Manager parameter containing the repository credentials. */ credentialsParameter: pulumi.Input; } export interface ExpressGatewayServicePrimaryContainerSecret { name: pulumi.Input; /** * ARN of the AWS Secrets Manager secret or AWS Systems Manager parameter containing the secret value. */ valueFrom: pulumi.Input; } export interface ExpressGatewayServiceScalingTarget { /** * Metric to use for auto-scaling. Valid values are `CPU` and `MEMORY`. */ autoScalingMetric: pulumi.Input; /** * Target value for the auto-scaling metric (as a percentage). Defaults to `60`. */ autoScalingTargetValue: pulumi.Input; /** * Maximum number of tasks to run. */ maxTaskCount: pulumi.Input; /** * Minimum number of tasks to run. */ minTaskCount: pulumi.Input; } export interface ExpressGatewayServiceTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface GetTaskExecutionCapacityProviderStrategy { /** * The number of tasks, at a minimum, to run on the specified capacity provider. Only one capacity provider in a capacity provider strategy can have a base defined. Defaults to `0`. */ base?: number; /** * Name of the capacity provider. */ capacityProvider: string; /** * The relative percentage of the total number of launched tasks that should use the specified capacity provider. The `weight` value is taken into consideration after the `base` count of tasks has been satisfied. Defaults to `0`. */ weight?: number; } export interface GetTaskExecutionCapacityProviderStrategyArgs { /** * The number of tasks, at a minimum, to run on the specified capacity provider. Only one capacity provider in a capacity provider strategy can have a base defined. Defaults to `0`. */ base?: pulumi.Input; /** * Name of the capacity provider. */ capacityProvider: pulumi.Input; /** * The relative percentage of the total number of launched tasks that should use the specified capacity provider. The `weight` value is taken into consideration after the `base` count of tasks has been satisfied. Defaults to `0`. */ weight?: pulumi.Input; } export interface GetTaskExecutionNetworkConfiguration { /** * Assign a public IP address to the ENI (Fargate launch type only). Valid values are `true` or `false`. Default `false`. * * For more information, see the [Task Networking](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html) documentation. */ assignPublicIp?: boolean; /** * Security groups associated with the task or service. If you do not specify a security group, the default security group for the VPC is used. */ securityGroups?: string[]; /** * Subnets associated with the task or service. */ subnets: string[]; } export interface GetTaskExecutionNetworkConfigurationArgs { /** * Assign a public IP address to the ENI (Fargate launch type only). Valid values are `true` or `false`. Default `false`. * * For more information, see the [Task Networking](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html) documentation. */ assignPublicIp?: pulumi.Input; /** * Security groups associated with the task or service. If you do not specify a security group, the default security group for the VPC is used. */ securityGroups?: pulumi.Input[]>; /** * Subnets associated with the task or service. */ subnets: pulumi.Input[]>; } export interface GetTaskExecutionOverrides { /** * One or more container overrides that are sent to a task. See below. */ containerOverrides?: inputs.ecs.GetTaskExecutionOverridesContainerOverride[]; /** * The CPU override for the task. */ cpu?: string; /** * Amazon Resource Name (ARN) of the task execution role override for the task. */ executionRoleArn?: string; /** * The memory override for the task. */ memory?: string; /** * Amazon Resource Name (ARN) of the role that containers in this task can assume. */ taskRoleArn?: string; } export interface GetTaskExecutionOverridesArgs { /** * One or more container overrides that are sent to a task. See below. */ containerOverrides?: pulumi.Input[]>; /** * The CPU override for the task. */ cpu?: pulumi.Input; /** * Amazon Resource Name (ARN) of the task execution role override for the task. */ executionRoleArn?: pulumi.Input; /** * The memory override for the task. */ memory?: pulumi.Input; /** * Amazon Resource Name (ARN) of the role that containers in this task can assume. */ taskRoleArn?: pulumi.Input; } export interface GetTaskExecutionOverridesContainerOverride { /** * The command to send to the container that overrides the default command from the Docker image or the task definition. */ commands?: string[]; /** * The number of cpu units reserved for the container, instead of the default value from the task definition. */ cpu?: number; /** * The environment variables to send to the container. You can add new environment variables, which are added to the container at launch, or you can override the existing environment variables from the Docker image or the task definition. See below. */ environments?: inputs.ecs.GetTaskExecutionOverridesContainerOverrideEnvironment[]; /** * The hard limit (in MiB) of memory to present to the container, instead of the default value from the task definition. If your container attempts to exceed the memory specified here, the container is killed. */ memory?: number; /** * The soft limit (in MiB) of memory to reserve for the container, instead of the default value from the task definition. */ memoryReservation?: number; /** * The name of the container that receives the override. This parameter is required if any override is specified. */ name: string; /** * The type and amount of a resource to assign to a container, instead of the default value from the task definition. The only supported resource is a GPU. See below. */ resourceRequirements?: inputs.ecs.GetTaskExecutionOverridesContainerOverrideResourceRequirement[]; } export interface GetTaskExecutionOverridesContainerOverrideArgs { /** * The command to send to the container that overrides the default command from the Docker image or the task definition. */ commands?: pulumi.Input[]>; /** * The number of cpu units reserved for the container, instead of the default value from the task definition. */ cpu?: pulumi.Input; /** * The environment variables to send to the container. You can add new environment variables, which are added to the container at launch, or you can override the existing environment variables from the Docker image or the task definition. See below. */ environments?: pulumi.Input[]>; /** * The hard limit (in MiB) of memory to present to the container, instead of the default value from the task definition. If your container attempts to exceed the memory specified here, the container is killed. */ memory?: pulumi.Input; /** * The soft limit (in MiB) of memory to reserve for the container, instead of the default value from the task definition. */ memoryReservation?: pulumi.Input; /** * The name of the container that receives the override. This parameter is required if any override is specified. */ name: pulumi.Input; /** * The type and amount of a resource to assign to a container, instead of the default value from the task definition. The only supported resource is a GPU. See below. */ resourceRequirements?: pulumi.Input[]>; } export interface GetTaskExecutionOverridesContainerOverrideEnvironment { /** * The name of the key-value pair. For environment variables, this is the name of the environment variable. */ key: string; /** * The value of the key-value pair. For environment variables, this is the value of the environment variable. */ value: string; } export interface GetTaskExecutionOverridesContainerOverrideEnvironmentArgs { /** * The name of the key-value pair. For environment variables, this is the name of the environment variable. */ key: pulumi.Input; /** * The value of the key-value pair. For environment variables, this is the value of the environment variable. */ value: pulumi.Input; } export interface GetTaskExecutionOverridesContainerOverrideResourceRequirement { /** * The type of resource to assign to a container. Valid values are `GPU`. */ type: string; /** * The value for the specified resource type. If the `GPU` type is used, the value is the number of physical GPUs the Amazon ECS container agent reserves for the container. The number of GPUs that's reserved for all containers in a task can't exceed the number of available GPUs on the container instance that the task is launched on. */ value: string; } export interface GetTaskExecutionOverridesContainerOverrideResourceRequirementArgs { /** * The type of resource to assign to a container. Valid values are `GPU`. */ type: pulumi.Input; /** * The value for the specified resource type. If the `GPU` type is used, the value is the number of physical GPUs the Amazon ECS container agent reserves for the container. The number of GPUs that's reserved for all containers in a task can't exceed the number of available GPUs on the container instance that the task is launched on. */ value: pulumi.Input; } export interface GetTaskExecutionPlacementConstraint { /** * A cluster query language expression to apply to the constraint. The expression can have a maximum length of 2000 characters. You can't specify an expression if the constraint type is `distinctInstance`. */ expression?: string; /** * The type of constraint. Valid values are `distinctInstance` or `memberOf`. Use `distinctInstance` to ensure that each task in a particular group is running on a different container instance. Use `memberOf` to restrict the selection to a group of valid candidates. */ type: string; } export interface GetTaskExecutionPlacementConstraintArgs { /** * A cluster query language expression to apply to the constraint. The expression can have a maximum length of 2000 characters. You can't specify an expression if the constraint type is `distinctInstance`. */ expression?: pulumi.Input; /** * The type of constraint. Valid values are `distinctInstance` or `memberOf`. Use `distinctInstance` to ensure that each task in a particular group is running on a different container instance. Use `memberOf` to restrict the selection to a group of valid candidates. */ type: pulumi.Input; } export interface GetTaskExecutionPlacementStrategy { /** * The field to apply the placement strategy against. */ field?: string; /** * The type of placement strategy. Valid values are `random`, `spread`, and `binpack`. * * For more information, see the [Placement Strategy](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_PlacementStrategy.html) documentation. */ type: string; } export interface GetTaskExecutionPlacementStrategyArgs { /** * The field to apply the placement strategy against. */ field?: pulumi.Input; /** * The type of placement strategy. Valid values are `random`, `spread`, and `binpack`. * * For more information, see the [Placement Strategy](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_PlacementStrategy.html) documentation. */ type: pulumi.Input; } export interface ServiceAlarms { /** * One or more CloudWatch alarm names. */ alarmNames: pulumi.Input[]>; /** * Whether to use the CloudWatch alarm option in the service deployment process. */ enable: pulumi.Input; /** * Whether to configure Amazon ECS to roll back the service if a service deployment fails. If rollback is used, when a service deployment fails, the service is rolled back to the last deployment that completed successfully. */ rollback: pulumi.Input; } export interface ServiceCapacityProviderStrategy { /** * Number of tasks, at a minimum, to run on the specified capacity provider. Only one capacity provider in a capacity provider strategy can have a base defined. */ base?: pulumi.Input; /** * Short name of the capacity provider. */ capacityProvider: pulumi.Input; /** * Relative percentage of the total number of launched tasks that should use the specified capacity provider. */ weight?: pulumi.Input; } export interface ServiceDeploymentCircuitBreaker { /** * Whether to enable the deployment circuit breaker logic for the service. */ enable: pulumi.Input; /** * Whether to enable Amazon ECS to roll back the service if a service deployment fails. If rollback is enabled, when a service deployment fails, the service is rolled back to the last deployment that completed successfully. */ rollback: pulumi.Input; } export interface ServiceDeploymentConfiguration { /** * Number of minutes to wait after a new deployment is fully provisioned before terminating the old deployment. Valid range: 0-1440 minutes. Used with `BLUE_GREEN`, `LINEAR`, and `CANARY` strategies. */ bakeTimeInMinutes?: pulumi.Input; /** * Configuration block for canary deployment strategy. Required when `strategy` is set to `CANARY`. See below. */ canaryConfiguration?: pulumi.Input; /** * Configuration block for lifecycle hooks that are invoked during deployments. See below. */ lifecycleHooks?: pulumi.Input[]>; /** * Configuration block for linear deployment strategy. Required when `strategy` is set to `LINEAR`. See below. */ linearConfiguration?: pulumi.Input; /** * Type of deployment strategy. Valid values: `ROLLING`, `BLUE_GREEN`, `LINEAR`, `CANARY`. Default: `ROLLING`. */ strategy?: pulumi.Input; } export interface ServiceDeploymentConfigurationCanaryConfiguration { /** * Number of minutes to wait before shifting all traffic to the new deployment. Valid range: 0-1440 minutes. */ canaryBakeTimeInMinutes?: pulumi.Input; /** * Percentage of traffic to route to the canary deployment. Valid range: 0.1-100.0. */ canaryPercent?: pulumi.Input; } export interface ServiceDeploymentConfigurationLifecycleHook { /** * Custom parameters that Amazon ECS will pass to the hook target invocations (such as a Lambda function). */ hookDetails?: pulumi.Input; /** * ARN of the Lambda function to invoke for the lifecycle hook. */ hookTargetArn: pulumi.Input; /** * Stages during the deployment when the hook should be invoked. Valid values: `RECONCILE_SERVICE`, `PRE_SCALE_UP`, `POST_SCALE_UP`, `TEST_TRAFFIC_SHIFT`, `POST_TEST_TRAFFIC_SHIFT`, `PRODUCTION_TRAFFIC_SHIFT`, `POST_PRODUCTION_TRAFFIC_SHIFT`. */ lifecycleStages: pulumi.Input[]>; /** * ARN of the IAM role that grants the service permission to invoke the Lambda function. */ roleArn: pulumi.Input; } export interface ServiceDeploymentConfigurationLinearConfiguration { /** * Number of minutes to wait between each step during a linear deployment. Valid range: 0-1440 minutes. */ stepBakeTimeInMinutes?: pulumi.Input; /** * Percentage of traffic to shift in each step during a linear deployment. Valid range: 3.0-100.0. */ stepPercent?: pulumi.Input; } export interface ServiceDeploymentController { /** * Type of deployment controller. Valid values: `CODE_DEPLOY`, `ECS`, `EXTERNAL`. Default: `ECS`. */ type?: pulumi.Input; } export interface ServiceLoadBalancer { /** * Configuration block for Blue/Green deployment settings. Required when using `BLUE_GREEN` deployment strategy. See below. */ advancedConfiguration?: pulumi.Input; /** * Name of the container to associate with the load balancer (as it appears in a container definition). */ containerName: pulumi.Input; /** * Port on the container to associate with the load balancer. */ containerPort: pulumi.Input; /** * Name of the ELB (Classic) to associate with the service. */ elbName?: pulumi.Input; /** * ARN of the Load Balancer target group to associate with the service. * * > **Version note:** Multiple `loadBalancer` configuration block support was added in version 2.22.0 of the provider. This allows configuration of [ECS service support for multiple target groups](https://aws.amazon.com/about-aws/whats-new/2019/07/amazon-ecs-services-now-support-multiple-load-balancer-target-groups/). */ targetGroupArn?: pulumi.Input; } export interface ServiceLoadBalancerAdvancedConfiguration { /** * ARN of the alternate target group to use for Blue/Green deployments. */ alternateTargetGroupArn: pulumi.Input; /** * ARN of the listener rule that routes production traffic. */ productionListenerRule: pulumi.Input; /** * ARN of the IAM role that allows ECS to manage the target groups. */ roleArn: pulumi.Input; /** * ARN of the listener rule that routes test traffic. */ testListenerRule?: pulumi.Input; } export interface ServiceNetworkConfiguration { /** * Assign a public IP address to the ENI (Fargate launch type only). Valid values are `true` or `false`. Default `false`. */ assignPublicIp?: pulumi.Input; /** * Security groups associated with the task or service. If you do not specify a security group, the default security group for the VPC is used. */ securityGroups?: pulumi.Input[]>; /** * Subnets associated with the task or service. * * For more information, see [Task Networking](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html) */ subnets: pulumi.Input[]>; } export interface ServiceOrderedPlacementStrategy { /** * For the `spread` placement strategy, valid values are `instanceId` (or `host`, which has the same effect), or any platform or custom attribute that is applied to a container instance. For the `binpack` type, valid values are `memory` and `cpu`. For the `random` type, this attribute is not needed. For more information, see [Placement Strategy](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_PlacementStrategy.html). */ field?: pulumi.Input; /** * Type of placement strategy. Must be one of: `binpack`, `random`, or `spread` * * > **Note:** for `spread`, `host` and `instanceId` will be normalized, by AWS, to be `instanceId`. This means the statefile will show `instanceId` but your config will differ if you use `host`. */ type: pulumi.Input; } export interface ServicePlacementConstraint { /** * Cluster Query Language expression to apply to the constraint. Does not need to be specified for the `distinctInstance` type. For more information, see [Cluster Query Language in the Amazon EC2 Container Service Developer Guide](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/cluster-query-language.html). */ expression?: pulumi.Input; /** * Type of constraint. The only valid values at this time are `memberOf` and `distinctInstance`. */ type: pulumi.Input; } export interface ServiceServiceConnectConfiguration { /** * Whether to use Service Connect with this service. */ enabled: pulumi.Input; /** * Log configuration for the container. See below. */ logConfiguration?: pulumi.Input; /** * Namespace name or ARN of the `aws.servicediscovery.HttpNamespace` for use with Service Connect. */ namespace?: pulumi.Input; /** * List of Service Connect service objects. See below. */ services?: pulumi.Input[]>; } export interface ServiceServiceConnectConfigurationLogConfiguration { /** * Log driver to use for the container. */ logDriver: pulumi.Input; /** * Configuration options to send to the log driver. */ options?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Secrets to pass to the log configuration. See below. */ secretOptions?: pulumi.Input[]>; } export interface ServiceServiceConnectConfigurationLogConfigurationSecretOption { /** * Name of the secret. */ name: pulumi.Input; /** * Secret to expose to the container. The supported values are either the full ARN of the AWS Secrets Manager secret or the full ARN of the parameter in the SSM Parameter Store. */ valueFrom: pulumi.Input; } export interface ServiceServiceConnectConfigurationService { /** * List of client aliases for this Service Connect service. You use these to assign names that can be used by client applications. For each service block where enabled is true, exactly one `clientAlias` with one `port` should be specified. See below. */ clientAlias?: pulumi.Input[]>; /** * Name of the new AWS Cloud Map service that Amazon ECS creates for this Amazon ECS service. */ discoveryName?: pulumi.Input; /** * Port number for the Service Connect proxy to listen on. */ ingressPortOverride?: pulumi.Input; /** * Name of one of the `portMappings` from all the containers in the task definition of this Amazon ECS service. */ portName: pulumi.Input; /** * Configuration timeouts for Service Connect */ timeout?: pulumi.Input; /** * Configuration for enabling Transport Layer Security (TLS) */ tls?: pulumi.Input; } export interface ServiceServiceConnectConfigurationServiceClientAlias { /** * Name that you use in the applications of client tasks to connect to this service. */ dnsName?: pulumi.Input; /** * Listening port number for the Service Connect proxy. This port is available inside of all of the tasks within the same namespace. */ port: pulumi.Input; /** * Configuration block for test traffic routing rules. See below. */ testTrafficRules?: pulumi.Input[]>; } export interface ServiceServiceConnectConfigurationServiceClientAliasTestTrafficRule { /** * Configuration block for header-based routing rules. See below. */ header?: pulumi.Input; } export interface ServiceServiceConnectConfigurationServiceClientAliasTestTrafficRuleHeader { /** * Name of the HTTP header to match. */ name: pulumi.Input; /** * Configuration block for header value matching criteria. See below. */ value: pulumi.Input; } export interface ServiceServiceConnectConfigurationServiceClientAliasTestTrafficRuleHeaderValue { /** * Exact string value to match in the header. */ exact: pulumi.Input; } export interface ServiceServiceConnectConfigurationServiceTimeout { /** * Amount of time in seconds a connection will stay active while idle. A value of 0 can be set to disable idleTimeout. */ idleTimeoutSeconds?: pulumi.Input; /** * Amount of time in seconds for the upstream to respond with a complete response per request. A value of 0 can be set to disable perRequestTimeout. Can only be set when appProtocol isn't TCP. */ perRequestTimeoutSeconds?: pulumi.Input; } export interface ServiceServiceConnectConfigurationServiceTls { /** * Details of the certificate authority which will issue the certificate. */ issuerCertAuthority: pulumi.Input; /** * KMS key used to encrypt the private key in Secrets Manager. */ kmsKey?: pulumi.Input; /** * ARN of the IAM Role that's associated with the Service Connect TLS. */ roleArn?: pulumi.Input; } export interface ServiceServiceConnectConfigurationServiceTlsIssuerCertAuthority { /** * ARN of the `aws.acmpca.CertificateAuthority` used to create the TLS Certificates. */ awsPcaAuthorityArn: pulumi.Input; } export interface ServiceServiceRegistries { /** * Container name value, already specified in the task definition, to be used for your service discovery service. */ containerName?: pulumi.Input; /** * Port value, already specified in the task definition, to be used for your service discovery service. */ containerPort?: pulumi.Input; /** * Port value used if your Service Discovery service specified an SRV record. */ port?: pulumi.Input; /** * ARN of the Service Registry. The currently supported service registry is Amazon Route 53 Auto Naming Service(`aws.servicediscovery.Service`). For more information, see [Service](https://docs.aws.amazon.com/Route53/latest/APIReference/API_autonaming_Service.html) */ registryArn: pulumi.Input; } export interface ServiceVolumeConfiguration { /** * Configuration for the Amazon EBS volume that Amazon ECS creates and manages on your behalf. See below. */ managedEbsVolume: pulumi.Input; /** * Name of the volume. */ name: pulumi.Input; } export interface ServiceVolumeConfigurationManagedEbsVolume { /** * Whether the volume should be encrypted. Default value is `true`. */ encrypted?: pulumi.Input; /** * Linux filesystem type for the volume. For volumes created from a snapshot, same filesystem type must be specified that the volume was using when the snapshot was created. Valid values are `ext3`, `ext4`, `xfs`. Default value is `xfs`. */ fileSystemType?: pulumi.Input; /** * Number of I/O operations per second (IOPS). */ iops?: pulumi.Input; /** * Amazon Resource Name (ARN) identifier of the Amazon Web Services Key Management Service key to use for Amazon EBS encryption. */ kmsKeyId?: pulumi.Input; /** * Amazon ECS infrastructure IAM role that is used to manage your Amazon Web Services infrastructure. Recommended using the Amazon ECS-managed `AmazonECSInfrastructureRolePolicyForVolumes` IAM policy with this role. */ roleArn: pulumi.Input; /** * Size of the volume in GiB. You must specify either a `sizeInGb` or a `snapshotId`. You can optionally specify a volume size greater than or equal to the snapshot size. */ sizeInGb?: pulumi.Input; /** * Snapshot that Amazon ECS uses to create the volume. You must specify either a `sizeInGb` or a `snapshotId`. */ snapshotId?: pulumi.Input; /** * The tags to apply to the volume. See below. */ tagSpecifications?: pulumi.Input[]>; /** * Throughput to provision for a volume, in MiB/s, with a maximum of 1,000 MiB/s. */ throughput?: pulumi.Input; /** * Volume Initialization Rate in MiB/s. You must also specify a `snapshotId`. */ volumeInitializationRate?: pulumi.Input; /** * Volume type. */ volumeType?: pulumi.Input; } export interface ServiceVolumeConfigurationManagedEbsVolumeTagSpecification { /** * Determines whether to propagate the tags from the task definition to the Amazon EBS volume. */ propagateTags?: pulumi.Input; /** * The type of volume resource. Valid values, `volume`. */ resourceType: pulumi.Input; /** * The tags applied to this Amazon EBS volume. `AmazonECSCreated` and `AmazonECSManaged` are reserved tags that can't be used. */ tags?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface ServiceVpcLatticeConfiguration { /** * The name of the port for a target group associated with the VPC Lattice configuration. */ portName: pulumi.Input; /** * The ARN of the IAM role to associate with this volume. This is the Amazon ECS infrastructure IAM role that is used to manage your AWS infrastructure. */ roleArn: pulumi.Input; /** * The full ARN of the target group or groups associated with the VPC Lattice configuration. */ targetGroupArn: pulumi.Input; } export interface TaskDefinitionEphemeralStorage { /** * The total amount, in GiB, of ephemeral storage to set for the task. The minimum supported value is `21` GiB and the maximum supported value is `200` GiB. */ sizeInGib: pulumi.Input; } export interface TaskDefinitionPlacementConstraint { /** * Cluster Query Language expression to apply to the constraint. For more information, see [Cluster Query Language in the Amazon EC2 Container Service Developer Guide](http://docs.aws.amazon.com/AmazonECS/latest/developerguide/cluster-query-language.html). */ expression?: pulumi.Input; /** * Type of constraint. Use `memberOf` to restrict selection to a group of valid candidates. Note that `distinctInstance` is not supported in task definitions. */ type: pulumi.Input; } export interface TaskDefinitionProxyConfiguration { /** * Name of the container that will serve as the App Mesh proxy. */ containerName: pulumi.Input; /** * Set of network configuration parameters to provide the Container Network Interface (CNI) plugin, specified a key-value mapping. */ properties?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Proxy type. The default value is `APPMESH`. The only supported value is `APPMESH`. */ type?: pulumi.Input; } export interface TaskDefinitionRuntimePlatform { /** * Must be set to either `X86_64` or `ARM64`; see [cpu architecture](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#runtime-platform) */ cpuArchitecture?: pulumi.Input; /** * If the `requiresCompatibilities` is `FARGATE` this field is required; must be set to a valid option from the [operating system family in the runtime platform](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#runtime-platform) setting */ operatingSystemFamily?: pulumi.Input; } export interface TaskDefinitionVolume { /** * Whether the volume should be configured at launch time. This is used to create Amazon EBS volumes for standalone tasks or tasks created as part of a service. Each task definition revision may only have one volume configured at launch in the volume configuration. */ configureAtLaunch?: pulumi.Input; /** * Configuration block to configure a docker volume. Detailed below. */ dockerVolumeConfiguration?: pulumi.Input; /** * Configuration block for an EFS volume. Detailed below. */ efsVolumeConfiguration?: pulumi.Input; /** * Configuration block for an FSX Windows File Server volume. Detailed below. */ fsxWindowsFileServerVolumeConfiguration?: pulumi.Input; /** * Path on the host container instance that is presented to the container. If not set, ECS will create a nonpersistent data volume that starts empty and is deleted after the task has finished. */ hostPath?: pulumi.Input; /** * Name of the volume. This name is referenced in the `sourceVolume` * parameter of container definition in the `mountPoints` section. */ name: pulumi.Input; } export interface TaskDefinitionVolumeDockerVolumeConfiguration { /** * If this value is `true`, the Docker volume is created if it does not already exist. *Note*: This field is only used if the scope is `shared`. */ autoprovision?: pulumi.Input; /** * Docker volume driver to use. The driver value must match the driver name provided by Docker because it is used for task placement. */ driver?: pulumi.Input; /** * Map of Docker driver specific options. */ driverOpts?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Map of custom metadata to add to your Docker volume. */ labels?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Scope for the Docker volume, which determines its lifecycle, either `task` or `shared`. Docker volumes that are scoped to a `task` are automatically provisioned when the task starts and destroyed when the task stops. Docker volumes that are scoped as `shared` persist after the task stops. */ scope?: pulumi.Input; } export interface TaskDefinitionVolumeEfsVolumeConfiguration { /** * Configuration block for authorization for the Amazon EFS file system. Detailed below. */ authorizationConfig?: pulumi.Input; /** * ID of the EFS File System. */ fileSystemId: pulumi.Input; /** * Directory within the Amazon EFS file system to mount as the root directory inside the host. If this parameter is omitted, the root of the Amazon EFS volume will be used. Specifying / will have the same effect as omitting this parameter. This argument is ignored when using `authorizationConfig`. */ rootDirectory?: pulumi.Input; /** * Whether or not to enable encryption for Amazon EFS data in transit between the Amazon ECS host and the Amazon EFS server. Transit encryption must be enabled if Amazon EFS IAM authorization is used. Valid values: `ENABLED`, `DISABLED`. If this parameter is omitted, the default value of `DISABLED` is used. */ transitEncryption?: pulumi.Input; /** * Port to use for transit encryption. If you do not specify a transit encryption port, it will use the port selection strategy that the Amazon EFS mount helper uses. */ transitEncryptionPort?: pulumi.Input; } export interface TaskDefinitionVolumeEfsVolumeConfigurationAuthorizationConfig { /** * Access point ID to use. If an access point is specified, the root directory value will be relative to the directory set for the access point. If specified, transit encryption must be enabled in the EFSVolumeConfiguration. */ accessPointId?: pulumi.Input; /** * Whether or not to use the Amazon ECS task IAM role defined in a task definition when mounting the Amazon EFS file system. If enabled, transit encryption must be enabled in the EFSVolumeConfiguration. Valid values: `ENABLED`, `DISABLED`. If this parameter is omitted, the default value of `DISABLED` is used. */ iam?: pulumi.Input; } export interface TaskDefinitionVolumeFsxWindowsFileServerVolumeConfiguration { /** * Configuration block for authorization for the Amazon FSx for Windows File Server file system detailed below. */ authorizationConfig: pulumi.Input; /** * The Amazon FSx for Windows File Server file system ID to use. */ fileSystemId: pulumi.Input; /** * The directory within the Amazon FSx for Windows File Server file system to mount as the root directory inside the host. */ rootDirectory: pulumi.Input; } export interface TaskDefinitionVolumeFsxWindowsFileServerVolumeConfigurationAuthorizationConfig { /** * The authorization credential option to use. The authorization credential options can be provided using either the Amazon Resource Name (ARN) of an AWS Secrets Manager secret or AWS Systems Manager Parameter Store parameter. The ARNs refer to the stored credentials. */ credentialsParameter: pulumi.Input; /** * A fully qualified domain name hosted by an AWS Directory Service Managed Microsoft AD (Active Directory) or self-hosted AD on Amazon EC2. */ domain: pulumi.Input; } export interface TaskSetCapacityProviderStrategy { /** * The number of tasks, at a minimum, to run on the specified capacity provider. Only one capacity provider in a capacity provider strategy can have a base defined. */ base?: pulumi.Input; /** * The short name or full Amazon Resource Name (ARN) of the capacity provider. */ capacityProvider: pulumi.Input; /** * The relative percentage of the total number of launched tasks that should use the specified capacity provider. */ weight: pulumi.Input; } export interface TaskSetLoadBalancer { /** * The name of the container to associate with the load balancer (as it appears in a container definition). */ containerName: pulumi.Input; /** * The port on the container to associate with the load balancer. Defaults to `0` if not specified. * * > **Note:** Specifying multiple `loadBalancer` configurations is still not supported by AWS for ECS task set. */ containerPort?: pulumi.Input; /** * The name of the ELB (Classic) to associate with the service. */ loadBalancerName?: pulumi.Input; /** * The ARN of the Load Balancer target group to associate with the service. */ targetGroupArn?: pulumi.Input; } export interface TaskSetNetworkConfiguration { /** * Whether to assign a public IP address to the ENI (`FARGATE` launch type only). Valid values are `true` or `false`. Default `false`. * * For more information, see [Task Networking](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html). */ assignPublicIp?: pulumi.Input; /** * The security groups associated with the task or service. If you do not specify a security group, the default security group for the VPC is used. Maximum of 5. */ securityGroups?: pulumi.Input[]>; /** * The subnets associated with the task or service. Maximum of 16. */ subnets: pulumi.Input[]>; } export interface TaskSetScale { /** * The unit of measure for the scale value. Default: `PERCENT`. */ unit?: pulumi.Input; /** * The value, specified as a percent total of a service's `desiredCount`, to scale the task set. Defaults to `0` if not specified. Accepted values are numbers between 0.0 and 100.0. */ value?: pulumi.Input; } export interface TaskSetServiceRegistries { /** * The container name value, already specified in the task definition, to be used for your service discovery service. */ containerName?: pulumi.Input; /** * The port value, already specified in the task definition, to be used for your service discovery service. */ containerPort?: pulumi.Input; /** * The port value used if your Service Discovery service specified an SRV record. */ port?: pulumi.Input; /** * The ARN of the Service Registry. The currently supported service registry is Amazon Route 53 Auto Naming Service(`aws.servicediscovery.Service` resource). For more information, see [Service](https://docs.aws.amazon.com/Route53/latest/APIReference/API_autonaming_Service.html). */ registryArn: pulumi.Input; } } export namespace efs { export interface AccessPointPosixUser { /** * POSIX group ID used for all file system operations using this access point. */ gid: pulumi.Input; /** * Secondary POSIX group IDs used for all file system operations using this access point. */ secondaryGids?: pulumi.Input[]>; /** * POSIX user ID used for all file system operations using this access point. */ uid: pulumi.Input; } export interface AccessPointRootDirectory { /** * POSIX IDs and permissions to apply to the access point's Root Directory. See Creation Info below. */ creationInfo?: pulumi.Input; /** * Path on the EFS file system to expose as the root directory to NFS clients using the access point to access the EFS file system. A path can have up to four subdirectories. If the specified path does not exist, you are required to provide `creationInfo`. */ path?: pulumi.Input; } export interface AccessPointRootDirectoryCreationInfo { /** * POSIX group ID to apply to the `rootDirectory`. */ ownerGid: pulumi.Input; /** * POSIX user ID to apply to the `rootDirectory`. */ ownerUid: pulumi.Input; /** * POSIX permissions to apply to the RootDirectory, in the format of an octal number representing the file's mode bits. */ permissions: pulumi.Input; } export interface BackupPolicyBackupPolicy { /** * A status of the backup policy. Valid values: `ENABLED`, `DISABLED`. */ status: pulumi.Input; } export interface FileSystemLifecyclePolicy { /** * Indicates how long it takes to transition files to the archive storage class. Requires transition_to_ia, Elastic Throughput and General Purpose performance mode. Valid values: `AFTER_1_DAY`, `AFTER_7_DAYS`, `AFTER_14_DAYS`, `AFTER_30_DAYS`, `AFTER_60_DAYS`, `AFTER_90_DAYS`, `AFTER_180_DAYS`, `AFTER_270_DAYS`, or `AFTER_365_DAYS`. */ transitionToArchive?: pulumi.Input; /** * Indicates how long it takes to transition files to the IA storage class. Valid values: `AFTER_1_DAY`, `AFTER_7_DAYS`, `AFTER_14_DAYS`, `AFTER_30_DAYS`, `AFTER_60_DAYS`, `AFTER_90_DAYS`, `AFTER_180_DAYS`, `AFTER_270_DAYS`, or `AFTER_365_DAYS`. */ transitionToIa?: pulumi.Input; /** * Describes the policy used to transition a file from infequent access storage to primary storage. Valid values: `AFTER_1_ACCESS`. */ transitionToPrimaryStorageClass?: pulumi.Input; } export interface FileSystemProtection { /** * Indicates whether replication overwrite protection is enabled. Valid values: `ENABLED` or `DISABLED`. */ replicationOverwrite?: pulumi.Input; } export interface FileSystemSizeInByte { /** * The latest known metered size (in bytes) of data stored in the file system. */ value?: pulumi.Input; /** * The latest known metered size (in bytes) of data stored in the Infrequent Access storage class. */ valueInIa?: pulumi.Input; /** * The latest known metered size (in bytes) of data stored in the Standard storage class. */ valueInStandard?: pulumi.Input; } export interface ReplicationConfigurationDestination { /** * The availability zone in which the replica should be created. If specified, the replica will be created with One Zone storage. If omitted, regional storage will be used. */ availabilityZoneName?: pulumi.Input; /** * The ID of the destination file system for the replication. If no ID is provided, then EFS creates a new file system with the default settings. */ fileSystemId?: pulumi.Input; /** * The Key ID, ARN, alias, or alias ARN of the KMS key that should be used to encrypt the replica file system. If omitted, the default KMS key for EFS `/aws/elasticfilesystem` will be used. */ kmsKeyId?: pulumi.Input; /** * The region in which the replica should be created. */ region?: pulumi.Input; status?: pulumi.Input; } } export namespace eks { export interface AccessPolicyAssociationAccessScope { /** * The namespaces to which the access scope applies when type is namespace. */ namespaces?: pulumi.Input[]>; /** * Valid values are `namespace` or `cluster`. */ type: pulumi.Input; } export interface AddonPodIdentityAssociation { /** * The Amazon Resource Name (ARN) of the IAM role to associate with the service account. The EKS Pod Identity agent manages credentials to assume this role for applications in the containers in the pods that use this service account. */ roleArn: pulumi.Input; /** * The name of the Kubernetes service account inside the cluster to associate the IAM credentials with. */ serviceAccount: pulumi.Input; } export interface CapabilityConfiguration { /** * ArgoCD configuration. See `argoCd` below. */ argoCd?: pulumi.Input; } export interface CapabilityConfigurationArgoCd { /** * AWS IAM Identity Center configuration. See `awsIdc` below. */ awsIdc: pulumi.Input; /** * Kubernetes namespace for ArgoCD. */ namespace?: pulumi.Input; /** * Network access configuration. See `networkAccess` below. */ networkAccess?: pulumi.Input; /** * RBAC role mappings. See `rbacRoleMapping` below. */ rbacRoleMappings?: pulumi.Input[]>; /** * URL of the Argo CD server. */ serverUrl?: pulumi.Input; } export interface CapabilityConfigurationArgoCdAwsIdc { /** * ARN of the IAM Identity Center instance. */ idcInstanceArn: pulumi.Input; idcManagedApplicationArn?: pulumi.Input; /** * Region of the IAM Identity Center instance. */ idcRegion?: pulumi.Input; } export interface CapabilityConfigurationArgoCdNetworkAccess { /** * VPC Endpoint IDs. */ vpceIds?: pulumi.Input[]>; } export interface CapabilityConfigurationArgoCdRbacRoleMapping { /** * List of identities. See `identity` below. */ identities: pulumi.Input[]>; /** * ArgoCD role. Valid values: `ADMIN`, `EDITOR`, `VIEWER`. */ role: pulumi.Input; } export interface CapabilityConfigurationArgoCdRbacRoleMappingIdentity { /** * Identity ID. */ id: pulumi.Input; /** * Identity type. Valid values: `SSO_USER`, `SSO_GROUP`. */ type: pulumi.Input; } export interface CapabilityTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface ClusterAccessConfig { /** * The authentication mode for the cluster. Valid values are `CONFIG_MAP`, `API` or `API_AND_CONFIG_MAP` */ authenticationMode?: pulumi.Input; /** * Whether or not to bootstrap the access config values to the cluster. Default is `true`. */ bootstrapClusterCreatorAdminPermissions?: pulumi.Input; } export interface ClusterCertificateAuthority { /** * Base64 encoded certificate data required to communicate with your cluster. Add this to the `certificate-authority-data` section of the `kubeconfig` file for your cluster. */ data?: pulumi.Input; } export interface ClusterComputeConfig { /** * Request to enable or disable the compute capability on your EKS Auto Mode cluster. If the compute capability is enabled, EKS Auto Mode will create and delete EC2 Managed Instances in your Amazon Web Services account. */ enabled?: pulumi.Input; /** * Configuration for node pools that defines the compute resources for your EKS Auto Mode cluster. Valid options are `general-purpose` and `system`. */ nodePools?: pulumi.Input[]>; /** * The ARN of the IAM Role EKS will assign to EC2 Managed Instances in your EKS Auto Mode cluster. This value cannot be changed after the compute capability of EKS Auto Mode is enabled.. */ nodeRoleArn?: pulumi.Input; } export interface ClusterControlPlaneScalingConfig { /** * The control plane scaling tier. Valid values are `standard`, `tier-xl`, `tier-2xl`, or `tier-4xl`. Defaults to `standard`. For more information about each tier, see [EKS Provisioned Control Plane](https://docs.aws.amazon.com/eks/latest/userguide/eks-provisioned-control-plane-getting-started.html). */ tier?: pulumi.Input; } export interface ClusterEncryptionConfig { /** * Configuration block with provider for encryption. Detailed below. */ provider: pulumi.Input; /** * List of strings with resources to be encrypted. Valid values: `secrets`. */ resources: pulumi.Input[]>; } export interface ClusterEncryptionConfigProvider { /** * ARN of the Key Management Service (KMS) customer master key (CMK). The CMK must be symmetric, created in the same region as the cluster, and if the CMK was created in a different account, the user must have access to the CMK. For more information, see [Allowing Users in Other Accounts to Use a CMK in the AWS Key Management Service Developer Guide](https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-modifying-external-accounts.html). */ keyArn: pulumi.Input; } export interface ClusterIdentity { /** * Nested block containing [OpenID Connect](https://openid.net/connect/) identity provider information for the cluster. Detailed below. */ oidcs?: pulumi.Input[]>; } export interface ClusterIdentityOidc { /** * Issuer URL for the OpenID Connect identity provider. */ issuer?: pulumi.Input; } export interface ClusterKubernetesNetworkConfig { /** * Configuration block with elastic load balancing configuration for the cluster. Detailed below. */ elasticLoadBalancing?: pulumi.Input; /** * The IP family used to assign Kubernetes pod and service addresses. Valid values are `ipv4` (default) and `ipv6`. You can only specify an IP family when you create a cluster, changing this value will force a new cluster to be created. */ ipFamily?: pulumi.Input; /** * The CIDR block to assign Kubernetes pod and service IP addresses from. If you don't specify a block, Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks. We recommend that you specify a block that does not overlap with resources in other networks that are peered or connected to your VPC. You can only specify a custom CIDR block when you create a cluster, changing this value will force a new cluster to be created. The block must meet the following requirements: * * * Within one of the following private IP address blocks: 10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16. * * * Doesn't overlap with any CIDR block assigned to the VPC that you selected for VPC. * * * Between /24 and /12. */ serviceIpv4Cidr?: pulumi.Input; /** * The CIDR block that Kubernetes pod and service IP addresses are assigned from if you specify `ipv6` for `ipFamily` when you create the cluster. Kubernetes assigns service addresses from the unique local address range (fc00::/7) because you can't specify a custom IPv6 CIDR block when you create the cluster. */ serviceIpv6Cidr?: pulumi.Input; } export interface ClusterKubernetesNetworkConfigElasticLoadBalancing { /** * Indicates if the load balancing capability is enabled on your EKS Auto Mode cluster. If the load balancing capability is enabled, EKS Auto Mode will create and delete load balancers in your Amazon Web Services account. */ enabled?: pulumi.Input; } export interface ClusterOutpostConfig { /** * The Amazon EC2 instance type that you want to use for your local Amazon EKS cluster on Outposts. The instance type that you specify is used for all Kubernetes control plane instances. The instance type can't be changed after cluster creation. Choose an instance type based on the number of nodes that your cluster will have. If your cluster will have: * * * 1–20 nodes, then we recommend specifying a large instance type. * * * 21–100 nodes, then we recommend specifying an xlarge instance type. * * * 101–250 nodes, then we recommend specifying a 2xlarge instance type. * * For a list of the available Amazon EC2 instance types, see Compute and storage in AWS Outposts rack features The control plane is not automatically scaled by Amazon EKS. */ controlPlaneInstanceType: pulumi.Input; /** * An object representing the placement configuration for all the control plane instances of your local Amazon EKS cluster on AWS Outpost. * The `controlPlanePlacement` configuration block supports the following arguments: */ controlPlanePlacement?: pulumi.Input; /** * The ARN of the Outpost that you want to use for your local Amazon EKS cluster on Outposts. This argument is a list of arns, but only a single Outpost ARN is supported currently. */ outpostArns: pulumi.Input[]>; } export interface ClusterOutpostConfigControlPlanePlacement { /** * The name of the placement group for the Kubernetes control plane instances. This setting can't be changed after cluster creation. */ groupName: pulumi.Input; } export interface ClusterRemoteNetworkConfig { /** * Configuration block with remote node network configuration for EKS Hybrid Nodes. Detailed below. */ remoteNodeNetworks: pulumi.Input; /** * Configuration block with remote pod network configuration for EKS Hybrid Nodes. Detailed below. */ remotePodNetworks?: pulumi.Input; } export interface ClusterRemoteNetworkConfigRemoteNodeNetworks { /** * List of network CIDRs that can contain hybrid nodes. */ cidrs?: pulumi.Input[]>; } export interface ClusterRemoteNetworkConfigRemotePodNetworks { /** * List of network CIDRs that can contain pods that run Kubernetes webhooks on hybrid nodes. */ cidrs?: pulumi.Input[]>; } export interface ClusterStorageConfig { /** * Configuration block with block storage configuration for the cluster. Detailed below. */ blockStorage?: pulumi.Input; } export interface ClusterStorageConfigBlockStorage { /** * Indicates if the block storage capability is enabled on your EKS Auto Mode cluster. If the block storage capability is enabled, EKS Auto Mode will create and delete block storage volumes in your Amazon Web Services account. */ enabled?: pulumi.Input; } export interface ClusterUpgradePolicy { /** * Support type to use for the cluster. If the cluster is set to `EXTENDED`, it will enter extended support at the end of standard support. If the cluster is set to `STANDARD`, it will be automatically upgraded at the end of standard support. Valid values are `EXTENDED`, `STANDARD` */ supportType?: pulumi.Input; } export interface ClusterVpcConfig { /** * Cluster security group that is created by Amazon EKS for the cluster. Managed node groups use this security group for control-plane-to-data-plane communication. */ clusterSecurityGroupId?: pulumi.Input; /** * Whether the Amazon EKS private API server endpoint is enabled. Default is `false`. */ endpointPrivateAccess?: pulumi.Input; /** * Whether the Amazon EKS public API server endpoint is enabled. Default is `true`. */ endpointPublicAccess?: pulumi.Input; /** * List of CIDR blocks. Indicates which CIDR blocks can access the Amazon EKS public API server endpoint when enabled. EKS defaults this to a list with `0.0.0.0/0`. The provider will only perform drift detection of its value when present in a configuration. */ publicAccessCidrs?: pulumi.Input[]>; /** * List of security group IDs for the cross-account elastic network interfaces that Amazon EKS creates to use to allow communication between your worker nodes and the Kubernetes control plane. */ securityGroupIds?: pulumi.Input[]>; /** * List of subnet IDs. Must be in at least two different availability zones. Amazon EKS creates cross-account elastic network interfaces in these subnets to allow communication between your worker nodes and the Kubernetes control plane. */ subnetIds: pulumi.Input[]>; /** * ID of the VPC associated with your cluster. */ vpcId?: pulumi.Input; } export interface ClusterZonalShiftConfig { /** * Whether zonal shift is enabled for the cluster. */ enabled?: pulumi.Input; } export interface FargateProfileSelector { /** * Key-value map of Kubernetes labels for selection. */ labels?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Kubernetes namespace for selection. * * The following arguments are optional: */ namespace: pulumi.Input; } export interface IdentityProviderConfigOidc { /** * Client ID for the OpenID Connect identity provider. */ clientId: pulumi.Input; /** * The JWT claim that the provider will use to return groups. */ groupsClaim?: pulumi.Input; /** * A prefix that is prepended to group claims e.g., `oidc:`. */ groupsPrefix?: pulumi.Input; /** * The name of the identity provider config. */ identityProviderConfigName: pulumi.Input; /** * Issuer URL for the OpenID Connect identity provider. */ issuerUrl: pulumi.Input; /** * The key value pairs that describe required claims in the identity token. */ requiredClaims?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * The JWT claim that the provider will use as the username. */ usernameClaim?: pulumi.Input; /** * A prefix that is prepended to username claims. */ usernamePrefix?: pulumi.Input; } export interface NodeGroupLaunchTemplate { /** * Identifier of the EC2 Launch Template. Conflicts with `name`. */ id?: pulumi.Input; /** * Name of the EC2 Launch Template. Conflicts with `id`. */ name?: pulumi.Input; /** * EC2 Launch Template version number. While the API accepts values like `$Default` and `$Latest`, the API will convert the value to the associated version number (e.g., `1`) on read and the provider will show a difference on next plan. Using the `defaultVersion` or `latestVersion` attribute of the `aws.ec2.LaunchTemplate` resource or data source is recommended for this argument. */ version: pulumi.Input; } export interface NodeGroupNodeRepairConfig { /** * Specifies whether to enable node auto repair for the node group. Node auto repair is disabled by default. Defaults to `false`. */ enabled?: pulumi.Input; /** * Maximum number of nodes that can be repaired concurrently or in parallel, expressed as a count of unhealthy nodes. Conflicts with `maxParallelNodesRepairedPercentage`. */ maxParallelNodesRepairedCount?: pulumi.Input; /** * Maximum number of nodes that can be repaired concurrently or in parallel, expressed as a percentage of unhealthy nodes. Conflicts with `maxParallelNodesRepairedCount`. */ maxParallelNodesRepairedPercentage?: pulumi.Input; /** * Count threshold of unhealthy nodes, above which node auto repair actions will stop. Conflicts with `maxUnhealthyNodeThresholdPercentage`. */ maxUnhealthyNodeThresholdCount?: pulumi.Input; /** * Percentage threshold of unhealthy nodes, above which node auto repair actions will stop. Conflicts with `maxUnhealthyNodeThresholdCount`. */ maxUnhealthyNodeThresholdPercentage?: pulumi.Input; /** * Granular overrides for specific repair actions. See `nodeRepairConfigOverrides` below for details. */ nodeRepairConfigOverrides?: pulumi.Input[]>; } export interface NodeGroupNodeRepairConfigNodeRepairConfigOverride { /** * Minimum time in minutes to wait before attempting to repair a node with the specified `nodeMonitoringCondition` and `nodeUnhealthyReason`. */ minRepairWaitTimeMins: pulumi.Input; /** * Unhealthy condition reported by the node monitoring agent that this override applies to. */ nodeMonitoringCondition: pulumi.Input; /** * Reason reported by the node monitoring agent that this override applies to. */ nodeUnhealthyReason: pulumi.Input; /** * Repair action to take for nodes when all of the specified conditions are met. Valid values are defined by the EKS API. */ repairAction: pulumi.Input; } export interface NodeGroupRemoteAccess { /** * EC2 Key Pair name that provides access for remote communication with the worker nodes in the EKS Node Group. If you specify this configuration, but do not specify `sourceSecurityGroupIds` when you create an EKS Node Group, either port 3389 for Windows, or port 22 for all other operating systems is opened on the worker nodes to the Internet (0.0.0.0/0). For Windows nodes, this will allow you to use RDP, for all others this allows you to SSH into the worker nodes. */ ec2SshKey?: pulumi.Input; /** * Set of EC2 Security Group IDs to allow SSH access (port 22) from on the worker nodes. If you specify `ec2SshKey`, but do not specify this configuration when you create an EKS Node Group, port 22 on the worker nodes is opened to the Internet (0.0.0.0/0). */ sourceSecurityGroupIds?: pulumi.Input[]>; } export interface NodeGroupResource { /** * List of objects containing information about AutoScaling Groups. */ autoscalingGroups?: pulumi.Input[]>; /** * Identifier of the remote access EC2 Security Group. */ remoteAccessSecurityGroupId?: pulumi.Input; } export interface NodeGroupResourceAutoscalingGroup { /** * Name of the AutoScaling Group. */ name?: pulumi.Input; } export interface NodeGroupScalingConfig { /** * Desired number of worker nodes. */ desiredSize: pulumi.Input; /** * Maximum number of worker nodes. */ maxSize: pulumi.Input; /** * Minimum number of worker nodes. */ minSize: pulumi.Input; } export interface NodeGroupTaint { /** * The effect of the taint. Valid values: `NO_SCHEDULE`, `NO_EXECUTE`, `PREFER_NO_SCHEDULE`. */ effect: pulumi.Input; /** * The key of the taint. Maximum length of 63. */ key: pulumi.Input; /** * The value of the taint. Maximum length of 63. */ value?: pulumi.Input; } export interface NodeGroupUpdateConfig { /** * Desired max number of unavailable worker nodes during node group update. */ maxUnavailable?: pulumi.Input; /** * Desired max percentage of unavailable worker nodes during node group update. */ maxUnavailablePercentage?: pulumi.Input; /** * Strategy to use for updating the node group. Valid values: `MINIMAL` and `DEFAULT`. */ updateStrategy?: pulumi.Input; } } export namespace elasticache { export interface ClusterCacheNode { address?: pulumi.Input; /** * Availability Zone for the cache cluster. If you want to create cache nodes in multi-az, use `preferredAvailabilityZones` instead. Default: System chosen Availability Zone. Changing this value will re-create the resource. */ availabilityZone?: pulumi.Input; id?: pulumi.Input; outpostArn?: pulumi.Input; /** * The port number on which each of the cache nodes will accept connections. For Memcached the default is 11211, and for Redis the default port is 6379. Cannot be provided with `replicationGroupId`. Changing this value will re-create the resource. */ port?: pulumi.Input; } export interface ClusterLogDeliveryConfiguration { /** * Name of either the CloudWatch Logs LogGroup or Kinesis Data Firehose resource. */ destination: pulumi.Input; /** * For CloudWatch Logs use `cloudwatch-logs` or for Kinesis Data Firehose use `kinesis-firehose`. */ destinationType: pulumi.Input; /** * Valid values are `json` or `text` */ logFormat: pulumi.Input; /** * Valid values are `slow-log` or `engine-log`. Max 1 of each. */ logType: pulumi.Input; } export interface GetUserAuthenticationMode { passwordCount?: number; type?: string; } export interface GetUserAuthenticationModeArgs { passwordCount?: pulumi.Input; type?: pulumi.Input; } export interface GlobalReplicationGroupGlobalNodeGroup { /** * The ID of the global node group. */ globalNodeGroupId?: pulumi.Input; /** * The keyspace for this node group. */ slots?: pulumi.Input; } export interface ParameterGroupParameter { /** * The name of the ElastiCache parameter. */ name: pulumi.Input; /** * The value of the ElastiCache parameter. */ value: pulumi.Input; } export interface ReplicationGroupLogDeliveryConfiguration { /** * Name of either the CloudWatch Logs LogGroup or Kinesis Data Firehose resource. */ destination: pulumi.Input; /** * For CloudWatch Logs use `cloudwatch-logs` or for Kinesis Data Firehose use `kinesis-firehose`. */ destinationType: pulumi.Input; /** * Valid values are `json` or `text` */ logFormat: pulumi.Input; /** * Valid values are `slow-log` or `engine-log`. Max 1 of each. */ logType: pulumi.Input; } export interface ReplicationGroupNodeGroupConfiguration { /** * ID for the node group. Redis (cluster mode disabled) replication groups don't have node group IDs, so this value is ignored. For Redis (cluster mode enabled) replication groups, the node group ID is a 1 to 4 character alphanumeric string. */ nodeGroupId?: pulumi.Input; /** * Availability zone for the primary node. */ primaryAvailabilityZone?: pulumi.Input; /** * ARN of the Outpost for the primary node. */ primaryOutpostArn?: pulumi.Input; /** * List of availability zones for the replica nodes. */ replicaAvailabilityZones?: pulumi.Input[]>; /** * Number of replica nodes in this node group. */ replicaCount?: pulumi.Input; /** * List of ARNs of the Outposts for the replica nodes. */ replicaOutpostArns?: pulumi.Input[]>; /** * Keyspace for this node group. Format is `start-end` (e.g., `0-5460`). For Redis (cluster mode disabled) replication groups, this value is ignored. */ slots?: pulumi.Input; } export interface ReservedCacheNodeRecurringCharge { recurringChargeAmount: pulumi.Input; recurringChargeFrequency: pulumi.Input; } export interface ReservedCacheNodeTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface ServerlessCacheCacheUsageLimits { /** * The maximum data storage limit in the cache, expressed in Gigabytes. See `dataStorage` Block for details. */ dataStorage?: pulumi.Input; /** * The configuration for the number of ElastiCache Processing Units (ECPU) the cache can consume per second. See `ecpuPerSecond` Block for details. */ ecpuPerSeconds?: pulumi.Input[]>; } export interface ServerlessCacheCacheUsageLimitsDataStorage { /** * The upper limit for data storage the cache is set to use. Must be between 1 and 5,000. */ maximum?: pulumi.Input; /** * The lower limit for data storage the cache is set to use. Must be between 1 and 5,000. */ minimum?: pulumi.Input; /** * The unit that the storage is measured in, in GB. */ unit: pulumi.Input; } export interface ServerlessCacheCacheUsageLimitsEcpuPerSecond { /** * The maximum number of ECPUs the cache can consume per second. Must be between 1,000 and 15,000,000. */ maximum?: pulumi.Input; /** * The minimum number of ECPUs the cache can consume per second. Must be between 1,000 and 15,000,000. */ minimum?: pulumi.Input; } export interface ServerlessCacheEndpoint { /** * The DNS hostname of the cache node. */ address: pulumi.Input; /** * The port number that the cache engine is listening on. Set as integer. */ port: pulumi.Input; } export interface ServerlessCacheReaderEndpoint { /** * The DNS hostname of the cache node. */ address: pulumi.Input; /** * The port number that the cache engine is listening on. Set as integer. */ port: pulumi.Input; } export interface ServerlessCacheTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface UserAuthenticationMode { passwordCount?: pulumi.Input; /** * Specifies the passwords to use for authentication if `type` is set to `password`. */ passwords?: pulumi.Input[]>; /** * Specifies the authentication type. Possible options are: `password`, `no-password-required` or `iam`. */ type: pulumi.Input; } } export namespace elasticbeanstalk { export interface ApplicationAppversionLifecycle { /** * Set to `true` to delete a version's source bundle from S3 when the application version is deleted. */ deleteSourceFromS3?: pulumi.Input; /** * The number of days to retain an application version ('max_age_in_days' and 'max_count' cannot be enabled simultaneously.). */ maxAgeInDays?: pulumi.Input; /** * The maximum number of application versions to retain ('max_age_in_days' and 'max_count' cannot be enabled simultaneously.). */ maxCount?: pulumi.Input; /** * The ARN of an IAM service role under which the application version is deleted. Elastic Beanstalk must have permission to assume this role. */ serviceRole: pulumi.Input; } export interface ConfigurationTemplateSetting { /** * A unique name for this Template. */ name: pulumi.Input; namespace: pulumi.Input; resource?: pulumi.Input; value: pulumi.Input; } export interface EnvironmentAllSetting { /** * A unique name for this Environment. This name is used * in the application URL */ name: pulumi.Input; namespace: pulumi.Input; resource?: pulumi.Input; value: pulumi.Input; } export interface EnvironmentSetting { /** * A unique name for this Environment. This name is used * in the application URL */ name: pulumi.Input; namespace: pulumi.Input; resource?: pulumi.Input; value: pulumi.Input; } } export namespace elasticsearch { export interface DomainAdvancedSecurityOptions { /** * Whether advanced security is enabled. */ enabled: pulumi.Input; /** * Whether the internal user database is enabled. If not set, defaults to `false` by the AWS API. */ internalUserDatabaseEnabled?: pulumi.Input; /** * Configuration block for the main user. Detailed below. */ masterUserOptions?: pulumi.Input; } export interface DomainAdvancedSecurityOptionsMasterUserOptions { /** * ARN for the main user. Only specify if `internalUserDatabaseEnabled` is not set or set to `false`. */ masterUserArn?: pulumi.Input; /** * Main user's username, which is stored in the Amazon Elasticsearch Service domain's internal database. Only specify if `internalUserDatabaseEnabled` is set to `true`. */ masterUserName?: pulumi.Input; /** * Main user's password, which is stored in the Amazon Elasticsearch Service domain's internal database. Only specify if `internalUserDatabaseEnabled` is set to `true`. */ masterUserPassword?: pulumi.Input; } export interface DomainAutoTuneOptions { /** * The Auto-Tune desired state for the domain. Valid values: `ENABLED` or `DISABLED`. */ desiredState: pulumi.Input; /** * Configuration block for Auto-Tune maintenance windows. Can be specified multiple times for each maintenance window. Detailed below. */ maintenanceSchedules?: pulumi.Input[]>; /** * Whether to roll back to default Auto-Tune settings when disabling Auto-Tune. Valid values: `DEFAULT_ROLLBACK` or `NO_ROLLBACK`. */ rollbackOnDisable?: pulumi.Input; } export interface DomainAutoTuneOptionsMaintenanceSchedule { /** * A cron expression specifying the recurrence pattern for an Auto-Tune maintenance schedule. */ cronExpressionForRecurrence: pulumi.Input; /** * Configuration block for the duration of the Auto-Tune maintenance window. Detailed below. */ duration: pulumi.Input; /** * Date and time at which to start the Auto-Tune maintenance schedule in [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8). */ startAt: pulumi.Input; } export interface DomainAutoTuneOptionsMaintenanceScheduleDuration { /** * The unit of time specifying the duration of an Auto-Tune maintenance window. Valid values: `HOURS`. */ unit: pulumi.Input; /** * An integer specifying the value of the duration of an Auto-Tune maintenance window. */ value: pulumi.Input; } export interface DomainClusterConfig { /** * Configuration block containing cold storage configuration. Detailed below. */ coldStorageOptions?: pulumi.Input; /** * Number of dedicated main nodes in the cluster. */ dedicatedMasterCount?: pulumi.Input; /** * Whether dedicated main nodes are enabled for the cluster. */ dedicatedMasterEnabled?: pulumi.Input; /** * Instance type of the dedicated main nodes in the cluster. */ dedicatedMasterType?: pulumi.Input; /** * Number of instances in the cluster. */ instanceCount?: pulumi.Input; /** * Instance type of data nodes in the cluster. */ instanceType?: pulumi.Input; /** * Number of warm nodes in the cluster. Valid values are between `2` and `150`. `warmCount` can be only and must be set when `warmEnabled` is set to `true`. */ warmCount?: pulumi.Input; /** * Whether to enable warm storage. */ warmEnabled?: pulumi.Input; /** * Instance type for the Elasticsearch cluster's warm nodes. Valid values are `ultrawarm1.medium.elasticsearch`, `ultrawarm1.large.elasticsearch` and `ultrawarm1.xlarge.elasticsearch`. `warmType` can be only and must be set when `warmEnabled` is set to `true`. */ warmType?: pulumi.Input; /** * Configuration block containing zone awareness settings. Detailed below. */ zoneAwarenessConfig?: pulumi.Input; /** * Whether zone awareness is enabled, set to `true` for multi-az deployment. To enable awareness with three Availability Zones, the `availabilityZoneCount` within the `zoneAwarenessConfig` must be set to `3`. */ zoneAwarenessEnabled?: pulumi.Input; } export interface DomainClusterConfigColdStorageOptions { /** * Boolean to enable cold storage for an Elasticsearch domain. Defaults to `false`. Master and ultrawarm nodes must be enabled for cold storage. */ enabled?: pulumi.Input; } export interface DomainClusterConfigZoneAwarenessConfig { /** * Number of Availability Zones for the domain to use with `zoneAwarenessEnabled`. Defaults to `2`. Valid values: `2` or `3`. */ availabilityZoneCount?: pulumi.Input; } export interface DomainCognitoOptions { /** * Whether Amazon Cognito authentication with Kibana is enabled or not. */ enabled?: pulumi.Input; /** * ID of the Cognito Identity Pool to use. */ identityPoolId: pulumi.Input; /** * ARN of the IAM role that has the AmazonESCognitoAccess policy attached. */ roleArn: pulumi.Input; /** * ID of the Cognito User Pool to use. */ userPoolId: pulumi.Input; } export interface DomainDomainEndpointOptions { /** * Fully qualified domain for your custom endpoint. */ customEndpoint?: pulumi.Input; /** * ACM certificate ARN for your custom endpoint. */ customEndpointCertificateArn?: pulumi.Input; /** * Whether to enable custom endpoint for the Elasticsearch domain. */ customEndpointEnabled?: pulumi.Input; /** * Whether or not to require HTTPS. Defaults to `true`. */ enforceHttps?: pulumi.Input; /** * Name of the TLS security policy that needs to be applied to the HTTPS endpoint. Valid values: `Policy-Min-TLS-1-0-2019-07`, `Policy-Min-TLS-1-2-2019-07`, and `Policy-Min-TLS-1-2-PFS-2023-10`. Pulumi will only perform drift detection if a configuration value is provided. */ tlsSecurityPolicy?: pulumi.Input; } export interface DomainEbsOptions { /** * Whether EBS volumes are attached to data nodes in the domain. */ ebsEnabled: pulumi.Input; /** * Baseline input/output (I/O) performance of EBS volumes attached to data nodes. Applicable only for the GP3 and Provisioned IOPS EBS volume types. */ iops?: pulumi.Input; /** * Specifies the throughput (in MiB/s) of the EBS volumes attached to data nodes. Applicable only for the gp3 volume type. */ throughput?: pulumi.Input; /** * Size of EBS volumes attached to data nodes (in GiB). */ volumeSize?: pulumi.Input; /** * Type of EBS volumes attached to data nodes. */ volumeType?: pulumi.Input; } export interface DomainEncryptAtRest { /** * Whether to enable encryption at rest. If the `encryptAtRest` block is not provided then this defaults to `false`. Enabling encryption on new domains requires `elasticsearchVersion` 5.1 or greater. */ enabled: pulumi.Input; /** * KMS key ARN to encrypt the Elasticsearch domain with. If not specified then it defaults to using the `aws/es` service KMS key. Note that KMS will accept a KMS key ID but will return the key ARN. To prevent the provider detecting unwanted changes, use the key ARN instead. */ kmsKeyId?: pulumi.Input; } export interface DomainLogPublishingOption { /** * ARN of the Cloudwatch log group to which log needs to be published. */ cloudwatchLogGroupArn: pulumi.Input; /** * Whether given log publishing option is enabled or not. */ enabled?: pulumi.Input; /** * Type of Elasticsearch log. Valid values: `INDEX_SLOW_LOGS`, `SEARCH_SLOW_LOGS`, `ES_APPLICATION_LOGS`, `AUDIT_LOGS`. */ logType: pulumi.Input; } export interface DomainNodeToNodeEncryption { /** * Whether to enable node-to-node encryption. If the `nodeToNodeEncryption` block is not provided then this defaults to `false`. Enabling node-to-node encryption of a new domain requires an `elasticsearchVersion` of `6.0` or greater. */ enabled: pulumi.Input; } export interface DomainSamlOptionsSamlOptions { /** * Whether SAML authentication is enabled. */ enabled?: pulumi.Input; /** * Information from your identity provider. */ idp?: pulumi.Input; /** * This backend role from the SAML IdP receives full permissions to the cluster, equivalent to a new master user. */ masterBackendRole?: pulumi.Input; /** * This username from the SAML IdP receives full permissions to the cluster, equivalent to a new master user. */ masterUserName?: pulumi.Input; /** * Element of the SAML assertion to use for backend roles. Default is roles. */ rolesKey?: pulumi.Input; /** * Duration of a session in minutes after a user logs in. Default is 60. Maximum value is 1,440. */ sessionTimeoutMinutes?: pulumi.Input; /** * Custom SAML attribute to use for user names. Default is an empty string - `""`. This will cause Elasticsearch to use the `NameID` element of the `Subject`, which is the default location for name identifiers in the SAML specification. */ subjectKey?: pulumi.Input; } export interface DomainSamlOptionsSamlOptionsIdp { /** * The unique Entity ID of the application in SAML Identity Provider. */ entityId: pulumi.Input; /** * The Metadata of the SAML application in xml format. */ metadataContent: pulumi.Input; } export interface DomainSnapshotOptions { /** * Hour during which the service takes an automated daily snapshot of the indices in the domain. */ automatedSnapshotStartHour: pulumi.Input; } export interface DomainVpcOptions { /** * If the domain was created inside a VPC, the names of the availability zones the configured `subnetIds` were created inside. */ availabilityZones?: pulumi.Input[]>; /** * List of VPC Security Group IDs to be applied to the Elasticsearch domain endpoints. If omitted, the default Security Group for the VPC will be used. */ securityGroupIds?: pulumi.Input[]>; /** * List of VPC Subnet IDs for the Elasticsearch domain endpoints to be created in. */ subnetIds?: pulumi.Input[]>; /** * If the domain was created inside a VPC, the ID of the VPC. */ vpcId?: pulumi.Input; } /** * Represents an AWS IAM policy document that defines permissions for AWS resources and actions. */ export interface PolicyDocument { Id?: pulumi.Input; Statement: pulumi.Input[]>; Version: pulumi.Input; } export interface VpcEndpointVpcOptions { availabilityZones?: pulumi.Input[]>; /** * The list of security group IDs associated with the VPC endpoints for the domain. If you do not provide a security group ID, elasticsearch Service uses the default security group for the VPC. */ securityGroupIds?: pulumi.Input[]>; /** * A list of subnet IDs associated with the VPC endpoints for the domain. If your domain uses multiple Availability Zones, you need to provide two subnet IDs, one per zone. Otherwise, provide only one. */ subnetIds: pulumi.Input[]>; vpcId?: pulumi.Input; } } export namespace elastictranscoder { export interface PipelineContentConfig { /** * The Amazon S3 bucket in which you want Elastic Transcoder to save transcoded files and playlists. */ bucket?: pulumi.Input; /** * The Amazon S3 storage class, `Standard` or `ReducedRedundancy`, that you want Elastic Transcoder to assign to the files and playlists that it stores in your Amazon S3 bucket. */ storageClass?: pulumi.Input; } export interface PipelineContentConfigPermission { /** * The permission that you want to give to the AWS user that you specified in `content_config_permissions.grantee`. Valid values are `Read`, `ReadAcp`, `WriteAcp` or `FullControl`. */ accesses?: pulumi.Input[]>; /** * The AWS user or group that you want to have access to transcoded files and playlists. */ grantee?: pulumi.Input; /** * Specify the type of value that appears in the `content_config_permissions.grantee` object. Valid values are `Canonical`, `Email` or `Group`. */ granteeType?: pulumi.Input; } export interface PipelineNotifications { /** * The topic ARN for the Amazon SNS topic that you want to notify when Elastic Transcoder has finished processing a job in this pipeline. */ completed?: pulumi.Input; /** * The topic ARN for the Amazon SNS topic that you want to notify when Elastic Transcoder encounters an error condition while processing a job in this pipeline. */ error?: pulumi.Input; /** * The topic ARN for the Amazon Simple Notification Service (Amazon SNS) topic that you want to notify when Elastic Transcoder has started to process a job in this pipeline. */ progressing?: pulumi.Input; /** * The topic ARN for the Amazon SNS topic that you want to notify when Elastic Transcoder encounters a warning condition while processing a job in this pipeline. * * The `thumbnailConfig` object specifies information about the Amazon S3 bucket in * which you want Elastic Transcoder to save thumbnail files: which bucket to use, * which users you want to have access to the files, the type of access you want * users to have, and the storage class that you want to assign to the files. If * you specify values for `contentConfig`, you must also specify values for * `thumbnailConfig` even if you don't want to create thumbnails. (You control * whether to create thumbnails when you create a job. For more information, see * ThumbnailPattern in the topic Create Job.) If you specify values for * `contentConfig` and `thumbnailConfig`, omit the OutputBucket object. */ warning?: pulumi.Input; } export interface PipelineThumbnailConfig { /** * The Amazon S3 bucket in which you want Elastic Transcoder to save thumbnail files. */ bucket?: pulumi.Input; /** * The Amazon S3 storage class, Standard or ReducedRedundancy, that you want Elastic Transcoder to assign to the thumbnails that it stores in your Amazon S3 bucket. */ storageClass?: pulumi.Input; } export interface PipelineThumbnailConfigPermission { /** * The permission that you want to give to the AWS user that you specified in `thumbnail_config_permissions.grantee`. Valid values are `Read`, `ReadAcp`, `WriteAcp` or `FullControl`. */ accesses?: pulumi.Input[]>; /** * The AWS user or group that you want to have access to thumbnail files. */ grantee?: pulumi.Input; /** * Specify the type of value that appears in the `thumbnail_config_permissions.grantee` object. Valid values are `Canonical`, `Email` or `Group`. */ granteeType?: pulumi.Input; } export interface PresetAudio { /** * The method of organizing audio channels and tracks. Use Audio:Channels to specify the number of channels in your output, and Audio:AudioPackingMode to specify the number of tracks and their relation to the channels. If you do not specify an Audio:AudioPackingMode, Elastic Transcoder uses SingleTrack. */ audioPackingMode?: pulumi.Input; /** * The bit rate of the audio stream in the output file, in kilobits/second. Enter an integer between 64 and 320, inclusive. */ bitRate?: pulumi.Input; /** * The number of audio channels in the output file */ channels?: pulumi.Input; /** * The audio codec for the output file. Valid values are `AAC`, `flac`, `mp2`, `mp3`, `pcm`, and `vorbis`. */ codec?: pulumi.Input; /** * The sample rate of the audio stream in the output file, in hertz. Valid values are: `auto`, `22050`, `32000`, `44100`, `48000`, `96000` */ sampleRate?: pulumi.Input; } export interface PresetAudioCodecOptions { /** * The bit depth of a sample is how many bits of information are included in the audio samples. Valid values are `16` and `24`. (FLAC/PCM Only) */ bitDepth?: pulumi.Input; /** * The order the bits of a PCM sample are stored in. The supported value is LittleEndian. (PCM Only) */ bitOrder?: pulumi.Input; /** * If you specified AAC for Audio:Codec, choose the AAC profile for the output file. */ profile?: pulumi.Input; /** * Whether audio samples are represented with negative and positive numbers (signed) or only positive numbers (unsigned). The supported value is Signed. (PCM Only) */ signed?: pulumi.Input; } export interface PresetThumbnails { /** * The aspect ratio of thumbnails. The following values are valid: auto, 1:1, 4:3, 3:2, 16:9 */ aspectRatio?: pulumi.Input; /** * The format of thumbnails, if any. Valid formats are jpg and png. */ format?: pulumi.Input; /** * The approximate number of seconds between thumbnails. The value must be an integer. The actual interval can vary by several seconds from one thumbnail to the next. */ interval?: pulumi.Input; /** * The maximum height of thumbnails, in pixels. If you specify auto, Elastic Transcoder uses 1080 (Full HD) as the default value. If you specify a numeric value, enter an even integer between 32 and 3072, inclusive. */ maxHeight?: pulumi.Input; /** * The maximum width of thumbnails, in pixels. If you specify auto, Elastic Transcoder uses 1920 (Full HD) as the default value. If you specify a numeric value, enter an even integer between 32 and 4096, inclusive. */ maxWidth?: pulumi.Input; /** * When you set PaddingPolicy to Pad, Elastic Transcoder might add black bars to the top and bottom and/or left and right sides of thumbnails to make the total size of the thumbnails match the values that you specified for thumbnail MaxWidth and MaxHeight settings. */ paddingPolicy?: pulumi.Input; /** * The width and height of thumbnail files in pixels, in the format WidthxHeight, where both values are even integers. The values cannot exceed the width and height that you specified in the Video:Resolution object. (To better control resolution and aspect ratio of thumbnails, we recommend that you use the thumbnail values `maxWidth`, `maxHeight`, `sizingPolicy`, and `paddingPolicy` instead of `resolution` and `aspectRatio`. The two groups of settings are mutually exclusive. Do not use them together) */ resolution?: pulumi.Input; /** * A value that controls scaling of thumbnails. Valid values are: `Fit`, `Fill`, `Stretch`, `Keep`, `ShrinkToFit`, and `ShrinkToFill`. */ sizingPolicy?: pulumi.Input; } export interface PresetVideo { /** * The display aspect ratio of the video in the output file. Valid values are: `auto`, `1:1`, `4:3`, `3:2`, `16:9`. (Note; to better control resolution and aspect ratio of output videos, we recommend that you use the values `maxWidth`, `maxHeight`, `sizingPolicy`, `paddingPolicy`, and `displayAspectRatio` instead of `resolution` and `aspectRatio`.) */ aspectRatio?: pulumi.Input; /** * The bit rate of the video stream in the output file, in kilobits/second. You can configure variable bit rate or constant bit rate encoding. */ bitRate?: pulumi.Input; /** * The video codec for the output file. Valid values are `gif`, `H.264`, `mpeg2`, `vp8`, and `vp9`. */ codec?: pulumi.Input; /** * The value that Elastic Transcoder adds to the metadata in the output file. If you set DisplayAspectRatio to auto, Elastic Transcoder chooses an aspect ratio that ensures square pixels. If you specify another option, Elastic Transcoder sets that value in the output file. */ displayAspectRatio?: pulumi.Input; /** * Whether to use a fixed value for Video:FixedGOP. Not applicable for containers of type gif. Valid values are true and false. Also known as, Fixed Number of Frames Between Keyframes. */ fixedGop?: pulumi.Input; /** * The frames per second for the video stream in the output file. The following values are valid: `auto`, `10`, `15`, `23.97`, `24`, `25`, `29.97`, `30`, `50`, `60`. */ frameRate?: pulumi.Input; /** * The maximum number of frames between key frames. Not applicable for containers of type gif. */ keyframesMaxDist?: pulumi.Input; /** * If you specify auto for FrameRate, Elastic Transcoder uses the frame rate of the input video for the frame rate of the output video, up to the maximum frame rate. If you do not specify a MaxFrameRate, Elastic Transcoder will use a default of 30. */ maxFrameRate?: pulumi.Input; /** * The maximum height of the output video in pixels. If you specify auto, Elastic Transcoder uses 1080 (Full HD) as the default value. If you specify a numeric value, enter an even integer between 96 and 3072, inclusive. */ maxHeight?: pulumi.Input; /** * The maximum width of the output video in pixels. If you specify auto, Elastic Transcoder uses 1920 (Full HD) as the default value. If you specify a numeric value, enter an even integer between 128 and 4096, inclusive. */ maxWidth?: pulumi.Input; /** * When you set PaddingPolicy to Pad, Elastic Transcoder might add black bars to the top and bottom and/or left and right sides of the output video to make the total size of the output video match the values that you specified for `maxWidth` and `maxHeight`. */ paddingPolicy?: pulumi.Input; /** * The width and height of the video in the output file, in pixels. Valid values are `auto` and `widthxheight`. (see note for `aspectRatio`) */ resolution?: pulumi.Input; /** * A value that controls scaling of the output video. Valid values are: `Fit`, `Fill`, `Stretch`, `Keep`, `ShrinkToFit`, `ShrinkToFill`. */ sizingPolicy?: pulumi.Input; } export interface PresetVideoWatermark { /** * The horizontal position of the watermark unless you specify a nonzero value for `horzontalOffset`. */ horizontalAlign?: pulumi.Input; /** * The amount by which you want the horizontal position of the watermark to be offset from the position specified by `horizontalAlign`. */ horizontalOffset?: pulumi.Input; /** * A unique identifier for the settings for one watermark. The value of Id can be up to 40 characters long. You can specify settings for up to four watermarks. */ id?: pulumi.Input; /** * The maximum height of the watermark. */ maxHeight?: pulumi.Input; /** * The maximum width of the watermark. */ maxWidth?: pulumi.Input; /** * A percentage that indicates how much you want a watermark to obscure the video in the location where it appears. */ opacity?: pulumi.Input; /** * A value that controls scaling of the watermark. Valid values are: `Fit`, `Stretch`, `ShrinkToFit` */ sizingPolicy?: pulumi.Input; /** * A value that determines how Elastic Transcoder interprets values that you specified for `video_watermarks.horizontal_offset`, `video_watermarks.vertical_offset`, `video_watermarks.max_width`, and `video_watermarks.max_height`. Valid values are `Content` and `Frame`. */ target?: pulumi.Input; /** * The vertical position of the watermark unless you specify a nonzero value for `verticalAlign`. Valid values are `Top`, `Bottom`, `Center`. */ verticalAlign?: pulumi.Input; /** * The amount by which you want the vertical position of the watermark to be offset from the position specified by `verticalAlign` */ verticalOffset?: pulumi.Input; } } export namespace elb { export interface LoadBalancerAccessLogs { /** * The S3 bucket name to store the logs in. */ bucket: pulumi.Input; /** * The S3 bucket prefix. Logs are stored in the root if not configured. */ bucketPrefix?: pulumi.Input; /** * Boolean to enable / disable `accessLogs`. Default is `true` */ enabled?: pulumi.Input; /** * The publishing interval in minutes. Valid values: `5` and `60`. Default: `60` */ interval?: pulumi.Input; } export interface LoadBalancerHealthCheck { /** * The number of checks before the instance is declared healthy. */ healthyThreshold: pulumi.Input; /** * The interval between checks. */ interval: pulumi.Input; /** * The target of the check. Valid pattern is "${PROTOCOL}:${PORT}${PATH}", where PROTOCOL * values are: * * `HTTP`, `HTTPS` - PORT and PATH are required * * `TCP`, `SSL` - PORT is required, PATH is not supported */ target: pulumi.Input; /** * The length of time before the check times out. */ timeout: pulumi.Input; /** * The number of checks before the instance is declared unhealthy. */ unhealthyThreshold: pulumi.Input; } export interface LoadBalancerListener { /** * The port on the instance to route to */ instancePort: pulumi.Input; /** * The protocol to use to the instance. Valid * values are `HTTP`, `HTTPS`, `TCP`, or `SSL` */ instanceProtocol: pulumi.Input; /** * The port to listen on for the load balancer */ lbPort: pulumi.Input; /** * The protocol to listen on. Valid values are `HTTP`, * `HTTPS`, `TCP`, or `SSL` */ lbProtocol: pulumi.Input; /** * The ARN of an SSL certificate you have * uploaded to AWS IAM. **Note ECDSA-specific restrictions below. Only valid when `lbProtocol` is either HTTPS or SSL** */ sslCertificateId?: pulumi.Input; } export interface LoadBalancerPolicyPolicyAttribute { name?: pulumi.Input; value?: pulumi.Input; } export interface SslNegotiationPolicyAttribute { /** * The name of the attribute */ name: pulumi.Input; /** * The value of the attribute */ value: pulumi.Input; } } export namespace emr { export interface BlockPublicAccessConfigurationPermittedPublicSecurityGroupRuleRange { /** * The final port in the range of TCP ports. */ maxRange: pulumi.Input; /** * The first port in the range of TCP ports. */ minRange: pulumi.Input; } export interface ClusterAutoTerminationPolicy { /** * Specifies the amount of idle time in seconds after which the cluster automatically terminates. You can specify a minimum of `60` seconds and a maximum of `604800` seconds (seven days). */ idleTimeout?: pulumi.Input; } export interface ClusterBootstrapAction { /** * List of command line arguments to pass to the bootstrap action script. */ args?: pulumi.Input[]>; /** * Name of the bootstrap action. */ name: pulumi.Input; /** * Location of the script to run during a bootstrap action. Can be either a location in Amazon S3 or on a local file system. */ path: pulumi.Input; } export interface ClusterCoreInstanceFleet { /** * ID of the cluster. */ id?: pulumi.Input; /** * Configuration block for instance fleet. */ instanceTypeConfigs?: pulumi.Input[]>; /** * Configuration block for launch specification. */ launchSpecifications?: pulumi.Input; /** * Friendly name given to the instance fleet. */ name?: pulumi.Input; provisionedOnDemandCapacity?: pulumi.Input; provisionedSpotCapacity?: pulumi.Input; /** * The target capacity of On-Demand units for the instance fleet, which determines how many On-Demand instances to provision. */ targetOnDemandCapacity?: pulumi.Input; /** * Target capacity of Spot units for the instance fleet, which determines how many Spot instances to provision. */ targetSpotCapacity?: pulumi.Input; } export interface ClusterCoreInstanceFleetInstanceTypeConfig { /** * Bid price for each EC2 Spot instance type as defined by `instanceType`. Expressed in USD. If neither `bidPrice` nor `bidPriceAsPercentageOfOnDemandPrice` is provided, `bidPriceAsPercentageOfOnDemandPrice` defaults to 100%. */ bidPrice?: pulumi.Input; /** * Bid price, as a percentage of On-Demand price, for each EC2 Spot instance as defined by `instanceType`. Expressed as a number (for example, 20 specifies 20%). If neither `bidPrice` nor `bidPriceAsPercentageOfOnDemandPrice` is provided, `bidPriceAsPercentageOfOnDemandPrice` defaults to 100%. */ bidPriceAsPercentageOfOnDemandPrice?: pulumi.Input; /** * Configuration classification that applies when provisioning cluster instances, which can include configurations for applications and software that run on the cluster. List of `configuration` blocks. */ configurations?: pulumi.Input[]>; /** * Configuration block(s) for EBS volumes attached to each instance in the instance group. Detailed below. */ ebsConfigs?: pulumi.Input[]>; /** * EC2 instance type, such as m4.xlarge. */ instanceType: pulumi.Input; /** * Number of units that a provisioned instance of this type provides toward fulfilling the target capacities defined in `aws.emr.InstanceFleet`. */ weightedCapacity?: pulumi.Input; } export interface ClusterCoreInstanceFleetInstanceTypeConfigConfiguration { /** * Classification within a configuration. */ classification?: pulumi.Input; /** * Map of properties specified within a configuration classification. */ properties?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface ClusterCoreInstanceFleetInstanceTypeConfigEbsConfig { /** * Number of I/O operations per second (IOPS) that the volume supports. */ iops?: pulumi.Input; /** * Volume size, in gibibytes (GiB). */ size: pulumi.Input; /** * Volume type. Valid options are `gp3`, `gp2`, `io1`, `io2`, `standard`, `st1` and `sc1`. See [EBS Volume Types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html). */ type: pulumi.Input; /** * Number of EBS volumes with this configuration to attach to each EC2 instance in the instance group (default is 1). */ volumesPerInstance?: pulumi.Input; } export interface ClusterCoreInstanceFleetLaunchSpecifications { /** * Configuration block for on demand instances launch specifications. */ onDemandSpecifications?: pulumi.Input[]>; /** * Configuration block for spot instances launch specifications. */ spotSpecifications?: pulumi.Input[]>; } export interface ClusterCoreInstanceFleetLaunchSpecificationsOnDemandSpecification { /** * Specifies the strategy to use in launching On-Demand instance fleets. Currently, the only option is `lowest-price` (the default), which launches the lowest price first. */ allocationStrategy: pulumi.Input; } export interface ClusterCoreInstanceFleetLaunchSpecificationsSpotSpecification { /** * Specifies the strategy to use in launching Spot instance fleets. Valid values include `capacity-optimized`, `diversified`, `lowest-price`, `price-capacity-optimized`. See the [AWS documentation](https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-instance-fleet.html#emr-instance-fleet-allocation-strategy) for details on each strategy type. */ allocationStrategy: pulumi.Input; /** * Defined duration for Spot instances (also known as Spot blocks) in minutes. When specified, the Spot instance does not terminate before the defined duration expires, and defined duration pricing for Spot instances applies. Valid values are 60, 120, 180, 240, 300, or 360. The duration period starts as soon as a Spot instance receives its instance ID. At the end of the duration, Amazon EC2 marks the Spot instance for termination and provides a Spot instance termination notice, which gives the instance a two-minute warning before it terminates. */ blockDurationMinutes?: pulumi.Input; /** * Action to take when TargetSpotCapacity has not been fulfilled when the TimeoutDurationMinutes has expired; that is, when all Spot instances could not be provisioned within the Spot provisioning timeout. Valid values are `TERMINATE_CLUSTER` and `SWITCH_TO_ON_DEMAND`. SWITCH_TO_ON_DEMAND specifies that if no Spot instances are available, On-Demand Instances should be provisioned to fulfill any remaining Spot capacity. */ timeoutAction: pulumi.Input; /** * Spot provisioning timeout period in minutes. If Spot instances are not provisioned within this time period, the TimeOutAction is taken. Minimum value is 5 and maximum value is 1440. The timeout applies only during initial provisioning, when the cluster is first created. */ timeoutDurationMinutes: pulumi.Input; } export interface ClusterCoreInstanceGroup { /** * String containing the [EMR Auto Scaling Policy](https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-automatic-scaling.html) JSON. */ autoscalingPolicy?: pulumi.Input; /** * Bid price for each EC2 instance in the instance group, expressed in USD. By setting this attribute, the instance group is being declared as a Spot Instance, and will implicitly create a Spot request. Leave this blank to use On-Demand Instances. */ bidPrice?: pulumi.Input; /** * Configuration block(s) for EBS volumes attached to each instance in the instance group. Detailed below. */ ebsConfigs?: pulumi.Input[]>; /** * Core node type Instance Group ID, if using Instance Group for this node type. */ id?: pulumi.Input; /** * Target number of instances for the instance group. Must be at least 1. Defaults to 1. */ instanceCount?: pulumi.Input; /** * EC2 instance type for all instances in the instance group. */ instanceType: pulumi.Input; /** * Friendly name given to the instance group. */ name?: pulumi.Input; } export interface ClusterCoreInstanceGroupEbsConfig { /** * Number of I/O operations per second (IOPS) that the volume supports. */ iops?: pulumi.Input; /** * Volume size, in gibibytes (GiB). */ size: pulumi.Input; /** * The throughput, in mebibyte per second (MiB/s). */ throughput?: pulumi.Input; /** * Volume type. Valid options are `gp3`, `gp2`, `io1`, `io2`, `standard`, `st1` and `sc1`. See [EBS Volume Types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html). */ type: pulumi.Input; /** * Number of EBS volumes with this configuration to attach to each EC2 instance in the instance group (default is 1). */ volumesPerInstance?: pulumi.Input; } export interface ClusterEc2Attributes { /** * String containing a comma separated list of additional Amazon EC2 security group IDs for the master node. */ additionalMasterSecurityGroups?: pulumi.Input; /** * String containing a comma separated list of additional Amazon EC2 security group IDs for the slave nodes as a comma separated string. */ additionalSlaveSecurityGroups?: pulumi.Input; /** * Identifier of the Amazon EC2 EMR-Managed security group for the master node. */ emrManagedMasterSecurityGroup?: pulumi.Input; /** * Identifier of the Amazon EC2 EMR-Managed security group for the slave nodes. */ emrManagedSlaveSecurityGroup?: pulumi.Input; /** * Instance Profile for EC2 instances of the cluster assume this role. */ instanceProfile: pulumi.Input; /** * Amazon EC2 key pair that can be used to ssh to the master node as the user called `hadoop`. */ keyName?: pulumi.Input; /** * Identifier of the Amazon EC2 service-access security group - required when the cluster runs on a private subnet. */ serviceAccessSecurityGroup?: pulumi.Input; /** * VPC subnet id where you want the job flow to launch. Cannot specify the `cc1.4xlarge` instance type for nodes of a job flow launched in an Amazon VPC. */ subnetId?: pulumi.Input; /** * List of VPC subnet id-s where you want the job flow to launch. Amazon EMR identifies the best Availability Zone to launch instances according to your fleet specifications. * * > **NOTE on EMR-Managed security groups:** These security groups will have any missing inbound or outbound access rules added and maintained by AWS, to ensure proper communication between instances in a cluster. The EMR service will maintain these rules for groups provided in `emrManagedMasterSecurityGroup` and `emrManagedSlaveSecurityGroup`; attempts to remove the required rules may succeed, only for the EMR service to re-add them in a matter of minutes. This may cause this provider to fail to destroy an environment that contains an EMR cluster, because the EMR service does not revoke rules added on deletion, leaving a cyclic dependency between the security groups that prevents their deletion. To avoid this, use the `revokeRulesOnDelete` optional attribute for any Security Group used in `emrManagedMasterSecurityGroup` and `emrManagedSlaveSecurityGroup`. See [Amazon EMR-Managed Security Groups](http://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-man-sec-groups.html) for more information about the EMR-managed security group rules. */ subnetIds?: pulumi.Input[]>; } export interface ClusterKerberosAttributes { /** * Active Directory password for `adDomainJoinUser`. This provider cannot perform drift detection of this configuration. */ adDomainJoinPassword?: pulumi.Input; /** * Required only when establishing a cross-realm trust with an Active Directory domain. A user with sufficient privileges to join resources to the domain. This provider cannot perform drift detection of this configuration. */ adDomainJoinUser?: pulumi.Input; /** * Required only when establishing a cross-realm trust with a KDC in a different realm. The cross-realm principal password, which must be identical across realms. This provider cannot perform drift detection of this configuration. */ crossRealmTrustPrincipalPassword?: pulumi.Input; /** * Password used within the cluster for the kadmin service on the cluster-dedicated KDC, which maintains Kerberos principals, password policies, and keytabs for the cluster. This provider cannot perform drift detection of this configuration. */ kdcAdminPassword: pulumi.Input; /** * Name of the Kerberos realm to which all nodes in a cluster belong. For example, `EC2.INTERNAL` */ realm: pulumi.Input; } export interface ClusterMasterInstanceFleet { /** * ID of the cluster. */ id?: pulumi.Input; /** * Configuration block for instance fleet. */ instanceTypeConfigs?: pulumi.Input[]>; /** * Configuration block for launch specification. */ launchSpecifications?: pulumi.Input; /** * Friendly name given to the instance fleet. */ name?: pulumi.Input; provisionedOnDemandCapacity?: pulumi.Input; provisionedSpotCapacity?: pulumi.Input; /** * Target capacity of On-Demand units for the instance fleet, which determines how many On-Demand instances to provision. */ targetOnDemandCapacity?: pulumi.Input; /** * Target capacity of Spot units for the instance fleet, which determines how many Spot instances to provision. */ targetSpotCapacity?: pulumi.Input; } export interface ClusterMasterInstanceFleetInstanceTypeConfig { /** * Bid price for each EC2 Spot instance type as defined by `instanceType`. Expressed in USD. If neither `bidPrice` nor `bidPriceAsPercentageOfOnDemandPrice` is provided, `bidPriceAsPercentageOfOnDemandPrice` defaults to 100%. */ bidPrice?: pulumi.Input; /** * Bid price, as a percentage of On-Demand price, for each EC2 Spot instance as defined by `instanceType`. Expressed as a number (for example, 20 specifies 20%). If neither `bidPrice` nor `bidPriceAsPercentageOfOnDemandPrice` is provided, `bidPriceAsPercentageOfOnDemandPrice` defaults to 100%. */ bidPriceAsPercentageOfOnDemandPrice?: pulumi.Input; /** * Configuration classification that applies when provisioning cluster instances, which can include configurations for applications and software that run on the cluster. List of `configuration` blocks. */ configurations?: pulumi.Input[]>; /** * Configuration block(s) for EBS volumes attached to each instance in the instance group. Detailed below. */ ebsConfigs?: pulumi.Input[]>; /** * EC2 instance type, such as m4.xlarge. */ instanceType: pulumi.Input; /** * Number of units that a provisioned instance of this type provides toward fulfilling the target capacities defined in `aws.emr.InstanceFleet`. */ weightedCapacity?: pulumi.Input; } export interface ClusterMasterInstanceFleetInstanceTypeConfigConfiguration { /** * Classification within a configuration. */ classification?: pulumi.Input; /** * Map of properties specified within a configuration classification. */ properties?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface ClusterMasterInstanceFleetInstanceTypeConfigEbsConfig { /** * Number of I/O operations per second (IOPS) that the volume supports. */ iops?: pulumi.Input; /** * Volume size, in gibibytes (GiB). */ size: pulumi.Input; /** * Volume type. Valid options are `gp3`, `gp2`, `io1`, `io2`, `standard`, `st1` and `sc1`. See [EBS Volume Types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html). */ type: pulumi.Input; /** * Number of EBS volumes with this configuration to attach to each EC2 instance in the instance group (default is 1). */ volumesPerInstance?: pulumi.Input; } export interface ClusterMasterInstanceFleetLaunchSpecifications { /** * Configuration block for on demand instances launch specifications. */ onDemandSpecifications?: pulumi.Input[]>; /** * Configuration block for spot instances launch specifications. */ spotSpecifications?: pulumi.Input[]>; } export interface ClusterMasterInstanceFleetLaunchSpecificationsOnDemandSpecification { /** * Specifies the strategy to use in launching On-Demand instance fleets. Currently, the only option is `lowest-price` (the default), which launches the lowest price first. */ allocationStrategy: pulumi.Input; } export interface ClusterMasterInstanceFleetLaunchSpecificationsSpotSpecification { /** * Specifies the strategy to use in launching Spot instance fleets. Valid values include `capacity-optimized`, `diversified`, `lowest-price`, `price-capacity-optimized`. See the [AWS documentation](https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-instance-fleet.html#emr-instance-fleet-allocation-strategy) for details on each strategy type. */ allocationStrategy: pulumi.Input; /** * Defined duration for Spot instances (also known as Spot blocks) in minutes. When specified, the Spot instance does not terminate before the defined duration expires, and defined duration pricing for Spot instances applies. Valid values are 60, 120, 180, 240, 300, or 360. The duration period starts as soon as a Spot instance receives its instance ID. At the end of the duration, Amazon EC2 marks the Spot instance for termination and provides a Spot instance termination notice, which gives the instance a two-minute warning before it terminates. */ blockDurationMinutes?: pulumi.Input; /** * Action to take when TargetSpotCapacity has not been fulfilled when the TimeoutDurationMinutes has expired; that is, when all Spot instances could not be provisioned within the Spot provisioning timeout. Valid values are `TERMINATE_CLUSTER` and `SWITCH_TO_ON_DEMAND`. SWITCH_TO_ON_DEMAND specifies that if no Spot instances are available, On-Demand Instances should be provisioned to fulfill any remaining Spot capacity. */ timeoutAction: pulumi.Input; /** * Spot provisioning timeout period in minutes. If Spot instances are not provisioned within this time period, the TimeOutAction is taken. Minimum value is 5 and maximum value is 1440. The timeout applies only during initial provisioning, when the cluster is first created. */ timeoutDurationMinutes: pulumi.Input; } export interface ClusterMasterInstanceGroup { /** * Bid price for each EC2 instance in the instance group, expressed in USD. By setting this attribute, the instance group is being declared as a Spot Instance, and will implicitly create a Spot request. Leave this blank to use On-Demand Instances. */ bidPrice?: pulumi.Input; /** * Configuration block(s) for EBS volumes attached to each instance in the instance group. Detailed below. */ ebsConfigs?: pulumi.Input[]>; /** * Master node type Instance Group ID, if using Instance Group for this node type. */ id?: pulumi.Input; /** * Target number of instances for the instance group. Must be 1 or 3. Defaults to 1. Launching with multiple master nodes is only supported in EMR version 5.23.0+, and requires this resource's `coreInstanceGroup` to be configured. Public (Internet accessible) instances must be created in VPC subnets that have map public IP on launch enabled. Termination protection is automatically enabled when launched with multiple master nodes and this provider must have the `terminationProtection = false` configuration applied before destroying this resource. */ instanceCount?: pulumi.Input; /** * EC2 instance type for all instances in the instance group. */ instanceType: pulumi.Input; /** * Friendly name given to the instance group. */ name?: pulumi.Input; } export interface ClusterMasterInstanceGroupEbsConfig { /** * Number of I/O operations per second (IOPS) that the volume supports. */ iops?: pulumi.Input; /** * Volume size, in gibibytes (GiB). */ size: pulumi.Input; /** * The throughput, in mebibyte per second (MiB/s). */ throughput?: pulumi.Input; /** * Volume type. Valid options are `gp3`, `gp2`, `io1`, `io2`, `standard`, `st1` and `sc1`. See [EBS Volume Types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html). */ type: pulumi.Input; /** * Number of EBS volumes with this configuration to attach to each EC2 instance in the instance group (default is 1). */ volumesPerInstance?: pulumi.Input; } export interface ClusterPlacementGroupConfig { /** * Role of the instance in the cluster. Valid Values: `MASTER`, `CORE`, `TASK`. */ instanceRole: pulumi.Input; /** * EC2 Placement Group strategy associated with instance role. Valid Values: `SPREAD`, `PARTITION`, `CLUSTER`, `NONE`. */ placementStrategy?: pulumi.Input; } export interface ClusterStep { /** * Action to take if the step fails. Valid values: `TERMINATE_JOB_FLOW`, `TERMINATE_CLUSTER`, `CANCEL_AND_WAIT`, and `CONTINUE` */ actionOnFailure: pulumi.Input; /** * JAR file used for the step. See below. */ hadoopJarStep: pulumi.Input; /** * Name of the step. */ name: pulumi.Input; } export interface ClusterStepHadoopJarStep { /** * List of command line arguments passed to the JAR file's main function when executed. */ args?: pulumi.Input[]>; /** * Path to a JAR file run during the step. */ jar: pulumi.Input; /** * Name of the main class in the specified Java file. If not specified, the JAR file should specify a Main-Class in its manifest file. */ mainClass?: pulumi.Input; /** * Key-Value map of Java properties that are set when the step runs. You can use these properties to pass key value pairs to your main function. */ properties?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface GetReleaseLabelsFilters { /** * Optional release label application filter. For example, `Spark@2.1.0` or `Spark`. */ application?: string; /** * Optional release label version prefix filter. For example, `emr-5`. */ prefix?: string; } export interface GetReleaseLabelsFiltersArgs { /** * Optional release label application filter. For example, `Spark@2.1.0` or `Spark`. */ application?: pulumi.Input; /** * Optional release label version prefix filter. For example, `emr-5`. */ prefix?: pulumi.Input; } export interface InstanceFleetInstanceTypeConfig { /** * The bid price for each EC2 Spot instance type as defined by `instanceType`. Expressed in USD. If neither `bidPrice` nor `bidPriceAsPercentageOfOnDemandPrice` is provided, `bidPriceAsPercentageOfOnDemandPrice` defaults to 100%. */ bidPrice?: pulumi.Input; /** * The bid price, as a percentage of On-Demand price, for each EC2 Spot instance as defined by `instanceType`. Expressed as a number (for example, 20 specifies 20%). If neither `bidPrice` nor `bidPriceAsPercentageOfOnDemandPrice` is provided, `bidPriceAsPercentageOfOnDemandPrice` defaults to 100%. */ bidPriceAsPercentageOfOnDemandPrice?: pulumi.Input; /** * A configuration classification that applies when provisioning cluster instances, which can include configurations for applications and software that run on the cluster. List of `configuration` blocks. */ configurations?: pulumi.Input[]>; /** * Configuration block(s) for EBS volumes attached to each instance in the instance group. Detailed below. */ ebsConfigs?: pulumi.Input[]>; /** * An EC2 instance type, such as m4.xlarge. */ instanceType: pulumi.Input; /** * The number of units that a provisioned instance of this type provides toward fulfilling the target capacities defined in `aws.emr.InstanceFleet`. */ weightedCapacity?: pulumi.Input; } export interface InstanceFleetInstanceTypeConfigConfiguration { /** * The classification within a configuration. */ classification?: pulumi.Input; /** * A map of properties specified within a configuration classification */ properties?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface InstanceFleetInstanceTypeConfigEbsConfig { /** * The number of I/O operations per second (IOPS) that the volume supports */ iops?: pulumi.Input; /** * The volume size, in gibibytes (GiB). */ size: pulumi.Input; /** * The volume type. Valid options are `gp2`, `io1`, `standard` and `st1`. See [EBS Volume Types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html). */ type: pulumi.Input; /** * The number of EBS volumes with this configuration to attach to each EC2 instance in the instance group (default is 1) */ volumesPerInstance?: pulumi.Input; } export interface InstanceFleetLaunchSpecifications { /** * Configuration block for on demand instances launch specifications */ onDemandSpecifications?: pulumi.Input[]>; /** * Configuration block for spot instances launch specifications */ spotSpecifications?: pulumi.Input[]>; } export interface InstanceFleetLaunchSpecificationsOnDemandSpecification { /** * Specifies one of the following strategies to launch Spot Instance fleets: `price-capacity-optimized`, `capacity-optimized`, `lowest-price`, or `diversified`. For more information on the provisioning strategies, see [Allocation strategies for Spot Instances](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet-allocation-strategy.html). */ allocationStrategy: pulumi.Input; } export interface InstanceFleetLaunchSpecificationsSpotSpecification { /** * Specifies one of the following strategies to launch Spot Instance fleets: `price-capacity-optimized`, `capacity-optimized`, `lowest-price`, or `diversified`. For more information on the provisioning strategies, see [Allocation strategies for Spot Instances](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet-allocation-strategy.html). */ allocationStrategy: pulumi.Input; /** * The defined duration for Spot instances (also known as Spot blocks) in minutes. When specified, the Spot instance does not terminate before the defined duration expires, and defined duration pricing for Spot instances applies. Valid values are 60, 120, 180, 240, 300, or 360. The duration period starts as soon as a Spot instance receives its instance ID. At the end of the duration, Amazon EC2 marks the Spot instance for termination and provides a Spot instance termination notice, which gives the instance a two-minute warning before it terminates. */ blockDurationMinutes?: pulumi.Input; /** * The action to take when TargetSpotCapacity has not been fulfilled when the TimeoutDurationMinutes has expired; that is, when all Spot instances could not be provisioned within the Spot provisioning timeout. Valid values are `TERMINATE_CLUSTER` and `SWITCH_TO_ON_DEMAND`. SWITCH_TO_ON_DEMAND specifies that if no Spot instances are available, On-Demand Instances should be provisioned to fulfill any remaining Spot capacity. */ timeoutAction: pulumi.Input; /** * The spot provisioning timeout period in minutes. If Spot instances are not provisioned within this time period, the TimeOutAction is taken. Minimum value is 5 and maximum value is 1440. The timeout applies only during initial provisioning, when the cluster is first created. */ timeoutDurationMinutes: pulumi.Input; } export interface InstanceGroupEbsConfig { /** * The number of I/O operations per second (IOPS) that the volume supports. */ iops?: pulumi.Input; /** * The volume size, in gibibytes (GiB). This can be a number from 1 - 1024. If the volume type is EBS-optimized, the minimum value is 10. */ size: pulumi.Input; /** * The volume type. Valid options are 'gp2', 'io1' and 'standard'. */ type: pulumi.Input; /** * The number of EBS Volumes to attach per instance. */ volumesPerInstance?: pulumi.Input; } export interface ManagedScalingPolicyComputeLimit { /** * The upper boundary of EC2 units. It is measured through VCPU cores or instances for instance groups and measured through units for instance fleets. Managed scaling activities are not allowed beyond this boundary. The limit only applies to the core and task nodes. The master node cannot be scaled after initial configuration. */ maximumCapacityUnits: pulumi.Input; /** * The upper boundary of EC2 units for core node type in a cluster. It is measured through VCPU cores or instances for instance groups and measured through units for instance fleets. The core units are not allowed to scale beyond this boundary. The parameter is used to split capacity allocation between core and task nodes. */ maximumCoreCapacityUnits?: pulumi.Input; /** * The upper boundary of On-Demand EC2 units. It is measured through VCPU cores or instances for instance groups and measured through units for instance fleets. The On-Demand units are not allowed to scale beyond this boundary. The parameter is used to split capacity allocation between On-Demand and Spot instances. */ maximumOndemandCapacityUnits?: pulumi.Input; /** * The lower boundary of EC2 units. It is measured through VCPU cores or instances for instance groups and measured through units for instance fleets. Managed scaling activities are not allowed beyond this boundary. The limit only applies to the core and task nodes. The master node cannot be scaled after initial configuration. */ minimumCapacityUnits: pulumi.Input; /** * The unit type used for specifying a managed scaling policy. Valid Values: `InstanceFleetUnits` | `Instances` | `VCPU` */ unitType: pulumi.Input; } } export namespace emrcontainers { export interface JobTemplateJobTemplateData { /** * The configuration settings that are used to override defaults configuration. */ configurationOverrides?: pulumi.Input; /** * The execution role ARN of the job run. */ executionRoleArn: pulumi.Input; /** * Specify the driver that the job runs on. Exactly one of the two available job drivers is required, either sparkSqlJobDriver or sparkSubmitJobDriver. */ jobDriver: pulumi.Input; /** * The tags assigned to jobs started using the job template. */ jobTags?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * The release version of Amazon EMR. */ releaseLabel: pulumi.Input; } export interface JobTemplateJobTemplateDataConfigurationOverrides { /** * The configurations for the application running by the job run. */ applicationConfigurations?: pulumi.Input[]>; /** * The configurations for monitoring. */ monitoringConfiguration?: pulumi.Input; } export interface JobTemplateJobTemplateDataConfigurationOverridesApplicationConfiguration { /** * The classification within a configuration. */ classification: pulumi.Input; /** * A list of additional configurations to apply within a configuration object. */ configurations?: pulumi.Input[]>; /** * A set of properties specified within a configuration classification. */ properties?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface JobTemplateJobTemplateDataConfigurationOverridesApplicationConfigurationConfiguration { /** * The classification within a configuration. */ classification?: pulumi.Input; /** * A set of properties specified within a configuration classification. */ properties?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface JobTemplateJobTemplateDataConfigurationOverridesMonitoringConfiguration { /** * Monitoring configurations for CloudWatch. */ cloudWatchMonitoringConfiguration?: pulumi.Input; /** * Monitoring configurations for the persistent application UI. */ persistentAppUi?: pulumi.Input; /** * Amazon S3 configuration for monitoring log publishing. */ s3MonitoringConfiguration?: pulumi.Input; } export interface JobTemplateJobTemplateDataConfigurationOverridesMonitoringConfigurationCloudWatchMonitoringConfiguration { /** * The name of the log group for log publishing. */ logGroupName: pulumi.Input; /** * The specified name prefix for log streams. */ logStreamNamePrefix?: pulumi.Input; } export interface JobTemplateJobTemplateDataConfigurationOverridesMonitoringConfigurationS3MonitoringConfiguration { /** * Amazon S3 destination URI for log publishing. */ logUri: pulumi.Input; } export interface JobTemplateJobTemplateDataJobDriver { /** * The job driver for job type. */ sparkSqlJobDriver?: pulumi.Input; /** * The job driver parameters specified for spark submit. */ sparkSubmitJobDriver?: pulumi.Input; } export interface JobTemplateJobTemplateDataJobDriverSparkSqlJobDriver { /** * The SQL file to be executed. */ entryPoint?: pulumi.Input; /** * The Spark parameters to be included in the Spark SQL command. */ sparkSqlParameters?: pulumi.Input; } export interface JobTemplateJobTemplateDataJobDriverSparkSubmitJobDriver { /** * The entry point of job application. */ entryPoint: pulumi.Input; /** * The arguments for job application. */ entryPointArguments?: pulumi.Input[]>; /** * The Spark submit parameters that are used for job runs. */ sparkSubmitParameters?: pulumi.Input; } export interface VirtualClusterContainerProvider { /** * The name of the container provider that is running your EMR Containers cluster */ id: pulumi.Input; /** * Nested list containing information about the configuration of the container provider */ info: pulumi.Input; /** * The type of the container provider */ type: pulumi.Input; } export interface VirtualClusterContainerProviderInfo { /** * Nested list containing EKS-specific information about the cluster where the EMR Containers cluster is running */ eksInfo: pulumi.Input; } export interface VirtualClusterContainerProviderInfoEksInfo { /** * The namespace where the EMR Containers cluster is running */ namespace?: pulumi.Input; } } export namespace emrserverless { export interface ApplicationAutoStartConfiguration { /** * Enables the application to automatically start on job submission. Defaults to `true`. */ enabled?: pulumi.Input; } export interface ApplicationAutoStopConfiguration { /** * Enables the application to automatically stop after a certain amount of time being idle. Defaults to `true`. */ enabled?: pulumi.Input; /** * The amount of idle time in minutes after which your application will automatically stop. Defaults to `15` minutes. */ idleTimeoutMinutes?: pulumi.Input; } export interface ApplicationImageConfiguration { /** * The image URI. */ imageUri: pulumi.Input; } export interface ApplicationInitialCapacity { /** * The initial capacity configuration per worker. */ initialCapacityConfig?: pulumi.Input; /** * The worker type for an analytics framework. For Spark applications, the key can either be set to `Driver` or `Executor`. For Hive applications, it can be set to `HiveDriver` or `TezTask`. */ initialCapacityType: pulumi.Input; } export interface ApplicationInitialCapacityInitialCapacityConfig { /** * The resource configuration of the initial capacity configuration. */ workerConfiguration?: pulumi.Input; /** * The number of workers in the initial capacity configuration. */ workerCount: pulumi.Input; } export interface ApplicationInitialCapacityInitialCapacityConfigWorkerConfiguration { /** * The CPU requirements for every worker instance of the worker type. */ cpu: pulumi.Input; /** * The disk requirements for every worker instance of the worker type. */ disk?: pulumi.Input; /** * The memory requirements for every worker instance of the worker type. */ memory: pulumi.Input; } export interface ApplicationInteractiveConfiguration { /** * Enables an Apache Livy endpoint that you can connect to and run interactive jobs. */ livyEndpointEnabled?: pulumi.Input; /** * Enables you to connect an application to Amazon EMR Studio to run interactive workloads in a notebook. */ studioEnabled?: pulumi.Input; } export interface ApplicationMaximumCapacity { /** * The maximum allowed CPU for an application. */ cpu: pulumi.Input; /** * The maximum allowed disk for an application. */ disk?: pulumi.Input; /** * The maximum allowed resources for an application. */ memory: pulumi.Input; } export interface ApplicationMonitoringConfiguration { /** * The Amazon CloudWatch configuration for monitoring logs. */ cloudwatchLoggingConfiguration?: pulumi.Input; /** * The managed log persistence configuration for monitoring logs. */ managedPersistenceMonitoringConfiguration?: pulumi.Input; /** * The Prometheus configuration for monitoring metrics. */ prometheusMonitoringConfiguration?: pulumi.Input; /** * The Amazon S3 configuration for monitoring log publishing. */ s3MonitoringConfiguration?: pulumi.Input; } export interface ApplicationMonitoringConfigurationCloudwatchLoggingConfiguration { /** * Enables CloudWatch logging. */ enabled: pulumi.Input; /** * The AWS Key Management Service (KMS) key ARN to encrypt the logs that you store in CloudWatch Logs. */ encryptionKeyArn?: pulumi.Input; /** * The name of the log group in Amazon CloudWatch Logs where you want to publish your logs. */ logGroupName?: pulumi.Input; /** * Prefix for the CloudWatch log stream name. */ logStreamNamePrefix?: pulumi.Input; /** * The types of logs that you want to publish to CloudWatch. If you don't specify any log types, driver STDOUT and STDERR logs will be published to CloudWatch Logs by default. See logTypes for more details. */ logTypes?: pulumi.Input[]>; } export interface ApplicationMonitoringConfigurationCloudwatchLoggingConfigurationLogType { /** * The worker type. Valid values are `SPARK_DRIVER`, `SPARK_EXECUTOR`, `HIVE_DRIVER`, and `TEZ_TASK`. */ name: pulumi.Input; /** * The list of log types to publish. Valid values are `STDOUT`, `STDERR`, `HIVE_LOG`, `TEZ_AM`, and `SYSTEM_LOGS`. */ values: pulumi.Input[]>; } export interface ApplicationMonitoringConfigurationManagedPersistenceMonitoringConfiguration { /** * Enables managed log persistence for monitoring logs. */ enabled?: pulumi.Input; /** * The KMS key ARN to encrypt the logs stored in managed persistence. */ encryptionKeyArn?: pulumi.Input; } export interface ApplicationMonitoringConfigurationPrometheusMonitoringConfiguration { /** * The Prometheus remote write URL for sending metrics. Only supported in EMR 7.1.0 and later versions. */ remoteWriteUrl?: pulumi.Input; } export interface ApplicationMonitoringConfigurationS3MonitoringConfiguration { /** * The KMS key ARN to encrypt the logs published to the given Amazon S3 destination. */ encryptionKeyArn?: pulumi.Input; /** * The Amazon S3 destination URI for log publishing. */ logUri?: pulumi.Input; } export interface ApplicationNetworkConfiguration { /** * The array of security group Ids for customer VPC connectivity. */ securityGroupIds?: pulumi.Input[]>; /** * The array of subnet Ids for customer VPC connectivity. */ subnetIds?: pulumi.Input[]>; } export interface ApplicationRuntimeConfiguration { /** * The classification within a configuration. */ classification: pulumi.Input; /** * A set of properties specified within a configuration classification. */ properties?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface ApplicationSchedulerConfiguration { /** * Maximum concurrent job runs on this application. Valid range is `1` to `1000`. Defaults to `15`. */ maxConcurrentRuns?: pulumi.Input; /** * Maximum duration in minutes for the job in QUEUED state. Valid range is from `15` to `720`. Defaults to `360`. */ queueTimeoutMinutes?: pulumi.Input; } } export namespace evidently { export interface FeatureEvaluationRule { /** * The name for the new feature. Minimum length of `1`. Maximum length of `127`. */ name?: pulumi.Input; /** * This value is `aws.evidently.splits` if this is an evaluation rule for a launch, and it is `aws.evidently.onlineab` if this is an evaluation rule for an experiment. */ type?: pulumi.Input; } export interface FeatureVariation { /** * The name of the variation. Minimum length of `1`. Maximum length of `127`. */ name: pulumi.Input; /** * A block that specifies the value assigned to this variation. Detailed below */ value: pulumi.Input; } export interface FeatureVariationValue { /** * If this feature uses the Boolean variation type, this field contains the Boolean value of this variation. */ boolValue?: pulumi.Input; /** * If this feature uses the double integer variation type, this field contains the double integer value of this variation. */ doubleValue?: pulumi.Input; /** * If this feature uses the long variation type, this field contains the long value of this variation. Minimum value of `-9007199254740991`. Maximum value of `9007199254740991`. */ longValue?: pulumi.Input; /** * If this feature uses the string variation type, this field contains the string value of this variation. Minimum length of `0`. Maximum length of `512`. */ stringValue?: pulumi.Input; } export interface LaunchExecution { /** * The date and time that the launch ended. */ endedTime?: pulumi.Input; /** * The date and time that the launch started. */ startedTime?: pulumi.Input; } export interface LaunchGroup { /** * Specifies the description of the launch group. */ description?: pulumi.Input; /** * Specifies the name of the feature that the launch is using. */ feature: pulumi.Input; /** * Specifies the name of the lahnch group. */ name: pulumi.Input; /** * Specifies the feature variation to use for this launch group. */ variation: pulumi.Input; } export interface LaunchMetricMonitor { /** * A block that defines the metric. Detailed below. */ metricDefinition: pulumi.Input; } export interface LaunchMetricMonitorMetricDefinition { /** * Specifies the entity, such as a user or session, that does an action that causes a metric value to be recorded. An example is `userDetails.userID`. */ entityIdKey: pulumi.Input; /** * Specifies The EventBridge event pattern that defines how the metric is recorded. */ eventPattern?: pulumi.Input; /** * Specifies the name for the metric. */ name: pulumi.Input; /** * Specifies a label for the units that the metric is measuring. */ unitLabel?: pulumi.Input; /** * Specifies the value that is tracked to produce the metric. */ valueKey: pulumi.Input; } export interface LaunchScheduledSplitsConfig { /** * One or up to six blocks that define the traffic allocation percentages among the feature variations during each step of the launch. This also defines the start time of each step. Detailed below. */ steps: pulumi.Input[]>; } export interface LaunchScheduledSplitsConfigStep { /** * The traffic allocation percentages among the feature variations during one step of a launch. This is a set of key-value pairs. The keys are variation names. The values represent the percentage of traffic to allocate to that variation during this step. For more information, refer to the [AWS documentation for ScheduledSplitConfig groupWeights](https://docs.aws.amazon.com/cloudwatchevidently/latest/APIReference/API_ScheduledSplitConfig.html). */ groupWeights: pulumi.Input<{[key: string]: pulumi.Input}>; /** * One or up to six blocks that specify different traffic splits for one or more audience segments. A segment is a portion of your audience that share one or more characteristics. Examples could be Chrome browser users, users in Europe, or Firefox browser users in Europe who also fit other criteria that your application collects, such as age. Detailed below. */ segmentOverrides?: pulumi.Input[]>; /** * Specifies the date and time that this step of the launch starts. */ startTime: pulumi.Input; } export interface LaunchScheduledSplitsConfigStepSegmentOverride { /** * Specifies a number indicating the order to use to evaluate segment overrides, if there are more than one. Segment overrides with lower numbers are evaluated first. */ evaluationOrder: pulumi.Input; /** * The name or ARN of the segment to use. */ segment: pulumi.Input; /** * The traffic allocation percentages among the feature variations to assign to this segment. This is a set of key-value pairs. The keys are variation names. The values represent the amount of traffic to allocate to that variation for this segment. This is expressed in thousandths of a percent, so a weight of 50000 represents 50% of traffic. */ weights: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface ProjectDataDelivery { /** * A block that defines the CloudWatch Log Group that stores the evaluation events. See below. */ cloudwatchLogs?: pulumi.Input; /** * A block that defines the S3 bucket and prefix that stores the evaluation events. See below. */ s3Destination?: pulumi.Input; } export interface ProjectDataDeliveryCloudwatchLogs { /** * The name of the log group where the project stores evaluation events. */ logGroup?: pulumi.Input; } export interface ProjectDataDeliveryS3Destination { /** * The name of the bucket in which Evidently stores evaluation events. */ bucket?: pulumi.Input; /** * The bucket prefix in which Evidently stores evaluation events. */ prefix?: pulumi.Input; } } export namespace finspace { export interface KxClusterAutoScalingConfiguration { /** * Metric your cluster will track in order to scale in and out. For example, CPU_UTILIZATION_PERCENTAGE is the average CPU usage across all nodes in a cluster. */ autoScalingMetric: pulumi.Input; /** * Highest number of nodes to scale. Cannot be greater than 5 */ maxNodeCount: pulumi.Input; /** * Desired value of chosen `autoScalingMetric`. When metric drops below this value, cluster will scale in. When metric goes above this value, cluster will scale out. Can be set between 0 and 100 percent. */ metricTarget: pulumi.Input; /** * Lowest number of nodes to scale. Must be at least 1 and less than the `maxNodeCount`. If nodes in cluster belong to multiple availability zones, then `minNodeCount` must be at least 3. */ minNodeCount: pulumi.Input; /** * Duration in seconds that FinSpace will wait after a scale in event before initiating another scaling event. */ scaleInCooldownSeconds: pulumi.Input; /** * Duration in seconds that FinSpace will wait after a scale out event before initiating another scaling event. */ scaleOutCooldownSeconds: pulumi.Input; } export interface KxClusterCacheStorageConfiguration { size: pulumi.Input; /** * Type of KDB database. The following types are available: * * HDB - Historical Database. The data is only accessible with read-only permissions from one of the FinSpace managed KX databases mounted to the cluster. * * RDB - Realtime Database. This type of database captures all the data from a ticker plant and stores it in memory until the end of day, after which it writes all of its data to a disk and reloads the HDB. This cluster type requires local storage for temporary storage of data during the savedown process. If you specify this field in your request, you must provide the `savedownStorageConfiguration` parameter. * * GATEWAY - A gateway cluster allows you to access data across processes in kdb systems. It allows you to create your own routing logic using the initialization scripts and custom code. This type of cluster does not require a writable local storage. * * GP - A general purpose cluster allows you to quickly iterate on code during development by granting greater access to system commands and enabling a fast reload of custom code. This cluster type can optionally mount databases including cache and savedown storage. For this cluster type, the node count is fixed at 1. It does not support autoscaling and supports only `SINGLE` AZ mode. * * Tickerplant - A tickerplant cluster allows you to subscribe to feed handlers based on IAM permissions. It can publish to RDBs, other Tickerplants, and real-time subscribers (RTS). Tickerplants can persist messages to log, which is readable by any RDB environment. It supports only single-node that is only one kdb process. */ type: pulumi.Input; } export interface KxClusterCapacityConfiguration { /** * Number of instances running in a cluster. Must be at least 1 and at most 5. */ nodeCount: pulumi.Input; /** * Determines the hardware of the host computer used for your cluster instance. Each node type offers different memory and storage capabilities. Choose a node type based on the requirements of the application or software that you plan to run on your instance. * * You can only specify one of the following values: * * kx.s.large - The node type with a configuration of 12 GiB memory and 2 vCPUs. * * kx.s.xlarge - The node type with a configuration of 27 GiB memory and 4 vCPUs. * * kx.s.2xlarge - The node type with a configuration of 54 GiB memory and 8 vCPUs. * * kx.s.4xlarge - The node type with a configuration of 108 GiB memory and 16 vCPUs. * * kx.s.8xlarge - The node type with a configuration of 216 GiB memory and 32 vCPUs. * * kx.s.16xlarge - The node type with a configuration of 432 GiB memory and 64 vCPUs. * * kx.s.32xlarge - The node type with a configuration of 864 GiB memory and 128 vCPUs. */ nodeType: pulumi.Input; } export interface KxClusterCode { /** * Unique name for the S3 bucket. */ s3Bucket: pulumi.Input; /** * Full S3 path (excluding bucket) to the .zip file that contains the code to be loaded onto the cluster when it’s started. */ s3Key: pulumi.Input; /** * Version of an S3 Object. */ s3ObjectVersion?: pulumi.Input; } export interface KxClusterDatabase { /** * Configuration details for the disk cache to increase performance reading from a KX database mounted to the cluster. See cache_configurations. */ cacheConfigurations?: pulumi.Input[]>; /** * A unique identifier of the changeset that is associated with the cluster. */ changesetId?: pulumi.Input; /** * Name of the KX database. */ databaseName: pulumi.Input; /** * The name of the dataview to be used for caching historical data on disk. You cannot update to a different dataview name once a cluster is created. Use `lifecycle` `ignoreChanges` for database to prevent any undesirable behaviors. */ dataviewName?: pulumi.Input; } export interface KxClusterDatabaseCacheConfiguration { /** * Type of disk cache. */ cacheType: pulumi.Input; /** * Paths within the database to cache. */ dbPaths?: pulumi.Input[]>; } export interface KxClusterSavedownStorageConfiguration { /** * Size of temporary storage in gigabytes. Must be between 10 and 16000. */ size?: pulumi.Input; /** * Type of writeable storage space for temporarily storing your savedown data. The valid values are: * * SDS01 - This type represents 3000 IOPS and io2 ebs volume type. */ type?: pulumi.Input; /** * The name of the kdb volume that you want to use as writeable save-down storage for clusters. */ volumeName?: pulumi.Input; } export interface KxClusterScalingGroupConfiguration { /** * The number of vCPUs that you want to reserve for each node of this kdb cluster on the scaling group host. */ cpu?: pulumi.Input; /** * An optional hard limit on the amount of memory a kdb cluster can use. */ memoryLimit?: pulumi.Input; /** * A reservation of the minimum amount of memory that should be available on the scaling group for a kdb cluster to be successfully placed in a scaling group. */ memoryReservation: pulumi.Input; /** * The number of kdb cluster nodes. */ nodeCount: pulumi.Input; /** * A unique identifier for the kdb scaling group. */ scalingGroupName: pulumi.Input; } export interface KxClusterTickerplantLogConfiguration { tickerplantLogVolumes: pulumi.Input[]>; } export interface KxClusterVpcConfiguration { /** * IP address type for cluster network configuration parameters. The following type is available: IP_V4 - IP address version 4. */ ipAddressType: pulumi.Input; /** * Unique identifier of the VPC security group applied to the VPC endpoint ENI for the cluster. * * `subnetIds `- (Required) Identifier of the subnet that the Privatelink VPC endpoint uses to connect to the cluster. */ securityGroupIds: pulumi.Input[]>; subnetIds: pulumi.Input[]>; /** * Identifier of the VPC endpoint */ vpcId: pulumi.Input; } export interface KxDataviewSegmentConfiguration { /** * The database path of the data that you want to place on each selected volume. Each segment must have a unique database path for each volume. */ dbPaths: pulumi.Input[]>; /** * Enables on-demand caching on the selected database path when a particular file or a column of the database is accessed. When on demand caching is **True**, dataviews perform minimal loading of files on the filesystem as needed. When it is set to **False**, everything is cached. The default value is **False**. */ onDemand?: pulumi.Input; /** * The name of the volume that you want to attach to a dataview. This volume must be in the same availability zone as the dataview that you are attaching to. */ volumeName: pulumi.Input; } export interface KxEnvironmentCustomDnsConfiguration { /** * IP address of the DNS server. */ customDnsServerIp: pulumi.Input; /** * Name of the DNS server. */ customDnsServerName: pulumi.Input; } export interface KxEnvironmentTransitGatewayConfiguration { /** * Rules that define how you manage outbound traffic from kdb network to your internal network. Defined below. */ attachmentNetworkAclConfigurations?: pulumi.Input[]>; /** * Routing CIDR on behalf of KX environment. It could be any “/26 range in the 100.64.0.0 CIDR space. After providing, it will be added to the customer’s transit gateway routing table so that the traffics could be routed to KX network. */ routableCidrSpace: pulumi.Input; /** * Identifier of the transit gateway created by the customer to connect outbound traffics from KX network to your internal network. */ transitGatewayId: pulumi.Input; } export interface KxEnvironmentTransitGatewayConfigurationAttachmentNetworkAclConfiguration { /** * The IPv4 network range to allow or deny, in CIDR notation. The specified CIDR block is modified to its canonical form. For example, `100.68.0.18/18` will be converted to `100.68.0.0/18`. */ cidrBlock: pulumi.Input; /** * Defines the ICMP protocol that consists of the ICMP type and code. Defined below. */ icmpTypeCode?: pulumi.Input; /** * Range of ports the rule applies to. Defined below. */ portRange?: pulumi.Input; /** * Protocol number. A value of `1` means all the protocols. */ protocol: pulumi.Input; /** * Indicates whether to `allow` or `deny` the traffic that matches the rule. */ ruleAction: pulumi.Input; /** * Rule number for the entry. All the network ACL entries are processed in ascending order by rule number. */ ruleNumber: pulumi.Input; } export interface KxEnvironmentTransitGatewayConfigurationAttachmentNetworkAclConfigurationIcmpTypeCode { /** * ICMP code. A value of `-1` means all codes for the specified ICMP type. */ code: pulumi.Input; /** * ICMP type. A value of `-1` means all types. */ type: pulumi.Input; } export interface KxEnvironmentTransitGatewayConfigurationAttachmentNetworkAclConfigurationPortRange { /** * First port in the range. */ from: pulumi.Input; /** * Last port in the range. */ to: pulumi.Input; } export interface KxVolumeAttachedCluster { clusterName: pulumi.Input; clusterStatus: pulumi.Input; clusterType: pulumi.Input; } export interface KxVolumeNas1Configuration { /** * The size of the network attached storage. */ size: pulumi.Input; /** * The type of the network attached storage. */ type: pulumi.Input; } } export namespace fis { export interface ExperimentTemplateAction { /** * ID of the action. To find out what actions are supported see [AWS FIS actions reference](https://docs.aws.amazon.com/fis/latest/userguide/fis-actions-reference.html). */ actionId: pulumi.Input; /** * Description of the action. */ description?: pulumi.Input; /** * Friendly name of the action. */ name: pulumi.Input; /** * Parameter(s) for the action, if applicable. See below. */ parameters?: pulumi.Input[]>; /** * Set of action names that must complete before this action can be executed. */ startAfters?: pulumi.Input[]>; /** * Action's target, if applicable. See below. */ target?: pulumi.Input; } export interface ExperimentTemplateActionParameter { /** * Parameter name. */ key: pulumi.Input; /** * Parameter value. * * For a list of parameters supported by each action, see [AWS FIS actions reference](https://docs.aws.amazon.com/fis/latest/userguide/fis-actions-reference.html). */ value: pulumi.Input; } export interface ExperimentTemplateActionTarget { /** * Target type. Valid values are `AutoScalingGroups` (EC2 Auto Scaling groups), `Buckets` (S3 Buckets), `Cluster` (EKS Cluster), `Clusters` (ECS Clusters), `DBInstances` (RDS DB Instances), `Functions` (Lambda Functions), `Instances` (EC2 Instances), `ManagedResources` (EKS clusters, Application and Network Load Balancers, and EC2 Auto Scaling groups that are enabled for ARC zonal shift), `Nodegroups` (EKS Node groups), `Pods` (EKS Pods), `ReplicationGroups`(ElastiCache Redis Replication Groups), `Roles` (IAM Roles), `SpotInstances` (EC2 Spot Instances), `Subnets` (VPC Subnets), `Tables` (DynamoDB encrypted global tables), `Tasks` (ECS Tasks), `TransitGateways` (Transit gateways), `Volumes` (EBS Volumes). See the [documentation](https://docs.aws.amazon.com/fis/latest/userguide/action-sequence.html#action-targets) for more details. */ key: pulumi.Input; /** * Target name, referencing a corresponding target. */ value: pulumi.Input; } export interface ExperimentTemplateExperimentOptions { /** * Specifies the account targeting setting for experiment options. Supports `single-account` and `multi-account`. */ accountTargeting?: pulumi.Input; /** * Specifies the empty target resolution mode for experiment options. Supports `fail` and `skip`. */ emptyTargetResolutionMode?: pulumi.Input; } export interface ExperimentTemplateExperimentReportConfiguration { /** * The data sources for the experiment report. See below. */ dataSources?: pulumi.Input; /** * The outputs for the experiment report. See below. */ outputs?: pulumi.Input; /** * The duration of the post-experiment period. Defaults to `PT20M`. */ postExperimentDuration?: pulumi.Input; /** * The duration of the pre-experiment period. Defaults to `PT20M`. */ preExperimentDuration?: pulumi.Input; } export interface ExperimentTemplateExperimentReportConfigurationDataSources { /** * The data sources for the experiment report. See below. */ cloudwatchDashboards?: pulumi.Input[]>; } export interface ExperimentTemplateExperimentReportConfigurationDataSourcesCloudwatchDashboard { /** * The ARN of the CloudWatch dashboard. */ dashboardArn?: pulumi.Input; } export interface ExperimentTemplateExperimentReportConfigurationOutputs { /** * The data sources for the experiment report. See below. */ s3Configuration?: pulumi.Input; } export interface ExperimentTemplateExperimentReportConfigurationOutputsS3Configuration { /** * The name of the destination bucket. */ bucketName: pulumi.Input; /** * The bucket prefix. */ prefix?: pulumi.Input; } export interface ExperimentTemplateLogConfiguration { /** * The configuration for experiment logging to Amazon CloudWatch Logs. See below. */ cloudwatchLogsConfiguration?: pulumi.Input; /** * The schema version. See [documentation](https://docs.aws.amazon.com/fis/latest/userguide/monitoring-logging.html#experiment-log-schema) for the list of schema versions. */ logSchemaVersion: pulumi.Input; /** * The configuration for experiment logging to Amazon S3. See below. */ s3Configuration?: pulumi.Input; } export interface ExperimentTemplateLogConfigurationCloudwatchLogsConfiguration { /** * The Amazon Resource Name (ARN) of the destination Amazon CloudWatch Logs log group. The ARN must end with `:*` */ logGroupArn: pulumi.Input; } export interface ExperimentTemplateLogConfigurationS3Configuration { /** * The name of the destination bucket. */ bucketName: pulumi.Input; /** * The bucket prefix. */ prefix?: pulumi.Input; } export interface ExperimentTemplateStopCondition { /** * Source of the condition. One of `none`, `aws:cloudwatch:alarm`. */ source: pulumi.Input; /** * ARN of the CloudWatch alarm. Required if the source is a CloudWatch alarm. */ value?: pulumi.Input; } export interface ExperimentTemplateTarget { /** * Filter(s) for the target. Filters can be used to select resources based on specific attributes returned by the respective describe action of the resource type. For more information, see [Targets for AWS FIS](https://docs.aws.amazon.com/fis/latest/userguide/targets.html#target-filters). See below. */ filters?: pulumi.Input[]>; /** * Friendly name given to the target. */ name: pulumi.Input; /** * The resource type parameters. * * > **NOTE:** The `target` configuration block requires either `resourceArns` or `resourceTag`. */ parameters?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Set of ARNs of the resources to target with an action. Conflicts with `resourceTag`. */ resourceArns?: pulumi.Input[]>; /** * Tag(s) the resources need to have to be considered a valid target for an action. Conflicts with `resourceArns`. See below. */ resourceTags?: pulumi.Input[]>; /** * AWS resource type. The resource type must be supported for the specified action. To find out what resource types are supported, see [Targets for AWS FIS](https://docs.aws.amazon.com/fis/latest/userguide/targets.html#resource-types). */ resourceType: pulumi.Input; /** * Scopes the identified resources. Valid values are `ALL` (all identified resources), `COUNT(n)` (randomly select `n` of the identified resources), `PERCENT(n)` (randomly select `n` percent of the identified resources). */ selectionMode: pulumi.Input; } export interface ExperimentTemplateTargetFilter { /** * Attribute path for the filter. */ path: pulumi.Input; /** * Set of attribute values for the filter. * * > **NOTE:** Values specified in a `filter` are joined with an `OR` clause, while values across multiple `filter` blocks are joined with an `AND` clause. For more information, see [Targets for AWS FIS](https://docs.aws.amazon.com/fis/latest/userguide/targets.html#target-filters). */ values: pulumi.Input[]>; } export interface ExperimentTemplateTargetResourceTag { /** * Tag key. */ key: pulumi.Input; /** * Tag value. */ value: pulumi.Input; } } export namespace fms { export interface PolicyExcludeMap { /** * A list of AWS Organization member Accounts that you want to include for this AWS FMS Policy. */ accounts?: pulumi.Input[]>; /** * A list of IDs of the AWS Organizational Units that you want to include for this AWS FMS Policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time. * * You can specify inclusions or exclusions, but not both. If you specify an `includeMap`, AWS Firewall Manager applies the policy to all accounts specified by the `includeMap`, and does not evaluate any `excludeMap` specifications. If you do not specify an `includeMap`, then Firewall Manager applies the policy to all accounts except for those specified by the `excludeMap`. */ orgunits?: pulumi.Input[]>; } export interface PolicyIncludeMap { /** * A list of AWS Organization member Accounts that you want to include for this AWS FMS Policy. */ accounts?: pulumi.Input[]>; /** * A list of IDs of the AWS Organizational Units that you want to include for this AWS FMS Policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time. * * You can specify inclusions or exclusions, but not both. If you specify an `includeMap`, AWS Firewall Manager applies the policy to all accounts specified by the `includeMap`, and does not evaluate any `excludeMap` specifications. If you do not specify an `includeMap`, then Firewall Manager applies the policy to all accounts except for those specified by the `excludeMap`. */ orgunits?: pulumi.Input[]>; } export interface PolicySecurityServicePolicyData { /** * Details about the service that are specific to the service type, in JSON format. For service type `SHIELD_ADVANCED`, this is an empty string. Examples depending on `type` can be found in the [AWS Firewall Manager SecurityServicePolicyData API Reference](https://docs.aws.amazon.com/fms/2018-01-01/APIReference/API_SecurityServicePolicyData.html). */ managedServiceData?: pulumi.Input; /** * Contains the Network Firewall firewall policy options to configure a centralized deployment model. See the `policyOption` block. */ policyOption?: pulumi.Input; /** * An integer value containing ICMP type. */ type: pulumi.Input; } export interface PolicySecurityServicePolicyDataPolicyOption { /** * Defines NACL rules across accounts in their AWS Organization. See the `networkAclCommonPolicy` block. */ networkAclCommonPolicy?: pulumi.Input; /** * Defines the deployment model to use for the firewall policy. See the `networkFirewallPolicy` block. */ networkFirewallPolicy?: pulumi.Input; thirdPartyFirewallPolicy?: pulumi.Input; } export interface PolicySecurityServicePolicyDataPolicyOptionNetworkAclCommonPolicy { /** * Defines NACL entries for Network ACL policy. See the `networkAclEntrySet` block. */ networkAclEntrySet?: pulumi.Input; } export interface PolicySecurityServicePolicyDataPolicyOptionNetworkAclCommonPolicyNetworkAclEntrySet { /** * The rules that you want to run first in the Firewall Manager managed network ACLs. Firewall manager creates entries with ID value between 1 and 5000. See the `firstEntry` block. */ firstEntries?: pulumi.Input[]>; /** * A boolean value, if true Firewall Manager uses this setting when it finds policy violations that involve conflicts between the custom entries and the policy entries. If false Firewall Manager marks the network ACL as noncompliant and does not try to remediate. */ forceRemediateForFirstEntries: pulumi.Input; /** * A boolean value, if true Firewall Manager uses this setting when it finds policy violations that involve conflicts between the custom entries and the policy entries. If false Firewall Manager marks the network ACL as noncompliant and does not try to remediate. */ forceRemediateForLastEntries: pulumi.Input; /** * The rules that you want to run last in the Firewall Manager managed network ACLs. Firewall manager creates entries with ID value between 32000 and 32766. See the `lastEntry` block. */ lastEntries?: pulumi.Input[]>; } export interface PolicySecurityServicePolicyDataPolicyOptionNetworkAclCommonPolicyNetworkAclEntrySetFirstEntry { /** * A string value containing the IPv4 network range to allow or deny, in CIDR notation. */ cidrBlock?: pulumi.Input; /** * A boolean value, if true Firewall Manager creates egress rule. If false Firewall Manager creates ingress rule. */ egress: pulumi.Input; /** * A configuration block for ICMP protocol: The ICMP type and code. See the `icmpTypeCode` block. */ icmpTypeCodes?: pulumi.Input[]>; /** * A string value containing the IPv6 network range to allow or deny, in CIDR notation. */ ipv6CidrBlock?: pulumi.Input; /** * A configuration block for PortRange. See the `portRange` block. */ portRanges?: pulumi.Input[]>; /** * The protocol number. A value of "-1" means all protocols. */ protocol: pulumi.Input; /** * A string value that indicates whether to allow or deny the traffic that matches the rule. Valid values: `allow`, `deny`. */ ruleAction: pulumi.Input; } export interface PolicySecurityServicePolicyDataPolicyOptionNetworkAclCommonPolicyNetworkAclEntrySetFirstEntryIcmpTypeCode { /** * An integer value containing ICMP code. */ code?: pulumi.Input; /** * An integer value containing ICMP type. */ type?: pulumi.Input; } export interface PolicySecurityServicePolicyDataPolicyOptionNetworkAclCommonPolicyNetworkAclEntrySetFirstEntryPortRange { /** * The beginning port number of the range. */ from?: pulumi.Input; /** * The ending port number of the range. */ to?: pulumi.Input; } export interface PolicySecurityServicePolicyDataPolicyOptionNetworkAclCommonPolicyNetworkAclEntrySetLastEntry { /** * A string value containing the IPv4 network range to allow or deny, in CIDR notation. */ cidrBlock?: pulumi.Input; /** * A boolean value, if true Firewall Manager creates egress rule. If false Firewall Manager creates ingress rule. */ egress: pulumi.Input; /** * A configuration block for ICMP protocol: The ICMP type and code. See the `icmpTypeCode` block. */ icmpTypeCodes?: pulumi.Input[]>; /** * A string value containing the IPv6 network range to allow or deny, in CIDR notation. */ ipv6CidrBlock?: pulumi.Input; /** * A configuration block for PortRange. See the `portRange` block. */ portRanges?: pulumi.Input[]>; /** * The protocol number. A value of "-1" means all protocols. */ protocol: pulumi.Input; /** * A string value that indicates whether to allow or deny the traffic that matches the rule. Valid values: `allow`, `deny`. */ ruleAction: pulumi.Input; } export interface PolicySecurityServicePolicyDataPolicyOptionNetworkAclCommonPolicyNetworkAclEntrySetLastEntryIcmpTypeCode { /** * An integer value containing ICMP code. */ code?: pulumi.Input; /** * An integer value containing ICMP type. */ type?: pulumi.Input; } export interface PolicySecurityServicePolicyDataPolicyOptionNetworkAclCommonPolicyNetworkAclEntrySetLastEntryPortRange { /** * The beginning port number of the range. */ from?: pulumi.Input; /** * The ending port number of the range. */ to?: pulumi.Input; } export interface PolicySecurityServicePolicyDataPolicyOptionNetworkFirewallPolicy { /** * Defines the deployment model to use for the third-party firewall policy. Valid values are `CENTRALIZED` and `DISTRIBUTED`. */ firewallDeploymentModel?: pulumi.Input; } export interface PolicySecurityServicePolicyDataPolicyOptionThirdPartyFirewallPolicy { /** * Defines the deployment model to use for the third-party firewall policy. Valid values are `CENTRALIZED` and `DISTRIBUTED`. */ firewallDeploymentModel?: pulumi.Input; } export interface ResourceSetResourceSet { /** * Description of the resource set. */ description?: pulumi.Input; /** * Unique identifier for the resource set. It's returned in the responses to create and list commands. You provide it to operations like update and delete. */ id?: pulumi.Input; /** * Last time that the reosurce set was changed. */ lastUpdateTime?: pulumi.Input; /** * Descriptive name of the resource set. You can't change the name of a resource set after you create it. */ name: pulumi.Input; /** * Indicates whether the resource set is in or out of the admin's Region scope. Valid values are `ACTIVE` (Admin can manage and delete the resource set) or `OUT_OF_ADMIN_SCOPE` (Admin can view the resource set, but they can't edit or delete the resource set.) */ resourceSetStatus?: pulumi.Input; /** * Determines the resources that can be associated to the resource set. Depending on your setting for max results and the number of resource sets, a single call might not return the full list. */ resourceTypeLists?: pulumi.Input[]>; updateToken?: pulumi.Input; } export interface ResourceSetTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } } export namespace fsx { export interface DataRepositoryAssociationS3 { /** * Specifies the type of updated objects that will be automatically exported from your file system to the linked S3 bucket. See the `events` configuration block. */ autoExportPolicy?: pulumi.Input; /** * Specifies the type of updated objects that will be automatically imported from the linked S3 bucket to your file system. See the `events` configuration block. */ autoImportPolicy?: pulumi.Input; } export interface DataRepositoryAssociationS3AutoExportPolicy { /** * A list of file event types to automatically export to your linked S3 bucket or import from the linked S3 bucket. Valid values are `NEW`, `CHANGED`, `DELETED`. Max of 3. */ events?: pulumi.Input[]>; } export interface DataRepositoryAssociationS3AutoImportPolicy { /** * A list of file event types to automatically export to your linked S3 bucket or import from the linked S3 bucket. Valid values are `NEW`, `CHANGED`, `DELETED`. Max of 3. */ events?: pulumi.Input[]>; } export interface FileCacheDataRepositoryAssociation { associationId?: pulumi.Input; /** * The path to the S3 or NFS data repository that links to the cache. */ dataRepositoryPath: pulumi.Input; /** * A list of NFS Exports that will be linked with this data repository association. The Export paths are in the format /exportpath1. To use this parameter, you must configure DataRepositoryPath as the domain name of the NFS file system. The NFS file system domain name in effect is the root of the subdirectories. Note that DataRepositorySubdirectories is not supported for S3 data repositories. Max of 500. */ dataRepositorySubdirectories?: pulumi.Input[]>; /** * The system-generated, unique ID of the cache. */ fileCacheId?: pulumi.Input; /** * A path on the cache that points to a high-level directory (such as /ns1/) or subdirectory (such as /ns1/subdir/) that will be mapped 1-1 with DataRepositoryPath. The leading forward slash in the name is required. Two data repository associations cannot have overlapping cache paths. For example, if a data repository is associated with cache path /ns1/, then you cannot link another data repository with cache path /ns1/ns2. This path specifies where in your cache files will be exported from. This cache directory can be linked to only one data repository, and no data repository other can be linked to the directory. Note: The cache path can only be set to root (/) on an NFS DRA when DataRepositorySubdirectories is specified. If you specify root (/) as the cache path, you can create only one DRA on the cache. The cache path cannot be set to root (/) for an S3 DRA. */ fileCachePath: pulumi.Input; fileSystemId?: pulumi.Input; fileSystemPath?: pulumi.Input; importedFileChunkSize?: pulumi.Input; /** * (Optional) See the `nfs` configuration block. */ nfs?: pulumi.Input[]>; resourceArn?: pulumi.Input; /** * A map of tags to assign to the file cache. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. */ tags?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface FileCacheDataRepositoryAssociationNf { /** * A list of up to 2 IP addresses of DNS servers used to resolve the NFS file system domain name. The provided IP addresses can either be the IP addresses of a DNS forwarder or resolver that the customer manages and runs inside the customer VPC, or the IP addresses of the on-premises DNS servers. */ dnsIps?: pulumi.Input[]>; /** * The version of the NFS (Network File System) protocol of the NFS data repository. The only supported value is NFS3, which indicates that the data repository must support the NFSv3 protocol. The only supported value is `NFS3`. */ version: pulumi.Input; } export interface FileCacheLustreConfiguration { /** * Specifies the cache deployment type. The only supported value is `CACHE_1`. */ deploymentType: pulumi.Input; logConfigurations?: pulumi.Input[]>; /** * The configuration for a Lustre MDT (Metadata Target) storage volume. See the `metadataConfiguration` block. */ metadataConfigurations: pulumi.Input[]>; mountName?: pulumi.Input; /** * Provisions the amount of read and write throughput for each 1 tebibyte (TiB) of cache storage capacity, in MB/s/TiB. The only supported value is `1000`. */ perUnitStorageThroughput: pulumi.Input; /** * A recurring weekly time, in the format `D:HH:MM`. `D` is the day of the week, for which `1` represents Monday and `7` represents Sunday. `HH` is the zero-padded hour of the day (0-23), and `MM` is the zero-padded minute of the hour. For example, 1:05:00 specifies maintenance at 5 AM Monday. See the [ISO week date](https://en.wikipedia.org/wiki/ISO_week_date) for more information. */ weeklyMaintenanceStartTime?: pulumi.Input; } export interface FileCacheLustreConfigurationLogConfiguration { destination?: pulumi.Input; level?: pulumi.Input; } export interface FileCacheLustreConfigurationMetadataConfiguration { /** * The storage capacity of the Lustre MDT (Metadata Target) storage volume in gibibytes (GiB). The only supported value is `2400` GiB. */ storageCapacity: pulumi.Input; } export interface GetOntapStorageVirtualMachineFilter { /** * Name of the field to filter by, as defined by [the underlying AWS API](https://docs.aws.amazon.com/fsx/latest/APIReference/API_StorageVirtualMachineFilter.html). */ name: string; /** * Set of values that are accepted for the given field. An SVM will be selected if any one of the given values matches. */ values: string[]; } export interface GetOntapStorageVirtualMachineFilterArgs { /** * Name of the field to filter by, as defined by [the underlying AWS API](https://docs.aws.amazon.com/fsx/latest/APIReference/API_StorageVirtualMachineFilter.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given field. An SVM will be selected if any one of the given values matches. */ values: pulumi.Input[]>; } export interface GetOntapStorageVirtualMachinesFilter { /** * Name of the field to filter by, as defined by [the underlying AWS API](https://docs.aws.amazon.com/fsx/latest/APIReference/API_StorageVirtualMachineFilter.html). */ name: string; /** * Set of values that are accepted for the given field. An SVM will be selected if any one of the given values matches. */ values: string[]; } export interface GetOntapStorageVirtualMachinesFilterArgs { /** * Name of the field to filter by, as defined by [the underlying AWS API](https://docs.aws.amazon.com/fsx/latest/APIReference/API_StorageVirtualMachineFilter.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given field. An SVM will be selected if any one of the given values matches. */ values: pulumi.Input[]>; } export interface GetOpenZfsSnapshotFilter { /** * Name of the snapshot. */ name: string; values: string[]; } export interface GetOpenZfsSnapshotFilterArgs { /** * Name of the snapshot. */ name: pulumi.Input; values: pulumi.Input[]>; } export interface LustreFileSystemDataReadCacheConfiguration { /** * Size of the file system's SSD read cache, in gibibytes (GiB). Required when the `sizingMode` is `USER_PROVISIONED`. */ size?: pulumi.Input; /** * Sizing mode for the cache. Valud values are `NO_CACHE`, `USER_PROVISIONED`, and `PROPORTIONAL_TO_THROUGHPUT_CAPACITY`. */ sizingMode: pulumi.Input; } export interface LustreFileSystemLogConfiguration { /** * The Amazon Resource Name (ARN) that specifies the destination of the logs. The name of the Amazon CloudWatch Logs log group must begin with the `/aws/fsx` prefix. If you do not provide a destination, Amazon FSx will create and use a log stream in the CloudWatch Logs `/aws/fsx/lustre` log group. */ destination?: pulumi.Input; /** * Sets which data repository events are logged by Amazon FSx. Valid values are `WARN_ONLY`, `FAILURE_ONLY`, `ERROR_ONLY`, `WARN_ERROR` and `DISABLED`. Default value is `DISABLED`. */ level?: pulumi.Input; } export interface LustreFileSystemMetadataConfiguration { /** * Amount of IOPS provisioned for metadata. This parameter should only be used when the mode is set to `USER_PROVISIONED`. Valid Values are `1500`,`3000`,`6000` and `12000` through `192000` in increments of `12000`. Valid values for `INTELLIGENT_TIERING` storage type are `6000` or `12000`. */ iops?: pulumi.Input; /** * Mode for the metadata configuration of the file system. Valid values are `AUTOMATIC`, and `USER_PROVISIONED`. Must be set to `USER_PROVISIONED` for `INTELLIGENT_TIERING` storage type. * * !> **WARNING:** Updating the value of `iops` from a higher to a lower value will force a recreation of the resource. Any data on the file system will be lost when recreating. */ mode?: pulumi.Input; } export interface LustreFileSystemRootSquashConfiguration { /** * When root squash is enabled, you can optionally specify an array of NIDs of clients for which root squash does not apply. A client NID is a Lustre Network Identifier used to uniquely identify a client. You can specify the NID as either a single address or a range of addresses: 1. A single address is described in standard Lustre NID format by specifying the client’s IP address followed by the Lustre network ID (for example, 10.0.1.6@tcp). 2. An address range is described using a dash to separate the range (for example, 10.0.[2-10].[1-255]@tcp). */ noSquashNids?: pulumi.Input[]>; /** * You enable root squash by setting a user ID (UID) and group ID (GID) for the file system in the format UID:GID (for example, 365534:65534). The UID and GID values can range from 0 to 4294967294. */ rootSquash?: pulumi.Input; } export interface OntapFileSystemDiskIopsConfiguration { /** * The total number of SSD IOPS provisioned for the file system. */ iops?: pulumi.Input; /** * Specifies whether the number of IOPS for the file system is using the system. Valid values are `AUTOMATIC` and `USER_PROVISIONED`. Default value is `AUTOMATIC`. */ mode?: pulumi.Input; } export interface OntapFileSystemEndpoint { /** * An endpoint for managing your file system by setting up NetApp SnapMirror with other ONTAP systems. See Endpoint. */ interclusters?: pulumi.Input[]>; /** * An endpoint for managing your file system using the NetApp ONTAP CLI and NetApp ONTAP API. See Endpoint. */ managements?: pulumi.Input[]>; } export interface OntapFileSystemEndpointIntercluster { /** * The Domain Name Service (DNS) name for the file system. You can mount your file system using its DNS name. */ dnsName?: pulumi.Input; /** * IP addresses of the file system endpoint. */ ipAddresses?: pulumi.Input[]>; } export interface OntapFileSystemEndpointManagement { /** * The Domain Name Service (DNS) name for the file system. You can mount your file system using its DNS name. */ dnsName?: pulumi.Input; /** * IP addresses of the file system endpoint. */ ipAddresses?: pulumi.Input[]>; } export interface OntapStorageVirtualMachineActiveDirectoryConfiguration { /** * The NetBIOS name of the Active Directory computer object that will be created for your SVM. This is often the same as the SVM name but can be different. AWS limits to 15 characters because of standard NetBIOS naming limits. */ netbiosName?: pulumi.Input; selfManagedActiveDirectoryConfiguration?: pulumi.Input; } export interface OntapStorageVirtualMachineActiveDirectoryConfigurationSelfManagedActiveDirectoryConfiguration { /** * A list of up to three IP addresses of DNS servers or domain controllers in the self-managed AD directory. */ dnsIps: pulumi.Input[]>; /** * The fully qualified domain name of the self-managed AD directory. For example, `corp.example.com`. */ domainName: pulumi.Input; /** * The name of the domain group whose members are granted administrative privileges for the SVM. The group that you specify must already exist in your domain. Defaults to `Domain Admins`. */ fileSystemAdministratorsGroup?: pulumi.Input; /** * The fully qualified distinguished name of the organizational unit within your self-managed AD directory that the Windows File Server instance will join. For example, `OU=FSx,DC=yourdomain,DC=corp,DC=com`. Only accepts OU as the direct parent of the SVM. If none is provided, the SVM is created in the default location of your self-managed AD directory. To learn more, see [RFC 2253](https://tools.ietf.org/html/rfc2253). */ organizationalUnitDistinguishedName?: pulumi.Input; /** * The password for the service account on your self-managed AD domain that Amazon FSx will use to join to your AD domain. */ password: pulumi.Input; /** * The user name for the service account on your self-managed AD domain that Amazon FSx will use to join to your AD domain. */ username: pulumi.Input; } export interface OntapStorageVirtualMachineEndpoint { /** * An endpoint for accessing data on your storage virtual machine via iSCSI protocol. See Endpoint. */ iscsis?: pulumi.Input[]>; /** * An endpoint for managing your file system using the NetApp ONTAP CLI and NetApp ONTAP API. See Endpoint. */ managements?: pulumi.Input[]>; /** * An endpoint for accessing data on your storage virtual machine via NFS protocol. See Endpoint. */ nfs?: pulumi.Input[]>; /** * An endpoint for accessing data on your storage virtual machine via SMB protocol. This is only set if an activeDirectoryConfiguration has been set. See Endpoint. */ smbs?: pulumi.Input[]>; } export interface OntapStorageVirtualMachineEndpointIscsi { /** * The Domain Name Service (DNS) name for the storage virtual machine. You can mount your storage virtual machine using its DNS name. */ dnsName?: pulumi.Input; /** * IP addresses of the storage virtual machine endpoint. */ ipAddresses?: pulumi.Input[]>; } export interface OntapStorageVirtualMachineEndpointManagement { /** * The Domain Name Service (DNS) name for the storage virtual machine. You can mount your storage virtual machine using its DNS name. */ dnsName?: pulumi.Input; /** * IP addresses of the storage virtual machine endpoint. */ ipAddresses?: pulumi.Input[]>; } export interface OntapStorageVirtualMachineEndpointNf { /** * The Domain Name Service (DNS) name for the storage virtual machine. You can mount your storage virtual machine using its DNS name. */ dnsName?: pulumi.Input; /** * IP addresses of the storage virtual machine endpoint. */ ipAddresses?: pulumi.Input[]>; } export interface OntapStorageVirtualMachineEndpointSmb { /** * The Domain Name Service (DNS) name for the storage virtual machine. You can mount your storage virtual machine using its DNS name. */ dnsName?: pulumi.Input; /** * IP addresses of the storage virtual machine endpoint. */ ipAddresses?: pulumi.Input[]>; } export interface OntapVolumeAggregateConfiguration { /** * Used to specify the names of the aggregates on which the volume will be created. Each aggregate needs to be in the format aggrX where X is the number of the aggregate. */ aggregates?: pulumi.Input[]>; /** * Used to explicitly set the number of constituents within the FlexGroup per storage aggregate. the default value is `8`. */ constituentsPerAggregate?: pulumi.Input; /** * The total amount of constituents for a `FLEXGROUP` volume. This would equal constituentsPerAggregate x aggregates. */ totalConstituents?: pulumi.Input; } export interface OntapVolumeSnaplockConfiguration { /** * Enables or disables the audit log volume for an FSx for ONTAP SnapLock volume. The default value is `false`. */ auditLogVolume?: pulumi.Input; /** * The configuration object for setting the autocommit period of files in an FSx for ONTAP SnapLock volume. See `autocommitPeriod` Block for details. */ autocommitPeriod?: pulumi.Input; /** * Enables, disables, or permanently disables privileged delete on an FSx for ONTAP SnapLock Enterprise volume. Valid values: `DISABLED`, `ENABLED`, `PERMANENTLY_DISABLED`. The default value is `DISABLED`. */ privilegedDelete?: pulumi.Input; /** * The retention period of an FSx for ONTAP SnapLock volume. See `retentionPeriod` Block for details. */ retentionPeriod?: pulumi.Input; /** * Specifies the retention mode of an FSx for ONTAP SnapLock volume. After it is set, it can't be changed. Valid values: `COMPLIANCE`, `ENTERPRISE`. */ snaplockType: pulumi.Input; /** * Enables or disables volume-append mode on an FSx for ONTAP SnapLock volume. The default value is `false`. */ volumeAppendModeEnabled?: pulumi.Input; } export interface OntapVolumeSnaplockConfigurationAutocommitPeriod { /** * The type of time for the autocommit period of a file in an FSx for ONTAP SnapLock volume. Setting this value to `NONE` disables autocommit. Valid values: `MINUTES`, `HOURS`, `DAYS`, `MONTHS`, `YEARS`, `NONE`. */ type?: pulumi.Input; /** * The amount of time for the autocommit period of a file in an FSx for ONTAP SnapLock volume. */ value?: pulumi.Input; } export interface OntapVolumeSnaplockConfigurationRetentionPeriod { /** * The retention period assigned to a write once, read many (WORM) file by default if an explicit retention period is not set for an FSx for ONTAP SnapLock volume. The default retention period must be greater than or equal to the minimum retention period and less than or equal to the maximum retention period. See `defaultRetention` Block for details. */ defaultRetention?: pulumi.Input; /** * The longest retention period that can be assigned to a WORM file on an FSx for ONTAP SnapLock volume. See `maximumRetention` Block for details. */ maximumRetention?: pulumi.Input; /** * The shortest retention period that can be assigned to a WORM file on an FSx for ONTAP SnapLock volume. See `minimumRetention` Block for details. */ minimumRetention?: pulumi.Input; } export interface OntapVolumeSnaplockConfigurationRetentionPeriodDefaultRetention { /** * The type of time for the retention period of an FSx for ONTAP SnapLock volume. Set it to one of the valid types. If you set it to `INFINITE`, the files are retained forever. If you set it to `UNSPECIFIED`, the files are retained until you set an explicit retention period. Valid values: `SECONDS`, `MINUTES`, `HOURS`, `DAYS`, `MONTHS`, `YEARS`, `INFINITE`, `UNSPECIFIED`. */ type?: pulumi.Input; /** * The amount of time for the autocommit period of a file in an FSx for ONTAP SnapLock volume. */ value?: pulumi.Input; } export interface OntapVolumeSnaplockConfigurationRetentionPeriodMaximumRetention { /** * The type of time for the retention period of an FSx for ONTAP SnapLock volume. Set it to one of the valid types. If you set it to `INFINITE`, the files are retained forever. If you set it to `UNSPECIFIED`, the files are retained until you set an explicit retention period. Valid values: `SECONDS`, `MINUTES`, `HOURS`, `DAYS`, `MONTHS`, `YEARS`, `INFINITE`, `UNSPECIFIED`. */ type?: pulumi.Input; /** * The amount of time for the autocommit period of a file in an FSx for ONTAP SnapLock volume. */ value?: pulumi.Input; } export interface OntapVolumeSnaplockConfigurationRetentionPeriodMinimumRetention { /** * The type of time for the retention period of an FSx for ONTAP SnapLock volume. Set it to one of the valid types. If you set it to `INFINITE`, the files are retained forever. If you set it to `UNSPECIFIED`, the files are retained until you set an explicit retention period. Valid values: `SECONDS`, `MINUTES`, `HOURS`, `DAYS`, `MONTHS`, `YEARS`, `INFINITE`, `UNSPECIFIED`. */ type?: pulumi.Input; /** * The amount of time for the autocommit period of a file in an FSx for ONTAP SnapLock volume. */ value?: pulumi.Input; } export interface OntapVolumeTieringPolicy { /** * Specifies the number of days that user data in a volume must remain inactive before it is considered "cold" and moved to the capacity pool. Used with `AUTO` and `SNAPSHOT_ONLY` tiering policies only. Valid values are whole numbers between 2 and 183. Default values are 31 days for `AUTO` and 2 days for `SNAPSHOT_ONLY`. */ coolingPeriod?: pulumi.Input; /** * Specifies the tiering policy for the ONTAP volume for moving data to the capacity pool storage. Valid values are `SNAPSHOT_ONLY`, `AUTO`, `ALL`, `NONE`. Default value is `SNAPSHOT_ONLY`. */ name?: pulumi.Input; } export interface OpenZfsFileSystemDiskIopsConfiguration { /** * The total number of SSD IOPS provisioned for the file system. */ iops?: pulumi.Input; /** * Specifies whether the number of IOPS for the file system is using the system. Valid values are `AUTOMATIC` and `USER_PROVISIONED`. Default value is `AUTOMATIC`. */ mode?: pulumi.Input; } export interface OpenZfsFileSystemReadCacheConfiguration { /** * Size of the file system's SSD read cache, in gibibytes (GiB). Required when `sizingMode` is set to `USER_PROVISIONED`. Must not be set when any other `sizingMode` is used. */ size?: pulumi.Input; /** * Specifies how the provisioned SSD read cache is sized. Valid values are `NO_CACHE`, `USER_PROVISIONED`, and `PROPORTIONAL_TO_THROUGHPUT_CAPACITY`. See the [AWS API documentation](https://docs.aws.amazon.com/fsx/latest/APIReference/API_OpenZFSReadCacheConfiguration.html) for more information. */ sizingMode?: pulumi.Input; } export interface OpenZfsFileSystemRootVolumeConfiguration { /** * A boolean flag indicating whether tags for the file system should be copied to snapshots. The default value is false. */ copyTagsToSnapshots?: pulumi.Input; /** * Method used to compress the data on the volume. Valid values are `LZ4`, `NONE` or `ZSTD`. Child volumes that don't specify compression option will inherit from parent volume. This option on file system applies to the root volume. */ dataCompressionType?: pulumi.Input; /** * NFS export configuration for the root volume. Exactly 1 item. See `nfsExports` Block for details. */ nfsExports?: pulumi.Input; /** * specifies whether the volume is read-only. Default is false. */ readOnly?: pulumi.Input; /** * Specifies the record size of an OpenZFS root volume, in kibibytes (KiB). Valid values are `4`, `8`, `16`, `32`, `64`, `128`, `256`, `512`, or `1024` KiB. The default is `128` KiB. */ recordSizeKib?: pulumi.Input; /** * Specify how much storage users or groups can use on the volume. Maximum of 100 items. See `userAndGroupQuotas` Block for details. */ userAndGroupQuotas?: pulumi.Input[]>; } export interface OpenZfsFileSystemRootVolumeConfigurationNfsExports { /** * A list of configuration objects that contain the client and options for mounting the OpenZFS file system. Maximum of 25 items. See `clientConfigurations` Block for details. */ clientConfigurations: pulumi.Input[]>; } export interface OpenZfsFileSystemRootVolumeConfigurationNfsExportsClientConfiguration { /** * A value that specifies who can mount the file system. You can provide a wildcard character (*), an IP address (0.0.0.0), or a CIDR address (192.0.2.0/24. By default, Amazon FSx uses the wildcard character when specifying the client. */ clients: pulumi.Input; /** * The options to use when mounting the file system. Maximum of 20 items. See the [Linix NFS exports man page](https://linux.die.net/man/5/exports) for more information. `crossmount` and `sync` are used by default. */ options: pulumi.Input[]>; } export interface OpenZfsFileSystemRootVolumeConfigurationUserAndGroupQuota { /** * The ID of the user or group. Valid values between `0` and `2147483647` */ id: pulumi.Input; /** * The amount of storage that the user or group can use in gibibytes (GiB). Valid values between `0` and `2147483647` */ storageCapacityQuotaGib: pulumi.Input; /** * A value that specifies whether the quota applies to a user or group. Valid values are `USER` or `GROUP`. */ type: pulumi.Input; } export interface OpenZfsVolumeNfsExports { /** * A list of configuration objects that contain the client and options for mounting the OpenZFS file system. Maximum of 25 items. See `clientConfigurations` Block below for details. */ clientConfigurations: pulumi.Input[]>; } export interface OpenZfsVolumeNfsExportsClientConfiguration { /** * A value that specifies who can mount the file system. You can provide a wildcard character (*), an IP address (0.0.0.0), or a CIDR address (192.0.2.0/24. By default, Amazon FSx uses the wildcard character when specifying the client. */ clients: pulumi.Input; /** * The options to use when mounting the file system. Maximum of 20 items. See the [Linix NFS exports man page](https://linux.die.net/man/5/exports) for more information. `crossmount` and `sync` are used by default. */ options: pulumi.Input[]>; } export interface OpenZfsVolumeOriginSnapshot { /** * Specifies the strategy used when copying data from the snapshot to the new volume. Valid values are `CLONE`, `FULL_COPY`, `INCREMENTAL_COPY`. */ copyStrategy: pulumi.Input; /** * The Amazon Resource Name (ARN) of the origin snapshot. */ snapshotArn: pulumi.Input; } export interface OpenZfsVolumeUserAndGroupQuota { /** * The ID of the user or group. Valid values between `0` and `2147483647` */ id: pulumi.Input; /** * The amount of storage that the user or group can use in gibibytes (GiB). Valid values between `0` and `2147483647` * * `Type` - (Required) - A value that specifies whether the quota applies to a user or group. Valid values are `USER` or `GROUP`. */ storageCapacityQuotaGib: pulumi.Input; type: pulumi.Input; } export interface S3AccessPointAttachmentOpenzfsConfiguration { /** * File system user identity to use for authorizing file read and write requests that are made using the S3 access point. See `fileSystemIdentity` Block for details. */ fileSystemIdentity: pulumi.Input; /** * ID of the FSx for OpenZFS volume to which the S3 access point is attached. */ volumeId: pulumi.Input; } export interface S3AccessPointAttachmentOpenzfsConfigurationFileSystemIdentity { /** * UID and GIDs of the file system POSIX user. See `posixUser` Block for details. */ posixUser?: pulumi.Input; /** * FSx for OpenZFS user identity type. Valid values: `POSIX`. */ type: pulumi.Input; } export interface S3AccessPointAttachmentOpenzfsConfigurationFileSystemIdentityPosixUser { /** * GID of the file system user. */ gid: pulumi.Input; /** * List of secondary GIDs for the file system user.. */ secondaryGids?: pulumi.Input[]>; /** * UID of the file system user. */ uid: pulumi.Input; } export interface S3AccessPointAttachmentS3AccessPoint { /** * Access policy associated with the S3 access point configuration. */ policy?: pulumi.Input; /** * Amazon S3 restricts access to the S3 access point to requests made from the specified VPC. See `vpcConfiguration` Block for details. */ vpcConfiguration?: pulumi.Input; } export interface S3AccessPointAttachmentS3AccessPointVpcConfiguration { /** * VPC ID. */ vpcId?: pulumi.Input; } export interface S3AccessPointAttachmentTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; } export interface WindowsFileSystemAuditLogConfiguration { /** * The Amazon Resource Name (ARN) for the destination of the audit logs. The destination can be any Amazon CloudWatch Logs log group ARN or Amazon Kinesis Data Firehose delivery stream ARN. Can be specified when `fileAccessAuditLogLevel` and `fileShareAccessAuditLogLevel` are not set to `DISABLED`. The name of the Amazon CloudWatch Logs log group must begin with the `/aws/fsx` prefix. The name of the Amazon Kinesis Data Firehouse delivery stream must begin with the `aws-fsx` prefix. If you do not provide a destination in `auditLogDestionation`, Amazon FSx will create and use a log stream in the CloudWatch Logs /aws/fsx/windows log group. */ auditLogDestination?: pulumi.Input; /** * Sets which attempt type is logged by Amazon FSx for file and folder accesses. Valid values are `SUCCESS_ONLY`, `FAILURE_ONLY`, `SUCCESS_AND_FAILURE`, and `DISABLED`. Default value is `DISABLED`. */ fileAccessAuditLogLevel?: pulumi.Input; /** * Sets which attempt type is logged by Amazon FSx for file share accesses. Valid values are `SUCCESS_ONLY`, `FAILURE_ONLY`, `SUCCESS_AND_FAILURE`, and `DISABLED`. Default value is `DISABLED`. */ fileShareAccessAuditLogLevel?: pulumi.Input; } export interface WindowsFileSystemDiskIopsConfiguration { /** * The total number of SSD IOPS provisioned for the file system. */ iops?: pulumi.Input; /** * Specifies whether the number of IOPS for the file system is using the system. Valid values are `AUTOMATIC` and `USER_PROVISIONED`. Default value is `AUTOMATIC`. */ mode?: pulumi.Input; } export interface WindowsFileSystemSelfManagedActiveDirectory { /** * A list of up to two IP addresses of DNS servers or domain controllers in the self-managed AD directory. The IP addresses need to be either in the same VPC CIDR range as the file system or in the private IP version 4 (IPv4) address ranges as specified in [RFC 1918](https://tools.ietf.org/html/rfc1918). */ dnsIps: pulumi.Input[]>; /** * The Amazon Resource Name (ARN) for the AWS Secrets Manager secret that contains the credentials for the service account on your self-managed AD domain. Conflicts with `username` and `password`. */ domainJoinServiceAccountSecret?: pulumi.Input; /** * The fully qualified domain name of the self-managed AD directory. For example, `corp.example.com`. */ domainName: pulumi.Input; /** * The name of the domain group whose members are granted administrative privileges for the file system. Administrative privileges include taking ownership of files and folders, and setting audit controls (audit ACLs) on files and folders. The group that you specify must already exist in your domain. Defaults to `Domain Admins`. */ fileSystemAdministratorsGroup?: pulumi.Input; /** * The fully qualified distinguished name of the organizational unit within your self-managed AD directory that the Windows File Server instance will join. For example, `OU=FSx,DC=yourdomain,DC=corp,DC=com`. Only accepts OU as the direct parent of the file system. If none is provided, the FSx file system is created in the default location of your self-managed AD directory. To learn more, see [RFC 2253](https://tools.ietf.org/html/rfc2253). */ organizationalUnitDistinguishedName?: pulumi.Input; /** * The password for the service account on your self-managed AD domain that Amazon FSx will use to join to your AD domain. Conflicts with `domainJoinServiceAccountSecret`. */ password?: pulumi.Input; /** * The user name for the service account on your self-managed AD domain that Amazon FSx will use to join to your AD domain. Conflicts with `domainJoinServiceAccountSecret`. */ username?: pulumi.Input; } } export namespace gamelift { export interface AliasRoutingStrategy { /** * ID of the GameLift Fleet to point the alias to. */ fleetId?: pulumi.Input; /** * Message text to be used with the `TERMINAL` routing strategy. */ message?: pulumi.Input; /** * Type of routing strategyE.g., `SIMPLE` or `TERMINAL` */ type: pulumi.Input; } export interface BuildStorageLocation { /** * Name of your S3 bucket. */ bucket: pulumi.Input; /** * Name of the zip file containing your build files. */ key: pulumi.Input; /** * A specific version of the file. If not set, the latest version of the file is retrieved. */ objectVersion?: pulumi.Input; /** * ARN of the access role that allows Amazon GameLift to access your S3 bucket. */ roleArn: pulumi.Input; } export interface FleetCertificateConfiguration { /** * Indicates whether a TLS/SSL certificate is generated for a fleet. Valid values are `DISABLED` and `GENERATED`. Default value is `DISABLED`. */ certificateType?: pulumi.Input; } export interface FleetEc2InboundPermission { /** * Starting value for a range of allowed port numbers. */ fromPort: pulumi.Input; /** * Range of allowed IP addresses expressed in CIDR notationE.g., `000.000.000.000/[subnet mask]` or `0.0.0.0/[subnet mask]`. */ ipRange: pulumi.Input; /** * Network communication protocol used by the fleetE.g., `TCP` or `UDP` */ protocol: pulumi.Input; /** * Ending value for a range of allowed port numbers. Port numbers are end-inclusive. This value must be higher than `fromPort`. */ toPort: pulumi.Input; } export interface FleetResourceCreationLimitPolicy { /** * Maximum number of game sessions that an individual can create during the policy period. */ newGameSessionsPerCreator?: pulumi.Input; /** * Time span used in evaluating the resource creation limit policy. */ policyPeriodInMinutes?: pulumi.Input; } export interface FleetRuntimeConfiguration { /** * Maximum amount of time (in seconds) that a game session can remain in status `ACTIVATING`. */ gameSessionActivationTimeoutSeconds?: pulumi.Input; /** * Maximum number of game sessions with status `ACTIVATING` to allow on an instance simultaneously. */ maxConcurrentGameSessionActivations?: pulumi.Input; /** * Collection of server process configurations that describe which server processes to run on each instance in a fleet. See below. */ serverProcesses?: pulumi.Input[]>; } export interface FleetRuntimeConfigurationServerProcess { /** * Number of server processes using this configuration to run concurrently on an instance. */ concurrentExecutions: pulumi.Input; /** * Location of the server executable in a game build. All game builds are installed on instances at the root : for Windows instances `C:\game`, and for Linux instances `/local/game`. */ launchPath: pulumi.Input; /** * Optional list of parameters to pass to the server executable on launch. */ parameters?: pulumi.Input; } export interface GameServerGroupAutoScalingPolicy { /** * Length of time, in seconds, it takes for a new instance to start * new game server processes and register with GameLift FleetIQ. * Specifying a warm-up time can be useful, particularly with game servers that take a long time to start up, * because it avoids prematurely starting new instances. Defaults to `60`. */ estimatedInstanceWarmup?: pulumi.Input; targetTrackingConfiguration: pulumi.Input; } export interface GameServerGroupAutoScalingPolicyTargetTrackingConfiguration { /** * Desired value to use with a game server group target-based scaling policy. */ targetValue: pulumi.Input; } export interface GameServerGroupInstanceDefinition { /** * An EC2 instance type. */ instanceType: pulumi.Input; /** * Instance weighting that indicates how much this instance type contributes * to the total capacity of a game server group. * Instance weights are used by GameLift FleetIQ to calculate the instance type's cost per unit hour and better identify * the most cost-effective options. */ weightedCapacity?: pulumi.Input; } export interface GameServerGroupLaunchTemplate { /** * A unique identifier for an existing EC2 launch template. */ id?: pulumi.Input; /** * A readable identifier for an existing EC2 launch template. */ name?: pulumi.Input; /** * The version of the EC2 launch template to use. If none is set, the default is the first version created. */ version?: pulumi.Input; } export interface GameSessionQueuePlayerLatencyPolicy { /** * Maximum latency value that is allowed for any player. */ maximumIndividualPlayerLatencyMilliseconds: pulumi.Input; /** * Length of time that the policy is enforced while placing a new game session. Absence of value for this attribute means that the policy is enforced until the queue times out. */ policyDurationSeconds?: pulumi.Input; } export interface ScriptStorageLocation { /** * Name of your S3 bucket. */ bucket: pulumi.Input; /** * Name of the zip file containing your script files. */ key: pulumi.Input; /** * A specific version of the file. If not set, the latest version of the file is retrieved. */ objectVersion?: pulumi.Input; /** * ARN of the access role that allows Amazon GameLift to access your S3 bucket. */ roleArn: pulumi.Input; } } export namespace glacier { export interface VaultNotification { /** * You can configure a vault to publish a notification for `ArchiveRetrievalCompleted` and `InventoryRetrievalCompleted` events. */ events: pulumi.Input[]>; /** * The SNS Topic ARN. */ snsTopic: pulumi.Input; } } export namespace globalaccelerator { export interface AcceleratorAttributes { /** * Indicates whether flow logs are enabled. Defaults to `false`. Valid values: `true`, `false`. */ flowLogsEnabled?: pulumi.Input; /** * The name of the Amazon S3 bucket for the flow logs. Required if `flowLogsEnabled` is `true`. */ flowLogsS3Bucket?: pulumi.Input; /** * The prefix for the location in the Amazon S3 bucket for the flow logs. Required if `flowLogsEnabled` is `true`. */ flowLogsS3Prefix?: pulumi.Input; } export interface AcceleratorIpSet { /** * The IP addresses to use for BYOIP accelerators. If not specified, the service assigns IP addresses. Valid values: 1 or 2 IPv4 addresses. */ ipAddresses?: pulumi.Input[]>; /** * The type of IP addresses included in this IP set. */ ipFamily?: pulumi.Input; } export interface CrossAccountAttachmentResource { /** * IP address range, in CIDR format, that is specified as resource. */ cidrBlock?: pulumi.Input; /** * The endpoint ID for the endpoint that is specified as a AWS resource. */ endpointId?: pulumi.Input; /** * The AWS Region where a shared endpoint resource is located. */ region?: pulumi.Input; } export interface CustomRoutingAcceleratorAttributes { /** * Indicates whether flow logs are enabled. Defaults to `false`. Valid values: `true`, `false`. */ flowLogsEnabled?: pulumi.Input; /** * The name of the Amazon S3 bucket for the flow logs. Required if `flowLogsEnabled` is `true`. */ flowLogsS3Bucket?: pulumi.Input; /** * The prefix for the location in the Amazon S3 bucket for the flow logs. Required if `flowLogsEnabled` is `true`. */ flowLogsS3Prefix?: pulumi.Input; } export interface CustomRoutingAcceleratorIpSet { /** * The IP addresses to use for BYOIP accelerators. If not specified, the service assigns IP addresses. Valid values: 1 or 2 IPv4 addresses. */ ipAddresses?: pulumi.Input[]>; /** * The type of IP addresses included in this IP set. */ ipFamily?: pulumi.Input; } export interface CustomRoutingEndpointGroupDestinationConfiguration { /** * The first port, inclusive, in the range of ports for the endpoint group that is associated with a custom routing accelerator. */ fromPort: pulumi.Input; /** * The protocol for the endpoint group that is associated with a custom routing accelerator. The protocol can be either `"TCP"` or `"UDP"`. */ protocols: pulumi.Input[]>; /** * The last port, inclusive, in the range of ports for the endpoint group that is associated with a custom routing accelerator. */ toPort: pulumi.Input; } export interface CustomRoutingEndpointGroupEndpointConfiguration { /** * An ID for the endpoint. For custom routing accelerators, this is the virtual private cloud (VPC) subnet ID. */ endpointId?: pulumi.Input; } export interface CustomRoutingListenerPortRange { /** * The first port in the range of ports, inclusive. */ fromPort?: pulumi.Input; /** * The last port in the range of ports, inclusive. */ toPort?: pulumi.Input; } export interface EndpointGroupEndpointConfiguration { /** * An ARN of an exposed cross-account attachment. See the [AWS documentation](https://docs.aws.amazon.com/global-accelerator/latest/dg/cross-account-resources.html) for more details. */ attachmentArn?: pulumi.Input; /** * Indicates whether client IP address preservation is enabled for an Application Load Balancer endpoint. See the [AWS documentation](https://docs.aws.amazon.com/global-accelerator/latest/dg/preserve-client-ip-address.html) for more details. The default value is `false`. * **Note:** When client IP address preservation is enabled, the Global Accelerator service creates an EC2 Security Group in the VPC named `GlobalAccelerator` that must be deleted (potentially outside of the provider) before the VPC will successfully delete. If this EC2 Security Group is not deleted, the provider will retry the VPC deletion for a few minutes before reporting a `DependencyViolation` error. This cannot be resolved by re-running the provider. */ clientIpPreservationEnabled?: pulumi.Input; /** * An ID for the endpoint. If the endpoint is a Network Load Balancer or Application Load Balancer, this is the Amazon Resource Name (ARN) of the resource. If the endpoint is an Elastic IP address, this is the Elastic IP address allocation ID. */ endpointId?: pulumi.Input; /** * The weight associated with the endpoint. When you add weights to endpoints, you configure AWS Global Accelerator to route traffic based on proportions that you specify. */ weight?: pulumi.Input; } export interface EndpointGroupPortOverride { /** * The endpoint port that you want a listener port to be mapped to. This is the port on the endpoint, such as the Application Load Balancer or Amazon EC2 instance. */ endpointPort: pulumi.Input; /** * The listener port that you want to map to a specific endpoint port. This is the port that user traffic arrives to the Global Accelerator on. */ listenerPort: pulumi.Input; } export interface ListenerPortRange { /** * The first port in the range of ports, inclusive. */ fromPort?: pulumi.Input; /** * The last port in the range of ports, inclusive. */ toPort?: pulumi.Input; } } export namespace glue { export interface CatalogDatabaseCreateTableDefaultPermission { /** * The permissions that are granted to the principal. */ permissions?: pulumi.Input[]>; /** * The principal who is granted permissions.. See `principal` below. */ principal?: pulumi.Input; } export interface CatalogDatabaseCreateTableDefaultPermissionPrincipal { /** * An identifier for the Lake Formation principal. */ dataLakePrincipalIdentifier?: pulumi.Input; } export interface CatalogDatabaseFederatedDatabase { /** * Name of the connection to the external metastore. */ connectionName?: pulumi.Input; /** * Unique identifier for the federated database. */ identifier?: pulumi.Input; } export interface CatalogDatabaseTargetDatabase { /** * ID of the Data Catalog in which the database resides. */ catalogId: pulumi.Input; /** * Name of the catalog database. */ databaseName: pulumi.Input; /** * Region of the target database. */ region?: pulumi.Input; } export interface CatalogTableOpenTableFormatInput { /** * Configuration block for iceberg table config. See `icebergInput` below. */ icebergInput: pulumi.Input; } export interface CatalogTableOpenTableFormatInputIcebergInput { /** * A required metadata operation. Can only be set to CREATE. */ metadataOperation: pulumi.Input; /** * The table version for the Iceberg table. Defaults to 2. */ version?: pulumi.Input; } export interface CatalogTableOptimizerConfiguration { /** * Indicates whether the table optimizer is enabled. */ enabled: pulumi.Input; /** * The configuration block for an orphan file deletion optimizer. See Orphan File Deletion Configuration for additional details. */ orphanFileDeletionConfiguration?: pulumi.Input; /** * The configuration block for a snapshot retention optimizer. See Retention Configuration for additional details. */ retentionConfiguration?: pulumi.Input; /** * The ARN of the IAM role to use for the table optimizer. */ roleArn: pulumi.Input; } export interface CatalogTableOptimizerConfigurationOrphanFileDeletionConfiguration { /** * The configuration for an Iceberg orphan file deletion optimizer. */ icebergConfiguration?: pulumi.Input; } export interface CatalogTableOptimizerConfigurationOrphanFileDeletionConfigurationIcebergConfiguration { /** * Specifies a directory in which to look for files. You may choose a sub-directory rather than the top-level table location. Defaults to the table's location. */ location?: pulumi.Input; /** * The number of days that orphan files should be retained before file deletion. Defaults to `3`. */ orphanFileRetentionPeriodInDays?: pulumi.Input; /** * interval in hours between orphan file deletion job runs. Defaults to `24`. */ runRateInHours?: pulumi.Input; } export interface CatalogTableOptimizerConfigurationRetentionConfiguration { /** * The configuration for an Iceberg snapshot retention optimizer. */ icebergConfiguration?: pulumi.Input; } export interface CatalogTableOptimizerConfigurationRetentionConfigurationIcebergConfiguration { /** * If set to `false`, snapshots are only deleted from table metadata, and the underlying data and metadata files are not deleted. Defaults to `false`. */ cleanExpiredFiles?: pulumi.Input; /** * The number of Iceberg snapshots to retain within the retention period. Defaults to `1` or the corresponding Iceberg table configuration field if it exists. */ numberOfSnapshotsToRetain?: pulumi.Input; /** * Interval in hours between retention job runs. Defaults to `24`. */ runRateInHours?: pulumi.Input; /** * The number of days to retain the Iceberg snapshots. Defaults to `5`, or the corresponding Iceberg table configuration field if it exists. */ snapshotRetentionPeriodInDays?: pulumi.Input; } export interface CatalogTablePartitionIndex { /** * Name of the partition index. */ indexName: pulumi.Input; indexStatus?: pulumi.Input; /** * Keys for the partition index. */ keys: pulumi.Input[]>; } export interface CatalogTablePartitionKey { /** * Free-form text comment. */ comment?: pulumi.Input; /** * Name of the Partition Key. */ name: pulumi.Input; /** * Map of key-value pairs. */ parameters?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Datatype of data in the Partition Key. */ type?: pulumi.Input; } export interface CatalogTableStorageDescriptor { /** * List of locations that point to the path where a Delta table is located. */ additionalLocations?: pulumi.Input[]>; /** * List of reducer grouping columns, clustering columns, and bucketing columns in the table. */ bucketColumns?: pulumi.Input[]>; /** * Configuration block for columns in the table. See `columns` below. */ columns?: pulumi.Input[]>; /** * Whether the data in the table is compressed. */ compressed?: pulumi.Input; /** * Input format: SequenceFileInputFormat (binary), or TextInputFormat, or a custom format. */ inputFormat?: pulumi.Input; /** * Physical location of the table. By default this takes the form of the warehouse location, followed by the database location in the warehouse, followed by the table name. */ location?: pulumi.Input; /** * Must be specified if the table contains any dimension columns. */ numberOfBuckets?: pulumi.Input; /** * Output format: SequenceFileOutputFormat (binary), or IgnoreKeyTextOutputFormat, or a custom format. */ outputFormat?: pulumi.Input; /** * User-supplied properties in key-value form. */ parameters?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Object that references a schema stored in the AWS Glue Schema Registry. When creating a table, you can pass an empty list of columns for the schema, and instead use a schema reference. See Schema Reference below. */ schemaReference?: pulumi.Input; /** * Configuration block for serialization and deserialization ("SerDe") information. See `serDeInfo` below. */ serDeInfo?: pulumi.Input; /** * Configuration block with information about values that appear very frequently in a column (skewed values). See `skewedInfo` below. */ skewedInfo?: pulumi.Input; /** * Configuration block for the sort order of each bucket in the table. See `sortColumns` below. */ sortColumns?: pulumi.Input[]>; /** * Whether the table data is stored in subdirectories. */ storedAsSubDirectories?: pulumi.Input; } export interface CatalogTableStorageDescriptorColumn { /** * Free-form text comment. */ comment?: pulumi.Input; /** * Name of the Column. */ name: pulumi.Input; /** * Key-value pairs defining properties associated with the column. */ parameters?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Datatype of data in the Column. */ type?: pulumi.Input; } export interface CatalogTableStorageDescriptorSchemaReference { /** * Configuration block that contains schema identity fields. Either this or the `schemaVersionId` has to be provided. See `schemaId` below. */ schemaId?: pulumi.Input; /** * Unique ID assigned to a version of the schema. Either this or the `schemaId` has to be provided. */ schemaVersionId?: pulumi.Input; /** * Version number of the schema. */ schemaVersionNumber: pulumi.Input; } export interface CatalogTableStorageDescriptorSchemaReferenceSchemaId { /** * Name of the schema registry that contains the schema. Must be provided when `schemaName` is specified and conflicts with `schemaArn`. */ registryName?: pulumi.Input; /** * ARN of the schema. One of `schemaArn` or `schemaName` has to be provided. */ schemaArn?: pulumi.Input; /** * Name of the schema. One of `schemaArn` or `schemaName` has to be provided. */ schemaName?: pulumi.Input; } export interface CatalogTableStorageDescriptorSerDeInfo { /** * Name of the SerDe. */ name?: pulumi.Input; /** * Map of initialization parameters for the SerDe, in key-value form. */ parameters?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Usually the class that implements the SerDe. An example is `org.apache.hadoop.hive.serde2.columnar.ColumnarSerDe`. */ serializationLibrary?: pulumi.Input; } export interface CatalogTableStorageDescriptorSkewedInfo { /** * List of names of columns that contain skewed values. */ skewedColumnNames?: pulumi.Input[]>; /** * List of values that appear so frequently as to be considered skewed. */ skewedColumnValueLocationMaps?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Map of skewed values to the columns that contain them. */ skewedColumnValues?: pulumi.Input[]>; } export interface CatalogTableStorageDescriptorSortColumn { /** * Name of the column. */ column: pulumi.Input; /** * Whether the column is sorted in ascending (`1`) or descending order (`0`). */ sortOrder: pulumi.Input; } export interface CatalogTableTargetTable { /** * ID of the Data Catalog in which the table resides. */ catalogId: pulumi.Input; /** * Name of the catalog database that contains the target table. */ databaseName: pulumi.Input; /** * Name of the target table. */ name: pulumi.Input; /** * Region of the target table. */ region?: pulumi.Input; } export interface ClassifierCsvClassifier { /** * Enables the processing of files that contain only one column. */ allowSingleColumn?: pulumi.Input; /** * Indicates whether the CSV file contains a header. This can be one of "ABSENT", "PRESENT", or "UNKNOWN". */ containsHeader?: pulumi.Input; /** * Enables the custom datatype to be configured. */ customDatatypeConfigured?: pulumi.Input; /** * A list of supported custom datatypes. Valid values are `BINARY`, `BOOLEAN`, `DATE`, `DECIMAL`, `DOUBLE`, `FLOAT`, `INT`, `LONG`, `SHORT`, `STRING`, `TIMESTAMP`. */ customDatatypes?: pulumi.Input[]>; /** * The delimiter used in the CSV to separate columns. */ delimiter?: pulumi.Input; /** * Specifies whether to trim column values. */ disableValueTrimming?: pulumi.Input; /** * A list of strings representing column names. */ headers?: pulumi.Input[]>; /** * A custom symbol to denote what combines content into a single column value. It must be different from the column delimiter. */ quoteSymbol?: pulumi.Input; /** * The SerDe for processing CSV. Valid values are `OpenCSVSerDe`, `LazySimpleSerDe`, `None`. */ serde?: pulumi.Input; } export interface ClassifierGrokClassifier { /** * An identifier of the data format that the classifier matches, such as Twitter, JSON, Omniture logs, Amazon CloudWatch Logs, and so on. */ classification: pulumi.Input; /** * Custom grok patterns used by this classifier. */ customPatterns?: pulumi.Input; /** * The grok pattern used by this classifier. */ grokPattern: pulumi.Input; } export interface ClassifierJsonClassifier { /** * A `JsonPath` string defining the JSON data for the classifier to classify. AWS Glue supports a subset of `JsonPath`, as described in [Writing JsonPath Custom Classifiers](https://docs.aws.amazon.com/glue/latest/dg/custom-classifier.html#custom-classifier-json). */ jsonPath: pulumi.Input; } export interface ClassifierXmlClassifier { /** * An identifier of the data format that the classifier matches. */ classification: pulumi.Input; /** * The XML tag designating the element that contains each record in an XML document being parsed. Note that this cannot identify a self-closing element (closed by `/>`). An empty row element that contains only attributes can be parsed as long as it ends with a closing tag (for example, `` is okay, but `` is not). */ rowTag: pulumi.Input; } export interface ConnectionPhysicalConnectionRequirements { /** * The availability zone of the connection. This field is redundant and implied by `subnetId`, but is currently an api requirement. */ availabilityZone?: pulumi.Input; /** * The security group ID list used by the connection. */ securityGroupIdLists?: pulumi.Input[]>; /** * The subnet ID used by the connection. */ subnetId?: pulumi.Input; } export interface CrawlerCatalogTarget { /** * The name of the connection for an Amazon S3-backed Data Catalog table to be a target of the crawl when using a Catalog connection type paired with a `NETWORK` Connection type. */ connectionName?: pulumi.Input; /** * The name of the Glue database to be synchronized. */ databaseName: pulumi.Input; /** * A valid Amazon SQS ARN. * * > **Note:** `deletionBehavior` of catalog target doesn't support `DEPRECATE_IN_DATABASE`. * * > **Note:** `configuration` for catalog target crawlers will have `{ ... "Grouping": { "TableGroupingPolicy": "CombineCompatibleSchemas"} }` by default. */ dlqEventQueueArn?: pulumi.Input; /** * A valid Amazon SQS ARN. */ eventQueueArn?: pulumi.Input; /** * A list of catalog tables to be synchronized. */ tables: pulumi.Input[]>; } export interface CrawlerDeltaTarget { /** * The name of the connection to use to connect to the Delta table target. */ connectionName?: pulumi.Input; /** * Specifies whether the crawler will create native tables, to allow integration with query engines that support querying of the Delta transaction log directly. */ createNativeDeltaTable?: pulumi.Input; /** * A list of the Amazon S3 paths to the Delta tables. */ deltaTables: pulumi.Input[]>; /** * Specifies whether to write the manifest files to the Delta table path. */ writeManifest: pulumi.Input; } export interface CrawlerDynamodbTarget { /** * The name of the DynamoDB table to crawl. */ path: pulumi.Input; /** * Indicates whether to scan all the records, or to sample rows from the table. Scanning all the records can take a long time when the table is not a high throughput table. defaults to `true`. */ scanAll?: pulumi.Input; /** * The percentage of the configured read capacity units to use by the AWS Glue crawler. The valid values are null or a value between 0.1 to 1.5. */ scanRate?: pulumi.Input; } export interface CrawlerHudiTarget { /** * The name of the connection to use to connect to the Hudi target. */ connectionName?: pulumi.Input; /** * A list of glob patterns used to exclude from the crawl. */ exclusions?: pulumi.Input[]>; /** * The maximum depth of Amazon S3 paths that the crawler can traverse to discover the Hudi metadata folder in your Amazon S3 path. Used to limit the crawler run time. Valid values are between `1` and `20`. */ maximumTraversalDepth: pulumi.Input; /** * One or more Amazon S3 paths that contains Hudi metadata folders as s3://bucket/prefix. */ paths: pulumi.Input[]>; } export interface CrawlerIcebergTarget { /** * The name of the connection to use to connect to the Iceberg target. */ connectionName?: pulumi.Input; /** * A list of glob patterns used to exclude from the crawl. */ exclusions?: pulumi.Input[]>; /** * The maximum depth of Amazon S3 paths that the crawler can traverse to discover the Iceberg metadata folder in your Amazon S3 path. Used to limit the crawler run time. Valid values are between `1` and `20`. */ maximumTraversalDepth: pulumi.Input; /** * One or more Amazon S3 paths that contains Iceberg metadata folders as s3://bucket/prefix. */ paths: pulumi.Input[]>; } export interface CrawlerJdbcTarget { /** * The name of the connection to use to connect to the JDBC target. */ connectionName: pulumi.Input; /** * Specify a value of `RAWTYPES` or `COMMENTS` to enable additional metadata intable responses. `RAWTYPES` provides the native-level datatype. `COMMENTS` provides comments associated with a column or table in the database. */ enableAdditionalMetadatas?: pulumi.Input[]>; /** * A list of glob patterns used to exclude from the crawl. */ exclusions?: pulumi.Input[]>; /** * The path of the JDBC target. */ path: pulumi.Input; } export interface CrawlerLakeFormationConfiguration { /** * Required for cross account crawls. For same account crawls as the target data, this can omitted. */ accountId?: pulumi.Input; /** * Specifies whether to use Lake Formation credentials for the crawler instead of the IAM role credentials. */ useLakeFormationCredentials?: pulumi.Input; } export interface CrawlerLineageConfiguration { /** * Specifies whether data lineage is enabled for the crawler. Valid values are: `ENABLE` and `DISABLE`. Default value is `DISABLE`. */ crawlerLineageSettings?: pulumi.Input; } export interface CrawlerMongodbTarget { /** * The name of the connection to use to connect to the Amazon DocumentDB or MongoDB target. */ connectionName: pulumi.Input; /** * The path of the Amazon DocumentDB or MongoDB target (database/collection). */ path: pulumi.Input; /** * Indicates whether to scan all the records, or to sample rows from the table. Scanning all the records can take a long time when the table is not a high throughput table. Default value is `true`. */ scanAll?: pulumi.Input; } export interface CrawlerRecrawlPolicy { /** * Specifies whether to crawl the entire dataset again, crawl only folders that were added since the last crawler run, or crawl what S3 notifies the crawler of via SQS. Valid Values are: `CRAWL_EVENT_MODE`, `CRAWL_EVERYTHING` and `CRAWL_NEW_FOLDERS_ONLY`. Default value is `CRAWL_EVERYTHING`. */ recrawlBehavior?: pulumi.Input; } export interface CrawlerS3Target { /** * The name of a connection which allows crawler to access data in S3 within a VPC. */ connectionName?: pulumi.Input; /** * The ARN of the dead-letter SQS queue. */ dlqEventQueueArn?: pulumi.Input; /** * The ARN of the SQS queue to receive S3 notifications from. */ eventQueueArn?: pulumi.Input; /** * A list of glob patterns used to exclude from the crawl. */ exclusions?: pulumi.Input[]>; /** * The path to the Amazon S3 target. */ path: pulumi.Input; /** * Sets the number of files in each leaf folder to be crawled when crawling sample files in a dataset. If not set, all the files are crawled. A valid value is an integer between 1 and 249. */ sampleSize?: pulumi.Input; } export interface CrawlerSchemaChangePolicy { /** * The deletion behavior when the crawler finds a deleted object. Valid values: `LOG`, `DELETE_FROM_DATABASE`, or `DEPRECATE_IN_DATABASE`. Defaults to `DEPRECATE_IN_DATABASE`. */ deleteBehavior?: pulumi.Input; /** * The update behavior when the crawler finds a changed schema. Valid values: `LOG` or `UPDATE_IN_DATABASE`. Defaults to `UPDATE_IN_DATABASE`. */ updateBehavior?: pulumi.Input; } export interface DataCatalogEncryptionSettingsDataCatalogEncryptionSettings { /** * When connection password protection is enabled, the Data Catalog uses a customer-provided key to encrypt the password as part of CreateConnection or UpdateConnection and store it in the ENCRYPTED_PASSWORD field in the connection properties. You can enable catalog encryption or only password encryption. see Connection Password Encryption. */ connectionPasswordEncryption: pulumi.Input; /** * Specifies the encryption-at-rest configuration for the Data Catalog. see Encryption At Rest. */ encryptionAtRest: pulumi.Input; } export interface DataCatalogEncryptionSettingsDataCatalogEncryptionSettingsConnectionPasswordEncryption { /** * A KMS key ARN that is used to encrypt the connection password. If connection password protection is enabled, the caller of CreateConnection and UpdateConnection needs at least `kms:Encrypt` permission on the specified AWS KMS key, to encrypt passwords before storing them in the Data Catalog. */ awsKmsKeyId?: pulumi.Input; /** * When set to `true`, passwords remain encrypted in the responses of GetConnection and GetConnections. This encryption takes effect independently of the catalog encryption. */ returnConnectionPasswordEncrypted: pulumi.Input; } export interface DataCatalogEncryptionSettingsDataCatalogEncryptionSettingsEncryptionAtRest { /** * The encryption-at-rest mode for encrypting Data Catalog data. Valid values: `DISABLED`, `SSE-KMS`, `SSE-KMS-WITH-SERVICE-ROLE`. */ catalogEncryptionMode: pulumi.Input; /** * The ARN of the AWS IAM role used for accessing encrypted Data Catalog data. */ catalogEncryptionServiceRole?: pulumi.Input; /** * The ARN of the AWS KMS key to use for encryption at rest. */ sseAwsKmsKeyId?: pulumi.Input; } export interface DataQualityRulesetTargetTable { /** * The catalog id where the AWS Glue table exists. */ catalogId?: pulumi.Input; /** * Name of the database where the AWS Glue table exists. */ databaseName: pulumi.Input; /** * Name of the AWS Glue table. */ tableName: pulumi.Input; } export interface GetScriptDagEdge { /** * ID of the node at which the edge starts. */ source: string; /** * ID of the node at which the edge ends. */ target: string; /** * Target of the edge. */ targetParameter?: string; } export interface GetScriptDagEdgeArgs { /** * ID of the node at which the edge starts. */ source: pulumi.Input; /** * ID of the node at which the edge ends. */ target: pulumi.Input; /** * Target of the edge. */ targetParameter?: pulumi.Input; } export interface GetScriptDagNode { /** * Nested configuration an argument or property of a node. Defined below. */ args: inputs.glue.GetScriptDagNodeArg[]; /** * Node identifier that is unique within the node's graph. */ id: string; /** * Line number of the node. */ lineNumber?: number; /** * Type of node this is. */ nodeType: string; } export interface GetScriptDagNodeArgs { /** * Nested configuration an argument or property of a node. Defined below. */ args: pulumi.Input[]>; /** * Node identifier that is unique within the node's graph. */ id: pulumi.Input; /** * Line number of the node. */ lineNumber?: pulumi.Input; /** * Type of node this is. */ nodeType: pulumi.Input; } export interface GetScriptDagNodeArg { /** * Name of the argument or property. */ name: string; /** * Boolean if the value is used as a parameter. Defaults to `false`. */ param?: boolean; /** * Value of the argument or property. */ value: string; } export interface GetScriptDagNodeArgArgs { /** * Name of the argument or property. */ name: pulumi.Input; /** * Boolean if the value is used as a parameter. Defaults to `false`. */ param?: pulumi.Input; /** * Value of the argument or property. */ value: pulumi.Input; } export interface JobCommand { /** * The name of the job command. Defaults to `glueetl`. Use `pythonshell` for Python Shell Job Type, `glueray` for Ray Job Type, or `gluestreaming` for Streaming Job Type. `maxCapacity` needs to be set if `pythonshell` is chosen. */ name?: pulumi.Input; /** * The Python version being used to execute a Python shell job. Allowed values are 2, 3 or 3.9. Version 3 refers to Python 3.11 when `glueVersion` is set to 5.0. */ pythonVersion?: pulumi.Input; /** * In Ray jobs, runtime is used to specify the versions of Ray, Python and additional libraries available in your environment. This field is not used in other job types. For supported runtime environment values, see [Working with Ray jobs](https://docs.aws.amazon.com/glue/latest/dg/ray-jobs-section.html#author-job-ray-runtimes) in the Glue Developer Guide. */ runtime?: pulumi.Input; /** * Specifies the S3 path to a script that executes a job. */ scriptLocation: pulumi.Input; } export interface JobExecutionProperty { /** * The maximum number of concurrent runs allowed for a job. The default is 1. */ maxConcurrentRuns?: pulumi.Input; } export interface JobNotificationProperty { /** * After a job run starts, the number of minutes to wait before sending a job run delay notification. */ notifyDelayAfter?: pulumi.Input; } export interface JobSourceControlDetails { /** * The type of authentication, which can be an authentication token stored in Amazon Web Services Secrets Manager, or a personal access token. Valid values are: `PERSONAL_ACCESS_TOKEN` and `AWS_SECRETS_MANAGER`. */ authStrategy?: pulumi.Input; /** * The value of an authorization token. */ authToken?: pulumi.Input; /** * A branch in the remote repository. */ branch?: pulumi.Input; /** * A folder in the remote repository. */ folder?: pulumi.Input; /** * The last commit ID for a commit in the remote repository. */ lastCommitId?: pulumi.Input; /** * The owner of the remote repository that contains the job artifacts. */ owner?: pulumi.Input; /** * The provider for the remote repository. Valid values are: `GITHUB`, `GITLAB`, `BITBUCKET`, and `AWS_CODE_COMMIT`. */ provider?: pulumi.Input; /** * The name of the remote repository that contains the job artifacts. */ repository?: pulumi.Input; } export interface MLTransformInputRecordTable { /** * A unique identifier for the AWS Glue Data Catalog. */ catalogId?: pulumi.Input; /** * The name of the connection to the AWS Glue Data Catalog. */ connectionName?: pulumi.Input; /** * A database name in the AWS Glue Data Catalog. */ databaseName: pulumi.Input; /** * A table name in the AWS Glue Data Catalog. */ tableName: pulumi.Input; } export interface MLTransformParameters { /** * The parameters for the find matches algorithm. see Find Matches Parameters. */ findMatchesParameters: pulumi.Input; /** * The type of machine learning transform. For information about the types of machine learning transforms, see [Creating Machine Learning Transforms](http://docs.aws.amazon.com/glue/latest/dg/add-job-machine-learning-transform.html). */ transformType: pulumi.Input; } export interface MLTransformParametersFindMatchesParameters { /** * The value that is selected when tuning your transform for a balance between accuracy and cost. */ accuracyCostTradeOff?: pulumi.Input; /** * The value to switch on or off to force the output to match the provided labels from users. */ enforceProvidedLabels?: pulumi.Input; /** * The value selected when tuning your transform for a balance between precision and recall. */ precisionRecallTradeOff?: pulumi.Input; /** * The name of a column that uniquely identifies rows in the source table. */ primaryKeyColumnName?: pulumi.Input; } export interface MLTransformSchema { /** * The type of data in the column. */ dataType?: pulumi.Input; /** * The name you assign to this ML Transform. It must be unique in your account. */ name?: pulumi.Input; } export interface PartitionIndexPartitionIndex { /** * Name of the partition index. */ indexName?: pulumi.Input; indexStatus?: pulumi.Input; /** * Keys for the partition index. */ keys?: pulumi.Input[]>; } export interface PartitionStorageDescriptor { /** * List of locations that point to the path where a Delta table is located. */ additionalLocations?: pulumi.Input[]>; /** * A list of reducer grouping columns, clustering columns, and bucketing columns in the table. */ bucketColumns?: pulumi.Input[]>; /** * A list of the Columns in the table. */ columns?: pulumi.Input[]>; /** * True if the data in the table is compressed, or False if not. */ compressed?: pulumi.Input; /** * The input format: SequenceFileInputFormat (binary), or TextInputFormat, or a custom format. */ inputFormat?: pulumi.Input; /** * The physical location of the table. By default this takes the form of the warehouse location, followed by the database location in the warehouse, followed by the table name. */ location?: pulumi.Input; /** * Must be specified if the table contains any dimension columns. */ numberOfBuckets?: pulumi.Input; /** * The output format: SequenceFileOutputFormat (binary), or IgnoreKeyTextOutputFormat, or a custom format. */ outputFormat?: pulumi.Input; /** * User-supplied properties in key-value form. */ parameters?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Serialization/deserialization (SerDe) information. */ serDeInfo?: pulumi.Input; /** * Information about values that appear very frequently in a column (skewed values). */ skewedInfo?: pulumi.Input; /** * A list of Order objects specifying the sort order of each bucket in the table. */ sortColumns?: pulumi.Input[]>; /** * True if the table data is stored in subdirectories, or False if not. */ storedAsSubDirectories?: pulumi.Input; } export interface PartitionStorageDescriptorColumn { /** * Free-form text comment. */ comment?: pulumi.Input; name: pulumi.Input; /** * The datatype of data in the Column. */ type?: pulumi.Input; } export interface PartitionStorageDescriptorSerDeInfo { /** * Name of the SerDe. */ name?: pulumi.Input; /** * A map of initialization parameters for the SerDe, in key-value form. */ parameters?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Usually the class that implements the SerDe. An example is: org.apache.hadoop.hive.serde2.columnar.ColumnarSerDe. */ serializationLibrary?: pulumi.Input; } export interface PartitionStorageDescriptorSkewedInfo { /** * A list of names of columns that contain skewed values. */ skewedColumnNames?: pulumi.Input[]>; /** * A list of values that appear so frequently as to be considered skewed. */ skewedColumnValueLocationMaps?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * A map of skewed values to the columns that contain them. */ skewedColumnValues?: pulumi.Input[]>; } export interface PartitionStorageDescriptorSortColumn { /** * The name of the column. */ column: pulumi.Input; /** * Indicates that the column is sorted in ascending order (== 1), or in descending order (==0). */ sortOrder: pulumi.Input; } export interface SecurityConfigurationEncryptionConfiguration { cloudwatchEncryption: pulumi.Input; jobBookmarksEncryption: pulumi.Input; /** * A `s3Encryption ` block as described below, which contains encryption configuration for S3 data. */ s3Encryption: pulumi.Input; } export interface SecurityConfigurationEncryptionConfigurationCloudwatchEncryption { /** * Encryption mode to use for CloudWatch data. Valid values: `DISABLED`, `SSE-KMS`. Default value: `DISABLED`. */ cloudwatchEncryptionMode?: pulumi.Input; /** * Amazon Resource Name (ARN) of the KMS key to be used to encrypt the data. */ kmsKeyArn?: pulumi.Input; } export interface SecurityConfigurationEncryptionConfigurationJobBookmarksEncryption { /** * Encryption mode to use for job bookmarks data. Valid values: `CSE-KMS`, `DISABLED`. Default value: `DISABLED`. */ jobBookmarksEncryptionMode?: pulumi.Input; /** * Amazon Resource Name (ARN) of the KMS key to be used to encrypt the data. */ kmsKeyArn?: pulumi.Input; } export interface SecurityConfigurationEncryptionConfigurationS3Encryption { /** * Amazon Resource Name (ARN) of the KMS key to be used to encrypt the data. */ kmsKeyArn?: pulumi.Input; /** * Encryption mode to use for S3 data. Valid values: `DISABLED`, `SSE-KMS`, `SSE-S3`. Default value: `DISABLED`. */ s3EncryptionMode?: pulumi.Input; } export interface TriggerAction { /** * Arguments to be passed to the job. You can specify arguments here that your own job-execution script consumes, as well as arguments that AWS Glue itself consumes. */ arguments?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * The name of the crawler to be executed. Conflicts with `jobName`. */ crawlerName?: pulumi.Input; /** * The name of a job to be executed. Conflicts with `crawlerName`. */ jobName?: pulumi.Input; /** * Specifies configuration properties of a job run notification. See Notification Property details below. */ notificationProperty?: pulumi.Input; /** * The name of the Security Configuration structure to be used with this action. */ securityConfiguration?: pulumi.Input; /** * The job run timeout in minutes. It overrides the timeout value of the job. */ timeout?: pulumi.Input; } export interface TriggerActionNotificationProperty { /** * After a job run starts, the number of minutes to wait before sending a job run delay notification. */ notifyDelayAfter?: pulumi.Input; } export interface TriggerEventBatchingCondition { /** * Number of events that must be received from Amazon EventBridge before EventBridge event trigger fires. */ batchSize: pulumi.Input; /** * Window of time in seconds after which EventBridge event trigger fires. Window starts when first event is received. Default value is `900`. */ batchWindow?: pulumi.Input; } export interface TriggerPredicate { /** * A list of the conditions that determine when the trigger will fire. See Conditions. */ conditions: pulumi.Input[]>; /** * How to handle multiple conditions. Defaults to `AND`. Valid values are `AND` or `ANY`. */ logical?: pulumi.Input; } export interface TriggerPredicateCondition { /** * The condition crawl state. Currently, the values supported are `RUNNING`, `SUCCEEDED`, `CANCELLED`, and `FAILED`. If this is specified, `crawlerName` must also be specified. Conflicts with `state`. */ crawlState?: pulumi.Input; /** * The name of the crawler to watch. If this is specified, `crawlState` must also be specified. Conflicts with `jobName`. */ crawlerName?: pulumi.Input; /** * The name of the job to watch. If this is specified, `state` must also be specified. Conflicts with `crawlerName`. */ jobName?: pulumi.Input; /** * A logical operator. Defaults to `EQUALS`. */ logicalOperator?: pulumi.Input; /** * The condition job state. Currently, the values supported are `SUCCEEDED`, `STOPPED`, `TIMEOUT` and `FAILED`. If this is specified, `jobName` must also be specified. Conflicts with `crawlerState`. */ state?: pulumi.Input; } export interface UserDefinedFunctionResourceUri { /** * The type of the resource. can be one of `JAR`, `FILE`, and `ARCHIVE`. */ resourceType: pulumi.Input; /** * The URI for accessing the resource. */ uri: pulumi.Input; } } export namespace grafana { export interface WorkspaceNetworkAccessControl { /** * An array of prefix list IDs. */ prefixListIds: pulumi.Input[]>; /** * An array of Amazon VPC endpoint IDs for the workspace. The only VPC endpoints that can be specified here are interface VPC endpoints for Grafana workspaces (using the com.amazonaws.[region].grafana-workspace service endpoint). Other VPC endpoints will be ignored. */ vpceIds: pulumi.Input[]>; } export interface WorkspaceVpcConfiguration { /** * The list of Amazon EC2 security group IDs attached to the Amazon VPC for your Grafana workspace to connect. */ securityGroupIds: pulumi.Input[]>; /** * The list of Amazon EC2 subnet IDs created in the Amazon VPC for your Grafana workspace to connect. */ subnetIds: pulumi.Input[]>; } } export namespace guardduty { export interface DetectorDatasources { /** * Configures [Kubernetes protection](https://docs.aws.amazon.com/guardduty/latest/ug/kubernetes-protection.html). * See Kubernetes and Kubernetes Audit Logs below for more details. */ kubernetes?: pulumi.Input; /** * Configures [Malware Protection](https://docs.aws.amazon.com/guardduty/latest/ug/malware-protection.html). * See Malware Protection, Scan EC2 instance with findings and EBS volumes below for more details. */ malwareProtection?: pulumi.Input; /** * Configures [S3 protection](https://docs.aws.amazon.com/guardduty/latest/ug/s3-protection.html). * See S3 Logs below for more details. */ s3Logs?: pulumi.Input; } export interface DetectorDatasourcesKubernetes { /** * Configures Kubernetes audit logs as a data source for [Kubernetes protection](https://docs.aws.amazon.com/guardduty/latest/ug/kubernetes-protection.html). * See Kubernetes Audit Logs below for more details. */ auditLogs: pulumi.Input; } export interface DetectorDatasourcesKubernetesAuditLogs { /** * If true, enables Kubernetes audit logs as a data source for [Kubernetes protection](https://docs.aws.amazon.com/guardduty/latest/ug/kubernetes-protection.html). * Defaults to `true`. */ enable: pulumi.Input; } export interface DetectorDatasourcesMalwareProtection { /** * Configure whether [Malware Protection](https://docs.aws.amazon.com/guardduty/latest/ug/malware-protection.html) is enabled as data source for EC2 instances with findings for the detector. * See Scan EC2 instance with findings below for more details. */ scanEc2InstanceWithFindings: pulumi.Input; } export interface DetectorDatasourcesMalwareProtectionScanEc2InstanceWithFindings { /** * Configure whether scanning EBS volumes is enabled as data source for the detector for instances with findings. * See EBS volumes below for more details. */ ebsVolumes: pulumi.Input; } export interface DetectorDatasourcesMalwareProtectionScanEc2InstanceWithFindingsEbsVolumes { /** * If true, enables [Malware Protection](https://docs.aws.amazon.com/guardduty/latest/ug/malware-protection.html) as data source for the detector. * Defaults to `true`. */ enable: pulumi.Input; } export interface DetectorDatasourcesS3Logs { /** * If true, enables [S3 protection](https://docs.aws.amazon.com/guardduty/latest/ug/s3-protection.html). * Defaults to `true`. */ enable: pulumi.Input; } export interface DetectorFeatureAdditionalConfiguration { /** * The name of the additional configuration for a feature. Valid values: `EKS_ADDON_MANAGEMENT`, `ECS_FARGATE_AGENT_MANAGEMENT`, `EC2_AGENT_MANAGEMENT`. Refer to the [AWS Documentation](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_DetectorAdditionalConfiguration.html) for the current list of supported values. */ name: pulumi.Input; /** * The status of the additional configuration. Valid values: `ENABLED`, `DISABLED`. */ status: pulumi.Input; } export interface FilterFindingCriteria { criterions: pulumi.Input[]>; } export interface FilterFindingCriteriaCriterion { /** * List of string values to be evaluated. */ equals?: pulumi.Input[]>; /** * The name of the field to be evaluated. The full list of field names can be found in [AWS documentation](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_filter-findings.html#filter_criteria). */ field: pulumi.Input; /** * A value to be evaluated. Accepts either an integer or a date in [RFC 3339 format](https://tools.ietf.org/html/rfc3339#section-5.8). */ greaterThan?: pulumi.Input; /** * A value to be evaluated. Accepts either an integer or a date in [RFC 3339 format](https://tools.ietf.org/html/rfc3339#section-5.8). */ greaterThanOrEqual?: pulumi.Input; /** * A value to be evaluated. Accepts either an integer or a date in [RFC 3339 format](https://tools.ietf.org/html/rfc3339#section-5.8). */ lessThan?: pulumi.Input; /** * A value to be evaluated. Accepts either an integer or a date in [RFC 3339 format](https://tools.ietf.org/html/rfc3339#section-5.8). */ lessThanOrEqual?: pulumi.Input; /** * List of string values to be evaluated as matching conditions. */ matches?: pulumi.Input[]>; /** * List of string values to be evaluated. */ notEquals?: pulumi.Input[]>; /** * List of string values to be evaluated as non-matching conditions. */ notMatches?: pulumi.Input[]>; } export interface MalwareProtectionPlanAction { /** * Indicates whether the scanned S3 object will have tags about the scan result. See `tagging` below. */ taggings: pulumi.Input[]>; } export interface MalwareProtectionPlanActionTagging { /** * Indicates whether or not the tags will added. Valid values are `DISABLED` and `ENABLED`. Defaults to `DISABLED` */ status: pulumi.Input; } export interface MalwareProtectionPlanProtectedResource { /** * Information about the protected S3 bucket resource. See `s3Bucket` below. */ s3Bucket: pulumi.Input; } export interface MalwareProtectionPlanProtectedResourceS3Bucket { /** * Name of the S3 bucket. */ bucketName: pulumi.Input; /** * The list of object prefixes that specify the S3 objects that will be scanned. */ objectPrefixes?: pulumi.Input[]>; } export interface MemberDetectorFeatureAdditionalConfiguration { /** * The name of the additional configuration. Valid values: `EKS_ADDON_MANAGEMENT`, `ECS_FARGATE_AGENT_MANAGEMENT`. */ name: pulumi.Input; /** * The status of the additional configuration. Valid values: `ENABLED`, `DISABLED`. */ status: pulumi.Input; } export interface OrganizationConfigurationDatasources { /** * Enable Kubernetes Audit Logs Monitoring automatically for new member accounts. */ kubernetes?: pulumi.Input; /** * Enable Malware Protection automatically for new member accounts. */ malwareProtection?: pulumi.Input; /** * Enable S3 Protection automatically for new member accounts. */ s3Logs?: pulumi.Input; } export interface OrganizationConfigurationDatasourcesKubernetes { /** * Enable Kubernetes Audit Logs Monitoring automatically for new member accounts. [Kubernetes protection](https://docs.aws.amazon.com/guardduty/latest/ug/kubernetes-protection.html). * See Kubernetes Audit Logs below for more details. */ auditLogs: pulumi.Input; } export interface OrganizationConfigurationDatasourcesKubernetesAuditLogs { /** * If true, enables Kubernetes audit logs as a data source for [Kubernetes protection](https://docs.aws.amazon.com/guardduty/latest/ug/kubernetes-protection.html). * Defaults to `true`. */ enable: pulumi.Input; } export interface OrganizationConfigurationDatasourcesMalwareProtection { /** * Configure whether [Malware Protection](https://docs.aws.amazon.com/guardduty/latest/ug/malware-protection.html) for EC2 instances with findings should be auto-enabled for new members joining the organization. * See Scan EC2 instance with findings below for more details. */ scanEc2InstanceWithFindings: pulumi.Input; } export interface OrganizationConfigurationDatasourcesMalwareProtectionScanEc2InstanceWithFindings { /** * Configure whether scanning EBS volumes should be auto-enabled for new members joining the organization * See EBS volumes below for more details. */ ebsVolumes: pulumi.Input; } export interface OrganizationConfigurationDatasourcesMalwareProtectionScanEc2InstanceWithFindingsEbsVolumes { /** * If true, enables [Malware Protection](https://docs.aws.amazon.com/guardduty/latest/ug/malware-protection.html) for all new accounts joining the organization. * Defaults to `true`. */ autoEnable: pulumi.Input; } export interface OrganizationConfigurationDatasourcesS3Logs { /** * Set to `true` if you want S3 data event logs to be automatically enabled for new members of the organization. Default: `false` */ autoEnable: pulumi.Input; } export interface OrganizationConfigurationFeatureAdditionalConfiguration { /** * The status of the additional configuration that will be configured for the organization. Valid values: `NEW`, `ALL`, `NONE`. */ autoEnable: pulumi.Input; /** * The name of the additional configuration for a feature that will be configured for the organization. Valid values: `EKS_ADDON_MANAGEMENT`, `ECS_FARGATE_AGENT_MANAGEMENT`, `EC2_AGENT_MANAGEMENT`. Refer to the [AWS Documentation](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_DetectorAdditionalConfiguration.html) for the current list of supported values. */ name: pulumi.Input; } } export namespace iam { /** * When you use an AWS account identifier as the principal in a policy, the permissions in the policy statement can be granted to all identities contained in that account. This includes IAM users and roles in that account. */ export interface AWSPrincipal { /** * AWS account identifier or ARN. */ AWS: pulumi.Input[]>; } /** * Federated principal for identity providers. */ export interface FederatedPrincipal { /** * The federated principal identifier. */ Federated: pulumi.Input[]>; } export interface GetPolicyDocumentStatement { /** * List of actions that this statement either allows or denies. For example, `["ec2:RunInstances", "s3:*"]`. */ actions?: string[]; /** * Configuration block for a condition. Detailed below. */ conditions?: inputs.iam.GetPolicyDocumentStatementCondition[]; /** * Whether this statement allows or denies the given actions. Valid values are `Allow` and `Deny`. Defaults to `Allow`. */ effect?: string; /** * List of actions that this statement does *not* apply to. Use to apply a policy statement to all actions *except* those listed. */ notActions?: string[]; /** * Like `principals` except these are principals that the statement does *not* apply to. */ notPrincipals?: inputs.iam.GetPolicyDocumentStatementNotPrincipal[]; /** * List of resource ARNs that this statement does *not* apply to. Use to apply a policy statement to all resources *except* those listed. Conflicts with `resources`. */ notResources?: string[]; /** * Configuration block for principals. Detailed below. */ principals?: inputs.iam.GetPolicyDocumentStatementPrincipal[]; /** * List of resource ARNs that this statement applies to. This is required by AWS if used for an IAM policy. Conflicts with `notResources`. */ resources?: string[]; /** * Sid (statement ID) is an identifier for a policy statement. */ sid?: string; } export interface GetPolicyDocumentStatementArgs { /** * List of actions that this statement either allows or denies. For example, `["ec2:RunInstances", "s3:*"]`. */ actions?: pulumi.Input[]>; /** * Configuration block for a condition. Detailed below. */ conditions?: pulumi.Input[]>; /** * Whether this statement allows or denies the given actions. Valid values are `Allow` and `Deny`. Defaults to `Allow`. */ effect?: pulumi.Input; /** * List of actions that this statement does *not* apply to. Use to apply a policy statement to all actions *except* those listed. */ notActions?: pulumi.Input[]>; /** * Like `principals` except these are principals that the statement does *not* apply to. */ notPrincipals?: pulumi.Input[]>; /** * List of resource ARNs that this statement does *not* apply to. Use to apply a policy statement to all resources *except* those listed. Conflicts with `resources`. */ notResources?: pulumi.Input[]>; /** * Configuration block for principals. Detailed below. */ principals?: pulumi.Input[]>; /** * List of resource ARNs that this statement applies to. This is required by AWS if used for an IAM policy. Conflicts with `notResources`. */ resources?: pulumi.Input[]>; /** * Sid (statement ID) is an identifier for a policy statement. */ sid?: pulumi.Input; } export interface GetPolicyDocumentStatementCondition { /** * Name of the [IAM condition operator](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html) to evaluate. */ test: string; /** * Values to evaluate the condition against. If multiple values are provided, the condition matches if at least one of them applies. That is, AWS evaluates multiple values as though using an "OR" boolean operation. */ values: string[]; /** * Name of a [Context Variable](http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements.html#AvailableKeys) to apply the condition to. Context variables may either be standard AWS variables starting with `aws:` or service-specific variables prefixed with the service name. */ variable: string; } export interface GetPolicyDocumentStatementConditionArgs { /** * Name of the [IAM condition operator](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html) to evaluate. */ test: pulumi.Input; /** * Values to evaluate the condition against. If multiple values are provided, the condition matches if at least one of them applies. That is, AWS evaluates multiple values as though using an "OR" boolean operation. */ values: pulumi.Input[]>; /** * Name of a [Context Variable](http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements.html#AvailableKeys) to apply the condition to. Context variables may either be standard AWS variables starting with `aws:` or service-specific variables prefixed with the service name. */ variable: pulumi.Input; } export interface GetPolicyDocumentStatementNotPrincipal { /** * List of identifiers for principals. When `type` is `AWS`, these are IAM principal ARNs, e.g., `arn:aws:iam::12345678901:role/yak-role`. When `type` is `Service`, these are AWS Service roles, e.g., `lambda.amazonaws.com`. When `type` is `Federated`, these are web identity users or SAML provider ARNs, e.g., `accounts.google.com` or `arn:aws:iam::12345678901:saml-provider/yak-saml-provider`. When `type` is `CanonicalUser`, these are [canonical user IDs](https://docs.aws.amazon.com/general/latest/gr/acct-identifiers.html#FindingCanonicalId), e.g., `79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be`. */ identifiers: string[]; /** * Type of principal. Valid values include `AWS`, `Service`, `Federated`, `CanonicalUser` and `*`. */ type: string; } export interface GetPolicyDocumentStatementNotPrincipalArgs { /** * List of identifiers for principals. When `type` is `AWS`, these are IAM principal ARNs, e.g., `arn:aws:iam::12345678901:role/yak-role`. When `type` is `Service`, these are AWS Service roles, e.g., `lambda.amazonaws.com`. When `type` is `Federated`, these are web identity users or SAML provider ARNs, e.g., `accounts.google.com` or `arn:aws:iam::12345678901:saml-provider/yak-saml-provider`. When `type` is `CanonicalUser`, these are [canonical user IDs](https://docs.aws.amazon.com/general/latest/gr/acct-identifiers.html#FindingCanonicalId), e.g., `79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be`. */ identifiers: pulumi.Input[]>; /** * Type of principal. Valid values include `AWS`, `Service`, `Federated`, `CanonicalUser` and `*`. */ type: pulumi.Input; } export interface GetPolicyDocumentStatementPrincipal { /** * List of identifiers for principals. When `type` is `AWS`, these are IAM principal ARNs, e.g., `arn:aws:iam::12345678901:role/yak-role`. When `type` is `Service`, these are AWS Service roles, e.g., `lambda.amazonaws.com`. When `type` is `Federated`, these are web identity users or SAML provider ARNs, e.g., `accounts.google.com` or `arn:aws:iam::12345678901:saml-provider/yak-saml-provider`. When `type` is `CanonicalUser`, these are [canonical user IDs](https://docs.aws.amazon.com/general/latest/gr/acct-identifiers.html#FindingCanonicalId), e.g., `79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be`. */ identifiers: string[]; /** * Type of principal. Valid values include `AWS`, `Service`, `Federated`, `CanonicalUser` and `*`. */ type: string; } export interface GetPolicyDocumentStatementPrincipalArgs { /** * List of identifiers for principals. When `type` is `AWS`, these are IAM principal ARNs, e.g., `arn:aws:iam::12345678901:role/yak-role`. When `type` is `Service`, these are AWS Service roles, e.g., `lambda.amazonaws.com`. When `type` is `Federated`, these are web identity users or SAML provider ARNs, e.g., `accounts.google.com` or `arn:aws:iam::12345678901:saml-provider/yak-saml-provider`. When `type` is `CanonicalUser`, these are [canonical user IDs](https://docs.aws.amazon.com/general/latest/gr/acct-identifiers.html#FindingCanonicalId), e.g., `79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be`. */ identifiers: pulumi.Input[]>; /** * Type of principal. Valid values include `AWS`, `Service`, `Federated`, `CanonicalUser` and `*`. */ type: pulumi.Input; } export interface GetPrincipalPolicySimulationContext { /** * The context _condition key_ to set. * * If you have policies containing `Condition` elements or using dynamic interpolations then you will need to provide suitable values for each condition key your policies use. See [Actions, resources, and condition keys for AWS services](https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html) to find the various condition keys that are normally provided for real requests to each action of each AWS service. */ key: string; /** * An IAM value type that determines how the policy simulator will interpret the strings given in `values`. * * For more information, see the `ContextKeyType` field of [`iam.ContextEntry`](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ContextEntry.html) in the underlying API. */ type: string; /** * A set of one or more values for this context entry. */ values: string[]; } export interface GetPrincipalPolicySimulationContextArgs { /** * The context _condition key_ to set. * * If you have policies containing `Condition` elements or using dynamic interpolations then you will need to provide suitable values for each condition key your policies use. See [Actions, resources, and condition keys for AWS services](https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html) to find the various condition keys that are normally provided for real requests to each action of each AWS service. */ key: pulumi.Input; /** * An IAM value type that determines how the policy simulator will interpret the strings given in `values`. * * For more information, see the `ContextKeyType` field of [`iam.ContextEntry`](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ContextEntry.html) in the underlying API. */ type: pulumi.Input; /** * A set of one or more values for this context entry. */ values: pulumi.Input[]>; } /** * Represents an AWS IAM policy document that defines permissions for AWS resources and actions. */ export interface PolicyDocument { Id?: pulumi.Input; Statement: pulumi.Input[]>; Version: pulumi.Input; } /** * The Statement element is the main element for a policy. This element is required. It can include multiple elements (see the subsequent sections in this page). The Statement element contains an array of individual statements. */ export interface PolicyStatement { /** * Include a list of actions that the policy allows or denies. Required (either Action or NotAction) */ Action?: pulumi.Input[]>; /** * Specify the circumstances under which the policy grants permission. */ Condition?: pulumi.Input<{[key: string]: any}>; /** * Indicate whether the policy allows or denies access. */ Effect: pulumi.Input; /** * Include a list of actions that are not covered by this policy. Required (either Action or NotAction) */ NotAction?: pulumi.Input[]>; /** * Indicate the account, user, role, or federated user to which this policy does not apply. */ NotPrincipal?: pulumi.Input; /** * A list of resources that are specifically excluded by this policy. */ NotResource?: pulumi.Input[]>; /** * Indicate the account, user, role, or federated user to which you would like to allow or deny access. If you are creating a policy to attach to a user or role, you cannot include this element. The principal is implied as that user or role. */ Principal?: pulumi.Input; /** * A list of resources to which the actions apply. */ Resource?: pulumi.Input[]>; /** * An optional statement ID to differentiate between your statements. */ Sid?: pulumi.Input; } export interface RoleInlinePolicy { /** * Name of the role policy. */ name?: pulumi.Input; /** * Policy document as a JSON formatted string. */ policy?: pulumi.Input; } /** * IAM roles that can be assumed by an AWS service are called service roles. Service roles must include a trust policy. A service principal is an identifier that is used to grant permissions to a service. */ export interface ServicePrincipal { /** * The service principal identifier. */ Service: pulumi.Input[]>; } } export namespace identitystore { export interface GetGroupAlternateIdentifier { /** * Configuration block for filtering by the identifier issued by an external identity provider. Detailed below. */ externalId?: inputs.identitystore.GetGroupAlternateIdentifierExternalId; /** * An entity attribute that's unique to a specific entity. Detailed below. * * > Exactly one of the above arguments must be provided. */ uniqueAttribute?: inputs.identitystore.GetGroupAlternateIdentifierUniqueAttribute; } export interface GetGroupAlternateIdentifierArgs { /** * Configuration block for filtering by the identifier issued by an external identity provider. Detailed below. */ externalId?: pulumi.Input; /** * An entity attribute that's unique to a specific entity. Detailed below. * * > Exactly one of the above arguments must be provided. */ uniqueAttribute?: pulumi.Input; } export interface GetGroupAlternateIdentifierExternalId { /** * The identifier issued to this resource by an external identity provider. */ id: string; /** * The issuer for an external identifier. */ issuer: string; } export interface GetGroupAlternateIdentifierExternalIdArgs { /** * The identifier issued to this resource by an external identity provider. */ id: pulumi.Input; /** * The issuer for an external identifier. */ issuer: pulumi.Input; } export interface GetGroupAlternateIdentifierUniqueAttribute { /** * Attribute path that is used to specify which attribute name to search. For example: `DisplayName`. Refer to the [Group data type](https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_Group.html). */ attributePath: string; /** * Value for an attribute. */ attributeValue: string; } export interface GetGroupAlternateIdentifierUniqueAttributeArgs { /** * Attribute path that is used to specify which attribute name to search. For example: `DisplayName`. Refer to the [Group data type](https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_Group.html). */ attributePath: pulumi.Input; /** * Value for an attribute. */ attributeValue: pulumi.Input; } export interface GetUserAlternateIdentifier { /** * Configuration block for filtering by the identifier issued by an external identity provider. Detailed below. */ externalId?: inputs.identitystore.GetUserAlternateIdentifierExternalId; /** * An entity attribute that's unique to a specific entity. Detailed below. * * > Exactly one of the above arguments must be provided. */ uniqueAttribute?: inputs.identitystore.GetUserAlternateIdentifierUniqueAttribute; } export interface GetUserAlternateIdentifierArgs { /** * Configuration block for filtering by the identifier issued by an external identity provider. Detailed below. */ externalId?: pulumi.Input; /** * An entity attribute that's unique to a specific entity. Detailed below. * * > Exactly one of the above arguments must be provided. */ uniqueAttribute?: pulumi.Input; } export interface GetUserAlternateIdentifierExternalId { /** * The identifier issued to this resource by an external identity provider. */ id: string; /** * The issuer for an external identifier. */ issuer: string; } export interface GetUserAlternateIdentifierExternalIdArgs { /** * The identifier issued to this resource by an external identity provider. */ id: pulumi.Input; /** * The issuer for an external identifier. */ issuer: pulumi.Input; } export interface GetUserAlternateIdentifierUniqueAttribute { /** * Attribute path that is used to specify which attribute name to search. For example: `UserName`. Refer to the [User data type](https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_User.html). */ attributePath: string; /** * Value for an attribute. */ attributeValue: string; } export interface GetUserAlternateIdentifierUniqueAttributeArgs { /** * Attribute path that is used to specify which attribute name to search. For example: `UserName`. Refer to the [User data type](https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_User.html). */ attributePath: pulumi.Input; /** * Value for an attribute. */ attributeValue: pulumi.Input; } export interface GroupExternalId { /** * The identifier issued to this resource by an external identity provider. */ id?: pulumi.Input; /** * The issuer for an external identifier. */ issuer?: pulumi.Input; } export interface UserAddresses { /** * The country that this address is in. */ country?: pulumi.Input; /** * The name that is typically displayed when the address is shown for display. */ formatted?: pulumi.Input; /** * The address locality. */ locality?: pulumi.Input; /** * The postal code of the address. */ postalCode?: pulumi.Input; /** * When `true`, this is the primary address associated with the user. */ primary?: pulumi.Input; /** * The region of the address. */ region?: pulumi.Input; /** * The street of the address. */ streetAddress?: pulumi.Input; /** * The type of address. */ type?: pulumi.Input; } export interface UserEmails { /** * When `true`, this is the primary email associated with the user. */ primary?: pulumi.Input; /** * The type of email. */ type?: pulumi.Input; /** * The email address. This value must be unique across the identity store. */ value?: pulumi.Input; } export interface UserExternalId { /** * The identifier issued to this resource by an external identity provider. */ id?: pulumi.Input; /** * The issuer for an external identifier. */ issuer?: pulumi.Input; } export interface UserName { /** * The family name of the user. */ familyName: pulumi.Input; /** * The name that is typically displayed when the name is shown for display. */ formatted?: pulumi.Input; /** * The given name of the user. * * The following arguments are optional: */ givenName: pulumi.Input; /** * The honorific prefix of the user. */ honorificPrefix?: pulumi.Input; /** * The honorific suffix of the user. */ honorificSuffix?: pulumi.Input; /** * The middle name of the user. */ middleName?: pulumi.Input; } export interface UserPhoneNumbers { /** * When `true`, this is the primary phone number associated with the user. */ primary?: pulumi.Input; /** * The type of phone number. */ type?: pulumi.Input; /** * The user's phone number. */ value?: pulumi.Input; } } export namespace imagebuilder { export interface ContainerRecipeComponent { /** * Amazon Resource Name (ARN) of the Image Builder Component to associate. */ componentArn: pulumi.Input; /** * Configuration block(s) for parameters to configure the component. Detailed below. */ parameters?: pulumi.Input[]>; } export interface ContainerRecipeComponentParameter { /** * The name of the component parameter. */ name: pulumi.Input; /** * The value for the named component parameter. */ value: pulumi.Input; } export interface ContainerRecipeInstanceConfiguration { /** * Configuration block(s) with block device mappings for the container recipe. Detailed below. */ blockDeviceMappings?: pulumi.Input[]>; /** * The AMI ID to use as the base image for a container build and test instance. If not specified, Image Builder will use the appropriate ECS-optimized AMI as a base image. */ image?: pulumi.Input; } export interface ContainerRecipeInstanceConfigurationBlockDeviceMapping { /** * Name of the device. For example, `/dev/sda` or `/dev/xvdb`. */ deviceName?: pulumi.Input; /** * Configuration block with Elastic Block Storage (EBS) block device mapping settings. Detailed below. */ ebs?: pulumi.Input; /** * Set to `true` to remove a mapping from the parent image. */ noDevice?: pulumi.Input; /** * Virtual device name. For example, `ephemeral0`. Instance store volumes are numbered starting from 0. */ virtualName?: pulumi.Input; } export interface ContainerRecipeInstanceConfigurationBlockDeviceMappingEbs { /** * Whether to delete the volume on termination. Defaults to unset, which is the value inherited from the parent image. */ deleteOnTermination?: pulumi.Input; /** * Whether to encrypt the volume. Defaults to unset, which is the value inherited from the parent image. */ encrypted?: pulumi.Input; /** * Number of Input/Output (I/O) operations per second to provision for an `io1` or `io2` volume. */ iops?: pulumi.Input; /** * Amazon Resource Name (ARN) of the Key Management Service (KMS) Key for encryption. */ kmsKeyId?: pulumi.Input; /** * Identifier of the EC2 Volume Snapshot. */ snapshotId?: pulumi.Input; /** * For GP3 volumes only. The throughput in MiB/s that the volume supports. */ throughput?: pulumi.Input; /** * Size of the volume, in GiB. */ volumeSize?: pulumi.Input; /** * Type of the volume. For example, `gp2` or `io2`. */ volumeType?: pulumi.Input; } export interface ContainerRecipeTargetRepository { /** * The name of the container repository where the output container image is stored. This name is prefixed by the repository location. */ repositoryName: pulumi.Input; /** * The service in which this image is registered. Valid values: `ECR`. */ service: pulumi.Input; } export interface DistributionConfigurationDistribution { /** * Configuration block with Amazon Machine Image (AMI) distribution settings. Detailed below. */ amiDistributionConfiguration?: pulumi.Input; /** * Configuration block with container distribution settings. Detailed below. */ containerDistributionConfiguration?: pulumi.Input; /** * Set of Windows faster-launching configurations to use for AMI distribution. Detailed below. */ fastLaunchConfigurations?: pulumi.Input[]>; /** * Set of launch template configuration settings that apply to image distribution. Detailed below. */ launchTemplateConfigurations?: pulumi.Input[]>; /** * Set of Amazon Resource Names (ARNs) of License Manager License Configurations. */ licenseConfigurationArns?: pulumi.Input[]>; /** * Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration. */ region: pulumi.Input; /** * Configuration block with S3 export settings. Detailed below. */ s3ExportConfiguration?: pulumi.Input; /** * Configuration block with SSM parameter configuration to use as AMI id output. Detailed below. */ ssmParameterConfigurations?: pulumi.Input[]>; } export interface DistributionConfigurationDistributionAmiDistributionConfiguration { /** * Key-value map of tags to apply to the distributed AMI. */ amiTags?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Description to apply to the distributed AMI. */ description?: pulumi.Input; /** * Amazon Resource Name (ARN) of the Key Management Service (KMS) Key to encrypt the distributed AMI. */ kmsKeyId?: pulumi.Input; /** * Configuration block of EC2 launch permissions to apply to the distributed AMI. Detailed below. */ launchPermission?: pulumi.Input; /** * Name to apply to the distributed AMI. */ name?: pulumi.Input; /** * Set of AWS Account identifiers to distribute the AMI. */ targetAccountIds?: pulumi.Input[]>; } export interface DistributionConfigurationDistributionAmiDistributionConfigurationLaunchPermission { /** * Set of AWS Organization ARNs to assign. */ organizationArns?: pulumi.Input[]>; /** * Set of AWS Organizational Unit ARNs to assign. */ organizationalUnitArns?: pulumi.Input[]>; /** * Set of EC2 launch permission user groups to assign. Use `all` to distribute a public AMI. */ userGroups?: pulumi.Input[]>; /** * Set of AWS Account identifiers to assign. */ userIds?: pulumi.Input[]>; } export interface DistributionConfigurationDistributionContainerDistributionConfiguration { /** * Set of tags that are attached to the container distribution configuration. */ containerTags?: pulumi.Input[]>; /** * Description of the container distribution configuration. */ description?: pulumi.Input; /** * Configuration block with the destination repository for the container distribution configuration. */ targetRepository: pulumi.Input; } export interface DistributionConfigurationDistributionContainerDistributionConfigurationTargetRepository { /** * The name of the container repository where the output container image is stored. This name is prefixed by the repository location. */ repositoryName: pulumi.Input; /** * The service in which this image is registered. Valid values: `ECR`. */ service: pulumi.Input; } export interface DistributionConfigurationDistributionFastLaunchConfiguration { /** * The owner account ID for the fast-launch enabled Windows AMI. */ accountId: pulumi.Input; /** * A Boolean that represents the current state of faster launching for the Windows AMI. Set to `true` to start using Windows faster launching, or `false` to stop using it. */ enabled: pulumi.Input; /** * Configuration block for the launch template that the fast-launch enabled Windows AMI uses when it launches Windows instances to create pre-provisioned snapshots. Detailed below. */ launchTemplate?: pulumi.Input; /** * The maximum number of parallel instances that are launched for creating resources. */ maxParallelLaunches?: pulumi.Input; /** * Configuration block for managing the number of snapshots that are created from pre-provisioned instances for the Windows AMI when faster launching is enabled. Detailed below. */ snapshotConfiguration?: pulumi.Input; } export interface DistributionConfigurationDistributionFastLaunchConfigurationLaunchTemplate { /** * The ID of the launch template to use for faster launching for a Windows AMI. */ launchTemplateId?: pulumi.Input; /** * The name of the launch template to use for faster launching for a Windows AMI. */ launchTemplateName?: pulumi.Input; /** * The version of the launch template to use for faster launching for a Windows AMI. */ launchTemplateVersion?: pulumi.Input; } export interface DistributionConfigurationDistributionFastLaunchConfigurationSnapshotConfiguration { /** * The number of pre-provisioned snapshots to keep on hand for a fast-launch enabled Windows AMI. */ targetResourceCount?: pulumi.Input; } export interface DistributionConfigurationDistributionLaunchTemplateConfiguration { /** * The account ID that this configuration applies to. */ accountId?: pulumi.Input; /** * Indicates whether to set the specified Amazon EC2 launch template as the default launch template. Defaults to `true`. */ default?: pulumi.Input; /** * The ID of the Amazon EC2 launch template to use. */ launchTemplateId: pulumi.Input; } export interface DistributionConfigurationDistributionS3ExportConfiguration { /** * The disk image format of the exported image (`RAW`, `VHD`, or `VMDK`) */ diskImageFormat: pulumi.Input; /** * The name of the IAM role to use for exporting. */ roleName: pulumi.Input; /** * The name of the S3 bucket to store the exported image in. The bucket needs to exist before the export configuration is created. */ s3Bucket: pulumi.Input; /** * The prefix for the exported image. */ s3Prefix?: pulumi.Input; } export interface DistributionConfigurationDistributionSsmParameterConfiguration { /** * AWS account ID that will own the parameter in the given region. This account must be specified as a target account in the distribution settings. */ amiAccountId?: pulumi.Input; /** * Data type of the SSM parameter. Valid values are `text` and `aws:ec2:image`. AWS recommends using `aws:ec2:image`. */ dataType?: pulumi.Input; /** * Name of the SSM parameter that will store the AMI ID after distribution. */ parameterName: pulumi.Input; } export interface GetComponentsFilter { /** * Name of the filter field. Valid values can be found in the [Image Builder ListComponents API Reference](https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_ListComponents.html). */ name: string; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: string[]; } export interface GetComponentsFilterArgs { /** * Name of the filter field. Valid values can be found in the [Image Builder ListComponents API Reference](https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_ListComponents.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: pulumi.Input[]>; } export interface GetContainerRecipesFilter { /** * Name of the filter field. Valid values can be found in the [Image Builder ListContainerRecipes API Reference](https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_ListContainerRecipes.html). */ name: string; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: string[]; } export interface GetContainerRecipesFilterArgs { /** * Name of the filter field. Valid values can be found in the [Image Builder ListContainerRecipes API Reference](https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_ListContainerRecipes.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: pulumi.Input[]>; } export interface GetDistributionConfigurationsFilter { /** * Name of the filter field. Valid values can be found in the [Image Builder ListDistributionConfigurations API Reference](https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_ListDistributionConfigurations.html). */ name: string; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: string[]; } export interface GetDistributionConfigurationsFilterArgs { /** * Name of the filter field. Valid values can be found in the [Image Builder ListDistributionConfigurations API Reference](https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_ListDistributionConfigurations.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: pulumi.Input[]>; } export interface GetImagePipelinesFilter { /** * Name of the filter field. Valid values can be found in the [Image Builder ListImagePipelines API Reference](https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_ListImagePipelines.html). */ name: string; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: string[]; } export interface GetImagePipelinesFilterArgs { /** * Name of the filter field. Valid values can be found in the [Image Builder ListImagePipelines API Reference](https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_ListImagePipelines.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: pulumi.Input[]>; } export interface GetImageRecipesFilter { /** * Name of the filter field. Valid values can be found in the [Image Builder ListImageRecipes API Reference](https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_ListImageRecipes.html). */ name: string; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: string[]; } export interface GetImageRecipesFilterArgs { /** * Name of the filter field. Valid values can be found in the [Image Builder ListImageRecipes API Reference](https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_ListImageRecipes.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: pulumi.Input[]>; } export interface GetInfrastructureConfigurationsFilter { /** * Name of the filter field. Valid values can be found in the [Image Builder ListInfrastructureConfigurations API Reference](https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_ListInfrastructureConfigurations.html). */ name: string; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: string[]; } export interface GetInfrastructureConfigurationsFilterArgs { /** * Name of the filter field. Valid values can be found in the [Image Builder ListInfrastructureConfigurations API Reference](https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_ListInfrastructureConfigurations.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: pulumi.Input[]>; } export interface ImageImageScanningConfiguration { /** * Configuration block with ECR configuration. Detailed below. */ ecrConfiguration?: pulumi.Input; /** * Indicates whether Image Builder keeps a snapshot of the vulnerability scans that Amazon Inspector runs against the build instance when you create a new image. Defaults to `false`. */ imageScanningEnabled?: pulumi.Input; } export interface ImageImageScanningConfigurationEcrConfiguration { /** * Set of tags for Image Builder to apply to the output container image that that Amazon Inspector scans. */ containerTags?: pulumi.Input[]>; /** * The name of the container repository that Amazon Inspector scans to identify findings for your container images. */ repositoryName?: pulumi.Input; } export interface ImageImageTestsConfiguration { /** * Whether image tests are enabled. Defaults to `true`. */ imageTestsEnabled?: pulumi.Input; /** * Number of minutes before image tests time out. Valid values are between `60` and `1440`. Defaults to `720`. */ timeoutMinutes?: pulumi.Input; } export interface ImageLoggingConfiguration { /** * Name of the CloudWatch Log Group to send logs to. */ logGroupName: pulumi.Input; } export interface ImageOutputResource { /** * Set of objects with each Amazon Machine Image (AMI) created. */ amis?: pulumi.Input[]>; /** * Set of objects with each container image created and stored in the output repository. */ containers?: pulumi.Input[]>; } export interface ImageOutputResourceAmi { /** * Account identifier of the AMI. */ accountId?: pulumi.Input; /** * Description of the AMI. */ description?: pulumi.Input; /** * Identifier of the AMI. */ image?: pulumi.Input; /** * Name of the AMI. */ name?: pulumi.Input; /** * Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration. */ region?: pulumi.Input; } export interface ImageOutputResourceContainer { /** * Set of URIs for created containers. */ imageUris?: pulumi.Input[]>; /** * Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration. */ region?: pulumi.Input; } export interface ImagePipelineImageScanningConfiguration { /** * Configuration block with ECR configuration for image scanning. Detailed below. */ ecrConfiguration?: pulumi.Input; /** * Whether image scans are enabled. Defaults to `false`. */ imageScanningEnabled?: pulumi.Input; } export interface ImagePipelineImageScanningConfigurationEcrConfiguration { containerTags?: pulumi.Input[]>; /** * The name of the repository to scan */ repositoryName?: pulumi.Input; } export interface ImagePipelineImageTestsConfiguration { /** * Whether image tests are enabled. Defaults to `true`. */ imageTestsEnabled?: pulumi.Input; /** * Number of minutes before image tests time out. Valid values are between `60` and `1440`. Defaults to `720`. */ timeoutMinutes?: pulumi.Input; } export interface ImagePipelineLoggingConfiguration { /** * Name of the CloudWatch Log Group to send image logs to. */ imageLogGroupName?: pulumi.Input; /** * Name of the CloudWatch Log Group to send pipeline logs to. */ pipelineLogGroupName?: pulumi.Input; } export interface ImagePipelineSchedule { /** * Condition when the pipeline should trigger a new image build. Valid values are `EXPRESSION_MATCH_AND_DEPENDENCY_UPDATES_AVAILABLE` and `EXPRESSION_MATCH_ONLY`. Defaults to `EXPRESSION_MATCH_AND_DEPENDENCY_UPDATES_AVAILABLE`. */ pipelineExecutionStartCondition?: pulumi.Input; /** * Cron expression of how often the pipeline start condition is evaluated. For example, `cron(0 0 * * ? *)` is evaluated every day at midnight UTC. Configurations using the five field syntax that was previously accepted by the API, such as `cron(0 0 * * *)`, must be updated to the six field syntax. For more information, see the [Image Builder User Guide](https://docs.aws.amazon.com/imagebuilder/latest/userguide/cron-expressions.html). * * The following arguments are optional: */ scheduleExpression: pulumi.Input; /** * The timezone that applies to the scheduling expression. For example, "Etc/UTC", "America/Los_Angeles" in the [IANA timezone format](https://www.joda.org/joda-time/timezones.html). If not specified this defaults to UTC. */ timezone?: pulumi.Input; } export interface ImagePipelineWorkflow { /** * The action to take if the workflow fails. Must be one of `CONTINUE` or `ABORT`. */ onFailure?: pulumi.Input; /** * The parallel group in which to run a test Workflow. */ parallelGroup?: pulumi.Input; /** * Configuration block for the workflow parameters. Detailed below. */ parameters?: pulumi.Input[]>; /** * Amazon Resource Name (ARN) of the Image Builder Workflow. * * The following arguments are optional: */ workflowArn: pulumi.Input; } export interface ImagePipelineWorkflowParameter { /** * The name of the Workflow parameter. */ name: pulumi.Input; /** * The value of the Workflow parameter. */ value: pulumi.Input; } export interface ImageRecipeBlockDeviceMapping { /** * Name of the device. For example, `/dev/sda` or `/dev/xvdb`. */ deviceName?: pulumi.Input; /** * Configuration block with Elastic Block Storage (EBS) block device mapping settings. Detailed below. */ ebs?: pulumi.Input; /** * Set to `true` to remove a mapping from the parent image. */ noDevice?: pulumi.Input; /** * Virtual device name. For example, `ephemeral0`. Instance store volumes are numbered starting from 0. */ virtualName?: pulumi.Input; } export interface ImageRecipeBlockDeviceMappingEbs { /** * Whether to delete the volume on termination. Defaults to unset, which is the value inherited from the parent image. */ deleteOnTermination?: pulumi.Input; /** * Whether to encrypt the volume. Defaults to unset, which is the value inherited from the parent image. */ encrypted?: pulumi.Input; /** * Number of Input/Output (I/O) operations per second to provision for an `io1` or `io2` volume. */ iops?: pulumi.Input; /** * Amazon Resource Name (ARN) of the Key Management Service (KMS) Key for encryption. */ kmsKeyId?: pulumi.Input; /** * Identifier of the EC2 Volume Snapshot. */ snapshotId?: pulumi.Input; /** * For GP3 volumes only. The throughput in MiB/s that the volume supports. */ throughput?: pulumi.Input; /** * Size of the volume, in GiB. */ volumeSize?: pulumi.Input; /** * Type of the volume. For example, `gp2` or `io2`. */ volumeType?: pulumi.Input; } export interface ImageRecipeComponent { /** * Amazon Resource Name (ARN) of the Image Builder Component to associate. */ componentArn: pulumi.Input; /** * Configuration block(s) for parameters to configure the component. Detailed below. */ parameters?: pulumi.Input[]>; } export interface ImageRecipeComponentParameter { /** * The name of the component parameter. */ name: pulumi.Input; /** * The value for the named component parameter. */ value: pulumi.Input; } export interface ImageRecipeSystemsManagerAgent { /** * Whether to remove the Systems Manager Agent after the image has been built. */ uninstallAfterBuild: pulumi.Input; } export interface ImageWorkflow { /** * The action to take if the workflow fails. Must be one of `CONTINUE` or `ABORT`. */ onFailure?: pulumi.Input; /** * The parallel group in which to run a test Workflow. */ parallelGroup?: pulumi.Input; /** * Configuration block for the workflow parameters. Detailed below. */ parameters?: pulumi.Input[]>; /** * Amazon Resource Name (ARN) of the Image Builder Workflow. * * The following arguments are optional: */ workflowArn: pulumi.Input; } export interface ImageWorkflowParameter { /** * The name of the Workflow parameter. */ name: pulumi.Input; /** * The value of the Workflow parameter. */ value: pulumi.Input; } export interface InfrastructureConfigurationInstanceMetadataOptions { /** * The number of hops that an instance can traverse to reach its destonation. */ httpPutResponseHopLimit?: pulumi.Input; /** * Whether a signed token is required for instance metadata retrieval requests. Valid values: `required`, `optional`. */ httpTokens?: pulumi.Input; } export interface InfrastructureConfigurationLogging { /** * Configuration block with S3 logging settings. Detailed below. */ s3Logs: pulumi.Input; } export interface InfrastructureConfigurationLoggingS3Logs { /** * Name of the S3 Bucket. * * The following arguments are optional: */ s3BucketName: pulumi.Input; /** * Prefix to use for S3 logs. Defaults to `/`. */ s3KeyPrefix?: pulumi.Input; } export interface InfrastructureConfigurationPlacement { /** * Availability Zone where your build and test instances will launch. */ availabilityZone?: pulumi.Input; /** * ID of the Dedicated Host on which build and test instances run. Conflicts with `hostResourceGroupArn`. */ hostId?: pulumi.Input; /** * ARN of the host resource group in which to launch build and test instances. Conflicts with `hostId`. */ hostResourceGroupArn?: pulumi.Input; /** * Placement tenancy of the instance. Valid values: `default`, `dedicated` and `host`. */ tenancy?: pulumi.Input; } export interface LifecyclePolicyPolicyDetail { /** * Configuration details for the policy action. */ action: pulumi.Input; /** * Additional rules to specify resources that should be exempt from policy actions. */ exclusionRules?: pulumi.Input; /** * Specifies the resources that the lifecycle policy applies to. * * The following arguments are optional: */ filter: pulumi.Input; } export interface LifecyclePolicyPolicyDetailAction { /** * Specifies the resources that the lifecycle policy applies to. Detailed below. */ includeResources?: pulumi.Input; /** * Specifies the lifecycle action to take. Valid values: `DELETE`, `DEPRECATE` or `DISABLE`. * * The following arguments are optional: */ type: pulumi.Input; } export interface LifecyclePolicyPolicyDetailActionIncludeResources { /** * Specifies whether the lifecycle action should apply to distributed AMIs. */ amis?: pulumi.Input; /** * Specifies whether the lifecycle action should apply to distributed containers. */ containers?: pulumi.Input; /** * Specifies whether the lifecycle action should apply to snapshots associated with distributed AMIs. */ snapshots?: pulumi.Input; } export interface LifecyclePolicyPolicyDetailExclusionRules { /** * Lists configuration values that apply to AMIs that Image Builder should exclude from the lifecycle action. Detailed below. */ amis?: pulumi.Input; /** * Contains a list of tags that Image Builder uses to skip lifecycle actions for Image Builder image resources that have them. */ tagMap?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface LifecyclePolicyPolicyDetailExclusionRulesAmis { /** * Configures whether public AMIs are excluded from the lifecycle action. */ isPublic?: pulumi.Input; /** * Specifies configuration details for Image Builder to exclude the most recent resources from lifecycle actions. Detailed below. */ lastLaunched?: pulumi.Input; /** * Configures AWS Regions that are excluded from the lifecycle action. */ regions?: pulumi.Input[]>; /** * Specifies AWS accounts whose resources are excluded from the lifecycle action. */ sharedAccounts?: pulumi.Input[]>; /** * Lists tags that should be excluded from lifecycle actions for the AMIs that have them. */ tagMap?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface LifecyclePolicyPolicyDetailExclusionRulesAmisLastLaunched { /** * Defines the unit of time that the lifecycle policy uses to calculate elapsed time since the last instance launched from the AMI. For example: days, weeks, months, or years. Valid values: `DAYS`, `WEEKS`, `MONTHS` or `YEARS`. */ unit: pulumi.Input; /** * The integer number of units for the time period. For example 6 (months). */ value: pulumi.Input; } export interface LifecyclePolicyPolicyDetailFilter { /** * For age-based filters, this is the number of resources to keep on hand after the lifecycle DELETE action is applied. Impacted resources are only deleted if you have more than this number of resources. If you have fewer resources than this number, the impacted resource is not deleted. */ retainAtLeast?: pulumi.Input; /** * Filter resources based on either age or count. Valid values: `AGE` or `COUNT`. */ type: pulumi.Input; /** * Defines the unit of time that the lifecycle policy uses to determine impacted resources. This is required for age-based rules. Valid values: `DAYS`, `WEEKS`, `MONTHS` or `YEARS`. */ unit?: pulumi.Input; /** * The number of units for the time period or for the count. For example, a value of 6 might refer to six months or six AMIs. * * The following arguments are optional: */ value: pulumi.Input; } export interface LifecyclePolicyResourceSelection { /** * A list of recipe that are used as selection criteria for the output images that the lifecycle policy applies to. Detailed below. */ recipes?: pulumi.Input[]>; /** * A list of tags that are used as selection criteria for the Image Builder image resources that the lifecycle policy applies to. */ tagMap?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface LifecyclePolicyResourceSelectionRecipe { /** * The name of an Image Builder recipe that the lifecycle policy uses for resource selection. */ name: pulumi.Input; /** * The version of the Image Builder recipe specified by the name field. */ semanticVersion: pulumi.Input; } } export namespace inspector { export interface AssessmentTemplateEventSubscription { /** * The event for which you want to receive SNS notifications. Valid values are `ASSESSMENT_RUN_STARTED`, `ASSESSMENT_RUN_COMPLETED`, `ASSESSMENT_RUN_STATE_CHANGED`, and `FINDING_REPORTED`. */ event: pulumi.Input; /** * The ARN of the SNS topic to which notifications are sent. */ topicArn: pulumi.Input; } } export namespace inspector2 { export interface FilterFilterCriteria { /** * (Optional) The AWS account ID in which the finding was generated. Documented below. */ awsAccountIds?: pulumi.Input[]>; /** * (Optional) The project name in a code repository. Documented below. */ codeRepositoryProjectNames?: pulumi.Input[]>; /** * (Optional) The repository provider type (such as GitHub, GitLab, etc.) Documented below. */ codeRepositoryProviderTypes?: pulumi.Input[]>; /** * (Optional) The ID of the component. Documented below. */ codeVulnerabilityDetectorNames?: pulumi.Input[]>; /** * (Optional) The ID of the component. Documented below. */ codeVulnerabilityDetectorTags?: pulumi.Input[]>; /** * (Optional) The ID of the component. Documented below. */ codeVulnerabilityFilePaths?: pulumi.Input[]>; /** * (Optional) The ID of the component. Documented below. */ componentIds?: pulumi.Input[]>; /** * (Optional) The type of the component. Documented below. */ componentTypes?: pulumi.Input[]>; /** * (Optional) The ID of the Amazon Machine Image (AMI). Documented below. */ ec2InstanceImageIds?: pulumi.Input[]>; /** * (Optional) The ID of the subnet. Documented below. */ ec2InstanceSubnetIds?: pulumi.Input[]>; /** * (Optional) The ID of the VPC. Documented below. */ ec2InstanceVpcIds?: pulumi.Input[]>; /** * (Optional) The architecture of the ECR image. Documented below. */ ecrImageArchitectures?: pulumi.Input[]>; /** * (Optional) The SHA256 hash of the ECR image. Documented below. */ ecrImageHashes?: pulumi.Input[]>; /** * (Optional) The number of the ECR images in use. Documented below. */ ecrImageInUseCounts?: pulumi.Input[]>; /** * (Optional) The date range when an ECR image was last used in an ECS cluster task or EKS cluster pod. Documented below. */ ecrImageLastInUseAts?: pulumi.Input[]>; /** * (Optional) The date range when the image was pushed. Documented below. */ ecrImagePushedAts?: pulumi.Input[]>; /** * (Optional) The registry of the ECR image. Documented below. */ ecrImageRegistries?: pulumi.Input[]>; /** * (Optional) The name of the ECR repository. Documented below. */ ecrImageRepositoryNames?: pulumi.Input[]>; /** * (Optional) The tags associated with the ECR image. Documented below. */ ecrImageTags?: pulumi.Input[]>; /** * (Optional) EPSS (Exploit Prediction Scoring System) Score of the finding. Documented below. */ epssScores?: pulumi.Input[]>; /** * (Optional) Availability of exploits. Documented below. */ exploitAvailables?: pulumi.Input[]>; /** * (Optional) The ARN of the finding. Documented below. */ findingArns?: pulumi.Input[]>; /** * (Optional) The status of the finding. Documented below. */ findingStatuses?: pulumi.Input[]>; /** * (Optional) The type of the finding. Documented below. */ findingTypes?: pulumi.Input[]>; /** * (Optional) When the finding was first observed. Documented below. */ firstObservedAts?: pulumi.Input[]>; /** * (Optional) Availability of the fix. Documented below. */ fixAvailables?: pulumi.Input[]>; /** * (Optional) The Inspector score given to the finding. Documented below. */ inspectorScores?: pulumi.Input[]>; /** * (Optional) Lambda execution role ARN. Documented below. */ lambdaFunctionExecutionRoleArns?: pulumi.Input[]>; /** * (Optional) Last modified timestamp of the lambda function. Documented below. */ lambdaFunctionLastModifiedAts?: pulumi.Input[]>; /** * (Optional) Lambda function layers. Documented below. */ lambdaFunctionLayers?: pulumi.Input[]>; /** * (Optional) Lambda function name. Documented below. */ lambdaFunctionNames?: pulumi.Input[]>; /** * (Optional) Lambda function runtime. Documented below. */ lambdaFunctionRuntimes?: pulumi.Input[]>; /** * (Optional) When the finding was last observed. Documented below. */ lastObservedAts?: pulumi.Input[]>; /** * (Optional) The network protocol of the finding. Documented below. */ networkProtocols?: pulumi.Input[]>; /** * (Optional) The port range of the finding. Documented below. */ portRanges?: pulumi.Input[]>; /** * (Optional) Related vulnerabilities. Documented below. */ relatedVulnerabilities?: pulumi.Input[]>; /** * (Optional) The ID of the resource. Documented below. */ resourceIds?: pulumi.Input[]>; /** * (Optional) The tags of the resource. Documented below. */ resourceTags?: pulumi.Input[]>; /** * (Optional) The type of the resource. Documented below. */ resourceTypes?: pulumi.Input[]>; /** * (Optional) The severity of the finding. Documented below. */ severities?: pulumi.Input[]>; /** * (Optional) The title of the finding. Documented below. */ titles?: pulumi.Input[]>; /** * (Optional) When the finding was last updated. Documented below. */ updatedAts?: pulumi.Input[]>; /** * (Optional) The severity as reported by the vendor. Documented below. */ vendorSeverities?: pulumi.Input[]>; /** * (Optional) The ID of the vulnerability. Documented below. */ vulnerabilityIds?: pulumi.Input[]>; /** * (Optional) The source of the vulnerability. Documented below. */ vulnerabilitySources?: pulumi.Input[]>; /** * (Optional) Details about vulnerable packages. Documented below. */ vulnerablePackages?: pulumi.Input[]>; } export interface FilterFilterCriteriaAwsAccountId { /** * (Required) The comparison operator. Valid values: `EQUALS`. */ comparison: pulumi.Input; /** * (Required) The value to filter on. */ value: pulumi.Input; } export interface FilterFilterCriteriaCodeRepositoryProjectName { /** * (Required) The comparison operator. Valid values: `EQUALS`. */ comparison: pulumi.Input; /** * (Required) The value to filter on. */ value: pulumi.Input; } export interface FilterFilterCriteriaCodeRepositoryProviderType { /** * (Required) The comparison operator. Valid values: `EQUALS`. */ comparison: pulumi.Input; /** * (Required) The value to filter on. */ value: pulumi.Input; } export interface FilterFilterCriteriaCodeVulnerabilityDetectorName { /** * (Required) The comparison operator. Valid values: `EQUALS`. */ comparison: pulumi.Input; /** * (Required) The value to filter on. */ value: pulumi.Input; } export interface FilterFilterCriteriaCodeVulnerabilityDetectorTag { /** * (Required) The comparison operator. Valid values: `EQUALS`. */ comparison: pulumi.Input; /** * (Required) The value to filter on. */ value: pulumi.Input; } export interface FilterFilterCriteriaCodeVulnerabilityFilePath { /** * (Required) The comparison operator. Valid values: `EQUALS`. */ comparison: pulumi.Input; /** * (Required) The value to filter on. */ value: pulumi.Input; } export interface FilterFilterCriteriaComponentId { /** * (Required) The comparison operator. Valid values: `EQUALS`. */ comparison: pulumi.Input; /** * (Required) The value to filter on. */ value: pulumi.Input; } export interface FilterFilterCriteriaComponentType { /** * (Required) The comparison operator. Valid values: `EQUALS`. */ comparison: pulumi.Input; /** * (Required) The value to filter on. */ value: pulumi.Input; } export interface FilterFilterCriteriaEc2InstanceImageId { /** * (Required) The comparison operator. Valid values: `EQUALS`. */ comparison: pulumi.Input; /** * (Required) The value to filter on. */ value: pulumi.Input; } export interface FilterFilterCriteriaEc2InstanceSubnetId { /** * (Required) The comparison operator. Valid values: `EQUALS`. */ comparison: pulumi.Input; /** * (Required) The value to filter on. */ value: pulumi.Input; } export interface FilterFilterCriteriaEc2InstanceVpcId { /** * (Required) The comparison operator. Valid values: `EQUALS`. */ comparison: pulumi.Input; /** * (Required) The value to filter on. */ value: pulumi.Input; } export interface FilterFilterCriteriaEcrImageArchitecture { /** * (Required) The comparison operator. Valid values: `EQUALS`. */ comparison: pulumi.Input; /** * (Required) The value to filter on. */ value: pulumi.Input; } export interface FilterFilterCriteriaEcrImageHash { /** * (Required) The comparison operator. Valid values: `EQUALS`. */ comparison: pulumi.Input; /** * (Required) The value to filter on. */ value: pulumi.Input; } export interface FilterFilterCriteriaEcrImageInUseCount { /** * (Optional) Lower bound of the range, inclusive. */ lowerInclusive: pulumi.Input; /** * (Optional) Upper bound of the range, inclusive. */ upperInclusive: pulumi.Input; } export interface FilterFilterCriteriaEcrImageLastInUseAt { /** * (Required) The end of the port range, inclusive. */ endInclusive?: pulumi.Input; /** * (Optional) Start of the date range in RFC 3339 format, inclusive. Set the timezone to UTC. */ startInclusive?: pulumi.Input; } export interface FilterFilterCriteriaEcrImagePushedAt { /** * (Required) The end of the port range, inclusive. */ endInclusive?: pulumi.Input; /** * (Optional) Start of the date range in RFC 3339 format, inclusive. Set the timezone to UTC. */ startInclusive?: pulumi.Input; } export interface FilterFilterCriteriaEcrImageRegistry { /** * (Required) The comparison operator. Valid values: `EQUALS`. */ comparison: pulumi.Input; /** * (Required) The value to filter on. */ value: pulumi.Input; } export interface FilterFilterCriteriaEcrImageRepositoryName { /** * (Required) The comparison operator. Valid values: `EQUALS`. */ comparison: pulumi.Input; /** * (Required) The value to filter on. */ value: pulumi.Input; } export interface FilterFilterCriteriaEcrImageTag { /** * (Required) The comparison operator. Valid values: `EQUALS`. */ comparison: pulumi.Input; /** * (Required) The value to filter on. */ value: pulumi.Input; } export interface FilterFilterCriteriaEpssScore { /** * (Optional) Lower bound of the range, inclusive. */ lowerInclusive: pulumi.Input; /** * (Optional) Upper bound of the range, inclusive. */ upperInclusive: pulumi.Input; } export interface FilterFilterCriteriaExploitAvailable { /** * (Required) The comparison operator. Valid values: `EQUALS`. */ comparison: pulumi.Input; /** * (Required) The value to filter on. */ value: pulumi.Input; } export interface FilterFilterCriteriaFindingArn { /** * (Required) The comparison operator. Valid values: `EQUALS`. */ comparison: pulumi.Input; /** * (Required) The value to filter on. */ value: pulumi.Input; } export interface FilterFilterCriteriaFindingStatus { /** * (Required) The comparison operator. Valid values: `EQUALS`. */ comparison: pulumi.Input; /** * (Required) The value to filter on. */ value: pulumi.Input; } export interface FilterFilterCriteriaFindingType { /** * (Required) The comparison operator. Valid values: `EQUALS`. */ comparison: pulumi.Input; /** * (Required) The value to filter on. */ value: pulumi.Input; } export interface FilterFilterCriteriaFirstObservedAt { /** * (Required) The end of the port range, inclusive. */ endInclusive?: pulumi.Input; /** * (Optional) Start of the date range in RFC 3339 format, inclusive. Set the timezone to UTC. */ startInclusive?: pulumi.Input; } export interface FilterFilterCriteriaFixAvailable { /** * (Required) The comparison operator. Valid values: `EQUALS`. */ comparison: pulumi.Input; /** * (Required) The value to filter on. */ value: pulumi.Input; } export interface FilterFilterCriteriaInspectorScore { /** * (Optional) Lower bound of the range, inclusive. */ lowerInclusive: pulumi.Input; /** * (Optional) Upper bound of the range, inclusive. */ upperInclusive: pulumi.Input; } export interface FilterFilterCriteriaLambdaFunctionExecutionRoleArn { /** * (Required) The comparison operator. Valid values: `EQUALS`. */ comparison: pulumi.Input; /** * (Required) The value to filter on. */ value: pulumi.Input; } export interface FilterFilterCriteriaLambdaFunctionLastModifiedAt { /** * (Required) The end of the port range, inclusive. */ endInclusive?: pulumi.Input; /** * (Optional) Start of the date range in RFC 3339 format, inclusive. Set the timezone to UTC. */ startInclusive?: pulumi.Input; } export interface FilterFilterCriteriaLambdaFunctionLayer { /** * (Required) The comparison operator. Valid values: `EQUALS`. */ comparison: pulumi.Input; /** * (Required) The value to filter on. */ value: pulumi.Input; } export interface FilterFilterCriteriaLambdaFunctionName { /** * (Required) The comparison operator. Valid values: `EQUALS`. */ comparison: pulumi.Input; /** * (Required) The value to filter on. */ value: pulumi.Input; } export interface FilterFilterCriteriaLambdaFunctionRuntime { /** * (Required) The comparison operator. Valid values: `EQUALS`. */ comparison: pulumi.Input; /** * (Required) The value to filter on. */ value: pulumi.Input; } export interface FilterFilterCriteriaLastObservedAt { /** * (Required) The end of the port range, inclusive. */ endInclusive?: pulumi.Input; /** * (Optional) Start of the date range in RFC 3339 format, inclusive. Set the timezone to UTC. */ startInclusive?: pulumi.Input; } export interface FilterFilterCriteriaNetworkProtocol { /** * (Required) The comparison operator. Valid values: `EQUALS`. */ comparison: pulumi.Input; /** * (Required) The value to filter on. */ value: pulumi.Input; } export interface FilterFilterCriteriaPortRange { /** * (Required) The beginning of the port range, inclusive. */ beginInclusive: pulumi.Input; /** * (Required) The end of the port range, inclusive. */ endInclusive: pulumi.Input; } export interface FilterFilterCriteriaRelatedVulnerability { /** * (Required) The comparison operator. Valid values: `EQUALS`. */ comparison: pulumi.Input; /** * (Required) The value to filter on. */ value: pulumi.Input; } export interface FilterFilterCriteriaResourceId { /** * (Required) The comparison operator. Valid values: `EQUALS`. */ comparison: pulumi.Input; /** * (Required) The value to filter on. */ value: pulumi.Input; } export interface FilterFilterCriteriaResourceTag { /** * (Required) The comparison operator. Valid values: `EQUALS`. */ comparison: pulumi.Input; /** * (Required) The key to filter on. */ key: pulumi.Input; /** * (Required) The value to filter on. */ value: pulumi.Input; } export interface FilterFilterCriteriaResourceType { /** * (Required) The comparison operator. Valid values: `EQUALS`. */ comparison: pulumi.Input; /** * (Required) The value to filter on. */ value: pulumi.Input; } export interface FilterFilterCriteriaSeverity { /** * (Required) The comparison operator. Valid values: `EQUALS`. */ comparison: pulumi.Input; /** * (Required) The value to filter on. */ value: pulumi.Input; } export interface FilterFilterCriteriaTitle { /** * (Required) The comparison operator. Valid values: `EQUALS`. */ comparison: pulumi.Input; /** * (Required) The value to filter on. */ value: pulumi.Input; } export interface FilterFilterCriteriaUpdatedAt { /** * (Required) The end of the port range, inclusive. */ endInclusive?: pulumi.Input; /** * (Optional) Start of the date range in RFC 3339 format, inclusive. Set the timezone to UTC. */ startInclusive?: pulumi.Input; } export interface FilterFilterCriteriaVendorSeverity { /** * (Required) The comparison operator. Valid values: `EQUALS`. */ comparison: pulumi.Input; /** * (Required) The value to filter on. */ value: pulumi.Input; } export interface FilterFilterCriteriaVulnerabilityId { /** * (Required) The comparison operator. Valid values: `EQUALS`. */ comparison: pulumi.Input; /** * (Required) The value to filter on. */ value: pulumi.Input; } export interface FilterFilterCriteriaVulnerabilitySource { /** * (Required) The comparison operator. Valid values: `EQUALS`. */ comparison: pulumi.Input; /** * (Required) The value to filter on. */ value: pulumi.Input; } export interface FilterFilterCriteriaVulnerablePackage { /** * (Optional) The architecture of the package. Documented below. */ architecture?: pulumi.Input; /** * (Optional) The epoch of the package. Documented below. */ epoches?: pulumi.Input[]>; /** * (Optional) The name of the package. Documented below. */ filePath?: pulumi.Input; /** * Name of the filter. */ name?: pulumi.Input; /** * (Optional) The release of the package. Documented below. */ release?: pulumi.Input; /** * (Optional) The ARN of the package's source lambda layer. Documented below. */ sourceLambdaLayerArn?: pulumi.Input; /** * (Optional) The source layer hash of the package. Documented below. */ sourceLayerHash?: pulumi.Input; /** * (Optional) The version of the package. Documented below. */ version?: pulumi.Input; } export interface FilterFilterCriteriaVulnerablePackageArchitecture { /** * (Required) The comparison operator. Valid values: `EQUALS`. */ comparison: pulumi.Input; /** * (Required) The value to filter on. */ value: pulumi.Input; } export interface FilterFilterCriteriaVulnerablePackageEpoch { /** * (Optional) Lower bound of the range, inclusive. */ lowerInclusive: pulumi.Input; /** * (Optional) Upper bound of the range, inclusive. */ upperInclusive: pulumi.Input; } export interface FilterFilterCriteriaVulnerablePackageFilePath { /** * (Required) The comparison operator. Valid values: `EQUALS`. */ comparison: pulumi.Input; /** * (Required) The value to filter on. */ value: pulumi.Input; } export interface FilterFilterCriteriaVulnerablePackageName { /** * (Required) The comparison operator. Valid values: `EQUALS`. */ comparison: pulumi.Input; /** * (Required) The value to filter on. */ value: pulumi.Input; } export interface FilterFilterCriteriaVulnerablePackageRelease { /** * (Required) The comparison operator. Valid values: `EQUALS`. */ comparison: pulumi.Input; /** * (Required) The value to filter on. */ value: pulumi.Input; } export interface FilterFilterCriteriaVulnerablePackageSourceLambdaLayerArn { /** * (Required) The comparison operator. Valid values: `EQUALS`. */ comparison: pulumi.Input; /** * (Required) The value to filter on. */ value: pulumi.Input; } export interface FilterFilterCriteriaVulnerablePackageSourceLayerHash { /** * (Required) The comparison operator. Valid values: `EQUALS`. */ comparison: pulumi.Input; /** * (Required) The value to filter on. */ value: pulumi.Input; } export interface FilterFilterCriteriaVulnerablePackageVersion { /** * (Required) The comparison operator. Valid values: `EQUALS`. */ comparison: pulumi.Input; /** * (Required) The value to filter on. */ value: pulumi.Input; } export interface OrganizationConfigurationAutoEnable { /** * Whether code repository scans are automatically enabled for new members of your Amazon Inspector organization. */ codeRepository?: pulumi.Input; /** * Whether Amazon EC2 scans are automatically enabled for new members of your Amazon Inspector organization. */ ec2: pulumi.Input; /** * Whether Amazon ECR scans are automatically enabled for new members of your Amazon Inspector organization. */ ecr: pulumi.Input; /** * Whether Lambda Function scans are automatically enabled for new members of your Amazon Inspector organization. */ lambda?: pulumi.Input; /** * Whether AWS Lambda code scans are automatically enabled for new members of your Amazon Inspector organization. **Note:** Lambda code scanning requires Lambda standard scanning to be activated. Consequently, if you are setting this argument to `true`, you must also set the `lambda` argument to `true`. See [Scanning AWS Lambda functions with Amazon Inspector](https://docs.aws.amazon.com/inspector/latest/user/scanning-lambda.html#lambda-code-scans) for more information. */ lambdaCode?: pulumi.Input; } } export namespace invoicing { export interface InvoiceUnitRule { /** * Set of AWS account IDs included in this invoice unit. */ linkedAccounts: pulumi.Input[]>; } export interface InvoiceUnitTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } } export namespace iot { export interface BillingGroupMetadata { creationDate: pulumi.Input; } export interface BillingGroupProperties { /** * A description of the Billing Group. */ description?: pulumi.Input; } export interface CaCertificateRegistrationConfig { /** * The ARN of the role. */ roleArn?: pulumi.Input; /** * The template body. */ templateBody?: pulumi.Input; /** * The name of the provisioning template. */ templateName?: pulumi.Input; } export interface CaCertificateValidity { /** * The certificate is not valid after this date. */ notAfter?: pulumi.Input; /** * The certificate is not valid before this date. */ notBefore?: pulumi.Input; } export interface DomainConfigurationAuthorizerConfig { /** * A Boolean that specifies whether the domain configuration's authorization service can be overridden. */ allowAuthorizerOverride?: pulumi.Input; /** * The name of the authorization service for a domain configuration. */ defaultAuthorizerName?: pulumi.Input; } export interface DomainConfigurationTlsConfig { /** * The security policy for a domain configuration. */ securityPolicy?: pulumi.Input; } export interface IndexingConfigurationThingGroupIndexingConfiguration { /** * A list of thing group fields to index. This list cannot contain any managed fields. See below. */ customFields?: pulumi.Input[]>; /** * Contains fields that are indexed and whose types are already known by the Fleet Indexing service. See below. */ managedFields?: pulumi.Input[]>; /** * Thing group indexing mode. Valid values: `OFF`, `ON`. */ thingGroupIndexingMode: pulumi.Input; } export interface IndexingConfigurationThingGroupIndexingConfigurationCustomField { /** * The name of the field. */ name?: pulumi.Input; /** * The data type of the field. Valid values: `Number`, `String`, `Boolean`. */ type?: pulumi.Input; } export interface IndexingConfigurationThingGroupIndexingConfigurationManagedField { /** * The name of the field. */ name?: pulumi.Input; /** * The data type of the field. Valid values: `Number`, `String`, `Boolean`. */ type?: pulumi.Input; } export interface IndexingConfigurationThingIndexingConfiguration { /** * Contains custom field names and their data type. See below. */ customFields?: pulumi.Input[]>; /** * Device Defender indexing mode. Valid values: `VIOLATIONS`, `OFF`. Default: `OFF`. */ deviceDefenderIndexingMode?: pulumi.Input; /** * Required if `namedShadowIndexingMode` is `ON`. Enables to add named shadows filtered by `filter` to fleet indexing configuration. */ filter?: pulumi.Input; /** * Contains fields that are indexed and whose types are already known by the Fleet Indexing service. See below. */ managedFields?: pulumi.Input[]>; /** * [Named shadow](https://docs.aws.amazon.com/iot/latest/developerguide/iot-device-shadows.html) indexing mode. Valid values: `ON`, `OFF`. Default: `OFF`. */ namedShadowIndexingMode?: pulumi.Input; /** * Thing connectivity indexing mode. Valid values: `STATUS`, `OFF`. Default: `OFF`. */ thingConnectivityIndexingMode?: pulumi.Input; /** * Thing indexing mode. Valid values: `REGISTRY`, `REGISTRY_AND_SHADOW`, `OFF`. */ thingIndexingMode: pulumi.Input; } export interface IndexingConfigurationThingIndexingConfigurationCustomField { /** * The name of the field. */ name?: pulumi.Input; /** * The data type of the field. Valid values: `Number`, `String`, `Boolean`. */ type?: pulumi.Input; } export interface IndexingConfigurationThingIndexingConfigurationFilter { /** * List of shadow names that you select to index. */ namedShadowNames?: pulumi.Input[]>; } export interface IndexingConfigurationThingIndexingConfigurationManagedField { /** * The name of the field. */ name?: pulumi.Input; /** * The data type of the field. Valid values: `Number`, `String`, `Boolean`. */ type?: pulumi.Input; } export interface ProvisioningTemplatePreProvisioningHook { /** * The version of the payload that was sent to the target function. The only valid (and the default) payload version is `"2020-04-01"`. */ payloadVersion?: pulumi.Input; /** * The ARN of the target function. */ targetArn: pulumi.Input; } export interface ThingGroupMetadata { creationDate?: pulumi.Input; /** * The name of the parent Thing Group. */ parentGroupName?: pulumi.Input; rootToParentGroups?: pulumi.Input[]>; } export interface ThingGroupMetadataRootToParentGroup { groupArn?: pulumi.Input; groupName?: pulumi.Input; } export interface ThingGroupProperties { /** * The Thing Group attributes. Defined below. */ attributePayload?: pulumi.Input; /** * A description of the Thing Group. */ description?: pulumi.Input; } export interface ThingGroupPropertiesAttributePayload { /** * Key-value map. */ attributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface ThingTypeProperties { /** * The description of the thing type. */ description?: pulumi.Input; /** * A list of searchable thing attribute names. */ searchableAttributes?: pulumi.Input[]>; } export interface TopicRuleCloudwatchAlarm { /** * The CloudWatch alarm name. */ alarmName: pulumi.Input; /** * The IAM role ARN that allows access to the CloudWatch alarm. */ roleArn: pulumi.Input; /** * The reason for the alarm change. */ stateReason: pulumi.Input; /** * The value of the alarm state. Acceptable values are: OK, ALARM, INSUFFICIENT_DATA. */ stateValue: pulumi.Input; } export interface TopicRuleCloudwatchLog { /** * The payload that contains a JSON array of records will be sent to CloudWatch via a batch call. */ batchMode?: pulumi.Input; /** * The CloudWatch log group name. */ logGroupName: pulumi.Input; /** * The IAM role ARN that allows access to the CloudWatch alarm. */ roleArn: pulumi.Input; } export interface TopicRuleCloudwatchMetric { /** * The CloudWatch metric name. */ metricName: pulumi.Input; /** * The CloudWatch metric namespace name. */ metricNamespace: pulumi.Input; /** * An optional Unix timestamp (http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/cloudwatch_concepts.html#about_timestamp). */ metricTimestamp?: pulumi.Input; /** * The metric unit (supported units can be found here: http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/cloudwatch_concepts.html#Unit) */ metricUnit: pulumi.Input; /** * The CloudWatch metric value. */ metricValue: pulumi.Input; /** * The IAM role ARN that allows access to the CloudWatch metric. */ roleArn: pulumi.Input; } export interface TopicRuleDestinationVpcConfiguration { /** * The ARN of a role that has permission to create and attach to elastic network interfaces (ENIs). */ roleArn: pulumi.Input; /** * The security groups of the VPC destination. */ securityGroups?: pulumi.Input[]>; /** * The subnet IDs of the VPC destination. */ subnetIds: pulumi.Input[]>; /** * The ID of the VPC. */ vpcId: pulumi.Input; } export interface TopicRuleDynamodb { /** * The hash key name. */ hashKeyField: pulumi.Input; /** * The hash key type. Valid values are "STRING" or "NUMBER". */ hashKeyType?: pulumi.Input; /** * The hash key value. */ hashKeyValue: pulumi.Input; /** * The operation. Valid values are "INSERT", "UPDATE", or "DELETE". */ operation?: pulumi.Input; /** * The action payload. */ payloadField?: pulumi.Input; /** * The range key name. */ rangeKeyField?: pulumi.Input; /** * The range key type. Valid values are "STRING" or "NUMBER". */ rangeKeyType?: pulumi.Input; /** * The range key value. */ rangeKeyValue?: pulumi.Input; /** * The ARN of the IAM role that grants access to the DynamoDB table. */ roleArn: pulumi.Input; /** * The name of the DynamoDB table. */ tableName: pulumi.Input; } export interface TopicRuleDynamodbv2 { /** * Configuration block with DynamoDB Table to which the message will be written. Nested arguments below. */ putItem?: pulumi.Input; /** * The ARN of the IAM role that grants access to the DynamoDB table. */ roleArn: pulumi.Input; } export interface TopicRuleDynamodbv2PutItem { /** * The name of the DynamoDB table. */ tableName: pulumi.Input; } export interface TopicRuleElasticsearch { /** * The endpoint of your Elasticsearch domain. */ endpoint: pulumi.Input; /** * The unique identifier for the document you are storing. */ id: pulumi.Input; /** * The Elasticsearch index where you want to store your data. */ index: pulumi.Input; /** * The IAM role ARN that has access to Elasticsearch. */ roleArn: pulumi.Input; /** * The type of document you are storing. */ type: pulumi.Input; } export interface TopicRuleErrorAction { cloudwatchAlarm?: pulumi.Input; cloudwatchLogs?: pulumi.Input; cloudwatchMetric?: pulumi.Input; dynamodb?: pulumi.Input; dynamodbv2?: pulumi.Input; elasticsearch?: pulumi.Input; firehose?: pulumi.Input; http?: pulumi.Input; iotAnalytics?: pulumi.Input; iotEvents?: pulumi.Input; kafka?: pulumi.Input; kinesis?: pulumi.Input; lambda?: pulumi.Input; republish?: pulumi.Input; s3?: pulumi.Input; sns?: pulumi.Input; sqs?: pulumi.Input; stepFunctions?: pulumi.Input; timestream?: pulumi.Input; } export interface TopicRuleErrorActionCloudwatchAlarm { /** * The CloudWatch alarm name. */ alarmName: pulumi.Input; /** * The IAM role ARN that allows access to the CloudWatch alarm. */ roleArn: pulumi.Input; /** * The reason for the alarm change. */ stateReason: pulumi.Input; /** * The value of the alarm state. Acceptable values are: OK, ALARM, INSUFFICIENT_DATA. */ stateValue: pulumi.Input; } export interface TopicRuleErrorActionCloudwatchLogs { /** * The payload that contains a JSON array of records will be sent to CloudWatch via a batch call. */ batchMode?: pulumi.Input; /** * The CloudWatch log group name. */ logGroupName: pulumi.Input; /** * The IAM role ARN that allows access to the CloudWatch alarm. */ roleArn: pulumi.Input; } export interface TopicRuleErrorActionCloudwatchMetric { /** * The CloudWatch metric name. */ metricName: pulumi.Input; /** * The CloudWatch metric namespace name. */ metricNamespace: pulumi.Input; /** * An optional Unix timestamp (http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/cloudwatch_concepts.html#about_timestamp). */ metricTimestamp?: pulumi.Input; /** * The metric unit (supported units can be found here: http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/cloudwatch_concepts.html#Unit) */ metricUnit: pulumi.Input; /** * The CloudWatch metric value. */ metricValue: pulumi.Input; /** * The IAM role ARN that allows access to the CloudWatch metric. */ roleArn: pulumi.Input; } export interface TopicRuleErrorActionDynamodb { /** * The hash key name. */ hashKeyField: pulumi.Input; /** * The hash key type. Valid values are "STRING" or "NUMBER". */ hashKeyType?: pulumi.Input; /** * The hash key value. */ hashKeyValue: pulumi.Input; /** * The operation. Valid values are "INSERT", "UPDATE", or "DELETE". */ operation?: pulumi.Input; /** * The action payload. */ payloadField?: pulumi.Input; /** * The range key name. */ rangeKeyField?: pulumi.Input; /** * The range key type. Valid values are "STRING" or "NUMBER". */ rangeKeyType?: pulumi.Input; /** * The range key value. */ rangeKeyValue?: pulumi.Input; /** * The ARN of the IAM role that grants access to the DynamoDB table. */ roleArn: pulumi.Input; /** * The name of the DynamoDB table. */ tableName: pulumi.Input; } export interface TopicRuleErrorActionDynamodbv2 { /** * Configuration block with DynamoDB Table to which the message will be written. Nested arguments below. */ putItem?: pulumi.Input; /** * The ARN of the IAM role that grants access to the DynamoDB table. */ roleArn: pulumi.Input; } export interface TopicRuleErrorActionDynamodbv2PutItem { /** * The name of the DynamoDB table. */ tableName: pulumi.Input; } export interface TopicRuleErrorActionElasticsearch { /** * The endpoint of your Elasticsearch domain. */ endpoint: pulumi.Input; /** * The unique identifier for the document you are storing. */ id: pulumi.Input; /** * The Elasticsearch index where you want to store your data. */ index: pulumi.Input; /** * The IAM role ARN that has access to Elasticsearch. */ roleArn: pulumi.Input; /** * The type of document you are storing. */ type: pulumi.Input; } export interface TopicRuleErrorActionFirehose { /** * The payload that contains a JSON array of records will be sent to Kinesis Firehose via a batch call. */ batchMode?: pulumi.Input; /** * The delivery stream name. */ deliveryStreamName: pulumi.Input; /** * The IAM role ARN that grants access to the Amazon Kinesis Firehose stream. */ roleArn: pulumi.Input; /** * A character separator that is used to separate records written to the Firehose stream. Valid values are: '\n' (newline), '\t' (tab), '\r\n' (Windows newline), ',' (comma). */ separator?: pulumi.Input; } export interface TopicRuleErrorActionHttp { /** * The HTTPS URL used to verify ownership of `url`. */ confirmationUrl?: pulumi.Input; /** * Custom HTTP header IoT Core should send. It is possible to define more than one custom header. */ httpHeaders?: pulumi.Input[]>; /** * The HTTPS URL. */ url: pulumi.Input; } export interface TopicRuleErrorActionHttpHttpHeader { /** * The name of the HTTP header. */ key: pulumi.Input; /** * The value of the HTTP header. */ value: pulumi.Input; } export interface TopicRuleErrorActionIotAnalytics { /** * The payload that contains a JSON array of records will be sent to IoT Analytics via a batch call. */ batchMode?: pulumi.Input; /** * Name of AWS IOT Analytics channel. */ channelName: pulumi.Input; /** * The ARN of the IAM role that grants access. */ roleArn: pulumi.Input; } export interface TopicRuleErrorActionIotEvents { /** * The payload that contains a JSON array of records will be sent to IoT Events via a batch call. */ batchMode?: pulumi.Input; /** * The name of the AWS IoT Events input. */ inputName: pulumi.Input; /** * Use this to ensure that only one input (message) with a given messageId is processed by an AWS IoT Events detector. */ messageId?: pulumi.Input; /** * The ARN of the IAM role that grants access. */ roleArn: pulumi.Input; } export interface TopicRuleErrorActionKafka { /** * Properties of the Apache Kafka producer client. For more info, see the [AWS documentation](https://docs.aws.amazon.com/iot/latest/developerguide/apache-kafka-rule-action.html). */ clientProperties: pulumi.Input<{[key: string]: pulumi.Input}>; /** * The ARN of Kafka action's VPC `aws.iot.TopicRuleDestination`. */ destinationArn: pulumi.Input; /** * The list of Kafka headers that you specify. Nested arguments below. */ headers?: pulumi.Input[]>; /** * The Kafka message key. */ key?: pulumi.Input; /** * The Kafka message partition. */ partition?: pulumi.Input; /** * The Kafka topic for messages to be sent to the Kafka broker. */ topic: pulumi.Input; } export interface TopicRuleErrorActionKafkaHeader { /** * The key of the Kafka header. */ key: pulumi.Input; /** * The value of the Kafka header. */ value: pulumi.Input; } export interface TopicRuleErrorActionKinesis { /** * The partition key. */ partitionKey?: pulumi.Input; /** * The ARN of the IAM role that grants access to the Amazon Kinesis stream. */ roleArn: pulumi.Input; /** * The name of the Amazon Kinesis stream. */ streamName: pulumi.Input; } export interface TopicRuleErrorActionLambda { /** * The ARN of the Lambda function. */ functionArn: pulumi.Input; } export interface TopicRuleErrorActionRepublish { /** * The Quality of Service (QoS) level to use when republishing messages. Valid values are 0 or 1. The default value is 0. */ qos?: pulumi.Input; /** * The ARN of the IAM role that grants access. */ roleArn: pulumi.Input; /** * The name of the MQTT topic the message should be republished to. */ topic: pulumi.Input; } export interface TopicRuleErrorActionS3 { /** * The Amazon S3 bucket name. */ bucketName: pulumi.Input; /** * The Amazon S3 canned ACL that controls access to the object identified by the object key. [Valid values](https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#canned-acl). */ cannedAcl?: pulumi.Input; /** * The object key. */ key: pulumi.Input; /** * The ARN of the IAM role that grants access. */ roleArn: pulumi.Input; } export interface TopicRuleErrorActionSns { /** * The message format of the message to publish. Accepted values are "JSON" and "RAW". */ messageFormat?: pulumi.Input; /** * The ARN of the IAM role that grants access. */ roleArn: pulumi.Input; /** * The ARN of the SNS topic. */ targetArn: pulumi.Input; } export interface TopicRuleErrorActionSqs { /** * The URL of the Amazon SQS queue. */ queueUrl: pulumi.Input; /** * The ARN of the IAM role that grants access. */ roleArn: pulumi.Input; /** * Specifies whether to use Base64 encoding. */ useBase64: pulumi.Input; } export interface TopicRuleErrorActionStepFunctions { /** * The prefix used to generate, along with a UUID, the unique state machine execution name. */ executionNamePrefix?: pulumi.Input; /** * The ARN of the IAM role that grants access to start execution of the state machine. */ roleArn: pulumi.Input; /** * The name of the Step Functions state machine whose execution will be started. */ stateMachineName: pulumi.Input; } export interface TopicRuleErrorActionTimestream { /** * The name of an Amazon Timestream database. */ databaseName: pulumi.Input; /** * Configuration blocks with metadata attributes of the time series that are written in each measure record. Nested arguments below. */ dimensions: pulumi.Input[]>; /** * The ARN of the role that grants permission to write to the Amazon Timestream database table. */ roleArn: pulumi.Input; /** * The name of the database table into which to write the measure records. */ tableName: pulumi.Input; /** * Configuration block specifying an application-defined value to replace the default value assigned to the Timestream record's timestamp in the time column. Nested arguments below. */ timestamp?: pulumi.Input; } export interface TopicRuleErrorActionTimestreamDimension { /** * The metadata dimension name. This is the name of the column in the Amazon Timestream database table record. */ name: pulumi.Input; /** * The value to write in this column of the database record. */ value: pulumi.Input; } export interface TopicRuleErrorActionTimestreamTimestamp { /** * The precision of the timestamp value that results from the expression described in value. Valid values: `SECONDS`, `MILLISECONDS`, `MICROSECONDS`, `NANOSECONDS`. */ unit: pulumi.Input; /** * An expression that returns a long epoch time value. */ value: pulumi.Input; } export interface TopicRuleFirehose { /** * The payload that contains a JSON array of records will be sent to Kinesis Firehose via a batch call. */ batchMode?: pulumi.Input; /** * The delivery stream name. */ deliveryStreamName: pulumi.Input; /** * The IAM role ARN that grants access to the Amazon Kinesis Firehose stream. */ roleArn: pulumi.Input; /** * A character separator that is used to separate records written to the Firehose stream. Valid values are: '\n' (newline), '\t' (tab), '\r\n' (Windows newline), ',' (comma). */ separator?: pulumi.Input; } export interface TopicRuleHttp { /** * The HTTPS URL used to verify ownership of `url`. */ confirmationUrl?: pulumi.Input; /** * Custom HTTP header IoT Core should send. It is possible to define more than one custom header. */ httpHeaders?: pulumi.Input[]>; /** * The HTTPS URL. */ url: pulumi.Input; } export interface TopicRuleHttpHttpHeader { /** * The name of the HTTP header. */ key: pulumi.Input; /** * The value of the HTTP header. */ value: pulumi.Input; } export interface TopicRuleIotAnalytic { /** * The payload that contains a JSON array of records will be sent to IoT Analytics via a batch call. */ batchMode?: pulumi.Input; /** * Name of AWS IOT Analytics channel. */ channelName: pulumi.Input; /** * The ARN of the IAM role that grants access. */ roleArn: pulumi.Input; } export interface TopicRuleIotEvent { /** * The payload that contains a JSON array of records will be sent to IoT Events via a batch call. */ batchMode?: pulumi.Input; /** * The name of the AWS IoT Events input. */ inputName: pulumi.Input; /** * Use this to ensure that only one input (message) with a given messageId is processed by an AWS IoT Events detector. */ messageId?: pulumi.Input; /** * The ARN of the IAM role that grants access. */ roleArn: pulumi.Input; } export interface TopicRuleKafka { /** * Properties of the Apache Kafka producer client. For more info, see the [AWS documentation](https://docs.aws.amazon.com/iot/latest/developerguide/apache-kafka-rule-action.html). */ clientProperties: pulumi.Input<{[key: string]: pulumi.Input}>; /** * The ARN of Kafka action's VPC `aws.iot.TopicRuleDestination`. */ destinationArn: pulumi.Input; /** * The list of Kafka headers that you specify. Nested arguments below. */ headers?: pulumi.Input[]>; /** * The Kafka message key. */ key?: pulumi.Input; /** * The Kafka message partition. */ partition?: pulumi.Input; /** * The Kafka topic for messages to be sent to the Kafka broker. */ topic: pulumi.Input; } export interface TopicRuleKafkaHeader { /** * The key of the Kafka header. */ key: pulumi.Input; /** * The value of the Kafka header. */ value: pulumi.Input; } export interface TopicRuleKinesis { /** * The partition key. */ partitionKey?: pulumi.Input; /** * The ARN of the IAM role that grants access to the Amazon Kinesis stream. */ roleArn: pulumi.Input; /** * The name of the Amazon Kinesis stream. */ streamName: pulumi.Input; } export interface TopicRuleLambda { /** * The ARN of the Lambda function. */ functionArn: pulumi.Input; } export interface TopicRuleRepublish { /** * The Quality of Service (QoS) level to use when republishing messages. Valid values are 0 or 1. The default value is 0. */ qos?: pulumi.Input; /** * The ARN of the IAM role that grants access. */ roleArn: pulumi.Input; /** * The name of the MQTT topic the message should be republished to. */ topic: pulumi.Input; } export interface TopicRuleS3 { /** * The Amazon S3 bucket name. */ bucketName: pulumi.Input; /** * The Amazon S3 canned ACL that controls access to the object identified by the object key. [Valid values](https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#canned-acl). */ cannedAcl?: pulumi.Input; /** * The object key. */ key: pulumi.Input; /** * The ARN of the IAM role that grants access. */ roleArn: pulumi.Input; } export interface TopicRuleSns { /** * The message format of the message to publish. Accepted values are "JSON" and "RAW". */ messageFormat?: pulumi.Input; /** * The ARN of the IAM role that grants access. */ roleArn: pulumi.Input; /** * The ARN of the SNS topic. */ targetArn: pulumi.Input; } export interface TopicRuleSqs { /** * The URL of the Amazon SQS queue. */ queueUrl: pulumi.Input; /** * The ARN of the IAM role that grants access. */ roleArn: pulumi.Input; /** * Specifies whether to use Base64 encoding. */ useBase64: pulumi.Input; } export interface TopicRuleStepFunction { /** * The prefix used to generate, along with a UUID, the unique state machine execution name. */ executionNamePrefix?: pulumi.Input; /** * The ARN of the IAM role that grants access to start execution of the state machine. */ roleArn: pulumi.Input; /** * The name of the Step Functions state machine whose execution will be started. */ stateMachineName: pulumi.Input; } export interface TopicRuleTimestream { /** * The name of an Amazon Timestream database. */ databaseName: pulumi.Input; /** * Configuration blocks with metadata attributes of the time series that are written in each measure record. Nested arguments below. */ dimensions: pulumi.Input[]>; /** * The ARN of the role that grants permission to write to the Amazon Timestream database table. */ roleArn: pulumi.Input; /** * The name of the database table into which to write the measure records. */ tableName: pulumi.Input; /** * Configuration block specifying an application-defined value to replace the default value assigned to the Timestream record's timestamp in the time column. Nested arguments below. */ timestamp?: pulumi.Input; } export interface TopicRuleTimestreamDimension { /** * The metadata dimension name. This is the name of the column in the Amazon Timestream database table record. */ name: pulumi.Input; /** * The value to write in this column of the database record. */ value: pulumi.Input; } export interface TopicRuleTimestreamTimestamp { /** * The precision of the timestamp value that results from the expression described in value. Valid values: `SECONDS`, `MILLISECONDS`, `MICROSECONDS`, `NANOSECONDS`. */ unit: pulumi.Input; /** * An expression that returns a long epoch time value. */ value: pulumi.Input; } } export namespace ivs { export interface RecordingConfigurationDestinationConfiguration { /** * S3 destination configuration where recorded videos will be stored. */ s3: pulumi.Input; } export interface RecordingConfigurationDestinationConfigurationS3 { /** * S3 bucket name where recorded videos will be stored. * * The following arguments are optional: */ bucketName: pulumi.Input; } export interface RecordingConfigurationThumbnailConfiguration { /** * Thumbnail recording mode. Valid values: `DISABLED`, `INTERVAL`. */ recordingMode?: pulumi.Input; /** * The targeted thumbnail-generation interval in seconds. */ targetIntervalSeconds?: pulumi.Input; } } export namespace ivschat { export interface LoggingConfigurationDestinationConfiguration { /** * An Amazon CloudWatch Logs destination configuration where chat activity will be logged. */ cloudwatchLogs?: pulumi.Input; /** * An Amazon Kinesis Data Firehose destination configuration where chat activity will be logged. */ firehose?: pulumi.Input; /** * An Amazon S3 destination configuration where chat activity will be logged. */ s3?: pulumi.Input; } export interface LoggingConfigurationDestinationConfigurationCloudwatchLogs { /** * Name of the Amazon Cloudwatch Logs destination where chat activity will be logged. */ logGroupName: pulumi.Input; } export interface LoggingConfigurationDestinationConfigurationFirehose { /** * Name of the Amazon Kinesis Firehose delivery stream where chat activity will be logged. */ deliveryStreamName: pulumi.Input; } export interface LoggingConfigurationDestinationConfigurationS3 { /** * Name of the Amazon S3 bucket where chat activity will be logged. * * The following arguments are optional: */ bucketName: pulumi.Input; } export interface RoomMessageReviewHandler { /** * The fallback behavior (whether the message * is allowed or denied) if the handler does not return a valid response, * encounters an error, or times out. Valid values: `ALLOW`, `DENY`. */ fallbackResult?: pulumi.Input; /** * ARN of the lambda message review handler function. */ uri?: pulumi.Input; } } export namespace kendra { export interface DataSourceConfiguration { /** * A block that provides the configuration information to connect to an Amazon S3 bucket as your data source. Detailed below. * * @deprecated s3_configuration is deprecated. Use templateConfiguration instead. */ s3Configuration?: pulumi.Input; /** * A block that provides the configuration information required for Amazon Kendra Web Crawler. Detailed below. */ templateConfiguration?: pulumi.Input; /** * A block that provides the configuration information required for Amazon Kendra Web Crawler. Detailed below. * * @deprecated web_crawler_configuration is deprecated. Use templateConfiguration instead. */ webCrawlerConfiguration?: pulumi.Input; } export interface DataSourceConfigurationS3Configuration { /** * A block that provides the path to the S3 bucket that contains the user context filtering files for the data source. For the format of the file, see [Access control for S3 data sources](https://docs.aws.amazon.com/kendra/latest/dg/s3-acl.html). Detailed below. */ accessControlListConfiguration?: pulumi.Input; /** * The name of the bucket that contains the documents. */ bucketName: pulumi.Input; /** * A block that defines the Document metadata files that contain information such as the document access control information, source URI, document author, and custom attributes. Each metadata file contains metadata about a single document. Detailed below. */ documentsMetadataConfiguration?: pulumi.Input; /** * A list of glob patterns for documents that should not be indexed. If a document that matches an inclusion prefix or inclusion pattern also matches an exclusion pattern, the document is not indexed. Refer to [Exclusion Patterns for more examples](https://docs.aws.amazon.com/kendra/latest/dg/API_S3DataSourceConfiguration.html#Kendra-Type-S3DataSourceConfiguration-ExclusionPatterns). */ exclusionPatterns?: pulumi.Input[]>; /** * A list of glob patterns for documents that should be indexed. If a document that matches an inclusion pattern also matches an exclusion pattern, the document is not indexed. Refer to [Inclusion Patterns for more examples](https://docs.aws.amazon.com/kendra/latest/dg/API_S3DataSourceConfiguration.html#Kendra-Type-S3DataSourceConfiguration-InclusionPatterns). */ inclusionPatterns?: pulumi.Input[]>; /** * A list of S3 prefixes for the documents that should be included in the index. */ inclusionPrefixes?: pulumi.Input[]>; } export interface DataSourceConfigurationS3ConfigurationAccessControlListConfiguration { /** * Path to the AWS S3 bucket that contains the ACL files. */ keyPath?: pulumi.Input; } export interface DataSourceConfigurationS3ConfigurationDocumentsMetadataConfiguration { /** * A prefix used to filter metadata configuration files in the AWS S3 bucket. The S3 bucket might contain multiple metadata files. Use `s3Prefix` to include only the desired metadata files. */ s3Prefix?: pulumi.Input; } export interface DataSourceConfigurationTemplateConfiguration { /** * JSON string containing a [data source template schema](https://docs.aws.amazon.com/kendra/latest/dg/ds-schemas.html). */ template: pulumi.Input; } export interface DataSourceConfigurationWebCrawlerConfiguration { /** * A block with the configuration information required to connect to websites using authentication. You can connect to websites using basic authentication of user name and password. You use a secret in AWS Secrets Manager to store your authentication credentials. You must provide the website host name and port number. For example, the host name of `https://a.example.com/page1.html` is `"a.example.com"` and the port is `443`, the standard port for HTTPS. Detailed below. */ authenticationConfiguration?: pulumi.Input; /** * Specifies the number of levels in a website that you want to crawl. The first level begins from the website seed or starting point URL. For example, if a website has 3 levels - index level (i.e. seed in this example), sections level, and subsections level - and you are only interested in crawling information up to the sections level (i.e. levels 0-1), you can set your depth to 1. The default crawl depth is set to `2`. Minimum value of `0`. Maximum value of `10`. */ crawlDepth?: pulumi.Input; /** * The maximum size (in MB) of a webpage or attachment to crawl. Files larger than this size (in MB) are skipped/not crawled. The default maximum size of a webpage or attachment is set to `50` MB. Minimum value of `1.0e-06`. Maximum value of `50`. */ maxContentSizePerPageInMegaBytes?: pulumi.Input; /** * The maximum number of URLs on a webpage to include when crawling a website. This number is per webpage. As a website’s webpages are crawled, any URLs the webpages link to are also crawled. URLs on a webpage are crawled in order of appearance. The default maximum links per page is `100`. Minimum value of `1`. Maximum value of `1000`. */ maxLinksPerPage?: pulumi.Input; /** * The maximum number of URLs crawled per website host per minute. The default maximum number of URLs crawled per website host per minute is `300`. Minimum value of `1`. Maximum value of `300`. */ maxUrlsPerMinuteCrawlRate?: pulumi.Input; /** * Configuration information required to connect to your internal websites via a web proxy. You must provide the website host name and port number. For example, the host name of `https://a.example.com/page1.html` is `"a.example.com"` and the port is `443`, the standard port for HTTPS. Web proxy credentials are optional and you can use them to connect to a web proxy server that requires basic authentication. To store web proxy credentials, you use a secret in [AWS Secrets Manager](https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html). Detailed below. */ proxyConfiguration?: pulumi.Input; /** * A list of regular expression patterns to exclude certain URLs to crawl. URLs that match the patterns are excluded from the index. URLs that don't match the patterns are included in the index. If a URL matches both an inclusion and exclusion pattern, the exclusion pattern takes precedence and the URL file isn't included in the index. Array Members: Minimum number of `0` items. Maximum number of `100` items. Length Constraints: Minimum length of `1`. Maximum length of `150`. */ urlExclusionPatterns?: pulumi.Input[]>; /** * A list of regular expression patterns to include certain URLs to crawl. URLs that match the patterns are included in the index. URLs that don't match the patterns are excluded from the index. If a URL matches both an inclusion and exclusion pattern, the exclusion pattern takes precedence and the URL file isn't included in the index. Array Members: Minimum number of `0` items. Maximum number of `100` items. Length Constraints: Minimum length of `1`. Maximum length of `150`. */ urlInclusionPatterns?: pulumi.Input[]>; /** * A block that specifies the seed or starting point URLs of the websites or the sitemap URLs of the websites you want to crawl. You can include website subdomains. You can list up to `100` seed URLs and up to `3` sitemap URLs. You can only crawl websites that use the secure communication protocol, Hypertext Transfer Protocol Secure (HTTPS). If you receive an error when crawling a website, it could be that the website is blocked from crawling. When selecting websites to index, you must adhere to the [Amazon Acceptable Use Policy](https://aws.amazon.com/aup/) and all other Amazon terms. Remember that you must only use Amazon Kendra Web Crawler to index your own webpages, or webpages that you have authorization to index. Detailed below. */ urls: pulumi.Input; } export interface DataSourceConfigurationWebCrawlerConfigurationAuthenticationConfiguration { /** * The list of configuration information that's required to connect to and crawl a website host using basic authentication credentials. The list includes the name and port number of the website host. Detailed below. */ basicAuthentications?: pulumi.Input[]>; } export interface DataSourceConfigurationWebCrawlerConfigurationAuthenticationConfigurationBasicAuthentication { /** * Your secret ARN, which you can create in AWS Secrets Manager. You use a secret if basic authentication credentials are required to connect to a website. The secret stores your credentials of user name and password. */ credentials: pulumi.Input; /** * The name of the website host you want to connect to using authentication credentials. For example, the host name of `https://a.example.com/page1.html` is `"a.example.com"`. */ host: pulumi.Input; /** * The port number of the website host you want to connect to using authentication credentials. For example, the port for `https://a.example.com/page1.html` is `443`, the standard port for HTTPS. */ port: pulumi.Input; } export interface DataSourceConfigurationWebCrawlerConfigurationProxyConfiguration { /** * Your secret ARN, which you can create in AWS Secrets Manager. The credentials are optional. You use a secret if web proxy credentials are required to connect to a website host. Amazon Kendra currently support basic authentication to connect to a web proxy server. The secret stores your credentials. */ credentials?: pulumi.Input; /** * The name of the website host you want to connect to via a web proxy server. For example, the host name of `https://a.example.com/page1.html` is `"a.example.com"`. */ host: pulumi.Input; /** * The port number of the website host you want to connect to via a web proxy server. For example, the port for `https://a.example.com/page1.html` is `443`, the standard port for HTTPS. */ port: pulumi.Input; } export interface DataSourceConfigurationWebCrawlerConfigurationUrls { /** * A block that specifies the configuration of the seed or starting point URLs of the websites you want to crawl. You can choose to crawl only the website host names, or the website host names with subdomains, or the website host names with subdomains and other domains that the webpages link to. You can list up to `100` seed URLs. Detailed below. */ seedUrlConfiguration?: pulumi.Input; /** * A block that specifies the configuration of the sitemap URLs of the websites you want to crawl. Only URLs belonging to the same website host names are crawled. You can list up to `3` sitemap URLs. Detailed below. */ siteMapsConfiguration?: pulumi.Input; } export interface DataSourceConfigurationWebCrawlerConfigurationUrlsSeedUrlConfiguration { /** * The list of seed or starting point URLs of the websites you want to crawl. The list can include a maximum of `100` seed URLs. Array Members: Minimum number of `0` items. Maximum number of `100` items. Length Constraints: Minimum length of `1`. Maximum length of `2048`. */ seedUrls: pulumi.Input[]>; /** * The default mode is set to `HOST_ONLY`. You can choose one of the following modes: * * `HOST_ONLY` - crawl only the website host names. For example, if the seed URL is `"abc.example.com"`, then only URLs with host name `"abc.example.com"` are crawled. * * `SUBDOMAINS` - crawl the website host names with subdomains. For example, if the seed URL is `"abc.example.com"`, then `"a.abc.example.com"` and `"b.abc.example.com"` are also crawled. * * `EVERYTHING` - crawl the website host names with subdomains and other domains that the webpages link to. */ webCrawlerMode?: pulumi.Input; } export interface DataSourceConfigurationWebCrawlerConfigurationUrlsSiteMapsConfiguration { /** * The list of sitemap URLs of the websites you want to crawl. The list can include a maximum of `3` sitemap URLs. */ siteMaps: pulumi.Input[]>; } export interface DataSourceCustomDocumentEnrichmentConfiguration { /** * Configuration information to alter document attributes or metadata fields and content when ingesting documents into Amazon Kendra. Minimum number of `0` items. Maximum number of `100` items. Detailed below. */ inlineConfigurations?: pulumi.Input[]>; /** * A block that specifies the configuration information for invoking a Lambda function in AWS Lambda on the structured documents with their metadata and text extracted. You can use a Lambda function to apply advanced logic for creating, modifying, or deleting document metadata and content. For more information, see [Advanced data manipulation](https://docs.aws.amazon.com/kendra/latest/dg/custom-document-enrichment.html#advanced-data-manipulation). Detailed below. */ postExtractionHookConfiguration?: pulumi.Input; /** * Configuration information for invoking a Lambda function in AWS Lambda on the original or raw documents before extracting their metadata and text. You can use a Lambda function to apply advanced logic for creating, modifying, or deleting document metadata and content. For more information, see [Advanced data manipulation](https://docs.aws.amazon.com/kendra/latest/dg/custom-document-enrichment.html#advanced-data-manipulation). Detailed below. */ preExtractionHookConfiguration?: pulumi.Input; /** * The Amazon Resource Name (ARN) of a role with permission to run `preExtractionHookConfiguration` and `postExtractionHookConfiguration` for altering document metadata and content during the document ingestion process. For more information, see [IAM roles for Amazon Kendra](https://docs.aws.amazon.com/kendra/latest/dg/iam-roles.html). */ roleArn?: pulumi.Input; } export interface DataSourceCustomDocumentEnrichmentConfigurationInlineConfiguration { /** * Configuration of the condition used for the target document attribute or metadata field when ingesting documents into Amazon Kendra. See condition. */ condition?: pulumi.Input; /** * `TRUE` to delete content if the condition used for the target attribute is met. */ documentContentDeletion?: pulumi.Input; /** * Configuration of the target document attribute or metadata field when ingesting documents into Amazon Kendra. You can also include a value. Detailed below. */ target?: pulumi.Input; } export interface DataSourceCustomDocumentEnrichmentConfigurationInlineConfigurationCondition { /** * The identifier of the document attribute used for the condition. For example, `_source_uri` could be an identifier for the attribute or metadata field that contains source URIs associated with the documents. Amazon Kendra currently does not support `_document_body` as an attribute key used for the condition. */ conditionDocumentAttributeKey: pulumi.Input; /** * The value used by the operator. For example, you can specify the value 'financial' for strings in the `_source_uri` field that partially match or contain this value. See condition_on_value. */ conditionOnValue?: pulumi.Input; /** * The condition operator. For example, you can use `Contains` to partially match a string. Valid Values: `GreaterThan` | `GreaterThanOrEquals` | `LessThan` | `LessThanOrEquals` | `Equals` | `NotEquals` | `Contains` | `NotContains` | `Exists` | `NotExists` | `BeginsWith`. */ operator: pulumi.Input; } export interface DataSourceCustomDocumentEnrichmentConfigurationInlineConfigurationConditionConditionOnValue { /** * A date expressed as an ISO 8601 string. It is important for the time zone to be included in the ISO 8601 date-time format. As of this writing only UTC is supported. For example, `2012-03-25T12:30:10+00:00`. */ dateValue?: pulumi.Input; /** * A long integer value. */ longValue?: pulumi.Input; /** * A list of strings. */ stringListValues?: pulumi.Input[]>; stringValue?: pulumi.Input; } export interface DataSourceCustomDocumentEnrichmentConfigurationInlineConfigurationTarget { /** * The identifier of the target document attribute or metadata field. For example, 'Department' could be an identifier for the target attribute or metadata field that includes the department names associated with the documents. */ targetDocumentAttributeKey?: pulumi.Input; /** * The target value you want to create for the target attribute. For example, 'Finance' could be the target value for the target attribute key 'Department'. See target_document_attribute_value. */ targetDocumentAttributeValue?: pulumi.Input; /** * `TRUE` to delete the existing target value for your specified target attribute key. You cannot create a target value and set this to `TRUE`. To create a target value (`TargetDocumentAttributeValue`), set this to `FALSE`. */ targetDocumentAttributeValueDeletion?: pulumi.Input; } export interface DataSourceCustomDocumentEnrichmentConfigurationInlineConfigurationTargetTargetDocumentAttributeValue { /** * A date expressed as an ISO 8601 string. It is important for the time zone to be included in the ISO 8601 date-time format. As of this writing only UTC is supported. For example, `2012-03-25T12:30:10+00:00`. */ dateValue?: pulumi.Input; /** * A long integer value. */ longValue?: pulumi.Input; /** * A list of strings. */ stringListValues?: pulumi.Input[]>; stringValue?: pulumi.Input; } export interface DataSourceCustomDocumentEnrichmentConfigurationPostExtractionHookConfiguration { /** * A block that specifies the condition used for when a Lambda function should be invoked. For example, you can specify a condition that if there are empty date-time values, then Amazon Kendra should invoke a function that inserts the current date-time. See invocation_condition. */ invocationCondition?: pulumi.Input; /** * The Amazon Resource Name (ARN) of a Lambda Function that can manipulate your document metadata fields or attributes and content. */ lambdaArn: pulumi.Input; /** * Stores the original, raw documents or the structured, parsed documents before and after altering them. For more information, see [Data contracts for Lambda functions](https://docs.aws.amazon.com/kendra/latest/dg/custom-document-enrichment.html#cde-data-contracts-lambda). */ s3Bucket: pulumi.Input; } export interface DataSourceCustomDocumentEnrichmentConfigurationPostExtractionHookConfigurationInvocationCondition { /** * The identifier of the document attribute used for the condition. For example, `_source_uri` could be an identifier for the attribute or metadata field that contains source URIs associated with the documents. Amazon Kendra currently does not support `_document_body` as an attribute key used for the condition. */ conditionDocumentAttributeKey: pulumi.Input; /** * The value used by the operator. For example, you can specify the value 'financial' for strings in the `_source_uri` field that partially match or contain this value. See condition_on_value. */ conditionOnValue?: pulumi.Input; /** * The condition operator. For example, you can use `Contains` to partially match a string. Valid Values: `GreaterThan` | `GreaterThanOrEquals` | `LessThan` | `LessThanOrEquals` | `Equals` | `NotEquals` | `Contains` | `NotContains` | `Exists` | `NotExists` | `BeginsWith`. */ operator: pulumi.Input; } export interface DataSourceCustomDocumentEnrichmentConfigurationPostExtractionHookConfigurationInvocationConditionConditionOnValue { /** * A date expressed as an ISO 8601 string. It is important for the time zone to be included in the ISO 8601 date-time format. As of this writing only UTC is supported. For example, `2012-03-25T12:30:10+00:00`. */ dateValue?: pulumi.Input; /** * A long integer value. */ longValue?: pulumi.Input; /** * A list of strings. */ stringListValues?: pulumi.Input[]>; stringValue?: pulumi.Input; } export interface DataSourceCustomDocumentEnrichmentConfigurationPreExtractionHookConfiguration { /** * A block that specifies the condition used for when a Lambda function should be invoked. For example, you can specify a condition that if there are empty date-time values, then Amazon Kendra should invoke a function that inserts the current date-time. See invocation_condition. */ invocationCondition?: pulumi.Input; /** * The Amazon Resource Name (ARN) of a Lambda Function that can manipulate your document metadata fields or attributes and content. */ lambdaArn: pulumi.Input; /** * Stores the original, raw documents or the structured, parsed documents before and after altering them. For more information, see [Data contracts for Lambda functions](https://docs.aws.amazon.com/kendra/latest/dg/custom-document-enrichment.html#cde-data-contracts-lambda). */ s3Bucket: pulumi.Input; } export interface DataSourceCustomDocumentEnrichmentConfigurationPreExtractionHookConfigurationInvocationCondition { /** * The identifier of the document attribute used for the condition. For example, `_source_uri` could be an identifier for the attribute or metadata field that contains source URIs associated with the documents. Amazon Kendra currently does not support `_document_body` as an attribute key used for the condition. */ conditionDocumentAttributeKey: pulumi.Input; /** * The value used by the operator. For example, you can specify the value 'financial' for strings in the `_source_uri` field that partially match or contain this value. See condition_on_value. */ conditionOnValue?: pulumi.Input; /** * The condition operator. For example, you can use `Contains` to partially match a string. Valid Values: `GreaterThan` | `GreaterThanOrEquals` | `LessThan` | `LessThanOrEquals` | `Equals` | `NotEquals` | `Contains` | `NotContains` | `Exists` | `NotExists` | `BeginsWith`. */ operator: pulumi.Input; } export interface DataSourceCustomDocumentEnrichmentConfigurationPreExtractionHookConfigurationInvocationConditionConditionOnValue { /** * A date expressed as an ISO 8601 string. It is important for the time zone to be included in the ISO 8601 date-time format. As of this writing only UTC is supported. For example, `2012-03-25T12:30:10+00:00`. */ dateValue?: pulumi.Input; /** * A long integer value. */ longValue?: pulumi.Input; /** * A list of strings. */ stringListValues?: pulumi.Input[]>; stringValue?: pulumi.Input; } export interface ExperienceConfiguration { /** * The identifiers of your data sources and FAQs. Or, you can specify that you want to use documents indexed via the `BatchPutDocument API`. The provider will only perform drift detection of its value when present in a configuration. Detailed below. */ contentSourceConfiguration?: pulumi.Input; /** * The AWS SSO field name that contains the identifiers of your users, such as their emails. Detailed below. */ userIdentityConfiguration?: pulumi.Input; } export interface ExperienceConfigurationContentSourceConfiguration { /** * The identifiers of the data sources you want to use for your Amazon Kendra experience. Maximum number of 100 items. */ dataSourceIds?: pulumi.Input[]>; /** * Whether to use documents you indexed directly using the `BatchPutDocument API`. Defaults to `false`. */ directPutContent?: pulumi.Input; /** * The identifier of the FAQs that you want to use for your Amazon Kendra experience. Maximum number of 100 items. */ faqIds?: pulumi.Input[]>; } export interface ExperienceConfigurationUserIdentityConfiguration { /** * The AWS SSO field name that contains the identifiers of your users, such as their emails. */ identityAttributeName: pulumi.Input; } export interface ExperienceEndpoint { /** * The endpoint of your Amazon Kendra experience. */ endpoint?: pulumi.Input; /** * The type of endpoint for your Amazon Kendra experience. */ endpointType?: pulumi.Input; } export interface FaqS3Path { /** * The name of the S3 bucket that contains the file. */ bucket: pulumi.Input; /** * The name of the file. * * The following arguments are optional: */ key: pulumi.Input; } export interface IndexCapacityUnits { /** * The amount of extra query capacity for an index and GetQuerySuggestions capacity. For more information, refer to [QueryCapacityUnits](https://docs.aws.amazon.com/kendra/latest/dg/API_CapacityUnitsConfiguration.html#Kendra-Type-CapacityUnitsConfiguration-QueryCapacityUnits). */ queryCapacityUnits?: pulumi.Input; /** * The amount of extra storage capacity for an index. A single capacity unit provides 30 GB of storage space or 100,000 documents, whichever is reached first. Minimum value of 0. */ storageCapacityUnits?: pulumi.Input; } export interface IndexDocumentMetadataConfigurationUpdate { /** * The name of the index field. Minimum length of 1. Maximum length of 30. */ name: pulumi.Input; /** * A block that provides manual tuning parameters to determine how the field affects the search results. Detailed below */ relevance?: pulumi.Input; /** * A block that provides information about how the field is used during a search. Documented below. Detailed below */ search?: pulumi.Input; /** * The data type of the index field. Valid values are `STRING_VALUE`, `STRING_LIST_VALUE`, `LONG_VALUE`, `DATE_VALUE`. */ type: pulumi.Input; } export interface IndexDocumentMetadataConfigurationUpdateRelevance { /** * Specifies the time period that the boost applies to. For more information, refer to [Duration](https://docs.aws.amazon.com/kendra/latest/dg/API_Relevance.html#Kendra-Type-Relevance-Duration). */ duration?: pulumi.Input; /** * Indicates that this field determines how "fresh" a document is. For more information, refer to [Freshness](https://docs.aws.amazon.com/kendra/latest/dg/API_Relevance.html#Kendra-Type-Relevance-Freshness). */ freshness?: pulumi.Input; /** * The relative importance of the field in the search. Larger numbers provide more of a boost than smaller numbers. Minimum value of 1. Maximum value of 10. */ importance?: pulumi.Input; /** * Determines how values should be interpreted. For more information, refer to [RankOrder](https://docs.aws.amazon.com/kendra/latest/dg/API_Relevance.html#Kendra-Type-Relevance-RankOrder). */ rankOrder?: pulumi.Input; /** * A list of values that should be given a different boost when they appear in the result list. For more information, refer to [ValueImportanceMap](https://docs.aws.amazon.com/kendra/latest/dg/API_Relevance.html#Kendra-Type-Relevance-ValueImportanceMap). */ valuesImportanceMap?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface IndexDocumentMetadataConfigurationUpdateSearch { /** * Determines whether the field is returned in the query response. The default is `true`. */ displayable?: pulumi.Input; /** * Indicates that the field can be used to create search facets, a count of results for each value in the field. The default is `false`. */ facetable?: pulumi.Input; /** * Determines whether the field is used in the search. If the Searchable field is true, you can use relevance tuning to manually tune how Amazon Kendra weights the field in the search. The default is `true` for `string` fields and `false` for `number` and `date` fields. */ searchable?: pulumi.Input; /** * Determines whether the field can be used to sort the results of a query. If you specify sorting on a field that does not have Sortable set to true, Amazon Kendra returns an exception. The default is `false`. */ sortable?: pulumi.Input; } export interface IndexIndexStatistic { /** * A block that specifies the number of question and answer topics in the index. Detailed below. */ faqStatistics?: pulumi.Input[]>; /** * A block that specifies the number of text documents indexed. Detailed below. */ textDocumentStatistics?: pulumi.Input[]>; } export interface IndexIndexStatisticFaqStatistic { /** * The total number of FAQ questions and answers contained in the index. */ indexedQuestionAnswersCount?: pulumi.Input; } export interface IndexIndexStatisticTextDocumentStatistic { /** * The total size, in bytes, of the indexed documents. */ indexedTextBytes?: pulumi.Input; /** * The number of text documents indexed. */ indexedTextDocumentsCount?: pulumi.Input; } export interface IndexServerSideEncryptionConfiguration { /** * The identifier of the AWS KMScustomer master key (CMK). Amazon Kendra doesn't support asymmetric CMKs. */ kmsKeyId?: pulumi.Input; } export interface IndexUserGroupResolutionConfiguration { /** * The identity store provider (mode) you want to use to fetch access levels of groups and users. AWS Single Sign-On is currently the only available mode. Your users and groups must exist in an AWS SSO identity source in order to use this mode. Valid Values are `AWS_SSO` or `NONE`. */ userGroupResolutionMode: pulumi.Input; } export interface IndexUserTokenConfigurations { /** * A block that specifies the information about the JSON token type configuration. Detailed below. */ jsonTokenTypeConfiguration?: pulumi.Input; /** * A block that specifies the information about the JWT token type configuration. Detailed below. */ jwtTokenTypeConfiguration?: pulumi.Input; } export interface IndexUserTokenConfigurationsJsonTokenTypeConfiguration { /** * The group attribute field. Minimum length of 1. Maximum length of 2048. */ groupAttributeField: pulumi.Input; /** * The user name attribute field. Minimum length of 1. Maximum length of 2048. */ userNameAttributeField: pulumi.Input; } export interface IndexUserTokenConfigurationsJwtTokenTypeConfiguration { /** * The regular expression that identifies the claim. Minimum length of 1. Maximum length of 100. */ claimRegex?: pulumi.Input; /** * The group attribute field. Minimum length of 1. Maximum length of 100. */ groupAttributeField?: pulumi.Input; /** * The issuer of the token. Minimum length of 1. Maximum length of 65. */ issuer?: pulumi.Input; /** * The location of the key. Valid values are `URL` or `SECRET_MANAGER` */ keyLocation: pulumi.Input; /** * The Amazon Resource Name (ARN) of the secret. */ secretsManagerArn?: pulumi.Input; /** * The signing key URL. Valid pattern is `^(https?|ftp|file):\/\/([^\s]*)` */ url?: pulumi.Input; /** * The user name attribute field. Minimum length of 1. Maximum length of 100. */ userNameAttributeField?: pulumi.Input; } export interface QuerySuggestionsBlockListSourceS3Path { /** * Name of the S3 bucket that contains the file. */ bucket: pulumi.Input; /** * Name of the file. * * The following arguments are optional: */ key: pulumi.Input; } export interface ThesaurusSourceS3Path { /** * The name of the S3 bucket that contains the file. */ bucket: pulumi.Input; /** * The name of the file. * * The following arguments are optional: */ key: pulumi.Input; } } export namespace keyspaces { export interface KeyspaceReplicationSpecification { /** * Replication regions. If `replicationStrategy` is `MULTI_REGION`, `regionList` requires the current Region and at least one additional AWS Region where the keyspace is going to be replicated in. */ regionLists?: pulumi.Input[]>; /** * Replication strategy. Valid values: `SINGLE_REGION` and `MULTI_REGION`. */ replicationStrategy?: pulumi.Input; } export interface TableCapacitySpecification { /** * The throughput capacity specified for read operations defined in read capacity units (RCUs). */ readCapacityUnits?: pulumi.Input; /** * The read/write throughput capacity mode for a table. Valid values: `PAY_PER_REQUEST`, `PROVISIONED`. The default value is `PAY_PER_REQUEST`. */ throughputMode?: pulumi.Input; /** * The throughput capacity specified for write operations defined in write capacity units (WCUs). */ writeCapacityUnits?: pulumi.Input; } export interface TableClientSideTimestamps { /** * Shows how to enable client-side timestamps settings for the specified table. Valid values: `ENABLED`. */ status: pulumi.Input; } export interface TableComment { /** * A description of the table. */ message?: pulumi.Input; } export interface TableEncryptionSpecification { /** * The Amazon Resource Name (ARN) of the customer managed KMS key. */ kmsKeyIdentifier?: pulumi.Input; /** * The encryption option specified for the table. Valid values: `AWS_OWNED_KMS_KEY`, `CUSTOMER_MANAGED_KMS_KEY`. The default value is `AWS_OWNED_KMS_KEY`. */ type?: pulumi.Input; } export interface TablePointInTimeRecovery { /** * Valid values: `ENABLED`, `DISABLED`. The default value is `DISABLED`. */ status?: pulumi.Input; } export interface TableSchemaDefinition { /** * The columns that are part of the clustering key of the table. */ clusteringKeys?: pulumi.Input[]>; /** * The regular columns of the table. */ columns: pulumi.Input[]>; /** * The columns that are part of the partition key of the table . */ partitionKeys: pulumi.Input[]>; /** * The columns that have been defined as `STATIC`. Static columns store values that are shared by all rows in the same partition. */ staticColumns?: pulumi.Input[]>; } export interface TableSchemaDefinitionClusteringKey { /** * The name of the clustering key column. */ name: pulumi.Input; /** * The order modifier. Valid values: `ASC`, `DESC`. */ orderBy: pulumi.Input; } export interface TableSchemaDefinitionColumn { /** * The name of the column. */ name: pulumi.Input; /** * The data type of the column. See the [Developer Guide](https://docs.aws.amazon.com/keyspaces/latest/devguide/cql.elements.html#cql.data-types) for a list of available data types. */ type: pulumi.Input; } export interface TableSchemaDefinitionPartitionKey { /** * The name of the partition key column. */ name: pulumi.Input; } export interface TableSchemaDefinitionStaticColumn { /** * The name of the static column. */ name: pulumi.Input; } export interface TableTtl { /** * Valid values: `ENABLED`. */ status: pulumi.Input; } } export namespace kinesis { export interface AnalyticsApplicationCloudwatchLoggingOptions { /** * The ARN of the Kinesis Analytics Application. */ id?: pulumi.Input; /** * The ARN of the CloudWatch Log Stream. */ logStreamArn: pulumi.Input; /** * The ARN of the IAM Role used to send application messages. */ roleArn: pulumi.Input; } export interface AnalyticsApplicationInputs { /** * The ARN of the Kinesis Analytics Application. */ id?: pulumi.Input; /** * The Kinesis Firehose configuration for the streaming source. Conflicts with `kinesisStream`. * See Kinesis Firehose below for more details. */ kinesisFirehose?: pulumi.Input; /** * The Kinesis Stream configuration for the streaming source. Conflicts with `kinesisFirehose`. * See Kinesis Stream below for more details. */ kinesisStream?: pulumi.Input; /** * The Name Prefix to use when creating an in-application stream. */ namePrefix: pulumi.Input; /** * The number of Parallel in-application streams to create. * See Parallelism below for more details. */ parallelism?: pulumi.Input; /** * The Processing Configuration to transform records as they are received from the stream. * See Processing Configuration below for more details. */ processingConfiguration?: pulumi.Input; /** * The Schema format of the data in the streaming source. See Source Schema below for more details. */ schema: pulumi.Input; /** * The point at which the application starts processing records from the streaming source. * See Starting Position Configuration below for more details. */ startingPositionConfigurations?: pulumi.Input[]>; streamNames?: pulumi.Input[]>; } export interface AnalyticsApplicationInputsKinesisFirehose { /** * The ARN of the Kinesis Firehose delivery stream. */ resourceArn: pulumi.Input; /** * The ARN of the IAM Role used to access the stream. */ roleArn: pulumi.Input; } export interface AnalyticsApplicationInputsKinesisStream { /** * The ARN of the Kinesis Stream. */ resourceArn: pulumi.Input; /** * The ARN of the IAM Role used to access the stream. */ roleArn: pulumi.Input; } export interface AnalyticsApplicationInputsParallelism { /** * The Count of streams. */ count?: pulumi.Input; } export interface AnalyticsApplicationInputsProcessingConfiguration { /** * The Lambda function configuration. See Lambda below for more details. */ lambda: pulumi.Input; } export interface AnalyticsApplicationInputsProcessingConfigurationLambda { /** * The ARN of the Lambda function. */ resourceArn: pulumi.Input; /** * The ARN of the IAM Role used to access the Lambda function. */ roleArn: pulumi.Input; } export interface AnalyticsApplicationInputsSchema { /** * The Record Column mapping for the streaming source data element. * See Record Columns below for more details. */ recordColumns: pulumi.Input[]>; /** * The Encoding of the record in the streaming source. */ recordEncoding?: pulumi.Input; /** * The Record Format and mapping information to schematize a record. * See Record Format below for more details. */ recordFormat: pulumi.Input; } export interface AnalyticsApplicationInputsSchemaRecordColumn { /** * The Mapping reference to the data element. */ mapping?: pulumi.Input; /** * Name of the column. */ name: pulumi.Input; /** * The SQL Type of the column. */ sqlType: pulumi.Input; } export interface AnalyticsApplicationInputsSchemaRecordFormat { /** * The Mapping Information for the record format. * See Mapping Parameters below for more details. */ mappingParameters?: pulumi.Input; /** * The type of Record Format. Can be `CSV` or `JSON`. */ recordFormatType?: pulumi.Input; } export interface AnalyticsApplicationInputsSchemaRecordFormatMappingParameters { /** * Mapping information when the record format uses delimiters. * See CSV Mapping Parameters below for more details. */ csv?: pulumi.Input; /** * Mapping information when JSON is the record format on the streaming source. * See JSON Mapping Parameters below for more details. */ json?: pulumi.Input; } export interface AnalyticsApplicationInputsSchemaRecordFormatMappingParametersCsv { /** * The Column Delimiter. */ recordColumnDelimiter: pulumi.Input; /** * The Row Delimiter. */ recordRowDelimiter: pulumi.Input; } export interface AnalyticsApplicationInputsSchemaRecordFormatMappingParametersJson { /** * Path to the top-level parent that contains the records. */ recordRowPath: pulumi.Input; } export interface AnalyticsApplicationInputsStartingPositionConfiguration { /** * The starting position on the stream. Valid values: `LAST_STOPPED_POINT`, `NOW`, `TRIM_HORIZON`. */ startingPosition?: pulumi.Input; } export interface AnalyticsApplicationOutput { /** * The ARN of the Kinesis Analytics Application. */ id?: pulumi.Input; /** * The Kinesis Firehose configuration for the destination stream. Conflicts with `kinesisStream`. * See Kinesis Firehose below for more details. */ kinesisFirehose?: pulumi.Input; /** * The Kinesis Stream configuration for the destination stream. Conflicts with `kinesisFirehose`. * See Kinesis Stream below for more details. */ kinesisStream?: pulumi.Input; /** * The Lambda function destination. See Lambda below for more details. */ lambda?: pulumi.Input; /** * The Name of the in-application stream. */ name: pulumi.Input; /** * The Schema format of the data written to the destination. See Destination Schema below for more details. */ schema: pulumi.Input; } export interface AnalyticsApplicationOutputKinesisFirehose { /** * The ARN of the Kinesis Firehose delivery stream. */ resourceArn: pulumi.Input; /** * The ARN of the IAM Role used to access the stream. */ roleArn: pulumi.Input; } export interface AnalyticsApplicationOutputKinesisStream { /** * The ARN of the Kinesis Stream. */ resourceArn: pulumi.Input; /** * The ARN of the IAM Role used to access the stream. */ roleArn: pulumi.Input; } export interface AnalyticsApplicationOutputLambda { /** * The ARN of the Lambda function. */ resourceArn: pulumi.Input; /** * The ARN of the IAM Role used to access the Lambda function. */ roleArn: pulumi.Input; } export interface AnalyticsApplicationOutputSchema { /** * The Format Type of the records on the output stream. Can be `CSV` or `JSON`. */ recordFormatType: pulumi.Input; } export interface AnalyticsApplicationReferenceDataSources { /** * The ARN of the Kinesis Analytics Application. */ id?: pulumi.Input; /** * The S3 configuration for the reference data source. See S3 Reference below for more details. */ s3: pulumi.Input; /** * The Schema format of the data in the streaming source. See Source Schema below for more details. */ schema: pulumi.Input; /** * The in-application Table Name. */ tableName: pulumi.Input; } export interface AnalyticsApplicationReferenceDataSourcesS3 { /** * The S3 Bucket ARN. */ bucketArn: pulumi.Input; /** * The File Key name containing reference data. */ fileKey: pulumi.Input; /** * The IAM Role ARN to read the data. */ roleArn: pulumi.Input; } export interface AnalyticsApplicationReferenceDataSourcesSchema { /** * The Record Column mapping for the streaming source data element. * See Record Columns below for more details. */ recordColumns: pulumi.Input[]>; /** * The Encoding of the record in the streaming source. */ recordEncoding?: pulumi.Input; /** * The Record Format and mapping information to schematize a record. * See Record Format below for more details. */ recordFormat: pulumi.Input; } export interface AnalyticsApplicationReferenceDataSourcesSchemaRecordColumn { /** * The Mapping reference to the data element. */ mapping?: pulumi.Input; /** * Name of the column. */ name: pulumi.Input; /** * The SQL Type of the column. */ sqlType: pulumi.Input; } export interface AnalyticsApplicationReferenceDataSourcesSchemaRecordFormat { /** * The Mapping Information for the record format. * See Mapping Parameters below for more details. */ mappingParameters?: pulumi.Input; /** * The type of Record Format. Can be `CSV` or `JSON`. */ recordFormatType?: pulumi.Input; } export interface AnalyticsApplicationReferenceDataSourcesSchemaRecordFormatMappingParameters { /** * Mapping information when the record format uses delimiters. * See CSV Mapping Parameters below for more details. */ csv?: pulumi.Input; /** * Mapping information when JSON is the record format on the streaming source. * See JSON Mapping Parameters below for more details. */ json?: pulumi.Input; } export interface AnalyticsApplicationReferenceDataSourcesSchemaRecordFormatMappingParametersCsv { /** * The Column Delimiter. */ recordColumnDelimiter: pulumi.Input; /** * The Row Delimiter. */ recordRowDelimiter: pulumi.Input; } export interface AnalyticsApplicationReferenceDataSourcesSchemaRecordFormatMappingParametersJson { /** * Path to the top-level parent that contains the records. */ recordRowPath: pulumi.Input; } export interface FirehoseDeliveryStreamElasticsearchConfiguration { /** * Buffer incoming data for the specified period of time, in seconds between 0 to 900, before delivering it to the destination. The default value is 300s. */ bufferingInterval?: pulumi.Input; /** * Buffer incoming data to the specified size, in MBs between 1 to 100, before delivering it to the destination. The default value is 5MB. */ bufferingSize?: pulumi.Input; /** * The CloudWatch Logging Options for the delivery stream. See `cloudwatchLoggingOptions` block below for details. */ cloudwatchLoggingOptions?: pulumi.Input; /** * The endpoint to use when communicating with the cluster. Conflicts with `domainArn`. */ clusterEndpoint?: pulumi.Input; /** * The ARN of the Amazon ES domain. The pattern needs to be `arn:.*`. Conflicts with `clusterEndpoint`. */ domainArn?: pulumi.Input; /** * The Elasticsearch index name. */ indexName: pulumi.Input; /** * The Elasticsearch index rotation period. Index rotation appends a timestamp to the IndexName to facilitate expiration of old data. Valid values are `NoRotation`, `OneHour`, `OneDay`, `OneWeek`, and `OneMonth`. The default value is `OneDay`. */ indexRotationPeriod?: pulumi.Input; /** * The data processing configuration. See `processingConfiguration` block below for details. */ processingConfiguration?: pulumi.Input; /** * After an initial failure to deliver to Amazon Elasticsearch, the total amount of time, in seconds between 0 to 7200, during which Firehose re-attempts delivery (including the first attempt). After this time has elapsed, the failed documents are written to Amazon S3. The default value is 300s. There will be no retry if the value is 0. */ retryDuration?: pulumi.Input; /** * The ARN of the IAM role to be assumed by Firehose for calling the Amazon ES Configuration API and for indexing documents. The IAM role must have permission for `DescribeElasticsearchDomain`, `DescribeElasticsearchDomains`, and `DescribeElasticsearchDomainConfig`. The pattern needs to be `arn:.*`. */ roleArn: pulumi.Input; /** * Defines how documents should be delivered to Amazon S3. Valid values are `FailedDocumentsOnly` and `AllDocuments`. Default value is `FailedDocumentsOnly`. */ s3BackupMode?: pulumi.Input; /** * The S3 Configuration. See `s3Configuration` block below for details. */ s3Configuration: pulumi.Input; /** * The Elasticsearch type name with maximum length of 100 characters. */ typeName?: pulumi.Input; /** * The VPC configuration for the delivery stream to connect to Elastic Search associated with the VPC. See `vpcConfig` block below for details. */ vpcConfig?: pulumi.Input; } export interface FirehoseDeliveryStreamElasticsearchConfigurationCloudwatchLoggingOptions { /** * Enables or disables the logging. Defaults to `false`. */ enabled?: pulumi.Input; /** * The CloudWatch group name for logging. This value is required if `enabled` is true. */ logGroupName?: pulumi.Input; /** * The CloudWatch log stream name for logging. This value is required if `enabled` is true. */ logStreamName?: pulumi.Input; } export interface FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfiguration { /** * Enables or disables data processing. */ enabled?: pulumi.Input; /** * Specifies the data processors as multiple blocks. See `processors` block below for details. */ processors?: pulumi.Input[]>; } export interface FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationProcessor { /** * Specifies the processor parameters as multiple blocks. See `parameters` block below for details. */ parameters?: pulumi.Input[]>; /** * The type of processor. Valid Values: `RecordDeAggregation`, `Lambda`, `MetadataExtraction`, `AppendDelimiterToRecord`, `Decompression`, `CloudWatchLogProcessing`. Validation is done against [AWS SDK constants](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/firehose/types#ProcessorType); so values not explicitly listed may also work. */ type: pulumi.Input; } export interface FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationProcessorParameter { /** * Parameter name. Valid Values: `LambdaArn`, `NumberOfRetries`, `MetadataExtractionQuery`, `JsonParsingEngine`, `RoleArn`, `BufferSizeInMBs`, `BufferIntervalInSeconds`, `SubRecordType`, `Delimiter`, `CompressionFormat`, `DataMessageExtraction`. Validation is done against [AWS SDK constants](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/firehose/types#ProcessorParameterName); so values not explicitly listed may also work. */ parameterName: pulumi.Input; /** * Parameter value. Must be between 1 and 512 length (inclusive). When providing a Lambda ARN, you should specify the resource version as well. * * > **NOTE:** Parameters with default values, including `NumberOfRetries`(default: 3), `RoleArn`(default: firehose role ARN), `BufferSizeInMBs`(default: 1), and `BufferIntervalInSeconds`(default: 60), are not stored in Pulumi state. To prevent perpetual differences, it is therefore recommended to only include parameters with non-default values. */ parameterValue: pulumi.Input; } export interface FirehoseDeliveryStreamElasticsearchConfigurationS3Configuration { /** * The ARN of the S3 bucket */ bucketArn: pulumi.Input; /** * Buffer incoming data for the specified period of time, in seconds, before delivering it to the destination. The default value is 300. */ bufferingInterval?: pulumi.Input; /** * Buffer incoming data to the specified size, in MBs, before delivering it to the destination. The default value is 5. * We recommend setting SizeInMBs to a value greater than the amount of data you typically ingest into the delivery stream in 10 seconds. For example, if you typically ingest data at 1 MB/sec set SizeInMBs to be 10 MB or higher. */ bufferingSize?: pulumi.Input; /** * The CloudWatch Logging Options for the delivery stream. See `cloudwatchLoggingOptions` block below for details. */ cloudwatchLoggingOptions?: pulumi.Input; /** * The compression format. If no value is specified, the default is `UNCOMPRESSED`. Other supported values are `GZIP`, `ZIP`, `Snappy`, & `HADOOP_SNAPPY`. */ compressionFormat?: pulumi.Input; /** * Prefix added to failed records before writing them to S3. Not currently supported for `redshift` destination. This prefix appears immediately following the bucket name. For information about how to specify this prefix, see [Custom Prefixes for Amazon S3 Objects](https://docs.aws.amazon.com/firehose/latest/dev/s3-prefixes.html). */ errorOutputPrefix?: pulumi.Input; /** * Specifies the KMS key ARN the stream will use to encrypt data. If not set, no encryption will * be used. */ kmsKeyArn?: pulumi.Input; /** * The "YYYY/MM/DD/HH" time format prefix is automatically used for delivered S3 files. You can specify an extra prefix to be added in front of the time format prefix. Note that if the prefix ends with a slash, it appears as a folder in the S3 bucket */ prefix?: pulumi.Input; /** * The ARN of the AWS credentials. */ roleArn: pulumi.Input; } export interface FirehoseDeliveryStreamElasticsearchConfigurationS3ConfigurationCloudwatchLoggingOptions { /** * Enables or disables the logging. Defaults to `false`. */ enabled?: pulumi.Input; /** * The CloudWatch group name for logging. This value is required if `enabled` is true. */ logGroupName?: pulumi.Input; /** * The CloudWatch log stream name for logging. This value is required if `enabled` is true. */ logStreamName?: pulumi.Input; } export interface FirehoseDeliveryStreamElasticsearchConfigurationVpcConfig { /** * The ARN of the IAM role to be assumed by Firehose for calling the Amazon EC2 configuration API and for creating network interfaces. Make sure role has necessary [IAM permissions](https://docs.aws.amazon.com/firehose/latest/dev/controlling-access.html#using-iam-es-vpc) */ roleArn: pulumi.Input; /** * A list of security group IDs to associate with Kinesis Firehose. */ securityGroupIds: pulumi.Input[]>; /** * A list of subnet IDs to associate with Kinesis Firehose. */ subnetIds: pulumi.Input[]>; vpcId?: pulumi.Input; } export interface FirehoseDeliveryStreamExtendedS3Configuration { /** * The ARN of the S3 bucket */ bucketArn: pulumi.Input; bufferingInterval?: pulumi.Input; bufferingSize?: pulumi.Input; cloudwatchLoggingOptions?: pulumi.Input; /** * The compression format. If no value is specified, the default is `UNCOMPRESSED`. Other supported values are `GZIP`, `ZIP`, `Snappy`, & `HADOOP_SNAPPY`. */ compressionFormat?: pulumi.Input; /** * The time zone you prefer. Valid values are `UTC` or a non-3-letter IANA time zones (for example, `America/Los_Angeles`). Default value is `UTC`. */ customTimeZone?: pulumi.Input; /** * Nested argument for the serializer, deserializer, and schema for converting data from the JSON format to the Parquet or ORC format before writing it to Amazon S3. See `dataFormatConversionConfiguration` block below for details. */ dataFormatConversionConfiguration?: pulumi.Input; /** * The configuration for dynamic partitioning. Required when using [dynamic partitioning](https://docs.aws.amazon.com/firehose/latest/dev/dynamic-partitioning.html). See `dynamicPartitioningConfiguration` block below for details. */ dynamicPartitioningConfiguration?: pulumi.Input; /** * Prefix added to failed records before writing them to S3. Not currently supported for `redshift` destination. This prefix appears immediately following the bucket name. For information about how to specify this prefix, see [Custom Prefixes for Amazon S3 Objects](https://docs.aws.amazon.com/firehose/latest/dev/s3-prefixes.html). */ errorOutputPrefix?: pulumi.Input; /** * The file extension to override the default file extension (for example, `.json`). */ fileExtension?: pulumi.Input; /** * Specifies the KMS key ARN the stream will use to encrypt data. If not set, no encryption will * be used. */ kmsKeyArn?: pulumi.Input; /** * The "YYYY/MM/DD/HH" time format prefix is automatically used for delivered S3 files. You can specify an extra prefix to be added in front of the time format prefix. Note that if the prefix ends with a slash, it appears as a folder in the S3 bucket */ prefix?: pulumi.Input; /** * The data processing configuration. See `processingConfiguration` block below for details. */ processingConfiguration?: pulumi.Input; roleArn: pulumi.Input; /** * The configuration for backup in Amazon S3. Required if `s3BackupMode` is `Enabled`. Supports the same fields as `s3Configuration` object. */ s3BackupConfiguration?: pulumi.Input; /** * The Amazon S3 backup mode. Valid values are `Disabled` and `Enabled`. Default value is `Disabled`. */ s3BackupMode?: pulumi.Input; } export interface FirehoseDeliveryStreamExtendedS3ConfigurationCloudwatchLoggingOptions { /** * Enables or disables the logging. Defaults to `false`. */ enabled?: pulumi.Input; /** * The CloudWatch group name for logging. This value is required if `enabled` is true. */ logGroupName?: pulumi.Input; /** * The CloudWatch log stream name for logging. This value is required if `enabled` is true. */ logStreamName?: pulumi.Input; } export interface FirehoseDeliveryStreamExtendedS3ConfigurationDataFormatConversionConfiguration { /** * Defaults to `true`. Set it to `false` if you want to disable format conversion while preserving the configuration details. */ enabled?: pulumi.Input; /** * Specifies the deserializer that you want Kinesis Data Firehose to use to convert the format of your data from JSON. See `inputFormatConfiguration` block below for details. */ inputFormatConfiguration: pulumi.Input; /** * Specifies the serializer that you want Kinesis Data Firehose to use to convert the format of your data to the Parquet or ORC format. See `outputFormatConfiguration` block below for details. */ outputFormatConfiguration: pulumi.Input; /** * Specifies the AWS Glue Data Catalog table that contains the column information. See `schemaConfiguration` block below for details. */ schemaConfiguration: pulumi.Input; } export interface FirehoseDeliveryStreamExtendedS3ConfigurationDataFormatConversionConfigurationInputFormatConfiguration { /** * Specifies which deserializer to use. You can choose either the Apache Hive JSON SerDe or the OpenX JSON SerDe. See `deserializer` block below for details. */ deserializer: pulumi.Input; } export interface FirehoseDeliveryStreamExtendedS3ConfigurationDataFormatConversionConfigurationInputFormatConfigurationDeserializer { /** * Specifies the native Hive / HCatalog JsonSerDe. More details below. See `hiveJsonSerDe` block below for details. */ hiveJsonSerDe?: pulumi.Input; /** * Specifies the OpenX SerDe. See `openXJsonSerDe` block below for details. */ openXJsonSerDe?: pulumi.Input; } export interface FirehoseDeliveryStreamExtendedS3ConfigurationDataFormatConversionConfigurationInputFormatConfigurationDeserializerHiveJsonSerDe { /** * A list of how you want Kinesis Data Firehose to parse the date and time stamps that may be present in your input data JSON. To specify these format strings, follow the pattern syntax of JodaTime's DateTimeFormat format strings. For more information, see [Class DateTimeFormat](https://www.joda.org/joda-time/apidocs/org/joda/time/format/DateTimeFormat.html). You can also use the special value millis to parse time stamps in epoch milliseconds. If you don't specify a format, Kinesis Data Firehose uses java.sql.Timestamp::valueOf by default. */ timestampFormats?: pulumi.Input[]>; } export interface FirehoseDeliveryStreamExtendedS3ConfigurationDataFormatConversionConfigurationInputFormatConfigurationDeserializerOpenXJsonSerDe { /** * When set to true, which is the default, Kinesis Data Firehose converts JSON keys to lowercase before deserializing them. */ caseInsensitive?: pulumi.Input; /** * A map of column names to JSON keys that aren't identical to the column names. This is useful when the JSON contains keys that are Hive keywords. For example, timestamp is a Hive keyword. If you have a JSON key named timestamp, set this parameter to `{ ts = "timestamp" }` to map this key to a column named ts. */ columnToJsonKeyMappings?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * When set to `true`, specifies that the names of the keys include dots and that you want Kinesis Data Firehose to replace them with underscores. This is useful because Apache Hive does not allow dots in column names. For example, if the JSON contains a key whose name is "a.b", you can define the column name to be "aB" when using this option. Defaults to `false`. */ convertDotsInJsonKeysToUnderscores?: pulumi.Input; } export interface FirehoseDeliveryStreamExtendedS3ConfigurationDataFormatConversionConfigurationOutputFormatConfiguration { /** * Specifies which serializer to use. You can choose either the ORC SerDe or the Parquet SerDe. See `serializer` block below for details. */ serializer: pulumi.Input; } export interface FirehoseDeliveryStreamExtendedS3ConfigurationDataFormatConversionConfigurationOutputFormatConfigurationSerializer { /** * Specifies converting data to the ORC format before storing it in Amazon S3. For more information, see [Apache ORC](https://orc.apache.org/docs/). See `orcSerDe` block below for details. */ orcSerDe?: pulumi.Input; /** * Specifies converting data to the Parquet format before storing it in Amazon S3. For more information, see [Apache Parquet](https://parquet.apache.org/docs/). More details below. */ parquetSerDe?: pulumi.Input; } export interface FirehoseDeliveryStreamExtendedS3ConfigurationDataFormatConversionConfigurationOutputFormatConfigurationSerializerOrcSerDe { /** * The Hadoop Distributed File System (HDFS) block size. This is useful if you intend to copy the data from Amazon S3 to HDFS before querying. The default is 256 MiB and the minimum is 64 MiB. Kinesis Data Firehose uses this value for padding calculations. */ blockSizeBytes?: pulumi.Input; /** * A list of column names for which you want Kinesis Data Firehose to create bloom filters. */ bloomFilterColumns?: pulumi.Input[]>; /** * The Bloom filter false positive probability (FPP). The lower the FPP, the bigger the Bloom filter. The default value is `0.05`, the minimum is `0`, and the maximum is `1`. */ bloomFilterFalsePositiveProbability?: pulumi.Input; /** * The compression code to use over data blocks. The default is `SNAPPY`. */ compression?: pulumi.Input; /** * A float that represents the fraction of the total number of non-null rows. To turn off dictionary encoding, set this fraction to a number that is less than the number of distinct keys in a dictionary. To always use dictionary encoding, set this threshold to `1`. */ dictionaryKeyThreshold?: pulumi.Input; /** * Set this to `true` to indicate that you want stripes to be padded to the HDFS block boundaries. This is useful if you intend to copy the data from Amazon S3 to HDFS before querying. The default is `false`. */ enablePadding?: pulumi.Input; /** * The version of the file to write. The possible values are `V0_11` and `V0_12`. The default is `V0_12`. */ formatVersion?: pulumi.Input; /** * A float between 0 and 1 that defines the tolerance for block padding as a decimal fraction of stripe size. The default value is `0.05`, which means 5 percent of stripe size. For the default values of 64 MiB ORC stripes and 256 MiB HDFS blocks, the default block padding tolerance of 5 percent reserves a maximum of 3.2 MiB for padding within the 256 MiB block. In such a case, if the available size within the block is more than 3.2 MiB, a new, smaller stripe is inserted to fit within that space. This ensures that no stripe crosses block boundaries and causes remote reads within a node-local task. Kinesis Data Firehose ignores this parameter when `enablePadding` is `false`. */ paddingTolerance?: pulumi.Input; /** * The number of rows between index entries. The default is `10000` and the minimum is `1000`. */ rowIndexStride?: pulumi.Input; /** * The number of bytes in each stripe. The default is 64 MiB and the minimum is 8 MiB. */ stripeSizeBytes?: pulumi.Input; } export interface FirehoseDeliveryStreamExtendedS3ConfigurationDataFormatConversionConfigurationOutputFormatConfigurationSerializerParquetSerDe { /** * The Hadoop Distributed File System (HDFS) block size. This is useful if you intend to copy the data from Amazon S3 to HDFS before querying. The default is 256 MiB and the minimum is 64 MiB. Kinesis Data Firehose uses this value for padding calculations. */ blockSizeBytes?: pulumi.Input; /** * The compression code to use over data blocks. The possible values are `UNCOMPRESSED`, `SNAPPY`, and `GZIP`, with the default being `SNAPPY`. Use `SNAPPY` for higher decompression speed. Use `GZIP` if the compression ratio is more important than speed. */ compression?: pulumi.Input; /** * Indicates whether to enable dictionary compression. */ enableDictionaryCompression?: pulumi.Input; /** * The maximum amount of padding to apply. This is useful if you intend to copy the data from Amazon S3 to HDFS before querying. The default is `0`. */ maxPaddingBytes?: pulumi.Input; /** * The Parquet page size. Column chunks are divided into pages. A page is conceptually an indivisible unit (in terms of compression and encoding). The minimum value is 64 KiB and the default is 1 MiB. */ pageSizeBytes?: pulumi.Input; /** * Indicates the version of row format to output. The possible values are `V1` and `V2`. The default is `V1`. */ writerVersion?: pulumi.Input; } export interface FirehoseDeliveryStreamExtendedS3ConfigurationDataFormatConversionConfigurationSchemaConfiguration { /** * The ID of the AWS Glue Data Catalog. If you don't supply this, the AWS account ID is used by default. */ catalogId?: pulumi.Input; /** * Specifies the name of the AWS Glue database that contains the schema for the output data. */ databaseName: pulumi.Input; /** * If you don't specify an AWS Region, the default is the current region. */ region?: pulumi.Input; /** * The role that Kinesis Data Firehose can use to access AWS Glue. This role must be in the same account you use for Kinesis Data Firehose. Cross-account roles aren't allowed. */ roleArn: pulumi.Input; /** * Specifies the AWS Glue table that contains the column information that constitutes your data schema. */ tableName: pulumi.Input; /** * Specifies the table version for the output data schema. Defaults to `LATEST`. */ versionId?: pulumi.Input; } export interface FirehoseDeliveryStreamExtendedS3ConfigurationDynamicPartitioningConfiguration { /** * Enables or disables dynamic partitioning. Defaults to `false`. */ enabled?: pulumi.Input; /** * Total amount of seconds Firehose spends on retries. Valid values between 0 and 7200. Default is 300. * * > **NOTE:** You can enable dynamic partitioning only when you create a new delivery stream. Once you enable dynamic partitioning on a delivery stream, it cannot be disabled on this delivery stream. Therefore, the provider will recreate the resource whenever dynamic partitioning is enabled or disabled. */ retryDuration?: pulumi.Input; } export interface FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfiguration { /** * Enables or disables data processing. */ enabled?: pulumi.Input; /** * Specifies the data processors as multiple blocks. See `processors` block below for details. */ processors?: pulumi.Input[]>; } export interface FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessor { /** * Specifies the processor parameters as multiple blocks. See `parameters` block below for details. */ parameters?: pulumi.Input[]>; /** * The type of processor. Valid Values: `RecordDeAggregation`, `Lambda`, `MetadataExtraction`, `AppendDelimiterToRecord`, `Decompression`, `CloudWatchLogProcessing`. Validation is done against [AWS SDK constants](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/firehose/types#ProcessorType); so values not explicitly listed may also work. */ type: pulumi.Input; } export interface FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameter { /** * Parameter name. Valid Values: `LambdaArn`, `NumberOfRetries`, `MetadataExtractionQuery`, `JsonParsingEngine`, `RoleArn`, `BufferSizeInMBs`, `BufferIntervalInSeconds`, `SubRecordType`, `Delimiter`, `CompressionFormat`, `DataMessageExtraction`. Validation is done against [AWS SDK constants](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/firehose/types#ProcessorParameterName); so values not explicitly listed may also work. */ parameterName: pulumi.Input; /** * Parameter value. Must be between 1 and 512 length (inclusive). When providing a Lambda ARN, you should specify the resource version as well. * * > **NOTE:** Parameters with default values, including `NumberOfRetries`(default: 3), `RoleArn`(default: firehose role ARN), `BufferSizeInMBs`(default: 1), and `BufferIntervalInSeconds`(default: 60), are not stored in Pulumi state. To prevent perpetual differences, it is therefore recommended to only include parameters with non-default values. */ parameterValue: pulumi.Input; } export interface FirehoseDeliveryStreamExtendedS3ConfigurationS3BackupConfiguration { /** * The ARN of the S3 bucket */ bucketArn: pulumi.Input; bufferingInterval?: pulumi.Input; bufferingSize?: pulumi.Input; cloudwatchLoggingOptions?: pulumi.Input; /** * The compression format. If no value is specified, the default is `UNCOMPRESSED`. Other supported values are `GZIP`, `ZIP`, `Snappy`, & `HADOOP_SNAPPY`. */ compressionFormat?: pulumi.Input; /** * Prefix added to failed records before writing them to S3. Not currently supported for `redshift` destination. This prefix appears immediately following the bucket name. For information about how to specify this prefix, see [Custom Prefixes for Amazon S3 Objects](https://docs.aws.amazon.com/firehose/latest/dev/s3-prefixes.html). */ errorOutputPrefix?: pulumi.Input; /** * Specifies the KMS key ARN the stream will use to encrypt data. If not set, no encryption will * be used. */ kmsKeyArn?: pulumi.Input; /** * The "YYYY/MM/DD/HH" time format prefix is automatically used for delivered S3 files. You can specify an extra prefix to be added in front of the time format prefix. Note that if the prefix ends with a slash, it appears as a folder in the S3 bucket */ prefix?: pulumi.Input; roleArn: pulumi.Input; } export interface FirehoseDeliveryStreamExtendedS3ConfigurationS3BackupConfigurationCloudwatchLoggingOptions { /** * Enables or disables the logging. Defaults to `false`. */ enabled?: pulumi.Input; /** * The CloudWatch group name for logging. This value is required if `enabled` is true. */ logGroupName?: pulumi.Input; /** * The CloudWatch log stream name for logging. This value is required if `enabled` is true. */ logStreamName?: pulumi.Input; } export interface FirehoseDeliveryStreamHttpEndpointConfiguration { /** * The access key required for Kinesis Firehose to authenticate with the HTTP endpoint selected as the destination. */ accessKey?: pulumi.Input; /** * Buffer incoming data for the specified period of time, in seconds, before delivering it to the destination. The default value is 300 (5 minutes). */ bufferingInterval?: pulumi.Input; /** * Buffer incoming data to the specified size, in MBs, before delivering it to the destination. The default value is 5. */ bufferingSize?: pulumi.Input; /** * The CloudWatch Logging Options for the delivery stream. See `cloudwatchLoggingOptions` block below for details. */ cloudwatchLoggingOptions?: pulumi.Input; /** * The HTTP endpoint name. */ name?: pulumi.Input; /** * The data processing configuration. See `processingConfiguration` block below for details. */ processingConfiguration?: pulumi.Input; /** * The request configuration. See `requestConfiguration` block below for details. */ requestConfiguration?: pulumi.Input; /** * Total amount of seconds Firehose spends on retries. This duration starts after the initial attempt fails, It does not include the time periods during which Firehose waits for acknowledgment from the specified destination after each attempt. Valid values between `0` and `7200`. Default is `300`. */ retryDuration?: pulumi.Input; /** * Kinesis Data Firehose uses this IAM role for all the permissions that the delivery stream needs. The pattern needs to be `arn:.*`. */ roleArn?: pulumi.Input; /** * Defines how documents should be delivered to Amazon S3. Valid values are `FailedDataOnly` and `AllData`. Default value is `FailedDataOnly`. */ s3BackupMode?: pulumi.Input; /** * The S3 Configuration. See `s3Configuration` block below for details. */ s3Configuration: pulumi.Input; /** * The Secret Manager Configuration. See `secretsManagerConfiguration` block below for details. */ secretsManagerConfiguration?: pulumi.Input; /** * The HTTP endpoint URL to which Kinesis Firehose sends your data. */ url: pulumi.Input; } export interface FirehoseDeliveryStreamHttpEndpointConfigurationCloudwatchLoggingOptions { /** * Enables or disables the logging. Defaults to `false`. */ enabled?: pulumi.Input; /** * The CloudWatch group name for logging. This value is required if `enabled` is true. */ logGroupName?: pulumi.Input; /** * The CloudWatch log stream name for logging. This value is required if `enabled` is true. */ logStreamName?: pulumi.Input; } export interface FirehoseDeliveryStreamHttpEndpointConfigurationProcessingConfiguration { /** * Enables or disables data processing. */ enabled?: pulumi.Input; /** * Specifies the data processors as multiple blocks. See `processors` block below for details. */ processors?: pulumi.Input[]>; } export interface FirehoseDeliveryStreamHttpEndpointConfigurationProcessingConfigurationProcessor { /** * Specifies the processor parameters as multiple blocks. See `parameters` block below for details. */ parameters?: pulumi.Input[]>; /** * The type of processor. Valid Values: `RecordDeAggregation`, `Lambda`, `MetadataExtraction`, `AppendDelimiterToRecord`, `Decompression`, `CloudWatchLogProcessing`. Validation is done against [AWS SDK constants](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/firehose/types#ProcessorType); so values not explicitly listed may also work. */ type: pulumi.Input; } export interface FirehoseDeliveryStreamHttpEndpointConfigurationProcessingConfigurationProcessorParameter { /** * Parameter name. Valid Values: `LambdaArn`, `NumberOfRetries`, `MetadataExtractionQuery`, `JsonParsingEngine`, `RoleArn`, `BufferSizeInMBs`, `BufferIntervalInSeconds`, `SubRecordType`, `Delimiter`, `CompressionFormat`, `DataMessageExtraction`. Validation is done against [AWS SDK constants](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/firehose/types#ProcessorParameterName); so values not explicitly listed may also work. */ parameterName: pulumi.Input; /** * Parameter value. Must be between 1 and 512 length (inclusive). When providing a Lambda ARN, you should specify the resource version as well. * * > **NOTE:** Parameters with default values, including `NumberOfRetries`(default: 3), `RoleArn`(default: firehose role ARN), `BufferSizeInMBs`(default: 1), and `BufferIntervalInSeconds`(default: 60), are not stored in Pulumi state. To prevent perpetual differences, it is therefore recommended to only include parameters with non-default values. */ parameterValue: pulumi.Input; } export interface FirehoseDeliveryStreamHttpEndpointConfigurationRequestConfiguration { /** * Describes the metadata sent to the HTTP endpoint destination. See `commonAttributes` block below for details. */ commonAttributes?: pulumi.Input[]>; /** * Kinesis Data Firehose uses the content encoding to compress the body of a request before sending the request to the destination. Valid values are `NONE` and `GZIP`. Default value is `NONE`. */ contentEncoding?: pulumi.Input; } export interface FirehoseDeliveryStreamHttpEndpointConfigurationRequestConfigurationCommonAttribute { /** * The name of the HTTP endpoint common attribute. */ name: pulumi.Input; /** * The value of the HTTP endpoint common attribute. */ value: pulumi.Input; } export interface FirehoseDeliveryStreamHttpEndpointConfigurationS3Configuration { /** * The ARN of the S3 bucket */ bucketArn: pulumi.Input; /** * Buffer incoming data for the specified period of time, in seconds, before delivering it to the destination. The default value is 300. */ bufferingInterval?: pulumi.Input; /** * Buffer incoming data to the specified size, in MBs, before delivering it to the destination. The default value is 5. * We recommend setting SizeInMBs to a value greater than the amount of data you typically ingest into the delivery stream in 10 seconds. For example, if you typically ingest data at 1 MB/sec set SizeInMBs to be 10 MB or higher. */ bufferingSize?: pulumi.Input; /** * The CloudWatch Logging Options for the delivery stream. See `cloudwatchLoggingOptions` block below for details. */ cloudwatchLoggingOptions?: pulumi.Input; /** * The compression format. If no value is specified, the default is `UNCOMPRESSED`. Other supported values are `GZIP`, `ZIP`, `Snappy`, & `HADOOP_SNAPPY`. */ compressionFormat?: pulumi.Input; /** * Prefix added to failed records before writing them to S3. Not currently supported for `redshift` destination. This prefix appears immediately following the bucket name. For information about how to specify this prefix, see [Custom Prefixes for Amazon S3 Objects](https://docs.aws.amazon.com/firehose/latest/dev/s3-prefixes.html). */ errorOutputPrefix?: pulumi.Input; /** * Specifies the KMS key ARN the stream will use to encrypt data. If not set, no encryption will * be used. */ kmsKeyArn?: pulumi.Input; /** * The "YYYY/MM/DD/HH" time format prefix is automatically used for delivered S3 files. You can specify an extra prefix to be added in front of the time format prefix. Note that if the prefix ends with a slash, it appears as a folder in the S3 bucket */ prefix?: pulumi.Input; /** * The ARN of the AWS credentials. */ roleArn: pulumi.Input; } export interface FirehoseDeliveryStreamHttpEndpointConfigurationS3ConfigurationCloudwatchLoggingOptions { /** * Enables or disables the logging. Defaults to `false`. */ enabled?: pulumi.Input; /** * The CloudWatch group name for logging. This value is required if `enabled` is true. */ logGroupName?: pulumi.Input; /** * The CloudWatch log stream name for logging. This value is required if `enabled` is true. */ logStreamName?: pulumi.Input; } export interface FirehoseDeliveryStreamHttpEndpointConfigurationSecretsManagerConfiguration { /** * Enables or disables the Secrets Manager configuration. */ enabled?: pulumi.Input; /** * The ARN of the role the stream assumes. */ roleArn?: pulumi.Input; /** * The ARN of the Secrets Manager secret. This value is required if `enabled` is true. */ secretArn?: pulumi.Input; } export interface FirehoseDeliveryStreamIcebergConfiguration { appendOnly?: pulumi.Input; /** * Buffer incoming data for the specified period of time, in seconds between 0 and 900, before delivering it to the destination. The default value is 300. */ bufferingInterval?: pulumi.Input; /** * Buffer incoming data to the specified size, in MBs between 1 and 128, before delivering it to the destination. The default value is 5. */ bufferingSize?: pulumi.Input; /** * Glue catalog ARN identifier of the destination Apache Iceberg Tables. You must specify the ARN in the format `arn:aws:glue:region:account-id:catalog` */ catalogArn: pulumi.Input; /** * The CloudWatch Logging Options for the delivery stream. See `cloudwatchLoggingOptions` block below for details. */ cloudwatchLoggingOptions?: pulumi.Input; /** * Destination table configurations which Firehose uses to deliver data to Apache Iceberg Tables. Firehose will write data with insert if table specific configuration is not provided. See `destinationTableConfiguration` block below for details. */ destinationTableConfigurations?: pulumi.Input[]>; /** * The data processing configuration. See `processingConfiguration` block below for details. */ processingConfiguration?: pulumi.Input; /** * The period of time, in seconds between 0 to 7200, during which Firehose retries to deliver data to the specified destination. */ retryDuration?: pulumi.Input; /** * The ARN of the IAM role to be assumed by Firehose for calling Apache Iceberg Tables. */ roleArn: pulumi.Input; s3BackupMode?: pulumi.Input; /** * The S3 Configuration. See `s3Configuration` block below for details. */ s3Configuration: pulumi.Input; } export interface FirehoseDeliveryStreamIcebergConfigurationCloudwatchLoggingOptions { /** * Enables or disables the logging. Defaults to `false`. */ enabled?: pulumi.Input; /** * The CloudWatch group name for logging. This value is required if `enabled` is true. */ logGroupName?: pulumi.Input; /** * The CloudWatch log stream name for logging. This value is required if `enabled` is true. */ logStreamName?: pulumi.Input; } export interface FirehoseDeliveryStreamIcebergConfigurationDestinationTableConfiguration { /** * The name of the Apache Iceberg database. */ databaseName: pulumi.Input; /** * The table specific S3 error output prefix. All the errors that occurred while delivering to this table will be prefixed with this value in S3 destination. */ s3ErrorOutputPrefix?: pulumi.Input; /** * The name of the Apache Iceberg Table. */ tableName: pulumi.Input; /** * A list of unique keys for a given Apache Iceberg table. Firehose will use these for running Create, Update, or Delete operations on the given Iceberg table. */ uniqueKeys?: pulumi.Input[]>; } export interface FirehoseDeliveryStreamIcebergConfigurationProcessingConfiguration { /** * Enables or disables data processing. */ enabled?: pulumi.Input; /** * Specifies the data processors as multiple blocks. See `processors` block below for details. */ processors?: pulumi.Input[]>; } export interface FirehoseDeliveryStreamIcebergConfigurationProcessingConfigurationProcessor { /** * Specifies the processor parameters as multiple blocks. See `parameters` block below for details. */ parameters?: pulumi.Input[]>; /** * The type of processor. Valid Values: `RecordDeAggregation`, `Lambda`, `MetadataExtraction`, `AppendDelimiterToRecord`, `Decompression`, `CloudWatchLogProcessing`. Validation is done against [AWS SDK constants](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/firehose/types#ProcessorType); so values not explicitly listed may also work. */ type: pulumi.Input; } export interface FirehoseDeliveryStreamIcebergConfigurationProcessingConfigurationProcessorParameter { /** * Parameter name. Valid Values: `LambdaArn`, `NumberOfRetries`, `MetadataExtractionQuery`, `JsonParsingEngine`, `RoleArn`, `BufferSizeInMBs`, `BufferIntervalInSeconds`, `SubRecordType`, `Delimiter`, `CompressionFormat`, `DataMessageExtraction`. Validation is done against [AWS SDK constants](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/firehose/types#ProcessorParameterName); so values not explicitly listed may also work. */ parameterName: pulumi.Input; /** * Parameter value. Must be between 1 and 512 length (inclusive). When providing a Lambda ARN, you should specify the resource version as well. * * > **NOTE:** Parameters with default values, including `NumberOfRetries`(default: 3), `RoleArn`(default: firehose role ARN), `BufferSizeInMBs`(default: 1), and `BufferIntervalInSeconds`(default: 60), are not stored in Pulumi state. To prevent perpetual differences, it is therefore recommended to only include parameters with non-default values. */ parameterValue: pulumi.Input; } export interface FirehoseDeliveryStreamIcebergConfigurationS3Configuration { /** * The ARN of the S3 bucket */ bucketArn: pulumi.Input; /** * Buffer incoming data for the specified period of time, in seconds, before delivering it to the destination. The default value is 300. */ bufferingInterval?: pulumi.Input; /** * Buffer incoming data to the specified size, in MBs, before delivering it to the destination. The default value is 5. * We recommend setting SizeInMBs to a value greater than the amount of data you typically ingest into the delivery stream in 10 seconds. For example, if you typically ingest data at 1 MB/sec set SizeInMBs to be 10 MB or higher. */ bufferingSize?: pulumi.Input; /** * The CloudWatch Logging Options for the delivery stream. See `cloudwatchLoggingOptions` block below for details. */ cloudwatchLoggingOptions?: pulumi.Input; /** * The compression format. If no value is specified, the default is `UNCOMPRESSED`. Other supported values are `GZIP`, `ZIP`, `Snappy`, & `HADOOP_SNAPPY`. */ compressionFormat?: pulumi.Input; /** * Prefix added to failed records before writing them to S3. Not currently supported for `redshift` destination. This prefix appears immediately following the bucket name. For information about how to specify this prefix, see [Custom Prefixes for Amazon S3 Objects](https://docs.aws.amazon.com/firehose/latest/dev/s3-prefixes.html). */ errorOutputPrefix?: pulumi.Input; /** * Specifies the KMS key ARN the stream will use to encrypt data. If not set, no encryption will * be used. */ kmsKeyArn?: pulumi.Input; /** * The "YYYY/MM/DD/HH" time format prefix is automatically used for delivered S3 files. You can specify an extra prefix to be added in front of the time format prefix. Note that if the prefix ends with a slash, it appears as a folder in the S3 bucket */ prefix?: pulumi.Input; /** * The ARN of the AWS credentials. */ roleArn: pulumi.Input; } export interface FirehoseDeliveryStreamIcebergConfigurationS3ConfigurationCloudwatchLoggingOptions { /** * Enables or disables the logging. Defaults to `false`. */ enabled?: pulumi.Input; /** * The CloudWatch group name for logging. This value is required if `enabled` is true. */ logGroupName?: pulumi.Input; /** * The CloudWatch log stream name for logging. This value is required if `enabled` is true. */ logStreamName?: pulumi.Input; } export interface FirehoseDeliveryStreamKinesisSourceConfiguration { /** * The kinesis stream used as the source of the firehose delivery stream. */ kinesisStreamArn: pulumi.Input; /** * The ARN of the role that provides access to the source Kinesis stream. */ roleArn: pulumi.Input; } export interface FirehoseDeliveryStreamMskSourceConfiguration { /** * The authentication configuration of the Amazon MSK cluster. See `authenticationConfiguration` block below for details. */ authenticationConfiguration: pulumi.Input; /** * The ARN of the Amazon MSK cluster. */ mskClusterArn: pulumi.Input; /** * The start date and time in UTC for the offset position within your MSK topic from where Firehose begins to read. By default, this is set to timestamp when Firehose becomes Active. If you want to create a Firehose stream with Earliest start position set the `readFromTimestamp` parameter to Epoch (1970-01-01T00:00:00Z). */ readFromTimestamp?: pulumi.Input; /** * The topic name within the Amazon MSK cluster. */ topicName: pulumi.Input; } export interface FirehoseDeliveryStreamMskSourceConfigurationAuthenticationConfiguration { /** * The type of connectivity used to access the Amazon MSK cluster. Valid values: `PUBLIC`, `PRIVATE`. */ connectivity: pulumi.Input; /** * The ARN of the role used to access the Amazon MSK cluster. */ roleArn: pulumi.Input; } export interface FirehoseDeliveryStreamOpensearchConfiguration { /** * Buffer incoming data for the specified period of time, in seconds between 0 to 900, before delivering it to the destination. The default value is 300s. */ bufferingInterval?: pulumi.Input; /** * Buffer incoming data to the specified size, in MBs between 1 to 100, before delivering it to the destination. The default value is 5MB. */ bufferingSize?: pulumi.Input; /** * The CloudWatch Logging Options for the delivery stream. See `cloudwatchLoggingOptions` block below for details. */ cloudwatchLoggingOptions?: pulumi.Input; /** * The endpoint to use when communicating with the cluster. Conflicts with `domainArn`. */ clusterEndpoint?: pulumi.Input; /** * The method for setting up document ID. See [`documentIdOptions` block] below for details. */ documentIdOptions?: pulumi.Input; /** * The ARN of the Amazon ES domain. The pattern needs to be `arn:.*`. Conflicts with `clusterEndpoint`. */ domainArn?: pulumi.Input; /** * The OpenSearch index name. */ indexName: pulumi.Input; /** * The OpenSearch index rotation period. Index rotation appends a timestamp to the IndexName to facilitate expiration of old data. Valid values are `NoRotation`, `OneHour`, `OneDay`, `OneWeek`, and `OneMonth`. The default value is `OneDay`. */ indexRotationPeriod?: pulumi.Input; /** * The data processing configuration. See `processingConfiguration` block below for details. */ processingConfiguration?: pulumi.Input; /** * After an initial failure to deliver to Amazon OpenSearch, the total amount of time, in seconds between 0 to 7200, during which Firehose re-attempts delivery (including the first attempt). After this time has elapsed, the failed documents are written to Amazon S3. The default value is 300s. There will be no retry if the value is 0. */ retryDuration?: pulumi.Input; /** * The ARN of the IAM role to be assumed by Firehose for calling the Amazon ES Configuration API and for indexing documents. The IAM role must have permission for `DescribeDomain`, `DescribeDomains`, and `DescribeDomainConfig`. The pattern needs to be `arn:.*`. */ roleArn: pulumi.Input; /** * Defines how documents should be delivered to Amazon S3. Valid values are `FailedDocumentsOnly` and `AllDocuments`. Default value is `FailedDocumentsOnly`. */ s3BackupMode?: pulumi.Input; /** * The S3 Configuration. See `s3Configuration` block below for details. */ s3Configuration: pulumi.Input; /** * The Elasticsearch type name with maximum length of 100 characters. Types are deprecated in OpenSearch_1.1. TypeName must be empty. */ typeName?: pulumi.Input; /** * The VPC configuration for the delivery stream to connect to OpenSearch associated with the VPC. See `vpcConfig` block below for details. */ vpcConfig?: pulumi.Input; } export interface FirehoseDeliveryStreamOpensearchConfigurationCloudwatchLoggingOptions { /** * Enables or disables the logging. Defaults to `false`. */ enabled?: pulumi.Input; /** * The CloudWatch group name for logging. This value is required if `enabled` is true. */ logGroupName?: pulumi.Input; /** * The CloudWatch log stream name for logging. This value is required if `enabled` is true. */ logStreamName?: pulumi.Input; } export interface FirehoseDeliveryStreamOpensearchConfigurationDocumentIdOptions { /** * The method for setting up document ID. Valid values: `FIREHOSE_DEFAULT`, `NO_DOCUMENT_ID`. */ defaultDocumentIdFormat: pulumi.Input; } export interface FirehoseDeliveryStreamOpensearchConfigurationProcessingConfiguration { /** * Enables or disables data processing. */ enabled?: pulumi.Input; /** * Specifies the data processors as multiple blocks. See `processors` block below for details. */ processors?: pulumi.Input[]>; } export interface FirehoseDeliveryStreamOpensearchConfigurationProcessingConfigurationProcessor { /** * Specifies the processor parameters as multiple blocks. See `parameters` block below for details. */ parameters?: pulumi.Input[]>; /** * The type of processor. Valid Values: `RecordDeAggregation`, `Lambda`, `MetadataExtraction`, `AppendDelimiterToRecord`, `Decompression`, `CloudWatchLogProcessing`. Validation is done against [AWS SDK constants](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/firehose/types#ProcessorType); so values not explicitly listed may also work. */ type: pulumi.Input; } export interface FirehoseDeliveryStreamOpensearchConfigurationProcessingConfigurationProcessorParameter { /** * Parameter name. Valid Values: `LambdaArn`, `NumberOfRetries`, `MetadataExtractionQuery`, `JsonParsingEngine`, `RoleArn`, `BufferSizeInMBs`, `BufferIntervalInSeconds`, `SubRecordType`, `Delimiter`, `CompressionFormat`, `DataMessageExtraction`. Validation is done against [AWS SDK constants](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/firehose/types#ProcessorParameterName); so values not explicitly listed may also work. */ parameterName: pulumi.Input; /** * Parameter value. Must be between 1 and 512 length (inclusive). When providing a Lambda ARN, you should specify the resource version as well. * * > **NOTE:** Parameters with default values, including `NumberOfRetries`(default: 3), `RoleArn`(default: firehose role ARN), `BufferSizeInMBs`(default: 1), and `BufferIntervalInSeconds`(default: 60), are not stored in Pulumi state. To prevent perpetual differences, it is therefore recommended to only include parameters with non-default values. */ parameterValue: pulumi.Input; } export interface FirehoseDeliveryStreamOpensearchConfigurationS3Configuration { /** * The ARN of the S3 bucket */ bucketArn: pulumi.Input; /** * Buffer incoming data for the specified period of time, in seconds, before delivering it to the destination. The default value is 300. */ bufferingInterval?: pulumi.Input; /** * Buffer incoming data to the specified size, in MBs, before delivering it to the destination. The default value is 5. * We recommend setting SizeInMBs to a value greater than the amount of data you typically ingest into the delivery stream in 10 seconds. For example, if you typically ingest data at 1 MB/sec set SizeInMBs to be 10 MB or higher. */ bufferingSize?: pulumi.Input; /** * The CloudWatch Logging Options for the delivery stream. See `cloudwatchLoggingOptions` block below for details. */ cloudwatchLoggingOptions?: pulumi.Input; /** * The compression format. If no value is specified, the default is `UNCOMPRESSED`. Other supported values are `GZIP`, `ZIP`, `Snappy`, & `HADOOP_SNAPPY`. */ compressionFormat?: pulumi.Input; /** * Prefix added to failed records before writing them to S3. Not currently supported for `redshift` destination. This prefix appears immediately following the bucket name. For information about how to specify this prefix, see [Custom Prefixes for Amazon S3 Objects](https://docs.aws.amazon.com/firehose/latest/dev/s3-prefixes.html). */ errorOutputPrefix?: pulumi.Input; /** * Specifies the KMS key ARN the stream will use to encrypt data. If not set, no encryption will * be used. */ kmsKeyArn?: pulumi.Input; /** * The "YYYY/MM/DD/HH" time format prefix is automatically used for delivered S3 files. You can specify an extra prefix to be added in front of the time format prefix. Note that if the prefix ends with a slash, it appears as a folder in the S3 bucket */ prefix?: pulumi.Input; /** * The ARN of the AWS credentials. */ roleArn: pulumi.Input; } export interface FirehoseDeliveryStreamOpensearchConfigurationS3ConfigurationCloudwatchLoggingOptions { /** * Enables or disables the logging. Defaults to `false`. */ enabled?: pulumi.Input; /** * The CloudWatch group name for logging. This value is required if `enabled` is true. */ logGroupName?: pulumi.Input; /** * The CloudWatch log stream name for logging. This value is required if `enabled` is true. */ logStreamName?: pulumi.Input; } export interface FirehoseDeliveryStreamOpensearchConfigurationVpcConfig { /** * The ARN of the IAM role to be assumed by Firehose for calling the Amazon EC2 configuration API and for creating network interfaces. Make sure role has necessary [IAM permissions](https://docs.aws.amazon.com/firehose/latest/dev/controlling-access.html#using-iam-es-vpc) */ roleArn: pulumi.Input; /** * A list of security group IDs to associate with Kinesis Firehose. */ securityGroupIds: pulumi.Input[]>; /** * A list of subnet IDs to associate with Kinesis Firehose. */ subnetIds: pulumi.Input[]>; vpcId?: pulumi.Input; } export interface FirehoseDeliveryStreamOpensearchserverlessConfiguration { /** * Buffer incoming data for the specified period of time, in seconds between 0 to 900, before delivering it to the destination. The default value is 300s. */ bufferingInterval?: pulumi.Input; /** * Buffer incoming data to the specified size, in MBs between 1 to 100, before delivering it to the destination. The default value is 5MB. */ bufferingSize?: pulumi.Input; /** * The CloudWatch Logging Options for the delivery stream. See `cloudwatchLoggingOptions` block below for details. */ cloudwatchLoggingOptions?: pulumi.Input; /** * The endpoint to use when communicating with the collection in the Serverless offering for Amazon OpenSearch Service. */ collectionEndpoint: pulumi.Input; /** * The Serverless offering for Amazon OpenSearch Service index name. */ indexName: pulumi.Input; /** * The data processing configuration. See `processingConfiguration` block below for details. */ processingConfiguration?: pulumi.Input; /** * After an initial failure to deliver to the Serverless offering for Amazon OpenSearch Service, the total amount of time, in seconds between 0 to 7200, during which Kinesis Data Firehose retries delivery (including the first attempt). After this time has elapsed, the failed documents are written to Amazon S3. The default value is 300s. There will be no retry if the value is 0. */ retryDuration?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the IAM role to be assumed by Kinesis Data Firehose for calling the Serverless offering for Amazon OpenSearch Service Configuration API and for indexing documents. The pattern needs to be `arn:.*`. */ roleArn: pulumi.Input; /** * Defines how documents should be delivered to Amazon S3. Valid values are `FailedDocumentsOnly` and `AllDocuments`. Default value is `FailedDocumentsOnly`. */ s3BackupMode?: pulumi.Input; /** * The S3 Configuration. See `s3Configuration` block below for details. */ s3Configuration: pulumi.Input; /** * The VPC configuration for the delivery stream to connect to OpenSearch Serverless associated with the VPC. See `vpcConfig` block below for details. */ vpcConfig?: pulumi.Input; } export interface FirehoseDeliveryStreamOpensearchserverlessConfigurationCloudwatchLoggingOptions { /** * Enables or disables the logging. Defaults to `false`. */ enabled?: pulumi.Input; /** * The CloudWatch group name for logging. This value is required if `enabled` is true. */ logGroupName?: pulumi.Input; /** * The CloudWatch log stream name for logging. This value is required if `enabled` is true. */ logStreamName?: pulumi.Input; } export interface FirehoseDeliveryStreamOpensearchserverlessConfigurationProcessingConfiguration { /** * Enables or disables data processing. */ enabled?: pulumi.Input; /** * Specifies the data processors as multiple blocks. See `processors` block below for details. */ processors?: pulumi.Input[]>; } export interface FirehoseDeliveryStreamOpensearchserverlessConfigurationProcessingConfigurationProcessor { /** * Specifies the processor parameters as multiple blocks. See `parameters` block below for details. */ parameters?: pulumi.Input[]>; /** * The type of processor. Valid Values: `RecordDeAggregation`, `Lambda`, `MetadataExtraction`, `AppendDelimiterToRecord`, `Decompression`, `CloudWatchLogProcessing`. Validation is done against [AWS SDK constants](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/firehose/types#ProcessorType); so values not explicitly listed may also work. */ type: pulumi.Input; } export interface FirehoseDeliveryStreamOpensearchserverlessConfigurationProcessingConfigurationProcessorParameter { /** * Parameter name. Valid Values: `LambdaArn`, `NumberOfRetries`, `MetadataExtractionQuery`, `JsonParsingEngine`, `RoleArn`, `BufferSizeInMBs`, `BufferIntervalInSeconds`, `SubRecordType`, `Delimiter`, `CompressionFormat`, `DataMessageExtraction`. Validation is done against [AWS SDK constants](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/firehose/types#ProcessorParameterName); so values not explicitly listed may also work. */ parameterName: pulumi.Input; /** * Parameter value. Must be between 1 and 512 length (inclusive). When providing a Lambda ARN, you should specify the resource version as well. * * > **NOTE:** Parameters with default values, including `NumberOfRetries`(default: 3), `RoleArn`(default: firehose role ARN), `BufferSizeInMBs`(default: 1), and `BufferIntervalInSeconds`(default: 60), are not stored in Pulumi state. To prevent perpetual differences, it is therefore recommended to only include parameters with non-default values. */ parameterValue: pulumi.Input; } export interface FirehoseDeliveryStreamOpensearchserverlessConfigurationS3Configuration { /** * The ARN of the S3 bucket */ bucketArn: pulumi.Input; /** * Buffer incoming data for the specified period of time, in seconds, before delivering it to the destination. The default value is 300. */ bufferingInterval?: pulumi.Input; /** * Buffer incoming data to the specified size, in MBs, before delivering it to the destination. The default value is 5. * We recommend setting SizeInMBs to a value greater than the amount of data you typically ingest into the delivery stream in 10 seconds. For example, if you typically ingest data at 1 MB/sec set SizeInMBs to be 10 MB or higher. */ bufferingSize?: pulumi.Input; /** * The CloudWatch Logging Options for the delivery stream. See `cloudwatchLoggingOptions` block below for details. */ cloudwatchLoggingOptions?: pulumi.Input; /** * The compression format. If no value is specified, the default is `UNCOMPRESSED`. Other supported values are `GZIP`, `ZIP`, `Snappy`, & `HADOOP_SNAPPY`. */ compressionFormat?: pulumi.Input; /** * Prefix added to failed records before writing them to S3. Not currently supported for `redshift` destination. This prefix appears immediately following the bucket name. For information about how to specify this prefix, see [Custom Prefixes for Amazon S3 Objects](https://docs.aws.amazon.com/firehose/latest/dev/s3-prefixes.html). */ errorOutputPrefix?: pulumi.Input; /** * Specifies the KMS key ARN the stream will use to encrypt data. If not set, no encryption will * be used. */ kmsKeyArn?: pulumi.Input; /** * The "YYYY/MM/DD/HH" time format prefix is automatically used for delivered S3 files. You can specify an extra prefix to be added in front of the time format prefix. Note that if the prefix ends with a slash, it appears as a folder in the S3 bucket */ prefix?: pulumi.Input; /** * The ARN of the AWS credentials. */ roleArn: pulumi.Input; } export interface FirehoseDeliveryStreamOpensearchserverlessConfigurationS3ConfigurationCloudwatchLoggingOptions { /** * Enables or disables the logging. Defaults to `false`. */ enabled?: pulumi.Input; /** * The CloudWatch group name for logging. This value is required if `enabled` is true. */ logGroupName?: pulumi.Input; /** * The CloudWatch log stream name for logging. This value is required if `enabled` is true. */ logStreamName?: pulumi.Input; } export interface FirehoseDeliveryStreamOpensearchserverlessConfigurationVpcConfig { /** * The ARN of the IAM role to be assumed by Firehose for calling the Amazon EC2 configuration API and for creating network interfaces. Make sure role has necessary [IAM permissions](https://docs.aws.amazon.com/firehose/latest/dev/controlling-access.html#using-iam-es-vpc) */ roleArn: pulumi.Input; /** * A list of security group IDs to associate with Kinesis Firehose. */ securityGroupIds: pulumi.Input[]>; /** * A list of subnet IDs to associate with Kinesis Firehose. */ subnetIds: pulumi.Input[]>; vpcId?: pulumi.Input; } export interface FirehoseDeliveryStreamRedshiftConfiguration { /** * The CloudWatch Logging Options for the delivery stream. See `cloudwatchLoggingOptions` block below for details. */ cloudwatchLoggingOptions?: pulumi.Input; /** * The jdbcurl of the redshift cluster. */ clusterJdbcurl: pulumi.Input; /** * Copy options for copying the data from the s3 intermediate bucket into redshift, for example to change the default delimiter. For valid values, see the [AWS documentation](http://docs.aws.amazon.com/firehose/latest/APIReference/API_CopyCommand.html) */ copyOptions?: pulumi.Input; /** * The data table columns that will be targeted by the copy command. */ dataTableColumns?: pulumi.Input; /** * The name of the table in the redshift cluster that the s3 bucket will copy to. */ dataTableName: pulumi.Input; /** * The password for the username above. This value is required if `secretsManagerConfiguration` is not provided. */ password?: pulumi.Input; /** * The data processing configuration. See `processingConfiguration` block below for details. */ processingConfiguration?: pulumi.Input; /** * The length of time during which Firehose retries delivery after a failure, starting from the initial request and including the first attempt. The default value is 3600 seconds (60 minutes). Firehose does not retry if the value of DurationInSeconds is 0 (zero) or if the first delivery attempt takes longer than the current value. */ retryDuration?: pulumi.Input; /** * The arn of the role the stream assumes. */ roleArn: pulumi.Input; /** * The configuration for backup in Amazon S3. Required if `s3BackupMode` is `Enabled`. Supports the same fields as `s3Configuration` object. * `secretsManagerConfiguration` - (Optional) The Secrets Manager configuration. See `secretsManagerConfiguration` block below for details. This value is required if `username` and `password` are not provided. */ s3BackupConfiguration?: pulumi.Input; /** * The Amazon S3 backup mode. Valid values are `Disabled` and `Enabled`. Default value is `Disabled`. */ s3BackupMode?: pulumi.Input; /** * The S3 Configuration. See s3Configuration below for details. */ s3Configuration: pulumi.Input; secretsManagerConfiguration?: pulumi.Input; /** * The username that the firehose delivery stream will assume. It is strongly recommended that the username and password provided is used exclusively for Amazon Kinesis Firehose purposes, and that the permissions for the account are restricted for Amazon Redshift INSERT permissions. This value is required if `secretsManagerConfiguration` is not provided. */ username?: pulumi.Input; } export interface FirehoseDeliveryStreamRedshiftConfigurationCloudwatchLoggingOptions { /** * Enables or disables the logging. Defaults to `false`. */ enabled?: pulumi.Input; /** * The CloudWatch group name for logging. This value is required if `enabled` is true. */ logGroupName?: pulumi.Input; /** * The CloudWatch log stream name for logging. This value is required if `enabled` is true. */ logStreamName?: pulumi.Input; } export interface FirehoseDeliveryStreamRedshiftConfigurationProcessingConfiguration { /** * Enables or disables data processing. */ enabled?: pulumi.Input; /** * Specifies the data processors as multiple blocks. See `processors` block below for details. */ processors?: pulumi.Input[]>; } export interface FirehoseDeliveryStreamRedshiftConfigurationProcessingConfigurationProcessor { /** * Specifies the processor parameters as multiple blocks. See `parameters` block below for details. */ parameters?: pulumi.Input[]>; /** * The type of processor. Valid Values: `RecordDeAggregation`, `Lambda`, `MetadataExtraction`, `AppendDelimiterToRecord`, `Decompression`, `CloudWatchLogProcessing`. Validation is done against [AWS SDK constants](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/firehose/types#ProcessorType); so values not explicitly listed may also work. */ type: pulumi.Input; } export interface FirehoseDeliveryStreamRedshiftConfigurationProcessingConfigurationProcessorParameter { /** * Parameter name. Valid Values: `LambdaArn`, `NumberOfRetries`, `MetadataExtractionQuery`, `JsonParsingEngine`, `RoleArn`, `BufferSizeInMBs`, `BufferIntervalInSeconds`, `SubRecordType`, `Delimiter`, `CompressionFormat`, `DataMessageExtraction`. Validation is done against [AWS SDK constants](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/firehose/types#ProcessorParameterName); so values not explicitly listed may also work. */ parameterName: pulumi.Input; /** * Parameter value. Must be between 1 and 512 length (inclusive). When providing a Lambda ARN, you should specify the resource version as well. * * > **NOTE:** Parameters with default values, including `NumberOfRetries`(default: 3), `RoleArn`(default: firehose role ARN), `BufferSizeInMBs`(default: 1), and `BufferIntervalInSeconds`(default: 60), are not stored in Pulumi state. To prevent perpetual differences, it is therefore recommended to only include parameters with non-default values. */ parameterValue: pulumi.Input; } export interface FirehoseDeliveryStreamRedshiftConfigurationS3BackupConfiguration { /** * The ARN of the S3 bucket */ bucketArn: pulumi.Input; bufferingInterval?: pulumi.Input; bufferingSize?: pulumi.Input; cloudwatchLoggingOptions?: pulumi.Input; /** * The compression format. If no value is specified, the default is `UNCOMPRESSED`. Other supported values are `GZIP`, `ZIP`, `Snappy`, & `HADOOP_SNAPPY`. */ compressionFormat?: pulumi.Input; /** * Prefix added to failed records before writing them to S3. Not currently supported for `redshift` destination. This prefix appears immediately following the bucket name. For information about how to specify this prefix, see [Custom Prefixes for Amazon S3 Objects](https://docs.aws.amazon.com/firehose/latest/dev/s3-prefixes.html). */ errorOutputPrefix?: pulumi.Input; /** * Specifies the KMS key ARN the stream will use to encrypt data. If not set, no encryption will * be used. */ kmsKeyArn?: pulumi.Input; /** * The "YYYY/MM/DD/HH" time format prefix is automatically used for delivered S3 files. You can specify an extra prefix to be added in front of the time format prefix. Note that if the prefix ends with a slash, it appears as a folder in the S3 bucket */ prefix?: pulumi.Input; roleArn: pulumi.Input; } export interface FirehoseDeliveryStreamRedshiftConfigurationS3BackupConfigurationCloudwatchLoggingOptions { /** * Enables or disables the logging. Defaults to `false`. */ enabled?: pulumi.Input; /** * The CloudWatch group name for logging. This value is required if `enabled` is true. */ logGroupName?: pulumi.Input; /** * The CloudWatch log stream name for logging. This value is required if `enabled` is true. */ logStreamName?: pulumi.Input; } export interface FirehoseDeliveryStreamRedshiftConfigurationS3Configuration { /** * The ARN of the S3 bucket */ bucketArn: pulumi.Input; /** * Buffer incoming data for the specified period of time, in seconds, before delivering it to the destination. The default value is 300. */ bufferingInterval?: pulumi.Input; /** * Buffer incoming data to the specified size, in MBs, before delivering it to the destination. The default value is 5. * We recommend setting SizeInMBs to a value greater than the amount of data you typically ingest into the delivery stream in 10 seconds. For example, if you typically ingest data at 1 MB/sec set SizeInMBs to be 10 MB or higher. */ bufferingSize?: pulumi.Input; /** * The CloudWatch Logging Options for the delivery stream. See `cloudwatchLoggingOptions` block below for details. */ cloudwatchLoggingOptions?: pulumi.Input; /** * The compression format. If no value is specified, the default is `UNCOMPRESSED`. Other supported values are `GZIP`, `ZIP`, `Snappy`, & `HADOOP_SNAPPY`. */ compressionFormat?: pulumi.Input; /** * Prefix added to failed records before writing them to S3. Not currently supported for `redshift` destination. This prefix appears immediately following the bucket name. For information about how to specify this prefix, see [Custom Prefixes for Amazon S3 Objects](https://docs.aws.amazon.com/firehose/latest/dev/s3-prefixes.html). */ errorOutputPrefix?: pulumi.Input; /** * Specifies the KMS key ARN the stream will use to encrypt data. If not set, no encryption will * be used. */ kmsKeyArn?: pulumi.Input; /** * The "YYYY/MM/DD/HH" time format prefix is automatically used for delivered S3 files. You can specify an extra prefix to be added in front of the time format prefix. Note that if the prefix ends with a slash, it appears as a folder in the S3 bucket */ prefix?: pulumi.Input; /** * The ARN of the AWS credentials. */ roleArn: pulumi.Input; } export interface FirehoseDeliveryStreamRedshiftConfigurationS3ConfigurationCloudwatchLoggingOptions { /** * Enables or disables the logging. Defaults to `false`. */ enabled?: pulumi.Input; /** * The CloudWatch group name for logging. This value is required if `enabled` is true. */ logGroupName?: pulumi.Input; /** * The CloudWatch log stream name for logging. This value is required if `enabled` is true. */ logStreamName?: pulumi.Input; } export interface FirehoseDeliveryStreamRedshiftConfigurationSecretsManagerConfiguration { /** * Enables or disables the Secrets Manager configuration. */ enabled?: pulumi.Input; /** * The ARN of the role the stream assumes. */ roleArn?: pulumi.Input; /** * The ARN of the Secrets Manager secret. This value is required if `enabled` is true. */ secretArn?: pulumi.Input; } export interface FirehoseDeliveryStreamServerSideEncryption { /** * Whether to enable encryption at rest. Default is `false`. */ enabled?: pulumi.Input; /** * Amazon Resource Name (ARN) of the encryption key. Required when `keyType` is `CUSTOMER_MANAGED_CMK`. */ keyArn?: pulumi.Input; /** * Type of encryption key. Default is `AWS_OWNED_CMK`. Valid values are `AWS_OWNED_CMK` and `CUSTOMER_MANAGED_CMK` */ keyType?: pulumi.Input; } export interface FirehoseDeliveryStreamSnowflakeConfiguration { /** * The URL of the Snowflake account. Format: https://[accountIdentifier].snowflakecomputing.com. */ accountUrl: pulumi.Input; /** * Buffer incoming data for the specified period of time, in seconds between 0 to 900, before delivering it to the destination. The default value is 0s. */ bufferingInterval?: pulumi.Input; /** * Buffer incoming data to the specified size, in MBs between 1 to 128, before delivering it to the destination. The default value is 1MB. */ bufferingSize?: pulumi.Input; /** * The CloudWatch Logging Options for the delivery stream. See `cloudwatchLoggingOptions` block below for details. */ cloudwatchLoggingOptions?: pulumi.Input; /** * The name of the content column. */ contentColumnName?: pulumi.Input; /** * The data loading option. */ dataLoadingOption?: pulumi.Input; /** * The Snowflake database name. */ database: pulumi.Input; /** * The passphrase for the private key. */ keyPassphrase?: pulumi.Input; /** * The name of the metadata column. */ metadataColumnName?: pulumi.Input; /** * The private key for authentication. This value is required if `secretsManagerConfiguration` is not provided. */ privateKey?: pulumi.Input; /** * The processing configuration. See `processingConfiguration` block below for details. */ processingConfiguration?: pulumi.Input; /** * After an initial failure to deliver to Snowflake, the total amount of time, in seconds between 0 to 7200, during which Firehose re-attempts delivery (including the first attempt). After this time has elapsed, the failed documents are written to Amazon S3. The default value is 60s. There will be no retry if the value is 0. */ retryDuration?: pulumi.Input; /** * The ARN of the IAM role. */ roleArn: pulumi.Input; /** * The S3 backup mode. */ s3BackupMode?: pulumi.Input; /** * The S3 configuration. See `s3Configuration` block below for details. */ s3Configuration: pulumi.Input; /** * The Snowflake schema name. */ schema: pulumi.Input; /** * The Secrets Manager configuration. See `secretsManagerConfiguration` block below for details. This value is required if `user` and `privateKey` are not provided. */ secretsManagerConfiguration?: pulumi.Input; /** * The configuration for Snowflake role. */ snowflakeRoleConfiguration?: pulumi.Input; /** * The VPC configuration for Snowflake. */ snowflakeVpcConfiguration?: pulumi.Input; /** * The Snowflake table name. */ table: pulumi.Input; /** * The user for authentication. This value is required if `secretsManagerConfiguration` is not provided. */ user?: pulumi.Input; } export interface FirehoseDeliveryStreamSnowflakeConfigurationCloudwatchLoggingOptions { /** * Enables or disables the logging. Defaults to `false`. */ enabled?: pulumi.Input; /** * The CloudWatch group name for logging. This value is required if `enabled` is true. */ logGroupName?: pulumi.Input; /** * The CloudWatch log stream name for logging. This value is required if `enabled` is true. */ logStreamName?: pulumi.Input; } export interface FirehoseDeliveryStreamSnowflakeConfigurationProcessingConfiguration { /** * Enables or disables data processing. */ enabled?: pulumi.Input; /** * Specifies the data processors as multiple blocks. See `processors` block below for details. */ processors?: pulumi.Input[]>; } export interface FirehoseDeliveryStreamSnowflakeConfigurationProcessingConfigurationProcessor { /** * Specifies the processor parameters as multiple blocks. See `parameters` block below for details. */ parameters?: pulumi.Input[]>; /** * The type of processor. Valid Values: `RecordDeAggregation`, `Lambda`, `MetadataExtraction`, `AppendDelimiterToRecord`, `Decompression`, `CloudWatchLogProcessing`. Validation is done against [AWS SDK constants](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/firehose/types#ProcessorType); so values not explicitly listed may also work. */ type: pulumi.Input; } export interface FirehoseDeliveryStreamSnowflakeConfigurationProcessingConfigurationProcessorParameter { /** * Parameter name. Valid Values: `LambdaArn`, `NumberOfRetries`, `MetadataExtractionQuery`, `JsonParsingEngine`, `RoleArn`, `BufferSizeInMBs`, `BufferIntervalInSeconds`, `SubRecordType`, `Delimiter`, `CompressionFormat`, `DataMessageExtraction`. Validation is done against [AWS SDK constants](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/firehose/types#ProcessorParameterName); so values not explicitly listed may also work. */ parameterName: pulumi.Input; /** * Parameter value. Must be between 1 and 512 length (inclusive). When providing a Lambda ARN, you should specify the resource version as well. * * > **NOTE:** Parameters with default values, including `NumberOfRetries`(default: 3), `RoleArn`(default: firehose role ARN), `BufferSizeInMBs`(default: 1), and `BufferIntervalInSeconds`(default: 60), are not stored in Pulumi state. To prevent perpetual differences, it is therefore recommended to only include parameters with non-default values. */ parameterValue: pulumi.Input; } export interface FirehoseDeliveryStreamSnowflakeConfigurationS3Configuration { /** * The ARN of the S3 bucket */ bucketArn: pulumi.Input; /** * Buffer incoming data for the specified period of time, in seconds, before delivering it to the destination. The default value is 300. */ bufferingInterval?: pulumi.Input; /** * Buffer incoming data to the specified size, in MBs, before delivering it to the destination. The default value is 5. * We recommend setting SizeInMBs to a value greater than the amount of data you typically ingest into the delivery stream in 10 seconds. For example, if you typically ingest data at 1 MB/sec set SizeInMBs to be 10 MB or higher. */ bufferingSize?: pulumi.Input; /** * The CloudWatch Logging Options for the delivery stream. See `cloudwatchLoggingOptions` block below for details. */ cloudwatchLoggingOptions?: pulumi.Input; /** * The compression format. If no value is specified, the default is `UNCOMPRESSED`. Other supported values are `GZIP`, `ZIP`, `Snappy`, & `HADOOP_SNAPPY`. */ compressionFormat?: pulumi.Input; /** * Prefix added to failed records before writing them to S3. Not currently supported for `redshift` destination. This prefix appears immediately following the bucket name. For information about how to specify this prefix, see [Custom Prefixes for Amazon S3 Objects](https://docs.aws.amazon.com/firehose/latest/dev/s3-prefixes.html). */ errorOutputPrefix?: pulumi.Input; /** * Specifies the KMS key ARN the stream will use to encrypt data. If not set, no encryption will * be used. */ kmsKeyArn?: pulumi.Input; /** * The "YYYY/MM/DD/HH" time format prefix is automatically used for delivered S3 files. You can specify an extra prefix to be added in front of the time format prefix. Note that if the prefix ends with a slash, it appears as a folder in the S3 bucket */ prefix?: pulumi.Input; /** * The ARN of the AWS credentials. */ roleArn: pulumi.Input; } export interface FirehoseDeliveryStreamSnowflakeConfigurationS3ConfigurationCloudwatchLoggingOptions { /** * Enables or disables the logging. Defaults to `false`. */ enabled?: pulumi.Input; /** * The CloudWatch group name for logging. This value is required if `enabled` is true. */ logGroupName?: pulumi.Input; /** * The CloudWatch log stream name for logging. This value is required if `enabled` is true. */ logStreamName?: pulumi.Input; } export interface FirehoseDeliveryStreamSnowflakeConfigurationSecretsManagerConfiguration { /** * Enables or disables the Secrets Manager configuration. */ enabled?: pulumi.Input; /** * The ARN of the role the stream assumes. */ roleArn?: pulumi.Input; /** * The ARN of the Secrets Manager secret. This value is required if `enabled` is true. */ secretArn?: pulumi.Input; } export interface FirehoseDeliveryStreamSnowflakeConfigurationSnowflakeRoleConfiguration { /** * Whether the Snowflake role is enabled. */ enabled?: pulumi.Input; /** * The Snowflake role. */ snowflakeRole?: pulumi.Input; } export interface FirehoseDeliveryStreamSnowflakeConfigurationSnowflakeVpcConfiguration { /** * The VPCE ID for Firehose to privately connect with Snowflake. */ privateLinkVpceId: pulumi.Input; } export interface FirehoseDeliveryStreamSplunkConfiguration { /** * Buffer incoming data for the specified period of time, in seconds between 0 to 60, before delivering it to the destination. The default value is 60s. */ bufferingInterval?: pulumi.Input; /** * Buffer incoming data to the specified size, in MBs between 1 to 5, before delivering it to the destination. The default value is 5MB. */ bufferingSize?: pulumi.Input; /** * The CloudWatch Logging Options for the delivery stream. See `cloudwatchLoggingOptions` block below for details. */ cloudwatchLoggingOptions?: pulumi.Input; /** * The amount of time, in seconds between 180 and 600, that Kinesis Firehose waits to receive an acknowledgment from Splunk after it sends it data. */ hecAcknowledgmentTimeout?: pulumi.Input; /** * The HTTP Event Collector (HEC) endpoint to which Kinesis Firehose sends your data. */ hecEndpoint: pulumi.Input; /** * The HEC endpoint type. Valid values are `Raw` or `Event`. The default value is `Raw`. */ hecEndpointType?: pulumi.Input; /** * The GUID that you obtain from your Splunk cluster when you create a new HEC endpoint. This value is required if `secretsManagerConfiguration` is not provided. */ hecToken?: pulumi.Input; /** * The data processing configuration. See `processingConfiguration` block below for details. */ processingConfiguration?: pulumi.Input; /** * After an initial failure to deliver to Splunk, the total amount of time, in seconds between 0 to 7200, during which Firehose re-attempts delivery (including the first attempt). After this time has elapsed, the failed documents are written to Amazon S3. The default value is 300s. There will be no retry if the value is 0. */ retryDuration?: pulumi.Input; /** * Defines how documents should be delivered to Amazon S3. Valid values are `FailedEventsOnly` and `AllEvents`. Default value is `FailedEventsOnly`. * `secretsManagerConfiguration` - (Optional) The Secrets Manager configuration. See `secretsManagerConfiguration` block below for details. This value is required if `hecToken` is not provided. */ s3BackupMode?: pulumi.Input; /** * The S3 Configuration. See `s3Configuration` block below for details. */ s3Configuration: pulumi.Input; secretsManagerConfiguration?: pulumi.Input; } export interface FirehoseDeliveryStreamSplunkConfigurationCloudwatchLoggingOptions { /** * Enables or disables the logging. Defaults to `false`. */ enabled?: pulumi.Input; /** * The CloudWatch group name for logging. This value is required if `enabled` is true. */ logGroupName?: pulumi.Input; /** * The CloudWatch log stream name for logging. This value is required if `enabled` is true. */ logStreamName?: pulumi.Input; } export interface FirehoseDeliveryStreamSplunkConfigurationProcessingConfiguration { /** * Enables or disables data processing. */ enabled?: pulumi.Input; /** * Specifies the data processors as multiple blocks. See `processors` block below for details. */ processors?: pulumi.Input[]>; } export interface FirehoseDeliveryStreamSplunkConfigurationProcessingConfigurationProcessor { /** * Specifies the processor parameters as multiple blocks. See `parameters` block below for details. */ parameters?: pulumi.Input[]>; /** * The type of processor. Valid Values: `RecordDeAggregation`, `Lambda`, `MetadataExtraction`, `AppendDelimiterToRecord`, `Decompression`, `CloudWatchLogProcessing`. Validation is done against [AWS SDK constants](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/firehose/types#ProcessorType); so values not explicitly listed may also work. */ type: pulumi.Input; } export interface FirehoseDeliveryStreamSplunkConfigurationProcessingConfigurationProcessorParameter { /** * Parameter name. Valid Values: `LambdaArn`, `NumberOfRetries`, `MetadataExtractionQuery`, `JsonParsingEngine`, `RoleArn`, `BufferSizeInMBs`, `BufferIntervalInSeconds`, `SubRecordType`, `Delimiter`, `CompressionFormat`, `DataMessageExtraction`. Validation is done against [AWS SDK constants](https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/firehose/types#ProcessorParameterName); so values not explicitly listed may also work. */ parameterName: pulumi.Input; /** * Parameter value. Must be between 1 and 512 length (inclusive). When providing a Lambda ARN, you should specify the resource version as well. * * > **NOTE:** Parameters with default values, including `NumberOfRetries`(default: 3), `RoleArn`(default: firehose role ARN), `BufferSizeInMBs`(default: 1), and `BufferIntervalInSeconds`(default: 60), are not stored in Pulumi state. To prevent perpetual differences, it is therefore recommended to only include parameters with non-default values. */ parameterValue: pulumi.Input; } export interface FirehoseDeliveryStreamSplunkConfigurationS3Configuration { /** * The ARN of the S3 bucket */ bucketArn: pulumi.Input; /** * Buffer incoming data for the specified period of time, in seconds, before delivering it to the destination. The default value is 300. */ bufferingInterval?: pulumi.Input; /** * Buffer incoming data to the specified size, in MBs, before delivering it to the destination. The default value is 5. * We recommend setting SizeInMBs to a value greater than the amount of data you typically ingest into the delivery stream in 10 seconds. For example, if you typically ingest data at 1 MB/sec set SizeInMBs to be 10 MB or higher. */ bufferingSize?: pulumi.Input; /** * The CloudWatch Logging Options for the delivery stream. See `cloudwatchLoggingOptions` block below for details. */ cloudwatchLoggingOptions?: pulumi.Input; /** * The compression format. If no value is specified, the default is `UNCOMPRESSED`. Other supported values are `GZIP`, `ZIP`, `Snappy`, & `HADOOP_SNAPPY`. */ compressionFormat?: pulumi.Input; /** * Prefix added to failed records before writing them to S3. Not currently supported for `redshift` destination. This prefix appears immediately following the bucket name. For information about how to specify this prefix, see [Custom Prefixes for Amazon S3 Objects](https://docs.aws.amazon.com/firehose/latest/dev/s3-prefixes.html). */ errorOutputPrefix?: pulumi.Input; /** * Specifies the KMS key ARN the stream will use to encrypt data. If not set, no encryption will * be used. */ kmsKeyArn?: pulumi.Input; /** * The "YYYY/MM/DD/HH" time format prefix is automatically used for delivered S3 files. You can specify an extra prefix to be added in front of the time format prefix. Note that if the prefix ends with a slash, it appears as a folder in the S3 bucket */ prefix?: pulumi.Input; /** * The ARN of the AWS credentials. */ roleArn: pulumi.Input; } export interface FirehoseDeliveryStreamSplunkConfigurationS3ConfigurationCloudwatchLoggingOptions { /** * Enables or disables the logging. Defaults to `false`. */ enabled?: pulumi.Input; /** * The CloudWatch group name for logging. This value is required if `enabled` is true. */ logGroupName?: pulumi.Input; /** * The CloudWatch log stream name for logging. This value is required if `enabled` is true. */ logStreamName?: pulumi.Input; } export interface FirehoseDeliveryStreamSplunkConfigurationSecretsManagerConfiguration { /** * Enables or disables the Secrets Manager configuration. */ enabled?: pulumi.Input; /** * The ARN of the role the stream assumes. */ roleArn?: pulumi.Input; /** * The ARN of the Secrets Manager secret. This value is required if `enabled` is true. */ secretArn?: pulumi.Input; } export interface StreamStreamModeDetails { /** * Specifies the capacity mode of the stream. Must be either `PROVISIONED` or `ON_DEMAND`. */ streamMode: pulumi.Input; } } export namespace kinesisanalyticsv2 { export interface ApplicationApplicationConfiguration { /** * The code location and type parameters for the application. */ applicationCodeConfiguration: pulumi.Input; /** * The encryption configuration for the application. This can be used to encrypt data at rest in the application. */ applicationEncryptionConfiguration?: pulumi.Input; /** * Describes whether snapshots are enabled for a Flink-based application. */ applicationSnapshotConfiguration?: pulumi.Input; /** * Describes execution properties for a Flink-based application. */ environmentProperties?: pulumi.Input; /** * The configuration of a Flink-based application. */ flinkApplicationConfiguration?: pulumi.Input; /** * Describes the starting properties for a Flink-based application. */ runConfiguration?: pulumi.Input; /** * The configuration of a SQL-based application. */ sqlApplicationConfiguration?: pulumi.Input; /** * The VPC configuration of a Flink-based application. */ vpcConfiguration?: pulumi.Input; } export interface ApplicationApplicationConfigurationApplicationCodeConfiguration { /** * The location and type of the application code. */ codeContent?: pulumi.Input; /** * Specifies whether the code content is in text or zip format. Valid values: `PLAINTEXT`, `ZIPFILE`. */ codeContentType: pulumi.Input; } export interface ApplicationApplicationConfigurationApplicationCodeConfigurationCodeContent { /** * Information about the Amazon S3 bucket containing the application code. */ s3ContentLocation?: pulumi.Input; /** * The text-format code for the application. */ textContent?: pulumi.Input; } export interface ApplicationApplicationConfigurationApplicationCodeConfigurationCodeContentS3ContentLocation { /** * The ARN for the S3 bucket containing the application code. */ bucketArn: pulumi.Input; /** * The file key for the object containing the application code. */ fileKey: pulumi.Input; /** * The version of the object containing the application code. */ objectVersion?: pulumi.Input; } export interface ApplicationApplicationConfigurationApplicationEncryptionConfiguration { /** * The ARN of the KMS key to use for encryption. Required when `keyType` is set to `CUSTOMER_MANAGED_KEY`. The KMS key must be in the same region as the application. */ keyId?: pulumi.Input; /** * The type of encryption key to use. Valid values: `CUSTOMER_MANAGED_KEY`, `AWS_OWNED_KEY`. */ keyType: pulumi.Input; } export interface ApplicationApplicationConfigurationApplicationSnapshotConfiguration { /** * Describes whether snapshots are enabled for a Flink-based Kinesis Data Analytics application. */ snapshotsEnabled: pulumi.Input; } export interface ApplicationApplicationConfigurationEnvironmentProperties { /** * Describes the execution property groups. */ propertyGroups: pulumi.Input[]>; } export interface ApplicationApplicationConfigurationEnvironmentPropertiesPropertyGroup { /** * The key of the application execution property key-value map. */ propertyGroupId: pulumi.Input; /** * Application execution property key-value map. */ propertyMap: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface ApplicationApplicationConfigurationFlinkApplicationConfiguration { /** * Describes an application's checkpointing configuration. */ checkpointConfiguration?: pulumi.Input; /** * Describes configuration parameters for CloudWatch logging for an application. */ monitoringConfiguration?: pulumi.Input; /** * Describes parameters for how an application executes multiple tasks simultaneously. */ parallelismConfiguration?: pulumi.Input; } export interface ApplicationApplicationConfigurationFlinkApplicationConfigurationCheckpointConfiguration { /** * Describes the interval in milliseconds between checkpoint operations. */ checkpointInterval?: pulumi.Input; /** * Describes whether checkpointing is enabled for a Flink-based Kinesis Data Analytics application. */ checkpointingEnabled?: pulumi.Input; /** * Describes whether the application uses Kinesis Data Analytics' default checkpointing behavior. Valid values: `CUSTOM`, `DEFAULT`. Set this attribute to `CUSTOM` in order for any specified `checkpointingEnabled`, `checkpointInterval`, or `minPauseBetweenCheckpoints` attribute values to be effective. If this attribute is set to `DEFAULT`, the application will always use the following values: * * `checkpointingEnabled = true` * * `checkpointInterval = 60000` * * `minPauseBetweenCheckpoints = 5000` */ configurationType: pulumi.Input; /** * Describes the minimum time in milliseconds after a checkpoint operation completes that a new checkpoint operation can start. */ minPauseBetweenCheckpoints?: pulumi.Input; } export interface ApplicationApplicationConfigurationFlinkApplicationConfigurationMonitoringConfiguration { /** * Describes whether to use the default CloudWatch logging configuration for an application. Valid values: `CUSTOM`, `DEFAULT`. Set this attribute to `CUSTOM` in order for any specified `logLevel` or `metricsLevel` attribute values to be effective. */ configurationType: pulumi.Input; /** * Describes the verbosity of the CloudWatch Logs for an application. Valid values: `DEBUG`, `ERROR`, `INFO`, `WARN`. */ logLevel?: pulumi.Input; /** * Describes the granularity of the CloudWatch Logs for an application. Valid values: `APPLICATION`, `OPERATOR`, `PARALLELISM`, `TASK`. */ metricsLevel?: pulumi.Input; } export interface ApplicationApplicationConfigurationFlinkApplicationConfigurationParallelismConfiguration { /** * Describes whether the Kinesis Data Analytics service can increase the parallelism of the application in response to increased throughput. */ autoScalingEnabled?: pulumi.Input; /** * Describes whether the application uses the default parallelism for the Kinesis Data Analytics service. Valid values: `CUSTOM`, `DEFAULT`. Set this attribute to `CUSTOM` in order for any specified `autoScalingEnabled`, `parallelism`, or `parallelismPerKpu` attribute values to be effective. */ configurationType: pulumi.Input; /** * Describes the initial number of parallel tasks that a Flink-based Kinesis Data Analytics application can perform. */ parallelism?: pulumi.Input; /** * Describes the number of parallel tasks that a Flink-based Kinesis Data Analytics application can perform per Kinesis Processing Unit (KPU) used by the application. */ parallelismPerKpu?: pulumi.Input; } export interface ApplicationApplicationConfigurationRunConfiguration { /** * The restore behavior of a restarting application. */ applicationRestoreConfiguration?: pulumi.Input; /** * The starting parameters for a Flink-based Kinesis Data Analytics application. */ flinkRunConfiguration?: pulumi.Input; } export interface ApplicationApplicationConfigurationRunConfigurationApplicationRestoreConfiguration { /** * Specifies how the application should be restored. Valid values: `RESTORE_FROM_CUSTOM_SNAPSHOT`, `RESTORE_FROM_LATEST_SNAPSHOT`, `SKIP_RESTORE_FROM_SNAPSHOT`. */ applicationRestoreType?: pulumi.Input; /** * The identifier of an existing snapshot of application state to use to restart an application. The application uses this value if `RESTORE_FROM_CUSTOM_SNAPSHOT` is specified for `applicationRestoreType`. */ snapshotName?: pulumi.Input; } export interface ApplicationApplicationConfigurationRunConfigurationFlinkRunConfiguration { /** * When restoring from a snapshot, specifies whether the runtime is allowed to skip a state that cannot be mapped to the new program. Default is `false`. */ allowNonRestoredState?: pulumi.Input; } export interface ApplicationApplicationConfigurationSqlApplicationConfiguration { /** * The input stream used by the application. */ input?: pulumi.Input; /** * The destination streams used by the application. */ outputs?: pulumi.Input[]>; /** * The reference data source used by the application. */ referenceDataSource?: pulumi.Input; } export interface ApplicationApplicationConfigurationSqlApplicationConfigurationInput { inAppStreamNames?: pulumi.Input[]>; inputId?: pulumi.Input; /** * Describes the number of in-application streams to create. */ inputParallelism?: pulumi.Input; /** * The input processing configuration for the input. * An input processor transforms records as they are received from the stream, before the application's SQL code executes. */ inputProcessingConfiguration?: pulumi.Input; /** * Describes the format of the data in the streaming source, and how each data element maps to corresponding columns in the in-application stream that is being created. */ inputSchema: pulumi.Input; /** * The point at which the application starts processing records from the streaming source. */ inputStartingPositionConfigurations?: pulumi.Input[]>; /** * If the streaming source is a Kinesis Data Firehose delivery stream, identifies the delivery stream's ARN. */ kinesisFirehoseInput?: pulumi.Input; /** * If the streaming source is a Kinesis data stream, identifies the stream's Amazon Resource Name (ARN). */ kinesisStreamsInput?: pulumi.Input; /** * The name prefix to use when creating an in-application stream. */ namePrefix: pulumi.Input; } export interface ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputParallelism { /** * The number of in-application streams to create. */ count?: pulumi.Input; } export interface ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputProcessingConfiguration { /** * Describes the Lambda function that is used to preprocess the records in the stream before being processed by your application code. */ inputLambdaProcessor: pulumi.Input; } export interface ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputProcessingConfigurationInputLambdaProcessor { /** * The ARN of the Lambda function that operates on records in the stream. */ resourceArn: pulumi.Input; } export interface ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputSchema { /** * Describes the mapping of each data element in the streaming source to the corresponding column in the in-application stream. */ recordColumns: pulumi.Input[]>; /** * Specifies the encoding of the records in the streaming source. For example, `UTF-8`. */ recordEncoding?: pulumi.Input; /** * Specifies the format of the records on the streaming source. */ recordFormat: pulumi.Input; } export interface ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputSchemaRecordColumn { /** * A reference to the data element in the streaming input or the reference data source. */ mapping?: pulumi.Input; /** * The name of the column that is created in the in-application input stream or reference table. */ name: pulumi.Input; /** * The type of column created in the in-application input stream or reference table. */ sqlType: pulumi.Input; } export interface ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputSchemaRecordFormat { /** * Provides additional mapping information specific to the record format (such as JSON, CSV, or record fields delimited by some delimiter) on the streaming source. */ mappingParameters: pulumi.Input; /** * The type of record format. Valid values: `CSV`, `JSON`. */ recordFormatType: pulumi.Input; } export interface ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputSchemaRecordFormatMappingParameters { /** * Provides additional mapping information when the record format uses delimiters (for example, CSV). */ csvMappingParameters?: pulumi.Input; /** * Provides additional mapping information when JSON is the record format on the streaming source. */ jsonMappingParameters?: pulumi.Input; } export interface ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputSchemaRecordFormatMappingParametersCsvMappingParameters { /** * The column delimiter. For example, in a CSV format, a comma (`,`) is the typical column delimiter. */ recordColumnDelimiter: pulumi.Input; /** * The row delimiter. For example, in a CSV format, `\n` is the typical row delimiter. */ recordRowDelimiter: pulumi.Input; } export interface ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputSchemaRecordFormatMappingParametersJsonMappingParameters { /** * The path to the top-level parent that contains the records. */ recordRowPath: pulumi.Input; } export interface ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputStartingPositionConfiguration { /** * The starting position on the stream. Valid values: `LAST_STOPPED_POINT`, `NOW`, `TRIM_HORIZON`. */ inputStartingPosition?: pulumi.Input; } export interface ApplicationApplicationConfigurationSqlApplicationConfigurationInputKinesisFirehoseInput { /** * The ARN of the delivery stream. */ resourceArn: pulumi.Input; } export interface ApplicationApplicationConfigurationSqlApplicationConfigurationInputKinesisStreamsInput { /** * The ARN of the input Kinesis data stream to read. */ resourceArn: pulumi.Input; } export interface ApplicationApplicationConfigurationSqlApplicationConfigurationOutput { /** * Describes the data format when records are written to the destination. */ destinationSchema: pulumi.Input; /** * Identifies a Kinesis Data Firehose delivery stream as the destination. */ kinesisFirehoseOutput?: pulumi.Input; /** * Identifies a Kinesis data stream as the destination. */ kinesisStreamsOutput?: pulumi.Input; /** * Identifies a Lambda function as the destination. */ lambdaOutput?: pulumi.Input; /** * The name of the in-application stream. */ name: pulumi.Input; outputId?: pulumi.Input; } export interface ApplicationApplicationConfigurationSqlApplicationConfigurationOutputDestinationSchema { /** * Specifies the format of the records on the output stream. Valid values: `CSV`, `JSON`. */ recordFormatType: pulumi.Input; } export interface ApplicationApplicationConfigurationSqlApplicationConfigurationOutputKinesisFirehoseOutput { /** * The ARN of the destination delivery stream to write to. */ resourceArn: pulumi.Input; } export interface ApplicationApplicationConfigurationSqlApplicationConfigurationOutputKinesisStreamsOutput { /** * The ARN of the destination Kinesis data stream to write to. */ resourceArn: pulumi.Input; } export interface ApplicationApplicationConfigurationSqlApplicationConfigurationOutputLambdaOutput { /** * The ARN of the destination Lambda function to write to. */ resourceArn: pulumi.Input; } export interface ApplicationApplicationConfigurationSqlApplicationConfigurationReferenceDataSource { referenceId?: pulumi.Input; /** * Describes the format of the data in the streaming source, and how each data element maps to corresponding columns created in the in-application stream. */ referenceSchema: pulumi.Input; /** * Identifies the S3 bucket and object that contains the reference data. */ s3ReferenceDataSource: pulumi.Input; /** * The name of the in-application table to create. */ tableName: pulumi.Input; } export interface ApplicationApplicationConfigurationSqlApplicationConfigurationReferenceDataSourceReferenceSchema { /** * Describes the mapping of each data element in the streaming source to the corresponding column in the in-application stream. */ recordColumns: pulumi.Input[]>; /** * Specifies the encoding of the records in the streaming source. For example, `UTF-8`. */ recordEncoding?: pulumi.Input; /** * Specifies the format of the records on the streaming source. */ recordFormat: pulumi.Input; } export interface ApplicationApplicationConfigurationSqlApplicationConfigurationReferenceDataSourceReferenceSchemaRecordColumn { /** * A reference to the data element in the streaming input or the reference data source. */ mapping?: pulumi.Input; /** * The name of the column that is created in the in-application input stream or reference table. */ name: pulumi.Input; /** * The type of column created in the in-application input stream or reference table. */ sqlType: pulumi.Input; } export interface ApplicationApplicationConfigurationSqlApplicationConfigurationReferenceDataSourceReferenceSchemaRecordFormat { /** * Provides additional mapping information specific to the record format (such as JSON, CSV, or record fields delimited by some delimiter) on the streaming source. */ mappingParameters: pulumi.Input; /** * The type of record format. Valid values: `CSV`, `JSON`. */ recordFormatType: pulumi.Input; } export interface ApplicationApplicationConfigurationSqlApplicationConfigurationReferenceDataSourceReferenceSchemaRecordFormatMappingParameters { /** * Provides additional mapping information when the record format uses delimiters (for example, CSV). */ csvMappingParameters?: pulumi.Input; /** * Provides additional mapping information when JSON is the record format on the streaming source. */ jsonMappingParameters?: pulumi.Input; } export interface ApplicationApplicationConfigurationSqlApplicationConfigurationReferenceDataSourceReferenceSchemaRecordFormatMappingParametersCsvMappingParameters { /** * The column delimiter. For example, in a CSV format, a comma (`,`) is the typical column delimiter. */ recordColumnDelimiter: pulumi.Input; /** * The row delimiter. For example, in a CSV format, `\n` is the typical row delimiter. */ recordRowDelimiter: pulumi.Input; } export interface ApplicationApplicationConfigurationSqlApplicationConfigurationReferenceDataSourceReferenceSchemaRecordFormatMappingParametersJsonMappingParameters { /** * The path to the top-level parent that contains the records. */ recordRowPath: pulumi.Input; } export interface ApplicationApplicationConfigurationSqlApplicationConfigurationReferenceDataSourceS3ReferenceDataSource { /** * The ARN of the S3 bucket. */ bucketArn: pulumi.Input; /** * The object key name containing the reference data. */ fileKey: pulumi.Input; } export interface ApplicationApplicationConfigurationVpcConfiguration { /** * The Security Group IDs used by the VPC configuration. */ securityGroupIds: pulumi.Input[]>; /** * The Subnet IDs used by the VPC configuration. */ subnetIds: pulumi.Input[]>; vpcConfigurationId?: pulumi.Input; vpcId?: pulumi.Input; } export interface ApplicationCloudwatchLoggingOptions { cloudwatchLoggingOptionId?: pulumi.Input; /** * The ARN of the CloudWatch log stream to receive application messages. */ logStreamArn: pulumi.Input; } } export namespace kms { export interface CustomKeyStoreXksProxyAuthenticationCredential { /** * A unique identifier for the raw secret access key. */ accessKeyId: pulumi.Input; /** * A secret string of 43-64 characters. */ rawSecretAccessKey: pulumi.Input; } export interface GetSecretSecret { context?: {[key: string]: string}; grantTokens?: string[]; name: string; payload: string; } export interface GetSecretSecretArgs { context?: pulumi.Input<{[key: string]: pulumi.Input}>; grantTokens?: pulumi.Input[]>; name: pulumi.Input; payload: pulumi.Input; } export interface GetSecretsSecret { /** * An optional mapping that makes up the Encryption Context for the secret. */ context?: {[key: string]: string}; /** * The encryption algorithm that will be used to decrypt the ciphertext. This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key. Valid Values: SYMMETRIC_DEFAULT | RSAES_OAEP_SHA_1 | RSAES_OAEP_SHA_256 | SM2PKE */ encryptionAlgorithm?: string; /** * An optional list of Grant Tokens for the secret. */ grantTokens?: string[]; /** * Specifies the KMS key that AWS KMS uses to decrypt the ciphertext. This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key. * * For more information on `context` and `grantTokens` see the [KMS * Concepts](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html) */ keyId?: string; /** * Name to export this secret under in the attributes. */ name: string; /** * Base64 encoded payload, as returned from a KMS encrypt operation. */ payload: string; } export interface GetSecretsSecretArgs { /** * An optional mapping that makes up the Encryption Context for the secret. */ context?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * The encryption algorithm that will be used to decrypt the ciphertext. This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key. Valid Values: SYMMETRIC_DEFAULT | RSAES_OAEP_SHA_1 | RSAES_OAEP_SHA_256 | SM2PKE */ encryptionAlgorithm?: pulumi.Input; /** * An optional list of Grant Tokens for the secret. */ grantTokens?: pulumi.Input[]>; /** * Specifies the KMS key that AWS KMS uses to decrypt the ciphertext. This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key. * * For more information on `context` and `grantTokens` see the [KMS * Concepts](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html) */ keyId?: pulumi.Input; /** * Name to export this secret under in the attributes. */ name: pulumi.Input; /** * Base64 encoded payload, as returned from a KMS encrypt operation. */ payload: pulumi.Input; } export interface GrantConstraint { /** * A list of key-value pairs that must match the encryption context in subsequent cryptographic operation requests. The grant allows the operation only when the encryption context in the request is the same as the encryption context specified in this constraint. Conflicts with `encryptionContextSubset`. */ encryptionContextEquals?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * A list of key-value pairs that must be included in the encryption context of subsequent cryptographic operation requests. The grant allows the cryptographic operation only when the encryption context in the request includes the key-value pairs specified in this constraint, although it can include additional key-value pairs. Conflicts with `encryptionContextEquals`. */ encryptionContextSubset?: pulumi.Input<{[key: string]: pulumi.Input}>; } } export namespace lakeformation { export interface DataCellsFilterTableData { /** * A list of column names and/or nested column attributes. */ columnNames?: pulumi.Input[]>; /** * A wildcard with exclusions. See Column Wildcard below for details. */ columnWildcard?: pulumi.Input; /** * The name of the database. */ databaseName: pulumi.Input; /** * The name of the data cells filter. */ name: pulumi.Input; /** * A PartiQL predicate. See Row Filter below for details. */ rowFilter: pulumi.Input; /** * The ID of the Data Catalog. */ tableCatalogId: pulumi.Input; /** * The name of the table. */ tableName: pulumi.Input; /** * ID of the data cells filter version. */ versionId?: pulumi.Input; } export interface DataCellsFilterTableDataColumnWildcard { /** * (Optional) Excludes column names. Any column with this name will be excluded. */ excludedColumnNames?: pulumi.Input[]>; } export interface DataCellsFilterTableDataRowFilter { /** * (Optional) A wildcard that matches all rows. */ allRowsWildcard?: pulumi.Input; /** * (Optional) A filter expression. */ filterExpression?: pulumi.Input; } export interface DataCellsFilterTableDataRowFilterAllRowsWildcard { } export interface DataCellsFilterTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; } export interface DataLakeSettingsCreateDatabaseDefaultPermission { /** * List of permissions that are granted to the principal. Valid values may include `ALL`, `SELECT`, `ALTER`, `DROP`, `DELETE`, `INSERT`, `DESCRIBE`, and `CREATE_TABLE`. For more details, see [Lake Formation Permissions Reference](https://docs.aws.amazon.com/lake-formation/latest/dg/lf-permissions-reference.html). */ permissions?: pulumi.Input[]>; /** * Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set `principal` to `IAM_ALLOWED_PRINCIPALS` and `permissions` to `["ALL"]`. */ principal?: pulumi.Input; } export interface DataLakeSettingsCreateTableDefaultPermission { /** * List of permissions that are granted to the principal. Valid values may include `ALL`, `SELECT`, `ALTER`, `DROP`, `DELETE`, `INSERT`, and `DESCRIBE`. For more details, see [Lake Formation Permissions Reference](https://docs.aws.amazon.com/lake-formation/latest/dg/lf-permissions-reference.html). */ permissions?: pulumi.Input[]>; /** * Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set `principal` to `IAM_ALLOWED_PRINCIPALS` and `permissions` to `["ALL"]`. */ principal?: pulumi.Input; } export interface GetPermissionsDataCellsFilter { /** * The name of the database. */ databaseName: string; /** * The name of the data cells filter. */ name: string; /** * The ID of the Data Catalog. */ tableCatalogId: string; /** * The name of the table. */ tableName: string; } export interface GetPermissionsDataCellsFilterArgs { /** * The name of the database. */ databaseName: pulumi.Input; /** * The name of the data cells filter. */ name: pulumi.Input; /** * The ID of the Data Catalog. */ tableCatalogId: pulumi.Input; /** * The name of the table. */ tableName: pulumi.Input; } export interface GetPermissionsDataLocation { /** * ARN that uniquely identifies the data location resource. * * The following argument is optional: */ arn: string; /** * Identifier for the Data Catalog where the location is registered with Lake Formation. By default, it is the account ID of the caller. */ catalogId?: string; } export interface GetPermissionsDataLocationArgs { /** * ARN that uniquely identifies the data location resource. * * The following argument is optional: */ arn: pulumi.Input; /** * Identifier for the Data Catalog where the location is registered with Lake Formation. By default, it is the account ID of the caller. */ catalogId?: pulumi.Input; } export interface GetPermissionsDatabase { /** * Identifier for the Data Catalog. By default, it is the account ID of the caller. */ catalogId?: string; /** * Name of the database resource. Unique to the Data Catalog. * * The following argument is optional: */ name: string; } export interface GetPermissionsDatabaseArgs { /** * Identifier for the Data Catalog. By default, it is the account ID of the caller. */ catalogId?: pulumi.Input; /** * Name of the database resource. Unique to the Data Catalog. * * The following argument is optional: */ name: pulumi.Input; } export interface GetPermissionsLfTag { /** * Identifier for the Data Catalog. By default, it is the account ID of the caller. */ catalogId?: string; /** * Key-name for the tag. */ key: string; /** * List of possible values an attribute can take. * * The following argument is optional: */ values: string[]; } export interface GetPermissionsLfTagArgs { /** * Identifier for the Data Catalog. By default, it is the account ID of the caller. */ catalogId?: pulumi.Input; /** * Key-name for the tag. */ key: pulumi.Input; /** * List of possible values an attribute can take. * * The following argument is optional: */ values: pulumi.Input[]>; } export interface GetPermissionsLfTagPolicy { /** * Identifier for the Data Catalog. By default, it is the account ID of the caller. */ catalogId?: string; /** * List of tag conditions that apply to the resource's tag policy. Configuration block for tag conditions that apply to the policy. See `expression` below. * * The following argument is optional: */ expressions: inputs.lakeformation.GetPermissionsLfTagPolicyExpression[]; /** * Resource type for which the tag policy applies. Valid values are `DATABASE` and `TABLE`. */ resourceType: string; } export interface GetPermissionsLfTagPolicyArgs { /** * Identifier for the Data Catalog. By default, it is the account ID of the caller. */ catalogId?: pulumi.Input; /** * List of tag conditions that apply to the resource's tag policy. Configuration block for tag conditions that apply to the policy. See `expression` below. * * The following argument is optional: */ expressions: pulumi.Input[]>; /** * Resource type for which the tag policy applies. Valid values are `DATABASE` and `TABLE`. */ resourceType: pulumi.Input; } export interface GetPermissionsLfTagPolicyExpression { /** * Key-name of an LF-Tag. */ key: string; /** * List of possible values of an LF-Tag. */ values: string[]; } export interface GetPermissionsLfTagPolicyExpressionArgs { /** * Key-name of an LF-Tag. */ key: pulumi.Input; /** * List of possible values of an LF-Tag. */ values: pulumi.Input[]>; } export interface GetPermissionsTable { /** * Identifier for the Data Catalog. By default, it is the account ID of the caller. */ catalogId?: string; /** * Name of the database for the table. Unique to a Data Catalog. * * The following arguments are optional: */ databaseName: string; /** * Name of the table. At least one of `name` or `wildcard` is required. */ name?: string; /** * Whether to use a wildcard representing every table under a database. At least one of `name` or `wildcard` is required. Defaults to `false`. */ wildcard?: boolean; } export interface GetPermissionsTableArgs { /** * Identifier for the Data Catalog. By default, it is the account ID of the caller. */ catalogId?: pulumi.Input; /** * Name of the database for the table. Unique to a Data Catalog. * * The following arguments are optional: */ databaseName: pulumi.Input; /** * Name of the table. At least one of `name` or `wildcard` is required. */ name?: pulumi.Input; /** * Whether to use a wildcard representing every table under a database. At least one of `name` or `wildcard` is required. Defaults to `false`. */ wildcard?: pulumi.Input; } export interface GetPermissionsTableWithColumns { /** * Identifier for the Data Catalog. By default, it is the account ID of the caller. */ catalogId?: string; /** * Set of column names for the table. At least one of `columnNames` or `excludedColumnNames` is required. */ columnNames?: string[]; /** * Name of the database for the table with columns resource. Unique to the Data Catalog. */ databaseName: string; /** * Set of column names for the table to exclude. At least one of `columnNames` or `excludedColumnNames` is required. */ excludedColumnNames?: string[]; /** * Name of the table resource. * * The following arguments are optional: */ name: string; /** * Whether to use a wildcard representing every table under a database. At least one of `name` or `wildcard` is required. Defaults to `false`. */ wildcard?: boolean; } export interface GetPermissionsTableWithColumnsArgs { /** * Identifier for the Data Catalog. By default, it is the account ID of the caller. */ catalogId?: pulumi.Input; /** * Set of column names for the table. At least one of `columnNames` or `excludedColumnNames` is required. */ columnNames?: pulumi.Input[]>; /** * Name of the database for the table with columns resource. Unique to the Data Catalog. */ databaseName: pulumi.Input; /** * Set of column names for the table to exclude. At least one of `columnNames` or `excludedColumnNames` is required. */ excludedColumnNames?: pulumi.Input[]>; /** * Name of the table resource. * * The following arguments are optional: */ name: pulumi.Input; /** * Whether to use a wildcard representing every table under a database. At least one of `name` or `wildcard` is required. Defaults to `false`. */ wildcard?: pulumi.Input; } export interface LfTagExpressionExpression { /** * The key-name for the LF-Tag. */ tagKey: pulumi.Input; /** * A list of possible values for the LF-Tag */ tagValues: pulumi.Input[]>; } export interface OptInCondition { /** * List of LF-tag conditions or a saved expression that apply to the resource's LF-Tag policy. */ expression?: pulumi.Input; } export interface OptInPrincipal { dataLakePrincipalIdentifier: pulumi.Input; } export interface OptInResourceData { /** * Identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment. See Catalog for more details. */ catalogs?: pulumi.Input[]>; /** * Data cell filter. See Data Cells Filter for more details. */ dataCellsFilters?: pulumi.Input[]>; /** * Location of an Amazon S3 path where permissions are granted or revoked. See Data Location for more details. */ dataLocations?: pulumi.Input[]>; /** * Database for the resource. Unique to the Data Catalog. A database is a set of associated table definitions organized into a logical group. You can Grant and Revoke database permissions to a principal. See Database for more details. */ database?: pulumi.Input; /** * LF-tag key and values attached to a resource. */ lfTag?: pulumi.Input; /** * Logical expression composed of one or more LF-Tag key:value pairs. See LF-Tag Expression for more details. */ lfTagExpressions?: pulumi.Input[]>; /** * List of LF-Tag conditions or saved LF-Tag expressions that define a resource's LF-Tag policy. See LF-Tag Policy for more details. */ lfTagPolicies?: pulumi.Input[]>; /** * Table for the resource. A table is a metadata definition that represents your data. You can Grant and Revoke table privileges to a principal. See Table for more details. */ table?: pulumi.Input; /** * Table with columns for the resource. A principal with permissions to this resource can select metadata from the columns of a table in the Data Catalog and the underlying data in Amazon S3. See Table With Columns for more details. */ tableWithColumns?: pulumi.Input; } export interface OptInResourceDataCatalog { /** * Identifier for the catalog resource. */ id?: pulumi.Input; } export interface OptInResourceDataDataCellsFilter { /** * The name of the database for the table. Unique to a Data Catalog. A database is a set of associated table definitions organized into a logical group. You can Grant and Revoke database privileges to a principal. */ databaseName?: pulumi.Input; /** * Name of the table. */ name?: pulumi.Input; /** * ID of the catalog to which the table belongs. */ tableCatalogId?: pulumi.Input; /** * Name of the table. */ tableName?: pulumi.Input; } export interface OptInResourceDataDataLocation { /** * Identifier for the Data Catalog. By default, it is the account ID of the caller. */ catalogId?: pulumi.Input; /** * ARN that uniquely identifies the data location resource. */ resourceArn: pulumi.Input; } export interface OptInResourceDataDatabase { /** * Identifier for the Data Catalog. By default, it is the account ID of the caller. */ catalogId?: pulumi.Input; /** * Name of the table. */ name: pulumi.Input; } export interface OptInResourceDataLfTag { /** * Identifier for the Data Catalog. By default, it is the account ID of the caller. */ catalogId?: pulumi.Input; key: pulumi.Input; value: pulumi.Input; } export interface OptInResourceDataLfTagExpression { /** * Identifier for the Data Catalog. By default, it is the account ID of the caller. */ catalogId?: pulumi.Input; /** * Name of the table. */ name: pulumi.Input; } export interface OptInResourceDataLfTagPolicy { /** * Identifier for the Data Catalog. By default, it is the account ID of the caller. */ catalogId?: pulumi.Input; /** * If provided, permissions are granted to the Data Catalog resources whose assigned LF-Tags match the expression body of the saved expression under the provided ExpressionName . */ expressionName?: pulumi.Input; /** * List of LF-tag conditions or a saved expression that apply to the resource's LF-Tag policy. */ expressions?: pulumi.Input[]>; /** * Resource type for which the LF-tag policy applies. */ resourceType: pulumi.Input; } export interface OptInResourceDataTable { /** * Identifier for the Data Catalog. By default, it is the account ID of the caller. */ catalogId?: pulumi.Input; /** * The name of the database for the table. Unique to a Data Catalog. A database is a set of associated table definitions organized into a logical group. You can Grant and Revoke database privileges to a principal. */ databaseName: pulumi.Input; /** * Name of the table. */ name?: pulumi.Input; /** * Boolean value that indicates whether to use a wildcard representing every table under the specified database. When set to true, this represents all tables within the specified database. At least one of TableResource$Name or TableResource$Wildcard is required. */ wildcard?: pulumi.Input; } export interface OptInResourceDataTableWithColumns { /** * Identifier for the Data Catalog. By default, it is the account ID of the caller. */ catalogId?: pulumi.Input; /** * List of column names for the table. At least one of ColumnNames or ColumnWildcard is required. */ columnNames?: pulumi.Input[]>; /** * Wildcard specified by a ColumnWildcard object. At least one of ColumnNames or ColumnWildcard is required. */ columnWildcard?: pulumi.Input; /** * The name of the database for the table. Unique to a Data Catalog. A database is a set of associated table definitions organized into a logical group. You can Grant and Revoke database privileges to a principal. */ databaseName: pulumi.Input; /** * Name of the table. */ name: pulumi.Input; } export interface OptInResourceDataTableWithColumnsColumnWildcard { excludedColumnNames?: pulumi.Input[]>; } export interface PermissionsDataCellsFilter { /** * The name of the database. */ databaseName: pulumi.Input; /** * The name of the data cells filter. */ name: pulumi.Input; /** * The ID of the Data Catalog. */ tableCatalogId: pulumi.Input; /** * The name of the table. */ tableName: pulumi.Input; } export interface PermissionsDataLocation { /** * Amazon Resource Name (ARN) that uniquely identifies the data location resource. * * The following argument is optional: */ arn: pulumi.Input; /** * Identifier for the Data Catalog where the location is registered with Lake Formation. By default, it is the account ID of the caller. */ catalogId?: pulumi.Input; } export interface PermissionsDatabase { /** * Identifier for the Data Catalog. By default, it is the account ID of the caller. */ catalogId?: pulumi.Input; /** * Name of the database resource. Unique to the Data Catalog. * * The following argument is optional: */ name: pulumi.Input; } export interface PermissionsLfTag { /** * Identifier for the Data Catalog. By default, it is the account ID of the caller. */ catalogId?: pulumi.Input; /** * The key-name for the tag. */ key: pulumi.Input; /** * A list of possible values an attribute can take. * * The following argument is optional: */ values: pulumi.Input[]>; } export interface PermissionsLfTagPolicy { /** * Identifier for the Data Catalog. By default, it is the account ID of the caller. */ catalogId?: pulumi.Input; /** * A list of tag conditions that apply to the resource's tag policy. Configuration block for tag conditions that apply to the policy. See `expression` below. * * The following argument is optional: */ expressions: pulumi.Input[]>; /** * The resource type for which the tag policy applies. Valid values are `DATABASE` and `TABLE`. */ resourceType: pulumi.Input; } export interface PermissionsLfTagPolicyExpression { /** * The key-name of an LF-Tag. */ key: pulumi.Input; /** * A list of possible values of an LF-Tag. */ values: pulumi.Input[]>; } export interface PermissionsTable { /** * Identifier for the Data Catalog. By default, it is the account ID of the caller. */ catalogId?: pulumi.Input; /** * Name of the database for the table. Unique to a Data Catalog. */ databaseName: pulumi.Input; /** * Name of the table. */ name?: pulumi.Input; /** * Whether to use a wildcard representing every table under a database. Defaults to `false`. * * The following arguments are optional: */ wildcard?: pulumi.Input; } export interface PermissionsTableWithColumns { /** * Identifier for the Data Catalog. By default, it is the account ID of the caller. */ catalogId?: pulumi.Input; /** * Set of column names for the table. */ columnNames?: pulumi.Input[]>; /** * Name of the database for the table with columns resource. Unique to the Data Catalog. */ databaseName: pulumi.Input; /** * Set of column names for the table to exclude. If `excludedColumnNames` is included, `wildcard` must be set to `true` to avoid the provider reporting a difference. */ excludedColumnNames?: pulumi.Input[]>; /** * Name of the table resource. */ name: pulumi.Input; /** * Whether to use a column wildcard. If `excludedColumnNames` is included, `wildcard` must be set to `true` to avoid the provider reporting a difference. * * The following arguments are optional: */ wildcard?: pulumi.Input; } export interface ResourceLfTagDatabase { /** * Identifier for the Data Catalog. By default, it is the account ID of the caller. */ catalogId?: pulumi.Input; /** * Name of the database resource. Unique to the Data Catalog. * * The following argument is optional: */ name: pulumi.Input; } export interface ResourceLfTagLfTag { /** * Identifier for the Data Catalog. By default, it is the account ID of the caller. */ catalogId?: pulumi.Input; /** * Key name for an existing LF-tag. */ key: pulumi.Input; /** * Value from the possible values for the LF-tag. * * The following argument is optional: */ value: pulumi.Input; } export interface ResourceLfTagTable { /** * Identifier for the Data Catalog. By default, it is the account ID of the caller. */ catalogId?: pulumi.Input; /** * Name of the database for the table. Unique to a Data Catalog. */ databaseName: pulumi.Input; /** * Name of the table. */ name?: pulumi.Input; /** * Whether to use a wildcard representing every table under a database. Defaults to `false`. * * The following arguments are optional: */ wildcard?: pulumi.Input; } export interface ResourceLfTagTableWithColumns { /** * Identifier for the Data Catalog. By default, it is the account ID of the caller. */ catalogId?: pulumi.Input; /** * Set of column names for the table. */ columnNames?: pulumi.Input[]>; /** * Option to add column wildcard. See Column Wildcard for more details. */ columnWildcard?: pulumi.Input; /** * Name of the database for the table with columns resource. Unique to the Data Catalog. */ databaseName: pulumi.Input; /** * Name of the table resource. * * The following arguments are optional: */ name: pulumi.Input; } export interface ResourceLfTagTableWithColumnsColumnWildcard { excludedColumnNames?: pulumi.Input[]>; } export interface ResourceLfTagTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; } export interface ResourceLfTagsDatabase { /** * Identifier for the Data Catalog. By default, it is the account ID of the caller. */ catalogId?: pulumi.Input; /** * Name of the database resource. Unique to the Data Catalog. * * The following argument is optional: */ name: pulumi.Input; } export interface ResourceLfTagsLfTag { /** * Identifier for the Data Catalog. By default, it is the account ID of the caller. */ catalogId?: pulumi.Input; /** * Key name for an existing LF-tag. */ key: pulumi.Input; /** * Value from the possible values for the LF-tag. * * The following argument is optional: */ value: pulumi.Input; } export interface ResourceLfTagsTable { /** * Identifier for the Data Catalog. By default, it is the account ID of the caller. */ catalogId?: pulumi.Input; /** * Name of the database for the table. Unique to a Data Catalog. */ databaseName: pulumi.Input; /** * Name of the table. */ name?: pulumi.Input; /** * Whether to use a wildcard representing every table under a database. Defaults to `false`. * * The following arguments are optional: */ wildcard?: pulumi.Input; } export interface ResourceLfTagsTableWithColumns { /** * Identifier for the Data Catalog. By default, it is the account ID of the caller. */ catalogId?: pulumi.Input; /** * Set of column names for the table. */ columnNames?: pulumi.Input[]>; /** * Name of the database for the table with columns resource. Unique to the Data Catalog. */ databaseName: pulumi.Input; /** * Set of column names for the table to exclude. If `excludedColumnNames` is included, `wildcard` must be set to `true` to avoid the provider reporting a difference. */ excludedColumnNames?: pulumi.Input[]>; /** * Name of the table resource. */ name: pulumi.Input; /** * Whether to use a column wildcard. If `excludedColumnNames` is included, `wildcard` must be set to `true` to avoid the provider reporting a difference. * * The following arguments are optional: */ wildcard?: pulumi.Input; } } export namespace lambda { export interface AliasRoutingConfig { /** * Map that defines the proportion of events that should be sent to different versions of a Lambda function. */ additionalVersionWeights?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface CapacityProviderCapacityProviderScalingConfig { maxVcpuCount: pulumi.Input; /** * The scaling mode for the Capacity Provider. Valid values are `AUTO` and `MANUAL`. Defaults to `AUTO`. */ scalingMode: pulumi.Input; /** * List of scaling policies. See Scaling Policies below. */ scalingPolicies: pulumi.Input[]>; } export interface CapacityProviderCapacityProviderScalingConfigScalingPolicy { /** * The predefined metric type for the scaling policy. Valid values are `LAMBDA_PROVISIONED_CONCURRENCY_UTILIZATION`. */ predefinedMetricType: pulumi.Input; /** * The target value for the scaling policy. */ targetValue: pulumi.Input; } export interface CapacityProviderInstanceRequirement { /** * List of allowed instance types. */ allowedInstanceTypes: pulumi.Input[]>; /** * List of CPU architectures. Valid values are `X86_64` and `ARM64`. */ architectures: pulumi.Input[]>; /** * List of excluded instance types. */ excludedInstanceTypes: pulumi.Input[]>; } export interface CapacityProviderPermissionsConfig { /** * The ARN of the IAM role that allows Lambda to manage the Capacity Provider. */ capacityProviderOperatorRoleArn: pulumi.Input; } export interface CapacityProviderTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface CapacityProviderVpcConfig { /** * List of security group IDs for the VPC. */ securityGroupIds: pulumi.Input[]>; /** * List of subnet IDs for the VPC. */ subnetIds: pulumi.Input[]>; } export interface CodeSigningConfigAllowedPublishers { /** * Set of ARNs for each of the signing profiles. A signing profile defines a trusted user who can sign a code package. Maximum of 20 signing profiles. */ signingProfileVersionArns: pulumi.Input[]>; } export interface CodeSigningConfigPolicies { /** * Code signing configuration policy for deployment validation failure. If you set the policy to `Enforce`, Lambda blocks the deployment request if code-signing validation checks fail. If you set the policy to `Warn`, Lambda allows the deployment and creates a CloudWatch log. Valid values: `Warn`, `Enforce`. Default value: `Warn`. */ untrustedArtifactOnDeployment: pulumi.Input; } export interface EventSourceMappingAmazonManagedKafkaEventSourceConfig { /** * Kafka consumer group ID between 1 and 200 characters for use when creating this event source mapping. If one is not specified, this value will be automatically generated. See [AmazonManagedKafkaEventSourceConfig Syntax](https://docs.aws.amazon.com/lambda/latest/dg/API_AmazonManagedKafkaEventSourceConfig.html). */ consumerGroupId?: pulumi.Input; /** * Block for a Kafka schema registry setting. See below. */ schemaRegistryConfig?: pulumi.Input; } export interface EventSourceMappingAmazonManagedKafkaEventSourceConfigSchemaRegistryConfig { /** * Configuration block for authentication Lambda uses to access the schema registry. */ accessConfigs?: pulumi.Input[]>; /** * Record format that Lambda delivers to the function after schema validation. Valid values: `JSON`, `SOURCE`. */ eventRecordFormat?: pulumi.Input; /** * URI of the schema registry. For AWS Glue schema registries, use the ARN of the registry. For Confluent schema registries, use the registry URL. */ schemaRegistryUri?: pulumi.Input; /** * Repeatable block that defines schema validation settings. These specify the message attributes that Lambda should validate and filter using the schema registry. */ schemaValidationConfigs?: pulumi.Input[]>; } export interface EventSourceMappingAmazonManagedKafkaEventSourceConfigSchemaRegistryConfigAccessConfig { /** * Authentication type Lambda uses to access the schema registry. */ type?: pulumi.Input; /** * URI of the secret (Secrets Manager secret ARN) used to authenticate with the schema registry. */ uri?: pulumi.Input; } export interface EventSourceMappingAmazonManagedKafkaEventSourceConfigSchemaRegistryConfigSchemaValidationConfig { /** * Message attribute to validate. Valid values: `KEY`, `VALUE`. */ attribute?: pulumi.Input; } export interface EventSourceMappingDestinationConfig { /** * Destination configuration for failed invocations. See below. */ onFailure?: pulumi.Input; } export interface EventSourceMappingDestinationConfigOnFailure { /** * ARN of the destination resource, or `kafka://your-topic-name` for Amazon MSK and self-managed Apache Kafka destinations. */ destinationArn: pulumi.Input; } export interface EventSourceMappingDocumentDbEventSourceConfig { /** * Name of the collection to consume within the database. If you do not specify a collection, Lambda consumes all collections. */ collectionName?: pulumi.Input; /** * Name of the database to consume within the DocumentDB cluster. */ databaseName: pulumi.Input; /** * Determines what DocumentDB sends to your event stream during document update operations. If set to `UpdateLookup`, DocumentDB sends a delta describing the changes, along with a copy of the entire document. Otherwise, DocumentDB sends only a partial document that contains the changes. Valid values: `UpdateLookup`, `Default`. */ fullDocument?: pulumi.Input; } export interface EventSourceMappingFilterCriteria { /** * Set of up to 5 filter. If an event satisfies at least one, Lambda sends the event to the function or adds it to the next batch. See below. */ filters?: pulumi.Input[]>; } export interface EventSourceMappingFilterCriteriaFilter { /** * Filter pattern up to 4096 characters. See [Filter Rule Syntax](https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html#filtering-syntax). */ pattern?: pulumi.Input; } export interface EventSourceMappingMetricsConfig { /** * List containing the metrics to be produced by the event source mapping. Valid values: `EventCount`. */ metrics: pulumi.Input[]>; } export interface EventSourceMappingProvisionedPollerConfig { /** * Maximum number of event pollers this event source can scale up to. The range is between 1 and 2000. */ maximumPollers?: pulumi.Input; /** * Minimum number of event pollers this event source can scale down to. The range is between 1 and 200. */ minimumPollers?: pulumi.Input; /** * The name of the provisioned poller group used to group multiple ESMs within the event source's VPC to share Event Poller Unit (EPU) capacity. You can use this option to optimize Provisioned mode costs for your ESMs. You can group up to 100 ESMs per poller group and aggregate maximum pollers across all ESMs in a group cannot exceed 2000. */ pollerGroupName?: pulumi.Input; } export interface EventSourceMappingScalingConfig { /** * Limits the number of concurrent instances that the Amazon SQS event source can invoke. Must be greater than or equal to 2. See [Configuring maximum concurrency for Amazon SQS event sources](https://docs.aws.amazon.com/lambda/latest/dg/with-sqs.html#events-sqs-max-concurrency). You need to raise a [Service Quota Ticket](https://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html) to increase the concurrency beyond 1000. */ maximumConcurrency?: pulumi.Input; } export interface EventSourceMappingSelfManagedEventSource { /** * Map of endpoints for the self managed source. For Kafka self-managed sources, the key should be `KAFKA_BOOTSTRAP_SERVERS` and the value should be a string with a comma separated list of broker endpoints. */ endpoints: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface EventSourceMappingSelfManagedKafkaEventSourceConfig { /** * Kafka consumer group ID between 1 and 200 characters for use when creating this event source mapping. If one is not specified, this value will be automatically generated. See [SelfManagedKafkaEventSourceConfig Syntax](https://docs.aws.amazon.com/lambda/latest/dg/API_SelfManagedKafkaEventSourceConfig.html). */ consumerGroupId?: pulumi.Input; /** * Block for a Kafka schema registry setting. See below. */ schemaRegistryConfig?: pulumi.Input; } export interface EventSourceMappingSelfManagedKafkaEventSourceConfigSchemaRegistryConfig { /** * Configuration block for authentication Lambda uses to access the schema registry. */ accessConfigs?: pulumi.Input[]>; /** * Record format that Lambda delivers to the function after schema validation. Valid values: `JSON`, `SOURCE`. */ eventRecordFormat?: pulumi.Input; /** * URI of the schema registry. For AWS Glue schema registries, use the ARN of the registry. For Confluent schema registries, use the registry URL. */ schemaRegistryUri?: pulumi.Input; /** * Repeatable block that defines schema validation settings. These specify the message attributes that Lambda should validate and filter using the schema registry. */ schemaValidationConfigs?: pulumi.Input[]>; } export interface EventSourceMappingSelfManagedKafkaEventSourceConfigSchemaRegistryConfigAccessConfig { /** * Authentication type Lambda uses to access the schema registry. */ type?: pulumi.Input; /** * URI of the secret (Secrets Manager secret ARN) used to authenticate with the schema registry. */ uri?: pulumi.Input; } export interface EventSourceMappingSelfManagedKafkaEventSourceConfigSchemaRegistryConfigSchemaValidationConfig { /** * Message attribute to validate. Valid values: `KEY`, `VALUE`. */ attribute?: pulumi.Input; } export interface EventSourceMappingSourceAccessConfiguration { /** * Type of authentication protocol, VPC components, or virtual host for your event source. For valid values, refer to the [AWS documentation](https://docs.aws.amazon.com/lambda/latest/api/API_SourceAccessConfiguration.html). */ type: pulumi.Input; /** * URI for this configuration. For type `VPC_SUBNET` the value should be `subnet:subnet_id` where `subnetId` is the value you would find in an aws.ec2.Subnet resource's id attribute. For type `VPC_SECURITY_GROUP` the value should be `security_group:security_group_id` where `securityGroupId` is the value you would find in an aws.ec2.SecurityGroup resource's id attribute. */ uri: pulumi.Input; } export interface FunctionCapacityProviderConfig { /** * Configuration block for Lambda Managed Instances Capacity Provider. See below. */ lambdaManagedInstancesCapacityProviderConfig: pulumi.Input; } export interface FunctionCapacityProviderConfigLambdaManagedInstancesCapacityProviderConfig { /** * ARN of the Capacity Provider. */ capacityProviderArn: pulumi.Input; /** * Memory GiB per vCPU for the execution environment. */ executionEnvironmentMemoryGibPerVcpu?: pulumi.Input; /** * Maximum concurrency per execution environment. */ perExecutionEnvironmentMaxConcurrency?: pulumi.Input; } export interface FunctionDeadLetterConfig { /** * ARN of an SNS topic or SQS queue to notify when an invocation fails. */ targetArn: pulumi.Input; } export interface FunctionDurableConfig { /** * Maximum execution time in seconds for the durable function. Valid value between 1 and 31622400 (366 days). */ executionTimeout: pulumi.Input; /** * Number of days to retain the function's execution state. Valid value between 1 and 90. If not specified, the function's execution state is not retained. Defaults to 14. */ retentionPeriod?: pulumi.Input; } export interface FunctionEnvironment { /** * Map of environment variables available to your Lambda function during execution. */ variables?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface FunctionEphemeralStorage { /** * Amount of ephemeral storage (`/tmp`) in MB. Valid between 512 MB and 10,240 MB (10 GB). */ size?: pulumi.Input; } export interface FunctionEventInvokeConfigDestinationConfig { /** * Configuration block with destination configuration for failed asynchronous invocations. See below. */ onFailure?: pulumi.Input; /** * Configuration block with destination configuration for successful asynchronous invocations. See below. */ onSuccess?: pulumi.Input; } export interface FunctionEventInvokeConfigDestinationConfigOnFailure { /** * ARN of the destination resource. See the [Lambda Developer Guide](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#invocation-async-destinations) for acceptable resource types and associated IAM permissions. */ destination: pulumi.Input; } export interface FunctionEventInvokeConfigDestinationConfigOnSuccess { /** * ARN of the destination resource. See the [Lambda Developer Guide](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#invocation-async-destinations) for acceptable resource types and associated IAM permissions. */ destination: pulumi.Input; } export interface FunctionFileSystemConfig { /** * ARN of the Amazon EFS Access Point. */ arn: pulumi.Input; /** * Path where the function can access the file system. Must start with `/mnt/`. */ localMountPath: pulumi.Input; } export interface FunctionImageConfig { /** * Parameters to pass to the container image. */ commands?: pulumi.Input[]>; /** * Entry point to your application. */ entryPoints?: pulumi.Input[]>; /** * Working directory for the container image. */ workingDirectory?: pulumi.Input; } export interface FunctionLoggingConfig { /** * Detail level of application logs. Valid values: `TRACE`, `DEBUG`, `INFO`, `WARN`, `ERROR`, `FATAL`. */ applicationLogLevel?: pulumi.Input; /** * Log format. Valid values: `Text`, `JSON`. */ logFormat: pulumi.Input; /** * CloudWatch log group where logs are sent. */ logGroup?: pulumi.Input; /** * Detail level of Lambda platform logs. Valid values: `DEBUG`, `INFO`, `WARN`. */ systemLogLevel?: pulumi.Input; } export interface FunctionSnapStart { /** * When to apply snap start optimization. Valid value: `PublishedVersions`. */ applyOn: pulumi.Input; /** * Optimization status of the snap start configuration. Valid values are `On` and `Off`. */ optimizationStatus?: pulumi.Input; } export interface FunctionTenancyConfig { /** * Tenant Isolation Mode. Valid values: `PER_TENANT`. */ tenantIsolationMode: pulumi.Input; } export interface FunctionTracingConfig { /** * X-Ray tracing mode. Valid values: `Active`, `PassThrough`. */ mode: pulumi.Input; } export interface FunctionUrlCors { /** * Whether to allow cookies or other credentials in requests to the function URL. */ allowCredentials?: pulumi.Input; /** * HTTP headers that origins can include in requests to the function URL. */ allowHeaders?: pulumi.Input[]>; /** * HTTP methods that are allowed when calling the function URL. */ allowMethods?: pulumi.Input[]>; /** * Origins that can access the function URL. */ allowOrigins?: pulumi.Input[]>; /** * HTTP headers in your function response that you want to expose to origins that call the function URL. */ exposeHeaders?: pulumi.Input[]>; /** * Maximum amount of time, in seconds, that web browsers can cache results of a preflight request. Maximum value is `86400`. */ maxAge?: pulumi.Input; } export interface FunctionVpcConfig { /** * Whether to allow outbound IPv6 traffic on VPC functions connected to dual-stack subnets. Default: `false`. */ ipv6AllowedForDualStack?: pulumi.Input; /** * List of security group IDs associated with the Lambda function. */ securityGroupIds: pulumi.Input[]>; /** * List of subnet IDs associated with the Lambda function. */ subnetIds: pulumi.Input[]>; /** * ID of the VPC. */ vpcId?: pulumi.Input; } } export namespace lb { export interface GetListenerRuleAction { /** * An action to authenticate using Amazon Cognito. * Detailed below. */ authenticateCognitos?: inputs.lb.GetListenerRuleActionAuthenticateCognito[]; /** * An action to authenticate using OIDC. * Detailed below. */ authenticateOidcs?: inputs.lb.GetListenerRuleActionAuthenticateOidc[]; /** * An action to return a fixed response. * Detailed below. */ fixedResponses?: inputs.lb.GetListenerRuleActionFixedResponse[]; /** * An action to forward the request. * Detailed below. */ forwards?: inputs.lb.GetListenerRuleActionForward[]; /** * An action to validate using JWT. * Detailed below. */ jwtValidations?: inputs.lb.GetListenerRuleActionJwtValidation[]; /** * The evaluation order of the action. */ order?: number; /** * An action to redirect the request. * Detailed below. */ redirects?: inputs.lb.GetListenerRuleActionRedirect[]; /** * Type of transform. */ type?: string; } export interface GetListenerRuleActionArgs { /** * An action to authenticate using Amazon Cognito. * Detailed below. */ authenticateCognitos?: pulumi.Input[]>; /** * An action to authenticate using OIDC. * Detailed below. */ authenticateOidcs?: pulumi.Input[]>; /** * An action to return a fixed response. * Detailed below. */ fixedResponses?: pulumi.Input[]>; /** * An action to forward the request. * Detailed below. */ forwards?: pulumi.Input[]>; /** * An action to validate using JWT. * Detailed below. */ jwtValidations?: pulumi.Input[]>; /** * The evaluation order of the action. */ order?: pulumi.Input; /** * An action to redirect the request. * Detailed below. */ redirects?: pulumi.Input[]>; /** * Type of transform. */ type?: pulumi.Input; } export interface GetListenerRuleActionAuthenticateCognito { /** * Set of additional parameters for the request. * Detailed below. */ authenticationRequestExtraParams?: {[key: string]: string}; /** * Behavior when the client is not authenticated. */ onUnauthenticatedRequest?: string; /** * Set of user claims requested. */ scope?: string; /** * Name of the cookie used to maintain session information. */ sessionCookieName?: string; /** * Maximum duration of the authentication session in seconds. */ sessionTimeout?: number; /** * ARN of the Cognito user pool. */ userPoolArn?: string; /** * ID of the Cognito user pool client. */ userPoolClientId?: string; /** * Domain prefix or fully-qualified domain name of the Cognito user pool. */ userPoolDomain?: string; } export interface GetListenerRuleActionAuthenticateCognitoArgs { /** * Set of additional parameters for the request. * Detailed below. */ authenticationRequestExtraParams?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Behavior when the client is not authenticated. */ onUnauthenticatedRequest?: pulumi.Input; /** * Set of user claims requested. */ scope?: pulumi.Input; /** * Name of the cookie used to maintain session information. */ sessionCookieName?: pulumi.Input; /** * Maximum duration of the authentication session in seconds. */ sessionTimeout?: pulumi.Input; /** * ARN of the Cognito user pool. */ userPoolArn?: pulumi.Input; /** * ID of the Cognito user pool client. */ userPoolClientId?: pulumi.Input; /** * Domain prefix or fully-qualified domain name of the Cognito user pool. */ userPoolDomain?: pulumi.Input; } export interface GetListenerRuleActionAuthenticateOidc { /** * Set of additional parameters for the request. * Detailed below. */ authenticationRequestExtraParams?: {[key: string]: string}; /** * The authorization endpoint of the IdP. */ authorizationEndpoint?: string; /** * OAuth 2.0 client identifier. */ clientId?: string; /** * Issuer of the JWT. */ issuer?: string; /** * Behavior when the client is not authenticated. */ onUnauthenticatedRequest?: string; /** * Set of user claims requested. */ scope?: string; /** * Name of the cookie used to maintain session information. */ sessionCookieName?: string; /** * Maximum duration of the authentication session in seconds. */ sessionTimeout?: number; /** * The token endpoint of the IdP. */ tokenEndpoint?: string; /** * The user info endpoint of the IdP. */ userInfoEndpoint?: string; } export interface GetListenerRuleActionAuthenticateOidcArgs { /** * Set of additional parameters for the request. * Detailed below. */ authenticationRequestExtraParams?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * The authorization endpoint of the IdP. */ authorizationEndpoint?: pulumi.Input; /** * OAuth 2.0 client identifier. */ clientId?: pulumi.Input; /** * Issuer of the JWT. */ issuer?: pulumi.Input; /** * Behavior when the client is not authenticated. */ onUnauthenticatedRequest?: pulumi.Input; /** * Set of user claims requested. */ scope?: pulumi.Input; /** * Name of the cookie used to maintain session information. */ sessionCookieName?: pulumi.Input; /** * Maximum duration of the authentication session in seconds. */ sessionTimeout?: pulumi.Input; /** * The token endpoint of the IdP. */ tokenEndpoint?: pulumi.Input; /** * The user info endpoint of the IdP. */ userInfoEndpoint?: pulumi.Input; } export interface GetListenerRuleActionFixedResponse { /** * Content type of the response. */ contentType?: string; /** * Message body of the response. */ messageBody?: string; /** * The HTTP redirect code. */ statusCode?: string; } export interface GetListenerRuleActionFixedResponseArgs { /** * Content type of the response. */ contentType?: pulumi.Input; /** * Message body of the response. */ messageBody?: pulumi.Input; /** * The HTTP redirect code. */ statusCode?: pulumi.Input; } export interface GetListenerRuleActionForward { /** * Target group stickiness for the rule. * Detailed below. */ stickinesses?: inputs.lb.GetListenerRuleActionForwardStickiness[]; /** * Set of target groups for the action. * Detailed below. */ targetGroups?: inputs.lb.GetListenerRuleActionForwardTargetGroup[]; } export interface GetListenerRuleActionForwardArgs { /** * Target group stickiness for the rule. * Detailed below. */ stickinesses?: pulumi.Input[]>; /** * Set of target groups for the action. * Detailed below. */ targetGroups?: pulumi.Input[]>; } export interface GetListenerRuleActionForwardStickiness { /** * The time period, in seconds, during which requests from a client should be routed to the same target group. */ duration?: number; /** * Indicates whether target group stickiness is enabled. */ enabled?: boolean; } export interface GetListenerRuleActionForwardStickinessArgs { /** * The time period, in seconds, during which requests from a client should be routed to the same target group. */ duration?: pulumi.Input; /** * Indicates whether target group stickiness is enabled. */ enabled?: pulumi.Input; } export interface GetListenerRuleActionForwardTargetGroup { /** * ARN of the Listener Rule. * Either `arn` or `listenerArn` must be set. */ arn?: string; /** * Weight of the target group. */ weight?: number; } export interface GetListenerRuleActionForwardTargetGroupArgs { /** * ARN of the Listener Rule. * Either `arn` or `listenerArn` must be set. */ arn?: pulumi.Input; /** * Weight of the target group. */ weight?: pulumi.Input; } export interface GetListenerRuleActionJwtValidation { /** * Additional claims to validate. */ additionalClaims?: inputs.lb.GetListenerRuleActionJwtValidationAdditionalClaim[]; /** * Issuer of the JWT. */ issuer?: string; /** * JSON Web Key Set (JWKS) endpoint. */ jwksEndpoint?: string; } export interface GetListenerRuleActionJwtValidationArgs { /** * Additional claims to validate. */ additionalClaims?: pulumi.Input[]>; /** * Issuer of the JWT. */ issuer?: pulumi.Input; /** * JSON Web Key Set (JWKS) endpoint. */ jwksEndpoint?: pulumi.Input; } export interface GetListenerRuleActionJwtValidationAdditionalClaim { /** * Format of the claim value. */ format?: string; /** * Name of the claim to validate. */ name?: string; /** * Set of `key`-`value` pairs indicating the query string parameters to match. */ values?: string[]; } export interface GetListenerRuleActionJwtValidationAdditionalClaimArgs { /** * Format of the claim value. */ format?: pulumi.Input; /** * Name of the claim to validate. */ name?: pulumi.Input; /** * Set of `key`-`value` pairs indicating the query string parameters to match. */ values?: pulumi.Input[]>; } export interface GetListenerRuleActionRedirect { /** * The hostname. */ host?: string; /** * The absolute path, starting with `/`. */ path?: string; /** * The port. */ port?: string; /** * The protocol. */ protocol?: string; /** * The query parameters. */ query?: string; /** * The HTTP redirect code. */ statusCode?: string; } export interface GetListenerRuleActionRedirectArgs { /** * The hostname. */ host?: pulumi.Input; /** * The absolute path, starting with `/`. */ path?: pulumi.Input; /** * The port. */ port?: pulumi.Input; /** * The protocol. */ protocol?: pulumi.Input; /** * The query parameters. */ query?: pulumi.Input; /** * The HTTP redirect code. */ statusCode?: pulumi.Input; } export interface GetListenerRuleCondition { /** * Host header patterns to match. * Detailed below. */ hostHeaders?: inputs.lb.GetListenerRuleConditionHostHeader[]; /** * HTTP header and values to match. * Detailed below. */ httpHeaders?: inputs.lb.GetListenerRuleConditionHttpHeader[]; /** * Contains a single attribute `values`, which contains a set of HTTP request methods. */ httpRequestMethods?: inputs.lb.GetListenerRuleConditionHttpRequestMethod[]; /** * Path patterns to compare against the request URL. * Detailed below. */ pathPatterns?: inputs.lb.GetListenerRuleConditionPathPattern[]; /** * Query string parameters to match. * Detailed below. */ queryStrings?: inputs.lb.GetListenerRuleConditionQueryString[]; /** * Contains a single attribute `values`, which contains a set of source IPs in CIDR notation. */ sourceIps?: inputs.lb.GetListenerRuleConditionSourceIp[]; } export interface GetListenerRuleConditionArgs { /** * Host header patterns to match. * Detailed below. */ hostHeaders?: pulumi.Input[]>; /** * HTTP header and values to match. * Detailed below. */ httpHeaders?: pulumi.Input[]>; /** * Contains a single attribute `values`, which contains a set of HTTP request methods. */ httpRequestMethods?: pulumi.Input[]>; /** * Path patterns to compare against the request URL. * Detailed below. */ pathPatterns?: pulumi.Input[]>; /** * Query string parameters to match. * Detailed below. */ queryStrings?: pulumi.Input[]>; /** * Contains a single attribute `values`, which contains a set of source IPs in CIDR notation. */ sourceIps?: pulumi.Input[]>; } export interface GetListenerRuleConditionHostHeader { /** * Set of regular expressions to compare against the request URL. */ regexValues?: string[]; /** * Set of `key`-`value` pairs indicating the query string parameters to match. */ values?: string[]; } export interface GetListenerRuleConditionHostHeaderArgs { /** * Set of regular expressions to compare against the request URL. */ regexValues?: pulumi.Input[]>; /** * Set of `key`-`value` pairs indicating the query string parameters to match. */ values?: pulumi.Input[]>; } export interface GetListenerRuleConditionHttpHeader { /** * Name of the HTTP header to match. */ httpHeaderName?: string; /** * Set of regular expressions to compare against the request URL. */ regexValues?: string[]; /** * Set of `key`-`value` pairs indicating the query string parameters to match. */ values?: string[]; } export interface GetListenerRuleConditionHttpHeaderArgs { /** * Name of the HTTP header to match. */ httpHeaderName?: pulumi.Input; /** * Set of regular expressions to compare against the request URL. */ regexValues?: pulumi.Input[]>; /** * Set of `key`-`value` pairs indicating the query string parameters to match. */ values?: pulumi.Input[]>; } export interface GetListenerRuleConditionHttpRequestMethod { /** * Set of `key`-`value` pairs indicating the query string parameters to match. */ values?: string[]; } export interface GetListenerRuleConditionHttpRequestMethodArgs { /** * Set of `key`-`value` pairs indicating the query string parameters to match. */ values?: pulumi.Input[]>; } export interface GetListenerRuleConditionPathPattern { /** * Set of regular expressions to compare against the request URL. */ regexValues?: string[]; /** * Set of `key`-`value` pairs indicating the query string parameters to match. */ values?: string[]; } export interface GetListenerRuleConditionPathPatternArgs { /** * Set of regular expressions to compare against the request URL. */ regexValues?: pulumi.Input[]>; /** * Set of `key`-`value` pairs indicating the query string parameters to match. */ values?: pulumi.Input[]>; } export interface GetListenerRuleConditionQueryString { /** * Set of `key`-`value` pairs indicating the query string parameters to match. */ values?: inputs.lb.GetListenerRuleConditionQueryStringValue[]; } export interface GetListenerRuleConditionQueryStringArgs { /** * Set of `key`-`value` pairs indicating the query string parameters to match. */ values?: pulumi.Input[]>; } export interface GetListenerRuleConditionQueryStringValue { /** * Key of query parameter */ key?: string; /** * Value of query parameter */ value?: string; } export interface GetListenerRuleConditionQueryStringValueArgs { /** * Key of query parameter */ key?: pulumi.Input; /** * Value of query parameter */ value?: pulumi.Input; } export interface GetListenerRuleConditionSourceIp { /** * Set of `key`-`value` pairs indicating the query string parameters to match. */ values?: string[]; } export interface GetListenerRuleConditionSourceIpArgs { /** * Set of `key`-`value` pairs indicating the query string parameters to match. */ values?: pulumi.Input[]>; } export interface GetListenerRuleTransform { /** * Block for host header rewrite. Detailed below. */ hostHeaderRewriteConfigs?: inputs.lb.GetListenerRuleTransformHostHeaderRewriteConfig[]; /** * Type of transform. */ type?: string; /** * Block for URL rewrite. Detailed below. */ urlRewriteConfigs?: inputs.lb.GetListenerRuleTransformUrlRewriteConfig[]; } export interface GetListenerRuleTransformArgs { /** * Block for host header rewrite. Detailed below. */ hostHeaderRewriteConfigs?: pulumi.Input[]>; /** * Type of transform. */ type?: pulumi.Input; /** * Block for URL rewrite. Detailed below. */ urlRewriteConfigs?: pulumi.Input[]>; } export interface GetListenerRuleTransformHostHeaderRewriteConfig { /** * Block for URL rewrite configuration. Detailed below. */ rewrites?: inputs.lb.GetListenerRuleTransformHostHeaderRewriteConfigRewrite[]; } export interface GetListenerRuleTransformHostHeaderRewriteConfigArgs { /** * Block for URL rewrite configuration. Detailed below. */ rewrites?: pulumi.Input[]>; } export interface GetListenerRuleTransformHostHeaderRewriteConfigRewrite { /** * Regular expression to match in the input string. */ regex?: string; /** * Replacement string to use when rewriting the matched input. */ replace?: string; } export interface GetListenerRuleTransformHostHeaderRewriteConfigRewriteArgs { /** * Regular expression to match in the input string. */ regex?: pulumi.Input; /** * Replacement string to use when rewriting the matched input. */ replace?: pulumi.Input; } export interface GetListenerRuleTransformUrlRewriteConfig { /** * Block for URL rewrite configuration. Detailed below. */ rewrites?: inputs.lb.GetListenerRuleTransformUrlRewriteConfigRewrite[]; } export interface GetListenerRuleTransformUrlRewriteConfigArgs { /** * Block for URL rewrite configuration. Detailed below. */ rewrites?: pulumi.Input[]>; } export interface GetListenerRuleTransformUrlRewriteConfigRewrite { /** * Regular expression to match in the input string. */ regex?: string; /** * Replacement string to use when rewriting the matched input. */ replace?: string; } export interface GetListenerRuleTransformUrlRewriteConfigRewriteArgs { /** * Regular expression to match in the input string. */ regex?: pulumi.Input; /** * Replacement string to use when rewriting the matched input. */ replace?: pulumi.Input; } export interface ListenerDefaultAction { /** * Configuration block for using Amazon Cognito to authenticate users. Specify only when `type` is `authenticate-cognito`. See below. */ authenticateCognito?: pulumi.Input; /** * Configuration block for an identity provider that is compliant with OpenID Connect (OIDC). Specify only when `type` is `authenticate-oidc`. See below. */ authenticateOidc?: pulumi.Input; /** * Information for creating an action that returns a custom HTTP response. Required if `type` is `fixed-response`. */ fixedResponse?: pulumi.Input; /** * Configuration block for creating an action that distributes requests among one or more target groups. Specify only if `type` is `forward`. See below. */ forward?: pulumi.Input; /** * Configuration block for creating a JWT validation action. Required if `type` is `jwt-validation`. */ jwtValidation?: pulumi.Input; /** * Order for the action. The action with the lowest value for order is performed first. Valid values are between `1` and `50000`. Defaults to the position in the list of actions. */ order?: pulumi.Input; /** * Configuration block for creating a redirect action. Required if `type` is `redirect`. See below. */ redirect?: pulumi.Input; /** * ARN of the Target Group to which to route traffic. Specify only if `type` is `forward` and you want to route to a single target group. To route to one or more target groups, use a `forward` block instead. Can be specified with `forward` but ARNs must match. */ targetGroupArn?: pulumi.Input; /** * Type of routing action. Valid values are `forward`, `redirect`, `fixed-response`, `authenticate-cognito`, `authenticate-oidc` and `jwt-validation`. * * The following arguments are optional: */ type: pulumi.Input; } export interface ListenerDefaultActionAuthenticateCognito { /** * Query parameters to include in the redirect request to the authorization endpoint. Max: 10. See below. */ authenticationRequestExtraParams?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Behavior if the user is not authenticated. Valid values are `deny`, `allow` and `authenticate`. */ onUnauthenticatedRequest?: pulumi.Input; /** * Set of user claims to be requested from the IdP. */ scope?: pulumi.Input; /** * Name of the cookie used to maintain session information. */ sessionCookieName?: pulumi.Input; /** * Maximum duration of the authentication session, in seconds. */ sessionTimeout?: pulumi.Input; /** * ARN of the Cognito user pool. */ userPoolArn: pulumi.Input; /** * ID of the Cognito user pool client. */ userPoolClientId: pulumi.Input; /** * Domain prefix or fully-qualified domain name of the Cognito user pool. * * The following arguments are optional: */ userPoolDomain: pulumi.Input; } export interface ListenerDefaultActionAuthenticateOidc { /** * Query parameters to include in the redirect request to the authorization endpoint. Max: 10. */ authenticationRequestExtraParams?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Authorization endpoint of the IdP. */ authorizationEndpoint: pulumi.Input; /** * OAuth 2.0 client identifier. */ clientId: pulumi.Input; /** * OAuth 2.0 client secret. */ clientSecret: pulumi.Input; /** * OIDC issuer identifier of the IdP. */ issuer: pulumi.Input; /** * Behavior if the user is not authenticated. Valid values: `deny`, `allow` and `authenticate` */ onUnauthenticatedRequest?: pulumi.Input; /** * Set of user claims to be requested from the IdP. */ scope?: pulumi.Input; /** * Name of the cookie used to maintain session information. */ sessionCookieName?: pulumi.Input; /** * Maximum duration of the authentication session, in seconds. */ sessionTimeout?: pulumi.Input; /** * Token endpoint of the IdP. */ tokenEndpoint: pulumi.Input; /** * User info endpoint of the IdP. * * The following arguments are optional: */ userInfoEndpoint: pulumi.Input; } export interface ListenerDefaultActionFixedResponse { /** * Content type. Valid values are `text/plain`, `text/css`, `text/html`, `application/javascript` and `application/json`. * * The following arguments are optional: */ contentType: pulumi.Input; /** * Message body. */ messageBody?: pulumi.Input; /** * HTTP response code. Valid values are `2XX`, `4XX`, or `5XX`. */ statusCode?: pulumi.Input; } export interface ListenerDefaultActionForward { /** * Configuration block for target group stickiness for the rule. See below. */ stickiness?: pulumi.Input; /** * Set of 1-5 target group blocks. See below. * * The following arguments are optional: */ targetGroups: pulumi.Input[]>; } export interface ListenerDefaultActionForwardStickiness { /** * Time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days). * * The following arguments are optional: */ duration: pulumi.Input; /** * Whether target group stickiness is enabled. Default is `false`. */ enabled?: pulumi.Input; } export interface ListenerDefaultActionForwardTargetGroup { /** * ARN of the target group. * * The following arguments are optional: */ arn: pulumi.Input; /** * Weight. The range is 0 to 999. */ weight?: pulumi.Input; } export interface ListenerDefaultActionJwtValidation { /** * Repeatable configuration block for additional claims to validate. */ additionalClaims?: pulumi.Input[]>; /** * Issuer of the JWT. */ issuer: pulumi.Input; /** * JSON Web Key Set (JWKS) endpoint. This endpoint contains JSON Web Keys (JWK) that are used to validate signatures from the provider. This must be a full URL, including the HTTPS protocol, the domain, and the path. * * The following arguments are optional: */ jwksEndpoint: pulumi.Input; } export interface ListenerDefaultActionJwtValidationAdditionalClaim { /** * Format of the claim value. Valid values are `single-string`, `string-array` and `space-separated-values`. */ format: pulumi.Input; /** * Name of the claim to validate. `exp`, `iss`, `nbf`, or `iat` cannot be specified because they are validated by default. */ name: pulumi.Input; /** * List of expected values of the claim. */ values: pulumi.Input[]>; } export interface ListenerDefaultActionRedirect { /** * Hostname. This component is not percent-encoded. The hostname can contain `#{host}`. Defaults to `#{host}`. */ host?: pulumi.Input; /** * Absolute path, starting with the leading "/". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}. Defaults to `/#{path}`. */ path?: pulumi.Input; /** * Port. Specify a value from `1` to `65535` or `#{port}`. Defaults to `#{port}`. */ port?: pulumi.Input; /** * Protocol. Valid values are `HTTP`, `HTTPS`, or `#{protocol}`. Defaults to `#{protocol}`. */ protocol?: pulumi.Input; /** * Query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading "?". Defaults to `#{query}`. */ query?: pulumi.Input; /** * HTTP redirect code. The redirect is either permanent (`HTTP_301`) or temporary (`HTTP_302`). * * The following arguments are optional: */ statusCode: pulumi.Input; } export interface ListenerMutualAuthentication { /** * Valid values are `off` and `on`. */ advertiseTrustStoreCaNames?: pulumi.Input; /** * Whether client certificate expiry is ignored. * Default is `false`. */ ignoreClientCertificateExpiry?: pulumi.Input; /** * Valid values are `off`, `passthrough`, and `verify`. */ mode: pulumi.Input; /** * ARN of the elbv2 Trust Store. */ trustStoreArn?: pulumi.Input; } export interface ListenerRuleAction { /** * Information for creating an authenticate action using Cognito. Required if `type` is `authenticate-cognito`. */ authenticateCognito?: pulumi.Input; /** * Information for creating an authenticate action using OIDC. Required if `type` is `authenticate-oidc`. */ authenticateOidc?: pulumi.Input; /** * Information for creating an action that returns a custom HTTP response. Required if `type` is `fixed-response`. */ fixedResponse?: pulumi.Input; /** * Configuration block for creating an action that distributes requests among one or more target groups. * Specify only if `type` is `forward`. * Cannot be specified with `targetGroupArn`. */ forward?: pulumi.Input; /** * Information for creating a JWT validation action. Required if `type` is `jwt-validation`. */ jwtValidation?: pulumi.Input; /** * Order for the action. * The action with the lowest value for order is performed first. * Valid values are between `1` and `50000`. * Defaults to the position in the list of actions. */ order?: pulumi.Input; /** * Information for creating a redirect action. Required if `type` is `redirect`. */ redirect?: pulumi.Input; /** * ARN of the Target Group to which to route traffic. * Specify only if `type` is `forward` and you want to route to a single target group. * To route to one or more target groups, use a `forward` block instead. * Cannot be specified with `forward`. */ targetGroupArn?: pulumi.Input; /** * The type of routing action. Valid values are `forward`, `redirect`, `fixed-response`, `authenticate-cognito`, `authenticate-oidc` and `jwt-validation`. */ type: pulumi.Input; } export interface ListenerRuleActionAuthenticateCognito { /** * The query parameters to include in the redirect request to the authorization endpoint. Max: 10. */ authenticationRequestExtraParams?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * The behavior if the user is not authenticated. Valid values: `deny`, `allow` and `authenticate` */ onUnauthenticatedRequest?: pulumi.Input; /** * The set of user claims to be requested from the IdP. */ scope?: pulumi.Input; /** * The name of the cookie used to maintain session information. */ sessionCookieName?: pulumi.Input; /** * The maximum duration of the authentication session, in seconds. */ sessionTimeout?: pulumi.Input; /** * The ARN of the Cognito user pool. */ userPoolArn: pulumi.Input; /** * The ID of the Cognito user pool client. */ userPoolClientId: pulumi.Input; /** * The domain prefix or fully-qualified domain name of the Cognito user pool. */ userPoolDomain: pulumi.Input; } export interface ListenerRuleActionAuthenticateOidc { /** * The query parameters to include in the redirect request to the authorization endpoint. Max: 10. */ authenticationRequestExtraParams?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * The authorization endpoint of the IdP. */ authorizationEndpoint: pulumi.Input; /** * The OAuth 2.0 client identifier. */ clientId: pulumi.Input; /** * The OAuth 2.0 client secret. */ clientSecret: pulumi.Input; /** * The OIDC issuer identifier of the IdP. */ issuer: pulumi.Input; /** * The behavior if the user is not authenticated. Valid values: `deny`, `allow` and `authenticate` */ onUnauthenticatedRequest?: pulumi.Input; /** * The set of user claims to be requested from the IdP. */ scope?: pulumi.Input; /** * The name of the cookie used to maintain session information. */ sessionCookieName?: pulumi.Input; /** * The maximum duration of the authentication session, in seconds. */ sessionTimeout?: pulumi.Input; /** * The token endpoint of the IdP. */ tokenEndpoint: pulumi.Input; /** * The user info endpoint of the IdP. */ userInfoEndpoint: pulumi.Input; } export interface ListenerRuleActionFixedResponse { /** * The content type. Valid values are `text/plain`, `text/css`, `text/html`, `application/javascript` and `application/json`. */ contentType: pulumi.Input; /** * The message body. */ messageBody?: pulumi.Input; /** * The HTTP response code. Valid values are `2XX`, `4XX`, or `5XX`. */ statusCode?: pulumi.Input; } export interface ListenerRuleActionForward { /** * The target group stickiness for the rule. */ stickiness?: pulumi.Input; /** * One or more target group blocks. */ targetGroups: pulumi.Input[]>; } export interface ListenerRuleActionForwardStickiness { /** * The time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days). */ duration: pulumi.Input; /** * Indicates whether target group stickiness is enabled. */ enabled?: pulumi.Input; } export interface ListenerRuleActionForwardTargetGroup { /** * The Amazon Resource Name (ARN) of the target group. */ arn: pulumi.Input; /** * The weight. The range is 0 to 999. */ weight?: pulumi.Input; } export interface ListenerRuleActionJwtValidation { /** * Repeatable configuration block for additional claims to validate. */ additionalClaims?: pulumi.Input[]>; /** * Issuer of the JWT. */ issuer: pulumi.Input; /** * JSON Web Key Set (JWKS) endpoint. This endpoint contains JSON Web Keys (JWK) that are used to validate signatures from the provider. This must be a full URL, including the HTTPS protocol, the domain, and the path. */ jwksEndpoint: pulumi.Input; } export interface ListenerRuleActionJwtValidationAdditionalClaim { /** * Format of the claim value. Valid values are `single-string`, `string-array` and `space-separated-values`. */ format: pulumi.Input; /** * Name of the claim to validate. `exp`, `iss`, `nbf`, or `iat` cannot be specified because they are validated by default. */ name: pulumi.Input; /** * List of expected values of the claim. */ values: pulumi.Input[]>; } export interface ListenerRuleActionRedirect { /** * The hostname. This component is not percent-encoded. The hostname can contain `#{host}`. Defaults to `#{host}`. */ host?: pulumi.Input; /** * The absolute path, starting with the leading "/". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}. Defaults to `/#{path}`. */ path?: pulumi.Input; /** * The port. Specify a value from `1` to `65535` or `#{port}`. Defaults to `#{port}`. */ port?: pulumi.Input; /** * The protocol. Valid values are `HTTP`, `HTTPS`, or `#{protocol}`. Defaults to `#{protocol}`. */ protocol?: pulumi.Input; /** * The query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading "?". Defaults to `#{query}`. */ query?: pulumi.Input; /** * The HTTP redirect code. The redirect is either permanent (`HTTP_301`) or temporary (`HTTP_302`). */ statusCode: pulumi.Input; } export interface ListenerRuleCondition { /** * Host header patterns to match. Host Header block fields documented below. */ hostHeader?: pulumi.Input; /** * HTTP headers to match. HTTP Header block fields documented below. */ httpHeader?: pulumi.Input; /** * Contains a single `values` item which is a list of HTTP request methods or verbs to match. Maximum size is 40 characters. Only allowed characters are A-Z, hyphen (-) and underscore (\_). Comparison is case sensitive. Wildcards are not supported. Only one needs to match for the condition to be satisfied. AWS recommends that GET and HEAD requests are routed in the same way because the response to a HEAD request may be cached. */ httpRequestMethod?: pulumi.Input; /** * Path patterns to match against the request URL. Path Pattern block fields documented below. */ pathPattern?: pulumi.Input; /** * Query strings to match. Query String block fields documented below. */ queryStrings?: pulumi.Input[]>; /** * Contains a single `values` item which is a list of source IP CIDR notations to match. You can use both IPv4 and IPv6 addresses. Wildcards are not supported. Condition is satisfied if the source IP address of the request matches one of the CIDR blocks. Condition is not satisfied by the addresses in the `X-Forwarded-For` header, use `httpHeader` condition instead. * * > **NOTE::** Exactly one of `hostHeader`, `httpHeader`, `httpRequestMethod`, `pathPattern`, `queryString` or `sourceIp` must be set per condition. */ sourceIp?: pulumi.Input; } export interface ListenerRuleConditionHostHeader { /** * List of regular expressions to compare against the host header. The maximum length of each string is 128 characters. Conflicts with `values`. */ regexValues?: pulumi.Input[]>; /** * List of host header value patterns to match. Maximum size of each pattern is 128 characters. Comparison is case-insensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). Only one pattern needs to match for the condition to be satisfied. Conflicts with `regexValues`. */ values?: pulumi.Input[]>; } export interface ListenerRuleConditionHttpHeader { /** * Name of HTTP header to search. The maximum size is 40 characters. Comparison is case-insensitive. Only RFC7240 characters are supported. Wildcards are not supported. You cannot use HTTP header condition to specify the host header, use a `host-header` condition instead. */ httpHeaderName: pulumi.Input; /** * List of regular expression to compare against the HTTP header. The maximum length of each string is 128 characters. Conflicts with `values`. */ regexValues?: pulumi.Input[]>; /** * List of header value patterns to match. Maximum size of each pattern is 128 characters. Comparison is case-insensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). If the same header appears multiple times in the request they will be searched in order until a match is found. Only one pattern needs to match for the condition to be satisfied. To require that all of the strings are a match, create one condition block per string. Conflicts with `regexValues`. */ values?: pulumi.Input[]>; } export interface ListenerRuleConditionHttpRequestMethod { values: pulumi.Input[]>; } export interface ListenerRuleConditionPathPattern { /** * List of regular expressions to compare against the request URL. The maximum length of each string is 128 characters. Conflicts with `values`. */ regexValues?: pulumi.Input[]>; /** * List of path patterns to compare against the request URL. Maximum size of each pattern is 128 characters. Comparison is case-sensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). Only one pattern needs to match for the condition to be satisfied. Path pattern is compared only to the path of the URL, not to its query string. To compare against the query string, use a `queryString` condition. Conflicts with `regexValues`. */ values?: pulumi.Input[]>; } export interface ListenerRuleConditionQueryString { /** * Query string key pattern to match. */ key?: pulumi.Input; /** * Query string value pattern to match. */ value: pulumi.Input; } export interface ListenerRuleConditionSourceIp { values: pulumi.Input[]>; } export interface ListenerRuleTransform { /** * Configuration block for host header rewrite. Required if `type` is `host-header-rewrite`. See Host Header Rewrite Config Blocks below. */ hostHeaderRewriteConfig?: pulumi.Input; /** * Type of transform. Valid values are `host-header-rewrite` and `url-rewrite`. */ type: pulumi.Input; /** * Configuration block for URL rewrite. Required if `type` is `url-rewrite`. See URL Rewrite Config Blocks below. */ urlRewriteConfig?: pulumi.Input; } export interface ListenerRuleTransformHostHeaderRewriteConfig { /** * Block for host header rewrite configuration. Only one block is accepted. See Rewrite Blocks below. */ rewrite?: pulumi.Input; } export interface ListenerRuleTransformHostHeaderRewriteConfigRewrite { /** * Regular expression to match in the input string. Length constraints: Between 1 and 1024 characters. */ regex: pulumi.Input; /** * Replacement string to use when rewriting the matched input. Capture groups in the regular expression (for example, `$1` and `$2`) can be specified. Length constraints: Between 0 and 1024 characters. */ replace: pulumi.Input; } export interface ListenerRuleTransformUrlRewriteConfig { /** * Block for URL rewrite configuration. Only one block is accepted. See Rewrite Blocks below. */ rewrite?: pulumi.Input; } export interface ListenerRuleTransformUrlRewriteConfigRewrite { /** * Regular expression to match in the input string. Length constraints: Between 1 and 1024 characters. */ regex: pulumi.Input; /** * Replacement string to use when rewriting the matched input. Capture groups in the regular expression (for example, `$1` and `$2`) can be specified. Length constraints: Between 0 and 1024 characters. */ replace: pulumi.Input; } export interface LoadBalancerAccessLogs { /** * S3 bucket name to store the logs in. */ bucket: pulumi.Input; /** * Boolean to enable / disable `accessLogs`. Defaults to `false`, even when `bucket` is specified. */ enabled?: pulumi.Input; /** * S3 bucket prefix. Logs are stored in the root if not configured. */ prefix?: pulumi.Input; } export interface LoadBalancerConnectionLogs { /** * S3 bucket name to store the logs in. */ bucket: pulumi.Input; /** * Boolean to enable / disable `connectionLogs`. Defaults to `false`, even when `bucket` is specified. */ enabled?: pulumi.Input; /** * S3 bucket prefix. Logs are stored in the root if not configured. */ prefix?: pulumi.Input; } export interface LoadBalancerHealthCheckLogs { /** * S3 bucket name to store the logs in. */ bucket: pulumi.Input; /** * Boolean to enable / disable `healthCheckLogs`. Defaults to `false`, even when `bucket` is specified. */ enabled?: pulumi.Input; /** * S3 bucket prefix. Logs are stored in the root if not configured. */ prefix?: pulumi.Input; } export interface LoadBalancerIpamPools { /** * The ID of the IPv4 IPAM pool. */ ipv4IpamPoolId: pulumi.Input; } export interface LoadBalancerMinimumLoadBalancerCapacity { /** * The number of capacity units. */ capacityUnits: pulumi.Input; } export interface LoadBalancerSubnetMapping { /** * Allocation ID of the Elastic IP address for an internet-facing load balancer. */ allocationId?: pulumi.Input; /** * IPv6 address. You associate IPv6 CIDR blocks with your VPC and choose the subnets where you launch both internet-facing and internal Application Load Balancers or Network Load Balancers. */ ipv6Address?: pulumi.Input; outpostId?: pulumi.Input; /** * Private IPv4 address for an internal load balancer. */ privateIpv4Address?: pulumi.Input; /** * ID of the subnet of which to attach to the load balancer. You can specify only one subnet per Availability Zone. */ subnetId: pulumi.Input; } export interface TargetGroupHealthCheck { /** * Whether health checks are enabled. Defaults to `true`. */ enabled?: pulumi.Input; /** * Number of consecutive health check successes required before considering a target healthy. The range is 2-10. Defaults to 3. */ healthyThreshold?: pulumi.Input; /** * Approximate amount of time, in seconds, between health checks of an individual target. The range is 5-300. For `lambda` target groups, it needs to be greater than the timeout of the underlying `lambda`. Defaults to 30. */ interval?: pulumi.Input; /** * The HTTP or gRPC codes to use when checking for a successful response from a target. * The `health_check.protocol` must be one of `HTTP` or `HTTPS` or the `targetType` must be `lambda`. * Values can be comma-separated individual values (e.g., "200,202") or a range of values (e.g., "200-299"). * Once the value has been set, removing it has no effect. To unset it, set it to an empty string `""`. * * For gRPC-based target groups (i.e., the `protocol` is one of `HTTP` or `HTTPS` and the `protocolVersion` is `GRPC`), values can be between `0` and `99`. The default is `12`. * * When used with an Application Load Balancer (i.e., the `protocol` is one of `HTTP` or `HTTPS` and the `protocolVersion` is not `GRPC`), values can be between `200` and `499`. The default is `200`. * * When used with a Network Load Balancer (i.e., the `protocol` is one of `TCP`, `TCP_UDP`, `UDP`, or `TLS`), values can be between `200` and `599`. The default is `200-399`. * * When the `targetType` is `lambda`, values can be between `200` and `499`. The default is `200`. */ matcher?: pulumi.Input; /** * Destination for the health check request. Required for HTTP/HTTPS ALB and HTTP NLB. Only applies to HTTP/HTTPS. * Once the value has been set, removing it has no effect. To unset it, set it to an empty string `""`. * * For HTTP and HTTPS health checks, the default is `/`. * * For gRPC health checks, the default is `/AWS.ALB/healthcheck`. */ path?: pulumi.Input; /** * The port the load balancer uses when performing health checks on targets. * Valid values are either `traffic-port`, to use the same port as the target group, or a valid port number between `1` and `65536`. * Default is `traffic-port`. */ port?: pulumi.Input; /** * Protocol the load balancer uses when performing health checks on targets. * Must be one of `TCP`, `HTTP`, or `HTTPS`. * The `TCP` protocol is not supported for health checks if the protocol of the target group is `HTTP` or `HTTPS`. * Default is `HTTP`. * Cannot be specified when the `targetType` is `lambda`. */ protocol?: pulumi.Input; /** * Amount of time, in seconds, during which no response from a target means a failed health check. The range is 2–120 seconds. For target groups with a protocol of HTTP, the default is 6 seconds. For target groups with a protocol of TCP, TLS or HTTPS, the default is 10 seconds. For target groups with a protocol of GENEVE, the default is 5 seconds. If the target type is lambda, the default is 30 seconds. */ timeout?: pulumi.Input; /** * Number of consecutive health check failures required before considering a target unhealthy. The range is 2-10. Defaults to 3. */ unhealthyThreshold?: pulumi.Input; } export interface TargetGroupStickiness { /** * Only used when the type is `lbCookie`. The time period, in seconds, during which requests from a client should be routed to the same target. After this time period expires, the load balancer-generated cookie is considered stale. The range is 1 second to 1 week (604800 seconds). The default value is 1 day (86400 seconds). */ cookieDuration?: pulumi.Input; /** * Name of the application based cookie. AWSALB, AWSALBAPP, and AWSALBTG prefixes are reserved and cannot be used. Only needed when type is `appCookie`. */ cookieName?: pulumi.Input; /** * Boolean to enable / disable `stickiness`. Default is `true`. */ enabled?: pulumi.Input; /** * The type of sticky sessions. The only current possible values are `lbCookie`, `appCookie` for ALBs, `sourceIp` for NLBs, and `sourceIpDestIp`, `sourceIpDestIpProto` for GWLBs. */ type: pulumi.Input; } export interface TargetGroupTargetFailover { /** * Indicates how the GWLB handles existing flows when a target is deregistered. Possible values are `rebalance` and `noRebalance`. Must match the attribute value set for `onUnhealthy`. Default: `noRebalance`. */ onDeregistration: pulumi.Input; /** * Indicates how the GWLB handles existing flows when a target is unhealthy. Possible values are `rebalance` and `noRebalance`. Must match the attribute value set for `onDeregistration`. Default: `noRebalance`. */ onUnhealthy: pulumi.Input; } export interface TargetGroupTargetGroupHealth { /** * Block to configure DNS Failover requirements. See DNS Failover below for details on attributes. */ dnsFailover?: pulumi.Input; /** * Block to configure Unhealthy State Routing requirements. See Unhealthy State Routing below for details on attributes. */ unhealthyStateRouting?: pulumi.Input; } export interface TargetGroupTargetGroupHealthDnsFailover { /** * The minimum number of targets that must be healthy. If the number of healthy targets is below this value, mark the zone as unhealthy in DNS, so that traffic is routed only to healthy zones. The possible values are `off` or an integer from `1` to the maximum number of targets. The default is `off`. */ minimumHealthyTargetsCount?: pulumi.Input; /** * The minimum percentage of targets that must be healthy. If the percentage of healthy targets is below this value, mark the zone as unhealthy in DNS, so that traffic is routed only to healthy zones. The possible values are `off` or an integer from `1` to `100`. The default is `off`. */ minimumHealthyTargetsPercentage?: pulumi.Input; } export interface TargetGroupTargetGroupHealthUnhealthyStateRouting { /** * The minimum number of targets that must be healthy. If the number of healthy targets is below this value, send traffic to all targets, including unhealthy targets. The possible values are `1` to the maximum number of targets. The default is `1`. */ minimumHealthyTargetsCount?: pulumi.Input; /** * The minimum percentage of targets that must be healthy. If the percentage of healthy targets is below this value, send traffic to all targets, including unhealthy targets. The possible values are `off` or an integer from `1` to `100`. The default is `off`. */ minimumHealthyTargetsPercentage?: pulumi.Input; } export interface TargetGroupTargetHealthState { /** * Indicates whether the load balancer terminates connections to unhealthy targets. Possible values are `true` or `false`. Default: `true`. */ enableUnhealthyConnectionTermination: pulumi.Input; /** * Indicates the time to wait for in-flight requests to complete when a target becomes unhealthy. The range is `0-360000`. This value has to be set only if `enableUnhealthyConnectionTermination` is set to false. Default: `0`. */ unhealthyDrainingInterval?: pulumi.Input; } } export namespace lex { export interface BotAbortStatement { messages: pulumi.Input[]>; responseCard?: pulumi.Input; } export interface BotAbortStatementMessage { /** * The text of the message. */ content: pulumi.Input; /** * The content type of the message string. */ contentType: pulumi.Input; /** * Identifies the message group that the message belongs to. When a group * is assigned to a message, Amazon Lex returns one message from each group in the response. */ groupNumber?: pulumi.Input; } export interface BotAliasConversationLogs { /** * The Amazon Resource Name (ARN) of the IAM role used to write your logs to CloudWatch Logs or an S3 bucket. Must be between 20 and 2048 characters in length. */ iamRoleArn: pulumi.Input; /** * The settings for your conversation logs. You can log text, audio, or both. Attributes are documented under log_settings. */ logSettings?: pulumi.Input[]>; } export interface BotAliasConversationLogsLogSetting { /** * The destination where logs are delivered. Options are `CLOUDWATCH_LOGS` or `S3`. */ destination: pulumi.Input; /** * The Amazon Resource Name (ARN) of the key used to encrypt audio logs in an S3 bucket. This can only be specified when `destination` is set to `S3`. Must be between 20 and 2048 characters in length. */ kmsKeyArn?: pulumi.Input; /** * The type of logging that is enabled. Options are `AUDIO` or `TEXT`. */ logType: pulumi.Input; /** * The Amazon Resource Name (ARN) of the CloudWatch Logs log group or S3 bucket where the logs are delivered. Must be less than or equal to 2048 characters in length. */ resourceArn: pulumi.Input; /** * The prefix of the S3 object key for `AUDIO` logs or the log stream name for `TEXT` logs. */ resourcePrefix?: pulumi.Input; } export interface BotClarificationPrompt { /** * The number of times to prompt the user for information. */ maxAttempts: pulumi.Input; messages: pulumi.Input[]>; responseCard?: pulumi.Input; } export interface BotClarificationPromptMessage { /** * The text of the message. */ content: pulumi.Input; /** * The content type of the message string. */ contentType: pulumi.Input; /** * Identifies the message group that the message belongs to. When a group * is assigned to a message, Amazon Lex returns one message from each group in the response. */ groupNumber?: pulumi.Input; } export interface BotIntent { /** * The name of the intent. Must be less than or equal to 100 characters in length. */ intentName: pulumi.Input; /** * The version of the intent. Must be less than or equal to 64 characters in length. */ intentVersion: pulumi.Input; } export interface IntentConclusionStatement { messages: pulumi.Input[]>; responseCard?: pulumi.Input; } export interface IntentConclusionStatementMessage { /** * The text of the message. Must be less than or equal to 1000 characters in length. */ content: pulumi.Input; /** * The content type of the message string. */ contentType: pulumi.Input; /** * Identifies the message group that the message belongs to. When a group * is assigned to a message, Amazon Lex returns one message from each group in the response. Must be a number between 1 and 5 (inclusive). */ groupNumber?: pulumi.Input; } export interface IntentConfirmationPrompt { /** * The number of times to prompt the user for information. Must be a number between 1 and 5 (inclusive). */ maxAttempts: pulumi.Input; messages: pulumi.Input[]>; responseCard?: pulumi.Input; } export interface IntentConfirmationPromptMessage { /** * The text of the message. Must be less than or equal to 1000 characters in length. */ content: pulumi.Input; /** * The content type of the message string. */ contentType: pulumi.Input; /** * Identifies the message group that the message belongs to. When a group * is assigned to a message, Amazon Lex returns one message from each group in the response. Must be a number between 1 and 5 (inclusive). */ groupNumber?: pulumi.Input; } export interface IntentDialogCodeHook { /** * The version of the request-response that you want Amazon Lex to use * to invoke your Lambda function. For more information, see * [Using Lambda Functions](https://docs.aws.amazon.com/lex/latest/dg/using-lambda.html). Must be less than or equal to 5 characters in length. */ messageVersion: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Lambda function. */ uri: pulumi.Input; } export interface IntentFollowUpPrompt { /** * Prompts for information from the user. Attributes are documented under prompt. */ prompt: pulumi.Input; /** * If the user answers "no" to the question defined in the prompt field, * Amazon Lex responds with this statement to acknowledge that the intent was canceled. Attributes are * documented below under statement. */ rejectionStatement: pulumi.Input; } export interface IntentFollowUpPromptPrompt { /** * The number of times to prompt the user for information. Must be a number between 1 and 5 (inclusive). */ maxAttempts: pulumi.Input; /** * A set of messages, each of which provides a message string and its type. * You can specify the message string in plain text or in Speech Synthesis Markup Language (SSML). * Attributes are documented under message. Must contain between 1 and 15 messages. */ messages: pulumi.Input[]>; /** * The response card. Amazon Lex will substitute session attributes and * slot values into the response card. For more information, see * [Example: Using a Response Card](https://docs.aws.amazon.com/lex/latest/dg/ex-resp-card.html). Must be less than or equal to 50000 characters in length. */ responseCard?: pulumi.Input; } export interface IntentFollowUpPromptPromptMessage { /** * The text of the message. Must be less than or equal to 1000 characters in length. */ content: pulumi.Input; /** * The content type of the message string. */ contentType: pulumi.Input; /** * Identifies the message group that the message belongs to. When a group * is assigned to a message, Amazon Lex returns one message from each group in the response. Must be a number between 1 and 5 (inclusive). */ groupNumber?: pulumi.Input; } export interface IntentFollowUpPromptRejectionStatement { messages: pulumi.Input[]>; responseCard?: pulumi.Input; } export interface IntentFollowUpPromptRejectionStatementMessage { /** * The text of the message. Must be less than or equal to 1000 characters in length. */ content: pulumi.Input; /** * The content type of the message string. */ contentType: pulumi.Input; /** * Identifies the message group that the message belongs to. When a group * is assigned to a message, Amazon Lex returns one message from each group in the response. Must be a number between 1 and 5 (inclusive). */ groupNumber?: pulumi.Input; } export interface IntentFulfillmentActivity { /** * A description of the Lambda function that is run to fulfill the intent. * Required if type is CodeHook. Attributes are documented under code_hook. */ codeHook?: pulumi.Input; /** * How the intent should be fulfilled, either by running a Lambda function or by * returning the slot data to the client application. Type can be either `ReturnIntent` or `CodeHook`, as documented [here](https://docs.aws.amazon.com/lex/latest/dg/API_FulfillmentActivity.html). */ type: pulumi.Input; } export interface IntentFulfillmentActivityCodeHook { /** * The version of the request-response that you want Amazon Lex to use * to invoke your Lambda function. For more information, see * [Using Lambda Functions](https://docs.aws.amazon.com/lex/latest/dg/using-lambda.html). Must be less than or equal to 5 characters in length. */ messageVersion: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Lambda function. */ uri: pulumi.Input; } export interface IntentRejectionStatement { messages: pulumi.Input[]>; responseCard?: pulumi.Input; } export interface IntentRejectionStatementMessage { /** * The text of the message. Must be less than or equal to 1000 characters in length. */ content: pulumi.Input; /** * The content type of the message string. */ contentType: pulumi.Input; /** * Identifies the message group that the message belongs to. When a group * is assigned to a message, Amazon Lex returns one message from each group in the response. Must be a number between 1 and 5 (inclusive). */ groupNumber?: pulumi.Input; } export interface IntentSlot { /** * A description of the bot. Must be less than or equal to 200 characters in length. */ description?: pulumi.Input; /** * The name of the intent slot that you want to create. The name is case sensitive. Must be less than or equal to 100 characters in length. */ name: pulumi.Input; /** * Directs Lex the order in which to elicit this slot value from the user. * For example, if the intent has two slots with priorities 1 and 2, AWS Lex first elicits a value for * the slot with priority 1. If multiple slots share the same priority, the order in which Lex elicits * values is arbitrary. Must be between 1 and 100. */ priority?: pulumi.Input; /** * The response card. Amazon Lex will substitute session attributes and * slot values into the response card. For more information, see * [Example: Using a Response Card](https://docs.aws.amazon.com/lex/latest/dg/ex-resp-card.html). Must be less than or equal to 50000 characters in length. */ responseCard?: pulumi.Input; /** * If you know a specific pattern with which users might respond to * an Amazon Lex request for a slot value, you can provide those utterances to improve accuracy. This * is optional. In most cases, Amazon Lex is capable of understanding user utterances. Must have between 1 and 10 items in the list, and each item must be less than or equal to 200 characters in length. */ sampleUtterances?: pulumi.Input[]>; /** * Specifies whether the slot is required or optional. */ slotConstraint: pulumi.Input; /** * The type of the slot, either a custom slot type that you defined or one of * the built-in slot types. Must be less than or equal to 100 characters in length. */ slotType: pulumi.Input; /** * The version of the slot type. Must be less than or equal to 64 characters in length. */ slotTypeVersion?: pulumi.Input; /** * The prompt that Amazon Lex uses to elicit the slot value * from the user. Attributes are documented under prompt. */ valueElicitationPrompt?: pulumi.Input; } export interface IntentSlotValueElicitationPrompt { /** * The number of times to prompt the user for information. Must be a number between 1 and 5 (inclusive). */ maxAttempts: pulumi.Input; messages: pulumi.Input[]>; responseCard?: pulumi.Input; } export interface IntentSlotValueElicitationPromptMessage { /** * The text of the message. Must be less than or equal to 1000 characters in length. */ content: pulumi.Input; /** * The content type of the message string. */ contentType: pulumi.Input; /** * Identifies the message group that the message belongs to. When a group * is assigned to a message, Amazon Lex returns one message from each group in the response. Must be a number between 1 and 5 (inclusive). */ groupNumber?: pulumi.Input; } export interface SlotTypeEnumerationValue { /** * Additional values related to the slot type value. Each item must be less than or equal to 140 characters in length. */ synonyms?: pulumi.Input[]>; /** * The value of the slot type. Must be less than or equal to 140 characters in length. */ value: pulumi.Input; } export interface V2modelsBotDataPrivacy { /** * (Required) - For each Amazon Lex bot created with the Amazon Lex Model Building Service, you must specify whether your use of Amazon Lex is related to a website, program, or other application that is directed or targeted, in whole or in part, to children under age 13 and subject to the Children's Online Privacy Protection Act (COPPA) by specifying true or false in the childDirected field. */ childDirected: pulumi.Input; } export interface V2modelsBotLocaleTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface V2modelsBotLocaleVoiceSettings { /** * Indicates the type of Amazon Polly voice that Amazon Lex should use for voice interaction with the user. Valid values are `standard` and `neural`. If not specified, the default is `standard`. */ engine?: pulumi.Input; /** * Identifier of the Amazon Polly voice to use. */ voiceId: pulumi.Input; } export interface V2modelsBotMember { /** * (Required) - Alias ID of a bot that is a member of this network of bots. */ aliasId: pulumi.Input; /** * (Required) - Alias name of a bot that is a member of this network of bots. */ aliasName: pulumi.Input; /** * (Required) - Unique ID of a bot that is a member of this network of bots. */ id: pulumi.Input; /** * Name of the bot. The bot name must be unique in the account that creates the bot. Type String. Length Constraints: Minimum length of 1. Maximum length of 100. */ name: pulumi.Input; /** * (Required) - Version of a bot that is a member of this network of bots. */ version: pulumi.Input; } export interface V2modelsBotTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface V2modelsBotVersionLocaleSpecification { sourceBotVersion: pulumi.Input; } export interface V2modelsBotVersionTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; } export interface V2modelsIntentClosingSetting { /** * Whether an intent's closing response is used. When this field is false, the closing response isn't sent to the user. If the active field isn't specified, the default is true. */ active?: pulumi.Input; /** * Configuration block for response that Amazon Lex sends to the user when the intent is complete. See `closingResponse`. */ closingResponse?: pulumi.Input; /** * Configuration block for list of conditional branches associated with the intent's closing response. These branches are executed when the `nextStep` attribute is set to `EvalutateConditional`. See `conditional`. */ conditional?: pulumi.Input; /** * Next step that the bot executes after playing the intent's closing response. See `nextStep`. */ nextStep?: pulumi.Input; } export interface V2modelsIntentClosingSettingClosingResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentClosingSettingClosingResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message?: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentClosingSettingClosingResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentClosingSettingClosingResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentClosingSettingClosingResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentClosingSettingClosingResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentClosingSettingClosingResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentClosingSettingClosingResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentClosingSettingClosingResponseMessageGroupVariation { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentClosingSettingClosingResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentClosingSettingClosingResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentClosingSettingClosingResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentClosingSettingClosingResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentClosingSettingClosingResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentClosingSettingConditional { /** * Whether a conditional branch is active. When active is false, the conditions are not evaluated. */ active: pulumi.Input; /** * Configuration blocks for conditional branches. A conditional branch is made up of a condition, a response and a next step. The response and next step are executed when the condition is true. See `conditionalBranch`. */ conditionalBranches?: pulumi.Input[]>; /** * Configuration block for the conditional branch that should be followed when the conditions for other branches are not satisfied. A branch is made up of a condition, a response and a next step. See `defaultBranch`. */ defaultBranch?: pulumi.Input; } export interface V2modelsIntentClosingSettingConditionalConditionalBranch { /** * Configuration block for the expression to evaluate. If the condition is true, the branch's actions are taken. See `condition`. */ condition?: pulumi.Input; /** * Name of the branch. */ name: pulumi.Input; /** * Configuration block for the next step in the conversation. See `nextStep`. */ nextStep?: pulumi.Input; /** * Configuration block for a list of message groups that Amazon Lex uses to respond to the user input. See `response`. */ response?: pulumi.Input; } export interface V2modelsIntentClosingSettingConditionalConditionalBranchCondition { /** * Expression string that is evaluated. */ expressionString: pulumi.Input; } export interface V2modelsIntentClosingSettingConditionalConditionalBranchNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentClosingSettingConditionalConditionalBranchNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentClosingSettingConditionalConditionalBranchNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentClosingSettingConditionalConditionalBranchNextStepIntentSlot { /** * Which attempt to configure. Valid values are `Initial`, `Retry1`, `Retry2`, `Retry3`, `Retry4`, `Retry5`. */ mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentClosingSettingConditionalConditionalBranchNextStepIntentSlotValue { /** * Value that Amazon Lex determines for the slot. The actual value depends on the setting of the value selection strategy for the bot. You can choose to use the value entered by the user, or you can have Amazon Lex choose the first value in the resolvedValues list. */ interpretedValue?: pulumi.Input; } export interface V2modelsIntentClosingSettingConditionalConditionalBranchResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentClosingSettingConditionalConditionalBranchResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message?: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentClosingSettingConditionalConditionalBranchResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentClosingSettingConditionalConditionalBranchResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentClosingSettingConditionalConditionalBranchResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentClosingSettingConditionalConditionalBranchResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentClosingSettingConditionalConditionalBranchResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentClosingSettingConditionalConditionalBranchResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentClosingSettingConditionalConditionalBranchResponseMessageGroupVariation { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentClosingSettingConditionalConditionalBranchResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentClosingSettingConditionalConditionalBranchResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentClosingSettingConditionalConditionalBranchResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentClosingSettingConditionalConditionalBranchResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentClosingSettingConditionalConditionalBranchResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentClosingSettingConditionalDefaultBranch { /** * Configuration block for the next step in the conversation. See `nextStep`. */ nextStep?: pulumi.Input; /** * Configuration block for a list of message groups that Amazon Lex uses to respond to the user input. See `response`. */ response?: pulumi.Input; } export interface V2modelsIntentClosingSettingConditionalDefaultBranchNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentClosingSettingConditionalDefaultBranchNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentClosingSettingConditionalDefaultBranchNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentClosingSettingConditionalDefaultBranchNextStepIntentSlot { /** * Which attempt to configure. Valid values are `Initial`, `Retry1`, `Retry2`, `Retry3`, `Retry4`, `Retry5`. */ mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentClosingSettingConditionalDefaultBranchNextStepIntentSlotValue { /** * Value that Amazon Lex determines for the slot. The actual value depends on the setting of the value selection strategy for the bot. You can choose to use the value entered by the user, or you can have Amazon Lex choose the first value in the resolvedValues list. */ interpretedValue?: pulumi.Input; } export interface V2modelsIntentClosingSettingConditionalDefaultBranchResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentClosingSettingConditionalDefaultBranchResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message?: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentClosingSettingConditionalDefaultBranchResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentClosingSettingConditionalDefaultBranchResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentClosingSettingConditionalDefaultBranchResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentClosingSettingConditionalDefaultBranchResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentClosingSettingConditionalDefaultBranchResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentClosingSettingConditionalDefaultBranchResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentClosingSettingConditionalDefaultBranchResponseMessageGroupVariation { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentClosingSettingConditionalDefaultBranchResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentClosingSettingConditionalDefaultBranchResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentClosingSettingConditionalDefaultBranchResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentClosingSettingConditionalDefaultBranchResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentClosingSettingConditionalDefaultBranchResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentClosingSettingNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentClosingSettingNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentClosingSettingNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentClosingSettingNextStepIntentSlot { /** * Which attempt to configure. Valid values are `Initial`, `Retry1`, `Retry2`, `Retry3`, `Retry4`, `Retry5`. */ mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentClosingSettingNextStepIntentSlotValue { /** * Value that Amazon Lex determines for the slot. The actual value depends on the setting of the value selection strategy for the bot. You can choose to use the value entered by the user, or you can have Amazon Lex choose the first value in the resolvedValues list. */ interpretedValue?: pulumi.Input; } export interface V2modelsIntentConfirmationSetting { /** * Whether the intent's confirmation is sent to the user. When this field is false, confirmation and declination responses aren't sent. If the active field isn't specified, the default is true. */ active?: pulumi.Input; /** * Configuration block for the intent's confirmation step. The dialog code hook is triggered based on these invocation settings when the confirmation next step or declination next step or failure next step is `invokeDialogCodeHook`. See `codeHook`. */ codeHook?: pulumi.Input; /** * Configuration block for conditional branches to evaluate after the intent is closed. See `confirmationConditional`. */ confirmationConditional?: pulumi.Input; /** * Configuration block for the next step that the bot executes when the customer confirms the intent. See `confirmationNextStep`. */ confirmationNextStep?: pulumi.Input; /** * Configuration block for message groups that Amazon Lex uses to respond the user input. See `confirmationResponse`. */ confirmationResponse?: pulumi.Input; /** * Configuration block for conditional branches to evaluate after the intent is declined. See `declinationConditional`. */ declinationConditional?: pulumi.Input; /** * Configuration block for the next step that the bot executes when the customer declines the intent. See `declinationNextStep`. */ declinationNextStep?: pulumi.Input; /** * Configuration block for when the user answers "no" to the question defined in `promptSpecification`, Amazon Lex responds with this response to acknowledge that the intent was canceled. See `declinationResponse`. */ declinationResponse?: pulumi.Input; /** * Configuration block for when the code hook is invoked during confirmation prompt retries. See `elicitationCodeHook`. */ elicitationCodeHook?: pulumi.Input; /** * Configuration block for conditional branches. Branches are evaluated in the order that they are entered in the list. The first branch with a condition that evaluates to true is executed. The last branch in the list is the default branch. The default branch should not have any condition expression. The default branch is executed if no other branch has a matching condition. See `failureConditional`. */ failureConditional?: pulumi.Input; /** * Configuration block for the next step to take in the conversation if the confirmation step fails. See `failureNextStep`. */ failureNextStep?: pulumi.Input; /** * Configuration block for message groups that Amazon Lex uses to respond the user input. See `failureResponse`. */ failureResponse?: pulumi.Input; /** * Configuration block for prompting the user to confirm the intent. This question should have a yes or no answer. Amazon Lex uses this prompt to ensure that the user acknowledges that the intent is ready for fulfillment. See `promptSpecification`. */ promptSpecification?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHook { /** * Whether a dialog code hook is used when the intent is activated. */ active: pulumi.Input; /** * Whether a Lambda function should be invoked for the dialog. */ enableCodeHookInvocation: pulumi.Input; /** * Label that indicates the dialog step from which the dialog code hook is happening. */ invocationLabel?: pulumi.Input; /** * Configuration block that contains the responses and actions that Amazon Lex takes after the Lambda function is complete. See `postCodeHookSpecification`. */ postCodeHookSpecification?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecification { /** * Configuration block for conditional branches to evaluate after the dialog code hook throws an exception or returns with the State field of the Intent object set to Failed. */ failureConditional?: pulumi.Input; /** * Configuration block for the next step the bot runs after the dialog code hook throws an exception or returns with the State field of the Intent object set to Failed . See `failureNextStep`. */ failureNextStep?: pulumi.Input; /** * Configuration block for message groups that Amazon Lex uses to respond the user input. See `failureResponse`. */ failureResponse?: pulumi.Input; /** * Configuration block for conditional branches to evaluate after the dialog code hook finishes successfully. See `successConditional`. */ successConditional?: pulumi.Input; /** * Configuration block for the next step the bot runs after the dialog code hook finishes successfully. See `successNextStep`. */ successNextStep?: pulumi.Input; /** * Configuration block for message groups that Amazon Lex uses to respond the user input. See `successResponse`. */ successResponse?: pulumi.Input; /** * Configuration block for conditional branches to evaluate if the code hook times out. See `timeoutConditional`. */ timeoutConditional?: pulumi.Input; /** * Configuration block for the next step that the bot runs when the code hook times out. See `timeoutNextStep`. */ timeoutNextStep?: pulumi.Input; /** * Configuration block for a list of message groups that Amazon Lex uses to respond the user input. See `timeoutResponse`. */ timeoutResponse?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditional { /** * Whether a conditional branch is active. When active is false, the conditions are not evaluated. */ active: pulumi.Input; /** * Configuration blocks for conditional branches. A conditional branch is made up of a condition, a response and a next step. The response and next step are executed when the condition is true. See `conditionalBranch`. */ conditionalBranches?: pulumi.Input[]>; /** * Configuration block for the conditional branch that should be followed when the conditions for other branches are not satisfied. A branch is made up of a condition, a response and a next step. See `defaultBranch`. */ defaultBranch?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranch { /** * Configuration block for the expression to evaluate. If the condition is true, the branch's actions are taken. See `condition`. */ condition?: pulumi.Input; /** * Name of the branch. */ name: pulumi.Input; /** * Configuration block for the next step in the conversation. See `nextStep`. */ nextStep?: pulumi.Input; /** * Configuration block for a list of message groups that Amazon Lex uses to respond to the user input. See `response`. */ response?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchCondition { /** * Expression string that is evaluated. */ expressionString: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchNextStepIntentSlot { /** * Which attempt to configure. Valid values are `Initial`, `Retry1`, `Retry2`, `Retry3`, `Retry4`, `Retry5`. */ mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchNextStepIntentSlotValue { /** * Value that Amazon Lex determines for the slot. The actual value depends on the setting of the value selection strategy for the bot. You can choose to use the value entered by the user, or you can have Amazon Lex choose the first value in the resolvedValues list. */ interpretedValue?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message?: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchResponseMessageGroupVariation { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranch { /** * Configuration block for the next step in the conversation. See `nextStep`. */ nextStep?: pulumi.Input; /** * Configuration block for a list of message groups that Amazon Lex uses to respond to the user input. See `response`. */ response?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchNextStepIntentSlot { /** * Which attempt to configure. Valid values are `Initial`, `Retry1`, `Retry2`, `Retry3`, `Retry4`, `Retry5`. */ mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchNextStepIntentSlotValue { /** * Value that Amazon Lex determines for the slot. The actual value depends on the setting of the value selection strategy for the bot. You can choose to use the value entered by the user, or you can have Amazon Lex choose the first value in the resolvedValues list. */ interpretedValue?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message?: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchResponseMessageGroupVariation { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureNextStepIntentSlot { /** * Which attempt to configure. Valid values are `Initial`, `Retry1`, `Retry2`, `Retry3`, `Retry4`, `Retry5`. */ mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureNextStepIntentSlotValue { /** * Value that Amazon Lex determines for the slot. The actual value depends on the setting of the value selection strategy for the bot. You can choose to use the value entered by the user, or you can have Amazon Lex choose the first value in the resolvedValues list. */ interpretedValue?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message?: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureResponseMessageGroupVariation { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditional { /** * Whether a conditional branch is active. When active is false, the conditions are not evaluated. */ active: pulumi.Input; /** * Configuration blocks for conditional branches. A conditional branch is made up of a condition, a response and a next step. The response and next step are executed when the condition is true. See `conditionalBranch`. */ conditionalBranches?: pulumi.Input[]>; /** * Configuration block for the conditional branch that should be followed when the conditions for other branches are not satisfied. A branch is made up of a condition, a response and a next step. See `defaultBranch`. */ defaultBranch?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranch { /** * Configuration block for the expression to evaluate. If the condition is true, the branch's actions are taken. See `condition`. */ condition?: pulumi.Input; /** * Name of the branch. */ name: pulumi.Input; /** * Configuration block for the next step in the conversation. See `nextStep`. */ nextStep?: pulumi.Input; /** * Configuration block for a list of message groups that Amazon Lex uses to respond to the user input. See `response`. */ response?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchCondition { /** * Expression string that is evaluated. */ expressionString: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchNextStepIntentSlot { /** * Which attempt to configure. Valid values are `Initial`, `Retry1`, `Retry2`, `Retry3`, `Retry4`, `Retry5`. */ mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchNextStepIntentSlotValue { /** * Value that Amazon Lex determines for the slot. The actual value depends on the setting of the value selection strategy for the bot. You can choose to use the value entered by the user, or you can have Amazon Lex choose the first value in the resolvedValues list. */ interpretedValue?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message?: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchResponseMessageGroupVariation { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranch { /** * Configuration block for the next step in the conversation. See `nextStep`. */ nextStep?: pulumi.Input; /** * Configuration block for a list of message groups that Amazon Lex uses to respond to the user input. See `response`. */ response?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchNextStepIntentSlot { /** * Which attempt to configure. Valid values are `Initial`, `Retry1`, `Retry2`, `Retry3`, `Retry4`, `Retry5`. */ mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchNextStepIntentSlotValue { /** * Value that Amazon Lex determines for the slot. The actual value depends on the setting of the value selection strategy for the bot. You can choose to use the value entered by the user, or you can have Amazon Lex choose the first value in the resolvedValues list. */ interpretedValue?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message?: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchResponseMessageGroupVariation { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessNextStepIntentSlot { /** * Which attempt to configure. Valid values are `Initial`, `Retry1`, `Retry2`, `Retry3`, `Retry4`, `Retry5`. */ mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessNextStepIntentSlotValue { /** * Value that Amazon Lex determines for the slot. The actual value depends on the setting of the value selection strategy for the bot. You can choose to use the value entered by the user, or you can have Amazon Lex choose the first value in the resolvedValues list. */ interpretedValue?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message?: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessResponseMessageGroupVariation { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditional { /** * Whether a conditional branch is active. When active is false, the conditions are not evaluated. */ active: pulumi.Input; /** * Configuration blocks for conditional branches. A conditional branch is made up of a condition, a response and a next step. The response and next step are executed when the condition is true. See `conditionalBranch`. */ conditionalBranches?: pulumi.Input[]>; /** * Configuration block for the conditional branch that should be followed when the conditions for other branches are not satisfied. A branch is made up of a condition, a response and a next step. See `defaultBranch`. */ defaultBranch?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranch { /** * Configuration block for the expression to evaluate. If the condition is true, the branch's actions are taken. See `condition`. */ condition?: pulumi.Input; /** * Name of the branch. */ name: pulumi.Input; /** * Configuration block for the next step in the conversation. See `nextStep`. */ nextStep?: pulumi.Input; /** * Configuration block for a list of message groups that Amazon Lex uses to respond to the user input. See `response`. */ response?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchCondition { /** * Expression string that is evaluated. */ expressionString: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchNextStepIntentSlot { /** * Which attempt to configure. Valid values are `Initial`, `Retry1`, `Retry2`, `Retry3`, `Retry4`, `Retry5`. */ mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchNextStepIntentSlotValue { /** * Value that Amazon Lex determines for the slot. The actual value depends on the setting of the value selection strategy for the bot. You can choose to use the value entered by the user, or you can have Amazon Lex choose the first value in the resolvedValues list. */ interpretedValue?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message?: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchResponseMessageGroupVariation { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranch { /** * Configuration block for the next step in the conversation. See `nextStep`. */ nextStep?: pulumi.Input; /** * Configuration block for a list of message groups that Amazon Lex uses to respond to the user input. See `response`. */ response?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchNextStepIntentSlot { /** * Which attempt to configure. Valid values are `Initial`, `Retry1`, `Retry2`, `Retry3`, `Retry4`, `Retry5`. */ mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchNextStepIntentSlotValue { /** * Value that Amazon Lex determines for the slot. The actual value depends on the setting of the value selection strategy for the bot. You can choose to use the value entered by the user, or you can have Amazon Lex choose the first value in the resolvedValues list. */ interpretedValue?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message?: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchResponseMessageGroupVariation { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutNextStepIntentSlot { /** * Which attempt to configure. Valid values are `Initial`, `Retry1`, `Retry2`, `Retry3`, `Retry4`, `Retry5`. */ mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutNextStepIntentSlotValue { /** * Value that Amazon Lex determines for the slot. The actual value depends on the setting of the value selection strategy for the bot. You can choose to use the value entered by the user, or you can have Amazon Lex choose the first value in the resolvedValues list. */ interpretedValue?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message?: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutResponseMessageGroupVariation { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationConditional { /** * Whether a conditional branch is active. When active is false, the conditions are not evaluated. */ active: pulumi.Input; /** * Configuration blocks for conditional branches. A conditional branch is made up of a condition, a response and a next step. The response and next step are executed when the condition is true. See `conditionalBranch`. */ conditionalBranches?: pulumi.Input[]>; /** * Configuration block for the conditional branch that should be followed when the conditions for other branches are not satisfied. A branch is made up of a condition, a response and a next step. See `defaultBranch`. */ defaultBranch?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalConditionalBranch { /** * Configuration block for the expression to evaluate. If the condition is true, the branch's actions are taken. See `condition`. */ condition?: pulumi.Input; /** * Name of the branch. */ name: pulumi.Input; /** * Configuration block for the next step in the conversation. See `nextStep`. */ nextStep?: pulumi.Input; /** * Configuration block for a list of message groups that Amazon Lex uses to respond to the user input. See `response`. */ response?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalConditionalBranchCondition { /** * Expression string that is evaluated. */ expressionString: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalConditionalBranchNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalConditionalBranchNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalConditionalBranchNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalConditionalBranchNextStepIntentSlot { /** * Which attempt to configure. Valid values are `Initial`, `Retry1`, `Retry2`, `Retry3`, `Retry4`, `Retry5`. */ mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalConditionalBranchNextStepIntentSlotValue { /** * Value that Amazon Lex determines for the slot. The actual value depends on the setting of the value selection strategy for the bot. You can choose to use the value entered by the user, or you can have Amazon Lex choose the first value in the resolvedValues list. */ interpretedValue?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalConditionalBranchResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalConditionalBranchResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message?: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalConditionalBranchResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalConditionalBranchResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalConditionalBranchResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalConditionalBranchResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalConditionalBranchResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalConditionalBranchResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalConditionalBranchResponseMessageGroupVariation { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalConditionalBranchResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalConditionalBranchResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalConditionalBranchResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalConditionalBranchResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalConditionalBranchResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalDefaultBranch { /** * Configuration block for the next step in the conversation. See `nextStep`. */ nextStep?: pulumi.Input; /** * Configuration block for a list of message groups that Amazon Lex uses to respond to the user input. See `response`. */ response?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalDefaultBranchNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalDefaultBranchNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalDefaultBranchNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalDefaultBranchNextStepIntentSlot { /** * Which attempt to configure. Valid values are `Initial`, `Retry1`, `Retry2`, `Retry3`, `Retry4`, `Retry5`. */ mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalDefaultBranchNextStepIntentSlotValue { /** * Value that Amazon Lex determines for the slot. The actual value depends on the setting of the value selection strategy for the bot. You can choose to use the value entered by the user, or you can have Amazon Lex choose the first value in the resolvedValues list. */ interpretedValue?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalDefaultBranchResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalDefaultBranchResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message?: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalDefaultBranchResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalDefaultBranchResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalDefaultBranchResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalDefaultBranchResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalDefaultBranchResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalDefaultBranchResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalDefaultBranchResponseMessageGroupVariation { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalDefaultBranchResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalDefaultBranchResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalDefaultBranchResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalDefaultBranchResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalDefaultBranchResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentConfirmationSettingConfirmationNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingConfirmationNextStepIntentSlot { /** * Which attempt to configure. Valid values are `Initial`, `Retry1`, `Retry2`, `Retry3`, `Retry4`, `Retry5`. */ mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationNextStepIntentSlotValue { /** * Value that Amazon Lex determines for the slot. The actual value depends on the setting of the value selection strategy for the bot. You can choose to use the value entered by the user, or you can have Amazon Lex choose the first value in the resolvedValues list. */ interpretedValue?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingConfirmationResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message?: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingConfirmationResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationResponseMessageGroupVariation { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationConditional { /** * Whether a conditional branch is active. When active is false, the conditions are not evaluated. */ active: pulumi.Input; /** * Configuration blocks for conditional branches. A conditional branch is made up of a condition, a response and a next step. The response and next step are executed when the condition is true. See `conditionalBranch`. */ conditionalBranches?: pulumi.Input[]>; /** * Configuration block for the conditional branch that should be followed when the conditions for other branches are not satisfied. A branch is made up of a condition, a response and a next step. See `defaultBranch`. */ defaultBranch?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalConditionalBranch { /** * Configuration block for the expression to evaluate. If the condition is true, the branch's actions are taken. See `condition`. */ condition?: pulumi.Input; /** * Name of the branch. */ name: pulumi.Input; /** * Configuration block for the next step in the conversation. See `nextStep`. */ nextStep?: pulumi.Input; /** * Configuration block for a list of message groups that Amazon Lex uses to respond to the user input. See `response`. */ response?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalConditionalBranchCondition { /** * Expression string that is evaluated. */ expressionString: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalConditionalBranchNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalConditionalBranchNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalConditionalBranchNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalConditionalBranchNextStepIntentSlot { /** * Which attempt to configure. Valid values are `Initial`, `Retry1`, `Retry2`, `Retry3`, `Retry4`, `Retry5`. */ mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalConditionalBranchNextStepIntentSlotValue { /** * Value that Amazon Lex determines for the slot. The actual value depends on the setting of the value selection strategy for the bot. You can choose to use the value entered by the user, or you can have Amazon Lex choose the first value in the resolvedValues list. */ interpretedValue?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalConditionalBranchResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalConditionalBranchResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message?: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalConditionalBranchResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalConditionalBranchResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalConditionalBranchResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalConditionalBranchResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalConditionalBranchResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalConditionalBranchResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalConditionalBranchResponseMessageGroupVariation { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalConditionalBranchResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalConditionalBranchResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalConditionalBranchResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalConditionalBranchResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalConditionalBranchResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalDefaultBranch { /** * Configuration block for the next step in the conversation. See `nextStep`. */ nextStep?: pulumi.Input; /** * Configuration block for a list of message groups that Amazon Lex uses to respond to the user input. See `response`. */ response?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalDefaultBranchNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalDefaultBranchNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalDefaultBranchNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalDefaultBranchNextStepIntentSlot { /** * Which attempt to configure. Valid values are `Initial`, `Retry1`, `Retry2`, `Retry3`, `Retry4`, `Retry5`. */ mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalDefaultBranchNextStepIntentSlotValue { /** * Value that Amazon Lex determines for the slot. The actual value depends on the setting of the value selection strategy for the bot. You can choose to use the value entered by the user, or you can have Amazon Lex choose the first value in the resolvedValues list. */ interpretedValue?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalDefaultBranchResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalDefaultBranchResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message?: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalDefaultBranchResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalDefaultBranchResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalDefaultBranchResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalDefaultBranchResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalDefaultBranchResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalDefaultBranchResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalDefaultBranchResponseMessageGroupVariation { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalDefaultBranchResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalDefaultBranchResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalDefaultBranchResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalDefaultBranchResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalDefaultBranchResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentConfirmationSettingDeclinationNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingDeclinationNextStepIntentSlot { /** * Which attempt to configure. Valid values are `Initial`, `Retry1`, `Retry2`, `Retry3`, `Retry4`, `Retry5`. */ mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationNextStepIntentSlotValue { /** * Value that Amazon Lex determines for the slot. The actual value depends on the setting of the value selection strategy for the bot. You can choose to use the value entered by the user, or you can have Amazon Lex choose the first value in the resolvedValues list. */ interpretedValue?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingDeclinationResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message?: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingDeclinationResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationResponseMessageGroupVariation { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingElicitationCodeHook { /** * Whether a Lambda function should be invoked for the dialog. */ enableCodeHookInvocation?: pulumi.Input; /** * Label that indicates the dialog step from which the dialog code hook is happening. */ invocationLabel?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureConditional { /** * Whether a conditional branch is active. When active is false, the conditions are not evaluated. */ active: pulumi.Input; /** * Configuration blocks for conditional branches. A conditional branch is made up of a condition, a response and a next step. The response and next step are executed when the condition is true. See `conditionalBranch`. */ conditionalBranches?: pulumi.Input[]>; /** * Configuration block for the conditional branch that should be followed when the conditions for other branches are not satisfied. A branch is made up of a condition, a response and a next step. See `defaultBranch`. */ defaultBranch?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureConditionalConditionalBranch { /** * Configuration block for the expression to evaluate. If the condition is true, the branch's actions are taken. See `condition`. */ condition?: pulumi.Input; /** * Name of the branch. */ name: pulumi.Input; /** * Configuration block for the next step in the conversation. See `nextStep`. */ nextStep?: pulumi.Input; /** * Configuration block for a list of message groups that Amazon Lex uses to respond to the user input. See `response`. */ response?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureConditionalConditionalBranchCondition { /** * Expression string that is evaluated. */ expressionString: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureConditionalConditionalBranchNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentConfirmationSettingFailureConditionalConditionalBranchNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureConditionalConditionalBranchNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingFailureConditionalConditionalBranchNextStepIntentSlot { /** * Which attempt to configure. Valid values are `Initial`, `Retry1`, `Retry2`, `Retry3`, `Retry4`, `Retry5`. */ mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureConditionalConditionalBranchNextStepIntentSlotValue { /** * Value that Amazon Lex determines for the slot. The actual value depends on the setting of the value selection strategy for the bot. You can choose to use the value entered by the user, or you can have Amazon Lex choose the first value in the resolvedValues list. */ interpretedValue?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureConditionalConditionalBranchResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingFailureConditionalConditionalBranchResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message?: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingFailureConditionalConditionalBranchResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureConditionalConditionalBranchResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureConditionalConditionalBranchResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureConditionalConditionalBranchResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureConditionalConditionalBranchResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureConditionalConditionalBranchResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureConditionalConditionalBranchResponseMessageGroupVariation { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureConditionalConditionalBranchResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureConditionalConditionalBranchResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureConditionalConditionalBranchResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureConditionalConditionalBranchResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureConditionalConditionalBranchResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureConditionalDefaultBranch { /** * Configuration block for the next step in the conversation. See `nextStep`. */ nextStep?: pulumi.Input; /** * Configuration block for a list of message groups that Amazon Lex uses to respond to the user input. See `response`. */ response?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureConditionalDefaultBranchNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentConfirmationSettingFailureConditionalDefaultBranchNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureConditionalDefaultBranchNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingFailureConditionalDefaultBranchNextStepIntentSlot { /** * Which attempt to configure. Valid values are `Initial`, `Retry1`, `Retry2`, `Retry3`, `Retry4`, `Retry5`. */ mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureConditionalDefaultBranchNextStepIntentSlotValue { /** * Value that Amazon Lex determines for the slot. The actual value depends on the setting of the value selection strategy for the bot. You can choose to use the value entered by the user, or you can have Amazon Lex choose the first value in the resolvedValues list. */ interpretedValue?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureConditionalDefaultBranchResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingFailureConditionalDefaultBranchResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message?: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingFailureConditionalDefaultBranchResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureConditionalDefaultBranchResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureConditionalDefaultBranchResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureConditionalDefaultBranchResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureConditionalDefaultBranchResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureConditionalDefaultBranchResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureConditionalDefaultBranchResponseMessageGroupVariation { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureConditionalDefaultBranchResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureConditionalDefaultBranchResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureConditionalDefaultBranchResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureConditionalDefaultBranchResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureConditionalDefaultBranchResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentConfirmationSettingFailureNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingFailureNextStepIntentSlot { /** * Which attempt to configure. Valid values are `Initial`, `Retry1`, `Retry2`, `Retry3`, `Retry4`, `Retry5`. */ mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureNextStepIntentSlotValue { /** * Value that Amazon Lex determines for the slot. The actual value depends on the setting of the value selection strategy for the bot. You can choose to use the value entered by the user, or you can have Amazon Lex choose the first value in the resolvedValues list. */ interpretedValue?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingFailureResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message?: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingFailureResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureResponseMessageGroupVariation { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingPromptSpecification { /** * Whether the user can interrupt a speech prompt from the bot. */ allowInterrupt?: pulumi.Input; /** * Maximum number of times the bot tries to elicit a response from the user using this prompt. */ maxRetries: pulumi.Input; /** * Configuration block for messages that Amazon Lex can send to the user. Amazon Lex chooses the actual message to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; /** * How a message is selected from a message group among retries. Valid values are `Random` and `Ordered`. */ messageSelectionStrategy?: pulumi.Input; /** * Configuration block for advanced settings on each attempt of the prompt. See `promptAttemptsSpecification`. */ promptAttemptsSpecifications?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingPromptSpecificationMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message?: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingPromptSpecificationMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingPromptSpecificationMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingPromptSpecificationMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingPromptSpecificationMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingPromptSpecificationMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingPromptSpecificationMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingPromptSpecificationMessageGroupVariation { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingPromptSpecificationMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingPromptSpecificationMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingPromptSpecificationMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingPromptSpecificationMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingPromptSpecificationMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingPromptSpecificationPromptAttemptsSpecification { /** * Whether the user can interrupt a speech prompt attempt from the bot. */ allowInterrupt?: pulumi.Input; /** * Configuration block for the allowed input types of the prompt attempt. See `allowedInputTypes`. */ allowedInputTypes?: pulumi.Input; /** * Configuration block for settings on audio and DTMF input. See `audioAndDtmfInputSpecification`. */ audioAndDtmfInputSpecification?: pulumi.Input; /** * Which attempt to configure. Valid values are `Initial`, `Retry1`, `Retry2`, `Retry3`, `Retry4`, `Retry5`. */ mapBlockKey: pulumi.Input; /** * Configuration block for the settings on text input. See `textInputSpecification`. */ textInputSpecification?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingPromptSpecificationPromptAttemptsSpecificationAllowedInputTypes { /** * Whether audio input is allowed. */ allowAudioInput: pulumi.Input; /** * Whether DTMF input is allowed. */ allowDtmfInput: pulumi.Input; } export interface V2modelsIntentConfirmationSettingPromptSpecificationPromptAttemptsSpecificationAudioAndDtmfInputSpecification { /** * Configuration block for the settings on audio input. See `audioSpecification`. */ audioSpecification?: pulumi.Input; /** * Configuration block for the settings on DTMF input. See `dtmfSpecification`. */ dtmfSpecification?: pulumi.Input; /** * Time for which a bot waits before assuming that the customer isn't going to speak or press a key. This timeout is shared between Audio and DTMF inputs. */ startTimeoutMs: pulumi.Input; } export interface V2modelsIntentConfirmationSettingPromptSpecificationPromptAttemptsSpecificationAudioAndDtmfInputSpecificationAudioSpecification { /** * Time for which a bot waits after the customer stops speaking to assume the utterance is finished. */ endTimeoutMs: pulumi.Input; /** * Time for how long Amazon Lex waits before speech input is truncated and the speech is returned to application. */ maxLengthMs: pulumi.Input; } export interface V2modelsIntentConfirmationSettingPromptSpecificationPromptAttemptsSpecificationAudioAndDtmfInputSpecificationDtmfSpecification { /** * DTMF character that clears the accumulated DTMF digits and immediately ends the input. */ deletionCharacter: pulumi.Input; /** * DTMF character that immediately ends input. If the user does not press this character, the input ends after the end timeout. */ endCharacter: pulumi.Input; /** * How long the bot should wait after the last DTMF character input before assuming that the input has concluded. */ endTimeoutMs: pulumi.Input; /** * Maximum number of DTMF digits allowed in an utterance. */ maxLength: pulumi.Input; } export interface V2modelsIntentConfirmationSettingPromptSpecificationPromptAttemptsSpecificationTextInputSpecification { /** * Time for which a bot waits before re-prompting a customer for text input. */ startTimeoutMs: pulumi.Input; } export interface V2modelsIntentDialogCodeHook { /** * Enables the dialog code hook so that it processes user requests. */ enabled: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHook { /** * Whether the fulfillment code hook is used. When active is false, the code hook doesn't run. */ active?: pulumi.Input; /** * Whether a Lambda function should be invoked to fulfill a specific intent. */ enabled: pulumi.Input; /** * Configuration block for settings for update messages sent to the user for long-running Lambda fulfillment functions. Fulfillment updates can be used only with streaming conversations. See `fulfillmentUpdatesSpecification`. */ fulfillmentUpdatesSpecification?: pulumi.Input; /** * Configuration block for settings for messages sent to the user for after the Lambda fulfillment function completes. Post-fulfillment messages can be sent for both streaming and non-streaming conversations. See `postFulfillmentStatusSpecification`. */ postFulfillmentStatusSpecification?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookFulfillmentUpdatesSpecification { /** * Whether fulfillment updates are sent to the user. When this field is true, updates are sent. If the active field is set to true, the `startResponse`, `updateResponse`, and `timeoutInSeconds` fields are required. */ active: pulumi.Input; /** * Configuration block for the message sent to users when the fulfillment Lambda functions starts running. */ startResponse?: pulumi.Input; /** * Length of time that the fulfillment Lambda function should run before it times out. */ timeoutInSeconds?: pulumi.Input; /** * Configuration block for messages sent periodically to the user while the fulfillment Lambda function is running. */ updateResponse?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookFulfillmentUpdatesSpecificationStartResponse { /** * Whether the user can interrupt the start message while it is playing. */ allowInterrupt?: pulumi.Input; /** * Delay between when the Lambda fulfillment function starts running and the start message is played. If the Lambda function returns before the delay is over, the start message isn't played. */ delayInSeconds?: pulumi.Input; /** * Between 1-5 configuration block message groups that contain start messages. Amazon Lex chooses one of the messages to play to the user. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentFulfillmentCodeHookFulfillmentUpdatesSpecificationStartResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message?: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentFulfillmentCodeHookFulfillmentUpdatesSpecificationStartResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookFulfillmentUpdatesSpecificationStartResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookFulfillmentUpdatesSpecificationStartResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookFulfillmentUpdatesSpecificationStartResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookFulfillmentUpdatesSpecificationStartResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookFulfillmentUpdatesSpecificationStartResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookFulfillmentUpdatesSpecificationStartResponseMessageGroupVariation { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookFulfillmentUpdatesSpecificationStartResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookFulfillmentUpdatesSpecificationStartResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookFulfillmentUpdatesSpecificationStartResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookFulfillmentUpdatesSpecificationStartResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookFulfillmentUpdatesSpecificationStartResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookFulfillmentUpdatesSpecificationUpdateResponse { /** * Whether the user can interrupt the start message while it is playing. */ allowInterrupt?: pulumi.Input; /** * Frequency that a message is sent to the user. When the period ends, Amazon Lex chooses a message from the message groups and plays it to the user. If the fulfillment Lambda returns before the first period ends, an update message is not played to the user. */ frequencyInSeconds: pulumi.Input; /** * Between 1-5 configuration block message groups that contain start messages. Amazon Lex chooses one of the messages to play to the user. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentFulfillmentCodeHookFulfillmentUpdatesSpecificationUpdateResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message?: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentFulfillmentCodeHookFulfillmentUpdatesSpecificationUpdateResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookFulfillmentUpdatesSpecificationUpdateResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookFulfillmentUpdatesSpecificationUpdateResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookFulfillmentUpdatesSpecificationUpdateResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookFulfillmentUpdatesSpecificationUpdateResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookFulfillmentUpdatesSpecificationUpdateResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookFulfillmentUpdatesSpecificationUpdateResponseMessageGroupVariation { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookFulfillmentUpdatesSpecificationUpdateResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookFulfillmentUpdatesSpecificationUpdateResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookFulfillmentUpdatesSpecificationUpdateResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookFulfillmentUpdatesSpecificationUpdateResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookFulfillmentUpdatesSpecificationUpdateResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecification { /** * Configuration block for conditional branches to evaluate after the dialog code hook throws an exception or returns with the State field of the Intent object set to Failed. See `failureConditional`. */ failureConditional?: pulumi.Input; /** * Configuration block for the next step the bot runs after the dialog code hook throws an exception or returns with the State field of the Intent object set to Failed. See `failureNextStep`. */ failureNextStep?: pulumi.Input; /** * Configuration block for message groups that Amazon Lex uses to respond the user input. See `failureResponse`. */ failureResponse?: pulumi.Input; /** * Configuration block for conditional branches to evaluate after the dialog code hook finishes successfully. See `successConditional`. */ successConditional?: pulumi.Input; /** * Configuration block for the next step the bot runs after the dialog code hook finishes successfully. See `successNextStep`. */ successNextStep?: pulumi.Input; /** * Configuration block for message groups that Amazon Lex uses to respond the user input. See `successResponse`. */ successResponse?: pulumi.Input; /** * Configuration block for conditional branches to evaluate if the code hook times out. See `timeoutConditional`. */ timeoutConditional?: pulumi.Input; /** * Configuration block for the next step that the bot runs when the code hook times out. See `timeoutNextStep`. */ timeoutNextStep?: pulumi.Input; /** * Configuration block for a list of message groups that Amazon Lex uses to respond the user input. See `timeoutResponse`. */ timeoutResponse?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditional { /** * Whether a conditional branch is active. When active is false, the conditions are not evaluated. */ active: pulumi.Input; /** * Configuration blocks for conditional branches. A conditional branch is made up of a condition, a response and a next step. The response and next step are executed when the condition is true. See `conditionalBranch`. */ conditionalBranches?: pulumi.Input[]>; /** * Configuration block for the conditional branch that should be followed when the conditions for other branches are not satisfied. A branch is made up of a condition, a response and a next step. See `defaultBranch`. */ defaultBranch?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalConditionalBranch { /** * Configuration block for the expression to evaluate. If the condition is true, the branch's actions are taken. See `condition`. */ condition?: pulumi.Input; /** * Name of the branch. */ name: pulumi.Input; /** * Configuration block for the next step in the conversation. See `nextStep`. */ nextStep?: pulumi.Input; /** * Configuration block for a list of message groups that Amazon Lex uses to respond to the user input. See `response`. */ response?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalConditionalBranchCondition { /** * Expression string that is evaluated. */ expressionString: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalConditionalBranchNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalConditionalBranchNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalConditionalBranchNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalConditionalBranchNextStepIntentSlot { /** * Which attempt to configure. Valid values are `Initial`, `Retry1`, `Retry2`, `Retry3`, `Retry4`, `Retry5`. */ mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalConditionalBranchNextStepIntentSlotValue { /** * Value that Amazon Lex determines for the slot. The actual value depends on the setting of the value selection strategy for the bot. You can choose to use the value entered by the user, or you can have Amazon Lex choose the first value in the resolvedValues list. */ interpretedValue?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalConditionalBranchResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalConditionalBranchResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message?: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalConditionalBranchResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalConditionalBranchResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalConditionalBranchResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalConditionalBranchResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalConditionalBranchResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalConditionalBranchResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalConditionalBranchResponseMessageGroupVariation { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalConditionalBranchResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalConditionalBranchResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalConditionalBranchResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalConditionalBranchResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalConditionalBranchResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalDefaultBranch { /** * Configuration block for the next step in the conversation. See `nextStep`. */ nextStep?: pulumi.Input; /** * Configuration block for a list of message groups that Amazon Lex uses to respond to the user input. See `response`. */ response?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalDefaultBranchNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalDefaultBranchNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalDefaultBranchNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalDefaultBranchNextStepIntentSlot { /** * Which attempt to configure. Valid values are `Initial`, `Retry1`, `Retry2`, `Retry3`, `Retry4`, `Retry5`. */ mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalDefaultBranchNextStepIntentSlotValue { /** * Value that Amazon Lex determines for the slot. The actual value depends on the setting of the value selection strategy for the bot. You can choose to use the value entered by the user, or you can have Amazon Lex choose the first value in the resolvedValues list. */ interpretedValue?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalDefaultBranchResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalDefaultBranchResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message?: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalDefaultBranchResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalDefaultBranchResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalDefaultBranchResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalDefaultBranchResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalDefaultBranchResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalDefaultBranchResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalDefaultBranchResponseMessageGroupVariation { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalDefaultBranchResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalDefaultBranchResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalDefaultBranchResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalDefaultBranchResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalDefaultBranchResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureNextStepIntentSlot { /** * Which attempt to configure. Valid values are `Initial`, `Retry1`, `Retry2`, `Retry3`, `Retry4`, `Retry5`. */ mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureNextStepIntentSlotValue { /** * Value that Amazon Lex determines for the slot. The actual value depends on the setting of the value selection strategy for the bot. You can choose to use the value entered by the user, or you can have Amazon Lex choose the first value in the resolvedValues list. */ interpretedValue?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message?: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureResponseMessageGroupVariation { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditional { /** * Whether a conditional branch is active. When active is false, the conditions are not evaluated. */ active: pulumi.Input; /** * Configuration blocks for conditional branches. A conditional branch is made up of a condition, a response and a next step. The response and next step are executed when the condition is true. See `conditionalBranch`. */ conditionalBranches?: pulumi.Input[]>; /** * Configuration block for the conditional branch that should be followed when the conditions for other branches are not satisfied. A branch is made up of a condition, a response and a next step. See `defaultBranch`. */ defaultBranch?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalConditionalBranch { /** * Configuration block for the expression to evaluate. If the condition is true, the branch's actions are taken. See `condition`. */ condition?: pulumi.Input; /** * Name of the branch. */ name: pulumi.Input; /** * Configuration block for the next step in the conversation. See `nextStep`. */ nextStep?: pulumi.Input; /** * Configuration block for a list of message groups that Amazon Lex uses to respond to the user input. See `response`. */ response?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalConditionalBranchCondition { /** * Expression string that is evaluated. */ expressionString: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalConditionalBranchNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalConditionalBranchNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalConditionalBranchNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalConditionalBranchNextStepIntentSlot { /** * Which attempt to configure. Valid values are `Initial`, `Retry1`, `Retry2`, `Retry3`, `Retry4`, `Retry5`. */ mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalConditionalBranchNextStepIntentSlotValue { /** * Value that Amazon Lex determines for the slot. The actual value depends on the setting of the value selection strategy for the bot. You can choose to use the value entered by the user, or you can have Amazon Lex choose the first value in the resolvedValues list. */ interpretedValue?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalConditionalBranchResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalConditionalBranchResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message?: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalConditionalBranchResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalConditionalBranchResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalConditionalBranchResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalConditionalBranchResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalConditionalBranchResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalConditionalBranchResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalConditionalBranchResponseMessageGroupVariation { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalConditionalBranchResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalConditionalBranchResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalConditionalBranchResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalConditionalBranchResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalConditionalBranchResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalDefaultBranch { /** * Configuration block for the next step in the conversation. See `nextStep`. */ nextStep?: pulumi.Input; /** * Configuration block for a list of message groups that Amazon Lex uses to respond to the user input. See `response`. */ response?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalDefaultBranchNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalDefaultBranchNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalDefaultBranchNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalDefaultBranchNextStepIntentSlot { /** * Which attempt to configure. Valid values are `Initial`, `Retry1`, `Retry2`, `Retry3`, `Retry4`, `Retry5`. */ mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalDefaultBranchNextStepIntentSlotValue { /** * Value that Amazon Lex determines for the slot. The actual value depends on the setting of the value selection strategy for the bot. You can choose to use the value entered by the user, or you can have Amazon Lex choose the first value in the resolvedValues list. */ interpretedValue?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalDefaultBranchResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalDefaultBranchResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message?: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalDefaultBranchResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalDefaultBranchResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalDefaultBranchResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalDefaultBranchResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalDefaultBranchResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalDefaultBranchResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalDefaultBranchResponseMessageGroupVariation { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalDefaultBranchResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalDefaultBranchResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalDefaultBranchResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalDefaultBranchResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalDefaultBranchResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessNextStepIntentSlot { /** * Which attempt to configure. Valid values are `Initial`, `Retry1`, `Retry2`, `Retry3`, `Retry4`, `Retry5`. */ mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessNextStepIntentSlotValue { /** * Value that Amazon Lex determines for the slot. The actual value depends on the setting of the value selection strategy for the bot. You can choose to use the value entered by the user, or you can have Amazon Lex choose the first value in the resolvedValues list. */ interpretedValue?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message?: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessResponseMessageGroupVariation { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditional { /** * Whether a conditional branch is active. When active is false, the conditions are not evaluated. */ active: pulumi.Input; /** * Configuration blocks for conditional branches. A conditional branch is made up of a condition, a response and a next step. The response and next step are executed when the condition is true. See `conditionalBranch`. */ conditionalBranches?: pulumi.Input[]>; /** * Configuration block for the conditional branch that should be followed when the conditions for other branches are not satisfied. A branch is made up of a condition, a response and a next step. See `defaultBranch`. */ defaultBranch?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalConditionalBranch { /** * Configuration block for the expression to evaluate. If the condition is true, the branch's actions are taken. See `condition`. */ condition?: pulumi.Input; /** * Name of the branch. */ name: pulumi.Input; /** * Configuration block for the next step in the conversation. See `nextStep`. */ nextStep?: pulumi.Input; /** * Configuration block for a list of message groups that Amazon Lex uses to respond to the user input. See `response`. */ response?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalConditionalBranchCondition { /** * Expression string that is evaluated. */ expressionString: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalConditionalBranchNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalConditionalBranchNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalConditionalBranchNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalConditionalBranchNextStepIntentSlot { /** * Which attempt to configure. Valid values are `Initial`, `Retry1`, `Retry2`, `Retry3`, `Retry4`, `Retry5`. */ mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalConditionalBranchNextStepIntentSlotValue { /** * Value that Amazon Lex determines for the slot. The actual value depends on the setting of the value selection strategy for the bot. You can choose to use the value entered by the user, or you can have Amazon Lex choose the first value in the resolvedValues list. */ interpretedValue?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalConditionalBranchResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalConditionalBranchResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message?: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalConditionalBranchResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalConditionalBranchResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalConditionalBranchResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalConditionalBranchResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalConditionalBranchResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalConditionalBranchResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalConditionalBranchResponseMessageGroupVariation { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalConditionalBranchResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalConditionalBranchResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalConditionalBranchResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalConditionalBranchResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalConditionalBranchResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalDefaultBranch { /** * Configuration block for the next step in the conversation. See `nextStep`. */ nextStep?: pulumi.Input; /** * Configuration block for a list of message groups that Amazon Lex uses to respond to the user input. See `response`. */ response?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalDefaultBranchNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalDefaultBranchNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalDefaultBranchNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalDefaultBranchNextStepIntentSlot { /** * Which attempt to configure. Valid values are `Initial`, `Retry1`, `Retry2`, `Retry3`, `Retry4`, `Retry5`. */ mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalDefaultBranchNextStepIntentSlotValue { /** * Value that Amazon Lex determines for the slot. The actual value depends on the setting of the value selection strategy for the bot. You can choose to use the value entered by the user, or you can have Amazon Lex choose the first value in the resolvedValues list. */ interpretedValue?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalDefaultBranchResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalDefaultBranchResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message?: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalDefaultBranchResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalDefaultBranchResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalDefaultBranchResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalDefaultBranchResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalDefaultBranchResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalDefaultBranchResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalDefaultBranchResponseMessageGroupVariation { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalDefaultBranchResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalDefaultBranchResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalDefaultBranchResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalDefaultBranchResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalDefaultBranchResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutNextStepIntentSlot { /** * Which attempt to configure. Valid values are `Initial`, `Retry1`, `Retry2`, `Retry3`, `Retry4`, `Retry5`. */ mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutNextStepIntentSlotValue { /** * Value that Amazon Lex determines for the slot. The actual value depends on the setting of the value selection strategy for the bot. You can choose to use the value entered by the user, or you can have Amazon Lex choose the first value in the resolvedValues list. */ interpretedValue?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message?: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutResponseMessageGroupVariation { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSetting { /** * Configuration block for the dialog code hook that is called by Amazon Lex at a step of the conversation. See `codeHook`. */ codeHook?: pulumi.Input; /** * Configuration block for conditional branches. Branches are evaluated in the order that they are entered in the list. The first branch with a condition that evaluates to true is executed. The last branch in the list is the default branch. The default branch should not have any condition expression. The default branch is executed if no other branch has a matching condition. See `conditional`. */ conditional?: pulumi.Input; /** * Configuration block for message groups that Amazon Lex uses to respond the user input. See `initialResponse`. */ initialResponse?: pulumi.Input; /** * Configuration block for the next step in the conversation. See `nextStep`. */ nextStep?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHook { /** * Whether a dialog code hook is used when the intent is activated. */ active: pulumi.Input; /** * Whether a Lambda function should be invoked for the dialog. */ enableCodeHookInvocation: pulumi.Input; /** * Label that indicates the dialog step from which the dialog code hook is happening. */ invocationLabel?: pulumi.Input; /** * Configuration block that contains the responses and actions that Amazon Lex takes after the Lambda function is complete. See `postCodeHookSpecification`. */ postCodeHookSpecification?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecification { /** * Configuration block for conditional branches to evaluate after the dialog code hook throws an exception or returns with the State field of the Intent object set to Failed. */ failureConditional?: pulumi.Input; /** * Configuration block for the next step the bot runs after the dialog code hook throws an exception or returns with the State field of the Intent object set to Failed . See `failureNextStep`. */ failureNextStep?: pulumi.Input; /** * Configuration block for message groups that Amazon Lex uses to respond the user input. See `failureResponse`. */ failureResponse?: pulumi.Input; /** * Configuration block for conditional branches to evaluate after the dialog code hook finishes successfully. See `successConditional`. */ successConditional?: pulumi.Input; /** * Configuration block for the next step the bot runs after the dialog code hook finishes successfully. See `successNextStep`. */ successNextStep?: pulumi.Input; /** * Configuration block for message groups that Amazon Lex uses to respond the user input. See `successResponse`. */ successResponse?: pulumi.Input; /** * Configuration block for conditional branches to evaluate if the code hook times out. See `timeoutConditional`. */ timeoutConditional?: pulumi.Input; /** * Configuration block for the next step that the bot runs when the code hook times out. See `timeoutNextStep`. */ timeoutNextStep?: pulumi.Input; /** * Configuration block for a list of message groups that Amazon Lex uses to respond the user input. See `timeoutResponse`. */ timeoutResponse?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditional { /** * Whether a conditional branch is active. When active is false, the conditions are not evaluated. */ active: pulumi.Input; /** * Configuration blocks for conditional branches. A conditional branch is made up of a condition, a response and a next step. The response and next step are executed when the condition is true. See `conditionalBranch`. */ conditionalBranches?: pulumi.Input[]>; /** * Configuration block for the conditional branch that should be followed when the conditions for other branches are not satisfied. A branch is made up of a condition, a response and a next step. See `defaultBranch`. */ defaultBranch?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranch { /** * Configuration block for the expression to evaluate. If the condition is true, the branch's actions are taken. See `condition`. */ condition?: pulumi.Input; /** * Name of the branch. */ name: pulumi.Input; /** * Configuration block for the next step in the conversation. See `nextStep`. */ nextStep?: pulumi.Input; /** * Configuration block for a list of message groups that Amazon Lex uses to respond to the user input. See `response`. */ response?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchCondition { /** * Expression string that is evaluated. */ expressionString: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchNextStepIntentSlot { /** * Which attempt to configure. Valid values are `Initial`, `Retry1`, `Retry2`, `Retry3`, `Retry4`, `Retry5`. */ mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchNextStepIntentSlotValue { /** * Value that Amazon Lex determines for the slot. The actual value depends on the setting of the value selection strategy for the bot. You can choose to use the value entered by the user, or you can have Amazon Lex choose the first value in the resolvedValues list. */ interpretedValue?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message?: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchResponseMessageGroupVariation { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranch { /** * Configuration block for the next step in the conversation. See `nextStep`. */ nextStep?: pulumi.Input; /** * Configuration block for a list of message groups that Amazon Lex uses to respond to the user input. See `response`. */ response?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchNextStepIntentSlot { /** * Which attempt to configure. Valid values are `Initial`, `Retry1`, `Retry2`, `Retry3`, `Retry4`, `Retry5`. */ mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchNextStepIntentSlotValue { /** * Value that Amazon Lex determines for the slot. The actual value depends on the setting of the value selection strategy for the bot. You can choose to use the value entered by the user, or you can have Amazon Lex choose the first value in the resolvedValues list. */ interpretedValue?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message?: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchResponseMessageGroupVariation { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureNextStepIntentSlot { /** * Which attempt to configure. Valid values are `Initial`, `Retry1`, `Retry2`, `Retry3`, `Retry4`, `Retry5`. */ mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureNextStepIntentSlotValue { /** * Value that Amazon Lex determines for the slot. The actual value depends on the setting of the value selection strategy for the bot. You can choose to use the value entered by the user, or you can have Amazon Lex choose the first value in the resolvedValues list. */ interpretedValue?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message?: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureResponseMessageGroupVariation { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditional { /** * Whether a conditional branch is active. When active is false, the conditions are not evaluated. */ active: pulumi.Input; /** * Configuration blocks for conditional branches. A conditional branch is made up of a condition, a response and a next step. The response and next step are executed when the condition is true. See `conditionalBranch`. */ conditionalBranches?: pulumi.Input[]>; /** * Configuration block for the conditional branch that should be followed when the conditions for other branches are not satisfied. A branch is made up of a condition, a response and a next step. See `defaultBranch`. */ defaultBranch?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranch { /** * Configuration block for the expression to evaluate. If the condition is true, the branch's actions are taken. See `condition`. */ condition?: pulumi.Input; /** * Name of the branch. */ name: pulumi.Input; /** * Configuration block for the next step in the conversation. See `nextStep`. */ nextStep?: pulumi.Input; /** * Configuration block for a list of message groups that Amazon Lex uses to respond to the user input. See `response`. */ response?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchCondition { /** * Expression string that is evaluated. */ expressionString: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchNextStepIntentSlot { /** * Which attempt to configure. Valid values are `Initial`, `Retry1`, `Retry2`, `Retry3`, `Retry4`, `Retry5`. */ mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchNextStepIntentSlotValue { /** * Value that Amazon Lex determines for the slot. The actual value depends on the setting of the value selection strategy for the bot. You can choose to use the value entered by the user, or you can have Amazon Lex choose the first value in the resolvedValues list. */ interpretedValue?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message?: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchResponseMessageGroupVariation { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranch { /** * Configuration block for the next step in the conversation. See `nextStep`. */ nextStep?: pulumi.Input; /** * Configuration block for a list of message groups that Amazon Lex uses to respond to the user input. See `response`. */ response?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchNextStepIntentSlot { /** * Which attempt to configure. Valid values are `Initial`, `Retry1`, `Retry2`, `Retry3`, `Retry4`, `Retry5`. */ mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchNextStepIntentSlotValue { /** * Value that Amazon Lex determines for the slot. The actual value depends on the setting of the value selection strategy for the bot. You can choose to use the value entered by the user, or you can have Amazon Lex choose the first value in the resolvedValues list. */ interpretedValue?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message?: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchResponseMessageGroupVariation { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessNextStepIntentSlot { /** * Which attempt to configure. Valid values are `Initial`, `Retry1`, `Retry2`, `Retry3`, `Retry4`, `Retry5`. */ mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessNextStepIntentSlotValue { /** * Value that Amazon Lex determines for the slot. The actual value depends on the setting of the value selection strategy for the bot. You can choose to use the value entered by the user, or you can have Amazon Lex choose the first value in the resolvedValues list. */ interpretedValue?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message?: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessResponseMessageGroupVariation { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditional { /** * Whether a conditional branch is active. When active is false, the conditions are not evaluated. */ active: pulumi.Input; /** * Configuration blocks for conditional branches. A conditional branch is made up of a condition, a response and a next step. The response and next step are executed when the condition is true. See `conditionalBranch`. */ conditionalBranches?: pulumi.Input[]>; /** * Configuration block for the conditional branch that should be followed when the conditions for other branches are not satisfied. A branch is made up of a condition, a response and a next step. See `defaultBranch`. */ defaultBranch?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranch { /** * Configuration block for the expression to evaluate. If the condition is true, the branch's actions are taken. See `condition`. */ condition?: pulumi.Input; /** * Name of the branch. */ name: pulumi.Input; /** * Configuration block for the next step in the conversation. See `nextStep`. */ nextStep?: pulumi.Input; /** * Configuration block for a list of message groups that Amazon Lex uses to respond to the user input. See `response`. */ response?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchCondition { /** * Expression string that is evaluated. */ expressionString: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchNextStepIntentSlot { /** * Which attempt to configure. Valid values are `Initial`, `Retry1`, `Retry2`, `Retry3`, `Retry4`, `Retry5`. */ mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchNextStepIntentSlotValue { /** * Value that Amazon Lex determines for the slot. The actual value depends on the setting of the value selection strategy for the bot. You can choose to use the value entered by the user, or you can have Amazon Lex choose the first value in the resolvedValues list. */ interpretedValue?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message?: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchResponseMessageGroupVariation { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranch { /** * Configuration block for the next step in the conversation. See `nextStep`. */ nextStep?: pulumi.Input; /** * Configuration block for a list of message groups that Amazon Lex uses to respond to the user input. See `response`. */ response?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchNextStepIntentSlot { /** * Which attempt to configure. Valid values are `Initial`, `Retry1`, `Retry2`, `Retry3`, `Retry4`, `Retry5`. */ mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchNextStepIntentSlotValue { /** * Value that Amazon Lex determines for the slot. The actual value depends on the setting of the value selection strategy for the bot. You can choose to use the value entered by the user, or you can have Amazon Lex choose the first value in the resolvedValues list. */ interpretedValue?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message?: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchResponseMessageGroupVariation { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutNextStepIntentSlot { /** * Which attempt to configure. Valid values are `Initial`, `Retry1`, `Retry2`, `Retry3`, `Retry4`, `Retry5`. */ mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutNextStepIntentSlotValue { /** * Value that Amazon Lex determines for the slot. The actual value depends on the setting of the value selection strategy for the bot. You can choose to use the value entered by the user, or you can have Amazon Lex choose the first value in the resolvedValues list. */ interpretedValue?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message?: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutResponseMessageGroupVariation { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingConditional { /** * Whether a conditional branch is active. When active is false, the conditions are not evaluated. */ active: pulumi.Input; /** * Configuration blocks for conditional branches. A conditional branch is made up of a condition, a response and a next step. The response and next step are executed when the condition is true. See `conditionalBranch`. */ conditionalBranches?: pulumi.Input[]>; /** * Configuration block for the conditional branch that should be followed when the conditions for other branches are not satisfied. A branch is made up of a condition, a response and a next step. See `defaultBranch`. */ defaultBranch?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingConditionalConditionalBranch { /** * Configuration block for the expression to evaluate. If the condition is true, the branch's actions are taken. See `condition`. */ condition?: pulumi.Input; /** * Name of the branch. */ name: pulumi.Input; /** * Configuration block for the next step in the conversation. See `nextStep`. */ nextStep?: pulumi.Input; /** * Configuration block for a list of message groups that Amazon Lex uses to respond to the user input. See `response`. */ response?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingConditionalConditionalBranchCondition { /** * Expression string that is evaluated. */ expressionString: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingConditionalConditionalBranchNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentInitialResponseSettingConditionalConditionalBranchNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingConditionalConditionalBranchNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentInitialResponseSettingConditionalConditionalBranchNextStepIntentSlot { /** * Which attempt to configure. Valid values are `Initial`, `Retry1`, `Retry2`, `Retry3`, `Retry4`, `Retry5`. */ mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingConditionalConditionalBranchNextStepIntentSlotValue { /** * Value that Amazon Lex determines for the slot. The actual value depends on the setting of the value selection strategy for the bot. You can choose to use the value entered by the user, or you can have Amazon Lex choose the first value in the resolvedValues list. */ interpretedValue?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingConditionalConditionalBranchResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentInitialResponseSettingConditionalConditionalBranchResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message?: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentInitialResponseSettingConditionalConditionalBranchResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingConditionalConditionalBranchResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingConditionalConditionalBranchResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingConditionalConditionalBranchResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingConditionalConditionalBranchResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingConditionalConditionalBranchResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingConditionalConditionalBranchResponseMessageGroupVariation { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingConditionalConditionalBranchResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingConditionalConditionalBranchResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingConditionalConditionalBranchResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingConditionalConditionalBranchResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingConditionalConditionalBranchResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingConditionalDefaultBranch { /** * Configuration block for the next step in the conversation. See `nextStep`. */ nextStep?: pulumi.Input; /** * Configuration block for a list of message groups that Amazon Lex uses to respond to the user input. See `response`. */ response?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingConditionalDefaultBranchNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentInitialResponseSettingConditionalDefaultBranchNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingConditionalDefaultBranchNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentInitialResponseSettingConditionalDefaultBranchNextStepIntentSlot { /** * Which attempt to configure. Valid values are `Initial`, `Retry1`, `Retry2`, `Retry3`, `Retry4`, `Retry5`. */ mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingConditionalDefaultBranchNextStepIntentSlotValue { /** * Value that Amazon Lex determines for the slot. The actual value depends on the setting of the value selection strategy for the bot. You can choose to use the value entered by the user, or you can have Amazon Lex choose the first value in the resolvedValues list. */ interpretedValue?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingConditionalDefaultBranchResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentInitialResponseSettingConditionalDefaultBranchResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message?: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentInitialResponseSettingConditionalDefaultBranchResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingConditionalDefaultBranchResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingConditionalDefaultBranchResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingConditionalDefaultBranchResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingConditionalDefaultBranchResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingConditionalDefaultBranchResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingConditionalDefaultBranchResponseMessageGroupVariation { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingConditionalDefaultBranchResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingConditionalDefaultBranchResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingConditionalDefaultBranchResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingConditionalDefaultBranchResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingConditionalDefaultBranchResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingInitialResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentInitialResponseSettingInitialResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message?: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentInitialResponseSettingInitialResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingInitialResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingInitialResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingInitialResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingInitialResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingInitialResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingInitialResponseMessageGroupVariation { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingInitialResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingInitialResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingInitialResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingInitialResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingInitialResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentInitialResponseSettingNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentInitialResponseSettingNextStepIntentSlot { /** * Which attempt to configure. Valid values are `Initial`, `Retry1`, `Retry2`, `Retry3`, `Retry4`, `Retry5`. */ mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingNextStepIntentSlotValue { /** * Value that Amazon Lex determines for the slot. The actual value depends on the setting of the value selection strategy for the bot. You can choose to use the value entered by the user, or you can have Amazon Lex choose the first value in the resolvedValues list. */ interpretedValue?: pulumi.Input; } export interface V2modelsIntentInputContext { /** * Name of the context. */ name: pulumi.Input; } export interface V2modelsIntentKendraConfiguration { /** * ARN of the Amazon Kendra index that you want the AMAZON.KendraSearchIntent intent to search. The index must be in the same account and Region as the Amazon Lex bot. */ kendraIndex: pulumi.Input; /** * Query filter that Amazon Lex sends to Amazon Kendra to filter the response from a query. The filter is in the format defined by Amazon Kendra. For more information, see [Filtering queries](https://docs.aws.amazon.com/kendra/latest/dg/filtering.html). */ queryFilterString?: pulumi.Input; /** * Whether the AMAZON.KendraSearchIntent intent uses a custom query string to query the Amazon Kendra index. */ queryFilterStringEnabled?: pulumi.Input; } export interface V2modelsIntentOutputContext { /** * Name of the output context. */ name: pulumi.Input; /** * Amount of time, in seconds, that the output context should remain active. The time is figured from the first time the context is sent to the user. */ timeToLiveInSeconds: pulumi.Input; /** * Number of conversation turns that the output context should remain active. The number of turns is counted from the first time that the context is sent to the user. */ turnsToLive: pulumi.Input; } export interface V2modelsIntentSampleUtterance { /** * Sample utterance that Amazon Lex uses to build its machine-learning model to recognize intents. */ utterance: pulumi.Input; } export interface V2modelsIntentSlotPriority { /** * Priority that Amazon Lex should apply to the slot. */ priority: pulumi.Input; /** * Unique identifier of the slot. */ slotId: pulumi.Input; } export interface V2modelsIntentTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface V2modelsSlotMultipleValuesSetting { /** * Whether a slot can return multiple values. When `true`, the slot may return more than one value in a response. When `false`, the slot returns only a single value. Multi-value slots are only available in the `en-US` locale. */ allowMultipleValues?: pulumi.Input; } export interface V2modelsSlotObfuscationSetting { /** * Whether Amazon Lex obscures slot values in conversation logs. Valid values are `DefaultObfuscation` and `None`. */ obfuscationSettingType: pulumi.Input; } export interface V2modelsSlotSubSlotSetting { /** * Expression text for defining the constituent sub slots in the composite slot using logical `AND` and `OR` operators. */ expression?: pulumi.Input; /** * Specifications for the constituent sub slots of a composite slot. * See the `slotSpecification` argument reference below. */ slotSpecifications?: pulumi.Input[]>; } export interface V2modelsSlotSubSlotSettingSlotSpecification { mapBlockKey: pulumi.Input; /** * Unique identifier assigned to the slot type. */ slotTypeId: pulumi.Input; /** * Elicitation setting details for constituent sub slots of a composite slot. * See the `valueElicitationSetting` argument reference below. */ valueElicitationSettings?: pulumi.Input[]>; } export interface V2modelsSlotSubSlotSettingSlotSpecificationValueElicitationSetting { /** * List of default values for a slot. * See the `defaultValueSpecification` argument reference below. */ defaultValueSpecifications?: pulumi.Input[]>; /** * Prompt that Amazon Lex uses to elicit the slot value from the user. * See the `aws.lex.V2modelsIntent` resource for details on the `promptSpecification` argument reference - they are identical. */ promptSpecification?: pulumi.Input; sampleUtterances?: pulumi.Input[]>; /** * Specifies the prompts that Amazon Lex uses while a bot is waiting for customer input. * See the `waitAndContinueSpecification` argument reference below. */ waitAndContinueSpecifications?: pulumi.Input[]>; } export interface V2modelsSlotSubSlotSettingSlotSpecificationValueElicitationSettingDefaultValueSpecification { /** * List of default values. * Amazon Lex chooses the default value to use in the order that they are presented in the list. * See the `defaultValueList` argument reference below. */ defaultValueLists: pulumi.Input[]>; } export interface V2modelsSlotSubSlotSettingSlotSpecificationValueElicitationSettingDefaultValueSpecificationDefaultValueList { /** * Default value to use when a user doesn't provide a value for a slot. */ defaultValue: pulumi.Input; } export interface V2modelsSlotSubSlotSettingSlotSpecificationValueElicitationSettingPromptSpecification { allowInterrupt?: pulumi.Input; maxRetries: pulumi.Input; messageGroups?: pulumi.Input[]>; messageSelectionStrategy?: pulumi.Input; promptAttemptsSpecifications?: pulumi.Input[]>; } export interface V2modelsSlotSubSlotSettingSlotSpecificationValueElicitationSettingPromptSpecificationMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. * See the `aws.lex.V2modelsIntent` resource for details on the `message` argument reference - they are identical. */ message?: pulumi.Input; /** * Configuration blocks for message variations to send to the user. * When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. * See the `aws.lex.V2modelsIntent` resource for details on the `variation` argument reference - they are identical. */ variations?: pulumi.Input[]>; } export interface V2modelsSlotSubSlotSettingSlotSpecificationValueElicitationSettingPromptSpecificationMessageGroupMessage { customPayload?: pulumi.Input; imageResponseCard?: pulumi.Input; plainTextMessage?: pulumi.Input; ssmlMessage?: pulumi.Input; } export interface V2modelsSlotSubSlotSettingSlotSpecificationValueElicitationSettingPromptSpecificationMessageGroupMessageCustomPayload { value: pulumi.Input; } export interface V2modelsSlotSubSlotSettingSlotSpecificationValueElicitationSettingPromptSpecificationMessageGroupMessageImageResponseCard { buttons?: pulumi.Input[]>; imageUrl?: pulumi.Input; subtitle?: pulumi.Input; title: pulumi.Input; } export interface V2modelsSlotSubSlotSettingSlotSpecificationValueElicitationSettingPromptSpecificationMessageGroupMessageImageResponseCardButton { text: pulumi.Input; value: pulumi.Input; } export interface V2modelsSlotSubSlotSettingSlotSpecificationValueElicitationSettingPromptSpecificationMessageGroupMessagePlainTextMessage { value: pulumi.Input; } export interface V2modelsSlotSubSlotSettingSlotSpecificationValueElicitationSettingPromptSpecificationMessageGroupMessageSsmlMessage { value: pulumi.Input; } export interface V2modelsSlotSubSlotSettingSlotSpecificationValueElicitationSettingPromptSpecificationMessageGroupVariation { customPayload?: pulumi.Input; imageResponseCard?: pulumi.Input; plainTextMessage?: pulumi.Input; ssmlMessage?: pulumi.Input; } export interface V2modelsSlotSubSlotSettingSlotSpecificationValueElicitationSettingPromptSpecificationMessageGroupVariationCustomPayload { value: pulumi.Input; } export interface V2modelsSlotSubSlotSettingSlotSpecificationValueElicitationSettingPromptSpecificationMessageGroupVariationImageResponseCard { buttons?: pulumi.Input[]>; imageUrl?: pulumi.Input; subtitle?: pulumi.Input; title: pulumi.Input; } export interface V2modelsSlotSubSlotSettingSlotSpecificationValueElicitationSettingPromptSpecificationMessageGroupVariationImageResponseCardButton { text: pulumi.Input; value: pulumi.Input; } export interface V2modelsSlotSubSlotSettingSlotSpecificationValueElicitationSettingPromptSpecificationMessageGroupVariationPlainTextMessage { value: pulumi.Input; } export interface V2modelsSlotSubSlotSettingSlotSpecificationValueElicitationSettingPromptSpecificationMessageGroupVariationSsmlMessage { value: pulumi.Input; } export interface V2modelsSlotSubSlotSettingSlotSpecificationValueElicitationSettingPromptSpecificationPromptAttemptsSpecification { allowInterrupt?: pulumi.Input; allowedInputTypes?: pulumi.Input; audioAndDtmfInputSpecification?: pulumi.Input; mapBlockKey: pulumi.Input; textInputSpecification?: pulumi.Input; } export interface V2modelsSlotSubSlotSettingSlotSpecificationValueElicitationSettingPromptSpecificationPromptAttemptsSpecificationAllowedInputTypes { allowAudioInput: pulumi.Input; allowDtmfInput: pulumi.Input; } export interface V2modelsSlotSubSlotSettingSlotSpecificationValueElicitationSettingPromptSpecificationPromptAttemptsSpecificationAudioAndDtmfInputSpecification { audioSpecification?: pulumi.Input; dtmfSpecification?: pulumi.Input; startTimeoutMs: pulumi.Input; } export interface V2modelsSlotSubSlotSettingSlotSpecificationValueElicitationSettingPromptSpecificationPromptAttemptsSpecificationAudioAndDtmfInputSpecificationAudioSpecification { endTimeoutMs: pulumi.Input; maxLengthMs: pulumi.Input; } export interface V2modelsSlotSubSlotSettingSlotSpecificationValueElicitationSettingPromptSpecificationPromptAttemptsSpecificationAudioAndDtmfInputSpecificationDtmfSpecification { deletionCharacter: pulumi.Input; endCharacter: pulumi.Input; endTimeoutMs: pulumi.Input; maxLength: pulumi.Input; } export interface V2modelsSlotSubSlotSettingSlotSpecificationValueElicitationSettingPromptSpecificationPromptAttemptsSpecificationTextInputSpecification { startTimeoutMs: pulumi.Input; } export interface V2modelsSlotSubSlotSettingSlotSpecificationValueElicitationSettingSampleUtterance { /** * The sample utterance that Amazon Lex uses to build its machine-learning model to recognize intents. */ utterance: pulumi.Input; } export interface V2modelsSlotSubSlotSettingSlotSpecificationValueElicitationSettingWaitAndContinueSpecification { /** * Specifies whether the bot will wait for a user to respond. * When this field is `false`, wait and continue responses for a slot aren't used. * If the active field isn't specified, the default is `true`. */ active?: pulumi.Input; /** * Response that Amazon Lex sends to indicate that the bot is ready to continue the conversation. * See the `continueResponse` argument reference below. */ continueResponses?: pulumi.Input[]>; /** * Response that Amazon Lex sends periodically to the user to indicate that the bot is still waiting for input from the user. * See the `stillWaitingResponse` argument reference below. */ stillWaitingResponses?: pulumi.Input[]>; /** * Response that Amazon Lex sends to indicate that the bot is waiting for the conversation to continue. * See the `waitingResponse` argument reference below. */ waitingResponses?: pulumi.Input[]>; } export interface V2modelsSlotSubSlotSettingSlotSpecificationValueElicitationSettingWaitAndContinueSpecificationContinueResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. * Amazon Lex chooses the actual response to send at runtime. * See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsSlotSubSlotSettingSlotSpecificationValueElicitationSettingWaitAndContinueSpecificationContinueResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. * See the `aws.lex.V2modelsIntent` resource for details on the `message` argument reference - they are identical. */ message?: pulumi.Input; /** * Configuration blocks for message variations to send to the user. * When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. * See the `aws.lex.V2modelsIntent` resource for details on the `variation` argument reference - they are identical. */ variations?: pulumi.Input[]>; } export interface V2modelsSlotSubSlotSettingSlotSpecificationValueElicitationSettingWaitAndContinueSpecificationContinueResponseMessageGroupMessage { customPayload?: pulumi.Input; imageResponseCard?: pulumi.Input; plainTextMessage?: pulumi.Input; ssmlMessage?: pulumi.Input; } export interface V2modelsSlotSubSlotSettingSlotSpecificationValueElicitationSettingWaitAndContinueSpecificationContinueResponseMessageGroupMessageCustomPayload { value: pulumi.Input; } export interface V2modelsSlotSubSlotSettingSlotSpecificationValueElicitationSettingWaitAndContinueSpecificationContinueResponseMessageGroupMessageImageResponseCard { buttons?: pulumi.Input[]>; imageUrl?: pulumi.Input; subtitle?: pulumi.Input; title: pulumi.Input; } export interface V2modelsSlotSubSlotSettingSlotSpecificationValueElicitationSettingWaitAndContinueSpecificationContinueResponseMessageGroupMessageImageResponseCardButton { text: pulumi.Input; value: pulumi.Input; } export interface V2modelsSlotSubSlotSettingSlotSpecificationValueElicitationSettingWaitAndContinueSpecificationContinueResponseMessageGroupMessagePlainTextMessage { value: pulumi.Input; } export interface V2modelsSlotSubSlotSettingSlotSpecificationValueElicitationSettingWaitAndContinueSpecificationContinueResponseMessageGroupMessageSsmlMessage { value: pulumi.Input; } export interface V2modelsSlotSubSlotSettingSlotSpecificationValueElicitationSettingWaitAndContinueSpecificationContinueResponseMessageGroupVariation { customPayload?: pulumi.Input; imageResponseCard?: pulumi.Input; plainTextMessage?: pulumi.Input; ssmlMessage?: pulumi.Input; } export interface V2modelsSlotSubSlotSettingSlotSpecificationValueElicitationSettingWaitAndContinueSpecificationContinueResponseMessageGroupVariationCustomPayload { value: pulumi.Input; } export interface V2modelsSlotSubSlotSettingSlotSpecificationValueElicitationSettingWaitAndContinueSpecificationContinueResponseMessageGroupVariationImageResponseCard { buttons?: pulumi.Input[]>; imageUrl?: pulumi.Input; subtitle?: pulumi.Input; title: pulumi.Input; } export interface V2modelsSlotSubSlotSettingSlotSpecificationValueElicitationSettingWaitAndContinueSpecificationContinueResponseMessageGroupVariationImageResponseCardButton { text: pulumi.Input; value: pulumi.Input; } export interface V2modelsSlotSubSlotSettingSlotSpecificationValueElicitationSettingWaitAndContinueSpecificationContinueResponseMessageGroupVariationPlainTextMessage { value: pulumi.Input; } export interface V2modelsSlotSubSlotSettingSlotSpecificationValueElicitationSettingWaitAndContinueSpecificationContinueResponseMessageGroupVariationSsmlMessage { value: pulumi.Input; } export interface V2modelsSlotSubSlotSettingSlotSpecificationValueElicitationSettingWaitAndContinueSpecificationStillWaitingResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * How often a message should be sent to the user. */ frequencyInSeconds: pulumi.Input; messageGroups?: pulumi.Input[]>; /** * If Amazon Lex waits longer than this length of time for a response, it will stop sending messages. */ timeoutInSeconds: pulumi.Input; } export interface V2modelsSlotSubSlotSettingSlotSpecificationValueElicitationSettingWaitAndContinueSpecificationStillWaitingResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. * See the `aws.lex.V2modelsIntent` resource for details on the `message` argument reference - they are identical. */ message?: pulumi.Input; /** * Configuration blocks for message variations to send to the user. * When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. * See the `aws.lex.V2modelsIntent` resource for details on the `variation` argument reference - they are identical. */ variations?: pulumi.Input[]>; } export interface V2modelsSlotSubSlotSettingSlotSpecificationValueElicitationSettingWaitAndContinueSpecificationStillWaitingResponseMessageGroupMessage { customPayload?: pulumi.Input; imageResponseCard?: pulumi.Input; plainTextMessage?: pulumi.Input; ssmlMessage?: pulumi.Input; } export interface V2modelsSlotSubSlotSettingSlotSpecificationValueElicitationSettingWaitAndContinueSpecificationStillWaitingResponseMessageGroupMessageCustomPayload { value: pulumi.Input; } export interface V2modelsSlotSubSlotSettingSlotSpecificationValueElicitationSettingWaitAndContinueSpecificationStillWaitingResponseMessageGroupMessageImageResponseCard { buttons?: pulumi.Input[]>; imageUrl?: pulumi.Input; subtitle?: pulumi.Input; title: pulumi.Input; } export interface V2modelsSlotSubSlotSettingSlotSpecificationValueElicitationSettingWaitAndContinueSpecificationStillWaitingResponseMessageGroupMessageImageResponseCardButton { text: pulumi.Input; value: pulumi.Input; } export interface V2modelsSlotSubSlotSettingSlotSpecificationValueElicitationSettingWaitAndContinueSpecificationStillWaitingResponseMessageGroupMessagePlainTextMessage { value: pulumi.Input; } export interface V2modelsSlotSubSlotSettingSlotSpecificationValueElicitationSettingWaitAndContinueSpecificationStillWaitingResponseMessageGroupMessageSsmlMessage { value: pulumi.Input; } export interface V2modelsSlotSubSlotSettingSlotSpecificationValueElicitationSettingWaitAndContinueSpecificationStillWaitingResponseMessageGroupVariation { customPayload?: pulumi.Input; imageResponseCard?: pulumi.Input; plainTextMessage?: pulumi.Input; ssmlMessage?: pulumi.Input; } export interface V2modelsSlotSubSlotSettingSlotSpecificationValueElicitationSettingWaitAndContinueSpecificationStillWaitingResponseMessageGroupVariationCustomPayload { value: pulumi.Input; } export interface V2modelsSlotSubSlotSettingSlotSpecificationValueElicitationSettingWaitAndContinueSpecificationStillWaitingResponseMessageGroupVariationImageResponseCard { buttons?: pulumi.Input[]>; imageUrl?: pulumi.Input; subtitle?: pulumi.Input; title: pulumi.Input; } export interface V2modelsSlotSubSlotSettingSlotSpecificationValueElicitationSettingWaitAndContinueSpecificationStillWaitingResponseMessageGroupVariationImageResponseCardButton { text: pulumi.Input; value: pulumi.Input; } export interface V2modelsSlotSubSlotSettingSlotSpecificationValueElicitationSettingWaitAndContinueSpecificationStillWaitingResponseMessageGroupVariationPlainTextMessage { value: pulumi.Input; } export interface V2modelsSlotSubSlotSettingSlotSpecificationValueElicitationSettingWaitAndContinueSpecificationStillWaitingResponseMessageGroupVariationSsmlMessage { value: pulumi.Input; } export interface V2modelsSlotSubSlotSettingSlotSpecificationValueElicitationSettingWaitAndContinueSpecificationWaitingResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. * Amazon Lex chooses the actual response to send at runtime. * See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsSlotSubSlotSettingSlotSpecificationValueElicitationSettingWaitAndContinueSpecificationWaitingResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. * See the `aws.lex.V2modelsIntent` resource for details on the `message` argument reference - they are identical. */ message?: pulumi.Input; /** * Configuration blocks for message variations to send to the user. * When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. * See the `aws.lex.V2modelsIntent` resource for details on the `variation` argument reference - they are identical. */ variations?: pulumi.Input[]>; } export interface V2modelsSlotSubSlotSettingSlotSpecificationValueElicitationSettingWaitAndContinueSpecificationWaitingResponseMessageGroupMessage { customPayload?: pulumi.Input; imageResponseCard?: pulumi.Input; plainTextMessage?: pulumi.Input; ssmlMessage?: pulumi.Input; } export interface V2modelsSlotSubSlotSettingSlotSpecificationValueElicitationSettingWaitAndContinueSpecificationWaitingResponseMessageGroupMessageCustomPayload { value: pulumi.Input; } export interface V2modelsSlotSubSlotSettingSlotSpecificationValueElicitationSettingWaitAndContinueSpecificationWaitingResponseMessageGroupMessageImageResponseCard { buttons?: pulumi.Input[]>; imageUrl?: pulumi.Input; subtitle?: pulumi.Input; title: pulumi.Input; } export interface V2modelsSlotSubSlotSettingSlotSpecificationValueElicitationSettingWaitAndContinueSpecificationWaitingResponseMessageGroupMessageImageResponseCardButton { text: pulumi.Input; value: pulumi.Input; } export interface V2modelsSlotSubSlotSettingSlotSpecificationValueElicitationSettingWaitAndContinueSpecificationWaitingResponseMessageGroupMessagePlainTextMessage { value: pulumi.Input; } export interface V2modelsSlotSubSlotSettingSlotSpecificationValueElicitationSettingWaitAndContinueSpecificationWaitingResponseMessageGroupMessageSsmlMessage { value: pulumi.Input; } export interface V2modelsSlotSubSlotSettingSlotSpecificationValueElicitationSettingWaitAndContinueSpecificationWaitingResponseMessageGroupVariation { customPayload?: pulumi.Input; imageResponseCard?: pulumi.Input; plainTextMessage?: pulumi.Input; ssmlMessage?: pulumi.Input; } export interface V2modelsSlotSubSlotSettingSlotSpecificationValueElicitationSettingWaitAndContinueSpecificationWaitingResponseMessageGroupVariationCustomPayload { value: pulumi.Input; } export interface V2modelsSlotSubSlotSettingSlotSpecificationValueElicitationSettingWaitAndContinueSpecificationWaitingResponseMessageGroupVariationImageResponseCard { buttons?: pulumi.Input[]>; imageUrl?: pulumi.Input; subtitle?: pulumi.Input; title: pulumi.Input; } export interface V2modelsSlotSubSlotSettingSlotSpecificationValueElicitationSettingWaitAndContinueSpecificationWaitingResponseMessageGroupVariationImageResponseCardButton { text: pulumi.Input; value: pulumi.Input; } export interface V2modelsSlotSubSlotSettingSlotSpecificationValueElicitationSettingWaitAndContinueSpecificationWaitingResponseMessageGroupVariationPlainTextMessage { value: pulumi.Input; } export interface V2modelsSlotSubSlotSettingSlotSpecificationValueElicitationSettingWaitAndContinueSpecificationWaitingResponseMessageGroupVariationSsmlMessage { value: pulumi.Input; } export interface V2modelsSlotTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface V2modelsSlotTypeCompositeSlotTypeSetting { /** * Sub slots in the composite slot. * See `subSlots` argument reference below. */ subSlots?: pulumi.Input[]>; } export interface V2modelsSlotTypeCompositeSlotTypeSettingSubSlot { /** * Name of a constituent sub slot inside a composite slot. */ name: pulumi.Input; /** * Unique identifier assigned to a slot type. * This refers to either a built-in slot type or the unique `slotTypeId` of a custom slot type. */ slotTypeId: pulumi.Input; } export interface V2modelsSlotTypeExternalSourceSetting { /** * Settings required for a slot type based on a grammar that you provide. * See `grammarSlotTypeSetting` argument reference below. */ grammarSlotTypeSettings?: pulumi.Input[]>; } export interface V2modelsSlotTypeExternalSourceSettingGrammarSlotTypeSetting { /** * Source of the grammar used to create the slot type. * See `source` argument reference below. */ sources?: pulumi.Input[]>; } export interface V2modelsSlotTypeExternalSourceSettingGrammarSlotTypeSettingSource { /** * KMS key required to decrypt the contents of the grammar, if any. */ kmsKeyArn: pulumi.Input; /** * Name of the Amazon S3 bucket that contains the grammar source. */ s3BucketName: pulumi.Input; /** * Path to the grammar in the Amazon S3 bucket. */ s3ObjectKey: pulumi.Input; } export interface V2modelsSlotTypeSlotTypeValue { /** * Value of the slot type entry. * See `sampleValue` argument reference below. */ sampleValues?: pulumi.Input[]>; /** * A list of additional values related to the slot type entry. * See `synonyms` argument reference below. */ synonyms?: pulumi.Input[]>; } export interface V2modelsSlotTypeSlotTypeValueSampleValue { /** * Value that can be used for a slot type. */ value: pulumi.Input; } export interface V2modelsSlotTypeSlotTypeValueSynonym { /** * Value that can be used for a slot type. */ value: pulumi.Input; } export interface V2modelsSlotTypeTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface V2modelsSlotTypeValueSelectionSetting { /** * Provides settings that enable advanced recognition settings for slot values. * You can use this to enable using slot values as a custom vocabulary for recognizing user utterances. * See `advancedRecognitionSetting` argument reference below. */ advancedRecognitionSettings?: pulumi.Input[]>; /** * Used to validate the value of the slot. * See `regexFilter` argument reference below. */ regexFilters?: pulumi.Input[]>; /** * Determines the slot resolution strategy that Amazon Lex uses to return slot type values. * Valid values are `OriginalValue`, `TopResolution`, and `Concatenation`. */ resolutionStrategy: pulumi.Input; } export interface V2modelsSlotTypeValueSelectionSettingAdvancedRecognitionSetting { /** * Enables using the slot values as a custom vocabulary for recognizing user utterances. * Valid value is `UseSlotValuesAsCustomVocabulary`. */ audioRecognitionStrategy?: pulumi.Input; } export interface V2modelsSlotTypeValueSelectionSettingRegexFilter { /** * A regular expression used to validate the value of a slot. */ pattern: pulumi.Input; } export interface V2modelsSlotValueElicitationSetting { /** * List of default values for a slot. * See the `defaultValueSpecification` argument reference below. */ defaultValueSpecifications?: pulumi.Input[]>; /** * Prompt that Amazon Lex uses to elicit the slot value from the user. * See the `aws.lex.V2modelsIntent` resource for details on the `promptSpecification` argument reference - they are identical. */ promptSpecification?: pulumi.Input; sampleUtterances?: pulumi.Input[]>; /** * Whether the slot is required or optional. Valid values are `Required` or `Optional`. */ slotConstraint: pulumi.Input; /** * Information about whether assisted slot resolution is turned on for the slot or not. * See the `slotResolutionSetting` argument reference below. */ slotResolutionSettings?: pulumi.Input[]>; /** * Specifies the prompts that Amazon Lex uses while a bot is waiting for customer input. * See the `waitAndContinueSpecification` argument reference below. */ waitAndContinueSpecifications?: pulumi.Input[]>; } export interface V2modelsSlotValueElicitationSettingDefaultValueSpecification { /** * List of default values. * Amazon Lex chooses the default value to use in the order that they are presented in the list. * See the `defaultValueList` argument reference below. */ defaultValueLists: pulumi.Input[]>; } export interface V2modelsSlotValueElicitationSettingDefaultValueSpecificationDefaultValueList { /** * Default value to use when a user doesn't provide a value for a slot. */ defaultValue: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingPromptSpecification { allowInterrupt?: pulumi.Input; maxRetries: pulumi.Input; messageGroups?: pulumi.Input[]>; messageSelectionStrategy?: pulumi.Input; promptAttemptsSpecifications?: pulumi.Input[]>; } export interface V2modelsSlotValueElicitationSettingPromptSpecificationMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. * See the `aws.lex.V2modelsIntent` resource for details on the `message` argument reference - they are identical. */ message?: pulumi.Input; /** * Configuration blocks for message variations to send to the user. * When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. * See the `aws.lex.V2modelsIntent` resource for details on the `variation` argument reference - they are identical. */ variations?: pulumi.Input[]>; } export interface V2modelsSlotValueElicitationSettingPromptSpecificationMessageGroupMessage { customPayload?: pulumi.Input; imageResponseCard?: pulumi.Input; plainTextMessage?: pulumi.Input; ssmlMessage?: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingPromptSpecificationMessageGroupMessageCustomPayload { value: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingPromptSpecificationMessageGroupMessageImageResponseCard { buttons?: pulumi.Input[]>; imageUrl?: pulumi.Input; subtitle?: pulumi.Input; title: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingPromptSpecificationMessageGroupMessageImageResponseCardButton { text: pulumi.Input; value: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingPromptSpecificationMessageGroupMessagePlainTextMessage { value: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingPromptSpecificationMessageGroupMessageSsmlMessage { value: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingPromptSpecificationMessageGroupVariation { customPayload?: pulumi.Input; imageResponseCard?: pulumi.Input; plainTextMessage?: pulumi.Input; ssmlMessage?: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingPromptSpecificationMessageGroupVariationCustomPayload { value: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingPromptSpecificationMessageGroupVariationImageResponseCard { buttons?: pulumi.Input[]>; imageUrl?: pulumi.Input; subtitle?: pulumi.Input; title: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingPromptSpecificationMessageGroupVariationImageResponseCardButton { text: pulumi.Input; value: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingPromptSpecificationMessageGroupVariationPlainTextMessage { value: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingPromptSpecificationMessageGroupVariationSsmlMessage { value: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingPromptSpecificationPromptAttemptsSpecification { allowInterrupt?: pulumi.Input; allowedInputTypes?: pulumi.Input; audioAndDtmfInputSpecification?: pulumi.Input; mapBlockKey: pulumi.Input; textInputSpecification?: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingPromptSpecificationPromptAttemptsSpecificationAllowedInputTypes { allowAudioInput: pulumi.Input; allowDtmfInput: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingPromptSpecificationPromptAttemptsSpecificationAudioAndDtmfInputSpecification { audioSpecification?: pulumi.Input; dtmfSpecification?: pulumi.Input; startTimeoutMs: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingPromptSpecificationPromptAttemptsSpecificationAudioAndDtmfInputSpecificationAudioSpecification { endTimeoutMs: pulumi.Input; maxLengthMs: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingPromptSpecificationPromptAttemptsSpecificationAudioAndDtmfInputSpecificationDtmfSpecification { deletionCharacter: pulumi.Input; endCharacter: pulumi.Input; endTimeoutMs: pulumi.Input; maxLength: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingPromptSpecificationPromptAttemptsSpecificationTextInputSpecification { startTimeoutMs: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingSampleUtterance { /** * The sample utterance that Amazon Lex uses to build its machine-learning model to recognize intents. */ utterance: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingSlotResolutionSetting { /** * Specifies whether assisted slot resolution is turned on for the slot or not. * Valid values are `EnhancedFallback` or `Default`. * If the value is `EnhancedFallback`, assisted slot resolution is activated when Amazon Lex defaults to the `AMAZON.FallbackIntent`. * If the value is `Default`, assisted slot resolution is turned off. */ slotResolutionStrategy: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecification { /** * Specifies whether the bot will wait for a user to respond. * When this field is `false`, wait and continue responses for a slot aren't used. * If the active field isn't specified, the default is `true`. */ active?: pulumi.Input; /** * Response that Amazon Lex sends to indicate that the bot is ready to continue the conversation. * See the `continueResponse` argument reference below. */ continueResponses?: pulumi.Input[]>; /** * Response that Amazon Lex sends periodically to the user to indicate that the bot is still waiting for input from the user. * See the `stillWaitingResponse` argument reference below. */ stillWaitingResponses?: pulumi.Input[]>; /** * Response that Amazon Lex sends to indicate that the bot is waiting for the conversation to continue. * See the `waitingResponse` argument reference below. */ waitingResponses?: pulumi.Input[]>; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationContinueResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. * Amazon Lex chooses the actual response to send at runtime. * See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationContinueResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. * See the `aws.lex.V2modelsIntent` resource for details on the `message` argument reference - they are identical. */ message?: pulumi.Input; /** * Configuration blocks for message variations to send to the user. * When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. * See the `aws.lex.V2modelsIntent` resource for details on the `variation` argument reference - they are identical. */ variations?: pulumi.Input[]>; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationContinueResponseMessageGroupMessage { customPayload?: pulumi.Input; imageResponseCard?: pulumi.Input; plainTextMessage?: pulumi.Input; ssmlMessage?: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationContinueResponseMessageGroupMessageCustomPayload { value: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationContinueResponseMessageGroupMessageImageResponseCard { buttons?: pulumi.Input[]>; imageUrl?: pulumi.Input; subtitle?: pulumi.Input; title: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationContinueResponseMessageGroupMessageImageResponseCardButton { text: pulumi.Input; value: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationContinueResponseMessageGroupMessagePlainTextMessage { value: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationContinueResponseMessageGroupMessageSsmlMessage { value: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationContinueResponseMessageGroupVariation { customPayload?: pulumi.Input; imageResponseCard?: pulumi.Input; plainTextMessage?: pulumi.Input; ssmlMessage?: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationContinueResponseMessageGroupVariationCustomPayload { value: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationContinueResponseMessageGroupVariationImageResponseCard { buttons?: pulumi.Input[]>; imageUrl?: pulumi.Input; subtitle?: pulumi.Input; title: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationContinueResponseMessageGroupVariationImageResponseCardButton { text: pulumi.Input; value: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationContinueResponseMessageGroupVariationPlainTextMessage { value: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationContinueResponseMessageGroupVariationSsmlMessage { value: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationStillWaitingResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * How often a message should be sent to the user. */ frequencyInSeconds: pulumi.Input; messageGroups?: pulumi.Input[]>; /** * If Amazon Lex waits longer than this length of time for a response, it will stop sending messages. */ timeoutInSeconds: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationStillWaitingResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. * See the `aws.lex.V2modelsIntent` resource for details on the `message` argument reference - they are identical. */ message?: pulumi.Input; /** * Configuration blocks for message variations to send to the user. * When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. * See the `aws.lex.V2modelsIntent` resource for details on the `variation` argument reference - they are identical. */ variations?: pulumi.Input[]>; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationStillWaitingResponseMessageGroupMessage { customPayload?: pulumi.Input; imageResponseCard?: pulumi.Input; plainTextMessage?: pulumi.Input; ssmlMessage?: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationStillWaitingResponseMessageGroupMessageCustomPayload { value: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationStillWaitingResponseMessageGroupMessageImageResponseCard { buttons?: pulumi.Input[]>; imageUrl?: pulumi.Input; subtitle?: pulumi.Input; title: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationStillWaitingResponseMessageGroupMessageImageResponseCardButton { text: pulumi.Input; value: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationStillWaitingResponseMessageGroupMessagePlainTextMessage { value: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationStillWaitingResponseMessageGroupMessageSsmlMessage { value: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationStillWaitingResponseMessageGroupVariation { customPayload?: pulumi.Input; imageResponseCard?: pulumi.Input; plainTextMessage?: pulumi.Input; ssmlMessage?: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationStillWaitingResponseMessageGroupVariationCustomPayload { value: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationStillWaitingResponseMessageGroupVariationImageResponseCard { buttons?: pulumi.Input[]>; imageUrl?: pulumi.Input; subtitle?: pulumi.Input; title: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationStillWaitingResponseMessageGroupVariationImageResponseCardButton { text: pulumi.Input; value: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationStillWaitingResponseMessageGroupVariationPlainTextMessage { value: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationStillWaitingResponseMessageGroupVariationSsmlMessage { value: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationWaitingResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. * Amazon Lex chooses the actual response to send at runtime. * See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationWaitingResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. * See the `aws.lex.V2modelsIntent` resource for details on the `message` argument reference - they are identical. */ message?: pulumi.Input; /** * Configuration blocks for message variations to send to the user. * When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. * See the `aws.lex.V2modelsIntent` resource for details on the `variation` argument reference - they are identical. */ variations?: pulumi.Input[]>; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationWaitingResponseMessageGroupMessage { customPayload?: pulumi.Input; imageResponseCard?: pulumi.Input; plainTextMessage?: pulumi.Input; ssmlMessage?: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationWaitingResponseMessageGroupMessageCustomPayload { value: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationWaitingResponseMessageGroupMessageImageResponseCard { buttons?: pulumi.Input[]>; imageUrl?: pulumi.Input; subtitle?: pulumi.Input; title: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationWaitingResponseMessageGroupMessageImageResponseCardButton { text: pulumi.Input; value: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationWaitingResponseMessageGroupMessagePlainTextMessage { value: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationWaitingResponseMessageGroupMessageSsmlMessage { value: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationWaitingResponseMessageGroupVariation { customPayload?: pulumi.Input; imageResponseCard?: pulumi.Input; plainTextMessage?: pulumi.Input; ssmlMessage?: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationWaitingResponseMessageGroupVariationCustomPayload { value: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationWaitingResponseMessageGroupVariationImageResponseCard { buttons?: pulumi.Input[]>; imageUrl?: pulumi.Input; subtitle?: pulumi.Input; title: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationWaitingResponseMessageGroupVariationImageResponseCardButton { text: pulumi.Input; value: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationWaitingResponseMessageGroupVariationPlainTextMessage { value: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationWaitingResponseMessageGroupVariationSsmlMessage { value: pulumi.Input; } } export namespace licensemanager { export interface GetLicenseGrantsFilter { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/license-manager/latest/APIReference/API_ListReceivedGrants.html#API_ListReceivedGrants_RequestSyntax). * For example, if filtering using `ProductSKU`, use: * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * const selected = aws.licensemanager.getLicenseGrants({ * filters: [{ * name: "ProductSKU", * values: [""], * }], * }); * ``` */ name: string; /** * Set of values that are accepted for the given field. */ values: string[]; } export interface GetLicenseGrantsFilterArgs { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/license-manager/latest/APIReference/API_ListReceivedGrants.html#API_ListReceivedGrants_RequestSyntax). * For example, if filtering using `ProductSKU`, use: * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * const selected = aws.licensemanager.getLicenseGrants({ * filters: [{ * name: "ProductSKU", * values: [""], * }], * }); * ``` */ name: pulumi.Input; /** * Set of values that are accepted for the given field. */ values: pulumi.Input[]>; } export interface GetReceivedLicensesFilter { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/license-manager/latest/APIReference/API_ListReceivedLicenses.html#API_ListReceivedLicenses_RequestSyntax). * For example, if filtering using `ProductSKU`, use: * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * const selected = aws.licensemanager.getReceivedLicenses({ * filters: [{ * name: "ProductSKU", * values: [""], * }], * }); * ``` */ name: string; /** * Set of values that are accepted for the given field. */ values: string[]; } export interface GetReceivedLicensesFilterArgs { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/license-manager/latest/APIReference/API_ListReceivedLicenses.html#API_ListReceivedLicenses_RequestSyntax). * For example, if filtering using `ProductSKU`, use: * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * const selected = aws.licensemanager.getReceivedLicenses({ * filters: [{ * name: "ProductSKU", * values: [""], * }], * }); * ``` */ name: pulumi.Input; /** * Set of values that are accepted for the given field. */ values: pulumi.Input[]>; } } export namespace lightsail { export interface CertificateDomainValidationOption { /** * Domain name for which the certificate should be issued. */ domainName?: pulumi.Input; /** * Name of the DNS record to create to validate the certificate. */ resourceRecordName?: pulumi.Input; /** * Type of DNS record to create to validate the certificate. */ resourceRecordType?: pulumi.Input; /** * Value of the DNS record to create to validate the certificate. */ resourceRecordValue?: pulumi.Input; } export interface ContainerServiceDeploymentVersionContainer { /** * Launch command for the container. A list of strings. */ commands?: pulumi.Input[]>; /** * Name of the container. */ containerName: pulumi.Input; /** * Key-value map of the environment variables of the container. */ environment?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Name of the image used for the container. Container images sourced from your Lightsail container service, that are registered and stored on your service, start with a colon (`:`). For example, `:container-service-1.mystaticwebsite.1`. Container images sourced from a public registry like Docker Hub don't start with a colon. For example, `nginx:latest` or `nginx`. */ image: pulumi.Input; /** * Key-value map of the open firewall ports of the container. Valid values: `HTTP`, `HTTPS`, `TCP`, `UDP`. */ ports?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface ContainerServiceDeploymentVersionPublicEndpoint { /** * Name of the container for the endpoint. */ containerName: pulumi.Input; /** * Port of the container to which traffic is forwarded to. */ containerPort: pulumi.Input; /** * Configuration block that describes the health check configuration of the container. See below. */ healthCheck: pulumi.Input; } export interface ContainerServiceDeploymentVersionPublicEndpointHealthCheck { /** * Number of consecutive health check successes required before moving the container to the Healthy state. Defaults to 2. */ healthyThreshold?: pulumi.Input; /** * Approximate interval, in seconds, between health checks of an individual container. You can specify between 5 and 300 seconds. Defaults to 5. */ intervalSeconds?: pulumi.Input; /** * Path on the container on which to perform the health check. Defaults to "/". */ path?: pulumi.Input; /** * HTTP codes to use when checking for a successful response from a container. You can specify values between 200 and 499. Defaults to "200-499". */ successCodes?: pulumi.Input; /** * Amount of time, in seconds, during which no response means a failed health check. You can specify between 2 and 60 seconds. Defaults to 2. */ timeoutSeconds?: pulumi.Input; /** * Number of consecutive health check failures required before moving the container to the Unhealthy state. Defaults to 2. */ unhealthyThreshold?: pulumi.Input; } export interface ContainerServicePrivateRegistryAccess { /** * Configuration to access private container image repositories, such as Amazon Elastic Container Registry (Amazon ECR) private repositories. See below. */ ecrImagePullerRole?: pulumi.Input; } export interface ContainerServicePrivateRegistryAccessEcrImagePullerRole { /** * Whether to activate the role. Defaults to `false`. */ isActive?: pulumi.Input; /** * Principal ARN of the container service. The principal ARN can be used to create a trust relationship between your standard AWS account and your Lightsail container service. */ principalArn?: pulumi.Input; } export interface ContainerServicePublicDomainNames { /** * Set of certificate configurations for the public domain names. Each element contains the following attributes: */ certificates: pulumi.Input[]>; } export interface ContainerServicePublicDomainNamesCertificate { /** * Name of the certificate. */ certificateName: pulumi.Input; /** * List of domain names for the certificate. */ domainNames: pulumi.Input[]>; } export interface DistributionCacheBehavior { /** * Cache behavior for the specified path. Valid values: `cache`, `dont-cache`. */ behavior: pulumi.Input; /** * Path to a directory or file to cache, or not cache. Use an asterisk symbol to specify wildcard directories (`path/to/assets/*`), and file types (`*.html`, `*.jpg`, `*.js`). Directories and file paths are case-sensitive. */ path: pulumi.Input; } export interface DistributionCacheBehaviorSettings { /** * HTTP methods that are processed and forwarded to the distribution's origin. */ allowedHttpMethods?: pulumi.Input; /** * HTTP method responses that are cached by your distribution. */ cachedHttpMethods?: pulumi.Input; /** * Default amount of time that objects stay in the distribution's cache before the distribution forwards another request to the origin to determine whether the content has been updated. */ defaultTtl?: pulumi.Input; /** * Cookies that are forwarded to the origin. Your content is cached based on the cookies that are forwarded. See below. */ forwardedCookies?: pulumi.Input; /** * Headers that are forwarded to the origin. Your content is cached based on the headers that are forwarded. See below. */ forwardedHeaders?: pulumi.Input; /** * Query strings that are forwarded to the origin. Your content is cached based on the query strings that are forwarded. See below. */ forwardedQueryStrings?: pulumi.Input; /** * Maximum amount of time that objects stay in the distribution's cache before the distribution forwards another request to the origin to determine whether the object has been updated. */ maximumTtl?: pulumi.Input; /** * Minimum amount of time that objects stay in the distribution's cache before the distribution forwards another request to the origin to determine whether the object has been updated. */ minimumTtl?: pulumi.Input; } export interface DistributionCacheBehaviorSettingsForwardedCookies { /** * Specific cookies to forward to your distribution's origin. */ cookiesAllowLists?: pulumi.Input[]>; /** * Which cookies to forward to the distribution's origin for a cache behavior. Valid values: `all`, `none`, `allow-list`. */ option?: pulumi.Input; } export interface DistributionCacheBehaviorSettingsForwardedHeaders { /** * Specific headers to forward to your distribution's origin. */ headersAllowLists?: pulumi.Input[]>; /** * Headers that you want your distribution to forward to your origin and base caching on. Valid values: `default`, `allow-list`, `all`. */ option?: pulumi.Input; } export interface DistributionCacheBehaviorSettingsForwardedQueryStrings { /** * Whether the distribution forwards and caches based on query strings. */ option?: pulumi.Input; /** * Specific query strings that the distribution forwards to the origin. */ queryStringsAllowedLists?: pulumi.Input[]>; } export interface DistributionDefaultCacheBehavior { /** * Cache behavior of the distribution. Valid values: `cache`, `dont-cache`. */ behavior: pulumi.Input; } export interface DistributionLocation { /** * Availability Zone. Follows the format us-east-2a (case-sensitive). */ availabilityZone: pulumi.Input; /** * AWS Region name. */ regionName: pulumi.Input; } export interface DistributionOrigin { /** * Name of the origin resource. Your origin can be an instance with an attached static IP, a bucket, or a load balancer that has at least one instance attached to it. */ name: pulumi.Input; /** * Protocol that your Amazon Lightsail distribution uses when establishing a connection with your origin to pull content. */ protocolPolicy?: pulumi.Input; /** * AWS Region name of the origin resource. */ regionName: pulumi.Input; /** * Lightsail resource type (e.g., Distribution). */ resourceType?: pulumi.Input; } export interface InstanceAddOn { /** * Daily time when an automatic snapshot will be created. Must be in HH:00 format, and in an hourly increment and specified in Coordinated Universal Time (UTC). The snapshot will be automatically created between the time specified and up to 45 minutes after. */ snapshotTime: pulumi.Input; /** * Status of the add-on. Valid values: `Enabled`, `Disabled`. */ status: pulumi.Input; /** * Add-on type. There is currently only one valid type `AutoSnapshot`. */ type: pulumi.Input; } export interface InstancePublicPortsPortInfo { /** * Set of CIDR aliases that define access for a preconfigured range of IP addresses. */ cidrListAliases?: pulumi.Input[]>; /** * Set of IPv4 addresses or ranges of IPv4 addresses (in CIDR notation) that are allowed to connect to an instance through the ports, and the protocol. */ cidrs?: pulumi.Input[]>; /** * First port in a range of open ports on an instance. See [PortInfo](https://docs.aws.amazon.com/lightsail/2016-11-28/api-reference/API_PortInfo.html) for details. */ fromPort: pulumi.Input; /** * Set of IPv6 addresses or ranges of IPv6 addresses (in CIDR notation) that are allowed to connect to an instance through the ports, and the protocol. */ ipv6Cidrs?: pulumi.Input[]>; /** * IP protocol name. Valid values: `tcp`, `all`, `udp`, `icmp`, `icmpv6`. See [PortInfo](https://docs.aws.amazon.com/lightsail/2016-11-28/api-reference/API_PortInfo.html) for details. */ protocol: pulumi.Input; /** * Last port in a range of open ports on an instance. See [PortInfo](https://docs.aws.amazon.com/lightsail/2016-11-28/api-reference/API_PortInfo.html) for details. */ toPort: pulumi.Input; } export interface LbCertificateDomainValidationRecord { /** * Domain name (e.g., example.com) for your SSL/TLS certificate. */ domainName?: pulumi.Input; resourceRecordName?: pulumi.Input; resourceRecordType?: pulumi.Input; resourceRecordValue?: pulumi.Input; } } export namespace location { export interface MapConfiguration { /** * Specifies the map style selected from an available data provider. Valid values can be found in the [Location Service CreateMap API Reference](https://docs.aws.amazon.com/location/latest/APIReference/API_CreateMap.html). */ style: pulumi.Input; } export interface PlaceIndexDataSourceConfiguration { /** * Specifies how the results of an operation will be stored by the caller. Valid values: `SingleUse`, `Storage`. Default: `SingleUse`. */ intendedUse?: pulumi.Input; } } export namespace m2 { export interface ApplicationDefinition { /** * JSON application definition. Either this or `s3Location` must be specified. */ content?: pulumi.Input; /** * Location of the application definition in S3. Either this or `content` must be specified. */ s3Location?: pulumi.Input; } export interface ApplicationTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface DeploymentTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface EnvironmentHighAvailabilityConfig { /** * Desired number of instances for the Environment. */ desiredCapacity: pulumi.Input; } export interface EnvironmentStorageConfiguration { efs?: pulumi.Input; fsx?: pulumi.Input; } export interface EnvironmentStorageConfigurationEfs { /** * Id of the EFS filesystem to mount. */ fileSystemId: pulumi.Input; /** * Path to mount the filesystem on, must start with `/m2/mount/`. */ mountPoint: pulumi.Input; } export interface EnvironmentStorageConfigurationFsx { /** * Id of the FSX filesystem to mount. */ fileSystemId: pulumi.Input; /** * Path to mount the filesystem on, must start with `/m2/mount/`. */ mountPoint: pulumi.Input; } export interface EnvironmentTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } } export namespace macie { export interface FindingsFilterFindingCriteria { /** * A condition that specifies the property, operator, and one or more values to use to filter the results. (documented below) */ criterions?: pulumi.Input[]>; } export interface FindingsFilterFindingCriteriaCriterion { /** * The value for the property exclusively matches (equals an exact match for) all the specified values. If you specify multiple values, Amazon Macie uses AND logic to join the values. */ eqExactMatches?: pulumi.Input[]>; /** * The value for the property matches (equals) the specified value. If you specify multiple values, Amazon Macie uses OR logic to join the values. */ eqs?: pulumi.Input[]>; /** * The name of the field to be evaluated. */ field: pulumi.Input; /** * The value for the property is greater than the specified value. */ gt?: pulumi.Input; /** * The value for the property is greater than or equal to the specified value. */ gte?: pulumi.Input; /** * The value for the property is less than the specified value. */ lt?: pulumi.Input; /** * The value for the property is less than or equal to the specified value. */ lte?: pulumi.Input; /** * The value for the property doesn't match (doesn't equal) the specified value. If you specify multiple values, Amazon Macie uses OR logic to join the values. */ neqs?: pulumi.Input[]>; } } export namespace macie2 { export interface ClassificationExportConfigurationS3Destination { /** * The Amazon S3 bucket name in which Amazon Macie exports the data classification results. */ bucketName: pulumi.Input; /** * The object key for the bucket in which Amazon Macie exports the data classification results. */ keyPrefix?: pulumi.Input; /** * Amazon Resource Name (ARN) of the KMS key to be used to encrypt the data. * * Additional information can be found in the [Storing and retaining sensitive data discovery results with Amazon Macie for AWS Macie documentation](https://docs.aws.amazon.com/macie/latest/user/discovery-results-repository-s3.html). */ kmsKeyArn: pulumi.Input; } export interface ClassificationJobS3JobDefinition { /** * The property- and tag-based conditions that determine which S3 buckets to include or exclude from the analysis. Conflicts with `bucketDefinitions`. (documented below) */ bucketCriteria?: pulumi.Input; /** * An array of objects, one for each AWS account that owns buckets to analyze. Each object specifies the account ID for an account and one or more buckets to analyze for the account. Conflicts with `bucketCriteria`. (documented below) */ bucketDefinitions?: pulumi.Input[]>; /** * The property- and tag-based conditions that determine which objects to include or exclude from the analysis. (documented below) */ scoping?: pulumi.Input; } export interface ClassificationJobS3JobDefinitionBucketCriteria { /** * The property- or tag-based conditions that determine which S3 buckets to exclude from the analysis. (documented below) */ excludes?: pulumi.Input; /** * The property- or tag-based conditions that determine which S3 buckets to include in the analysis. (documented below) */ includes?: pulumi.Input; } export interface ClassificationJobS3JobDefinitionBucketCriteriaExcludes { /** * An array of conditions, one for each condition that determines which objects to include or exclude from the job. (documented below) */ ands?: pulumi.Input[]>; } export interface ClassificationJobS3JobDefinitionBucketCriteriaExcludesAnd { /** * A property-based condition that defines a property, operator, and one or more values for including or excluding an S3 buckets from the job. (documented below) */ simpleCriterion?: pulumi.Input; /** * A tag-based condition that defines the operator and tag keys or tag key and value pairs for including or excluding an S3 buckets from the job. (documented below) */ tagCriterion?: pulumi.Input; } export interface ClassificationJobS3JobDefinitionBucketCriteriaExcludesAndSimpleCriterion { /** * The operator to use in a condition. Valid combination of values are available in the [AWS Documentation](https://docs.aws.amazon.com/macie/latest/APIReference/jobs.html#jobs-model-jobcomparator) */ comparator?: pulumi.Input; /** * The object property to use in the condition. Valid combination of values are available in the [AWS Documentation](https://docs.aws.amazon.com/macie/latest/APIReference/jobs.html#jobs-model-simplecriterionkeyforjob) */ key?: pulumi.Input; /** * An array that lists the values to use in the condition. Valid combination of values are available in the [AWS Documentation](https://docs.aws.amazon.com/macie/latest/APIReference/jobs.html#jobs-model-simplecriterionforjob) */ values?: pulumi.Input[]>; } export interface ClassificationJobS3JobDefinitionBucketCriteriaExcludesAndTagCriterion { /** * The operator to use in the condition. Valid combination and values are available in the [AWS Documentation](https://docs.aws.amazon.com/macie/latest/APIReference/jobs.html#jobs-model-jobcomparator) */ comparator?: pulumi.Input; /** * The tag key and value pairs to use in the condition. One or more blocks are allowed. (documented below) */ tagValues?: pulumi.Input[]>; } export interface ClassificationJobS3JobDefinitionBucketCriteriaExcludesAndTagCriterionTagValue { /** * The tag key. */ key?: pulumi.Input; /** * The tag value. */ value?: pulumi.Input; } export interface ClassificationJobS3JobDefinitionBucketCriteriaIncludes { /** * An array of conditions, one for each condition that determines which objects to include or exclude from the job. (documented below) */ ands?: pulumi.Input[]>; } export interface ClassificationJobS3JobDefinitionBucketCriteriaIncludesAnd { /** * A property-based condition that defines a property, operator, and one or more values for including or excluding an S3 buckets from the job. (documented below) */ simpleCriterion?: pulumi.Input; /** * A tag-based condition that defines the operator and tag keys or tag key and value pairs for including or excluding an S3 buckets from the job. (documented below) */ tagCriterion?: pulumi.Input; } export interface ClassificationJobS3JobDefinitionBucketCriteriaIncludesAndSimpleCriterion { /** * The operator to use in a condition. Valid combination of values are available in the [AWS Documentation](https://docs.aws.amazon.com/macie/latest/APIReference/jobs.html#jobs-model-jobcomparator) */ comparator?: pulumi.Input; /** * The object property to use in the condition. Valid combination of values are available in the [AWS Documentation](https://docs.aws.amazon.com/macie/latest/APIReference/jobs.html#jobs-model-simplecriterionkeyforjob) */ key?: pulumi.Input; /** * An array that lists the values to use in the condition. Valid combination of values are available in the [AWS Documentation](https://docs.aws.amazon.com/macie/latest/APIReference/jobs.html#jobs-model-simplecriterionforjob) */ values?: pulumi.Input[]>; } export interface ClassificationJobS3JobDefinitionBucketCriteriaIncludesAndTagCriterion { /** * The operator to use in the condition. Valid combination and values are available in the [AWS Documentation](https://docs.aws.amazon.com/macie/latest/APIReference/jobs.html#jobs-model-jobcomparator) */ comparator?: pulumi.Input; /** * The tag key and value pairs to use in the condition. One or more blocks are allowed. (documented below) */ tagValues?: pulumi.Input[]>; } export interface ClassificationJobS3JobDefinitionBucketCriteriaIncludesAndTagCriterionTagValue { /** * The tag key. */ key?: pulumi.Input; /** * The tag value. */ value?: pulumi.Input; } export interface ClassificationJobS3JobDefinitionBucketDefinition { /** * The unique identifier for the AWS account that owns the buckets. */ accountId: pulumi.Input; /** * An array that lists the names of the buckets. */ buckets: pulumi.Input[]>; } export interface ClassificationJobS3JobDefinitionScoping { /** * The property- or tag-based conditions that determine which objects to exclude from the analysis. (documented below) */ excludes?: pulumi.Input; /** * The property- or tag-based conditions that determine which objects to include in the analysis. (documented below) */ includes?: pulumi.Input; } export interface ClassificationJobS3JobDefinitionScopingExcludes { /** * An array of conditions, one for each condition that determines which objects to include or exclude from the job. (documented below) */ ands?: pulumi.Input[]>; } export interface ClassificationJobS3JobDefinitionScopingExcludesAnd { /** * A property-based condition that defines a property, operator, and one or more values for including or excluding an object from the job. (documented below) */ simpleScopeTerm?: pulumi.Input; /** * A tag-based condition that defines the operator and tag keys or tag key and value pairs for including or excluding an object from the job. (documented below) */ tagScopeTerm?: pulumi.Input; } export interface ClassificationJobS3JobDefinitionScopingExcludesAndSimpleScopeTerm { /** * The operator to use in a condition. Valid values are: `EQ`, `GT`, `GTE`, `LT`, `LTE`, `NE`, `CONTAINS`, `STARTS_WITH` */ comparator?: pulumi.Input; /** * The object property to use in the condition. */ key?: pulumi.Input; /** * An array that lists the values to use in the condition. */ values?: pulumi.Input[]>; } export interface ClassificationJobS3JobDefinitionScopingExcludesAndTagScopeTerm { /** * The operator to use in the condition. */ comparator?: pulumi.Input; /** * The tag key to use in the condition. The only valid value is `TAG`. */ key?: pulumi.Input; /** * The tag keys or tag key and value pairs to use in the condition. */ tagValues?: pulumi.Input[]>; /** * The type of object to apply the condition to. The only valid value is `S3_OBJECT`. */ target?: pulumi.Input; } export interface ClassificationJobS3JobDefinitionScopingExcludesAndTagScopeTermTagValue { /** * The tag key. */ key?: pulumi.Input; /** * The tag value. */ value?: pulumi.Input; } export interface ClassificationJobS3JobDefinitionScopingIncludes { /** * An array of conditions, one for each condition that determines which objects to include or exclude from the job. (documented below) */ ands?: pulumi.Input[]>; } export interface ClassificationJobS3JobDefinitionScopingIncludesAnd { /** * A property-based condition that defines a property, operator, and one or more values for including or excluding an object from the job. (documented below) */ simpleScopeTerm?: pulumi.Input; /** * A tag-based condition that defines the operator and tag keys or tag key and value pairs for including or excluding an object from the job. (documented below) */ tagScopeTerm?: pulumi.Input; } export interface ClassificationJobS3JobDefinitionScopingIncludesAndSimpleScopeTerm { /** * The operator to use in a condition. Valid values are: `EQ`, `GT`, `GTE`, `LT`, `LTE`, `NE`, `CONTAINS`, `STARTS_WITH` */ comparator?: pulumi.Input; /** * The object property to use in the condition. */ key?: pulumi.Input; /** * An array that lists the values to use in the condition. */ values?: pulumi.Input[]>; } export interface ClassificationJobS3JobDefinitionScopingIncludesAndTagScopeTerm { /** * The operator to use in the condition. */ comparator?: pulumi.Input; /** * The tag key to use in the condition. The only valid value is `TAG`. */ key?: pulumi.Input; /** * The tag keys or tag key and value pairs to use in the condition. */ tagValues?: pulumi.Input[]>; /** * The type of object to apply the condition to. The only valid value is `S3_OBJECT`. */ target?: pulumi.Input; } export interface ClassificationJobS3JobDefinitionScopingIncludesAndTagScopeTermTagValue { /** * The tag key. */ key?: pulumi.Input; /** * The tag value. */ value?: pulumi.Input; } export interface ClassificationJobScheduleFrequency { /** * Specifies a daily recurrence pattern for running the job. */ dailySchedule?: pulumi.Input; /** * Specifies a monthly recurrence pattern for running the job. */ monthlySchedule?: pulumi.Input; /** * Specifies a weekly recurrence pattern for running the job. */ weeklySchedule?: pulumi.Input; } export interface ClassificationJobUserPausedDetail { jobExpiresAt?: pulumi.Input; jobImminentExpirationHealthEventArn?: pulumi.Input; jobPausedAt?: pulumi.Input; } } export namespace mediaconvert { export interface QueueReservationPlanSettings { /** * The length of the term of your reserved queue pricing plan commitment. Valid value is `ONE_YEAR`. */ commitment: pulumi.Input; /** * Specifies whether the term of your reserved queue pricing plan. Valid values are `AUTO_RENEW` or `EXPIRE`. */ renewalType: pulumi.Input; /** * Specifies the number of reserved transcode slots (RTS) for queue. */ reservedSlots: pulumi.Input; } } export namespace medialive { export interface ChannelCdiInputSpecification { /** * Maximum CDI input resolution. */ resolution: pulumi.Input; } export interface ChannelDestination { /** * User-specified id. Ths is used in an output group or an output. */ id: pulumi.Input; /** * Destination settings for a MediaPackage output; one destination for both encoders. See Media Package Settings for more details. */ mediaPackageSettings?: pulumi.Input[]>; /** * Destination settings for a Multiplex output; one destination for both encoders. See Multiplex Settings for more details. */ multiplexSettings?: pulumi.Input; /** * Destination settings for a standard output; one destination for each redundant encoder. See Settings for more details. */ settings?: pulumi.Input[]>; } export interface ChannelDestinationMediaPackageSetting { /** * ID of the channel in MediaPackage that is the destination for this output group. */ channelId: pulumi.Input; } export interface ChannelDestinationMultiplexSettings { /** * The ID of the Multiplex that the encoder is providing output to. */ multiplexId: pulumi.Input; /** * The program name of the Multiplex program that the encoder is providing output to. */ programName: pulumi.Input; } export interface ChannelDestinationSetting { /** * Key used to extract the password from EC2 Parameter store. */ passwordParam?: pulumi.Input; /** * Stream name RTMP destinations (URLs of type rtmp://) */ streamName?: pulumi.Input; /** * A URL specifying a destination. */ url?: pulumi.Input; /** * Username for destination. */ username?: pulumi.Input; } export interface ChannelEncoderSettings { /** * Audio descriptions for the channel. See Audio Descriptions for more details. */ audioDescriptions?: pulumi.Input[]>; /** * Settings for ad avail blanking. See Avail Blanking for more details. */ availBlanking?: pulumi.Input; /** * Caption Descriptions. See Caption Descriptions for more details. */ captionDescriptions?: pulumi.Input[]>; /** * Configuration settings that apply to the event as a whole. See Global Configuration for more details. */ globalConfiguration?: pulumi.Input; /** * Settings for motion graphics. See Motion Graphics Configuration for more details. */ motionGraphicsConfiguration?: pulumi.Input; /** * Nielsen configuration settings. See Nielsen Configuration for more details. */ nielsenConfiguration?: pulumi.Input; /** * Output groups for the channel. See Output Groups for more details. */ outputGroups: pulumi.Input[]>; /** * Contains settings used to acquire and adjust timecode information from inputs. See Timecode Config for more details. */ timecodeConfig: pulumi.Input; /** * Video Descriptions. See Video Descriptions for more details. */ videoDescriptions?: pulumi.Input[]>; } export interface ChannelEncoderSettingsAudioDescription { /** * Advanced audio normalization settings. See Audio Normalization Settings for more details. */ audioNormalizationSettings?: pulumi.Input; /** * The name of the audio selector used as the source for this AudioDescription. */ audioSelectorName: pulumi.Input; /** * Applies only if audioTypeControl is useConfigured. The values for audioType are defined in ISO-IEC 13818-1. */ audioType?: pulumi.Input; /** * Determined how audio type is determined. */ audioTypeControl?: pulumi.Input; /** * Settings to configure one or more solutions that insert audio watermarks in the audio encode. See Audio Watermark Settings for more details. */ audioWatermarkSettings?: pulumi.Input; /** * Audio codec settings. See Audio Codec Settings for more details. */ codecSettings?: pulumi.Input; languageCode?: pulumi.Input; languageCodeControl?: pulumi.Input; /** * The name of this audio description. */ name: pulumi.Input; remixSettings?: pulumi.Input; /** * Stream name RTMP destinations (URLs of type rtmp://) */ streamName?: pulumi.Input; } export interface ChannelEncoderSettingsAudioDescriptionAudioNormalizationSettings { /** * Audio normalization algorithm to use. itu17701 conforms to the CALM Act specification, itu17702 to the EBU R-128 specification. */ algorithm?: pulumi.Input; /** * Algorithm control for the audio description. */ algorithmControl?: pulumi.Input; /** * Target LKFS (loudness) to adjust volume to. */ targetLkfs?: pulumi.Input; } export interface ChannelEncoderSettingsAudioDescriptionAudioWatermarkSettings { nielsenWatermarksSettings?: pulumi.Input; } export interface ChannelEncoderSettingsAudioDescriptionAudioWatermarkSettingsNielsenWatermarksSettings { /** * Used to insert watermarks of type Nielsen CBET. See Nielsen CBET Settings for more details. */ nielsenCbetSettings?: pulumi.Input; /** * Distribution types to assign to the watermarks. Options are `PROGRAM_CONTENT` and `FINAL_DISTRIBUTOR`. */ nielsenDistributionType?: pulumi.Input; /** * Used to insert watermarks of type Nielsen NAES, II (N2) and Nielsen NAES VI (NW). See Nielsen NAES II NW Settings for more details. */ nielsenNaesIiNwSettings?: pulumi.Input[]>; } export interface ChannelEncoderSettingsAudioDescriptionAudioWatermarkSettingsNielsenWatermarksSettingsNielsenCbetSettings { cbetCheckDigitString: pulumi.Input; /** * Determines the method of CBET insertion mode when prior encoding is detected on the same layer. */ cbetStepaside: pulumi.Input; /** * CBET source ID to use in the watermark. */ csid: pulumi.Input; } export interface ChannelEncoderSettingsAudioDescriptionAudioWatermarkSettingsNielsenWatermarksSettingsNielsenNaesIiNwSetting { checkDigitString: pulumi.Input; /** * The Nielsen Source ID to include in the watermark. */ sid: pulumi.Input; } export interface ChannelEncoderSettingsAudioDescriptionCodecSettings { /** * Aac Settings. See AAC Settings for more details. */ aacSettings?: pulumi.Input; /** * Ac3 Settings. See AC3 Settings for more details. */ ac3Settings?: pulumi.Input; /** * Eac3 Atmos Settings. See EAC3 Atmos Settings */ eac3AtmosSettings?: pulumi.Input; /** * Eac3 Settings. See EAC3 Settings */ eac3Settings?: pulumi.Input; mp2Settings?: pulumi.Input; passThroughSettings?: pulumi.Input; wavSettings?: pulumi.Input; } export interface ChannelEncoderSettingsAudioDescriptionCodecSettingsAacSettings { /** * Average bitrate in bits/second. */ bitrate?: pulumi.Input; /** * Mono, Stereo, or 5.1 channel layout. */ codingMode?: pulumi.Input; /** * Set to "broadcasterMixedAd" when input contains pre-mixed main audio + AD (narration) as a stereo pair. */ inputType?: pulumi.Input; /** * AAC profile. */ profile?: pulumi.Input; /** * The rate control mode. */ rateControlMode?: pulumi.Input; /** * Sets LATM/LOAS AAC output for raw containers. */ rawFormat?: pulumi.Input; /** * Sample rate in Hz. */ sampleRate?: pulumi.Input; /** * Use MPEG-2 AAC audio instead of MPEG-4 AAC audio for raw or MPEG-2 Transport Stream containers. */ spec?: pulumi.Input; /** * VBR Quality Level - Only used if rateControlMode is VBR. */ vbrQuality?: pulumi.Input; } export interface ChannelEncoderSettingsAudioDescriptionCodecSettingsAc3Settings { /** * Average bitrate in bits/second. */ bitrate?: pulumi.Input; /** * Specifies the bitstream mode (bsmod) for the emitted AC-3 stream. */ bitstreamMode?: pulumi.Input; /** * Dolby Digital coding mode. */ codingMode?: pulumi.Input; /** * Sets the dialnorm of the output. */ dialnorm?: pulumi.Input; /** * If set to filmStandard, adds dynamic range compression signaling to the output bitstream as defined in the Dolby Digital specification. */ drcProfile?: pulumi.Input; /** * When set to enabled, applies a 120Hz lowpass filter to the LFE channel prior to encoding. */ lfeFilter?: pulumi.Input; /** * Metadata control. */ metadataControl?: pulumi.Input; } export interface ChannelEncoderSettingsAudioDescriptionCodecSettingsEac3AtmosSettings { /** * Average bitrate in bits/second. */ bitrate?: pulumi.Input; /** * Dolby Digital Plus with Dolby Atmos coding mode. */ codingMode?: pulumi.Input; /** * Sets the dialnorm for the output. */ dialnorm?: pulumi.Input; /** * Sets the Dolby dynamic range compression profile. */ drcLine?: pulumi.Input; /** * Sets the profile for heavy Dolby dynamic range compression. */ drcRf?: pulumi.Input; /** * Height dimensional trim. */ heightTrim?: pulumi.Input; /** * Surround dimensional trim. */ surroundTrim?: pulumi.Input; } export interface ChannelEncoderSettingsAudioDescriptionCodecSettingsEac3Settings { /** * Sets the attenuation control. */ attenuationControl?: pulumi.Input; /** * Average bitrate in bits/second. */ bitrate?: pulumi.Input; /** * Specifies the bitstream mode (bsmod) for the emitted AC-3 stream. */ bitstreamMode?: pulumi.Input; /** * Dolby Digital Plus coding mode. */ codingMode?: pulumi.Input; dcFilter?: pulumi.Input; dialnorm?: pulumi.Input; /** * Sets the Dolby dynamic range compression profile. */ drcLine?: pulumi.Input; /** * Sets the profile for heavy Dolby dynamic range compression. */ drcRf?: pulumi.Input; lfeControl?: pulumi.Input; /** * When set to enabled, applies a 120Hz lowpass filter to the LFE channel prior to encoding. */ lfeFilter?: pulumi.Input; loRoCenterMixLevel?: pulumi.Input; loRoSurroundMixLevel?: pulumi.Input; ltRtCenterMixLevel?: pulumi.Input; ltRtSurroundMixLevel?: pulumi.Input; /** * Metadata control. */ metadataControl?: pulumi.Input; passthroughControl?: pulumi.Input; phaseControl?: pulumi.Input; stereoDownmix?: pulumi.Input; surroundExMode?: pulumi.Input; surroundMode?: pulumi.Input; } export interface ChannelEncoderSettingsAudioDescriptionCodecSettingsMp2Settings { bitrate?: pulumi.Input; codingMode?: pulumi.Input; /** * Sample rate in Hz. */ sampleRate?: pulumi.Input; } export interface ChannelEncoderSettingsAudioDescriptionCodecSettingsPassThroughSettings { } export interface ChannelEncoderSettingsAudioDescriptionCodecSettingsWavSettings { bitDepth?: pulumi.Input; codingMode?: pulumi.Input; /** * Sample rate in Hz. */ sampleRate?: pulumi.Input; } export interface ChannelEncoderSettingsAudioDescriptionRemixSettings { channelMappings: pulumi.Input[]>; channelsIn?: pulumi.Input; channelsOut?: pulumi.Input; } export interface ChannelEncoderSettingsAudioDescriptionRemixSettingsChannelMapping { inputChannelLevels: pulumi.Input[]>; outputChannel: pulumi.Input; } export interface ChannelEncoderSettingsAudioDescriptionRemixSettingsChannelMappingInputChannelLevel { gain: pulumi.Input; inputChannel: pulumi.Input; } export interface ChannelEncoderSettingsAvailBlanking { /** * Blanking image to be used. See Avail Blanking Image for more details. */ availBlankingImage?: pulumi.Input; /** * When set to enabled, causes video, audio and captions to be blanked when insertion metadata is added. */ state?: pulumi.Input; } export interface ChannelEncoderSettingsAvailBlankingAvailBlankingImage { /** * Key used to extract the password from EC2 Parameter store. */ passwordParam?: pulumi.Input; /** * Path to a file accessible to the live stream. */ uri: pulumi.Input; /** * . Username to be used. */ username?: pulumi.Input; } export interface ChannelEncoderSettingsCaptionDescription { /** * Indicates whether the caption track implements accessibility features such as written descriptions of spoken dialog, music, and sounds. */ accessibility?: pulumi.Input; /** * Specifies which input caption selector to use as a caption source when generating output captions. This field should match a captionSelector name. */ captionSelectorName: pulumi.Input; /** * Additional settings for captions destination that depend on the destination type. See Destination Settings for more details. */ destinationSettings?: pulumi.Input; /** * ISO 639-2 three-digit code. */ languageCode?: pulumi.Input; /** * Human readable information to indicate captions available for players (eg. English, or Spanish). */ languageDescription?: pulumi.Input; /** * Name of the caption description. Used to associate a caption description with an output. Names must be unique within an event. */ name: pulumi.Input; } export interface ChannelEncoderSettingsCaptionDescriptionDestinationSettings { /** * ARIB Destination Settings. */ aribDestinationSettings?: pulumi.Input; /** * Burn In Destination Settings. See Burn In Destination Settings for more details. */ burnInDestinationSettings?: pulumi.Input; /** * DVB Sub Destination Settings. See DVB Sub Destination Settings for more details. */ dvbSubDestinationSettings?: pulumi.Input; /** * EBU TT D Destination Settings. See EBU TT D Destination Settings for more details. */ ebuTtDDestinationSettings?: pulumi.Input; /** * Embedded Destination Settings. */ embeddedDestinationSettings?: pulumi.Input; /** * Embedded Plus SCTE20 Destination Settings. */ embeddedPlusScte20DestinationSettings?: pulumi.Input; /** * RTMP Caption Info Destination Settings. */ rtmpCaptionInfoDestinationSettings?: pulumi.Input; /** * SCTE20 Plus Embedded Destination Settings. */ scte20PlusEmbeddedDestinationSettings?: pulumi.Input; /** * SCTE27 Destination Settings. */ scte27DestinationSettings?: pulumi.Input; /** * SMPTE TT Destination Settings. */ smpteTtDestinationSettings?: pulumi.Input; /** * Teletext Destination Settings. */ teletextDestinationSettings?: pulumi.Input; /** * TTML Destination Settings. See TTML Destination Settings for more details. */ ttmlDestinationSettings?: pulumi.Input; /** * WebVTT Destination Settings. See WebVTT Destination Settings for more details. */ webvttDestinationSettings?: pulumi.Input; } export interface ChannelEncoderSettingsCaptionDescriptionDestinationSettingsAribDestinationSettings { } export interface ChannelEncoderSettingsCaptionDescriptionDestinationSettingsBurnInDestinationSettings { /** * If no explicit xPosition or yPosition is provided, setting alignment to centered will place the captions at the bottom center of the output. Similarly, setting a left alignment will align captions to the bottom left of the output. If x and y positions are given in conjunction with the alignment parameter, the font will be justified (either left or centered) relative to those coordinates. Selecting “smart” justification will left-justify live subtitles and center-justify pre-recorded subtitles. All burn-in and DVB-Sub font settings must match. */ alignment?: pulumi.Input; /** * Specifies the color of the rectangle behind the captions. All burn-in and DVB-Sub font settings must match. */ backgroundColor?: pulumi.Input; /** * Specifies the opacity of the background rectangle. 255 is opaque; 0 is transparent. Leaving this parameter out is equivalent to setting it to 0 (transparent). All burn-in and DVB-Sub font settings must match. */ backgroundOpacity?: pulumi.Input; /** * External font file used for caption burn-in. File extension must be ‘ttf’ or ‘tte’. Although the user can select output fonts for many different types of input captions, embedded, STL and teletext sources use a strict grid system. Using external fonts with these caption sources could cause unexpected display of proportional fonts. All burn-in and DVB-Sub font settings must match. See Font for more details. */ font?: pulumi.Input; /** * Specifies the color of the burned-in captions. This option is not valid for source captions that are STL, 608/embedded or teletext. These source settings are already pre-defined by the caption stream. All burn-in and DVB-Sub font settings must match. */ fontColor?: pulumi.Input; /** * Specifies the opacity of the burned-in captions. 255 is opaque; 0 is transparent. All burn-in and DVB-Sub font settings must match. */ fontOpacity?: pulumi.Input; /** * Font resolution in DPI (dots per inch); default is 96 dpi. All burn-in and DVB-Sub font settings must match. */ fontResolution?: pulumi.Input; /** * When set to ‘auto’ fontSize will scale depending on the size of the output. Giving a positive integer will specify the exact font size in points. All burn-in and DVB-Sub font settings must match. */ fontSize?: pulumi.Input; /** * Specifies font outline color. This option is not valid for source captions that are either 608/embedded or teletext. These source settings are already pre-defined by the caption stream. All burn-in and DVB-Sub font settings must match. */ outlineColor: pulumi.Input; /** * Specifies font outline size in pixels. This option is not valid for source captions that are either 608/embedded or teletext. These source settings are already pre-defined by the caption stream. All burn-in and DVB-Sub font settings must match. */ outlineSize?: pulumi.Input; /** * Specifies the color of the shadow cast by the captions. All burn-in and DVB-Sub font settings must match. */ shadowColor?: pulumi.Input; /** * Specifies the opacity of the shadow. 255 is opaque; 0 is transparent. Leaving this parameter out is equivalent to setting it to 0 (transparent). All burn-in and DVB-Sub font settings must match. */ shadowOpacity?: pulumi.Input; /** * Specifies the horizontal offset of the shadow relative to the captions in pixels. A value of -2 would result in a shadow offset 2 pixels to the left. All burn-in and DVB-Sub font settings must match. */ shadowXOffset?: pulumi.Input; /** * Specifies the vertical offset of the shadow relative to the captions in pixels. A value of -2 would result in a shadow offset 2 pixels above the text. All burn-in and DVB-Sub font settings must match. */ shadowYOffset?: pulumi.Input; /** * Controls whether a fixed grid size will be used to generate the output subtitles bitmap. Only applicable for Teletext inputs and DVB-Sub/Burn-in outputs. */ teletextGridControl: pulumi.Input; /** * Specifies the horizontal position of the caption relative to the left side of the output in pixels. A value of 10 would result in the captions starting 10 pixels from the left of the output. If no explicit xPosition is provided, the horizontal caption position will be determined by the alignment parameter. All burn-in and DVB-Sub font settings must match. */ xPosition?: pulumi.Input; /** * Specifies the vertical position of the caption relative to the top of the output in pixels. A value of 10 would result in the captions starting 10 pixels from the top of the output. If no explicit yPosition is provided, the caption will be positioned towards the bottom of the output. All burn-in and DVB-Sub font settings must match. */ yPosition?: pulumi.Input; } export interface ChannelEncoderSettingsCaptionDescriptionDestinationSettingsBurnInDestinationSettingsFont { /** * Key used to extract the password from EC2 Parameter store. */ passwordParam?: pulumi.Input; /** * Path to a file accessible to the live stream. */ uri: pulumi.Input; /** * Username to be used. */ username?: pulumi.Input; } export interface ChannelEncoderSettingsCaptionDescriptionDestinationSettingsDvbSubDestinationSettings { /** * If no explicit xPosition or yPosition is provided, setting alignment to centered will place the captions at the bottom center of the output. Similarly, setting a left alignment will align captions to the bottom left of the output. If x and y positions are given in conjunction with the alignment parameter, the font will be justified (either left or centered) relative to those coordinates. Selecting “smart” justification will left-justify live subtitles and center-justify pre-recorded subtitles. This option is not valid for source captions that are STL or 608/embedded. These source settings are already pre-defined by the caption stream. All burn-in and DVB-Sub font settings must match. */ alignment?: pulumi.Input; /** * Specifies the color of the rectangle behind the captions. All burn-in and DVB-Sub font settings must match. */ backgroundColor?: pulumi.Input; /** * Specifies the opacity of the background rectangle. 255 is opaque; 0 is transparent. Leaving this parameter blank is equivalent to setting it to 0 (transparent). All burn-in and DVB-Sub font settings must match. */ backgroundOpacity?: pulumi.Input; /** * External font file used for caption burn-in. File extension must be ‘ttf’ or ‘tte’. Although the user can select output fonts for many different types of input captions, embedded, STL and teletext sources use a strict grid system. Using external fonts with these caption sources could cause unexpected display of proportional fonts. All burn-in and DVB-Sub font settings must match. See Font for more details. */ font?: pulumi.Input; /** * Specifies the color of the burned-in captions. This option is not valid for source captions that are STL, 608/embedded or teletext. These source settings are already pre-defined by the caption stream. All burn-in and DVB-Sub font settings must match. */ fontColor?: pulumi.Input; /** * Specifies the opacity of the burned-in captions. 255 is opaque; 0 is transparent. All burn-in and DVB-Sub font settings must match. */ fontOpacity?: pulumi.Input; /** * Font resolution in DPI (dots per inch); default is 96 dpi. All burn-in and DVB-Sub font settings must match. */ fontResolution?: pulumi.Input; /** * When set to auto fontSize will scale depending on the size of the output. Giving a positive integer will specify the exact font size in points. All burn-in and DVB-Sub font settings must match. */ fontSize?: pulumi.Input; /** * Specifies font outline color. This option is not valid for source captions that are either 608/embedded or teletext. These source settings are already pre-defined by the caption stream. All burn-in and DVB-Sub font settings must match. */ outlineColor?: pulumi.Input; /** * Specifies font outline size in pixels. This option is not valid for source captions that are either 608/embedded or teletext. These source settings are already pre-defined by the caption stream. All burn-in and DVB-Sub font settings must match. */ outlineSize?: pulumi.Input; /** * Specifies the color of the shadow cast by the captions. All burn-in and DVB-Sub font settings must match. */ shadowColor?: pulumi.Input; /** * Specifies the opacity of the shadow. 255 is opaque; 0 is transparent. Leaving this parameter blank is equivalent to setting it to 0 (transparent). All burn-in and DVB-Sub font settings must match. */ shadowOpacity?: pulumi.Input; /** * Specifies the horizontal offset of the shadow relative to the captions in pixels. A value of -2 would result in a shadow offset 2 pixels to the left. All burn-in and DVB-Sub font settings must match. */ shadowXOffset?: pulumi.Input; /** * Specifies the vertical offset of the shadow relative to the captions in pixels. A value of -2 would result in a shadow offset 2 pixels above the text. All burn-in and DVB-Sub font settings must match. */ shadowYOffset?: pulumi.Input; /** * Controls whether a fixed grid size will be used to generate the output subtitles bitmap. Only applicable for Teletext inputs and DVB-Sub/Burn-in outputs. */ teletextGridControl?: pulumi.Input; /** * Specifies the horizontal position of the caption relative to the left side of the output in pixels. A value of 10 would result in the captions starting 10 pixels from the left of the output. If no explicit xPosition is provided, the horizontal caption position will be determined by the alignment parameter. This option is not valid for source captions that are STL, 608/embedded or teletext. These source settings are already pre-defined by the caption stream. All burn-in and DVB-Sub font settings must match. */ xPosition?: pulumi.Input; /** * Specifies the vertical position of the caption relative to the top of the output in pixels. A value of 10 would result in the captions starting 10 pixels from the top of the output. If no explicit yPosition is provided, the caption will be positioned towards the bottom of the output. This option is not valid for source captions that are STL, 608/embedded or teletext. These source settings are already pre-defined by the caption stream. All burn-in and DVB-Sub font settings must match. */ yPosition?: pulumi.Input; } export interface ChannelEncoderSettingsCaptionDescriptionDestinationSettingsDvbSubDestinationSettingsFont { /** * Key used to extract the password from EC2 Parameter store. */ passwordParam?: pulumi.Input; /** * Path to a file accessible to the live stream. */ uri: pulumi.Input; /** * Username to be used. */ username?: pulumi.Input; } export interface ChannelEncoderSettingsCaptionDescriptionDestinationSettingsEbuTtDDestinationSettings { /** * Complete this field if you want to include the name of the copyright holder in the copyright tag in the captions metadata. */ copyrightHolder?: pulumi.Input; /** * Specifies how to handle the gap between the lines (in multi-line captions). - enabled: Fill with the captions background color (as specified in the input captions). - disabled: Leave the gap unfilled. */ fillLineGap?: pulumi.Input; /** * Specifies the font family to include in the font data attached to the EBU-TT captions. Valid only if styleControl is set to include. If you leave this field empty, the font family is set to “monospaced”. (If styleControl is set to exclude, the font family is always set to “monospaced”.) You specify only the font family. All other style information (color, bold, position and so on) is copied from the input captions. The size is always set to 100% to allow the downstream player to choose the size. - Enter a list of font families, as a comma-separated list of font names, in order of preference. The name can be a font family (such as “Arial”), or a generic font family (such as “serif”), or “default” (to let the downstream player choose the font). - Leave blank to set the family to “monospace”. */ fontFamily?: pulumi.Input; /** * Specifies the style information (font color, font position, and so on) to include in the font data that is attached to the EBU-TT captions. - include: Take the style information (font color, font position, and so on) from the source captions and include that information in the font data attached to the EBU-TT captions. This option is valid only if the source captions are Embedded or Teletext. - exclude: In the font data attached to the EBU-TT captions, set the font family to “monospaced”. Do not include any other style information. */ styleControl?: pulumi.Input; } export interface ChannelEncoderSettingsCaptionDescriptionDestinationSettingsEmbeddedDestinationSettings { } export interface ChannelEncoderSettingsCaptionDescriptionDestinationSettingsEmbeddedPlusScte20DestinationSettings { } export interface ChannelEncoderSettingsCaptionDescriptionDestinationSettingsRtmpCaptionInfoDestinationSettings { } export interface ChannelEncoderSettingsCaptionDescriptionDestinationSettingsScte20PlusEmbeddedDestinationSettings { } export interface ChannelEncoderSettingsCaptionDescriptionDestinationSettingsScte27DestinationSettings { } export interface ChannelEncoderSettingsCaptionDescriptionDestinationSettingsSmpteTtDestinationSettings { } export interface ChannelEncoderSettingsCaptionDescriptionDestinationSettingsTeletextDestinationSettings { } export interface ChannelEncoderSettingsCaptionDescriptionDestinationSettingsTtmlDestinationSettings { /** * This field is not currently supported and will not affect the output styling. Leave the default value. */ styleControl: pulumi.Input; } export interface ChannelEncoderSettingsCaptionDescriptionDestinationSettingsWebvttDestinationSettings { /** * Controls whether the color and position of the source captions is passed through to the WebVTT output captions. PASSTHROUGH - Valid only if the source captions are EMBEDDED or TELETEXT. NO\_STYLE\_DATA - Don’t pass through the style. The output captions will not contain any font styling information. */ styleControl: pulumi.Input; } export interface ChannelEncoderSettingsGlobalConfiguration { /** * Value to set the initial audio gain for the Live Event. */ initialAudioGain?: pulumi.Input; /** * Indicates the action to take when the current input completes (e.g. end-of-file). When switchAndLoopInputs is configured the encoder will restart at the beginning of the first input. When “none” is configured the encoder will transcode either black, a solid color, or a user specified slate images per the “Input Loss Behavior” configuration until the next input switch occurs (which is controlled through the Channel Schedule API). */ inputEndAction?: pulumi.Input; /** * Settings for system actions when input is lost. See Input Loss Behavior for more details. */ inputLossBehavior?: pulumi.Input; /** * Indicates how MediaLive pipelines are synchronized. PIPELINE\_LOCKING - MediaLive will attempt to synchronize the output of each pipeline to the other. EPOCH\_LOCKING - MediaLive will attempt to synchronize the output of each pipeline to the Unix epoch. */ outputLockingMode?: pulumi.Input; /** * Indicates whether the rate of frames emitted by the Live encoder should be paced by its system clock (which optionally may be locked to another source via NTP) or should be locked to the clock of the source that is providing the input stream. */ outputTimingSource?: pulumi.Input; /** * Adjusts video input buffer for streams with very low video framerates. This is commonly set to enabled for music channels with less than one video frame per second. */ supportLowFramerateInputs?: pulumi.Input; } export interface ChannelEncoderSettingsGlobalConfigurationInputLossBehavior { blackFrameMsec?: pulumi.Input; inputLossImageColor?: pulumi.Input; inputLossImageSlate?: pulumi.Input; inputLossImageType?: pulumi.Input; repeatFrameMsec?: pulumi.Input; } export interface ChannelEncoderSettingsGlobalConfigurationInputLossBehaviorInputLossImageSlate { passwordParam?: pulumi.Input; uri: pulumi.Input; username?: pulumi.Input; } export interface ChannelEncoderSettingsMotionGraphicsConfiguration { /** * Motion Graphics Insertion. */ motionGraphicsInsertion?: pulumi.Input; /** * Motion Graphics Settings. See Motion Graphics Settings for more details. */ motionGraphicsSettings: pulumi.Input; } export interface ChannelEncoderSettingsMotionGraphicsConfigurationMotionGraphicsSettings { /** * Html Motion Graphics Settings. */ htmlMotionGraphicsSettings?: pulumi.Input; } export interface ChannelEncoderSettingsMotionGraphicsConfigurationMotionGraphicsSettingsHtmlMotionGraphicsSettings { } export interface ChannelEncoderSettingsNielsenConfiguration { /** * Enter the Distributor ID assigned to your organization by Nielsen. */ distributorId?: pulumi.Input; /** * Enables Nielsen PCM to ID3 tagging. */ nielsenPcmToId3Tagging?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroup { /** * Custom output group name defined by the user. */ name?: pulumi.Input; /** * Settings associated with the output group. See Output Group Settings for more details. */ outputGroupSettings: pulumi.Input; /** * List of outputs. See Outputs for more details. */ outputs: pulumi.Input[]>; } export interface ChannelEncoderSettingsOutputGroupOutput { /** * The names of the audio descriptions used as audio sources for the output. */ audioDescriptionNames?: pulumi.Input[]>; /** * The names of the caption descriptions used as caption sources for the output. */ captionDescriptionNames?: pulumi.Input[]>; /** * The name used to identify an output. */ outputName?: pulumi.Input; /** * Settings for output. See Output Settings for more details. */ outputSettings: pulumi.Input; /** * The name of the video description used as video source for the output. */ videoDescriptionName?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputGroupSettings { /** * Archive group settings. See Archive Group Settings for more details. */ archiveGroupSettings?: pulumi.Input[]>; frameCaptureGroupSettings?: pulumi.Input; hlsGroupSettings?: pulumi.Input; /** * Media package group settings. See Media Package Group Settings for more details. */ mediaPackageGroupSettings?: pulumi.Input; msSmoothGroupSettings?: pulumi.Input; multiplexGroupSettings?: pulumi.Input; /** * RTMP group settings. See RTMP Group Settings for more details. */ rtmpGroupSettings?: pulumi.Input; udpGroupSettings?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputGroupSettingsArchiveGroupSetting { /** * Parameters that control the interactions with the CDN. See Archive CDN Settings for more details. */ archiveCdnSettings?: pulumi.Input; /** * A director and base filename where archive files should be written. See Destination for more details. */ destination: pulumi.Input; /** * Number of seconds to write to archive file before closing and starting a new one. */ rolloverInterval?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputGroupSettingsArchiveGroupSettingArchiveCdnSettings { /** * Archive S3 Settings. See Archive S3 Settings for more details. */ archiveS3Settings?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputGroupSettingsArchiveGroupSettingArchiveCdnSettingsArchiveS3Settings { /** * Specify the canned ACL to apply to each S3 request. */ cannedAcl?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputGroupSettingsArchiveGroupSettingDestination { /** * Reference ID for the destination. */ destinationRefId: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputGroupSettingsFrameCaptureGroupSettings { destination: pulumi.Input; frameCaptureCdnSettings?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputGroupSettingsFrameCaptureGroupSettingsDestination { /** * Reference ID for the destination. */ destinationRefId: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputGroupSettingsFrameCaptureGroupSettingsFrameCaptureCdnSettings { frameCaptureS3Settings?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputGroupSettingsFrameCaptureGroupSettingsFrameCaptureCdnSettingsFrameCaptureS3Settings { /** * Specify the canned ACL to apply to each S3 request. */ cannedAcl?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputGroupSettingsHlsGroupSettings { /** * The ad marker type for this output group. */ adMarkers?: pulumi.Input[]>; baseUrlContent?: pulumi.Input; baseUrlContent1?: pulumi.Input; baseUrlManifest?: pulumi.Input; baseUrlManifest1?: pulumi.Input; captionLanguageMappings?: pulumi.Input[]>; captionLanguageSetting?: pulumi.Input; clientCache?: pulumi.Input; codecSpecification?: pulumi.Input; constantIv?: pulumi.Input; destination: pulumi.Input; directoryStructure?: pulumi.Input; discontinuityTags?: pulumi.Input; encryptionType?: pulumi.Input; hlsCdnSettings?: pulumi.Input[]>; hlsId3SegmentTagging?: pulumi.Input; iframeOnlyPlaylists?: pulumi.Input; incompleteSegmentBehavior?: pulumi.Input; indexNSegments?: pulumi.Input; inputLossAction?: pulumi.Input; ivInManifest?: pulumi.Input; ivSource?: pulumi.Input; keepSegments?: pulumi.Input; keyFormat?: pulumi.Input; keyFormatVersions?: pulumi.Input; keyProviderSettings?: pulumi.Input; manifestCompression?: pulumi.Input; manifestDurationFormat?: pulumi.Input; minSegmentLength?: pulumi.Input; mode?: pulumi.Input; outputSelection?: pulumi.Input; programDateTime?: pulumi.Input; programDateTimeClock?: pulumi.Input; programDateTimePeriod?: pulumi.Input; redundantManifest?: pulumi.Input; segmentLength?: pulumi.Input; segmentsPerSubdirectory?: pulumi.Input; streamInfResolution?: pulumi.Input; /** * Indicates ID3 frame that has the timecode. */ timedMetadataId3Frame?: pulumi.Input; timedMetadataId3Period?: pulumi.Input; timestampDeltaMilliseconds?: pulumi.Input; tsFileMode?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputGroupSettingsHlsGroupSettingsCaptionLanguageMapping { captionChannel: pulumi.Input; languageCode: pulumi.Input; /** * Human readable information to indicate captions available for players (eg. English, or Spanish). */ languageDescription: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputGroupSettingsHlsGroupSettingsDestination { /** * Reference ID for the destination. */ destinationRefId: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputGroupSettingsHlsGroupSettingsHlsCdnSetting { hlsAkamaiSettings?: pulumi.Input; hlsBasicPutSettings?: pulumi.Input; hlsMediaStoreSettings?: pulumi.Input; hlsS3Settings?: pulumi.Input; hlsWebdavSettings?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputGroupSettingsHlsGroupSettingsHlsCdnSettingHlsAkamaiSettings { /** * Number of seconds to wait before retrying connection to the flash media server if the connection is lost. */ connectionRetryInterval?: pulumi.Input; filecacheDuration?: pulumi.Input; httpTransferMode?: pulumi.Input; /** * Number of retry attempts. */ numRetries?: pulumi.Input; /** * Number of seconds to wait until a restart is initiated. */ restartDelay?: pulumi.Input; salt?: pulumi.Input; token?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputGroupSettingsHlsGroupSettingsHlsCdnSettingHlsBasicPutSettings { /** * Number of seconds to wait before retrying connection to the flash media server if the connection is lost. */ connectionRetryInterval?: pulumi.Input; filecacheDuration?: pulumi.Input; /** * Number of retry attempts. */ numRetries?: pulumi.Input; /** * Number of seconds to wait until a restart is initiated. */ restartDelay?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputGroupSettingsHlsGroupSettingsHlsCdnSettingHlsMediaStoreSettings { /** * Number of seconds to wait before retrying connection to the flash media server if the connection is lost. */ connectionRetryInterval?: pulumi.Input; filecacheDuration?: pulumi.Input; mediaStoreStorageClass?: pulumi.Input; /** * Number of retry attempts. */ numRetries?: pulumi.Input; /** * Number of seconds to wait until a restart is initiated. */ restartDelay?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputGroupSettingsHlsGroupSettingsHlsCdnSettingHlsS3Settings { /** * Specify the canned ACL to apply to each S3 request. */ cannedAcl?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputGroupSettingsHlsGroupSettingsHlsCdnSettingHlsWebdavSettings { /** * Number of seconds to wait before retrying connection to the flash media server if the connection is lost. */ connectionRetryInterval?: pulumi.Input; filecacheDuration?: pulumi.Input; httpTransferMode?: pulumi.Input; /** * Number of retry attempts. */ numRetries?: pulumi.Input; /** * Number of seconds to wait until a restart is initiated. */ restartDelay?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputGroupSettingsHlsGroupSettingsKeyProviderSettings { staticKeySettings?: pulumi.Input[]>; } export interface ChannelEncoderSettingsOutputGroupOutputGroupSettingsHlsGroupSettingsKeyProviderSettingsStaticKeySetting { keyProviderServer?: pulumi.Input; staticKeyValue: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputGroupSettingsHlsGroupSettingsKeyProviderSettingsStaticKeySettingKeyProviderServer { passwordParam?: pulumi.Input; uri: pulumi.Input; username?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputGroupSettingsMediaPackageGroupSettings { /** * A director and base filename where archive files should be written. See Destination for more details. */ destination: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputGroupSettingsMediaPackageGroupSettingsDestination { /** * Reference ID for the destination. */ destinationRefId: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputGroupSettingsMsSmoothGroupSettings { acquisitionPointId?: pulumi.Input; audioOnlyTimecodeControl?: pulumi.Input; /** * Setting to allow self signed or verified RTMP certificates. */ certificateMode?: pulumi.Input; /** * Number of seconds to wait before retrying connection to the flash media server if the connection is lost. */ connectionRetryInterval?: pulumi.Input; destination: pulumi.Input; eventId?: pulumi.Input; eventIdMode?: pulumi.Input; eventStopBehavior?: pulumi.Input; filecacheDuration?: pulumi.Input; fragmentLength?: pulumi.Input; inputLossAction?: pulumi.Input; /** * Number of retry attempts. */ numRetries?: pulumi.Input; /** * Number of seconds to wait until a restart is initiated. */ restartDelay?: pulumi.Input; segmentationMode?: pulumi.Input; sendDelayMs?: pulumi.Input; sparseTrackType?: pulumi.Input; streamManifestBehavior?: pulumi.Input; timestampOffset?: pulumi.Input; timestampOffsetMode?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputGroupSettingsMsSmoothGroupSettingsDestination { /** * Reference ID for the destination. */ destinationRefId: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputGroupSettingsMultiplexGroupSettings { } export interface ChannelEncoderSettingsOutputGroupOutputGroupSettingsRtmpGroupSettings { /** * The ad marker type for this output group. */ adMarkers?: pulumi.Input[]>; /** * Authentication scheme to use when connecting with CDN. */ authenticationScheme?: pulumi.Input; /** * Controls behavior when content cache fills up. */ cacheFullBehavior?: pulumi.Input; /** * Cache length in seconds, is used to calculate buffer size. */ cacheLength?: pulumi.Input; /** * Controls the types of data that passes to onCaptionInfo outputs. */ captionData?: pulumi.Input; /** * Controls the behavior of the RTMP group if input becomes unavailable. */ inputLossAction?: pulumi.Input; /** * Number of seconds to wait until a restart is initiated. */ restartDelay?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputGroupSettingsUdpGroupSettings { /** * Specifies behavior of last resort when input video os lost. */ inputLossAction?: pulumi.Input; /** * Indicates ID3 frame that has the timecode. */ timedMetadataId3Frame?: pulumi.Input; timedMetadataId3Period?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputOutputSettings { /** * Archive output settings. See Archive Output Settings for more details. */ archiveOutputSettings?: pulumi.Input; frameCaptureOutputSettings?: pulumi.Input; hlsOutputSettings?: pulumi.Input; /** * Media package output settings. This can be set as an empty block. */ mediaPackageOutputSettings?: pulumi.Input; msSmoothOutputSettings?: pulumi.Input; /** * Multiplex output settings. See Multiplex Output Settings for more details. */ multiplexOutputSettings?: pulumi.Input; /** * RTMP output settings. See RTMP Output Settings for more details. */ rtmpOutputSettings?: pulumi.Input; /** * UDP output settings. See UDP Output Settings for more details. */ udpOutputSettings?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputOutputSettingsArchiveOutputSettings { /** * Settings specific to the container type of the file. See Container Settings for more details. */ containerSettings?: pulumi.Input; /** * Output file extension. */ extension?: pulumi.Input; /** * String concatenated to the end of the destination filename. Required for multiple outputs of the same type. */ nameModifier?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputOutputSettingsArchiveOutputSettingsContainerSettings { /** * M2TS Settings. See [M2TS Settings](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-medialive-channel-m2tssettings.html) for more details. */ m2tsSettings?: pulumi.Input; /** * Raw Settings. This can be set as an empty block. */ rawSettings?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputOutputSettingsArchiveOutputSettingsContainerSettingsM2tsSettings { absentInputAudioBehavior?: pulumi.Input; arib?: pulumi.Input; aribCaptionsPid?: pulumi.Input; aribCaptionsPidControl?: pulumi.Input; audioBufferModel?: pulumi.Input; audioFramesPerPes?: pulumi.Input; audioPids?: pulumi.Input; audioStreamType?: pulumi.Input; bitrate?: pulumi.Input; bufferModel?: pulumi.Input; ccDescriptor?: pulumi.Input; dvbNitSettings?: pulumi.Input; dvbSdtSettings?: pulumi.Input; dvbSubPids?: pulumi.Input; dvbTdtSettings?: pulumi.Input; dvbTeletextPid?: pulumi.Input; ebif?: pulumi.Input; ebpAudioInterval?: pulumi.Input; ebpLookaheadMs?: pulumi.Input; ebpPlacement?: pulumi.Input; ecmPid?: pulumi.Input; esRateInPes?: pulumi.Input; etvPlatformPid?: pulumi.Input; etvSignalPid?: pulumi.Input; fragmentTime?: pulumi.Input; klv?: pulumi.Input; klvDataPids?: pulumi.Input; nielsenId3Behavior?: pulumi.Input; nullPacketBitrate?: pulumi.Input; patInterval?: pulumi.Input; pcrControl?: pulumi.Input; pcrPeriod?: pulumi.Input; pcrPid?: pulumi.Input; pmtInterval?: pulumi.Input; pmtPid?: pulumi.Input; programNum?: pulumi.Input; rateMode?: pulumi.Input; scte27Pids?: pulumi.Input; scte35Control?: pulumi.Input; /** * PID from which to read SCTE-35 messages. */ scte35Pid?: pulumi.Input; segmentationMarkers?: pulumi.Input; segmentationStyle?: pulumi.Input; segmentationTime?: pulumi.Input; timedMetadataBehavior?: pulumi.Input; timedMetadataPid?: pulumi.Input; transportStreamId?: pulumi.Input; videoPid?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputOutputSettingsArchiveOutputSettingsContainerSettingsM2tsSettingsDvbNitSettings { networkId: pulumi.Input; networkName: pulumi.Input; repInterval?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputOutputSettingsArchiveOutputSettingsContainerSettingsM2tsSettingsDvbSdtSettings { outputSdt?: pulumi.Input; repInterval?: pulumi.Input; serviceName?: pulumi.Input; serviceProviderName?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputOutputSettingsArchiveOutputSettingsContainerSettingsM2tsSettingsDvbTdtSettings { repInterval?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputOutputSettingsArchiveOutputSettingsContainerSettingsRawSettings { } export interface ChannelEncoderSettingsOutputGroupOutputOutputSettingsFrameCaptureOutputSettings { /** * String concatenated to the end of the destination filename. Required for multiple outputs of the same type. */ nameModifier?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputOutputSettingsHlsOutputSettings { h265PackagingType?: pulumi.Input; hlsSettings: pulumi.Input; /** * String concatenated to the end of the destination filename. Required for multiple outputs of the same type. */ nameModifier?: pulumi.Input; segmentModifier?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputOutputSettingsHlsOutputSettingsHlsSettings { audioOnlyHlsSettings?: pulumi.Input; fmp4HlsSettings?: pulumi.Input; frameCaptureHlsSettings?: pulumi.Input; standardHlsSettings?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputOutputSettingsHlsOutputSettingsHlsSettingsAudioOnlyHlsSettings { audioGroupId?: pulumi.Input; audioOnlyImage?: pulumi.Input; audioTrackType?: pulumi.Input; segmentType?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputOutputSettingsHlsOutputSettingsHlsSettingsAudioOnlyHlsSettingsAudioOnlyImage { passwordParam?: pulumi.Input; uri: pulumi.Input; username?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputOutputSettingsHlsOutputSettingsHlsSettingsFmp4HlsSettings { audioRenditionSets?: pulumi.Input; nielsenId3Behavior?: pulumi.Input; timedMetadataBehavior?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputOutputSettingsHlsOutputSettingsHlsSettingsFrameCaptureHlsSettings { } export interface ChannelEncoderSettingsOutputGroupOutputOutputSettingsHlsOutputSettingsHlsSettingsStandardHlsSettings { audioRenditionSets?: pulumi.Input; m3u8Settings: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputOutputSettingsHlsOutputSettingsHlsSettingsStandardHlsSettingsM3u8Settings { audioFramesPerPes?: pulumi.Input; audioPids?: pulumi.Input; ecmPid?: pulumi.Input; nielsenId3Behavior?: pulumi.Input; patInterval?: pulumi.Input; pcrControl?: pulumi.Input; pcrPeriod?: pulumi.Input; pcrPid?: pulumi.Input; pmtInterval?: pulumi.Input; pmtPid?: pulumi.Input; programNum?: pulumi.Input; scte35Behavior?: pulumi.Input; /** * PID from which to read SCTE-35 messages. */ scte35Pid?: pulumi.Input; timedMetadataBehavior?: pulumi.Input; timedMetadataPid?: pulumi.Input; transportStreamId?: pulumi.Input; videoPid?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputOutputSettingsMediaPackageOutputSettings { } export interface ChannelEncoderSettingsOutputGroupOutputOutputSettingsMsSmoothOutputSettings { h265PackagingType?: pulumi.Input; /** * String concatenated to the end of the destination filename. Required for multiple outputs of the same type. */ nameModifier?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputOutputSettingsMultiplexOutputSettings { /** * Destination is a multiplex. See Destination for more details. */ destination: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputOutputSettingsMultiplexOutputSettingsDestination { /** * Reference ID for the destination. */ destinationRefId: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputOutputSettingsRtmpOutputSettings { /** * Setting to allow self signed or verified RTMP certificates. */ certificateMode?: pulumi.Input; /** * Number of seconds to wait before retrying connection to the flash media server if the connection is lost. */ connectionRetryInterval?: pulumi.Input; /** * The RTMP endpoint excluding the stream name. See Destination for more details. */ destination: pulumi.Input; /** * Number of retry attempts. */ numRetries?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputOutputSettingsRtmpOutputSettingsDestination { /** * Reference ID for the destination. */ destinationRefId: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputOutputSettingsUdpOutputSettings { /** * UDP output buffering in milliseconds. */ bufferMsec?: pulumi.Input; /** * UDP container settings. See Container Settings for more details. */ containerSettings: pulumi.Input; /** * Destination address and port number for RTP or UDP packets. See Destination for more details. */ destination: pulumi.Input; fecOutputSettings?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputOutputSettingsUdpOutputSettingsContainerSettings { /** * M2TS Settings. See [M2TS Settings](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-medialive-channel-m2tssettings.html) for more details. */ m2tsSettings?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputOutputSettingsUdpOutputSettingsContainerSettingsM2tsSettings { absentInputAudioBehavior?: pulumi.Input; arib?: pulumi.Input; aribCaptionsPid?: pulumi.Input; aribCaptionsPidControl?: pulumi.Input; audioBufferModel?: pulumi.Input; audioFramesPerPes?: pulumi.Input; audioPids?: pulumi.Input; audioStreamType?: pulumi.Input; bitrate?: pulumi.Input; bufferModel?: pulumi.Input; ccDescriptor?: pulumi.Input; dvbNitSettings?: pulumi.Input; dvbSdtSettings?: pulumi.Input; dvbSubPids?: pulumi.Input; dvbTdtSettings?: pulumi.Input; dvbTeletextPid?: pulumi.Input; ebif?: pulumi.Input; ebpAudioInterval?: pulumi.Input; ebpLookaheadMs?: pulumi.Input; ebpPlacement?: pulumi.Input; ecmPid?: pulumi.Input; esRateInPes?: pulumi.Input; etvPlatformPid?: pulumi.Input; etvSignalPid?: pulumi.Input; fragmentTime?: pulumi.Input; klv?: pulumi.Input; klvDataPids?: pulumi.Input; nielsenId3Behavior?: pulumi.Input; nullPacketBitrate?: pulumi.Input; patInterval?: pulumi.Input; pcrControl?: pulumi.Input; pcrPeriod?: pulumi.Input; pcrPid?: pulumi.Input; pmtInterval?: pulumi.Input; pmtPid?: pulumi.Input; programNum?: pulumi.Input; rateMode?: pulumi.Input; scte27Pids?: pulumi.Input; scte35Control?: pulumi.Input; /** * PID from which to read SCTE-35 messages. */ scte35Pid?: pulumi.Input; segmentationMarkers?: pulumi.Input; segmentationStyle?: pulumi.Input; segmentationTime?: pulumi.Input; timedMetadataBehavior?: pulumi.Input; timedMetadataPid?: pulumi.Input; transportStreamId?: pulumi.Input; videoPid?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputOutputSettingsUdpOutputSettingsContainerSettingsM2tsSettingsDvbNitSettings { networkId: pulumi.Input; networkName: pulumi.Input; repInterval?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputOutputSettingsUdpOutputSettingsContainerSettingsM2tsSettingsDvbSdtSettings { outputSdt?: pulumi.Input; repInterval?: pulumi.Input; serviceName?: pulumi.Input; serviceProviderName?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputOutputSettingsUdpOutputSettingsContainerSettingsM2tsSettingsDvbTdtSettings { repInterval?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputOutputSettingsUdpOutputSettingsDestination { /** * Reference ID for the destination. */ destinationRefId: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputOutputSettingsUdpOutputSettingsFecOutputSettings { /** * The height of the FEC protection matrix. */ columnDepth?: pulumi.Input; /** * Enables column only or column and row based FEC. */ includeFec?: pulumi.Input; /** * The width of the FEC protection matrix. */ rowLength?: pulumi.Input; } export interface ChannelEncoderSettingsTimecodeConfig { /** * The source for the timecode that will be associated with the events outputs. */ source: pulumi.Input; /** * Threshold in frames beyond which output timecode is resynchronized to the input timecode. */ syncThreshold?: pulumi.Input; } export interface ChannelEncoderSettingsVideoDescription { /** * The video codec settings. See Video Codec Settings for more details. */ codecSettings?: pulumi.Input; /** * Output video height in pixels. */ height?: pulumi.Input; /** * The name of the video description. */ name: pulumi.Input; /** * Indicate how to respond to the AFD values that might be in the input video. */ respondToAfd?: pulumi.Input; /** * Behavior on how to scale. */ scalingBehavior?: pulumi.Input; /** * Changes the strength of the anti-alias filter used for scaling. */ sharpness?: pulumi.Input; /** * Output video width in pixels. */ width?: pulumi.Input; } export interface ChannelEncoderSettingsVideoDescriptionCodecSettings { /** * Frame capture settings. See Frame Capture Settings for more details. */ frameCaptureSettings?: pulumi.Input; /** * H264 settings. See H264 Settings for more details. */ h264Settings?: pulumi.Input; h265Settings?: pulumi.Input; } export interface ChannelEncoderSettingsVideoDescriptionCodecSettingsFrameCaptureSettings { /** * The frequency at which to capture frames for inclusion in the output. */ captureInterval?: pulumi.Input; /** * Unit for the frame capture interval. */ captureIntervalUnits?: pulumi.Input; } export interface ChannelEncoderSettingsVideoDescriptionCodecSettingsH264Settings { /** * Enables or disables adaptive quantization. */ adaptiveQuantization?: pulumi.Input; /** * Indicates that AFD values will be written into the output stream. */ afdSignaling?: pulumi.Input; /** * Average bitrate in bits/second. */ bitrate?: pulumi.Input; bufFillPct?: pulumi.Input; /** * Size of buffer in bits. */ bufSize?: pulumi.Input; /** * Includes color space metadata in the output. */ colorMetadata?: pulumi.Input; /** * Entropy encoding mode. */ entropyEncoding?: pulumi.Input; /** * Filters to apply to an encode. See H264 Filter Settings for more details. */ filterSettings?: pulumi.Input; /** * Four bit AFD value to write on all frames of video in the output stream. */ fixedAfd?: pulumi.Input; flickerAq?: pulumi.Input; /** * Controls whether coding is performed on a field basis or on a frame basis. */ forceFieldPictures?: pulumi.Input; /** * Indicates how the output video frame rate is specified. */ framerateControl?: pulumi.Input; /** * Framerate denominator. */ framerateDenominator?: pulumi.Input; /** * Framerate numerator. */ framerateNumerator?: pulumi.Input; /** * GOP-B reference. */ gopBReference?: pulumi.Input; /** * Frequency of closed GOPs. */ gopClosedCadence?: pulumi.Input; /** * Number of B-frames between reference frames. */ gopNumBFrames?: pulumi.Input; /** * GOP size in units of either frames of seconds per `gopSizeUnits`. */ gopSize?: pulumi.Input; /** * Indicates if the `gopSize` is specified in frames or seconds. */ gopSizeUnits?: pulumi.Input; /** * H264 level. */ level?: pulumi.Input; /** * Amount of lookahead. */ lookAheadRateControl?: pulumi.Input; /** * Set the maximum bitrate in order to accommodate expected spikes in the complexity of the video. */ maxBitrate?: pulumi.Input; /** * Min interval. */ minIInterval?: pulumi.Input; /** * Number of reference frames to use. */ numRefFrames?: pulumi.Input; /** * Indicates how the output pixel aspect ratio is specified. */ parControl?: pulumi.Input; /** * Pixel Aspect Ratio denominator. */ parDenominator?: pulumi.Input; /** * Pixel Aspect Ratio numerator. */ parNumerator?: pulumi.Input; /** * H264 profile. */ profile?: pulumi.Input; /** * Quality level. */ qualityLevel?: pulumi.Input; /** * Controls the target quality for the video encode. */ qvbrQualityLevel?: pulumi.Input; /** * Rate control mode. */ rateControlMode?: pulumi.Input; /** * Sets the scan type of the output. */ scanType?: pulumi.Input; /** * Scene change detection. */ sceneChangeDetect?: pulumi.Input; /** * Number of slices per picture. */ slices?: pulumi.Input; /** * Softness. */ softness?: pulumi.Input; /** * Makes adjustments within each frame based on spatial variation of content complexity. */ spatialAq?: pulumi.Input; /** * Subgop length. */ subgopLength?: pulumi.Input; /** * Produces a bitstream compliant with SMPTE RP-2027. */ syntax?: pulumi.Input; /** * Makes adjustments within each frame based on temporal variation of content complexity. */ temporalAq?: pulumi.Input; /** * Determines how timecodes should be inserted into the video elementary stream. */ timecodeInsertion?: pulumi.Input; } export interface ChannelEncoderSettingsVideoDescriptionCodecSettingsH264SettingsFilterSettings { temporalFilterSettings?: pulumi.Input; } export interface ChannelEncoderSettingsVideoDescriptionCodecSettingsH264SettingsFilterSettingsTemporalFilterSettings { /** * Post filter sharpening. */ postFilterSharpening?: pulumi.Input; /** * Filter strength. */ strength?: pulumi.Input; } export interface ChannelEncoderSettingsVideoDescriptionCodecSettingsH265Settings { /** * Enables or disables adaptive quantization. */ adaptiveQuantization?: pulumi.Input; /** * Indicates that AFD values will be written into the output stream. */ afdSignaling?: pulumi.Input; /** * Whether or not EML should insert an Alternative Transfer Function SEI message. */ alternativeTransferFunction?: pulumi.Input; /** * Average bitrate in bits/second. */ bitrate: pulumi.Input; /** * Size of buffer in bits. */ bufSize?: pulumi.Input; /** * Includes color space metadata in the output. */ colorMetadata?: pulumi.Input; /** * Define the color metadata for the output. H265 Color Space Settings for more details. */ colorSpaceSettings?: pulumi.Input; /** * Filters to apply to an encode. See H265 Filter Settings for more details. */ filterSettings?: pulumi.Input; /** * Four bit AFD value to write on all frames of video in the output stream. */ fixedAfd?: pulumi.Input; flickerAq?: pulumi.Input; /** * Framerate denominator. */ framerateDenominator: pulumi.Input; /** * Framerate numerator. */ framerateNumerator: pulumi.Input; /** * Frequency of closed GOPs. */ gopClosedCadence?: pulumi.Input; /** * GOP size in units of either frames of seconds per `gopSizeUnits`. */ gopSize?: pulumi.Input; /** * Indicates if the `gopSize` is specified in frames or seconds. */ gopSizeUnits?: pulumi.Input; /** * H265 level. */ level?: pulumi.Input; /** * Amount of lookahead. */ lookAheadRateControl?: pulumi.Input; /** * Set the maximum bitrate in order to accommodate expected spikes in the complexity of the video. */ maxBitrate?: pulumi.Input; /** * Min interval. */ minIInterval?: pulumi.Input; /** * Set the minimum QP. */ minQp?: pulumi.Input; /** * Enables or disables motion vector over picture boundaries. */ mvOverPictureBoundaries?: pulumi.Input; /** * Enables or disables the motion vector temporal predictor. */ mvTemporalPredictor?: pulumi.Input; /** * Pixel Aspect Ratio denominator. */ parDenominator?: pulumi.Input; /** * Pixel Aspect Ratio numerator. */ parNumerator?: pulumi.Input; /** * H265 profile. */ profile?: pulumi.Input; /** * Controls the target quality for the video encode. */ qvbrQualityLevel?: pulumi.Input; /** * Rate control mode. */ rateControlMode?: pulumi.Input; /** * Sets the scan type of the output. */ scanType?: pulumi.Input; /** * Scene change detection. */ sceneChangeDetect?: pulumi.Input; /** * Number of slices per picture. */ slices?: pulumi.Input; /** * Set the H265 tier in the output. */ tier?: pulumi.Input; /** * Sets the height of tiles. */ tileHeight?: pulumi.Input; /** * Enables or disables padding of tiles. */ tilePadding?: pulumi.Input; /** * Sets the width of tiles. */ tileWidth?: pulumi.Input; /** * Apply a burned in timecode. See H265 Timecode Burnin Settings for more details. */ timecodeBurninSettings?: pulumi.Input; /** * Determines how timecodes should be inserted into the video elementary stream. */ timecodeInsertion?: pulumi.Input; /** * Sets the size of the treeblock. */ treeblockSize?: pulumi.Input; } export interface ChannelEncoderSettingsVideoDescriptionCodecSettingsH265SettingsColorSpaceSettings { /** * Sets the colorspace metadata to be passed through. */ colorSpacePassthroughSettings?: pulumi.Input; /** * Set the colorspace to Dolby Vision81. */ dolbyVision81Settings?: pulumi.Input; /** * Set the colorspace to be HDR10. See H265 HDR10 Settings for more details. */ hdr10Settings?: pulumi.Input; /** * Set the colorspace to Rec. 601. */ rec601Settings?: pulumi.Input; /** * Set the colorspace to Rec. 709. */ rec709Settings?: pulumi.Input; } export interface ChannelEncoderSettingsVideoDescriptionCodecSettingsH265SettingsColorSpaceSettingsColorSpacePassthroughSettings { } export interface ChannelEncoderSettingsVideoDescriptionCodecSettingsH265SettingsColorSpaceSettingsDolbyVision81Settings { } export interface ChannelEncoderSettingsVideoDescriptionCodecSettingsH265SettingsColorSpaceSettingsHdr10Settings { /** * Sets the MaxCLL value for HDR10. */ maxCll?: pulumi.Input; /** * Sets the MaxFALL value for HDR10. */ maxFall?: pulumi.Input; } export interface ChannelEncoderSettingsVideoDescriptionCodecSettingsH265SettingsColorSpaceSettingsRec601Settings { } export interface ChannelEncoderSettingsVideoDescriptionCodecSettingsH265SettingsColorSpaceSettingsRec709Settings { } export interface ChannelEncoderSettingsVideoDescriptionCodecSettingsH265SettingsFilterSettings { temporalFilterSettings?: pulumi.Input; } export interface ChannelEncoderSettingsVideoDescriptionCodecSettingsH265SettingsFilterSettingsTemporalFilterSettings { /** * Post filter sharpening. */ postFilterSharpening?: pulumi.Input; /** * Filter strength. */ strength?: pulumi.Input; } export interface ChannelEncoderSettingsVideoDescriptionCodecSettingsH265SettingsTimecodeBurninSettings { /** * Set a prefix on the burned in timecode. */ prefix?: pulumi.Input; /** * Sets the size of the burned in timecode. */ timecodeBurninFontSize?: pulumi.Input; /** * Sets the position of the burned in timecode. */ timecodeBurninPosition?: pulumi.Input; } export interface ChannelInputAttachment { /** * User-specified settings for defining what the conditions are for declaring the input unhealthy and failing over to a different input. See Automatic Input Failover Settings for more details. */ automaticInputFailoverSettings?: pulumi.Input; /** * User-specified name for the attachment. */ inputAttachmentName: pulumi.Input; /** * The ID of the input. */ inputId: pulumi.Input; /** * Settings of an input. See Input Settings for more details. */ inputSettings?: pulumi.Input; } export interface ChannelInputAttachmentAutomaticInputFailoverSettings { /** * This clear time defines the requirement a recovered input must meet to be considered healthy. The input must have no failover conditions for this length of time. Enter a time in milliseconds. This value is particularly important if the input\_preference for the failover pair is set to PRIMARY\_INPUT\_PREFERRED, because after this time, MediaLive will switch back to the primary input. */ errorClearTimeMsec?: pulumi.Input; /** * A list of failover conditions. If any of these conditions occur, MediaLive will perform a failover to the other input. See Failover Condition Block for more details. */ failoverConditions?: pulumi.Input[]>; /** * Input preference when deciding which input to make active when a previously failed input has recovered. */ inputPreference?: pulumi.Input; /** * The input ID of the secondary input in the automatic input failover pair. */ secondaryInputId: pulumi.Input; } export interface ChannelInputAttachmentAutomaticInputFailoverSettingsFailoverCondition { /** * Failover condition type-specific settings. See Failover Condition Settings for more details. */ failoverConditionSettings?: pulumi.Input; } export interface ChannelInputAttachmentAutomaticInputFailoverSettingsFailoverConditionFailoverConditionSettings { /** * MediaLive will perform a failover if the specified audio selector is silent for the specified period. See Audio Silence Failover Settings for more details. */ audioSilenceSettings?: pulumi.Input; /** * MediaLive will perform a failover if content is not detected in this input for the specified period. See Input Loss Failover Settings for more details. */ inputLossSettings?: pulumi.Input; /** * MediaLive will perform a failover if content is considered black for the specified period. See Video Black Failover Settings for more details. */ videoBlackSettings?: pulumi.Input; } export interface ChannelInputAttachmentAutomaticInputFailoverSettingsFailoverConditionFailoverConditionSettingsAudioSilenceSettings { audioSelectorName: pulumi.Input; /** * The amount of time (in milliseconds) that the active input must be silent before automatic input failover occurs. Silence is defined as audio loss or audio quieter than -50 dBFS. */ audioSilenceThresholdMsec?: pulumi.Input; } export interface ChannelInputAttachmentAutomaticInputFailoverSettingsFailoverConditionFailoverConditionSettingsInputLossSettings { /** * The amount of time (in milliseconds) that no input is detected. After that time, an input failover will occur. */ inputLossThresholdMsec?: pulumi.Input; } export interface ChannelInputAttachmentAutomaticInputFailoverSettingsFailoverConditionFailoverConditionSettingsVideoBlackSettings { /** * A value used in calculating the threshold below which MediaLive considers a pixel to be 'black'. For the input to be considered black, every pixel in a frame must be below this threshold. The threshold is calculated as a percentage (expressed as a decimal) of white. Therefore .1 means 10% white (or 90% black). Note how the formula works for any color depth. For example, if you set this field to 0.1 in 10-bit color depth: (10230.1=102.3), which means a pixel value of 102 or less is 'black'. If you set this field to .1 in an 8-bit color depth: (2550.1=25.5), which means a pixel value of 25 or less is 'black'. The range is 0.0 to 1.0, with any number of decimal places. */ blackDetectThreshold?: pulumi.Input; /** * The amount of time (in milliseconds) that the active input must be black before automatic input failover occurs. */ videoBlackThresholdMsec?: pulumi.Input; } export interface ChannelInputAttachmentInputSettings { /** * Used to select the audio stream to decode for inputs that have multiple. See Audio Selectors for more details. */ audioSelectors?: pulumi.Input[]>; /** * Used to select the caption input to use for inputs that have multiple available. See Caption Selectors for more details. */ captionSelectors?: pulumi.Input[]>; /** * Enable or disable the deblock filter when filtering. */ deblockFilter?: pulumi.Input; /** * Enable or disable the denoise filter when filtering. */ denoiseFilter?: pulumi.Input; /** * Adjusts the magnitude of filtering from 1 (minimal) to 5 (strongest). */ filterStrength?: pulumi.Input; /** * Turns on the filter for the input. */ inputFilter?: pulumi.Input; /** * Input settings. See Network Input Settings for more details. */ networkInputSettings?: pulumi.Input; /** * PID from which to read SCTE-35 messages. */ scte35Pid?: pulumi.Input; /** * Specifies whether to extract applicable ancillary data from a SMPTE-2038 source in the input. */ smpte2038DataPreference?: pulumi.Input; /** * Loop input if it is a file. */ sourceEndBehavior?: pulumi.Input; videoSelector?: pulumi.Input; } export interface ChannelInputAttachmentInputSettingsAudioSelector { /** * Name of the Channel. * * The following arguments are optional: */ name: pulumi.Input; selectorSettings?: pulumi.Input; } export interface ChannelInputAttachmentInputSettingsAudioSelectorSelectorSettings { /** * Audio HLS Rendition Selection. See Audio HLS Rendition Selection for more details. */ audioHlsRenditionSelection?: pulumi.Input; /** * Audio Language Selection. See Audio Language Selection for more details. */ audioLanguageSelection?: pulumi.Input; /** * Audio Pid Selection. See Audio PID Selection for more details. */ audioPidSelection?: pulumi.Input; /** * Audio Track Selection. See Audio Track Selection for more details. */ audioTrackSelection?: pulumi.Input; } export interface ChannelInputAttachmentInputSettingsAudioSelectorSelectorSettingsAudioHlsRenditionSelection { /** * Specifies the GROUP-ID in the #EXT-X-MEDIA tag of the target HLS audio rendition. */ groupId: pulumi.Input; /** * Specifies the NAME in the #EXT-X-MEDIA tag of the target HLS audio rendition. */ name: pulumi.Input; } export interface ChannelInputAttachmentInputSettingsAudioSelectorSelectorSettingsAudioLanguageSelection { /** * Selects a specific three-letter language code from within an audio source. */ languageCode: pulumi.Input; /** * When set to “strict”, the transport stream demux strictly identifies audio streams by their language descriptor. If a PMT update occurs such that an audio stream matching the initially selected language is no longer present then mute will be encoded until the language returns. If “loose”, then on a PMT update the demux will choose another audio stream in the program with the same stream type if it can’t find one with the same language. */ languageSelectionPolicy?: pulumi.Input; } export interface ChannelInputAttachmentInputSettingsAudioSelectorSelectorSettingsAudioPidSelection { /** * Selects a specific PID from within a source. */ pid: pulumi.Input; } export interface ChannelInputAttachmentInputSettingsAudioSelectorSelectorSettingsAudioTrackSelection { /** * Configure decoding options for Dolby E streams - these should be Dolby E frames carried in PCM streams tagged with SMPTE-337. See Dolby E Decode for more details. */ dolbyEDecode?: pulumi.Input; /** * Selects one or more unique audio tracks from within a source. See Audio Tracks for more details. */ tracks: pulumi.Input[]>; } export interface ChannelInputAttachmentInputSettingsAudioSelectorSelectorSettingsAudioTrackSelectionDolbyEDecode { /** * Applies only to Dolby E. Enter the program ID (according to the metadata in the audio) of the Dolby E program to extract from the specified track. One program extracted per audio selector. To select multiple programs, create multiple selectors with the same Track and different Program numbers. “All channels” means to ignore the program IDs and include all the channels in this selector; useful if metadata is known to be incorrect. */ programSelection: pulumi.Input; } export interface ChannelInputAttachmentInputSettingsAudioSelectorSelectorSettingsAudioTrackSelectionTrack { /** * 1-based integer value that maps to a specific audio track. */ track: pulumi.Input; } export interface ChannelInputAttachmentInputSettingsCaptionSelector { languageCode?: pulumi.Input; /** * Name of the Channel. * * The following arguments are optional: */ name: pulumi.Input; selectorSettings?: pulumi.Input; } export interface ChannelInputAttachmentInputSettingsCaptionSelectorSelectorSettings { /** * Ancillary Source Settings. See Ancillary Source Settings for more details. */ ancillarySourceSettings?: pulumi.Input; /** * ARIB Source Settings. */ aribSourceSettings?: pulumi.Input; /** * DVB Sub Source Settings. See DVB Sub Source Settings for more details. */ dvbSubSourceSettings?: pulumi.Input; /** * Embedded Source Settings. See Embedded Source Settings for more details. */ embeddedSourceSettings?: pulumi.Input; /** * SCTE20 Source Settings. See SCTE 20 Source Settings for more details. */ scte20SourceSettings?: pulumi.Input; /** * SCTE27 Source Settings. See SCTE 27 Source Settings for more details. */ scte27SourceSettings?: pulumi.Input; /** * Teletext Source Settings. See Teletext Source Settings for more details. */ teletextSourceSettings?: pulumi.Input; } export interface ChannelInputAttachmentInputSettingsCaptionSelectorSelectorSettingsAncillarySourceSettings { /** * Specifies the number (1 to 4) of the captions channel you want to extract from the ancillary captions. If you plan to convert the ancillary captions to another format, complete this field. If you plan to choose Embedded as the captions destination in the output (to pass through all the channels in the ancillary captions), leave this field blank because MediaLive ignores the field. */ sourceAncillaryChannelNumber?: pulumi.Input; } export interface ChannelInputAttachmentInputSettingsCaptionSelectorSelectorSettingsAribSourceSettings { } export interface ChannelInputAttachmentInputSettingsCaptionSelectorSelectorSettingsDvbSubSourceSettings { /** * If you will configure a WebVTT caption description that references this caption selector, use this field to provide the language to consider when translating the image-based source to text. */ ocrLanguage?: pulumi.Input; /** * When using DVB-Sub with Burn-In or SMPTE-TT, use this PID for the source content. Unused for DVB-Sub passthrough. All DVB-Sub content is passed through, regardless of selectors. */ pid?: pulumi.Input; } export interface ChannelInputAttachmentInputSettingsCaptionSelectorSelectorSettingsEmbeddedSourceSettings { /** * If upconvert, 608 data is both passed through via the “608 compatibility bytes” fields of the 708 wrapper as well as translated into 708. 708 data present in the source content will be discarded. */ convert608To708?: pulumi.Input; /** * Set to “auto” to handle streams with intermittent and/or non-aligned SCTE-20 and Embedded captions. */ scte20Detection?: pulumi.Input; /** * Specifies the 608/708 channel number within the video track from which to extract captions. Unused for passthrough. */ source608ChannelNumber?: pulumi.Input; } export interface ChannelInputAttachmentInputSettingsCaptionSelectorSelectorSettingsScte20SourceSettings { convert608To708?: pulumi.Input; source608ChannelNumber?: pulumi.Input; } export interface ChannelInputAttachmentInputSettingsCaptionSelectorSelectorSettingsScte27SourceSettings { ocrLanguage?: pulumi.Input; pid?: pulumi.Input; } export interface ChannelInputAttachmentInputSettingsCaptionSelectorSelectorSettingsTeletextSourceSettings { /** * Optionally defines a region where TTML style captions will be displayed. See Caption Rectangle for more details. */ outputRectangle?: pulumi.Input; /** * Specifies the teletext page number within the data stream from which to extract captions. Range of 0x100 (256) to 0x8FF (2303). Unused for passthrough. Should be specified as a hexadecimal string with no “0x” prefix. */ pageNumber?: pulumi.Input; } export interface ChannelInputAttachmentInputSettingsCaptionSelectorSelectorSettingsTeletextSourceSettingsOutputRectangle { height: pulumi.Input; /** * Applies only if you plan to convert these source captions to EBU-TT-D or TTML in an output. (Make sure to leave the default if you don’t have either of these formats in the output.) You can define a display rectangle for the captions that is smaller than the underlying video frame. You define the rectangle by specifying the position of the left edge, top edge, bottom edge, and right edge of the rectangle, all within the underlying video frame. The units for the measurements are percentages. If you specify a value for one of these fields, you must specify a value for all of them. For leftOffset, specify the position of the left edge of the rectangle, as a percentage of the underlying frame width, and relative to the left edge of the frame. For example, "10" means the measurement is 10% of the underlying frame width. The rectangle left edge starts at that position from the left edge of the frame. This field corresponds to tts:origin - X in the TTML standard. */ leftOffset: pulumi.Input; /** * See the description in left\_offset. For top\_offset, specify the position of the top edge of the rectangle, as a percentage of the underlying frame height, and relative to the top edge of the frame. For example, "10" means the measurement is 10% of the underlying frame height. The rectangle top edge starts at that position from the top edge of the frame. This field corresponds to tts:origin - Y in the TTML standard. */ topOffset: pulumi.Input; width: pulumi.Input; } export interface ChannelInputAttachmentInputSettingsNetworkInputSettings { /** * Specifies HLS input settings when the uri is for a HLS manifest. See HLS Input Settings for more details. */ hlsInputSettings?: pulumi.Input; /** * Check HTTPS server certificates. */ serverValidation?: pulumi.Input; } export interface ChannelInputAttachmentInputSettingsNetworkInputSettingsHlsInputSettings { /** * The bitrate is specified in bits per second, as in an HLS manifest. */ bandwidth?: pulumi.Input; /** * Buffer segments. */ bufferSegments?: pulumi.Input; /** * The number of consecutive times that attempts to read a manifest or segment must fail before the input is considered unavailable. */ retries?: pulumi.Input; /** * The number of seconds between retries when an attempt to read a manifest or segment fails. */ retryInterval?: pulumi.Input; scte35Source?: pulumi.Input; } export interface ChannelInputAttachmentInputSettingsVideoSelector { colorSpace?: pulumi.Input; colorSpaceUsage?: pulumi.Input; } export interface ChannelInputSpecification { codec: pulumi.Input; inputResolution: pulumi.Input; maximumBitrate: pulumi.Input; } export interface ChannelMaintenance { /** * The day of the week to use for maintenance. */ maintenanceDay: pulumi.Input; /** * The hour maintenance will start. */ maintenanceStartTime: pulumi.Input; } export interface ChannelVpc { availabilityZones?: pulumi.Input[]>; networkInterfaceIds?: pulumi.Input[]>; /** * List of public address allocation ids to associate with ENIs that will be created in Output VPC. Must specify one for SINGLE_PIPELINE, two for STANDARD channels. */ publicAddressAllocationIds: pulumi.Input[]>; /** * A list of up to 5 EC2 VPC security group IDs to attach to the Output VPC network interfaces. If none are specified then the VPC default security group will be used. */ securityGroupIds?: pulumi.Input[]>; /** * A list of VPC subnet IDs from the same VPC. If STANDARD channel, subnet IDs must be mapped to two unique availability zones (AZ). */ subnetIds: pulumi.Input[]>; } export interface InputDestination { /** * A unique name for the location the RTMP stream is being pushed to. */ streamName: pulumi.Input; } export interface InputInputDevice { /** * The unique ID for the device. */ id: pulumi.Input; } export interface InputMediaConnectFlow { /** * The ARN of the MediaConnect Flow */ flowArn: pulumi.Input; } export interface InputSecurityGroupWhitelistRule { /** * The IPv4 CIDR that's whitelisted. */ cidr: pulumi.Input; } export interface InputSource { /** * The key used to extract the password from EC2 Parameter store. */ passwordParam: pulumi.Input; /** * The URL where the stream is pulled from. */ url: pulumi.Input; /** * The username for the input source. */ username: pulumi.Input; } export interface InputVpc { /** * A list of up to 5 EC2 VPC security group IDs to attach to the Input. */ securityGroupIds?: pulumi.Input[]>; /** * A list of 2 VPC subnet IDs from the same VPC. */ subnetIds: pulumi.Input[]>; } export interface MultiplexMultiplexSettings { /** * Maximum video buffer delay. */ maximumVideoBufferDelayMilliseconds?: pulumi.Input; /** * Transport stream bit rate. */ transportStreamBitrate: pulumi.Input; /** * Unique ID for each multiplex. */ transportStreamId: pulumi.Input; /** * Transport stream reserved bit rate. */ transportStreamReservedBitrate?: pulumi.Input; } export interface MultiplexProgramMultiplexProgramSettings { /** * Enum for preferred channel pipeline. Options are `CURRENTLY_ACTIVE`, `PIPELINE_0`, or `PIPELINE_1`. */ preferredChannelPipeline: pulumi.Input; /** * Unique program number. */ programNumber: pulumi.Input; /** * Service Descriptor. See Service Descriptor for more details. */ serviceDescriptor?: pulumi.Input; /** * Video settings. See Video Settings for more details. */ videoSettings?: pulumi.Input; } export interface MultiplexProgramMultiplexProgramSettingsServiceDescriptor { /** * Unique provider name. */ providerName: pulumi.Input; /** * Unique service name. */ serviceName: pulumi.Input; } export interface MultiplexProgramMultiplexProgramSettingsVideoSettings { /** * Constant bitrate value. */ constantBitrate?: pulumi.Input; /** * Statmux settings. See Statmux Settings for more details. */ statmuxSettings?: pulumi.Input; } export interface MultiplexProgramMultiplexProgramSettingsVideoSettingsStatmuxSettings { /** * Maximum bitrate. */ maximumBitrate?: pulumi.Input; /** * Minimum bitrate. */ minimumBitrate?: pulumi.Input; /** * Priority value. */ priority?: pulumi.Input; } export interface MultiplexProgramTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; } } export namespace mediapackage { export interface ChannelHlsIngest { /** * A list of the ingest endpoints */ ingestEndpoints?: pulumi.Input[]>; } export interface ChannelHlsIngestIngestEndpoint { /** * The password */ password?: pulumi.Input; /** * The URL */ url?: pulumi.Input; /** * The username */ username?: pulumi.Input; } } export namespace memorydb { export interface ClusterClusterEndpoint { /** * DNS hostname of the node. */ address?: pulumi.Input; /** * The port number on which each of the nodes accepts connections. Defaults to `6379`. */ port?: pulumi.Input; } export interface ClusterShard { /** * Name of the cluster. If omitted, the provider will assign a random, unique name. Conflicts with `namePrefix`. */ name?: pulumi.Input; /** * Set of nodes in this shard. */ nodes?: pulumi.Input[]>; /** * Number of individual nodes in this shard. */ numNodes?: pulumi.Input; /** * Keyspace for this shard. Example: `0-16383`. */ slots?: pulumi.Input; } export interface ClusterShardNode { /** * The Availability Zone in which the node resides. */ availabilityZone?: pulumi.Input; /** * The date and time when the node was created. Example: `2022-01-01T21:00:00Z`. */ createTime?: pulumi.Input; endpoints?: pulumi.Input[]>; /** * Name of the cluster. If omitted, the provider will assign a random, unique name. Conflicts with `namePrefix`. */ name?: pulumi.Input; } export interface ClusterShardNodeEndpoint { /** * DNS hostname of the node. */ address?: pulumi.Input; /** * The port number on which each of the nodes accepts connections. Defaults to `6379`. */ port?: pulumi.Input; } export interface MultiRegionClusterTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface ParameterGroupParameter { /** * The name of the parameter. */ name: pulumi.Input; /** * The value of the parameter. */ value: pulumi.Input; } export interface SnapshotClusterConfiguration { /** * Description for the cluster. */ description?: pulumi.Input; /** * The engine that will run on cluster nodes. */ engine?: pulumi.Input; /** * Version number of the engine used by the cluster. */ engineVersion?: pulumi.Input; /** * The weekly time range during which maintenance on the cluster is performed. */ maintenanceWindow?: pulumi.Input; /** * Name of the snapshot. If omitted, the provider will assign a random, unique name. Conflicts with `namePrefix`. */ name?: pulumi.Input; /** * Compute and memory capacity of the nodes in the cluster. */ nodeType?: pulumi.Input; /** * Number of shards in the cluster. */ numShards?: pulumi.Input; /** * Name of the parameter group associated with the cluster. */ parameterGroupName?: pulumi.Input; /** * Port number on which the cluster accepts connections. */ port?: pulumi.Input; /** * Number of days for which MemoryDB retains automatic snapshots before deleting them. */ snapshotRetentionLimit?: pulumi.Input; /** * The daily time range (in UTC) during which MemoryDB begins taking a daily snapshot of the shard. */ snapshotWindow?: pulumi.Input; /** * Name of the subnet group used by the cluster. */ subnetGroupName?: pulumi.Input; /** * ARN of the SNS topic to which cluster notifications are sent. */ topicArn?: pulumi.Input; /** * The VPC in which the cluster exists. */ vpcId?: pulumi.Input; } export interface UserAuthenticationMode { /** * Number of passwords belonging to the user if `type` is set to `password`. */ passwordCount?: pulumi.Input; /** * Set of passwords used for authentication if `type` is set to `password`. You can create up to two passwords for each user. */ passwords?: pulumi.Input[]>; /** * Specifies the authentication type. Valid values are: `password` or `iam`. */ type: pulumi.Input; } } export namespace mq { export interface BrokerConfiguration { /** * Configuration ID. */ id?: pulumi.Input; /** * Revision of the Configuration. */ revision?: pulumi.Input; } export interface BrokerEncryptionOptions { /** * ARN of KMS CMK to use for encryption at rest. Requires setting `useAwsOwnedKey` to `false`. To perform drift detection when AWS-managed CMKs or customer-managed CMKs are in use, this value must be configured. */ kmsKeyId?: pulumi.Input; /** * Whether to enable an AWS-owned KMS CMK not in your account. Defaults to `true`. Setting to `false` without configuring `kmsKeyId` creates an AWS-managed CMK aliased to `aws/mq` in your account. */ useAwsOwnedKey?: pulumi.Input; } export interface BrokerInstance { /** * URL of the [ActiveMQ Web Console](http://activemq.apache.org/web-console.html) or the [RabbitMQ Management UI](https://www.rabbitmq.com/management.html#external-monitoring) depending on `engineType`. */ consoleUrl?: pulumi.Input; /** * Broker's wire-level protocol endpoints in the following order & format referenceable e.g., as `instances.0.endpoints.0` (SSL): * * For `ActiveMQ`: * * `ssl://broker-id.mq.us-west-2.amazonaws.com:61617` * * `amqp+ssl://broker-id.mq.us-west-2.amazonaws.com:5671` * * `stomp+ssl://broker-id.mq.us-west-2.amazonaws.com:61614` * * `mqtt+ssl://broker-id.mq.us-west-2.amazonaws.com:8883` * * `wss://broker-id.mq.us-west-2.amazonaws.com:61619` * * For `RabbitMQ`: * * `amqps://broker-id.mq.us-west-2.amazonaws.com:5671` */ endpoints?: pulumi.Input[]>; /** * IP Address of the broker. */ ipAddress?: pulumi.Input; } export interface BrokerLdapServerMetadata { /** * List of fully qualified domain names of the LDAP server and optional failover server. */ hosts?: pulumi.Input[]>; /** * Fully qualified name of the directory to search for a user's groups. */ roleBase?: pulumi.Input; /** * LDAP attribute that identifies the group name attribute in the object returned from the group membership query. */ roleName?: pulumi.Input; /** * Search criteria for groups. */ roleSearchMatching?: pulumi.Input; /** * Whether the directory search scope is the entire sub-tree. */ roleSearchSubtree?: pulumi.Input; /** * Service account password. */ serviceAccountPassword?: pulumi.Input; /** * Service account username. */ serviceAccountUsername?: pulumi.Input; /** * Fully qualified name of the directory where you want to search for users. */ userBase?: pulumi.Input; /** * Name of the LDAP attribute for the user group membership. */ userRoleName?: pulumi.Input; /** * Search criteria for users. */ userSearchMatching?: pulumi.Input; /** * Whether the directory search scope is the entire sub-tree. */ userSearchSubtree?: pulumi.Input; } export interface BrokerLogs { /** * Whether to enable audit logging. Only possible for `engineType` of `ActiveMQ`. Logs user management actions via JMX or ActiveMQ Web Console. Defaults to `false`. */ audit?: pulumi.Input; /** * Whether to enable general logging via CloudWatch. Defaults to `false`. */ general?: pulumi.Input; } export interface BrokerMaintenanceWindowStartTime { /** * Day of the week, e.g., `MONDAY`, `TUESDAY`, or `WEDNESDAY`. */ dayOfWeek: pulumi.Input; /** * Time, in 24-hour format, e.g., `02:00`. */ timeOfDay: pulumi.Input; /** * Time zone in either the Country/City format or the UTC offset format, e.g., `CET`. */ timeZone: pulumi.Input; } export interface BrokerUser { /** * Whether to enable access to the [ActiveMQ Web Console](http://activemq.apache.org/web-console.html) for the user. Applies to `engineType` of `ActiveMQ` only. */ consoleAccess?: pulumi.Input; /** * List of groups (20 maximum) to which the ActiveMQ user belongs. Applies to `engineType` of `ActiveMQ` only. */ groups?: pulumi.Input[]>; /** * Password of the user. Must be 12 to 250 characters long, contain at least 4 unique characters, and must not contain commas. */ password: pulumi.Input; /** * Whether to set replication user. Defaults to `false`. * * > **NOTE:** AWS currently does not support updating RabbitMQ users. Updates to users can only be in the RabbitMQ UI. */ replicationUser?: pulumi.Input; /** * Username of the user. * * The following arguments are optional: */ username: pulumi.Input; } } export namespace msk { export interface ClusterBrokerNodeGroupInfo { /** * The distribution of broker nodes across availability zones ([documentation](https://docs.aws.amazon.com/msk/1.0/apireference/clusters.html#clusters-model-brokerazdistribution)). Currently, the only valid value is `DEFAULT`. */ azDistribution?: pulumi.Input; /** * A list of subnets to connect to in client VPC ([documentation](https://docs.aws.amazon.com/msk/1.0/apireference/clusters.html#clusters-prop-brokernodegroupinfo-clientsubnets)). */ clientSubnets: pulumi.Input[]>; /** * Information about the cluster access configuration. See brokerNodeGroupInfo connectivity_info Argument Reference below. For security reasons, you can't turn on public access while creating an MSK cluster. However, you can update an existing cluster to make it publicly accessible. You can also create a new cluster and then update it to make it publicly accessible ([documentation](https://docs.aws.amazon.com/msk/latest/developerguide/public-access.html)). */ connectivityInfo?: pulumi.Input; /** * Specify the instance type to use for the kafka brokersE.g., kafka.m5.large. ([Pricing info](https://aws.amazon.com/msk/pricing/)) */ instanceType: pulumi.Input; /** * A list of the security groups to associate with the elastic network interfaces to control who can communicate with the cluster. */ securityGroups: pulumi.Input[]>; /** * A block that contains information about storage volumes attached to MSK broker nodes. See brokerNodeGroupInfo storage_info Argument Reference below. */ storageInfo?: pulumi.Input; } export interface ClusterBrokerNodeGroupInfoConnectivityInfo { /** * Access control settings for brokers. See connectivityInfo public_access Argument Reference below. */ publicAccess?: pulumi.Input; /** * VPC connectivity access control for brokers. See connectivityInfo vpc_connectivity Argument Reference below. */ vpcConnectivity?: pulumi.Input; } export interface ClusterBrokerNodeGroupInfoConnectivityInfoPublicAccess { /** * Public access type. Valid values: `DISABLED`, `SERVICE_PROVIDED_EIPS`. */ type?: pulumi.Input; } export interface ClusterBrokerNodeGroupInfoConnectivityInfoVpcConnectivity { /** * Configuration block for specifying a client authentication. See clientAuthentication Argument Reference below. */ clientAuthentication?: pulumi.Input; } export interface ClusterBrokerNodeGroupInfoConnectivityInfoVpcConnectivityClientAuthentication { /** * Configuration block for specifying SASL client authentication. See clientAuthentication sasl Argument Reference below. */ sasl?: pulumi.Input; /** * Configuration block for specifying TLS client authentication. See clientAuthentication tls Argument Reference below. */ tls?: pulumi.Input; } export interface ClusterBrokerNodeGroupInfoConnectivityInfoVpcConnectivityClientAuthenticationSasl { iam?: pulumi.Input; scram?: pulumi.Input; } export interface ClusterBrokerNodeGroupInfoStorageInfo { /** * A block that contains EBS volume information. See storageInfo ebs_storage_info Argument Reference below. */ ebsStorageInfo?: pulumi.Input; } export interface ClusterBrokerNodeGroupInfoStorageInfoEbsStorageInfo { /** * A block that contains EBS volume provisioned throughput information. To provision storage throughput, you must choose broker type kafka.m5.4xlarge or larger. See ebsStorageInfo provisioned_throughput Argument Reference below. */ provisionedThroughput?: pulumi.Input; /** * The size in GiB of the EBS volume for the data drive on each broker node. Minimum value of `1` and maximum value of `16384`. */ volumeSize?: pulumi.Input; } export interface ClusterBrokerNodeGroupInfoStorageInfoEbsStorageInfoProvisionedThroughput { enabled?: pulumi.Input; /** * Throughput value of the EBS volumes for the data drive on each kafka broker node in MiB per second. The minimum value is `250`. The maximum value varies between broker type. You can refer to the valid values for the maximum volume throughput at the following [documentation on throughput bottlenecks](https://docs.aws.amazon.com/msk/latest/developerguide/msk-provision-throughput.html#throughput-bottlenecks) */ volumeThroughput?: pulumi.Input; } export interface ClusterClientAuthentication { /** * Configuration block for specifying SASL client authentication. See clientAuthentication sasl Argument Reference below. */ sasl?: pulumi.Input; /** * Configuration block for specifying TLS client authentication. See clientAuthentication tls Argument Reference below. */ tls?: pulumi.Input; /** * Enables unauthenticated access. */ unauthenticated?: pulumi.Input; } export interface ClusterClientAuthenticationSasl { iam?: pulumi.Input; scram?: pulumi.Input; } export interface ClusterClientAuthenticationTls { /** * List of ACM Certificate Authority Amazon Resource Names (ARNs). */ certificateAuthorityArns?: pulumi.Input[]>; } export interface ClusterConfigurationInfo { /** * Amazon Resource Name (ARN) of the MSK Configuration to use in the cluster. */ arn: pulumi.Input; /** * Revision of the MSK Configuration to use in the cluster. */ revision: pulumi.Input; } export interface ClusterEncryptionInfo { /** * You may specify a KMS key short ID or ARN (it will always output an ARN) to use for encrypting your data at rest. If no key is specified, an AWS managed KMS ('aws/msk' managed service) key will be used for encrypting the data at rest. */ encryptionAtRestKmsKeyArn?: pulumi.Input; /** * Configuration block to specify encryption in transit. See encryptionInfo encryption_in_transit Argument Reference below. */ encryptionInTransit?: pulumi.Input; } export interface ClusterEncryptionInfoEncryptionInTransit { /** * Encryption setting for data in transit between clients and brokers. Valid values: `TLS`, `TLS_PLAINTEXT`, and `PLAINTEXT`. Default value is `TLS`. */ clientBroker?: pulumi.Input; /** * Whether data communication among broker nodes is encrypted. Default value: `true`. */ inCluster?: pulumi.Input; } export interface ClusterLoggingInfo { /** * Configuration block for Broker Logs settings for logging info. See loggingInfo broker_logs Argument Reference below. */ brokerLogs: pulumi.Input; } export interface ClusterLoggingInfoBrokerLogs { /** * Configuration block for Cloudwatch Logs settings. See loggingInfo broker_logs cloudwatchLogs Argument Reference below. */ cloudwatchLogs?: pulumi.Input; /** * Configuration block for Kinesis Data Firehose settings. See loggingInfo broker_logs firehose Argument Reference below. */ firehose?: pulumi.Input; /** * Configuration block for S3 settings. See loggingInfo broker_logs s3 Argument Reference below. */ s3?: pulumi.Input; } export interface ClusterLoggingInfoBrokerLogsCloudwatchLogs { enabled: pulumi.Input; /** * Name of the Cloudwatch Log Group to deliver logs to. */ logGroup?: pulumi.Input; } export interface ClusterLoggingInfoBrokerLogsFirehose { /** * Name of the Kinesis Data Firehose delivery stream to deliver logs to. */ deliveryStream?: pulumi.Input; enabled: pulumi.Input; } export interface ClusterLoggingInfoBrokerLogsS3 { /** * Name of the S3 bucket to deliver logs to. */ bucket?: pulumi.Input; enabled: pulumi.Input; /** * Prefix to append to the folder name. */ prefix?: pulumi.Input; } export interface ClusterOpenMonitoring { /** * Configuration block for Prometheus settings for open monitoring. See openMonitoring prometheus Argument Reference below. */ prometheus: pulumi.Input; } export interface ClusterOpenMonitoringPrometheus { /** * Configuration block for JMX Exporter. See openMonitoring prometheus jmxExporter Argument Reference below. */ jmxExporter?: pulumi.Input; /** * Configuration block for Node Exporter. See openMonitoring prometheus nodeExporter Argument Reference below. */ nodeExporter?: pulumi.Input; } export interface ClusterOpenMonitoringPrometheusJmxExporter { /** * Indicates whether you want to enable or disable the Node Exporter. */ enabledInBroker: pulumi.Input; } export interface ClusterOpenMonitoringPrometheusNodeExporter { /** * Indicates whether you want to enable or disable the Node Exporter. */ enabledInBroker: pulumi.Input; } export interface ClusterRebalancing { /** * The status of intelligent rebalancing. Valid values: `ACTIVE`, `PAUSED`. Default is `ACTIVE` for new Express-based clusters. * * > **NOTE:** Intelligent rebalancing is only available for MSK Provisioned clusters with Express brokers. When enabled, you cannot use third-party rebalancing tools such as Cruise Control. See [AWS MSK Intelligent Rebalancing](https://docs.aws.amazon.com/msk/latest/developerguide/intelligent-rebalancing.html) for more information. */ status: pulumi.Input; } export interface ReplicatorKafkaCluster { /** * Details of an Amazon MSK cluster. */ amazonMskCluster: pulumi.Input; /** * Details of an Amazon VPC which has network connectivity to the Apache Kafka cluster. */ vpcConfig: pulumi.Input; } export interface ReplicatorKafkaClusterAmazonMskCluster { /** * The ARN of an Amazon MSK cluster. */ mskClusterArn: pulumi.Input; } export interface ReplicatorKafkaClusterVpcConfig { /** * The AWS security groups to associate with the ENIs used by the replicator. If a security group is not specified, the default security group associated with the VPC is used. */ securityGroupsIds?: pulumi.Input[]>; /** * The list of subnets to connect to in the virtual private cloud (VPC). AWS creates elastic network interfaces inside these subnets to allow communication between your Kafka Cluster and the replicator. */ subnetIds: pulumi.Input[]>; } export interface ReplicatorReplicationInfoList { /** * Configuration relating to consumer group replication. */ consumerGroupReplications: pulumi.Input[]>; sourceKafkaClusterAlias?: pulumi.Input; /** * The ARN of the source Kafka cluster. */ sourceKafkaClusterArn: pulumi.Input; /** * The type of compression to use writing records to target Kafka cluster. */ targetCompressionType: pulumi.Input; targetKafkaClusterAlias?: pulumi.Input; /** * The ARN of the target Kafka cluster. */ targetKafkaClusterArn: pulumi.Input; /** * Configuration relating to topic replication. */ topicReplications: pulumi.Input[]>; } export interface ReplicatorReplicationInfoListConsumerGroupReplication { /** * List of regular expression patterns indicating the consumer groups that should not be replicated. */ consumerGroupsToExcludes?: pulumi.Input[]>; /** * List of regular expression patterns indicating the consumer groups to copy. */ consumerGroupsToReplicates: pulumi.Input[]>; /** * Whether to periodically check for new consumer groups. */ detectAndCopyNewConsumerGroups?: pulumi.Input; /** * Whether to periodically write the translated offsets to __consumer_offsets topic in target cluster. */ synchroniseConsumerGroupOffsets?: pulumi.Input; } export interface ReplicatorReplicationInfoListTopicReplication { /** * Whether to periodically configure remote topic ACLs to match their corresponding upstream topics. */ copyAccessControlListsForTopics?: pulumi.Input; /** * Whether to periodically configure remote topics to match their corresponding upstream topics. */ copyTopicConfigurations?: pulumi.Input; /** * Whether to periodically check for new topics and partitions. */ detectAndCopyNewTopics?: pulumi.Input; /** * Configuration for specifying the position in the topics to start replicating from. */ startingPosition?: pulumi.Input; /** * Configuration for specifying replicated topic names should be the same as their corresponding upstream topics or prefixed with source cluster alias. */ topicNameConfiguration?: pulumi.Input; /** * List of regular expression patterns indicating the topics that should not be replica. */ topicsToExcludes?: pulumi.Input[]>; /** * List of regular expression patterns indicating the topics to copy. */ topicsToReplicates: pulumi.Input[]>; } export interface ReplicatorReplicationInfoListTopicReplicationStartingPosition { /** * The type of replication starting position. Supports `LATEST` and `EARLIEST`. */ type?: pulumi.Input; } export interface ReplicatorReplicationInfoListTopicReplicationTopicNameConfiguration { /** * The type of topic configuration name. Supports `PREFIXED_WITH_SOURCE_CLUSTER_ALIAS` and `IDENTICAL`. */ type?: pulumi.Input; } export interface ServerlessClusterClientAuthentication { /** * Details for client authentication using SASL. See below. */ sasl: pulumi.Input; } export interface ServerlessClusterClientAuthenticationSasl { /** * Details for client authentication using IAM. See below. */ iam: pulumi.Input; } export interface ServerlessClusterClientAuthenticationSaslIam { /** * Whether SASL/IAM authentication is enabled or not. */ enabled: pulumi.Input; } export interface ServerlessClusterVpcConfig { /** * Specifies up to five security groups that control inbound and outbound traffic for the serverless cluster. */ securityGroupIds?: pulumi.Input[]>; /** * A list of subnets in at least two different Availability Zones that host your client applications. */ subnetIds: pulumi.Input[]>; } } export namespace mskconnect { export interface ConnectorCapacity { /** * Information about the auto scaling parameters for the connector. See `autoscaling` Block for details. */ autoscaling?: pulumi.Input; /** * Details about a fixed capacity allocated to a connector. See `provisionedCapacity` Block for details. */ provisionedCapacity?: pulumi.Input; } export interface ConnectorCapacityAutoscaling { /** * The maximum number of workers allocated to the connector. */ maxWorkerCount: pulumi.Input; /** * The number of microcontroller units (MCUs) allocated to each connector worker. Valid values: `1`, `2`, `4`, `8`. The default value is `1`. */ mcuCount?: pulumi.Input; /** * The minimum number of workers allocated to the connector. */ minWorkerCount: pulumi.Input; /** * The scale-in policy for the connector. See `scaleInPolicy` Block for details. */ scaleInPolicy?: pulumi.Input; /** * The scale-out policy for the connector. See `scaleOutPolicy` Block for details. */ scaleOutPolicy?: pulumi.Input; } export interface ConnectorCapacityAutoscalingScaleInPolicy { /** * Specifies the CPU utilization percentage threshold at which you want connector scale in to be triggered. */ cpuUtilizationPercentage?: pulumi.Input; } export interface ConnectorCapacityAutoscalingScaleOutPolicy { /** * The CPU utilization percentage threshold at which you want connector scale out to be triggered. */ cpuUtilizationPercentage?: pulumi.Input; } export interface ConnectorCapacityProvisionedCapacity { /** * The number of microcontroller units (MCUs) allocated to each connector worker. Valid values: `1`, `2`, `4`, `8`. The default value is `1`. */ mcuCount?: pulumi.Input; /** * The number of workers that are allocated to the connector. */ workerCount: pulumi.Input; } export interface ConnectorKafkaCluster { /** * The Apache Kafka cluster to which the connector is connected. See `apacheKafkaCluster` Block for details. */ apacheKafkaCluster: pulumi.Input; } export interface ConnectorKafkaClusterApacheKafkaCluster { /** * The bootstrap servers of the cluster. */ bootstrapServers: pulumi.Input; /** * Details of an Amazon VPC which has network connectivity to the Apache Kafka cluster. See `vpc` Block for details. */ vpc: pulumi.Input; } export interface ConnectorKafkaClusterApacheKafkaClusterVpc { /** * The security groups for the connector. */ securityGroups: pulumi.Input[]>; /** * The subnets for the connector. */ subnets: pulumi.Input[]>; } export interface ConnectorKafkaClusterClientAuthentication { /** * The type of client authentication used to connect to the Apache Kafka cluster. Valid values: `IAM`, `NONE`. A value of `NONE` means that no client authentication is used. The default value is `NONE`. */ authenticationType?: pulumi.Input; } export interface ConnectorKafkaClusterEncryptionInTransit { /** * The type of encryption in transit to the Apache Kafka cluster. Valid values: `PLAINTEXT`, `TLS`. The default values is `PLAINTEXT`. */ encryptionType?: pulumi.Input; } export interface ConnectorLogDelivery { /** * The workers can send worker logs to different destination types. This configuration specifies the details of these destinations. See `workerLogDelivery` Block for details. */ workerLogDelivery: pulumi.Input; } export interface ConnectorLogDeliveryWorkerLogDelivery { /** * Details about delivering logs to Amazon CloudWatch Logs. See `cloudwatchLogs` Block for details. */ cloudwatchLogs?: pulumi.Input; /** * Details about delivering logs to Amazon Kinesis Data Firehose. See `firehose` Block for details. */ firehose?: pulumi.Input; /** * Details about delivering logs to Amazon S3. See `s3` Block for deetails. */ s3?: pulumi.Input; } export interface ConnectorLogDeliveryWorkerLogDeliveryCloudwatchLogs { /** * Whether log delivery to Amazon CloudWatch Logs is enabled. */ enabled: pulumi.Input; /** * The name of the CloudWatch log group that is the destination for log delivery. */ logGroup?: pulumi.Input; } export interface ConnectorLogDeliveryWorkerLogDeliveryFirehose { /** * The name of the Kinesis Data Firehose delivery stream that is the destination for log delivery. */ deliveryStream?: pulumi.Input; /** * Specifies whether connector logs get delivered to Amazon Kinesis Data Firehose. */ enabled: pulumi.Input; } export interface ConnectorLogDeliveryWorkerLogDeliveryS3 { /** * The name of the S3 bucket that is the destination for log delivery. */ bucket?: pulumi.Input; /** * Specifies whether connector logs get sent to the specified Amazon S3 destination. */ enabled: pulumi.Input; /** * The S3 prefix that is the destination for log delivery. */ prefix?: pulumi.Input; } export interface ConnectorPlugin { /** * Details about a custom plugin. See `customPlugin` Block for details. */ customPlugin: pulumi.Input; } export interface ConnectorPluginCustomPlugin { /** * The Amazon Resource Name (ARN) of the custom plugin. */ arn: pulumi.Input; /** * The revision of the custom plugin. */ revision: pulumi.Input; } export interface ConnectorWorkerConfiguration { /** * The Amazon Resource Name (ARN) of the worker configuration. */ arn: pulumi.Input; /** * The revision of the worker configuration. */ revision: pulumi.Input; } export interface CustomPluginLocation { /** * Information of the plugin file stored in Amazon S3. See `s3` Block for details.. */ s3: pulumi.Input; } export interface CustomPluginLocationS3 { /** * The Amazon Resource Name (ARN) of an S3 bucket. */ bucketArn: pulumi.Input; /** * The file key for an object in an S3 bucket. */ fileKey: pulumi.Input; /** * The version of an object in an S3 bucket. */ objectVersion?: pulumi.Input; } } export namespace mwaa { export interface EnvironmentLastUpdated { /** * The Created At date of the MWAA Environment */ createdAt?: pulumi.Input; errors?: pulumi.Input[]>; /** * The status of the Amazon MWAA Environment */ status?: pulumi.Input; } export interface EnvironmentLastUpdatedError { errorCode?: pulumi.Input; errorMessage?: pulumi.Input; } export interface EnvironmentLoggingConfiguration { /** * (Optional) Log configuration options for processing DAGs. See Module logging configuration for more information. Disabled by default. */ dagProcessingLogs?: pulumi.Input; /** * Log configuration options for the schedulers. See Module logging configuration for more information. Disabled by default. */ schedulerLogs?: pulumi.Input; /** * Log configuration options for DAG tasks. See Module logging configuration for more information. Enabled by default with `INFO` log level. */ taskLogs?: pulumi.Input; /** * Log configuration options for the webservers. See Module logging configuration for more information. Disabled by default. */ webserverLogs?: pulumi.Input; /** * Log configuration options for the workers. See Module logging configuration for more information. Disabled by default. */ workerLogs?: pulumi.Input; } export interface EnvironmentLoggingConfigurationDagProcessingLogs { cloudWatchLogGroupArn?: pulumi.Input; /** * Enabling or disabling the collection of logs */ enabled?: pulumi.Input; /** * Logging level. Valid values: `CRITICAL`, `ERROR`, `WARNING`, `INFO`, `DEBUG`. Will be `INFO` by default. */ logLevel?: pulumi.Input; } export interface EnvironmentLoggingConfigurationSchedulerLogs { cloudWatchLogGroupArn?: pulumi.Input; /** * Enabling or disabling the collection of logs */ enabled?: pulumi.Input; /** * Logging level. Valid values: `CRITICAL`, `ERROR`, `WARNING`, `INFO`, `DEBUG`. Will be `INFO` by default. */ logLevel?: pulumi.Input; } export interface EnvironmentLoggingConfigurationTaskLogs { cloudWatchLogGroupArn?: pulumi.Input; /** * Enabling or disabling the collection of logs */ enabled?: pulumi.Input; /** * Logging level. Valid values: `CRITICAL`, `ERROR`, `WARNING`, `INFO`, `DEBUG`. Will be `INFO` by default. */ logLevel?: pulumi.Input; } export interface EnvironmentLoggingConfigurationWebserverLogs { cloudWatchLogGroupArn?: pulumi.Input; /** * Enabling or disabling the collection of logs */ enabled?: pulumi.Input; /** * Logging level. Valid values: `CRITICAL`, `ERROR`, `WARNING`, `INFO`, `DEBUG`. Will be `INFO` by default. */ logLevel?: pulumi.Input; } export interface EnvironmentLoggingConfigurationWorkerLogs { cloudWatchLogGroupArn?: pulumi.Input; /** * Enabling or disabling the collection of logs */ enabled?: pulumi.Input; /** * Logging level. Valid values: `CRITICAL`, `ERROR`, `WARNING`, `INFO`, `DEBUG`. Will be `INFO` by default. */ logLevel?: pulumi.Input; } export interface EnvironmentNetworkConfiguration { /** * Security groups IDs for the environment. At least one of the security group needs to allow MWAA resources to talk to each other, otherwise MWAA cannot be provisioned. */ securityGroupIds: pulumi.Input[]>; /** * The private subnet IDs in which the environment should be created. MWAA requires two subnets. */ subnetIds: pulumi.Input[]>; } } export namespace neptune { export interface ClusterParameterGroupParameter { /** * Valid values are `immediate` and `pending-reboot`. Defaults to `pending-reboot`. */ applyMethod?: pulumi.Input; /** * The name of the neptune parameter. */ name: pulumi.Input; /** * The value of the neptune parameter. */ value: pulumi.Input; } export interface ClusterServerlessV2ScalingConfiguration { /** * Maximum Neptune Capacity Units (NCUs) for this cluster. Must be lower or equal than **128**. See [AWS Documentation](https://docs.aws.amazon.com/neptune/latest/userguide/neptune-serverless-capacity-scaling.html) for more details. */ maxCapacity?: pulumi.Input; /** * Minimum Neptune Capacity Units (NCUs) for this cluster. Must be greater or equal than **1**. See [AWS Documentation](https://docs.aws.amazon.com/neptune/latest/userguide/neptune-serverless-capacity-scaling.html) for more details. */ minCapacity?: pulumi.Input; } export interface GlobalClusterGlobalClusterMember { /** * ARN of member DB Cluster. */ dbClusterArn?: pulumi.Input; /** * Whether the member is the primary DB Cluster. */ isWriter?: pulumi.Input; } export interface ParameterGroupParameter { /** * The apply method of the Neptune parameter. Valid values are `immediate` and `pending-reboot`. Defaults to `pending-reboot`. */ applyMethod?: pulumi.Input; /** * The name of the Neptune parameter. */ name: pulumi.Input; /** * The value of the Neptune parameter. */ value: pulumi.Input; } } export namespace neptunegraph { export interface GraphTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface GraphVectorSearchConfiguration { /** * Specifies the number of dimensions for vector embeddings. Value must be between 1 and 65,535. */ vectorSearchDimension?: pulumi.Input; } } export namespace networkfirewall { export interface FirewallAvailabilityZoneMapping { /** * The ID of the Availability Zone where the firewall endpoint is located.. */ availabilityZoneId: pulumi.Input; } export interface FirewallEncryptionConfiguration { /** * The ID of the customer managed key. You can use any of the [key identifiers](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id) that KMS supports, unless you're using a key that's managed by another account. If you're using a key managed by another account, then specify the key ARN. */ keyId?: pulumi.Input; /** * The type of AWS KMS key to use for encryption of your Network Firewall resources. Valid values are `CUSTOMER_KMS` and `AWS_OWNED_KMS_KEY`. */ type: pulumi.Input; } export interface FirewallFirewallStatus { /** * Set of subnets configured for use by the firewall. */ syncStates?: pulumi.Input[]>; /** * Set of transit gateway configured for use by the firewall. */ transitGatewayAttachmentSyncStates?: pulumi.Input[]>; } export interface FirewallFirewallStatusSyncState { /** * Nested list describing the attachment status of the firewall's association with a single VPC subnet. */ attachments?: pulumi.Input[]>; /** * The Availability Zone where the subnet is configured. */ availabilityZone?: pulumi.Input; } export interface FirewallFirewallStatusSyncStateAttachment { /** * The identifier of the firewall endpoint that AWS Network Firewall has instantiated in the subnet. You use this to identify the firewall endpoint in the VPC route tables, when you redirect the VPC traffic through the endpoint. */ endpointId?: pulumi.Input; /** * The unique identifier of the subnet that you've specified to be used for a firewall endpoint. */ subnetId?: pulumi.Input; } export interface FirewallFirewallStatusTransitGatewayAttachmentSyncState { /** * The unique identifier of the transit gateway attachment. */ attachmentId?: pulumi.Input; } export interface FirewallPolicyEncryptionConfiguration { /** * The ID of the customer managed key. You can use any of the [key identifiers](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id) that KMS supports, unless you're using a key that's managed by another account. If you're using a key managed by another account, then specify the key ARN. */ keyId?: pulumi.Input; /** * The type of AWS KMS key to use for encryption of your Network Firewall resources. Valid values are `CUSTOMER_KMS` and `AWS_OWNED_KMS_KEY`. */ type: pulumi.Input; } export interface FirewallPolicyFirewallPolicy { /** * . Contains variables that you can use to override default Suricata settings in your firewall policy. See Rule Variables for details. */ policyVariables?: pulumi.Input; /** * Set of actions to take on a packet if it does not match any stateful rules in the policy. This can only be specified if the policy has a `statefulEngineOptions` block with a `ruleOrder` value of `STRICT_ORDER`. Value values: `aws:drop_strict`, `aws:drop_established`, `aws:drop_established_app_layer`, `aws:alert_strict`, `aws:alert_established, `aws:alert_established_app_layer`. For more information, see [Strict evaluation order](https://docs.aws.amazon.com/network-firewall/latest/developerguide/suricata-rule-evaluation-order.html#suricata-strict-rule-evaluation-order.html) in the AWS Network Firewall Developer Guide. */ statefulDefaultActions?: pulumi.Input[]>; /** * A configuration block that defines options on how the policy handles stateful rules. See Stateful Engine Options below for details. */ statefulEngineOptions?: pulumi.Input; /** * Set of configuration blocks containing references to the stateful rule groups that are used in the policy. See Stateful Rule Group Reference below for details. */ statefulRuleGroupReferences?: pulumi.Input[]>; /** * Set of configuration blocks describing the custom action definitions that are available for use in the firewall policy's `statelessDefaultActions`. See Stateless Custom Action below for details. */ statelessCustomActions?: pulumi.Input[]>; /** * Set of actions to take on a packet if it does not match any of the stateless rules in the policy. You must specify one of the standard actions including: `aws:drop`, `aws:pass`, or `aws:forward_to_sfe`. * In addition, you can specify custom actions that are compatible with your standard action choice. If you want non-matching packets to be forwarded for stateful inspection, specify `aws:forward_to_sfe`. */ statelessDefaultActions: pulumi.Input[]>; /** * Set of actions to take on a fragmented packet if it does not match any of the stateless rules in the policy. You must specify one of the standard actions including: `aws:drop`, `aws:pass`, or `aws:forward_to_sfe`. * In addition, you can specify custom actions that are compatible with your standard action choice. If you want non-matching packets to be forwarded for stateful inspection, specify `aws:forward_to_sfe`. */ statelessFragmentDefaultActions: pulumi.Input[]>; /** * Set of configuration blocks containing references to the stateless rule groups that are used in the policy. See Stateless Rule Group Reference below for details. */ statelessRuleGroupReferences?: pulumi.Input[]>; /** * The (ARN) of the TLS Inspection policy to attach to the FW Policy. This must be added at creation of the resource per AWS documentation. "You can only add a TLS inspection configuration to a new policy, not to an existing policy." This cannot be removed from a FW Policy. */ tlsInspectionConfigurationArn?: pulumi.Input; } export interface FirewallPolicyFirewallPolicyPolicyVariables { ruleVariables?: pulumi.Input[]>; } export interface FirewallPolicyFirewallPolicyPolicyVariablesRuleVariable { /** * A configuration block that defines a set of IP addresses. See IP Set below for details. */ ipSet: pulumi.Input; /** * An alphanumeric string to identify the `ipSet`. Valid values: `HOME_NET` */ key: pulumi.Input; } export interface FirewallPolicyFirewallPolicyPolicyVariablesRuleVariableIpSet { /** * Set of IPv4 or IPv6 addresses in CIDR notation to use for the Suricata `HOME_NET` variable. */ definitions: pulumi.Input[]>; } export interface FirewallPolicyFirewallPolicyStatefulEngineOptions { /** * Amount of time that can pass without any traffic sent through the firewall before the firewall determines that the connection is idle. */ flowTimeouts?: pulumi.Input; /** * Indicates how to manage the order of stateful rule evaluation for the policy. Default value: `DEFAULT_ACTION_ORDER`. Valid values: `DEFAULT_ACTION_ORDER`, `STRICT_ORDER`. */ ruleOrder?: pulumi.Input; /** * Describes how to treat traffic which has broken midstream. Default value: `DROP`. Valid values: `DROP`, `CONTINUE`, `REJECT`. */ streamExceptionPolicy?: pulumi.Input; } export interface FirewallPolicyFirewallPolicyStatefulEngineOptionsFlowTimeouts { /** * Number of seconds that can pass without any TCP traffic sent through the firewall before the firewall determines that the connection is idle. After the idle timeout passes, data packets are dropped, however, the next TCP SYN packet is considered a new flow and is processed by the firewall. Clients or targets can use TCP keepalive packets to reset the idle timeout. Default value: `350`. */ tcpIdleTimeoutSeconds?: pulumi.Input; } export interface FirewallPolicyFirewallPolicyStatefulRuleGroupReference { /** * Whether to enable deep threat inspection, which allows AWS to analyze service logs of network traffic processed by these rule groups to identify threat indicators across customers. AWS will use these threat indicators to improve the active threat defense managed rule groups and protect the security of AWS customers and services. This only applies to active threat defense maanaged rule groups. * * For details, refer to [AWS active threat defense for AWS Network Firewall](https://docs.aws.amazon.com/network-firewall/latest/developerguide/aws-managed-rule-groups-atd.html) in the AWS Network Firewall Developer Guide. */ deepThreatInspection?: pulumi.Input; /** * Configuration block for override values */ override?: pulumi.Input; /** * An integer setting that indicates the order in which to apply the stateful rule groups in a single policy. This argument must be specified if the policy has a `statefulEngineOptions` block with a `ruleOrder` value of `STRICT_ORDER`. AWS Network Firewall applies each stateful rule group to a packet starting with the group that has the lowest priority setting. */ priority?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the stateful rule group. */ resourceArn: pulumi.Input; } export interface FirewallPolicyFirewallPolicyStatefulRuleGroupReferenceOverride { /** * The action that changes the rule group from DROP to ALERT . This only applies to managed rule groups. */ action?: pulumi.Input; } export interface FirewallPolicyFirewallPolicyStatelessCustomAction { /** * A configuration block describing the custom action associated with the `actionName`. See Action Definition below for details. */ actionDefinition: pulumi.Input; /** * A friendly name of the custom action. */ actionName: pulumi.Input; } export interface FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinition { /** * A configuration block describing the stateless inspection criteria that publishes the specified metrics to Amazon CloudWatch for the matching packet. You can pair this custom action with any of the standard stateless rule actions. See Publish Metric Action below for details. */ publishMetricAction: pulumi.Input; } export interface FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinitionPublishMetricAction { /** * Set of configuration blocks describing dimension settings to use for Amazon CloudWatch custom metrics. See Dimension below for more details. */ dimensions: pulumi.Input[]>; } export interface FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinitionPublishMetricActionDimension { /** * The string value to use in the custom metric dimension. */ value: pulumi.Input; } export interface FirewallPolicyFirewallPolicyStatelessRuleGroupReference { /** * An integer setting that indicates the order in which to run the stateless rule groups in a single policy. AWS Network Firewall applies each stateless rule group to a packet starting with the group that has the lowest priority setting. */ priority: pulumi.Input; /** * The Amazon Resource Name (ARN) of the stateless rule group. */ resourceArn: pulumi.Input; } export interface FirewallSubnetMapping { /** * The subnet's IP address type. Valid values: `"DUALSTACK"`, `"IPV4"`. */ ipAddressType?: pulumi.Input; /** * The unique identifier for the subnet. */ subnetId: pulumi.Input; } export interface FirewallTransitGatewayAttachmentAccepterTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; } export interface LoggingConfigurationLoggingConfiguration { /** * Set of configuration blocks describing the logging details for a firewall. See Log Destination Config below for details. At most, only Three blocks can be specified; one for `FLOW` logs and one for `ALERT` logs and one for `TLS` logs. */ logDestinationConfigs: pulumi.Input[]>; } export interface LoggingConfigurationLoggingConfigurationLogDestinationConfig { /** * A map describing the logging destination for the chosen `logDestinationType`. * * For an Amazon S3 bucket, specify the key `bucketName` with the name of the bucket and optionally specify the key `prefix` with a path (Do not add a leading / in the `prefix` as the configuration will have two // when applied). * * For a CloudWatch log group, specify the key `logGroup` with the name of the CloudWatch log group. * * For a Kinesis Data Firehose delivery stream, specify the key `deliveryStream` with the name of the delivery stream. */ logDestination: pulumi.Input<{[key: string]: pulumi.Input}>; /** * The location to send logs to. Valid values: `S3`, `CloudWatchLogs`, `KinesisDataFirehose`. */ logDestinationType: pulumi.Input; /** * The type of log to send. Valid values: `ALERT` or `FLOW` or `TLS`. Alert logs report traffic that matches a `StatefulRule` with an action setting that sends a log message. Flow logs are standard network traffic flow logs. */ logType: pulumi.Input; } export interface RuleGroupEncryptionConfiguration { /** * The ID of the customer managed key. You can use any of the [key identifiers](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id) that KMS supports, unless you're using a key that's managed by another account. If you're using a key managed by another account, then specify the key ARN. */ keyId?: pulumi.Input; /** * The type of AWS KMS key to use for encryption of your Network Firewall resources. Valid values are `CUSTOMER_KMS` and `AWS_OWNED_KMS_KEY`. */ type: pulumi.Input; } export interface RuleGroupRuleGroup { /** * A configuration block that defines the IP Set References for the rule group. See Reference Sets below for details. Please notes that there can only be a maximum of 5 `referenceSets` in a `ruleGroup`. See the [AWS documentation](https://docs.aws.amazon.com/network-firewall/latest/developerguide/rule-groups-ip-set-references.html#rule-groups-ip-set-reference-limits) for details. */ referenceSets?: pulumi.Input; /** * A configuration block that defines additional settings available to use in the rules defined in the rule group. Can only be specified for **stateful** rule groups. See Rule Variables below for details. */ ruleVariables?: pulumi.Input; /** * A configuration block that defines the stateful or stateless rules for the rule group. See Rules Source below for details. */ rulesSource: pulumi.Input; /** * A configuration block that defines stateful rule options for the rule group. See Stateful Rule Options below for details. */ statefulRuleOptions?: pulumi.Input; } export interface RuleGroupRuleGroupReferenceSets { ipSetReferences?: pulumi.Input[]>; } export interface RuleGroupRuleGroupReferenceSetsIpSetReference { /** * Set of configuration blocks that define the IP Reference information. See IP Set Reference below for details. */ ipSetReferences: pulumi.Input[]>; key: pulumi.Input; } export interface RuleGroupRuleGroupReferenceSetsIpSetReferenceIpSetReference { /** * Set of Managed Prefix IP ARN(s) */ referenceArn: pulumi.Input; } export interface RuleGroupRuleGroupRuleVariables { /** * Set of configuration blocks that define IP address information. See IP Sets below for details. */ ipSets?: pulumi.Input[]>; /** * Set of configuration blocks that define port range information. See Port Sets below for details. */ portSets?: pulumi.Input[]>; } export interface RuleGroupRuleGroupRuleVariablesIpSet { /** * A configuration block that defines a set of IP addresses. See IP Set below for details. */ ipSet: pulumi.Input; /** * A unique alphanumeric string to identify the `ipSet`. */ key: pulumi.Input; } export interface RuleGroupRuleGroupRuleVariablesIpSetIpSet { /** * Set of IP addresses and address ranges, in CIDR notation. */ definitions: pulumi.Input[]>; } export interface RuleGroupRuleGroupRuleVariablesPortSet { /** * An unique alphanumeric string to identify the `portSet`. */ key: pulumi.Input; /** * A configuration block that defines a set of port ranges. See Port Set below for details. */ portSet: pulumi.Input; } export interface RuleGroupRuleGroupRuleVariablesPortSetPortSet { /** * Set of port ranges. */ definitions: pulumi.Input[]>; } export interface RuleGroupRuleGroupRulesSource { /** * A configuration block containing **stateful** inspection criteria for a domain list rule group. See Rules Source List below for details. */ rulesSourceList?: pulumi.Input; /** * Stateful inspection criteria, provided in Suricata compatible rules. These rules contain the inspection criteria and the action to take for traffic that matches the criteria, so this type of rule group doesn’t have a separate action setting. */ rulesString?: pulumi.Input; /** * Set of configuration blocks containing **stateful** inspection criteria for 5-tuple rules to be used together in a rule group. See Stateful Rule below for details. */ statefulRules?: pulumi.Input[]>; /** * A configuration block containing **stateless** inspection criteria for a stateless rule group. See Stateless Rules and Custom Actions below for details. */ statelessRulesAndCustomActions?: pulumi.Input; } export interface RuleGroupRuleGroupRulesSourceRulesSourceList { /** * String value to specify whether domains in the target list are allowed or denied access. Valid values: `ALLOWLIST`, `DENYLIST`. */ generatedRulesType: pulumi.Input; /** * Set of types of domain specifications that are provided in the `targets` argument. Valid values: `HTTP_HOST`, `TLS_SNI`. */ targetTypes: pulumi.Input[]>; /** * Set of domains that you want to inspect for in your traffic flows. */ targets: pulumi.Input[]>; } export interface RuleGroupRuleGroupRulesSourceStatefulRule { /** * Action to take with packets in a traffic flow when the flow matches the stateful rule criteria. For all actions, AWS Network Firewall performs the specified action and discontinues stateful inspection of the traffic flow. Valid values: `ALERT`, `DROP`, `PASS`, or `REJECT`. */ action: pulumi.Input; /** * A configuration block containing the stateful 5-tuple inspection criteria for the rule, used to inspect traffic flows. See Header below for details. */ header: pulumi.Input; /** * Set of configuration blocks containing additional settings for a stateful rule. See Rule Option below for details. */ ruleOptions: pulumi.Input[]>; } export interface RuleGroupRuleGroupRulesSourceStatefulRuleHeader { /** * The destination IP address or address range to inspect for, in CIDR notation. To match with any address, specify `ANY`. */ destination: pulumi.Input; /** * The destination port to inspect for. To match with any address, specify `ANY`. */ destinationPort: pulumi.Input; /** * The direction of traffic flow to inspect. Valid values: `ANY` or `FORWARD`. */ direction: pulumi.Input; /** * The protocol to inspect. Valid values: `IP`, `TCP`, `UDP`, `ICMP`, `HTTP`, `FTP`, `TLS`, `SMB`, `DNS`, `DCERPC`, `SSH`, `SMTP`, `IMAP`, `MSN`, `KRB5`, `IKEV2`, `TFTP`, `NTP`, `DHCP`. */ protocol: pulumi.Input; /** * The source IP address or address range for, in CIDR notation. To match with any address, specify `ANY`. */ source: pulumi.Input; /** * The source port to inspect for. To match with any address, specify `ANY`. */ sourcePort: pulumi.Input; } export interface RuleGroupRuleGroupRulesSourceStatefulRuleRuleOption { /** * Keyword defined by open source detection systems like Snort or Suricata for stateful rule inspection. * See [Snort General Rule Options](http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node31.html) or [Suricata Rule Options](https://suricata.readthedocs.io/en/suricata-5.0.1/rules/intro.html#rule-options) for more details. */ keyword: pulumi.Input; /** * Set of strings for additional settings to use in stateful rule inspection. */ settings?: pulumi.Input[]>; } export interface RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActions { /** * Set of configuration blocks containing custom action definitions that are available for use by the set of `stateless rule`. See Custom Action below for details. */ customActions?: pulumi.Input[]>; /** * Set of configuration blocks containing the stateless rules for use in the stateless rule group. See Stateless Rule below for details. */ statelessRules: pulumi.Input[]>; } export interface RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsCustomAction { /** * A configuration block describing the custom action associated with the `actionName`. See Action Definition below for details. */ actionDefinition: pulumi.Input; /** * A friendly name of the custom action. */ actionName: pulumi.Input; } export interface RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsCustomActionActionDefinition { /** * A configuration block describing the stateless inspection criteria that publishes the specified metrics to Amazon CloudWatch for the matching packet. You can pair this custom action with any of the standard stateless rule actions. See Publish Metric Action below for details. */ publishMetricAction: pulumi.Input; } export interface RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsCustomActionActionDefinitionPublishMetricAction { /** * Set of configuration blocks containing the dimension settings to use for Amazon CloudWatch custom metrics. See Dimension below for details. */ dimensions: pulumi.Input[]>; } export interface RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsCustomActionActionDefinitionPublishMetricActionDimension { /** * The value to use in the custom metric dimension. */ value: pulumi.Input; } export interface RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsStatelessRule { /** * A setting that indicates the order in which to run this rule relative to all of the rules that are defined for a stateless rule group. AWS Network Firewall evaluates the rules in a rule group starting with the lowest priority setting. */ priority: pulumi.Input; /** * A configuration block defining the stateless 5-tuple packet inspection criteria and the action to take on a packet that matches the criteria. See Rule Definition below for details. */ ruleDefinition: pulumi.Input; } export interface RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsStatelessRuleRuleDefinition { /** * Set of actions to take on a packet that matches one of the stateless rule definition's `matchAttributes`. For every rule you must specify 1 standard action, and you can add custom actions. Standard actions include: `aws:pass`, `aws:drop`, `aws:forward_to_sfe`. */ actions: pulumi.Input[]>; /** * A configuration block containing criteria for AWS Network Firewall to use to inspect an individual packet in stateless rule inspection. See Match Attributes below for details. */ matchAttributes: pulumi.Input; } export interface RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsStatelessRuleRuleDefinitionMatchAttributes { /** * Set of configuration blocks describing the destination ports to inspect for. If not specified, this matches with any destination port. See Destination Port below for details. */ destinationPorts?: pulumi.Input[]>; /** * Set of configuration blocks describing the destination IP address and address ranges to inspect for, in CIDR notation. If not specified, this matches with any destination address. See Destination below for details. */ destinations?: pulumi.Input[]>; /** * Set of protocols to inspect for, specified using the protocol's assigned internet protocol number (IANA). If not specified, this matches with any protocol. */ protocols?: pulumi.Input[]>; /** * Set of configuration blocks describing the source ports to inspect for. If not specified, this matches with any source port. See Source Port below for details. */ sourcePorts?: pulumi.Input[]>; /** * Set of configuration blocks describing the source IP address and address ranges to inspect for, in CIDR notation. If not specified, this matches with any source address. See Source below for details. */ sources?: pulumi.Input[]>; /** * Set of configuration blocks containing the TCP flags and masks to inspect for. If not specified, this matches with any settings. */ tcpFlags?: pulumi.Input[]>; } export interface RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsStatelessRuleRuleDefinitionMatchAttributesDestination { /** * An IP address or a block of IP addresses in CIDR notation. AWS Network Firewall supports all address ranges for IPv4 and IPv6. */ addressDefinition: pulumi.Input; } export interface RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsStatelessRuleRuleDefinitionMatchAttributesDestinationPort { /** * The lower limit of the port range. This must be less than or equal to the `toPort`. */ fromPort: pulumi.Input; /** * The upper limit of the port range. This must be greater than or equal to the `fromPort`. */ toPort?: pulumi.Input; } export interface RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsStatelessRuleRuleDefinitionMatchAttributesSource { /** * An IP address or a block of IP addresses in CIDR notation. AWS Network Firewall supports all address ranges for IPv4 and IPv6. */ addressDefinition: pulumi.Input; } export interface RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsStatelessRuleRuleDefinitionMatchAttributesSourcePort { /** * The lower limit of the port range. This must be less than or equal to the `toPort`. */ fromPort: pulumi.Input; /** * The upper limit of the port range. This must be greater than or equal to the `fromPort`. */ toPort?: pulumi.Input; } export interface RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsStatelessRuleRuleDefinitionMatchAttributesTcpFlag { /** * Set of flags to look for in a packet. This setting can only specify values that are also specified in `masks`. * Valid values: `FIN`, `SYN`, `RST`, `PSH`, `ACK`, `URG`, `ECE`, `CWR`. */ flags: pulumi.Input[]>; /** * Set of flags to consider in the inspection. To inspect all flags, leave this empty. * Valid values: `FIN`, `SYN`, `RST`, `PSH`, `ACK`, `URG`, `ECE`, `CWR`. */ masks?: pulumi.Input[]>; } export interface RuleGroupRuleGroupStatefulRuleOptions { /** * Indicates how to manage the order of the rule evaluation for the rule group. Default value: `DEFAULT_ACTION_ORDER`. Valid values: `DEFAULT_ACTION_ORDER`, `STRICT_ORDER`. */ ruleOrder: pulumi.Input; } export interface TlsInspectionConfigurationCertificate { /** * ARN of the certificate. */ certificateArn: pulumi.Input; /** * Serial number of the certificate. */ certificateSerial: pulumi.Input; /** * Status of the certificate. */ status: pulumi.Input; /** * Details about the certificate status, including information about certificate errors. */ statusMessage: pulumi.Input; } export interface TlsInspectionConfigurationCertificateAuthority { /** * ARN of the certificate. */ certificateArn: pulumi.Input; /** * Serial number of the certificate. */ certificateSerial: pulumi.Input; /** * Status of the certificate. */ status: pulumi.Input; /** * Details about the certificate status, including information about certificate errors. */ statusMessage: pulumi.Input; } export interface TlsInspectionConfigurationEncryptionConfiguration { /** * ARN of the Amazon Web Services Key Management Service (KMS) customer managed key. */ keyId: pulumi.Input; /** * Type of KMS key to use for encryption of your Network Firewall resources. Valid values: `AWS_OWNED_KMS_KEY`, `CUSTOMER_KMS`. */ type: pulumi.Input; } export interface TlsInspectionConfigurationTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface TlsInspectionConfigurationTlsInspectionConfiguration { /** * Server certificate configurations that are associated with the TLS configuration. Detailed below. */ serverCertificateConfiguration: pulumi.Input; } export interface TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfiguration { /** * ARN of the imported certificate authority (CA) certificate within Certificate Manager (ACM) to use for outbound SSL/TLS inspection. See [Using SSL/TLS certificates with TLS inspection configurations](https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection-certificate-requirements.html) for limitations on CA certificates. */ certificateAuthorityArn?: pulumi.Input; /** * Check Certificate Revocation Status block. Detailed below. */ checkCertificateRevocationStatus?: pulumi.Input; /** * Scope block. Detailed below. */ scopes: pulumi.Input[]>; /** * Server certificates to use for inbound SSL/TLS inspection. See [Using SSL/TLS certificates with TLS inspection configurations](https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection-certificate-requirements.html). */ serverCertificates?: pulumi.Input[]>; } export interface TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationCheckCertificateRevocationStatus { revokedStatusAction?: pulumi.Input; unknownStatusAction?: pulumi.Input; } export interface TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScope { /** * Set of configuration blocks describing the destination ports to inspect for. If not specified, this matches with any destination port. See Destination Ports below for details. */ destinationPorts?: pulumi.Input[]>; /** * Set of configuration blocks describing the destination IP address and address ranges to inspect for, in CIDR notation. If not specified, this matches with any destination address. See Destination below for details. */ destinations: pulumi.Input[]>; /** * Set of protocols to inspect for, specified using the protocol's assigned internet protocol number (IANA). Network Firewall currently supports TCP only. Valid values: `6` */ protocols: pulumi.Input[]>; /** * Set of configuration blocks describing the source ports to inspect for. If not specified, this matches with any source port. See Source Ports below for details. */ sourcePorts?: pulumi.Input[]>; /** * Set of configuration blocks describing the source IP address and address ranges to inspect for, in CIDR notation. If not specified, this matches with any source address. See Source below for details. */ sources?: pulumi.Input[]>; } export interface TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestination { /** * An IP address or a block of IP addresses in CIDR notation. AWS Network Firewall supports all address ranges for IPv4. */ addressDefinition: pulumi.Input; } export interface TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationPort { /** * The lower limit of the port range. This must be less than or equal to the `toPort`. */ fromPort: pulumi.Input; /** * The upper limit of the port range. This must be greater than or equal to the `fromPort`. */ toPort: pulumi.Input; } export interface TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSource { /** * An IP address or a block of IP addresses in CIDR notation. AWS Network Firewall supports all address ranges for IPv4. */ addressDefinition: pulumi.Input; } export interface TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourcePort { /** * The lower limit of the port range. This must be less than or equal to the `toPort`. */ fromPort: pulumi.Input; /** * The upper limit of the port range. This must be greater than or equal to the `fromPort`. */ toPort: pulumi.Input; } export interface TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationServerCertificate { /** * ARN of the Certificate Manager SSL/TLS server certificate that's used for inbound SSL/TLS inspection. */ resourceArn?: pulumi.Input; } export interface VpcEndpointAssociationSubnetMapping { /** * The subnet's IP address type. Valid values: `"DUALSTACK"`, `"IPV4"`. */ ipAddressType?: pulumi.Input; /** * The unique identifier for the subnet. */ subnetId: pulumi.Input; } export interface VpcEndpointAssociationTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; } export interface VpcEndpointAssociationVpcEndpointAssociationStatus { associationSyncStates: pulumi.Input[]>; } export interface VpcEndpointAssociationVpcEndpointAssociationStatusAssociationSyncState { /** * Nested list describing the attachment status of the firewall's VPC Endpoint Association with a single VPC subnet. */ attachments: pulumi.Input[]>; /** * The Availability Zone where the subnet is configured. */ availabilityZone: pulumi.Input; } export interface VpcEndpointAssociationVpcEndpointAssociationStatusAssociationSyncStateAttachment { /** * The identifier of the VPC endpoint that AWS Network Firewall has instantiated in the subnet. You use this to identify the firewall endpoint in the VPC route tables, when you redirect the VPC traffic through the endpoint. */ endpointId: pulumi.Input; status: pulumi.Input; statusMessage: pulumi.Input; /** * The unique identifier of the subnet that you've specified to be used for a VPC Endpoint Association endpoint. */ subnetId: pulumi.Input; } } export namespace networkflowmonitor { export interface MonitorLocalResource { /** * The identifier of the resource. For VPC resources, this is the VPC ARN. */ identifier: pulumi.Input; /** * The type of the resource. Valid values are `AWS::EC2::VPC`, `AWS::EC2::Subnet`, `AWS::EC2::AvailabilityZone`, `AWS::EC2::Region`, and `AWS::EKS::Cluster`. */ type: pulumi.Input; } export interface MonitorRemoteResource { /** * The identifier of the resource. For VPC resources, this is the VPC ARN. */ identifier: pulumi.Input; /** * The type of the resource. Valid values are `AWS::EC2::VPC`, `AWS::EC2::Subnet`, `AWS::EC2::AvailabilityZone`, `AWS::EC2::Region`, and `AWS::EKS::Cluster`. */ type: pulumi.Input; } export interface MonitorTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface ScopeTarget { /** * Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration. */ region: pulumi.Input; /** * A target identifier is a pair of identifying information for a scope. */ targetIdentifier: pulumi.Input; } export interface ScopeTargetTargetIdentifier { /** * The identifier for a target, which is currently always an account ID. */ targetId: pulumi.Input; /** * The type of a target. A target type is currently always `ACCOUNT`. */ targetType: pulumi.Input; } export interface ScopeTargetTargetIdentifierTargetId { /** * AWS account ID. */ accountId: pulumi.Input; } export interface ScopeTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } } export namespace networkmanager { export interface ConnectAttachmentOptions { /** * Protocol used for the attachment connection. Valid values: `GRE`, `NO_ENCAP`. */ protocol?: pulumi.Input; } export interface ConnectPeerBgpOptions { /** * Peer ASN. Supports 2-byte and 4-byte ASNs (1 to 4294967295). */ peerAsn?: pulumi.Input; } export interface ConnectPeerConfiguration { bgpConfigurations?: pulumi.Input[]>; /** * Connect peer core network address. */ coreNetworkAddress?: pulumi.Input; /** * Inside IP addresses used for BGP peering. Required when the Connect attachment protocol is `GRE`. See `aws.networkmanager.ConnectAttachment` for details. */ insideCidrBlocks?: pulumi.Input[]>; /** * Connect peer address. * * The following arguments are optional: */ peerAddress?: pulumi.Input; protocol?: pulumi.Input; } export interface ConnectPeerConfigurationBgpConfiguration { /** * Connect peer core network address. */ coreNetworkAddress?: pulumi.Input; coreNetworkAsn?: pulumi.Input; /** * Connect peer address. * * The following arguments are optional: */ peerAddress?: pulumi.Input; /** * Peer ASN. Supports 2-byte and 4-byte ASNs (1 to 4294967295). */ peerAsn?: pulumi.Input; } export interface CoreNetworkEdge { /** * ASN of a core network edge. */ asn?: pulumi.Input; /** * Region where a core network edge is located. */ edgeLocation?: pulumi.Input; /** * Inside IP addresses used for core network edges. */ insideCidrBlocks?: pulumi.Input[]>; } export interface CoreNetworkSegment { /** * Regions where the edges are located. */ edgeLocations?: pulumi.Input[]>; /** * Name of a core network segment. */ name?: pulumi.Input; /** * Shared segments of a core network. */ sharedSegments?: pulumi.Input[]>; } export interface DeviceAwsLocation { /** * ARN of the subnet that the device is located in. */ subnetArn?: pulumi.Input; /** * Zone that the device is located in. Specify the ID of an Availability Zone, Local Zone, Wavelength Zone, or an Outpost. */ zone?: pulumi.Input; } export interface DeviceLocation { /** * Physical address. */ address?: pulumi.Input; /** * Latitude. */ latitude?: pulumi.Input; /** * Longitude. */ longitude?: pulumi.Input; } export interface DxGatewayAttachmentTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface GetCoreNetworkPolicyDocumentAttachmentPolicy { /** * Action to take when a condition is true. Detailed Below. */ action: inputs.networkmanager.GetCoreNetworkPolicyDocumentAttachmentPolicyAction; /** * Valid values include `and` or `or`. This is a mandatory parameter only if you have more than one condition. The `conditionLogic` apply to all of the conditions for a rule, which also means nested conditions of `and` or `or` are not supported. Use `or` if you want to associate the attachment with the segment by either the segment name or attachment tag value, or by the chosen conditions. Use `and` if you want to associate the attachment with the segment by either the segment name or attachment tag value and by the chosen conditions. Detailed Below. */ conditionLogic?: string; /** * A block argument. Detailed Below. */ conditions: inputs.networkmanager.GetCoreNetworkPolicyDocumentAttachmentPolicyCondition[]; /** * A user-defined description that further helps identify the rule. */ description?: string; /** * An integer from `1` to `65535` indicating the rule's order number. Rules are processed in order from the lowest numbered rule to the highest. Rules stop processing when a rule is matched. It's important to make sure that you number your rules in the exact order that you want them processed. */ ruleNumber: number; } export interface GetCoreNetworkPolicyDocumentAttachmentPolicyArgs { /** * Action to take when a condition is true. Detailed Below. */ action: pulumi.Input; /** * Valid values include `and` or `or`. This is a mandatory parameter only if you have more than one condition. The `conditionLogic` apply to all of the conditions for a rule, which also means nested conditions of `and` or `or` are not supported. Use `or` if you want to associate the attachment with the segment by either the segment name or attachment tag value, or by the chosen conditions. Use `and` if you want to associate the attachment with the segment by either the segment name or attachment tag value and by the chosen conditions. Detailed Below. */ conditionLogic?: pulumi.Input; /** * A block argument. Detailed Below. */ conditions: pulumi.Input[]>; /** * A user-defined description that further helps identify the rule. */ description?: pulumi.Input; /** * An integer from `1` to `65535` indicating the rule's order number. Rules are processed in order from the lowest numbered rule to the highest. Rules stop processing when a rule is matched. It's important to make sure that you number your rules in the exact order that you want them processed. */ ruleNumber: pulumi.Input; } export interface GetCoreNetworkPolicyDocumentAttachmentPolicyAction { /** * The name of the network function group to attach to the attachment policy. */ addToNetworkFunctionGroup?: string; /** * Defines how a segment is mapped. Values can be `constant` or `tag`. `constant` statically defines the segment to associate the attachment to. `tag` uses the value of a tag to dynamically try to map to a segment.reference_policies_elements_condition_operators.html) to evaluate. */ associationMethod?: string; /** * Determines if this mapping should override the segment value for `requireAttachmentAcceptance`. You can only set this to `true`, indicating that this setting applies only to segments that have `requireAttachmentAcceptance` set to `false`. If the segment already has the default `requireAttachmentAcceptance`, you can set this to inherit segment’s acceptance value. */ requireAcceptance?: boolean; /** * Name of the `segment` to share as defined in the `segments` section. This is used only when the `associationMethod` is `constant`. */ segment?: string; /** * Maps the attachment to the value of a known key. This is used with the `associationMethod` is `tag`. For example a `tag` of `stage = “test”`, will map to a segment named `test`. The value must exactly match the name of a segment. This allows you to have many segments, but use only a single rule without having to define multiple nearly identical conditions. This prevents creating many similar conditions that all use the same keys to map to segments. */ tagValueOfKey?: string; } export interface GetCoreNetworkPolicyDocumentAttachmentPolicyActionArgs { /** * The name of the network function group to attach to the attachment policy. */ addToNetworkFunctionGroup?: pulumi.Input; /** * Defines how a segment is mapped. Values can be `constant` or `tag`. `constant` statically defines the segment to associate the attachment to. `tag` uses the value of a tag to dynamically try to map to a segment.reference_policies_elements_condition_operators.html) to evaluate. */ associationMethod?: pulumi.Input; /** * Determines if this mapping should override the segment value for `requireAttachmentAcceptance`. You can only set this to `true`, indicating that this setting applies only to segments that have `requireAttachmentAcceptance` set to `false`. If the segment already has the default `requireAttachmentAcceptance`, you can set this to inherit segment’s acceptance value. */ requireAcceptance?: pulumi.Input; /** * Name of the `segment` to share as defined in the `segments` section. This is used only when the `associationMethod` is `constant`. */ segment?: pulumi.Input; /** * Maps the attachment to the value of a known key. This is used with the `associationMethod` is `tag`. For example a `tag` of `stage = “test”`, will map to a segment named `test`. The value must exactly match the name of a segment. This allows you to have many segments, but use only a single rule without having to define multiple nearly identical conditions. This prevents creating many similar conditions that all use the same keys to map to segments. */ tagValueOfKey?: pulumi.Input; } export interface GetCoreNetworkPolicyDocumentAttachmentPolicyCondition { /** * string value */ key?: string; /** * Valid values include: `equals`, `not-equals`, `contains`, `begins-with`. */ operator?: string; /** * Must be `routing-policy-label`. */ type: string; /** * Routing policy label to match. */ value?: string; } export interface GetCoreNetworkPolicyDocumentAttachmentPolicyConditionArgs { /** * string value */ key?: pulumi.Input; /** * Valid values include: `equals`, `not-equals`, `contains`, `begins-with`. */ operator?: pulumi.Input; /** * Must be `routing-policy-label`. */ type: pulumi.Input; /** * Routing policy label to match. */ value?: pulumi.Input; } export interface GetCoreNetworkPolicyDocumentAttachmentRoutingPolicyRule { /** * Block defining the action to take when conditions match. Detailed below. */ action: inputs.networkmanager.GetCoreNetworkPolicyDocumentAttachmentRoutingPolicyRuleAction; /** * A block argument. Detailed below. */ conditions: inputs.networkmanager.GetCoreNetworkPolicyDocumentAttachmentRoutingPolicyRuleCondition[]; /** * A user-defined description that further helps identify the rule. */ description?: string; /** * A set of AWS Region codes where this rule applies. */ edgeLocations?: string[]; /** * An integer from `1` to `65535` indicating the rule's order number. Rules are processed in order from the lowest numbered rule to the highest. Rules stop processing when a rule is matched. */ ruleNumber: number; } export interface GetCoreNetworkPolicyDocumentAttachmentRoutingPolicyRuleArgs { /** * Block defining the action to take when conditions match. Detailed below. */ action: pulumi.Input; /** * A block argument. Detailed below. */ conditions: pulumi.Input[]>; /** * A user-defined description that further helps identify the rule. */ description?: pulumi.Input; /** * A set of AWS Region codes where this rule applies. */ edgeLocations?: pulumi.Input[]>; /** * An integer from `1` to `65535` indicating the rule's order number. Rules are processed in order from the lowest numbered rule to the highest. Rules stop processing when a rule is matched. */ ruleNumber: pulumi.Input; } export interface GetCoreNetworkPolicyDocumentAttachmentRoutingPolicyRuleAction { /** * Set of routing policy names to associate when the conditions match. */ associateRoutingPolicies: string[]; } export interface GetCoreNetworkPolicyDocumentAttachmentRoutingPolicyRuleActionArgs { /** * Set of routing policy names to associate when the conditions match. */ associateRoutingPolicies: pulumi.Input[]>; } export interface GetCoreNetworkPolicyDocumentAttachmentRoutingPolicyRuleCondition { /** * Must be `routing-policy-label`. */ type: string; /** * Routing policy label to match. */ value: string; } export interface GetCoreNetworkPolicyDocumentAttachmentRoutingPolicyRuleConditionArgs { /** * Must be `routing-policy-label`. */ type: pulumi.Input; /** * Routing policy label to match. */ value: pulumi.Input; } export interface GetCoreNetworkPolicyDocumentCoreNetworkConfiguration { /** * List of strings containing Autonomous System Numbers (ASNs) to assign to Core Network Edges. By default, the core network automatically assigns an ASN for each Core Network Edge but you can optionally define the ASN in the edge-locations for each Region. The ASN uses an array of integer ranges only from `64512` to `65534` and `4200000000` to `4294967294` expressed as a string like `"64512-65534"`. No other ASN ranges can be used. */ asnRanges: string[]; /** * Indicates whether DNS resolution is enabled for the core network. The value can be either `true` or `false`. When set to `true`, DNS resolution is enabled for VPCs attached to the core network, allowing resources in different VPCs to resolve each other's domain names. The default is `true`. */ dnsSupport?: boolean; /** * A block value of AWS Region locations where you're creating Core Network Edges. Detailed below. */ edgeLocations: inputs.networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocation[]; /** * The Classless Inter-Domain Routing (CIDR) block range used to create tunnels for AWS Transit Gateway Connect. The format is standard AWS CIDR range (for example, `10.0.1.0/24`). You can optionally define the inside CIDR in the Core Network Edges section per Region. The minimum is a `/24` for IPv4 or `/64` for IPv6. You can provide multiple `/24` subnets or a larger CIDR range. If you define a larger CIDR range, new Core Network Edges will be automatically assigned `/24` and `/64` subnets from the larger CIDR. an Inside CIDR block is required for attaching Connect attachments to a Core Network Edge. */ insideCidrBlocks?: string[]; /** * — (Optional) Indicates whether security group referencing is enabled for the core network. The value can be either `true` or `false`. When set to `true`, security groups in one VPC can reference security groups in another VPC attached to the core network, enabling more flexible security configurations across your network. The default is `false`. */ securityGroupReferencingSupport?: boolean; /** * Indicates whether the core network forwards traffic over multiple equal-cost routes using VPN. The value can be either `true` or `false`. The default is `true`. */ vpnEcmpSupport?: boolean; } export interface GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArgs { /** * List of strings containing Autonomous System Numbers (ASNs) to assign to Core Network Edges. By default, the core network automatically assigns an ASN for each Core Network Edge but you can optionally define the ASN in the edge-locations for each Region. The ASN uses an array of integer ranges only from `64512` to `65534` and `4200000000` to `4294967294` expressed as a string like `"64512-65534"`. No other ASN ranges can be used. */ asnRanges: pulumi.Input[]>; /** * Indicates whether DNS resolution is enabled for the core network. The value can be either `true` or `false`. When set to `true`, DNS resolution is enabled for VPCs attached to the core network, allowing resources in different VPCs to resolve each other's domain names. The default is `true`. */ dnsSupport?: pulumi.Input; /** * A block value of AWS Region locations where you're creating Core Network Edges. Detailed below. */ edgeLocations: pulumi.Input[]>; /** * The Classless Inter-Domain Routing (CIDR) block range used to create tunnels for AWS Transit Gateway Connect. The format is standard AWS CIDR range (for example, `10.0.1.0/24`). You can optionally define the inside CIDR in the Core Network Edges section per Region. The minimum is a `/24` for IPv4 or `/64` for IPv6. You can provide multiple `/24` subnets or a larger CIDR range. If you define a larger CIDR range, new Core Network Edges will be automatically assigned `/24` and `/64` subnets from the larger CIDR. an Inside CIDR block is required for attaching Connect attachments to a Core Network Edge. */ insideCidrBlocks?: pulumi.Input[]>; /** * — (Optional) Indicates whether security group referencing is enabled for the core network. The value can be either `true` or `false`. When set to `true`, security groups in one VPC can reference security groups in another VPC attached to the core network, enabling more flexible security configurations across your network. The default is `false`. */ securityGroupReferencingSupport?: pulumi.Input; /** * Indicates whether the core network forwards traffic over multiple equal-cost routes using VPN. The value can be either `true` or `false`. The default is `true`. */ vpnEcmpSupport?: pulumi.Input; } export interface GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocation { /** * ASN of the Core Network Edge in an AWS Region. By default, the ASN will be a single integer automatically assigned from `asnRanges` */ asn?: string; /** * The local CIDR blocks for this Core Network Edge for AWS Transit Gateway Connect attachments. By default, this CIDR block will be one or more optional IPv4 and IPv6 CIDR prefixes auto-assigned from `insideCidrBlocks`. */ insideCidrBlocks?: string[]; location: string; } export interface GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs { /** * ASN of the Core Network Edge in an AWS Region. By default, the ASN will be a single integer automatically assigned from `asnRanges` */ asn?: pulumi.Input; /** * The local CIDR blocks for this Core Network Edge for AWS Transit Gateway Connect attachments. By default, this CIDR block will be one or more optional IPv4 and IPv6 CIDR prefixes auto-assigned from `insideCidrBlocks`. */ insideCidrBlocks?: pulumi.Input[]>; location: pulumi.Input; } export interface GetCoreNetworkPolicyDocumentNetworkFunctionGroup { /** * Optional description of the network function group. */ description?: string; /** * This identifies the network function group container. */ name: string; /** * This will be either `true`, that attachment acceptance is required, or `false`, that it is not required. */ requireAttachmentAcceptance: boolean; } export interface GetCoreNetworkPolicyDocumentNetworkFunctionGroupArgs { /** * Optional description of the network function group. */ description?: pulumi.Input; /** * This identifies the network function group container. */ name: pulumi.Input; /** * This will be either `true`, that attachment acceptance is required, or `false`, that it is not required. */ requireAttachmentAcceptance: pulumi.Input; } export interface GetCoreNetworkPolicyDocumentRoutingPolicy { /** * Description of the routing policy. */ routingPolicyDescription?: string; /** * Direction of the routing policy. Valid values: `inbound`, `outbound`. */ routingPolicyDirection: string; /** * Name of the routing policy. Must be 1-100 alphanumeric characters. */ routingPolicyName: string; /** * Priority number for the routing policy. Must be between 1 and 9999. Lower numbers are evaluated first. */ routingPolicyNumber: number; /** * List of routing policy rules. Each rule defines match conditions and actions. Detailed below. */ routingPolicyRules: inputs.networkmanager.GetCoreNetworkPolicyDocumentRoutingPolicyRoutingPolicyRule[]; } export interface GetCoreNetworkPolicyDocumentRoutingPolicyArgs { /** * Description of the routing policy. */ routingPolicyDescription?: pulumi.Input; /** * Direction of the routing policy. Valid values: `inbound`, `outbound`. */ routingPolicyDirection: pulumi.Input; /** * Name of the routing policy. Must be 1-100 alphanumeric characters. */ routingPolicyName: pulumi.Input; /** * Priority number for the routing policy. Must be between 1 and 9999. Lower numbers are evaluated first. */ routingPolicyNumber: pulumi.Input; /** * List of routing policy rules. Each rule defines match conditions and actions. Detailed below. */ routingPolicyRules: pulumi.Input[]>; } export interface GetCoreNetworkPolicyDocumentRoutingPolicyRoutingPolicyRule { /** * Defines the match conditions and actions for the rule. Detailed below. */ ruleDefinition: inputs.networkmanager.GetCoreNetworkPolicyDocumentRoutingPolicyRoutingPolicyRuleRuleDefinition; /** * Priority number for the rule within the routing policy. Must be between 1 and 9999. Lower numbers are evaluated first. */ ruleNumber: number; } export interface GetCoreNetworkPolicyDocumentRoutingPolicyRoutingPolicyRuleArgs { /** * Defines the match conditions and actions for the rule. Detailed below. */ ruleDefinition: pulumi.Input; /** * Priority number for the rule within the routing policy. Must be between 1 and 9999. Lower numbers are evaluated first. */ ruleNumber: pulumi.Input; } export interface GetCoreNetworkPolicyDocumentRoutingPolicyRoutingPolicyRuleRuleDefinition { /** * Block defining the action to take when conditions match. Detailed below. */ action: inputs.networkmanager.GetCoreNetworkPolicyDocumentRoutingPolicyRoutingPolicyRuleRuleDefinitionAction; /** * Logic to apply when multiple match conditions are present. Valid values: `and`, `or`. */ conditionLogic?: string; /** * List of conditions to match against routes. Detailed below. */ matchConditions?: inputs.networkmanager.GetCoreNetworkPolicyDocumentRoutingPolicyRoutingPolicyRuleRuleDefinitionMatchCondition[]; } export interface GetCoreNetworkPolicyDocumentRoutingPolicyRoutingPolicyRuleRuleDefinitionArgs { /** * Block defining the action to take when conditions match. Detailed below. */ action: pulumi.Input; /** * Logic to apply when multiple match conditions are present. Valid values: `and`, `or`. */ conditionLogic?: pulumi.Input; /** * List of conditions to match against routes. Detailed below. */ matchConditions?: pulumi.Input[]>; } export interface GetCoreNetworkPolicyDocumentRoutingPolicyRoutingPolicyRuleRuleDefinitionAction { /** * Type of action to perform. Valid values: `drop`, `allow`, `summarize`, `prepend-asn-list`, `remove-asn-list`, `replace-asn-list`, `add-community`, `remove-community`, `set-med`, `set-local-preference`. */ type: string; /** * Value for the action, required for certain action types. */ value?: string; } export interface GetCoreNetworkPolicyDocumentRoutingPolicyRoutingPolicyRuleRuleDefinitionActionArgs { /** * Type of action to perform. Valid values: `drop`, `allow`, `summarize`, `prepend-asn-list`, `remove-asn-list`, `replace-asn-list`, `add-community`, `remove-community`, `set-med`, `set-local-preference`. */ type: pulumi.Input; /** * Value for the action, required for certain action types. */ value?: pulumi.Input; } export interface GetCoreNetworkPolicyDocumentRoutingPolicyRoutingPolicyRuleRuleDefinitionMatchCondition { /** * Type of condition to match. Valid values: `prefix-equals`, `prefix-in-cidr`, `prefix-in-prefix-list`, `asn-in-as-path`, `community-in-list`, `med-equals`. */ type: string; /** * Value to match against, depending on the condition type. */ value: string; } export interface GetCoreNetworkPolicyDocumentRoutingPolicyRoutingPolicyRuleRuleDefinitionMatchConditionArgs { /** * Type of condition to match. Valid values: `prefix-equals`, `prefix-in-cidr`, `prefix-in-prefix-list`, `asn-in-as-path`, `community-in-list`, `med-equals`. */ type: pulumi.Input; /** * Value to match against, depending on the condition type. */ value: pulumi.Input; } export interface GetCoreNetworkPolicyDocumentSegment { /** * List of strings of segment names that explicitly allows only routes from the segments that are listed in the array. Use the `allowFilter` setting if a segment has a well-defined group of other segments that connectivity should be restricted to. It is applied after routes have been shared in `segmentActions`. If a segment is listed in `allowFilter`, attachments between the two segments will have routes if they are also shared in the segment-actions area. For example, you might have a segment named "video-producer" that should only ever share routes with a "video-distributor" segment, no matter how many other share statements are created. */ allowFilters?: string[]; /** * An array of segments that disallows routes from the segments listed in the array. It is applied only after routes have been shared in `segmentActions`. If a segment is listed in the `denyFilter`, attachments between the two segments will never have routes shared across them. For example, you might have a "financial" payment segment that should never share routes with a "development" segment, regardless of how many other share statements are created. Adding the payments segment to the deny-filter parameter prevents any shared routes from being created with other segments. */ denyFilters?: string[]; /** * A user-defined string describing the segment. */ description?: string; /** * A list of strings of AWS Region names. Allows you to define a more restrictive set of Regions for a segment. The edge location must be a subset of the locations that are defined for `edgeLocations` in the `coreNetworkConfiguration`. */ edgeLocations?: string[]; /** * This Boolean setting determines whether attachments on the same segment can communicate with each other. If set to `true`, the only routes available will be either shared routes through the share actions, which are attachments in other segments, or static routes. The default value is `false`. For example, you might have a segment dedicated to "development" that should never allow VPCs to talk to each other, even if they’re on the same segment. In this example, you would keep the default parameter of `false`. */ isolateAttachments?: boolean; /** * Unique name for a segment. The name is a string used in other parts of the policy document, as well as in the console for metrics and other reference points. Valid characters are a–z, and 0–9. */ name: string; /** * This Boolean setting determines whether attachment requests are automatically approved or require acceptance. The default is `true`, indicating that attachment requests require acceptance. For example, you might use this setting to allow a "sandbox" segment to allow any attachment request so that a core network or attachment administrator does not need to review and approve attachment requests. In this example, `requireAttachmentAcceptance` is set to `false`. */ requireAttachmentAcceptance?: boolean; } export interface GetCoreNetworkPolicyDocumentSegmentArgs { /** * List of strings of segment names that explicitly allows only routes from the segments that are listed in the array. Use the `allowFilter` setting if a segment has a well-defined group of other segments that connectivity should be restricted to. It is applied after routes have been shared in `segmentActions`. If a segment is listed in `allowFilter`, attachments between the two segments will have routes if they are also shared in the segment-actions area. For example, you might have a segment named "video-producer" that should only ever share routes with a "video-distributor" segment, no matter how many other share statements are created. */ allowFilters?: pulumi.Input[]>; /** * An array of segments that disallows routes from the segments listed in the array. It is applied only after routes have been shared in `segmentActions`. If a segment is listed in the `denyFilter`, attachments between the two segments will never have routes shared across them. For example, you might have a "financial" payment segment that should never share routes with a "development" segment, regardless of how many other share statements are created. Adding the payments segment to the deny-filter parameter prevents any shared routes from being created with other segments. */ denyFilters?: pulumi.Input[]>; /** * A user-defined string describing the segment. */ description?: pulumi.Input; /** * A list of strings of AWS Region names. Allows you to define a more restrictive set of Regions for a segment. The edge location must be a subset of the locations that are defined for `edgeLocations` in the `coreNetworkConfiguration`. */ edgeLocations?: pulumi.Input[]>; /** * This Boolean setting determines whether attachments on the same segment can communicate with each other. If set to `true`, the only routes available will be either shared routes through the share actions, which are attachments in other segments, or static routes. The default value is `false`. For example, you might have a segment dedicated to "development" that should never allow VPCs to talk to each other, even if they’re on the same segment. In this example, you would keep the default parameter of `false`. */ isolateAttachments?: pulumi.Input; /** * Unique name for a segment. The name is a string used in other parts of the policy document, as well as in the console for metrics and other reference points. Valid characters are a–z, and 0–9. */ name: pulumi.Input; /** * This Boolean setting determines whether attachment requests are automatically approved or require acceptance. The default is `true`, indicating that attachment requests require acceptance. For example, you might use this setting to allow a "sandbox" segment to allow any attachment request so that a core network or attachment administrator does not need to review and approve attachment requests. In this example, `requireAttachmentAcceptance` is set to `false`. */ requireAttachmentAcceptance?: pulumi.Input; } export interface GetCoreNetworkPolicyDocumentSegmentAction { /** * Action to take for the chosen segment. Valid values: `create-route`, `share`, `send-via`, `send-to`, and `associate-routing-policy` (available in policy version `2025.11` and later). */ action: string; /** * A user-defined string describing the segment action. */ description?: string; /** * List of strings containing CIDRs. You can define the IPv4 and IPv6 CIDR notation for each AWS Region. For example, `10.1.0.0/16` or `2001:db8::/56`. This is an array of CIDR notation strings. */ destinationCidrBlocks?: string[]; /** * A list of strings. Valid values include `["blackhole"]` or a list of attachment ids. */ destinations?: string[]; /** * Associates routing policies with specific edge location pairs. Available in policy version `2025.11` and later. Detailed below. */ edgeLocationAssociation?: inputs.networkmanager.GetCoreNetworkPolicyDocumentSegmentActionEdgeLocationAssociation; /** * String. When `action` is `share`, a `mode` value of `attachment-route` places the attachment and return routes in each of the `shareWith` segments. When `action` is `send-via`, indicates the mode used for packets. Valid values: `attachment-route`, `single-hop`, `dual-hop`. */ mode?: string; /** * A list of routing policy names to apply to segment sharing. The routing policies control how routes are propagated between the shared segments. Only applicable when `action` is `share`. Available in policy version `2025.11` and later. */ routingPolicyNames?: string[]; /** * Name of the segment. */ segment: string; /** * A set subtraction of segments to not share with. */ shareWithExcepts?: string[]; /** * A list of strings to share with. Must be a substring is all segments. Valid values include: `["*"]` or `[""]`. */ shareWiths?: string[]; /** * The network function groups and any edge overrides associated with the action. */ via?: inputs.networkmanager.GetCoreNetworkPolicyDocumentSegmentActionVia; /** * The destination segments for the `send-via` or `send-to` `action`. */ whenSentTo?: inputs.networkmanager.GetCoreNetworkPolicyDocumentSegmentActionWhenSentTo; } export interface GetCoreNetworkPolicyDocumentSegmentActionArgs { /** * Action to take for the chosen segment. Valid values: `create-route`, `share`, `send-via`, `send-to`, and `associate-routing-policy` (available in policy version `2025.11` and later). */ action: pulumi.Input; /** * A user-defined string describing the segment action. */ description?: pulumi.Input; /** * List of strings containing CIDRs. You can define the IPv4 and IPv6 CIDR notation for each AWS Region. For example, `10.1.0.0/16` or `2001:db8::/56`. This is an array of CIDR notation strings. */ destinationCidrBlocks?: pulumi.Input[]>; /** * A list of strings. Valid values include `["blackhole"]` or a list of attachment ids. */ destinations?: pulumi.Input[]>; /** * Associates routing policies with specific edge location pairs. Available in policy version `2025.11` and later. Detailed below. */ edgeLocationAssociation?: pulumi.Input; /** * String. When `action` is `share`, a `mode` value of `attachment-route` places the attachment and return routes in each of the `shareWith` segments. When `action` is `send-via`, indicates the mode used for packets. Valid values: `attachment-route`, `single-hop`, `dual-hop`. */ mode?: pulumi.Input; /** * A list of routing policy names to apply to segment sharing. The routing policies control how routes are propagated between the shared segments. Only applicable when `action` is `share`. Available in policy version `2025.11` and later. */ routingPolicyNames?: pulumi.Input[]>; /** * Name of the segment. */ segment: pulumi.Input; /** * A set subtraction of segments to not share with. */ shareWithExcepts?: pulumi.Input[]>; /** * A list of strings to share with. Must be a substring is all segments. Valid values include: `["*"]` or `[""]`. */ shareWiths?: pulumi.Input[]>; /** * The network function groups and any edge overrides associated with the action. */ via?: pulumi.Input; /** * The destination segments for the `send-via` or `send-to` `action`. */ whenSentTo?: pulumi.Input; } export interface GetCoreNetworkPolicyDocumentSegmentActionEdgeLocationAssociation { /** * The AWS Region code for the first edge location in the association (e.g., `us-east-1`). */ edgeLocation: string; /** * The AWS Region code for the second edge location in the association (e.g., `us-west-2`). */ peerEdgeLocation: string; /** * A set of routing policy names to apply to this edge location pair. */ routingPolicyNames: string[]; } export interface GetCoreNetworkPolicyDocumentSegmentActionEdgeLocationAssociationArgs { /** * The AWS Region code for the first edge location in the association (e.g., `us-east-1`). */ edgeLocation: pulumi.Input; /** * The AWS Region code for the second edge location in the association (e.g., `us-west-2`). */ peerEdgeLocation: pulumi.Input; /** * A set of routing policy names to apply to this edge location pair. */ routingPolicyNames: pulumi.Input[]>; } export interface GetCoreNetworkPolicyDocumentSegmentActionVia { /** * A list of strings. The network function group to use for the service insertion action. */ networkFunctionGroups?: string[]; /** * Any edge overrides and the preferred edge to use. */ withEdgeOverrides?: inputs.networkmanager.GetCoreNetworkPolicyDocumentSegmentActionViaWithEdgeOverride[]; } export interface GetCoreNetworkPolicyDocumentSegmentActionViaArgs { /** * A list of strings. The network function group to use for the service insertion action. */ networkFunctionGroups?: pulumi.Input[]>; /** * Any edge overrides and the preferred edge to use. */ withEdgeOverrides?: pulumi.Input[]>; } export interface GetCoreNetworkPolicyDocumentSegmentActionViaWithEdgeOverride { /** * A list of a list of strings. The list of edges associated with the network function group. */ edgeSets?: string[][]; /** * The preferred edge to use. * * @deprecated use_edge is deprecated. Use useEdgeLocation instead. */ useEdge?: string; /** * The preferred edge to use. */ useEdgeLocation?: string; } export interface GetCoreNetworkPolicyDocumentSegmentActionViaWithEdgeOverrideArgs { /** * A list of a list of strings. The list of edges associated with the network function group. */ edgeSets?: pulumi.Input[]>[]>; /** * The preferred edge to use. * * @deprecated use_edge is deprecated. Use useEdgeLocation instead. */ useEdge?: pulumi.Input; /** * The preferred edge to use. */ useEdgeLocation?: pulumi.Input; } export interface GetCoreNetworkPolicyDocumentSegmentActionWhenSentTo { /** * A list of strings. The list of segments that the `send-via` `action` uses. */ segments?: string[]; } export interface GetCoreNetworkPolicyDocumentSegmentActionWhenSentToArgs { /** * A list of strings. The list of segments that the `send-via` `action` uses. */ segments?: pulumi.Input[]>; } export interface LinkBandwidth { /** * Download speed in Mbps. */ downloadSpeed?: pulumi.Input; /** * Upload speed in Mbps. */ uploadSpeed?: pulumi.Input; } export interface SiteLocation { /** * Address of the location. */ address?: pulumi.Input; /** * Latitude of the location. */ latitude?: pulumi.Input; /** * Longitude of the location. */ longitude?: pulumi.Input; } export interface VpcAttachmentOptions { /** * Whether to enable appliance mode support. If enabled, traffic flow between a source and destination use the same Availability Zone for the VPC attachment for the lifetime of that flow. If the VPC attachment is pending acceptance, changing this value will recreate the resource. */ applianceModeSupport?: pulumi.Input; /** * Whether to enable DNS support. If the VPC attachment is pending acceptance, changing this value will recreate the resource. */ dnsSupport?: pulumi.Input; /** * Whether to enable IPv6 support. If the VPC attachment is pending acceptance, changing this value will recreate the resource. */ ipv6Support?: pulumi.Input; /** * Whether to enable security group referencing support for this VPC attachment. The default is `true`. However, at the core network policy-level the default is set to `false`. If the VPC attachment is pending acceptance, changing this value will recreate the resource. */ securityGroupReferencingSupport?: pulumi.Input; } } export namespace notifications { export interface NotificationHubTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; } export interface OrganizationsAccessTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } } export namespace oam { export interface LinkLinkConfiguration { /** * Configuration for filtering which log groups are to send log events from the source account to the monitoring account. See `logGroupConfiguration` Block for details. */ logGroupConfiguration?: pulumi.Input; /** * Configuration for filtering which metric namespaces are to be shared from the source account to the monitoring account. See `metricConfiguration` Block for details. */ metricConfiguration?: pulumi.Input; } export interface LinkLinkConfigurationLogGroupConfiguration { /** * Filter string that specifies which log groups are to share their log events with the monitoring account. See [LogGroupConfiguration](https://docs.aws.amazon.com/OAM/latest/APIReference/API_LogGroupConfiguration.html) for details. */ filter: pulumi.Input; } export interface LinkLinkConfigurationMetricConfiguration { /** * Filter string that specifies which metrics are to be shared with the monitoring account. See [MetricConfiguration](https://docs.aws.amazon.com/OAM/latest/APIReference/API_MetricConfiguration.html) for details. */ filter: pulumi.Input; } } export namespace observabilityadmin { export interface CentralizationRuleForOrganizationRule { /** * Configuration block for the destination where logs will be centralized. See `destination` below. */ destination: pulumi.Input; /** * Configuration block for the source of logs to be centralized. See `source` below. */ source: pulumi.Input; } export interface CentralizationRuleForOrganizationRuleDestination { /** * AWS account ID where logs will be centralized. */ account: pulumi.Input; /** * Configuration block for destination logs settings. See `destinationLogsConfiguration` below. */ destinationLogsConfiguration?: pulumi.Input; /** * AWS region where logs will be centralized. */ region: pulumi.Input; } export interface CentralizationRuleForOrganizationRuleDestinationDestinationLogsConfiguration { /** * Configuration block for backup settings. See `backupConfiguration` below. */ backupConfiguration?: pulumi.Input; /** * Configuration block for logs encryption settings. See `logsEncryptionConfiguration` below. */ logsEncryptionConfiguration?: pulumi.Input; } export interface CentralizationRuleForOrganizationRuleDestinationDestinationLogsConfigurationBackupConfiguration { /** * ARN of the KMS key to use for backup encryption. */ kmsKeyArn?: pulumi.Input; /** * AWS region for backup storage. */ region?: pulumi.Input; } export interface CentralizationRuleForOrganizationRuleDestinationDestinationLogsConfigurationLogsEncryptionConfiguration { /** * Strategy for resolving encryption conflicts. Valid values: `ALLOW`, `SKIP`. */ encryptionConflictResolutionStrategy?: pulumi.Input; /** * Encryption strategy for logs. Valid values: `AWS_OWNED`, `CUSTOMER_MANAGED`. */ encryptionStrategy: pulumi.Input; /** * ARN of the KMS key to use for encryption when `encryptionStrategy` is `CUSTOMER_MANAGED`. */ kmsKeyArn?: pulumi.Input; } export interface CentralizationRuleForOrganizationRuleSource { /** * Set of AWS regions from which to centralize logs. Must contain at least one region. */ regions: pulumi.Input[]>; /** * Scope defining which resources to include. Use organization ID format: `OrganizationId = 'o-example123456'`. */ scope: pulumi.Input; /** * Configuration block for source logs settings. See `sourceLogsConfiguration` below. */ sourceLogsConfiguration?: pulumi.Input; } export interface CentralizationRuleForOrganizationRuleSourceSourceLogsConfiguration { /** * Strategy for handling encrypted log groups. Valid values: `ALLOW`, `SKIP`. */ encryptedLogGroupStrategy: pulumi.Input; /** * Criteria for selecting log groups. Use `*` for all log groups or OAM filter syntax like `LogGroupName LIKE '/aws/lambda%'`. Must be between 1 and 2000 characters. */ logGroupSelectionCriteria: pulumi.Input; } export interface CentralizationRuleForOrganizationTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } } export namespace odb { export interface CloudAutonomousVmClusterMaintenanceWindow { /** * The days of the week when maintenance can be performed. */ daysOfWeeks?: pulumi.Input[]>; /** * The hours of the day when maintenance can be performed. */ hoursOfDays?: pulumi.Input[]>; /** * The lead time in weeks before the maintenance window. */ leadTimeInWeeks?: pulumi.Input; /** * The months when maintenance can be performed. */ months?: pulumi.Input[]>; /** * The preference for the maintenance window scheduling. */ preference: pulumi.Input; /** * Indicates whether to skip release updates during maintenance. */ weeksOfMonths?: pulumi.Input[]>; } export interface CloudAutonomousVmClusterMaintenanceWindowDaysOfWeek { name: pulumi.Input; } export interface CloudAutonomousVmClusterMaintenanceWindowMonth { name: pulumi.Input; } export interface CloudAutonomousVmClusterTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface CloudExadataInfrastructureCustomerContactsToSendToOci { email: pulumi.Input; } export interface CloudExadataInfrastructureMaintenanceWindow { /** * The custom action timeout in minutes for the maintenance window. */ customActionTimeoutInMins: pulumi.Input; /** * The days of the week when maintenance can be performed. */ daysOfWeeks?: pulumi.Input[]>; /** * The hours of the day when maintenance can be performed. */ hoursOfDays?: pulumi.Input[]>; /** * ndicates whether custom action timeout is enabled for the maintenance window. */ isCustomActionTimeoutEnabled: pulumi.Input; /** * The lead time in weeks before the maintenance window. */ leadTimeInWeeks?: pulumi.Input; /** * The months when maintenance can be performed. */ months?: pulumi.Input[]>; /** * The patching mode for the maintenance window. */ patchingMode: pulumi.Input; /** * The preference for the maintenance window scheduling. */ preference: pulumi.Input; /** * The weeks of the month when maintenance can be performed. */ weeksOfMonths?: pulumi.Input[]>; } export interface CloudExadataInfrastructureMaintenanceWindowDaysOfWeek { name: pulumi.Input; } export interface CloudExadataInfrastructureMaintenanceWindowMonth { name: pulumi.Input; } export interface CloudExadataInfrastructureTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface CloudVmClusterDataCollectionOptions { isDiagnosticsEventsEnabled: pulumi.Input; isHealthMonitoringEnabled: pulumi.Input; isIncidentLogsEnabled: pulumi.Input; } export interface CloudVmClusterIormConfigCache { dbPlans: pulumi.Input[]>; lifecycleDetails: pulumi.Input; lifecycleState: pulumi.Input; objective: pulumi.Input; } export interface CloudVmClusterIormConfigCacheDbPlan { dbName: pulumi.Input; flashCacheLimit: pulumi.Input; share: pulumi.Input; } export interface CloudVmClusterTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface GetNetworkPeeringConnectionsOdbPeeringConnection { /** * The Amazon Resource Name (ARN) for the ODB network peering connection. */ arn: string; /** * Display name of the ODB network peering connection. */ displayName: string; /** * The unique identifier of the ODB network peering connection. */ id: string; /** * ARN of the ODB network peering connection. */ odbNetworkArn: string; /** * ARN of the peer network peering connection. */ peerNetworkArn: string; } export interface GetNetworkPeeringConnectionsOdbPeeringConnectionArgs { /** * The Amazon Resource Name (ARN) for the ODB network peering connection. */ arn: pulumi.Input; /** * Display name of the ODB network peering connection. */ displayName: pulumi.Input; /** * The unique identifier of the ODB network peering connection. */ id: pulumi.Input; /** * ARN of the ODB network peering connection. */ odbNetworkArn: pulumi.Input; /** * ARN of the peer network peering connection. */ peerNetworkArn: pulumi.Input; } export interface NetworkManagedService { /** * Specifies the configuration for KMS access from the ODB network. */ kmsAccesses: pulumi.Input[]>; managedS3BackupAccesses: pulumi.Input[]>; managedServiceIpv4Cidrs: pulumi.Input[]>; resourceGatewayArn: pulumi.Input; /** * Specifies the configuration for Amazon S3 access from the ODB network. */ s3Accesses: pulumi.Input[]>; serviceNetworkArn: pulumi.Input; serviceNetworkEndpoints: pulumi.Input[]>; /** * Specifies the configuration for STS access from the ODB network. */ stsAccesses: pulumi.Input[]>; /** * Specifies the configuration for Zero-ETL access from the ODB network. * * The following arguments are optional: */ zeroEtlAccesses: pulumi.Input[]>; } export interface NetworkManagedServiceKmsAccess { domainName: pulumi.Input; ipv4Addresses: pulumi.Input[]>; /** * Specifies the endpoint policy for KMS access from the ODB network. */ kmsPolicyDocument: pulumi.Input; /** * The status of the network resource. */ status: pulumi.Input; } export interface NetworkManagedServiceManagedS3BackupAccess { ipv4Addresses: pulumi.Input[]>; /** * The status of the network resource. */ status: pulumi.Input; } export interface NetworkManagedServiceS3Access { domainName: pulumi.Input; ipv4Addresses: pulumi.Input[]>; /** * Specifies the endpoint policy for Amazon S3 access from the ODB network. */ s3PolicyDocument: pulumi.Input; /** * The status of the network resource. */ status: pulumi.Input; } export interface NetworkManagedServiceServiceNetworkEndpoint { vpcEndpointId: pulumi.Input; vpcEndpointType: pulumi.Input; } export interface NetworkManagedServiceStsAccess { domainName: pulumi.Input; ipv4Addresses: pulumi.Input[]>; /** * The status of the network resource. */ status: pulumi.Input; /** * Specifies the endpoint policy for STS access from the ODB network. */ stsPolicyDocument: pulumi.Input; } export interface NetworkManagedServiceZeroEtlAccess { cidr: pulumi.Input; /** * The status of the network resource. */ status: pulumi.Input; } export interface NetworkOciDnsForwardingConfig { domainName: pulumi.Input; ociDnsListenerIp: pulumi.Input; } export interface NetworkPeeringConnectionTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface NetworkTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } } export namespace opensearch { export interface ApplicationAppConfig { /** * The configuration item to set. Valid values are `opensearchDashboards.dashboardAdmin.users` and `opensearchDashboards.dashboardAdmin.groups`. */ key?: pulumi.Input; /** * The value assigned to the configuration key, such as an IAM user ARN or group name. Must be between 1 and 4096 characters. */ value?: pulumi.Input; } export interface ApplicationDataSource { /** * The Amazon Resource Name (ARN) of the OpenSearch domain or collection. Must be between 20 and 2048 characters. */ dataSourceArn?: pulumi.Input; /** * A detailed description of the data source. Must be at most 1000 characters and contain only alphanumeric characters, underscores, spaces, and the following special characters: `@#%*+=:?./!-`. */ dataSourceDescription?: pulumi.Input; } export interface ApplicationIamIdentityCenterOptions { /** * Specifies whether IAM Identity Center is enabled or disabled. */ enabled?: pulumi.Input; iamIdentityCenterApplicationArn?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the IAM Identity Center instance. Must be between 20 and 2048 characters. */ iamIdentityCenterInstanceArn?: pulumi.Input; /** * The ARN of the IAM role associated with the IAM Identity Center application. Must be between 20 and 2048 characters and match the pattern for IAM role ARNs. */ iamRoleForIdentityCenterApplicationArn?: pulumi.Input; } export interface ApplicationTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface AuthorizeVpcEndpointAccessAuthorizedPrincipal { /** * IAM principal that is allowed to access to the domain. */ principal: pulumi.Input; /** * Type of principal. */ principalType: pulumi.Input; } export interface DomainAdvancedSecurityOptions { /** * Whether Anonymous auth is enabled. Enables fine-grained access control on an existing domain. Ignored unless `advancedSecurityOptions` are enabled. _Can only be enabled on an existing domain._ */ anonymousAuthEnabled?: pulumi.Input; /** * Whether advanced security is enabled. */ enabled: pulumi.Input; /** * Whether the internal user database is enabled. Default is `false`. */ internalUserDatabaseEnabled?: pulumi.Input; /** * Configuration block for the main user. Detailed below. */ masterUserOptions?: pulumi.Input; } export interface DomainAdvancedSecurityOptionsMasterUserOptions { /** * ARN for the main user. Only specify if `internalUserDatabaseEnabled` is not set or set to `false`. */ masterUserArn?: pulumi.Input; /** * Main user's username, which is stored in the Amazon OpenSearch Service domain's internal database. Only specify if `internalUserDatabaseEnabled` is set to `true`. */ masterUserName?: pulumi.Input; /** * Main user's password, which is stored in the Amazon OpenSearch Service domain's internal database. Only specify if `internalUserDatabaseEnabled` is set to `true`. */ masterUserPassword?: pulumi.Input; } export interface DomainAimlOptions { /** * Configuration block for parameters required for natural language query generation on the specified domain. */ naturalLanguageQueryGenerationOptions?: pulumi.Input; /** * Configuration block for parameters required to enable S3 vectors engine features on the specified domain. */ s3VectorsEngine?: pulumi.Input; /** * Configuration block for parameters required to enable GPU-accelerated vector search on the specified domain. */ serverlessVectorAcceleration?: pulumi.Input; } export interface DomainAimlOptionsNaturalLanguageQueryGenerationOptions { /** * The desired state of the natural language query generation feature. Valid values are `ENABLED` and `DISABLED`. */ desiredState?: pulumi.Input; } export interface DomainAimlOptionsS3VectorsEngine { /** * Enables S3 vectors engine features. */ enabled?: pulumi.Input; } export interface DomainAimlOptionsServerlessVectorAcceleration { /** * Enables GPU-accelerated vector search for improved performance on vector workloads. */ enabled?: pulumi.Input; } export interface DomainAutoTuneOptions { /** * Auto-Tune desired state for the domain. Valid values: `ENABLED` or `DISABLED`. */ desiredState: pulumi.Input; /** * Configuration block for Auto-Tune maintenance windows. Can be specified multiple times for each maintenance window. Detailed below. * * **NOTE:** Maintenance windows are deprecated and have been replaced with [off-peak windows](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/off-peak.html). Consequently, `maintenanceSchedule` configuration blocks cannot be specified when `useOffPeakWindow` is set to `true`. */ maintenanceSchedules?: pulumi.Input[]>; /** * Whether to roll back to default Auto-Tune settings when disabling Auto-Tune. Valid values: `DEFAULT_ROLLBACK` or `NO_ROLLBACK`. */ rollbackOnDisable?: pulumi.Input; /** * Whether to schedule Auto-Tune optimizations that require blue/green deployments during the domain's configured daily off-peak window. Defaults to `false`. */ useOffPeakWindow?: pulumi.Input; } export interface DomainAutoTuneOptionsMaintenanceSchedule { /** * A cron expression specifying the recurrence pattern for an Auto-Tune maintenance schedule. */ cronExpressionForRecurrence: pulumi.Input; /** * Configuration block for the duration of the Auto-Tune maintenance window. Detailed below. */ duration: pulumi.Input; /** * Date and time at which to start the Auto-Tune maintenance schedule in [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8). */ startAt: pulumi.Input; } export interface DomainAutoTuneOptionsMaintenanceScheduleDuration { /** * Unit of time specifying the duration of an Auto-Tune maintenance window. Valid values: `HOURS`. */ unit: pulumi.Input; /** * An integer specifying the value of the duration of an Auto-Tune maintenance window. */ value: pulumi.Input; } export interface DomainClusterConfig { /** * Configuration block containing cold storage configuration. Detailed below. */ coldStorageOptions?: pulumi.Input; /** * Number of dedicated main nodes in the cluster. */ dedicatedMasterCount?: pulumi.Input; /** * Whether dedicated main nodes are enabled for the cluster. */ dedicatedMasterEnabled?: pulumi.Input; /** * Instance type of the dedicated main nodes in the cluster. */ dedicatedMasterType?: pulumi.Input; /** * Number of instances in the cluster. */ instanceCount?: pulumi.Input; /** * Instance type of data nodes in the cluster. */ instanceType?: pulumi.Input; /** * Whether a multi-AZ domain is turned on with a standby AZ. For more information, see [Configuring a multi-AZ domain in Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/managedomains-multiaz.html). */ multiAzWithStandbyEnabled?: pulumi.Input; /** * List of node options for the domain. */ nodeOptions?: pulumi.Input[]>; /** * Number of warm nodes in the cluster. Valid values are between `2` and `150`. `warmCount` can be only and must be set when `warmEnabled` is set to `true`. */ warmCount?: pulumi.Input; /** * Whether to enable warm storage. */ warmEnabled?: pulumi.Input; /** * Instance type for the OpenSearch cluster's warm nodes. Valid values are `ultrawarm1.medium.search`, `ultrawarm1.large.search` and `ultrawarm1.xlarge.search`. `warmType` can be only and must be set when `warmEnabled` is set to `true`. */ warmType?: pulumi.Input; /** * Configuration block containing zone awareness settings. Detailed below. */ zoneAwarenessConfig?: pulumi.Input; /** * Whether zone awareness is enabled, set to `true` for multi-az deployment. To enable awareness with three Availability Zones, the `availabilityZoneCount` within the `zoneAwarenessConfig` must be set to `3`. */ zoneAwarenessEnabled?: pulumi.Input; } export interface DomainClusterConfigColdStorageOptions { /** * Boolean to enable cold storage for an OpenSearch domain. Defaults to `false`. Master and ultrawarm nodes must be enabled for cold storage. */ enabled?: pulumi.Input; } export interface DomainClusterConfigNodeOption { /** * Container to specify sizing of a node type. */ nodeConfig?: pulumi.Input; /** * Type of node this configuration describes. Valid values: `coordinator`. */ nodeType?: pulumi.Input; } export interface DomainClusterConfigNodeOptionNodeConfig { /** * Number of nodes of a particular node type in the cluster. */ count?: pulumi.Input; /** * Whether a particular node type is enabled. */ enabled?: pulumi.Input; /** * The instance type of a particular node type in the cluster. */ type?: pulumi.Input; } export interface DomainClusterConfigZoneAwarenessConfig { /** * Number of Availability Zones for the domain to use with `zoneAwarenessEnabled`. Defaults to `2`. Valid values: `2` or `3`. */ availabilityZoneCount?: pulumi.Input; } export interface DomainCognitoOptions { /** * Whether Amazon Cognito authentication with Dashboard is enabled or not. Default is `false`. */ enabled?: pulumi.Input; /** * ID of the Cognito Identity Pool to use. */ identityPoolId: pulumi.Input; /** * ARN of the IAM role that has the AmazonOpenSearchServiceCognitoAccess policy attached. */ roleArn: pulumi.Input; /** * ID of the Cognito User Pool to use. */ userPoolId: pulumi.Input; } export interface DomainDomainEndpointOptions { /** * Fully qualified domain for your custom endpoint. */ customEndpoint?: pulumi.Input; /** * ACM certificate ARN for your custom endpoint. */ customEndpointCertificateArn?: pulumi.Input; /** * Whether to enable custom endpoint for the OpenSearch domain. */ customEndpointEnabled?: pulumi.Input; /** * Whether or not to require HTTPS. Defaults to `true`. */ enforceHttps?: pulumi.Input; /** * Name of the TLS security policy that needs to be applied to the HTTPS endpoint. For valid values, refer to the [AWS documentation](https://docs.aws.amazon.com/opensearch-service/latest/APIReference/API_DomainEndpointOptions.html#opensearchservice-Type-DomainEndpointOptions-TLSSecurityPolicy). Pulumi will only perform drift detection if a configuration value is provided. */ tlsSecurityPolicy?: pulumi.Input; } export interface DomainEbsOptions { /** * Whether EBS volumes are attached to data nodes in the domain. */ ebsEnabled: pulumi.Input; /** * Baseline input/output (I/O) performance of EBS volumes attached to data nodes. Applicable only for the GP3 and Provisioned IOPS EBS volume types. */ iops?: pulumi.Input; /** * Specifies the throughput (in MiB/s) of the EBS volumes attached to data nodes. Applicable only for the gp3 volume type. */ throughput?: pulumi.Input; /** * Size of EBS volumes attached to data nodes (in GiB). */ volumeSize?: pulumi.Input; /** * Type of EBS volumes attached to data nodes. */ volumeType?: pulumi.Input; } export interface DomainEncryptAtRest { /** * Whether to enable encryption at rest. If the `encryptAtRest` block is not provided then this defaults to `false`. Enabling encryption on new domains requires an `engineVersion` of `OpenSearch_X.Y` or `Elasticsearch_5.1` or greater. */ enabled: pulumi.Input; /** * KMS key ARN to encrypt the Elasticsearch domain with. If not specified then it defaults to using the `aws/es` service KMS key. Note that KMS will accept a KMS key ID but will return the key ARN. To prevent the provider detecting unwanted changes, use the key ARN instead. */ kmsKeyId?: pulumi.Input; } export interface DomainIdentityCenterOptions { enabledApiAccess?: pulumi.Input; identityCenterInstanceArn?: pulumi.Input; rolesKey?: pulumi.Input; subjectKey?: pulumi.Input; } export interface DomainLogPublishingOption { /** * ARN of the Cloudwatch log group to which log needs to be published. */ cloudwatchLogGroupArn: pulumi.Input; /** * Whether given log publishing option is enabled or not. */ enabled?: pulumi.Input; /** * Type of OpenSearch log. Valid values: `INDEX_SLOW_LOGS`, `SEARCH_SLOW_LOGS`, `ES_APPLICATION_LOGS`, `AUDIT_LOGS`. */ logType: pulumi.Input; } export interface DomainNodeToNodeEncryption { /** * Whether to enable node-to-node encryption. If the `nodeToNodeEncryption` block is not provided then this defaults to `false`. Enabling node-to-node encryption of a new domain requires an `engineVersion` of `OpenSearch_X.Y` or `Elasticsearch_6.0` or greater. */ enabled: pulumi.Input; } export interface DomainOffPeakWindowOptions { /** * Enabled disabled toggle for off-peak update window. */ enabled?: pulumi.Input; offPeakWindow?: pulumi.Input; } export interface DomainOffPeakWindowOptionsOffPeakWindow { /** * 10h window for updates */ windowStartTime?: pulumi.Input; } export interface DomainOffPeakWindowOptionsOffPeakWindowWindowStartTime { /** * Starting hour of the 10-hour window for updates */ hours?: pulumi.Input; /** * Starting minute of the 10-hour window for updates */ minutes?: pulumi.Input; } export interface DomainSamlOptionsSamlOptions { /** * Whether SAML authentication is enabled. */ enabled?: pulumi.Input; /** * Information from your identity provider. */ idp?: pulumi.Input; /** * This backend role from the SAML IdP receives full permissions to the cluster, equivalent to a new master user. */ masterBackendRole?: pulumi.Input; /** * This username from the SAML IdP receives full permissions to the cluster, equivalent to a new master user. */ masterUserName?: pulumi.Input; /** * Element of the SAML assertion to use for backend roles. Default is roles. */ rolesKey?: pulumi.Input; /** * Duration of a session in minutes after a user logs in. Default is 60. Maximum value is 1,440. */ sessionTimeoutMinutes?: pulumi.Input; /** * Element of the SAML assertion to use for username. Default is NameID. */ subjectKey?: pulumi.Input; } export interface DomainSamlOptionsSamlOptionsIdp { /** * Unique Entity ID of the application in SAML Identity Provider. */ entityId: pulumi.Input; /** * Metadata of the SAML application in xml format. */ metadataContent: pulumi.Input; } export interface DomainSnapshotOptions { /** * Hour during which the service takes an automated daily snapshot of the indices in the domain. */ automatedSnapshotStartHour: pulumi.Input; } export interface DomainSoftwareUpdateOptions { /** * Whether automatic service software updates are enabled for the domain. Defaults to `false`. */ autoSoftwareUpdateEnabled?: pulumi.Input; } export interface DomainVpcOptions { /** * If the domain was created inside a VPC, the names of the availability zones the configured `subnetIds` were created inside. */ availabilityZones?: pulumi.Input[]>; /** * List of VPC Security Group IDs to be applied to the OpenSearch domain endpoints. If omitted, the default Security Group for the VPC will be used. */ securityGroupIds?: pulumi.Input[]>; /** * List of VPC Subnet IDs for the OpenSearch domain endpoints to be created in. */ subnetIds?: pulumi.Input[]>; /** * If the domain was created inside a VPC, the ID of the VPC. */ vpcId?: pulumi.Input; } export interface GetServerlessSecurityConfigSamlOption { /** * Group attribute for this SAML integration. */ groupAttribute?: string; /** * The XML IdP metadata file generated from your identity provider. */ metadata?: string; /** * Session timeout, in minutes. Minimum is 5 minutes and maximum is 720 minutes (12 hours). Default is 60 minutes. */ sessionTimeout?: number; /** * User attribute for this SAML integration. */ userAttribute?: string; } export interface GetServerlessSecurityConfigSamlOptionArgs { /** * Group attribute for this SAML integration. */ groupAttribute?: pulumi.Input; /** * The XML IdP metadata file generated from your identity provider. */ metadata?: pulumi.Input; /** * Session timeout, in minutes. Minimum is 5 minutes and maximum is 720 minutes (12 hours). Default is 60 minutes. */ sessionTimeout?: pulumi.Input; /** * User attribute for this SAML integration. */ userAttribute?: pulumi.Input; } export interface OutboundConnectionConnectionProperties { /** * Configuration block for cross cluster search. */ crossClusterSearch?: pulumi.Input; /** * The endpoint of the remote domain, is only set when `connectionMode` is `VPC_ENDPOINT` and `acceptConnection` is `TRUE`. */ endpoint?: pulumi.Input; } export interface OutboundConnectionConnectionPropertiesCrossClusterSearch { /** * Skips unavailable clusters and can only be used for cross-cluster searches. Accepted values are `ENABLED` or `DISABLED`. */ skipUnavailable?: pulumi.Input; } export interface OutboundConnectionLocalDomainInfo { /** * The name of the local domain. */ domainName: pulumi.Input; /** * The Account ID of the owner of the local domain. */ ownerId: pulumi.Input; /** * The region of the local domain. */ region: pulumi.Input; } export interface OutboundConnectionRemoteDomainInfo { /** * The name of the remote domain. */ domainName: pulumi.Input; /** * The Account ID of the owner of the remote domain. */ ownerId: pulumi.Input; /** * The region of the remote domain. */ region: pulumi.Input; } export interface PackagePackageSource { /** * The name of the Amazon S3 bucket containing the package. */ s3BucketName: pulumi.Input; /** * Key (file name) of the package. */ s3Key: pulumi.Input; } export interface ServerlessCollectionTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; } export interface ServerlessSecurityConfigSamlOptions { /** * Group attribute for this SAML integration. */ groupAttribute?: pulumi.Input; /** * The XML IdP metadata file generated from your identity provider. */ metadata: pulumi.Input; /** * Session timeout, in minutes. Minimum is 5 minutes and maximum is 720 minutes (12 hours). Default is 60 minutes. */ sessionTimeout?: pulumi.Input; /** * User attribute for this SAML integration. */ userAttribute?: pulumi.Input; } export interface ServerlessVpcEndpointTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface VpcEndpointVpcOptions { availabilityZones?: pulumi.Input[]>; /** * The list of security group IDs associated with the VPC endpoints for the domain. If you do not provide a security group ID, OpenSearch Service uses the default security group for the VPC. */ securityGroupIds?: pulumi.Input[]>; /** * A list of subnet IDs associated with the VPC endpoints for the domain. If your domain uses multiple Availability Zones, you need to provide two subnet IDs, one per zone. Otherwise, provide only one. */ subnetIds: pulumi.Input[]>; vpcId?: pulumi.Input; } } export namespace opensearchingest { export interface PipelineBufferOptions { /** * Whether persistent buffering should be enabled. */ persistentBufferEnabled: pulumi.Input; } export interface PipelineEncryptionAtRestOptions { /** * The ARN of the KMS key used to encrypt data-at-rest in OpenSearch Ingestion. By default, data is encrypted using an AWS owned key. */ kmsKeyArn: pulumi.Input; } export interface PipelineLogPublishingOptions { /** * The destination for OpenSearch Ingestion logs sent to Amazon CloudWatch Logs. This parameter is required if IsLoggingEnabled is set to true. See `cloudwatchLogDestination` below. */ cloudwatchLogDestination?: pulumi.Input; /** * Whether logs should be published. */ isLoggingEnabled?: pulumi.Input; } export interface PipelineLogPublishingOptionsCloudwatchLogDestination { /** * The name of the CloudWatch Logs group to send pipeline logs to. You can specify an existing log group or create a new one. For example, /aws/OpenSearchService/IngestionService/my-pipeline. */ logGroup: pulumi.Input; } export interface PipelineTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface PipelineVpcOptions { /** * A list of security groups associated with the VPC endpoint. */ securityGroupIds?: pulumi.Input[]>; /** * A list of subnet IDs associated with the VPC endpoint. */ subnetIds: pulumi.Input[]>; /** * Whether you or Amazon OpenSearch Ingestion service create and manage the VPC endpoint configured for the pipeline. Valid values are `CUSTOMER` or `SERVICE` */ vpcEndpointManagement?: pulumi.Input; } } export namespace organizations { export interface OrganizationAccount { /** * ARN of the root. */ arn?: pulumi.Input; /** * Email of the account. */ email?: pulumi.Input; /** * Identifier of the root. */ id?: pulumi.Input; /** * Method by which the account joined the organization. */ joinedMethod?: pulumi.Input; /** * Date the account became a part of the organization. */ joinedTimestamp?: pulumi.Input; /** * Name of the policy type. */ name?: pulumi.Input; /** * State of the account. */ state?: pulumi.Input; /** * Status of the policy type as it relates to the associated root. * * @deprecated status is deprecated. Use state instead. */ status?: pulumi.Input; } export interface OrganizationNonMasterAccount { /** * ARN of the root. */ arn?: pulumi.Input; /** * Email of the account. */ email?: pulumi.Input; /** * Identifier of the root. */ id?: pulumi.Input; /** * Method by which the account joined the organization. */ joinedMethod?: pulumi.Input; /** * Date the account became a part of the organization. */ joinedTimestamp?: pulumi.Input; /** * Name of the policy type. */ name?: pulumi.Input; /** * State of the account. */ state?: pulumi.Input; /** * Status of the policy type as it relates to the associated root. * * @deprecated status is deprecated. Use state instead. */ status?: pulumi.Input; } export interface OrganizationRoot { /** * ARN of the root. */ arn?: pulumi.Input; /** * Identifier of the root. */ id?: pulumi.Input; /** * Name of the policy type. */ name?: pulumi.Input; /** * List of policy types enabled for this root. All elements have these attributes: */ policyTypes?: pulumi.Input[]>; } export interface OrganizationRootPolicyType { /** * Status of the policy type as it relates to the associated root. */ status?: pulumi.Input; type?: pulumi.Input; } export interface OrganizationalUnitAccount { /** * ARN of the organizational unit */ arn?: pulumi.Input; /** * Email of the account */ email?: pulumi.Input; /** * Identifier of the organization unit */ id?: pulumi.Input; /** * The name for the organizational unit */ name?: pulumi.Input; } } export namespace paymentcryptography { export interface KeyKeyAttribute { /** * Key algorithm to be use during creation of an AWS Payment Cryptography key. */ keyAlgorithm: pulumi.Input; /** * Type of AWS Payment Cryptography key to create. */ keyClass: pulumi.Input; /** * List of cryptographic operations that you can perform using the key. */ keyModesOfUses?: pulumi.Input[]>; /** * Cryptographic usage of an AWS Payment Cryptography key as defined in section A.5.2 of the TR-31 spec. */ keyUsage: pulumi.Input; } export interface KeyKeyAttributeKeyModesOfUse { /** * Whether an AWS Payment Cryptography key can be used to decrypt data. */ decrypt?: pulumi.Input; /** * Whether an AWS Payment Cryptography key can be used to derive new keys. */ deriveKey?: pulumi.Input; /** * Whether an AWS Payment Cryptography key can be used to encrypt data. */ encrypt?: pulumi.Input; /** * Whether an AWS Payment Cryptography key can be used to generate and verify other card and PIN verification keys. */ generate?: pulumi.Input; /** * Whether an AWS Payment Cryptography key has no special restrictions other than the restrictions implied by KeyUsage. */ noRestrictions?: pulumi.Input; /** * Whether an AWS Payment Cryptography key can be used for signing. */ sign?: pulumi.Input; /** * Whether an AWS Payment Cryptography key can be used to unwrap other keys. */ unwrap?: pulumi.Input; /** * Whether an AWS Payment Cryptography key can be used to verify signatures. */ verify?: pulumi.Input; /** * Whether an AWS Payment Cryptography key can be used to wrap other keys. */ wrap?: pulumi.Input; } export interface KeyTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } } export namespace pinpoint { export interface AppCampaignHook { /** * Lambda function name or ARN to be called for delivery. Conflicts with `webUrl` */ lambdaFunctionName?: pulumi.Input; /** * What mode Lambda should be invoked in. Valid values for this parameter are `DELIVERY`, `FILTER`. */ mode?: pulumi.Input; /** * Web URL to call for hook. If the URL has authentication specified it will be added as authentication to the request. Conflicts with `lambdaFunctionName` */ webUrl?: pulumi.Input; } export interface AppLimits { /** * The maximum number of messages that the campaign can send daily. */ daily?: pulumi.Input; /** * The length of time (in seconds) that the campaign can run before it ends and message deliveries stop. This duration begins at the scheduled start time for the campaign. The minimum value is 60. */ maximumDuration?: pulumi.Input; /** * The number of messages that the campaign can send per second. The minimum value is 50, and the maximum is 20000. */ messagesPerSecond?: pulumi.Input; /** * The maximum total number of messages that the campaign can send. */ total?: pulumi.Input; } export interface AppQuietTime { /** * The default end time for quiet time in ISO 8601 format. Required if `start` is set */ end?: pulumi.Input; /** * The default start time for quiet time in ISO 8601 format. Required if `end` is set */ start?: pulumi.Input; } export interface EmailTemplateEmailTemplate { /** * JSON object that specifies the default values to use for message variables in the message template. This object is a set of key-value pairs. Each key defines a message variable in the template. The corresponding value defines the default value for that variable. When you create a message that's based on the template, you can override these defaults with message-specific and address-specific variables and values. */ defaultSubstitutions?: pulumi.Input; description?: pulumi.Input; headers?: pulumi.Input[]>; /** * The message body, in HTML format, to use in email messages that are based on the message template. We recommend using HTML format for email clients that render HTML content. You can include links, formatted text, and more in an HTML message. */ htmlPart?: pulumi.Input; /** * The unique identifier for the recommender model to use for the message template. Amazon Pinpoint uses this value to determine how to retrieve and process data from a recommender model when it sends messages that use the template, if the template contains message variables for recommendation data. */ recommenderId?: pulumi.Input; /** * Subject line, or title, to use in email messages that are based on the message template. */ subject?: pulumi.Input; /** * Message body, in plain text format, to use in email messages that are based on the message template. We recommend using plain text format for email clients that don't render HTML content and clients that are connected to high-latency networks, such as mobile devices. */ textPart?: pulumi.Input; } export interface EmailTemplateEmailTemplateHeader { /** * Name of the message header. The header name can contain up to 126 characters. */ name?: pulumi.Input; /** * Value of the message header. The header value can contain up to 870 characters, including the length of any rendered attributes. For example if you add the {CreationDate} attribute, it renders as YYYY-MM-DDTHH:MM:SS.SSSZ and is 24 characters in length. */ value?: pulumi.Input; } export interface Smsvoicev2PhoneNumberTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } } export namespace pipes { export interface PipeEnrichmentParameters { /** * Contains the HTTP parameters to use when the target is a API Gateway REST endpoint or EventBridge ApiDestination. If you specify an API Gateway REST API or EventBridge ApiDestination as a target, you can use this parameter to specify headers, path parameters, and query string keys/values as part of your target invoking request. If you're using ApiDestinations, the corresponding Connection can also have these values configured. In case of any conflicting keys, values from the Connection take precedence. Detailed below. */ httpParameters?: pulumi.Input; /** * Valid JSON text passed to the target. In this case, nothing from the event itself is passed to the target. Maximum length of 8192 characters. */ inputTemplate?: pulumi.Input; } export interface PipeEnrichmentParametersHttpParameters { headerParameters?: pulumi.Input<{[key: string]: pulumi.Input}>; pathParameterValues?: pulumi.Input; queryStringParameters?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface PipeLogConfiguration { /** * Amazon CloudWatch Logs logging configuration settings for the pipe. Detailed below. */ cloudwatchLogsLogDestination?: pulumi.Input; /** * Amazon Kinesis Data Firehose logging configuration settings for the pipe. Detailed below. */ firehoseLogDestination?: pulumi.Input; /** * String list that specifies whether the execution data (specifically, the `payload`, `awsRequest`, and `awsResponse` fields) is included in the log messages for this pipe. This applies to all log destinations for the pipe. Valid values `ALL`. */ includeExecutionDatas?: pulumi.Input[]>; /** * The level of logging detail to include. Valid values `OFF`, `ERROR`, `INFO` and `TRACE`. */ level: pulumi.Input; /** * Amazon S3 logging configuration settings for the pipe. Detailed below. */ s3LogDestination?: pulumi.Input; } export interface PipeLogConfigurationCloudwatchLogsLogDestination { /** * Amazon Web Services Resource Name (ARN) for the CloudWatch log group to which EventBridge sends the log records. */ logGroupArn: pulumi.Input; } export interface PipeLogConfigurationFirehoseLogDestination { /** * Amazon Resource Name (ARN) of the Kinesis Data Firehose delivery stream to which EventBridge delivers the pipe log records. */ deliveryStreamArn: pulumi.Input; } export interface PipeLogConfigurationS3LogDestination { /** * Name of the Amazon S3 bucket to which EventBridge delivers the log records for the pipe. */ bucketName: pulumi.Input; /** * Amazon Web Services account that owns the Amazon S3 bucket to which EventBridge delivers the log records for the pipe. */ bucketOwner: pulumi.Input; /** * EventBridge format for the log records. Valid values `json`, `plain` and `w3c`. */ outputFormat?: pulumi.Input; /** * Prefix text with which to begin Amazon S3 log object names. */ prefix?: pulumi.Input; } export interface PipeSourceParameters { /** * The parameters for using an Active MQ broker as a source. Detailed below. */ activemqBrokerParameters?: pulumi.Input; /** * The parameters for using a DynamoDB stream as a source. Detailed below. */ dynamodbStreamParameters?: pulumi.Input; /** * The collection of event patterns used to [filter events](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-pipes-event-filtering.html). Detailed below. */ filterCriteria?: pulumi.Input; /** * The parameters for using a Kinesis stream as a source. Detailed below. */ kinesisStreamParameters?: pulumi.Input; /** * The parameters for using an MSK stream as a source. Detailed below. */ managedStreamingKafkaParameters?: pulumi.Input; /** * The parameters for using a Rabbit MQ broker as a source. Detailed below. */ rabbitmqBrokerParameters?: pulumi.Input; /** * The parameters for using a self-managed Apache Kafka stream as a source. Detailed below. */ selfManagedKafkaParameters?: pulumi.Input; /** * The parameters for using a Amazon SQS stream as a source. Detailed below. */ sqsQueueParameters?: pulumi.Input; } export interface PipeSourceParametersActivemqBrokerParameters { /** * The maximum number of records to include in each batch. Maximum value of 10000. */ batchSize?: pulumi.Input; /** * The credentials needed to access the resource. Detailed below. */ credentials: pulumi.Input; /** * The maximum length of a time to wait for events. Maximum value of 300. */ maximumBatchingWindowInSeconds?: pulumi.Input; /** * The name of the destination queue to consume. Maximum length of 1000. */ queueName: pulumi.Input; } export interface PipeSourceParametersActivemqBrokerParametersCredentials { /** * The ARN of the Secrets Manager secret containing the credentials. */ basicAuth: pulumi.Input; } export interface PipeSourceParametersDynamodbStreamParameters { /** * The maximum number of records to include in each batch. Maximum value of 10000. */ batchSize?: pulumi.Input; /** * Define the target queue to send dead-letter queue events to. Detailed below. */ deadLetterConfig?: pulumi.Input; /** * The maximum length of a time to wait for events. Maximum value of 300. */ maximumBatchingWindowInSeconds?: pulumi.Input; /** * Discard records older than the specified age. The default value is -1, which sets the maximum age to infinite. When the value is set to infinite, EventBridge never discards old records. Maximum value of 604,800. */ maximumRecordAgeInSeconds?: pulumi.Input; /** * Discard records after the specified number of retries. The default value is -1, which sets the maximum number of retries to infinite. When MaximumRetryAttempts is infinite, EventBridge retries failed records until the record expires in the event source. Maximum value of 10,000. */ maximumRetryAttempts?: pulumi.Input; /** * Define how to handle item process failures. AUTOMATIC_BISECT halves each batch and retry each half until all the records are processed or there is one failed message left in the batch. Valid values: AUTOMATIC_BISECT. */ onPartialBatchItemFailure?: pulumi.Input; /** * The number of batches to process concurrently from each shard. The default value is 1. Maximum value of 10. */ parallelizationFactor?: pulumi.Input; /** * The position in a stream from which to start reading. Valid values: TRIM_HORIZON, LATEST. */ startingPosition: pulumi.Input; } export interface PipeSourceParametersDynamodbStreamParametersDeadLetterConfig { /** * ARN of this pipe. */ arn?: pulumi.Input; } export interface PipeSourceParametersFilterCriteria { /** * An array of up to 5 event patterns. Detailed below. */ filters?: pulumi.Input[]>; } export interface PipeSourceParametersFilterCriteriaFilter { /** * The event pattern. At most 4096 characters. */ pattern: pulumi.Input; } export interface PipeSourceParametersKinesisStreamParameters { /** * The maximum number of records to include in each batch. Maximum value of 10000. */ batchSize?: pulumi.Input; /** * Define the target queue to send dead-letter queue events to. Detailed below. */ deadLetterConfig?: pulumi.Input; /** * The maximum length of a time to wait for events. Maximum value of 300. */ maximumBatchingWindowInSeconds?: pulumi.Input; /** * Discard records older than the specified age. The default value is -1, which sets the maximum age to infinite. When the value is set to infinite, EventBridge never discards old records. Maximum value of 604,800. */ maximumRecordAgeInSeconds?: pulumi.Input; /** * Discard records after the specified number of retries. The default value is -1, which sets the maximum number of retries to infinite. When MaximumRetryAttempts is infinite, EventBridge retries failed records until the record expires in the event source. Maximum value of 10,000. */ maximumRetryAttempts?: pulumi.Input; /** * Define how to handle item process failures. AUTOMATIC_BISECT halves each batch and retry each half until all the records are processed or there is one failed message left in the batch. Valid values: AUTOMATIC_BISECT. */ onPartialBatchItemFailure?: pulumi.Input; /** * The number of batches to process concurrently from each shard. The default value is 1. Maximum value of 10. */ parallelizationFactor?: pulumi.Input; /** * The position in a stream from which to start reading. Valid values: TRIM_HORIZON, LATEST. */ startingPosition: pulumi.Input; /** * With StartingPosition set to AT_TIMESTAMP, the time from which to start reading, in Unix time seconds. */ startingPositionTimestamp?: pulumi.Input; } export interface PipeSourceParametersKinesisStreamParametersDeadLetterConfig { /** * ARN of this pipe. */ arn?: pulumi.Input; } export interface PipeSourceParametersManagedStreamingKafkaParameters { /** * The maximum number of records to include in each batch. Maximum value of 10000. */ batchSize?: pulumi.Input; /** * The name of the destination queue to consume. Maximum value of 200. */ consumerGroupId?: pulumi.Input; /** * The credentials needed to access the resource. Detailed below. */ credentials?: pulumi.Input; /** * The maximum length of a time to wait for events. Maximum value of 300. */ maximumBatchingWindowInSeconds?: pulumi.Input; /** * The position in a stream from which to start reading. Valid values: TRIM_HORIZON, LATEST. */ startingPosition?: pulumi.Input; /** * The name of the topic that the pipe will read from. Maximum length of 249. */ topicName: pulumi.Input; } export interface PipeSourceParametersManagedStreamingKafkaParametersCredentials { /** * The ARN of the Secrets Manager secret containing the credentials. */ clientCertificateTlsAuth?: pulumi.Input; /** * The ARN of the Secrets Manager secret containing the credentials. */ saslScram512Auth?: pulumi.Input; } export interface PipeSourceParametersRabbitmqBrokerParameters { /** * The maximum number of records to include in each batch. Maximum value of 10000. */ batchSize?: pulumi.Input; /** * The credentials needed to access the resource. Detailed below. */ credentials: pulumi.Input; /** * The maximum length of a time to wait for events. Maximum value of 300. */ maximumBatchingWindowInSeconds?: pulumi.Input; /** * The name of the destination queue to consume. Maximum length of 1000. */ queueName: pulumi.Input; /** * The name of the virtual host associated with the source broker. Maximum length of 200. */ virtualHost?: pulumi.Input; } export interface PipeSourceParametersRabbitmqBrokerParametersCredentials { /** * The ARN of the Secrets Manager secret containing the credentials. */ basicAuth: pulumi.Input; } export interface PipeSourceParametersSelfManagedKafkaParameters { /** * An array of server URLs. Maximum number of 2 items, each of maximum length 300. */ additionalBootstrapServers?: pulumi.Input[]>; /** * The maximum number of records to include in each batch. Maximum value of 10000. */ batchSize?: pulumi.Input; /** * The name of the destination queue to consume. Maximum value of 200. */ consumerGroupId?: pulumi.Input; /** * The credentials needed to access the resource. Detailed below. */ credentials?: pulumi.Input; /** * The maximum length of a time to wait for events. Maximum value of 300. */ maximumBatchingWindowInSeconds?: pulumi.Input; /** * The ARN of the Secrets Manager secret used for certification. */ serverRootCaCertificate?: pulumi.Input; /** * The position in a stream from which to start reading. Valid values: TRIM_HORIZON, LATEST. */ startingPosition?: pulumi.Input; /** * The name of the topic that the pipe will read from. Maximum length of 249. */ topicName: pulumi.Input; /** * This structure specifies the VPC subnets and security groups for the stream, and whether a public IP address is to be used. Detailed below. */ vpc?: pulumi.Input; } export interface PipeSourceParametersSelfManagedKafkaParametersCredentials { /** * The ARN of the Secrets Manager secret containing the credentials. */ basicAuth?: pulumi.Input; /** * The ARN of the Secrets Manager secret containing the credentials. */ clientCertificateTlsAuth?: pulumi.Input; /** * The ARN of the Secrets Manager secret containing the credentials. */ saslScram256Auth?: pulumi.Input; /** * The ARN of the Secrets Manager secret containing the credentials. */ saslScram512Auth?: pulumi.Input; } export interface PipeSourceParametersSelfManagedKafkaParametersVpc { securityGroups?: pulumi.Input[]>; subnets?: pulumi.Input[]>; } export interface PipeSourceParametersSqsQueueParameters { /** * The maximum number of records to include in each batch. Maximum value of 10000. */ batchSize?: pulumi.Input; /** * The maximum length of a time to wait for events. Maximum value of 300. */ maximumBatchingWindowInSeconds?: pulumi.Input; } export interface PipeTargetParameters { /** * The parameters for using an AWS Batch job as a target. Detailed below. */ batchJobParameters?: pulumi.Input; /** * The parameters for using an CloudWatch Logs log stream as a target. Detailed below. */ cloudwatchLogsParameters?: pulumi.Input; /** * The parameters for using an Amazon ECS task as a target. Detailed below. */ ecsTaskParameters?: pulumi.Input; /** * The parameters for using an EventBridge event bus as a target. Detailed below. */ eventbridgeEventBusParameters?: pulumi.Input; /** * These are custom parameter to be used when the target is an API Gateway REST APIs or EventBridge ApiDestinations. Detailed below. */ httpParameters?: pulumi.Input; /** * Valid JSON text passed to the target. In this case, nothing from the event itself is passed to the target. Maximum length of 8192 characters. */ inputTemplate?: pulumi.Input; /** * The parameters for using a Kinesis stream as a source. Detailed below. */ kinesisStreamParameters?: pulumi.Input; /** * The parameters for using a Lambda function as a target. Detailed below. */ lambdaFunctionParameters?: pulumi.Input; /** * These are custom parameters to be used when the target is a Amazon Redshift cluster to invoke the Amazon Redshift Data API BatchExecuteStatement. Detailed below. */ redshiftDataParameters?: pulumi.Input; /** * The parameters for using a SageMaker AI pipeline as a target. Detailed below. */ sagemakerPipelineParameters?: pulumi.Input; /** * The parameters for using a Amazon SQS stream as a target. Detailed below. */ sqsQueueParameters?: pulumi.Input; /** * The parameters for using a Step Functions state machine as a target. Detailed below. */ stepFunctionStateMachineParameters?: pulumi.Input; } export interface PipeTargetParametersBatchJobParameters { /** * The array properties for the submitted job, such as the size of the array. The array size can be between 2 and 10,000. If you specify array properties for a job, it becomes an array job. This parameter is used only if the target is an AWS Batch job. Detailed below. */ arrayProperties?: pulumi.Input; /** * The overrides that are sent to a container. Detailed below. */ containerOverrides?: pulumi.Input; /** * A list of dependencies for the job. A job can depend upon a maximum of 20 jobs. You can specify a SEQUENTIAL type dependency without specifying a job ID for array jobs so that each child array job completes sequentially, starting at index 0. You can also specify an N_TO_N type dependency with a job ID for array jobs. In that case, each index child of this job must wait for the corresponding index child of each dependency to complete before it can begin. Detailed below. */ dependsOns?: pulumi.Input[]>; /** * The job definition used by this job. This value can be one of name, name:revision, or the Amazon Resource Name (ARN) for the job definition. If name is specified without a revision then the latest active revision is used. */ jobDefinition: pulumi.Input; /** * The name of the job. It can be up to 128 letters long. */ jobName: pulumi.Input; /** * Additional parameters passed to the job that replace parameter substitution placeholders that are set in the job definition. Parameters are specified as a key and value pair mapping. Parameters included here override any corresponding parameter defaults from the job definition. Detailed below. */ parameters?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * The retry strategy to use for failed jobs. When a retry strategy is specified here, it overrides the retry strategy defined in the job definition. Detailed below. */ retryStrategy?: pulumi.Input; } export interface PipeTargetParametersBatchJobParametersArrayProperties { /** * The size of the array, if this is an array batch job. Minimum value of 2. Maximum value of 10,000. */ size?: pulumi.Input; } export interface PipeTargetParametersBatchJobParametersContainerOverrides { /** * List of commands to send to the container that overrides the default command from the Docker image or the task definition. You must also specify a container name. */ commands?: pulumi.Input[]>; /** * The environment variables to send to the container. You can add new environment variables, which are added to the container at launch, or you can override the existing environment variables from the Docker image or the task definition. You must also specify a container name. Detailed below. */ environments?: pulumi.Input[]>; /** * The instance type to use for a multi-node parallel job. This parameter isn't applicable to single-node container jobs or jobs that run on Fargate resources, and shouldn't be provided. */ instanceType?: pulumi.Input; /** * The type and amount of a resource to assign to a container, instead of the default value from the task definition. The only supported resource is a GPU. Detailed below. */ resourceRequirements?: pulumi.Input[]>; } export interface PipeTargetParametersBatchJobParametersContainerOverridesEnvironment { /** * Name of the pipe. If omitted, the provider will assign a random, unique name. Conflicts with `namePrefix`. */ name?: pulumi.Input; /** * Value of parameter to start execution of a SageMaker AI Model Building Pipeline. Maximum length of 1024. */ value?: pulumi.Input; } export interface PipeTargetParametersBatchJobParametersContainerOverridesResourceRequirement { /** * The type of placement strategy. The random placement strategy randomly places tasks on available candidates. The spread placement strategy spreads placement across available candidates evenly based on the field parameter. The binpack strategy places tasks on available candidates that have the least available amount of the resource that is specified with the field parameter. For example, if you binpack on memory, a task is placed on the instance with the least amount of remaining memory (but still enough to run the task). Valid Values: random, spread, binpack. */ type: pulumi.Input; /** * Value of parameter to start execution of a SageMaker AI Model Building Pipeline. Maximum length of 1024. */ value: pulumi.Input; } export interface PipeTargetParametersBatchJobParametersDependsOn { /** * The job ID of the AWS Batch job that's associated with this dependency. */ jobId?: pulumi.Input; /** * The type of placement strategy. The random placement strategy randomly places tasks on available candidates. The spread placement strategy spreads placement across available candidates evenly based on the field parameter. The binpack strategy places tasks on available candidates that have the least available amount of the resource that is specified with the field parameter. For example, if you binpack on memory, a task is placed on the instance with the least amount of remaining memory (but still enough to run the task). Valid Values: random, spread, binpack. */ type?: pulumi.Input; } export interface PipeTargetParametersBatchJobParametersRetryStrategy { /** * The number of times to move a job to the RUNNABLE status. If the value of attempts is greater than one, the job is retried on failure the same number of attempts as the value. Maximum value of 10. */ attempts?: pulumi.Input; } export interface PipeTargetParametersCloudwatchLogsParameters { /** * The name of the log stream. */ logStreamName?: pulumi.Input; /** * The time the event occurred, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC. This is the JSON path to the field in the event e.g. $.detail.timestamp */ timestamp?: pulumi.Input; } export interface PipeTargetParametersEcsTaskParameters { /** * List of capacity provider strategies to use for the task. If a capacityProviderStrategy is specified, the launchType parameter must be omitted. If no capacityProviderStrategy or launchType is specified, the defaultCapacityProviderStrategy for the cluster is used. Detailed below. */ capacityProviderStrategies?: pulumi.Input[]>; /** * Specifies whether to enable Amazon ECS managed tags for the task. Valid values: true, false. */ enableEcsManagedTags?: pulumi.Input; /** * Whether or not to enable the execute command functionality for the containers in this task. If true, this enables execute command functionality on all containers in the task. Valid values: true, false. */ enableExecuteCommand?: pulumi.Input; /** * Specifies an Amazon ECS task group for the task. The maximum length is 255 characters. */ group?: pulumi.Input; /** * Specifies the launch type on which your task is running. The launch type that you specify here must match one of the launch type (compatibilities) of the target task. The FARGATE value is supported only in the Regions where AWS Fargate with Amazon ECS is supported. Valid Values: EC2, FARGATE, EXTERNAL */ launchType?: pulumi.Input; /** * Use this structure if the Amazon ECS task uses the awsvpc network mode. This structure specifies the VPC subnets and security groups associated with the task, and whether a public IP address is to be used. This structure is required if LaunchType is FARGATE because the awsvpc mode is required for Fargate tasks. If you specify NetworkConfiguration when the target ECS task does not use the awsvpc network mode, the task fails. Detailed below. */ networkConfiguration?: pulumi.Input; /** * The overrides that are associated with a task. Detailed below. */ overrides?: pulumi.Input; /** * An array of placement constraint objects to use for the task. You can specify up to 10 constraints per task (including constraints in the task definition and those specified at runtime). Detailed below. */ placementConstraints?: pulumi.Input[]>; /** * The placement strategy objects to use for the task. You can specify a maximum of five strategy rules per task. Detailed below. */ placementStrategies?: pulumi.Input[]>; /** * Specifies the platform version for the task. Specify only the numeric portion of the platform version, such as 1.1.0. This structure is used only if LaunchType is FARGATE. */ platformVersion?: pulumi.Input; /** * Specifies whether to propagate the tags from the task definition to the task. If no value is specified, the tags are not propagated. Tags can only be propagated to the task during task creation. To add tags to a task after task creation, use the TagResource API action. Valid Values: TASK_DEFINITION */ propagateTags?: pulumi.Input; /** * The reference ID to use for the task. Maximum length of 1,024. */ referenceId?: pulumi.Input; /** * Key-value mapping of resource tags. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. */ tags?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * The number of tasks to create based on TaskDefinition. The default is 1. */ taskCount?: pulumi.Input; /** * The ARN of the task definition to use if the event target is an Amazon ECS task. */ taskDefinitionArn: pulumi.Input; } export interface PipeTargetParametersEcsTaskParametersCapacityProviderStrategy { /** * The base value designates how many tasks, at a minimum, to run on the specified capacity provider. Only one capacity provider in a capacity provider strategy can have a base defined. If no value is specified, the default value of 0 is used. Maximum value of 100,000. */ base?: pulumi.Input; /** * The short name of the capacity provider. Maximum value of 255. */ capacityProvider: pulumi.Input; /** * The weight value designates the relative percentage of the total number of tasks launched that should use the specified capacity provider. The weight value is taken into consideration after the base value, if defined, is satisfied. Maximum value of 1,000. */ weight?: pulumi.Input; } export interface PipeTargetParametersEcsTaskParametersNetworkConfiguration { /** * Use this structure to specify the VPC subnets and security groups for the task, and whether a public IP address is to be used. This structure is relevant only for ECS tasks that use the awsvpc network mode. Detailed below. */ awsVpcConfiguration?: pulumi.Input; } export interface PipeTargetParametersEcsTaskParametersNetworkConfigurationAwsVpcConfiguration { /** * Specifies whether the task's elastic network interface receives a public IP address. You can specify ENABLED only when LaunchType in EcsParameters is set to FARGATE. Valid Values: ENABLED, DISABLED. */ assignPublicIp?: pulumi.Input; securityGroups?: pulumi.Input[]>; subnets?: pulumi.Input[]>; } export interface PipeTargetParametersEcsTaskParametersOverrides { /** * One or more container overrides that are sent to a task. Detailed below. */ containerOverrides?: pulumi.Input[]>; /** * The number of cpu units reserved for the container, instead of the default value from the task definition. You must also specify a container name. */ cpu?: pulumi.Input; /** * The ephemeral storage setting override for the task. Detailed below. */ ephemeralStorage?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the task execution IAM role override for the task. */ executionRoleArn?: pulumi.Input; /** * List of Elastic Inference accelerator overrides for the task. Detailed below. */ inferenceAcceleratorOverrides?: pulumi.Input[]>; /** * The hard limit (in MiB) of memory to present to the container, instead of the default value from the task definition. If your container attempts to exceed the memory specified here, the container is killed. You must also specify a container name. */ memory?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the IAM role that containers in this task can assume. All containers in this task are granted the permissions that are specified in this role. */ taskRoleArn?: pulumi.Input; } export interface PipeTargetParametersEcsTaskParametersOverridesContainerOverride { /** * List of commands to send to the container that overrides the default command from the Docker image or the task definition. You must also specify a container name. */ commands?: pulumi.Input[]>; /** * The number of cpu units reserved for the container, instead of the default value from the task definition. You must also specify a container name. */ cpu?: pulumi.Input; /** * A list of files containing the environment variables to pass to a container, instead of the value from the container definition. Detailed below. */ environmentFiles?: pulumi.Input[]>; /** * The environment variables to send to the container. You can add new environment variables, which are added to the container at launch, or you can override the existing environment variables from the Docker image or the task definition. You must also specify a container name. Detailed below. */ environments?: pulumi.Input[]>; /** * The hard limit (in MiB) of memory to present to the container, instead of the default value from the task definition. If your container attempts to exceed the memory specified here, the container is killed. You must also specify a container name. */ memory?: pulumi.Input; /** * The soft limit (in MiB) of memory to reserve for the container, instead of the default value from the task definition. You must also specify a container name. */ memoryReservation?: pulumi.Input; /** * Name of the pipe. If omitted, the provider will assign a random, unique name. Conflicts with `namePrefix`. */ name?: pulumi.Input; /** * The type and amount of a resource to assign to a container, instead of the default value from the task definition. The only supported resource is a GPU. Detailed below. */ resourceRequirements?: pulumi.Input[]>; } export interface PipeTargetParametersEcsTaskParametersOverridesContainerOverrideEnvironment { /** * Name of the pipe. If omitted, the provider will assign a random, unique name. Conflicts with `namePrefix`. */ name?: pulumi.Input; /** * Value of parameter to start execution of a SageMaker AI Model Building Pipeline. Maximum length of 1024. */ value?: pulumi.Input; } export interface PipeTargetParametersEcsTaskParametersOverridesContainerOverrideEnvironmentFile { /** * The type of placement strategy. The random placement strategy randomly places tasks on available candidates. The spread placement strategy spreads placement across available candidates evenly based on the field parameter. The binpack strategy places tasks on available candidates that have the least available amount of the resource that is specified with the field parameter. For example, if you binpack on memory, a task is placed on the instance with the least amount of remaining memory (but still enough to run the task). Valid Values: random, spread, binpack. */ type: pulumi.Input; /** * Value of parameter to start execution of a SageMaker AI Model Building Pipeline. Maximum length of 1024. */ value: pulumi.Input; } export interface PipeTargetParametersEcsTaskParametersOverridesContainerOverrideResourceRequirement { /** * The type of placement strategy. The random placement strategy randomly places tasks on available candidates. The spread placement strategy spreads placement across available candidates evenly based on the field parameter. The binpack strategy places tasks on available candidates that have the least available amount of the resource that is specified with the field parameter. For example, if you binpack on memory, a task is placed on the instance with the least amount of remaining memory (but still enough to run the task). Valid Values: random, spread, binpack. */ type: pulumi.Input; /** * Value of parameter to start execution of a SageMaker AI Model Building Pipeline. Maximum length of 1024. */ value: pulumi.Input; } export interface PipeTargetParametersEcsTaskParametersOverridesEphemeralStorage { /** * The total amount, in GiB, of ephemeral storage to set for the task. The minimum supported value is 21 GiB and the maximum supported value is 200 GiB. */ sizeInGib: pulumi.Input; } export interface PipeTargetParametersEcsTaskParametersOverridesInferenceAcceleratorOverride { /** * The Elastic Inference accelerator device name to override for the task. This parameter must match a deviceName specified in the task definition. */ deviceName?: pulumi.Input; /** * The Elastic Inference accelerator type to use. */ deviceType?: pulumi.Input; } export interface PipeTargetParametersEcsTaskParametersPlacementConstraint { /** * A cluster query language expression to apply to the constraint. You cannot specify an expression if the constraint type is distinctInstance. Maximum length of 2,000. */ expression?: pulumi.Input; /** * The type of placement strategy. The random placement strategy randomly places tasks on available candidates. The spread placement strategy spreads placement across available candidates evenly based on the field parameter. The binpack strategy places tasks on available candidates that have the least available amount of the resource that is specified with the field parameter. For example, if you binpack on memory, a task is placed on the instance with the least amount of remaining memory (but still enough to run the task). Valid Values: random, spread, binpack. */ type?: pulumi.Input; } export interface PipeTargetParametersEcsTaskParametersPlacementStrategy { /** * The field to apply the placement strategy against. For the spread placement strategy, valid values are instanceId (or host, which has the same effect), or any platform or custom attribute that is applied to a container instance, such as attribute:ecs.availability-zone. For the binpack placement strategy, valid values are cpu and memory. For the random placement strategy, this field is not used. Maximum length of 255. */ field?: pulumi.Input; /** * The type of placement strategy. The random placement strategy randomly places tasks on available candidates. The spread placement strategy spreads placement across available candidates evenly based on the field parameter. The binpack strategy places tasks on available candidates that have the least available amount of the resource that is specified with the field parameter. For example, if you binpack on memory, a task is placed on the instance with the least amount of remaining memory (but still enough to run the task). Valid Values: random, spread, binpack. */ type?: pulumi.Input; } export interface PipeTargetParametersEventbridgeEventBusParameters { /** * A free-form string, with a maximum of 128 characters, used to decide what fields to expect in the event detail. */ detailType?: pulumi.Input; /** * The URL subdomain of the endpoint. For example, if the URL for Endpoint is https://abcde.veo.endpoints.event.amazonaws.com, then the EndpointId is abcde.veo. */ endpointId?: pulumi.Input; /** * List of AWS resources, identified by Amazon Resource Name (ARN), which the event primarily concerns. Any number, including zero, may be present. */ resources?: pulumi.Input[]>; /** * Source resource of the pipe. This field typically requires an ARN (Amazon Resource Name). However, when using a self-managed Kafka cluster, you should use a different format. Instead of an ARN, use 'smk://' followed by the bootstrap server's address. */ source?: pulumi.Input; /** * The time stamp of the event, per RFC3339. If no time stamp is provided, the time stamp of the PutEvents call is used. This is the JSON path to the field in the event e.g. $.detail.timestamp */ time?: pulumi.Input; } export interface PipeTargetParametersHttpParameters { headerParameters?: pulumi.Input<{[key: string]: pulumi.Input}>; pathParameterValues?: pulumi.Input; queryStringParameters?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface PipeTargetParametersKinesisStreamParameters { /** * Determines which shard in the stream the data record is assigned to. Partition keys are Unicode strings with a maximum length limit of 256 characters for each key. Amazon Kinesis Data Streams uses the partition key as input to a hash function that maps the partition key and associated data to a specific shard. Specifically, an MD5 hash function is used to map partition keys to 128-bit integer values and to map associated data records to shards. As a result of this hashing mechanism, all data records with the same partition key map to the same shard within the stream. */ partitionKey: pulumi.Input; } export interface PipeTargetParametersLambdaFunctionParameters { /** * Specify whether to invoke the function synchronously or asynchronously. Valid Values: REQUEST_RESPONSE, FIRE_AND_FORGET. */ invocationType: pulumi.Input; } export interface PipeTargetParametersRedshiftDataParameters { /** * The name of the database. Required when authenticating using temporary credentials. */ database: pulumi.Input; /** * The database user name. Required when authenticating using temporary credentials. */ dbUser?: pulumi.Input; /** * The name or ARN of the secret that enables access to the database. Required when authenticating using Secrets Manager. */ secretManagerArn?: pulumi.Input; /** * List of SQL statements text to run, each of maximum length of 100,000. */ sqls: pulumi.Input[]>; /** * The name of the SQL statement. You can name the SQL statement when you create it to identify the query. */ statementName?: pulumi.Input; /** * Indicates whether to send an event back to EventBridge after the SQL statement runs. */ withEvent?: pulumi.Input; } export interface PipeTargetParametersSagemakerPipelineParameters { /** * List of Parameter names and values for SageMaker AI Model Building Pipeline execution. Detailed below. */ pipelineParameters?: pulumi.Input[]>; } export interface PipeTargetParametersSagemakerPipelineParametersPipelineParameter { /** * Name of the pipe. If omitted, the provider will assign a random, unique name. Conflicts with `namePrefix`. */ name: pulumi.Input; /** * Value of parameter to start execution of a SageMaker AI Model Building Pipeline. Maximum length of 1024. */ value: pulumi.Input; } export interface PipeTargetParametersSqsQueueParameters { /** * This parameter applies only to FIFO (first-in-first-out) queues. The token used for deduplication of sent messages. */ messageDeduplicationId?: pulumi.Input; /** * The FIFO message group ID to use as the target. */ messageGroupId?: pulumi.Input; } export interface PipeTargetParametersStepFunctionStateMachineParameters { /** * Specify whether to invoke the function synchronously or asynchronously. Valid Values: REQUEST_RESPONSE, FIRE_AND_FORGET. */ invocationType: pulumi.Input; } } export namespace polly { export interface GetVoicesVoice { /** * Additional codes for languages available for the specified voice in addition to its default language. */ additionalLanguageCodes?: string[]; /** * Gender of the voice. */ gender?: string; /** * Amazon Polly assigned voice ID. */ id?: string; /** * Language identification tag for filtering the list of voices returned. If not specified, all available voices are returned. */ languageCode?: string; /** * Human readable name of the language in English. */ languageName?: string; /** * Name of the voice. */ name?: string; /** * Specifies which engines are supported by a given voice. */ supportedEngines?: string[]; } export interface GetVoicesVoiceArgs { /** * Additional codes for languages available for the specified voice in addition to its default language. */ additionalLanguageCodes?: pulumi.Input[]>; /** * Gender of the voice. */ gender?: pulumi.Input; /** * Amazon Polly assigned voice ID. */ id?: pulumi.Input; /** * Language identification tag for filtering the list of voices returned. If not specified, all available voices are returned. */ languageCode?: pulumi.Input; /** * Human readable name of the language in English. */ languageName?: pulumi.Input; /** * Name of the voice. */ name?: pulumi.Input; /** * Specifies which engines are supported by a given voice. */ supportedEngines?: pulumi.Input[]>; } } export namespace pricing { export interface GetProductFilter { /** * Product attribute name that you want to filter on. */ field: string; /** * Product attribute value that you want to filter on. */ value: string; } export interface GetProductFilterArgs { /** * Product attribute name that you want to filter on. */ field: pulumi.Input; /** * Product attribute value that you want to filter on. */ value: pulumi.Input; } } export namespace qbusiness { export interface ApplicationAttachmentsConfiguration { /** * Status information about whether file upload functionality is activated or deactivated for your end user. Valid values are `ENABLED` and `DISABLED`. */ attachmentsControlMode: pulumi.Input; } export interface ApplicationEncryptionConfiguration { /** * Identifier of the AWS KMS key that is used to encrypt your data. Amazon Q doesn't support asymmetric keys. */ kmsKeyId: pulumi.Input; } export interface ApplicationTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } } export namespace qldb { export interface StreamKinesisConfiguration { /** * Enables QLDB to publish multiple data records in a single Kinesis Data Streams record, increasing the number of records sent per API call. Default: `true`. */ aggregationEnabled?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Kinesis Data Streams resource. */ streamArn: pulumi.Input; } } export namespace quicksight { export interface AccountSettingsTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface AnalysisParameters { /** * A list of parameters that have a data type of date-time. See [AWS API Documentation for complete description](https://docs.aws.amazon.com/quicksight/latest/APIReference/API_DateTimeParameter.html). */ dateTimeParameters?: pulumi.Input[]>; /** * A list of parameters that have a data type of decimal. See [AWS API Documentation for complete description](https://docs.aws.amazon.com/quicksight/latest/APIReference/API_DecimalParameter.html). */ decimalParameters?: pulumi.Input[]>; /** * A list of parameters that have a data type of integer. See [AWS API Documentation for complete description](https://docs.aws.amazon.com/quicksight/latest/APIReference/API_IntegerParameter.html). */ integerParameters?: pulumi.Input[]>; /** * A list of parameters that have a data type of string. See [AWS API Documentation for complete description](https://docs.aws.amazon.com/quicksight/latest/APIReference/API_StringParameter.html). */ stringParameters?: pulumi.Input[]>; } export interface AnalysisParametersDateTimeParameter { /** * Display name for the analysis. * * The following arguments are optional: */ name: pulumi.Input; values: pulumi.Input[]>; } export interface AnalysisParametersDecimalParameter { /** * Display name for the analysis. * * The following arguments are optional: */ name: pulumi.Input; values: pulumi.Input[]>; } export interface AnalysisParametersIntegerParameter { /** * Display name for the analysis. * * The following arguments are optional: */ name: pulumi.Input; values: pulumi.Input[]>; } export interface AnalysisParametersStringParameter { /** * Display name for the analysis. * * The following arguments are optional: */ name: pulumi.Input; values: pulumi.Input[]>; } export interface AnalysisPermission { /** * List of IAM actions to grant or revoke permissions on. */ actions: pulumi.Input[]>; /** * ARN of the principal. See the [ResourcePermission documentation](https://docs.aws.amazon.com/quicksight/latest/APIReference/API_ResourcePermission.html) for the applicable ARN values. */ principal: pulumi.Input; } export interface AnalysisSourceEntity { /** * The source template. See source_template. */ sourceTemplate?: pulumi.Input; } export interface AnalysisSourceEntitySourceTemplate { /** * The Amazon Resource Name (ARN) of the resource. */ arn: pulumi.Input; /** * List of dataset references. See data_set_references. */ dataSetReferences: pulumi.Input[]>; } export interface AnalysisSourceEntitySourceTemplateDataSetReference { /** * Dataset Amazon Resource Name (ARN). */ dataSetArn: pulumi.Input; /** * Dataset placeholder. */ dataSetPlaceholder: pulumi.Input; } export interface CustomPermissionsCapabilities { /** * The ability to add or run anomaly detection. Valid values: `DENY`. */ addOrRunAnomalyDetectionForAnalyses?: pulumi.Input; /** * The ability to create and update email reports. Valid values: `DENY`. */ createAndUpdateDashboardEmailReports?: pulumi.Input; /** * The ability to create and update data sources. Valid values: `DENY`. */ createAndUpdateDataSources?: pulumi.Input; /** * The ability to create and update datasets. Valid values: `DENY`. */ createAndUpdateDatasets?: pulumi.Input; /** * The ability to export to create and update themes. Valid values: `DENY`. */ createAndUpdateThemes?: pulumi.Input; /** * The ability to create and update threshold alerts. Valid values: `DENY`. */ createAndUpdateThresholdAlerts?: pulumi.Input; /** * The ability to create shared folders. Valid values: `DENY`. */ createSharedFolders?: pulumi.Input; /** * The ability to create a SPICE dataset. Valid values: `DENY`. */ createSpiceDataset?: pulumi.Input; /** * The ability to export to CSV files from the UI. Valid values: `DENY`. */ exportToCsv?: pulumi.Input; /** * The ability to export to CSV files in scheduled email reports. Valid values: `DENY`. */ exportToCsvInScheduledReports?: pulumi.Input; /** * The ability to export to Excel files from the UI. Valid values: `DENY`. */ exportToExcel?: pulumi.Input; /** * The ability to export to Excel files in scheduled email reports. Valid values: `DENY`. */ exportToExcelInScheduledReports?: pulumi.Input; /** * The ability to export to PDF files from the UI. Valid values: `DENY`. */ exportToPdf?: pulumi.Input; /** * The ability to export to PDF files in scheduled email reports. Valid values: `DENY`. */ exportToPdfInScheduledReports?: pulumi.Input; /** * The ability to include content in scheduled email reports. Valid values: `DENY`. */ includeContentInScheduledReportsEmail?: pulumi.Input; /** * The ability to print reports. Valid values: `DENY`. */ printReports?: pulumi.Input; /** * The ability to rename shared folders. Valid values: `DENY`. */ renameSharedFolders?: pulumi.Input; /** * The ability to share analyses. Valid values: `DENY`. */ shareAnalyses?: pulumi.Input; /** * The ability to share dashboards. Valid values: `DENY`. */ shareDashboards?: pulumi.Input; /** * The ability to share data sources. Valid values: `DENY`. */ shareDataSources?: pulumi.Input; /** * The ability to share datasets. Valid values: `DENY`. */ shareDatasets?: pulumi.Input; /** * The ability to subscribe to email reports. Valid values: `DENY`. */ subscribeDashboardEmailReports?: pulumi.Input; /** * The ability to view account SPICE capacity. Valid values: `DENY`. */ viewAccountSpiceCapacity?: pulumi.Input; } export interface DashboardDashboardPublishOptions { /** * Ad hoc (one-time) filtering option. See ad_hoc_filtering_option. */ adHocFilteringOption?: pulumi.Input; /** * The drill-down options of data points in a dashboard. See data_point_drill_up_down_option. */ dataPointDrillUpDownOption?: pulumi.Input; /** * The data point menu label options of a dashboard. See data_point_menu_label_option. */ dataPointMenuLabelOption?: pulumi.Input; /** * The data point tool tip options of a dashboard. See data_point_tooltip_option. */ dataPointTooltipOption?: pulumi.Input; /** * Export to .csv option. See export_to_csv_option. */ exportToCsvOption?: pulumi.Input; /** * Determines if hidden fields are exported with a dashboard. See export_with_hidden_fields_option. */ exportWithHiddenFieldsOption?: pulumi.Input; /** * Sheet controls option. See sheet_controls_option. */ sheetControlsOption?: pulumi.Input; /** * The sheet layout maximization options of a dashboard. See sheet_layout_element_maximization_option. */ sheetLayoutElementMaximizationOption?: pulumi.Input; /** * The axis sort options of a dashboard. See visual_axis_sort_option. */ visualAxisSortOption?: pulumi.Input; /** * The menu options of a visual in a dashboard. See visual_menu_option. */ visualMenuOption?: pulumi.Input; } export interface DashboardDashboardPublishOptionsAdHocFilteringOption { /** * Availability status. Possibles values: ENABLED, DISABLED. */ availabilityStatus?: pulumi.Input; } export interface DashboardDashboardPublishOptionsDataPointDrillUpDownOption { /** * Availability status. Possibles values: ENABLED, DISABLED. */ availabilityStatus?: pulumi.Input; } export interface DashboardDashboardPublishOptionsDataPointMenuLabelOption { /** * Availability status. Possibles values: ENABLED, DISABLED. */ availabilityStatus?: pulumi.Input; } export interface DashboardDashboardPublishOptionsDataPointTooltipOption { /** * Availability status. Possibles values: ENABLED, DISABLED. */ availabilityStatus?: pulumi.Input; } export interface DashboardDashboardPublishOptionsExportToCsvOption { /** * Availability status. Possibles values: ENABLED, DISABLED. */ availabilityStatus?: pulumi.Input; } export interface DashboardDashboardPublishOptionsExportWithHiddenFieldsOption { /** * Availability status. Possibles values: ENABLED, DISABLED. */ availabilityStatus?: pulumi.Input; } export interface DashboardDashboardPublishOptionsSheetControlsOption { /** * Visibility state. Possibles values: EXPANDED, COLLAPSED. */ visibilityState?: pulumi.Input; } export interface DashboardDashboardPublishOptionsSheetLayoutElementMaximizationOption { /** * Availability status. Possibles values: ENABLED, DISABLED. */ availabilityStatus?: pulumi.Input; } export interface DashboardDashboardPublishOptionsVisualAxisSortOption { /** * Availability status. Possibles values: ENABLED, DISABLED. */ availabilityStatus?: pulumi.Input; } export interface DashboardDashboardPublishOptionsVisualMenuOption { /** * Availability status. Possibles values: ENABLED, DISABLED. */ availabilityStatus?: pulumi.Input; } export interface DashboardParameters { /** * A list of parameters that have a data type of date-time. See [AWS API Documentation for complete description](https://docs.aws.amazon.com/quicksight/latest/APIReference/API_DateTimeParameter.html). */ dateTimeParameters?: pulumi.Input[]>; /** * A list of parameters that have a data type of decimal. See [AWS API Documentation for complete description](https://docs.aws.amazon.com/quicksight/latest/APIReference/API_DecimalParameter.html). */ decimalParameters?: pulumi.Input[]>; /** * A list of parameters that have a data type of integer. See [AWS API Documentation for complete description](https://docs.aws.amazon.com/quicksight/latest/APIReference/API_IntegerParameter.html). */ integerParameters?: pulumi.Input[]>; /** * A list of parameters that have a data type of string. See [AWS API Documentation for complete description](https://docs.aws.amazon.com/quicksight/latest/APIReference/API_StringParameter.html). */ stringParameters?: pulumi.Input[]>; } export interface DashboardParametersDateTimeParameter { /** * Display name for the dashboard. */ name: pulumi.Input; values: pulumi.Input[]>; } export interface DashboardParametersDecimalParameter { /** * Display name for the dashboard. */ name: pulumi.Input; values: pulumi.Input[]>; } export interface DashboardParametersIntegerParameter { /** * Display name for the dashboard. */ name: pulumi.Input; values: pulumi.Input[]>; } export interface DashboardParametersStringParameter { /** * Display name for the dashboard. */ name: pulumi.Input; values: pulumi.Input[]>; } export interface DashboardPermission { /** * List of IAM actions to grant or revoke permissions on. */ actions: pulumi.Input[]>; /** * ARN of the principal. See the [ResourcePermission documentation](https://docs.aws.amazon.com/quicksight/latest/APIReference/API_ResourcePermission.html) for the applicable ARN values. */ principal: pulumi.Input; } export interface DashboardSourceEntity { /** * The source template. See source_template. */ sourceTemplate?: pulumi.Input; } export interface DashboardSourceEntitySourceTemplate { /** * The Amazon Resource Name (ARN) of the resource. */ arn: pulumi.Input; /** * List of dataset references. See data_set_references. */ dataSetReferences: pulumi.Input[]>; } export interface DashboardSourceEntitySourceTemplateDataSetReference { /** * Dataset Amazon Resource Name (ARN). */ dataSetArn: pulumi.Input; /** * Dataset placeholder. */ dataSetPlaceholder: pulumi.Input; } export interface DataSetColumnGroup { /** * Geospatial column group that denotes a hierarchy. See geo_spatial_column_group. */ geoSpatialColumnGroup?: pulumi.Input; } export interface DataSetColumnGroupGeoSpatialColumnGroup { /** * Columns in this hierarchy. */ columns: pulumi.Input[]>; /** * Country code. Valid values are `US`. */ countryCode: pulumi.Input; /** * A display name for the hierarchy. */ name: pulumi.Input; } export interface DataSetColumnLevelPermissionRule { /** * An array of column names. */ columnNames?: pulumi.Input[]>; /** * An array of ARNs for Amazon QuickSight users or groups. */ principals?: pulumi.Input[]>; } export interface DataSetDataSetUsageConfiguration { /** * Controls whether a child dataset of a direct query can use this dataset as a source. */ disableUseAsDirectQuerySource?: pulumi.Input; /** * Controls whether a child dataset that's stored in QuickSight can use this dataset as a source. */ disableUseAsImportedSource?: pulumi.Input; } export interface DataSetFieldFolder { /** * An array of column names to add to the folder. A column can only be in one folder. */ columns?: pulumi.Input[]>; /** * Field folder description. */ description?: pulumi.Input; /** * Key of the field folder map. */ fieldFoldersId: pulumi.Input; } export interface DataSetLogicalTableMap { /** * A display name for the logical table. */ alias: pulumi.Input; /** * Transform operations that act on this logical table. For this structure to be valid, only one of the attributes can be non-null. See data_transforms. */ dataTransforms?: pulumi.Input[]>; /** * Key of the logical table map. */ logicalTableMapId: pulumi.Input; /** * Source of this logical table. See source. */ source: pulumi.Input; } export interface DataSetLogicalTableMapDataTransform { /** * A transform operation that casts a column to a different type. See cast_column_type_operation. */ castColumnTypeOperation?: pulumi.Input; /** * An operation that creates calculated columns. Columns created in one such operation form a lexical closure. See create_columns_operation. */ createColumnsOperation?: pulumi.Input; /** * An operation that filters rows based on some condition. See filter_operation. */ filterOperation?: pulumi.Input; /** * An operation that projects columns. Operations that come after a projection can only refer to projected columns. See project_operation. */ projectOperation?: pulumi.Input; /** * An operation that renames a column. See rename_column_operation. */ renameColumnOperation?: pulumi.Input; /** * An operation that tags a column with additional information. See tag_column_operation. */ tagColumnOperation?: pulumi.Input; /** * A transform operation that removes tags associated with a column. See untag_column_operation. */ untagColumnOperation?: pulumi.Input; } export interface DataSetLogicalTableMapDataTransformCastColumnTypeOperation { /** * Column name. */ columnName: pulumi.Input; /** * When casting a column from string to datetime type, you can supply a string in a format supported by Amazon QuickSight to denote the source data format. */ format?: pulumi.Input; /** * New column data type. Valid values are `STRING`, `INTEGER`, `DECIMAL`, `DATETIME`. */ newColumnType: pulumi.Input; } export interface DataSetLogicalTableMapDataTransformCreateColumnsOperation { /** * Calculated columns to create. See columns. */ columns: pulumi.Input[]>; } export interface DataSetLogicalTableMapDataTransformCreateColumnsOperationColumn { /** * A unique ID to identify a calculated column. During a dataset update, if the column ID of a calculated column matches that of an existing calculated column, Amazon QuickSight preserves the existing calculated column. */ columnId: pulumi.Input; /** * Column name. */ columnName: pulumi.Input; /** * An expression that defines the calculated column. */ expression: pulumi.Input; } export interface DataSetLogicalTableMapDataTransformFilterOperation { /** * An expression that must evaluate to a Boolean value. Rows for which the expression evaluates to true are kept in the dataset. */ conditionExpression: pulumi.Input; } export interface DataSetLogicalTableMapDataTransformProjectOperation { /** * Projected columns. */ projectedColumns: pulumi.Input[]>; } export interface DataSetLogicalTableMapDataTransformRenameColumnOperation { /** * Column to be renamed. */ columnName: pulumi.Input; /** * New name for the column. */ newColumnName: pulumi.Input; } export interface DataSetLogicalTableMapDataTransformTagColumnOperation { /** * Column name. */ columnName: pulumi.Input; /** * The dataset column tag, currently only used for geospatial type tagging. See tags. */ tags: pulumi.Input[]>; } export interface DataSetLogicalTableMapDataTransformTagColumnOperationTag { /** * A description for a column. See column_description. */ columnDescription?: pulumi.Input; /** * A geospatial role for a column. Valid values are `COUNTRY`, `STATE`, `COUNTY`, `CITY`, `POSTCODE`, `LONGITUDE`, and `LATITUDE`. */ columnGeographicRole?: pulumi.Input; } export interface DataSetLogicalTableMapDataTransformTagColumnOperationTagColumnDescription { /** * The text of a description for a column. */ text?: pulumi.Input; } export interface DataSetLogicalTableMapDataTransformUntagColumnOperation { /** * Column name. */ columnName: pulumi.Input; /** * The column tags to remove from this column. */ tagNames: pulumi.Input[]>; } export interface DataSetLogicalTableMapSource { /** * ARN of the parent data set. */ dataSetArn?: pulumi.Input; /** * Specifies the result of a join of two logical tables. See join_instruction. */ joinInstruction?: pulumi.Input; /** * Physical table ID. */ physicalTableId?: pulumi.Input; } export interface DataSetLogicalTableMapSourceJoinInstruction { /** * Join key properties of the left operand. See left_join_key_properties. */ leftJoinKeyProperties?: pulumi.Input; /** * Operand on the left side of a join. */ leftOperand: pulumi.Input; /** * Join instructions provided in the ON clause of a join. */ onClause: pulumi.Input; /** * Join key properties of the right operand. See right_join_key_properties. */ rightJoinKeyProperties?: pulumi.Input; /** * Operand on the right side of a join. */ rightOperand: pulumi.Input; /** * Type of join. Valid values are `INNER`, `OUTER`, `LEFT`, and `RIGHT`. */ type: pulumi.Input; } export interface DataSetLogicalTableMapSourceJoinInstructionLeftJoinKeyProperties { /** * A value that indicates that a row in a table is uniquely identified by the columns in a join key. This is used by Amazon QuickSight to optimize query performance. */ uniqueKey?: pulumi.Input; } export interface DataSetLogicalTableMapSourceJoinInstructionRightJoinKeyProperties { /** * A value that indicates that a row in a table is uniquely identified by the columns in a join key. This is used by Amazon QuickSight to optimize query performance. */ uniqueKey?: pulumi.Input; } export interface DataSetOutputColumn { /** * The description of the column. */ description?: pulumi.Input; /** * Display name for the dataset. * * The following arguments are optional: */ name?: pulumi.Input; /** * The data type of the column. */ type?: pulumi.Input; } export interface DataSetPermission { /** * List of IAM actions to grant or revoke permissions on. */ actions: pulumi.Input[]>; /** * ARN of the principal. See the [ResourcePermission documentation](https://docs.aws.amazon.com/quicksight/latest/APIReference/API_ResourcePermission.html) for the applicable ARN values. */ principal: pulumi.Input; } export interface DataSetPhysicalTableMap { /** * A physical table type built from the results of the custom SQL query. See custom_sql. */ customSql?: pulumi.Input; /** * Key of the physical table map. */ physicalTableMapId: pulumi.Input; /** * A physical table type for relational data sources. See relational_table. */ relationalTable?: pulumi.Input; /** * A physical table type for as S3 data source. See s3_source. */ s3Source?: pulumi.Input; } export interface DataSetPhysicalTableMapCustomSql { /** * Column schema from the SQL query result set. See columns. */ columns?: pulumi.Input[]>; /** * ARN of the data source. */ dataSourceArn: pulumi.Input; /** * Display name for the SQL query result. */ name: pulumi.Input; /** * SQL query. */ sqlQuery: pulumi.Input; } export interface DataSetPhysicalTableMapCustomSqlColumn { /** * Name of this column in the underlying data source. */ name: pulumi.Input; /** * Data type of the column. */ type: pulumi.Input; } export interface DataSetPhysicalTableMapRelationalTable { /** * Catalog associated with the table. */ catalog?: pulumi.Input; /** * ARN of the data source. */ dataSourceArn: pulumi.Input; /** * Column schema of the table. See input_columns. */ inputColumns: pulumi.Input[]>; /** * Name of the relational table. */ name: pulumi.Input; /** * Schema name. This name applies to certain relational database engines. */ schema?: pulumi.Input; } export interface DataSetPhysicalTableMapRelationalTableInputColumn { /** * Name of this column in the underlying data source. */ name: pulumi.Input; /** * Data type of the column. */ type: pulumi.Input; } export interface DataSetPhysicalTableMapS3Source { /** * ARN of the data source. */ dataSourceArn: pulumi.Input; /** * Column schema of the table. See input_columns. */ inputColumns: pulumi.Input[]>; /** * Information about the format for the S3 source file or files. See upload_settings. */ uploadSettings: pulumi.Input; } export interface DataSetPhysicalTableMapS3SourceInputColumn { /** * Name of this column in the underlying data source. */ name: pulumi.Input; /** * Data type of the column. */ type: pulumi.Input; } export interface DataSetPhysicalTableMapS3SourceUploadSettings { /** * Whether the file has a header row, or the files each have a header row. */ containsHeader?: pulumi.Input; /** * Delimiter between values in the file. */ delimiter?: pulumi.Input; /** * File format. Valid values are `CSV`, `TSV`, `CLF`, `ELF`, `XLSX`, and `JSON`. */ format?: pulumi.Input; /** * A row number to start reading data from. */ startFromRow?: pulumi.Input; /** * Text qualifier. Valid values are `DOUBLE_QUOTE` and `SINGLE_QUOTE`. */ textQualifier?: pulumi.Input; } export interface DataSetRefreshProperties { /** * The refresh configuration for the data set. See refresh_configuration. */ refreshConfiguration: pulumi.Input; } export interface DataSetRefreshPropertiesRefreshConfiguration { /** * The incremental refresh for the data set. See incremental_refresh. */ incrementalRefresh: pulumi.Input; } export interface DataSetRefreshPropertiesRefreshConfigurationIncrementalRefresh { /** * The lookback window setup for an incremental refresh configuration. See lookback_window. */ lookbackWindow: pulumi.Input; } export interface DataSetRefreshPropertiesRefreshConfigurationIncrementalRefreshLookbackWindow { /** * The name of the lookback window column. */ columnName: pulumi.Input; /** * The lookback window column size. */ size: pulumi.Input; /** * The size unit that is used for the lookback window column. Valid values for this structure are `HOUR`, `DAY`, and `WEEK`. */ sizeUnit: pulumi.Input; } export interface DataSetRowLevelPermissionDataSet { /** * ARN of the dataset that contains permissions for RLS. */ arn: pulumi.Input; /** * User or group rules associated with the dataset that contains permissions for RLS. */ formatVersion?: pulumi.Input; /** * Namespace associated with the dataset that contains permissions for RLS. */ namespace?: pulumi.Input; /** * Type of permissions to use when interpreting the permissions for RLS. Valid values are `GRANT_ACCESS` and `DENY_ACCESS`. */ permissionPolicy: pulumi.Input; /** * Status of the row-level security permission dataset. If enabled, the status is `ENABLED`. If disabled, the status is `DISABLED`. */ status?: pulumi.Input; } export interface DataSetRowLevelPermissionTagConfiguration { /** * The status of row-level security tags. If enabled, the status is `ENABLED`. If disabled, the status is `DISABLED`. */ status?: pulumi.Input; /** * A set of rules associated with row-level security, such as the tag names and columns that they are assigned to. See tag_rules. */ tagRules: pulumi.Input[]>; } export interface DataSetRowLevelPermissionTagConfigurationTagRule { /** * Column name that a tag key is assigned to. */ columnName: pulumi.Input; /** * A string that you want to use to filter by all the values in a column in the dataset and don’t want to list the values one by one. */ matchAllValue?: pulumi.Input; /** * Unique key for a tag. */ tagKey: pulumi.Input; /** * A string that you want to use to delimit the values when you pass the values at run time. */ tagMultiValueDelimiter?: pulumi.Input; } export interface DataSourceCredentials { /** * The Amazon Resource Name (ARN) of a data source that has the credential pair that you want to use. * When the value is not null, the `credentialPair` from the data source in the ARN is used. */ copySourceArn?: pulumi.Input; /** * Credential pair. See Credential Pair below for more details. */ credentialPair?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the secret associated with the data source in Amazon Secrets Manager. */ secretArn?: pulumi.Input; } export interface DataSourceCredentialsCredentialPair { /** * Password, maximum length of 1024 characters. */ password: pulumi.Input; /** * User name, maximum length of 64 characters. */ username: pulumi.Input; } export interface DataSourceParameters { /** * Parameters for connecting to Amazon Elasticsearch. */ amazonElasticsearch?: pulumi.Input; /** * Parameters for connecting to Athena. */ athena?: pulumi.Input; /** * Parameters for connecting to Aurora MySQL. */ aurora?: pulumi.Input; /** * Parameters for connecting to Aurora Postgresql. */ auroraPostgresql?: pulumi.Input; /** * Parameters for connecting to AWS IOT Analytics. */ awsIotAnalytics?: pulumi.Input; /** * Parameters for connecting to Databricks. */ databricks?: pulumi.Input; /** * Parameters for connecting to Jira. */ jira?: pulumi.Input; /** * Parameters for connecting to MariaDB. */ mariaDb?: pulumi.Input; /** * Parameters for connecting to MySQL. */ mysql?: pulumi.Input; /** * Parameters for connecting to Oracle. */ oracle?: pulumi.Input; /** * Parameters for connecting to Postgresql. */ postgresql?: pulumi.Input; /** * Parameters for connecting to Presto. */ presto?: pulumi.Input; /** * Parameters for connecting to RDS. */ rds?: pulumi.Input; /** * Parameters for connecting to Redshift. */ redshift?: pulumi.Input; /** * Parameters for connecting to S3. */ s3?: pulumi.Input; /** * Parameters for connecting to ServiceNow. */ serviceNow?: pulumi.Input; /** * Parameters for connecting to Snowflake. */ snowflake?: pulumi.Input; /** * Parameters for connecting to Spark. */ spark?: pulumi.Input; /** * Parameters for connecting to SQL Server. */ sqlServer?: pulumi.Input; /** * Parameters for connecting to Teradata. */ teradata?: pulumi.Input; /** * Parameters for connecting to Twitter. */ twitter?: pulumi.Input; } export interface DataSourceParametersAmazonElasticsearch { /** * The OpenSearch domain. */ domain: pulumi.Input; } export interface DataSourceParametersAthena { /** * The work-group to which to connect. */ workGroup?: pulumi.Input; } export interface DataSourceParametersAurora { /** * The database to which to connect. */ database: pulumi.Input; /** * The host to which to connect. */ host: pulumi.Input; /** * The port to which to connect. */ port: pulumi.Input; } export interface DataSourceParametersAuroraPostgresql { /** * The database to which to connect. */ database: pulumi.Input; /** * The host to which to connect. */ host: pulumi.Input; /** * The port to which to connect. */ port: pulumi.Input; } export interface DataSourceParametersAwsIotAnalytics { /** * The name of the data set to which to connect. */ dataSetName: pulumi.Input; } export interface DataSourceParametersDatabricks { /** * The host name of the Databricks data source. */ host: pulumi.Input; /** * The port for the Databricks data source. */ port: pulumi.Input; /** * The HTTP path of the Databricks data source. */ sqlEndpointPath: pulumi.Input; } export interface DataSourceParametersJira { /** * The base URL of the Jira instance's site to which to connect. */ siteBaseUrl: pulumi.Input; } export interface DataSourceParametersMariaDb { /** * The database to which to connect. */ database: pulumi.Input; /** * The host to which to connect. */ host: pulumi.Input; /** * The port to which to connect. */ port: pulumi.Input; } export interface DataSourceParametersMysql { /** * The database to which to connect. */ database: pulumi.Input; /** * The host to which to connect. */ host: pulumi.Input; /** * The port to which to connect. */ port: pulumi.Input; } export interface DataSourceParametersOracle { /** * The database to which to connect. */ database: pulumi.Input; /** * The host to which to connect. */ host: pulumi.Input; /** * The port to which to connect. */ port: pulumi.Input; } export interface DataSourceParametersPostgresql { /** * The database to which to connect. */ database: pulumi.Input; /** * The host to which to connect. */ host: pulumi.Input; /** * The port to which to connect. */ port: pulumi.Input; } export interface DataSourceParametersPresto { /** * The catalog to which to connect. */ catalog: pulumi.Input; /** * The host to which to connect. */ host: pulumi.Input; /** * The port to which to connect. */ port: pulumi.Input; } export interface DataSourceParametersRds { /** * The database to which to connect. */ database: pulumi.Input; /** * The instance ID to which to connect. */ instanceId: pulumi.Input; } export interface DataSourceParametersRedshift { /** * The ID of the cluster to which to connect. */ clusterId?: pulumi.Input; /** * The database to which to connect. */ database: pulumi.Input; /** * The host to which to connect. */ host?: pulumi.Input; /** * The port to which to connect. */ port?: pulumi.Input; } export interface DataSourceParametersS3 { /** * An object containing the S3 location of the S3 manifest file. */ manifestFileLocation: pulumi.Input; /** * Use the `roleArn` to override an account-wide role for a specific S3 data source. For example, say an account administrator has turned off all S3 access with an account-wide role. The administrator can then use `roleArn` to bypass the account-wide role and allow S3 access for the single S3 data source that is specified in the structure, even if the account-wide role forbidding S3 access is still active. */ roleArn?: pulumi.Input; } export interface DataSourceParametersS3ManifestFileLocation { /** * The name of the bucket that contains the manifest file. */ bucket: pulumi.Input; /** * The key of the manifest file within the bucket. */ key: pulumi.Input; } export interface DataSourceParametersServiceNow { /** * The base URL of the Jira instance's site to which to connect. */ siteBaseUrl: pulumi.Input; } export interface DataSourceParametersSnowflake { /** * The database to which to connect. */ database: pulumi.Input; /** * The host to which to connect. */ host: pulumi.Input; /** * The warehouse to which to connect. */ warehouse: pulumi.Input; } export interface DataSourceParametersSpark { /** * The host to which to connect. */ host: pulumi.Input; /** * The warehouse to which to connect. */ port: pulumi.Input; } export interface DataSourceParametersSqlServer { /** * The database to which to connect. */ database: pulumi.Input; /** * The host to which to connect. */ host: pulumi.Input; /** * The warehouse to which to connect. */ port: pulumi.Input; } export interface DataSourceParametersTeradata { /** * The database to which to connect. */ database: pulumi.Input; /** * The host to which to connect. */ host: pulumi.Input; /** * The warehouse to which to connect. */ port: pulumi.Input; } export interface DataSourceParametersTwitter { /** * The maximum number of rows to query. */ maxRows: pulumi.Input; /** * The Twitter query to retrieve the data. */ query: pulumi.Input; } export interface DataSourcePermission { /** * Set of IAM actions to grant or revoke permissions on. Max of 16 items. */ actions: pulumi.Input[]>; /** * The Amazon Resource Name (ARN) of the principal. */ principal: pulumi.Input; } export interface DataSourceSslProperties { /** * A Boolean option to control whether SSL should be disabled. */ disableSsl: pulumi.Input; } export interface DataSourceVpcConnectionProperties { /** * The Amazon Resource Name (ARN) for the VPC connection. */ vpcConnectionArn: pulumi.Input; } export interface FolderPermission { /** * List of IAM actions to grant or revoke permissions on. */ actions: pulumi.Input[]>; /** * ARN of the principal. See the [ResourcePermission documentation](https://docs.aws.amazon.com/quicksight/latest/APIReference/API_ResourcePermission.html) for the applicable ARN values. */ principal: pulumi.Input; } export interface IamPolicyAssignmentIdentities { /** * Array of Quicksight group names to assign the policy to. */ groups?: pulumi.Input[]>; /** * Array of Quicksight user names to assign the policy to. */ users?: pulumi.Input[]>; } export interface KeyRegistrationKeyRegistration { /** * Whether the key is set as the default key for encryption and decryption use. */ defaultKey?: pulumi.Input; /** * ARN of the AWS KMS key that is registered for encryption and decryption use. */ keyArn: pulumi.Input; } export interface NamespaceTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; } export interface RefreshScheduleSchedule { /** * The type of refresh that the dataset undergoes. Valid values are `INCREMENTAL_REFRESH` and `FULL_REFRESH`. */ refreshType: pulumi.Input; /** * The configuration of the [schedule frequency](https://docs.aws.amazon.com/quicksight/latest/APIReference/API_RefreshFrequency.html). See schedule_frequency. */ scheduleFrequency: pulumi.Input; /** * Time after which the refresh schedule can be started, expressed in `YYYY-MM-DDTHH:MM:SS` format. */ startAfterDateTime?: pulumi.Input; } export interface RefreshScheduleScheduleScheduleFrequency { /** * The interval between scheduled refreshes. Valid values are `MINUTE15`, `MINUTE30`, `HOURLY`, `DAILY`, `WEEKLY` and `MONTHLY`. */ interval: pulumi.Input; /** * The [refresh on entity](https://docs.aws.amazon.com/quicksight/latest/APIReference/API_ScheduleRefreshOnEntity.html) configuration for weekly or monthly schedules. See refresh_on_day. */ refreshOnDay?: pulumi.Input; /** * The time of day that you want the dataset to refresh. This value is expressed in `HH:MM` format. This field is not required for schedules that refresh hourly. */ timeOfTheDay?: pulumi.Input; /** * The timezone that you want the refresh schedule to use. */ timezone?: pulumi.Input; } export interface RefreshScheduleScheduleScheduleFrequencyRefreshOnDay { /** * The day of the month that you want to schedule refresh on. */ dayOfMonth?: pulumi.Input; /** * The day of the week that you want to schedule a refresh on. Valid values are `SUNDAY`, `MONDAY`, `TUESDAY`, `WEDNESDAY`, `THURSDAY`, `FRIDAY` and `SATURDAY`. */ dayOfWeek?: pulumi.Input; } export interface TemplatePermission { /** * List of IAM actions to grant or revoke permissions on. */ actions: pulumi.Input[]>; /** * ARN of the principal. See the [ResourcePermission documentation](https://docs.aws.amazon.com/quicksight/latest/APIReference/API_ResourcePermission.html) for the applicable ARN values. */ principal: pulumi.Input; } export interface TemplateSourceEntity { /** * The source analysis, if it is based on an analysis.. Only one of `sourceAnalysis` or `sourceTemplate` should be configured. See source_analysis. */ sourceAnalysis?: pulumi.Input; /** * The source template, if it is based on an template.. Only one of `sourceAnalysis` or `sourceTemplate` should be configured. See source_template. */ sourceTemplate?: pulumi.Input; } export interface TemplateSourceEntitySourceAnalysis { /** * The Amazon Resource Name (ARN) of the resource. */ arn: pulumi.Input; /** * A list of dataset references used as placeholders in the template. See data_set_references. */ dataSetReferences: pulumi.Input[]>; } export interface TemplateSourceEntitySourceAnalysisDataSetReference { /** * Dataset Amazon Resource Name (ARN). */ dataSetArn: pulumi.Input; /** * Dataset placeholder. */ dataSetPlaceholder: pulumi.Input; } export interface TemplateSourceEntitySourceTemplate { /** * The Amazon Resource Name (ARN) of the resource. */ arn: pulumi.Input; } export interface ThemeConfiguration { /** * Color properties that apply to chart data colors. See data_color_palette. */ dataColorPalette?: pulumi.Input; /** * Display options related to sheets. See sheet. */ sheet?: pulumi.Input; /** * Determines the typography options. See typography. */ typography?: pulumi.Input; /** * Color properties that apply to the UI and to charts, excluding the colors that apply to data. See ui_color_palette. */ uiColorPalette?: pulumi.Input; } export interface ThemeConfigurationDataColorPalette { /** * List of hexadecimal codes for the colors. Minimum of 8 items and maximum of 20 items. */ colors?: pulumi.Input[]>; /** * The hexadecimal code of a color that applies to charts where a lack of data is highlighted. */ emptyFillColor?: pulumi.Input; /** * The minimum and maximum hexadecimal codes that describe a color gradient. List of exactly 2 items. */ minMaxGradients?: pulumi.Input[]>; } export interface ThemeConfigurationSheet { /** * The display options for tiles. See tile. */ tile?: pulumi.Input; /** * The layout options for tiles. See tile_layout. */ tileLayout?: pulumi.Input; } export interface ThemeConfigurationSheetTile { /** * The border around a tile. See border. */ border?: pulumi.Input; } export interface ThemeConfigurationSheetTileBorder { /** * The option to enable display of borders for visuals. */ show?: pulumi.Input; } export interface ThemeConfigurationSheetTileLayout { /** * The gutter settings that apply between tiles. See gutter. */ gutter?: pulumi.Input; /** * The margin settings that apply around the outside edge of sheets. See margin. */ margin?: pulumi.Input; } export interface ThemeConfigurationSheetTileLayoutGutter { /** * This Boolean value controls whether to display a gutter space between sheet tiles. */ show?: pulumi.Input; } export interface ThemeConfigurationSheetTileLayoutMargin { /** * This Boolean value controls whether to display sheet margins. */ show?: pulumi.Input; } export interface ThemeConfigurationTypography { /** * Determines the list of font families. Maximum number of 5 items. See font_families. */ fontFamilies?: pulumi.Input[]>; } export interface ThemeConfigurationTypographyFontFamily { /** * Font family name. */ fontFamily?: pulumi.Input; } export interface ThemeConfigurationUiColorPalette { /** * Color (hexadecimal) that applies to selected states and buttons. */ accent?: pulumi.Input; /** * Color (hexadecimal) that applies to any text or other elements that appear over the accent color. */ accentForeground?: pulumi.Input; /** * Color (hexadecimal) that applies to error messages. */ danger?: pulumi.Input; /** * Color (hexadecimal) that applies to any text or other elements that appear over the error color. */ dangerForeground?: pulumi.Input; /** * Color (hexadecimal) that applies to the names of fields that are identified as dimensions. */ dimension?: pulumi.Input; /** * Color (hexadecimal) that applies to any text or other elements that appear over the dimension color. */ dimensionForeground?: pulumi.Input; /** * Color (hexadecimal) that applies to the names of fields that are identified as measures. */ measure?: pulumi.Input; /** * Color (hexadecimal) that applies to any text or other elements that appear over the measure color. */ measureForeground?: pulumi.Input; /** * Color (hexadecimal) that applies to visuals and other high emphasis UI. */ primaryBackground?: pulumi.Input; /** * Color (hexadecimal) of text and other foreground elements that appear over the primary background regions, such as grid lines, borders, table banding, icons, and so on. */ primaryForeground?: pulumi.Input; /** * Color (hexadecimal) that applies to the sheet background and sheet controls. */ secondaryBackground?: pulumi.Input; /** * Color (hexadecimal) that applies to any sheet title, sheet control text, or UI that appears over the secondary background. */ secondaryForeground?: pulumi.Input; /** * Color (hexadecimal) that applies to success messages, for example the check mark for a successful download. */ success?: pulumi.Input; /** * Color (hexadecimal) that applies to any text or other elements that appear over the success color. */ successForeground?: pulumi.Input; /** * Color (hexadecimal) that applies to warning and informational messages. */ warning?: pulumi.Input; /** * Color (hexadecimal) that applies to any text or other elements that appear over the warning color. */ warningForeground?: pulumi.Input; } export interface ThemePermission { /** * List of IAM actions to grant or revoke permissions on. */ actions: pulumi.Input[]>; /** * ARN of the principal. See the [ResourcePermission documentation](https://docs.aws.amazon.com/quicksight/latest/APIReference/API_ResourcePermission.html) for the applicable ARN values. */ principal: pulumi.Input; } export interface VpcConnectionTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } } export namespace ram { export interface GetResourceShareFilter { /** * Name of the tag key to filter on. */ name: string; /** * Value of the tag key. */ values: string[]; } export interface GetResourceShareFilterArgs { /** * Name of the tag key to filter on. */ name: pulumi.Input; /** * Value of the tag key. */ values: pulumi.Input[]>; } export interface PermissionTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; } } export namespace rbin { export interface RuleExcludeResourceTag { /** * Tag key. * * The following argument is optional: */ resourceTagKey: pulumi.Input; /** * Tag value. */ resourceTagValue?: pulumi.Input; } export interface RuleLockConfiguration { /** * Information about the retention rule unlock delay. See `unlockDelay` below. */ unlockDelay: pulumi.Input; } export interface RuleLockConfigurationUnlockDelay { /** * Unit of time in which to measure the unlock delay. Currently, the unlock delay can be measure only in days. */ unlockDelayUnit: pulumi.Input; /** * Unlock delay period, measured in the unit specified for UnlockDelayUnit. */ unlockDelayValue: pulumi.Input; } export interface RuleResourceTag { /** * Tag key. * * The following argument is optional: */ resourceTagKey: pulumi.Input; /** * Tag value. */ resourceTagValue?: pulumi.Input; } export interface RuleRetentionPeriod { /** * Unit of time in which the retention period is measured. Currently, only DAYS is supported. */ retentionPeriodUnit: pulumi.Input; /** * Period value for which the retention rule is to retain resources. The period is measured using the unit specified for RetentionPeriodUnit. */ retentionPeriodValue: pulumi.Input; } } export namespace rds { export interface ClusterMasterUserSecret { /** * ARN for the KMS encryption key. When specifying `kmsKeyId`, `storageEncrypted` needs to be set to true. */ kmsKeyId?: pulumi.Input; /** * Amazon Resource Name (ARN) of the secret. */ secretArn?: pulumi.Input; /** * Status of the secret. Valid Values: `creating` | `active` | `rotating` | `impaired`. */ secretStatus?: pulumi.Input; } export interface ClusterParameterGroupParameter { /** * "immediate" (default), or "pending-reboot". Some * engines can't apply some parameters without a reboot, and you will need to * specify "pending-reboot" here. */ applyMethod?: pulumi.Input; /** * The name of the DB parameter. */ name: pulumi.Input; /** * The value of the DB parameter. */ value: pulumi.Input; } export interface ClusterRestoreToPointInTime { /** * Date and time in UTC format to restore the database cluster to. Conflicts with `useLatestRestorableTime`. */ restoreToTime?: pulumi.Input; /** * Type of restore to be performed. * Valid options are `full-copy` (default) and `copy-on-write`. */ restoreType?: pulumi.Input; /** * Identifier of the source database cluster from which to restore. When restoring from a cluster in another AWS account, the identifier is the ARN of that cluster. */ sourceClusterIdentifier?: pulumi.Input; /** * Cluster resource ID of the source database cluster from which to restore. To be used for restoring a deleted cluster in the same account which still has a retained automatic backup available. */ sourceClusterResourceId?: pulumi.Input; /** * Set to true to restore the database cluster to the latest restorable backup time. Defaults to false. Conflicts with `restoreToTime`. */ useLatestRestorableTime?: pulumi.Input; } export interface ClusterS3Import { /** * Bucket name where your backup is stored */ bucketName: pulumi.Input; /** * Can be blank, but is the path to your backup */ bucketPrefix?: pulumi.Input; /** * Role applied to load the data. */ ingestionRole: pulumi.Input; /** * Source engine for the backup */ sourceEngine: pulumi.Input; /** * Version of the source engine used to make the backup * * This will not recreate the resource if the S3 object changes in some way. It's only used to initialize the database. This only works currently with the aurora engine. See AWS for currently supported engines and options. See [Aurora S3 Migration Docs](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Migrating.ExtMySQL.html#AuroraMySQL.Migrating.ExtMySQL.S3). */ sourceEngineVersion: pulumi.Input; } export interface ClusterScalingConfiguration { /** * Whether to enable automatic pause. A DB cluster can be paused only when it's idle (it has no connections). If a DB cluster is paused for more than seven days, the DB cluster might be backed up with a snapshot. In this case, the DB cluster is restored when there is a request to connect to it. Defaults to `true`. */ autoPause?: pulumi.Input; /** * Maximum capacity for an Aurora DB cluster in `serverless` DB engine mode. The maximum capacity must be greater than or equal to the minimum capacity. Valid Aurora MySQL capacity values are `1`, `2`, `4`, `8`, `16`, `32`, `64`, `128`, `256`. Valid Aurora PostgreSQL capacity values are (`2`, `4`, `8`, `16`, `32`, `64`, `192`, and `384`). Defaults to `16`. */ maxCapacity?: pulumi.Input; /** * Minimum capacity for an Aurora DB cluster in `serverless` DB engine mode. The minimum capacity must be lesser than or equal to the maximum capacity. Valid Aurora MySQL capacity values are `1`, `2`, `4`, `8`, `16`, `32`, `64`, `128`, `256`. Valid Aurora PostgreSQL capacity values are (`2`, `4`, `8`, `16`, `32`, `64`, `192`, and `384`). Defaults to `1`. */ minCapacity?: pulumi.Input; /** * Amount of time, in seconds, that Aurora Serverless v1 tries to find a scaling point to perform seamless scaling before enforcing the timeout action. Valid values are `60` through `600`. Defaults to `300`. */ secondsBeforeTimeout?: pulumi.Input; /** * Time, in seconds, before an Aurora DB cluster in serverless mode is paused. Valid values are `300` through `86400`. Defaults to `300`. */ secondsUntilAutoPause?: pulumi.Input; /** * Action to take when the timeout is reached. Valid values: `ForceApplyCapacityChange`, `RollbackCapacityChange`. Defaults to `RollbackCapacityChange`. See [documentation](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless-v1.how-it-works.html#aurora-serverless.how-it-works.timeout-action). */ timeoutAction?: pulumi.Input; } export interface ClusterServerlessv2ScalingConfiguration { /** * Maximum capacity for an Aurora DB cluster in `provisioned` DB engine mode. The maximum capacity must be greater than or equal to the minimum capacity. Valid capacity values are in a range of `0` up to `256` in steps of `0.5`. */ maxCapacity: pulumi.Input; /** * Minimum capacity for an Aurora DB cluster in `provisioned` DB engine mode. The minimum capacity must be lesser than or equal to the maximum capacity. Valid capacity values are in a range of `0` up to `256` in steps of `0.5`. */ minCapacity: pulumi.Input; /** * Time, in seconds, before an Aurora DB cluster in `provisioned` DB engine mode is paused. Valid values are `300` through `86400`. */ secondsUntilAutoPause?: pulumi.Input; } export interface ClusterSnapshotCopyTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; } export interface ExportTaskTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; } export interface GetClustersFilter { /** * Name of the filter field. Valid values can be found in the [RDS DescribeDBClusters API Reference](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBClusters.html). */ name: string; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: string[]; } export interface GetClustersFilterArgs { /** * Name of the filter field. Valid values can be found in the [RDS DescribeDBClusters API Reference](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBClusters.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: pulumi.Input[]>; } export interface GetEngineVersionFilter { name: string; values: string[]; } export interface GetEngineVersionFilterArgs { name: pulumi.Input; values: pulumi.Input[]>; } export interface GetInstancesFilter { /** * Name of the filter field. Valid values can be found in the [RDS DescribeDBClusters API Reference](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBClusters.html) or [RDS DescribeDBInstances API Reference](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBInstances.html). */ name: string; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: string[]; } export interface GetInstancesFilterArgs { /** * Name of the filter field. Valid values can be found in the [RDS DescribeDBClusters API Reference](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBClusters.html) or [RDS DescribeDBInstances API Reference](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBInstances.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: pulumi.Input[]>; } export interface GlobalClusterGlobalClusterMember { /** * Amazon Resource Name (ARN) of member DB Cluster. */ dbClusterArn?: pulumi.Input; /** * Whether the member is the primary DB Cluster. */ isWriter?: pulumi.Input; } export interface InstanceBlueGreenUpdate { /** * Enables low-downtime updates when `true`. * Default is `false`. * * [instance-replication]: * https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.Replication.html * [instance-maintenance]: * https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Maintenance.html * [blue-green]: * https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/blue-green-deployments.html */ enabled?: pulumi.Input; } export interface InstanceDesiredStateTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface InstanceListenerEndpoint { /** * Specifies the DNS address of the DB instance. */ address?: pulumi.Input; /** * Specifies the ID that Amazon Route 53 assigns when you create a hosted zone. */ hostedZoneId?: pulumi.Input; /** * The port on which the DB accepts connections. */ port?: pulumi.Input; } export interface InstanceMasterUserSecret { /** * The ARN for the KMS encryption key. If creating an * encrypted replica, set this to the destination KMS ARN. */ kmsKeyId?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the secret. */ secretArn?: pulumi.Input; /** * The status of the secret. Valid Values: `creating` | `active` | `rotating` | `impaired`. */ secretStatus?: pulumi.Input; } export interface InstanceRestoreToPointInTime { /** * The date and time to restore from. Value must be a time in Universal Coordinated Time (UTC) format and must be before the latest restorable time for the DB instance. Cannot be specified with `useLatestRestorableTime`. */ restoreTime?: pulumi.Input; /** * The ARN of the automated backup from which to restore. Required if `sourceDbInstanceIdentifier` or `sourceDbiResourceId` is not specified. */ sourceDbInstanceAutomatedBackupsArn?: pulumi.Input; /** * The identifier of the source DB instance from which to restore. Must match the identifier of an existing DB instance. Required if `sourceDbInstanceAutomatedBackupsArn` or `sourceDbiResourceId` is not specified. */ sourceDbInstanceIdentifier?: pulumi.Input; /** * The resource ID of the source DB instance from which to restore. Required if `sourceDbInstanceIdentifier` or `sourceDbInstanceAutomatedBackupsArn` is not specified. */ sourceDbiResourceId?: pulumi.Input; /** * A boolean value that indicates whether the DB instance is restored from the latest backup time. Defaults to `false`. Cannot be specified with `restoreTime`. */ useLatestRestorableTime?: pulumi.Input; } export interface InstanceS3Import { /** * The bucket name where your backup is stored */ bucketName: pulumi.Input; /** * Can be blank, but is the path to your backup */ bucketPrefix?: pulumi.Input; /** * Role applied to load the data. */ ingestionRole: pulumi.Input; /** * Source engine for the backup */ sourceEngine: pulumi.Input; /** * Version of the source engine used to make the backup * * This will not recreate the resource if the S3 object changes in some way. It's only used to initialize the database. */ sourceEngineVersion: pulumi.Input; } export interface IntegrationTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; } export interface OptionGroupOption { /** * List of DB Security Groups for which the option is enabled. */ dbSecurityGroupMemberships?: pulumi.Input[]>; /** * Name of the option (e.g., MEMCACHED). */ optionName: pulumi.Input; /** * The option settings to apply. See `optionSettings` Block below for more details. */ optionSettings?: pulumi.Input[]>; /** * Port number when connecting to the option (e.g., 11211). Leaving out or removing `port` from your configuration does not remove or clear a port from the option in AWS. AWS may assign a default port. Not including `port` in your configuration means that the AWS provider will ignore a previously set value, a value set by AWS, and any port changes. */ port?: pulumi.Input; /** * Version of the option (e.g., 13.1.0.0). Leaving out or removing `version` from your configuration does not remove or clear a version from the option in AWS. AWS may assign a default version. Not including `version` in your configuration means that the AWS provider will ignore a previously set value, a value set by AWS, and any version changes. */ version?: pulumi.Input; /** * List of VPC Security Groups for which the option is enabled. */ vpcSecurityGroupMemberships?: pulumi.Input[]>; } export interface OptionGroupOptionOptionSetting { /** * Name of the setting. */ name: pulumi.Input; /** * Value of the setting. */ value: pulumi.Input; } export interface ParameterGroupParameter { /** * "immediate" (default), or "pending-reboot". Some * engines can't apply some parameters without a reboot, and you will need to * specify "pending-reboot" here. */ applyMethod?: pulumi.Input; /** * The name of the DB parameter. */ name: pulumi.Input; /** * The value of the DB parameter. */ value: pulumi.Input; } /** * parameterGroupParameterProvideDefaults sets the appropriate defaults for ParameterGroupParameter */ export function parameterGroupParameterProvideDefaults(val: ParameterGroupParameter): ParameterGroupParameter { return { ...val, applyMethod: (val.applyMethod) ?? "immediate", }; } export interface ProxyAuth { /** * The type of authentication that the proxy uses for connections from the proxy to the underlying database. One of `SECRETS`. */ authScheme?: pulumi.Input; /** * The type of authentication the proxy uses for connections from clients. Valid values are `MYSQL_CACHING_SHA2_PASSWORD`, `MYSQL_NATIVE_PASSWORD`, `POSTGRES_SCRAM_SHA_256`, `POSTGRES_MD5`, and `SQL_SERVER_AUTHENTICATION`. */ clientPasswordAuthType?: pulumi.Input; /** * A user-specified description about the authentication used by a proxy to log in as a specific database user. */ description?: pulumi.Input; /** * Whether to require or disallow AWS Identity and Access Management (IAM) authentication for connections to the proxy. One of `DISABLED`, `REQUIRED`. */ iamAuth?: pulumi.Input; /** * The Amazon Resource Name (ARN) representing the secret that the proxy uses to authenticate to the RDS DB instance or Aurora DB cluster. These secrets are stored within Amazon Secrets Manager. */ secretArn?: pulumi.Input; /** * The name of the database user to which the proxy connects. */ username?: pulumi.Input; } export interface ProxyDefaultTargetGroupConnectionPoolConfig { /** * The number of seconds for a proxy to wait for a connection to become available in the connection pool. Only applies when the proxy has opened its maximum number of connections and all connections are busy with client sessions. */ connectionBorrowTimeout?: pulumi.Input; /** * One or more SQL statements for the proxy to run when opening each new database connection. Typically used with `SET` statements to make sure that each connection has identical settings such as time zone and character set. This setting is empty by default. For multiple statements, use semicolons as the separator. You can also include multiple variables in a single `SET` statement, such as `SET x=1, y=2`. */ initQuery?: pulumi.Input; /** * The maximum size of the connection pool for each target in a target group. For Aurora MySQL, it is expressed as a percentage of the maxConnections setting for the RDS DB instance or Aurora DB cluster used by the target group. */ maxConnectionsPercent?: pulumi.Input; /** * Controls how actively the proxy closes idle database connections in the connection pool. A high value enables the proxy to leave a high percentage of idle connections open. A low value causes the proxy to close idle client connections and return the underlying database connections to the connection pool. For Aurora MySQL, it is expressed as a percentage of the maxConnections setting for the RDS DB instance or Aurora DB cluster used by the target group. */ maxIdleConnectionsPercent?: pulumi.Input; /** * Each item in the list represents a class of SQL operations that normally cause all later statements in a session using a proxy to be pinned to the same underlying database connection. Including an item in the list exempts that class of SQL operations from the pinning behavior. This setting is only supported for MySQL engine family databases. Currently, the only allowed value is `EXCLUDE_VARIABLE_SETS`. */ sessionPinningFilters?: pulumi.Input[]>; } export interface ReservedInstanceRecurringCharge { recurringChargeAmount?: pulumi.Input; recurringChargeFrequency?: pulumi.Input; } export interface ShardGroupTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } } export namespace redshift { export interface ClusterClusterNode { /** * Whether the node is a leader node or a compute node */ nodeRole?: pulumi.Input; /** * The private IP address of a node within a cluster */ privateIpAddress?: pulumi.Input; /** * The public IP address of a node within a cluster */ publicIpAddress?: pulumi.Input; } export interface EndpointAccessVpcEndpoint { /** * One or more network interfaces of the endpoint. Also known as an interface endpoint. See details below. */ networkInterfaces?: pulumi.Input[]>; /** * The connection endpoint ID for connecting an Amazon Redshift cluster through the proxy. */ vpcEndpointId?: pulumi.Input; /** * The VPC identifier that the endpoint is associated. */ vpcId?: pulumi.Input; } export interface EndpointAccessVpcEndpointNetworkInterface { /** * The Availability Zone. */ availabilityZone?: pulumi.Input; /** * The network interface identifier. */ networkInterfaceId?: pulumi.Input; /** * The IPv4 address of the network interface within the subnet. */ privateIpAddress?: pulumi.Input; /** * The subnet identifier. */ subnetId?: pulumi.Input; } export interface IdcApplicationAuthorizedTokenIssuer { /** * List of audiences for the authorized token issuer for integrating Amazon Redshift with IDC Identity Center. */ authorizedAudiencesLists?: pulumi.Input[]>; /** * ARN for the authorized token issuer for integrating Amazon Redshift with IDC Identity Center. */ trustedTokenIssuerArn?: pulumi.Input; } export interface IdcApplicationServiceIntegration { /** * List of scopes set up for Lake Formation integration. Refer to the lakeFormation documentation for more details. */ lakeFormation?: pulumi.Input; /** * List of scopes set up for Redshift integration. Refer to the redshift documentation for more details. */ redshift?: pulumi.Input; /** * List of scopes set up for S3 Access Grants integration. Refer to the s3AccessGrants documentation for more details. */ s3AccessGrants?: pulumi.Input; } export interface IdcApplicationServiceIntegrationLakeFormation { /** * Lake formation scope. */ lakeFormationQuery?: pulumi.Input; } export interface IdcApplicationServiceIntegrationLakeFormationLakeFormationQuery { /** * Determines whether the query scope is enabled or disabled. */ authorization: pulumi.Input; } export interface IdcApplicationServiceIntegrationRedshift { /** * Amazon Redshift connect service integration scope. */ connect?: pulumi.Input; } export interface IdcApplicationServiceIntegrationRedshiftConnect { /** * Determines whether the connect integration is enabled or disabled. */ authorization: pulumi.Input; } export interface IdcApplicationServiceIntegrationS3AccessGrants { /** * S3 Access grants integration scope. */ readWriteAccess?: pulumi.Input; } export interface IdcApplicationServiceIntegrationS3AccessGrantsReadWriteAccess { /** * Determines whether read/write scope is enabled or disabled. */ authorization: pulumi.Input; } export interface IntegrationTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface ParameterGroupParameter { /** * The name of the Redshift parameter. */ name: pulumi.Input; /** * The value of the Redshift parameter. */ value: pulumi.Input; } export interface ScheduledActionTargetAction { /** * An action that runs a `PauseCluster` API operation. Documented below. */ pauseCluster?: pulumi.Input; /** * An action that runs a `ResizeCluster` API operation. Documented below. */ resizeCluster?: pulumi.Input; /** * An action that runs a `ResumeCluster` API operation. Documented below. */ resumeCluster?: pulumi.Input; } export interface ScheduledActionTargetActionPauseCluster { /** * The identifier of the cluster to be paused. */ clusterIdentifier: pulumi.Input; } export interface ScheduledActionTargetActionResizeCluster { /** * A boolean value indicating whether the resize operation is using the classic resize process. Default: `false`. */ classic?: pulumi.Input; /** * The unique identifier for the cluster to resize. */ clusterIdentifier: pulumi.Input; /** * The new cluster type for the specified cluster. */ clusterType?: pulumi.Input; /** * The new node type for the nodes you are adding. */ nodeType?: pulumi.Input; /** * The new number of nodes for the cluster. */ numberOfNodes?: pulumi.Input; } export interface ScheduledActionTargetActionResumeCluster { /** * The identifier of the cluster to be resumed. */ clusterIdentifier: pulumi.Input; } } export namespace redshiftdata { export interface StatementParameter { name: pulumi.Input; value: pulumi.Input; } } export namespace redshiftserverless { export interface EndpointAccessVpcEndpoint { /** * The network interfaces of the endpoint.. See `Network Interface` below. */ networkInterfaces?: pulumi.Input[]>; /** * The DNS address of the VPC endpoint. */ vpcEndpointId?: pulumi.Input; /** * The port that Amazon Redshift Serverless listens on. */ vpcId?: pulumi.Input; } export interface EndpointAccessVpcEndpointNetworkInterface { /** * The availability Zone. */ availabilityZone?: pulumi.Input; /** * The unique identifier of the network interface. */ networkInterfaceId?: pulumi.Input; /** * The IPv4 address of the network interface within the subnet. */ privateIpAddress?: pulumi.Input; /** * The unique identifier of the subnet. */ subnetId?: pulumi.Input; } export interface WorkgroupConfigParameter { /** * The key of the parameter. The options are `autoMv`, `datestyle`, `enableCaseSensitiveIdentifier`, `enableUserActivityLogging`, `queryGroup`, `searchPath`, `requireSsl`, `useFipsSsl`, and [query monitoring metrics](https://docs.aws.amazon.com/redshift/latest/dg/cm-c-wlm-query-monitoring-rules.html#cm-c-wlm-query-monitoring-metrics-serverless) that let you define performance boundaries: `maxQueryCpuTime`, `maxQueryBlocksRead`, `maxScanRowCount`, `maxQueryExecutionTime`, `maxQueryQueueTime`, `maxQueryCpuUsagePercent`, `maxQueryTempBlocksToDisk`, `maxJoinRowCount` and `maxNestedLoopJoinRowCount`. */ parameterKey: pulumi.Input; /** * The value of the parameter to set. */ parameterValue: pulumi.Input; } export interface WorkgroupEndpoint { /** * The DNS address of the VPC endpoint. */ address?: pulumi.Input; /** * The port number on which the cluster accepts incoming connections. */ port?: pulumi.Input; /** * The VPC endpoint or the Redshift Serverless workgroup. See `VPC Endpoint` below. */ vpcEndpoints?: pulumi.Input[]>; } export interface WorkgroupEndpointVpcEndpoint { /** * The network interfaces of the endpoint.. See `Network Interface` below. */ networkInterfaces?: pulumi.Input[]>; /** * The DNS address of the VPC endpoint. */ vpcEndpointId?: pulumi.Input; /** * The port that Amazon Redshift Serverless listens on. */ vpcId?: pulumi.Input; } export interface WorkgroupEndpointVpcEndpointNetworkInterface { /** * The availability Zone. */ availabilityZone?: pulumi.Input; /** * The unique identifier of the network interface. */ networkInterfaceId?: pulumi.Input; /** * The IPv4 address of the network interface within the subnet. */ privateIpAddress?: pulumi.Input; /** * The unique identifier of the subnet. */ subnetId?: pulumi.Input; } export interface WorkgroupPricePerformanceTarget { /** * Whether to enable price-performance scaling. */ enabled: pulumi.Input; /** * The price-performance scaling level. Valid values are `1` (LOW_COST), `25` (ECONOMICAL), `50` (BALANCED), `75` (RESOURCEFUL), and `100` (HIGH_PERFORMANCE). */ level?: pulumi.Input; } } export namespace rekognition { export interface CollectionTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; } export interface ProjectTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; } export interface StreamProcessorDataSharingPreference { /** * Whether you are sharing data with Rekognition to improve model performance. */ optIn: pulumi.Input; } export interface StreamProcessorInput { /** * Kinesis input stream. See `kinesisVideoStream`. */ kinesisVideoStream: pulumi.Input; } export interface StreamProcessorInputKinesisVideoStream { /** * ARN of the Kinesis video stream stream that streams the source video. */ arn: pulumi.Input; } export interface StreamProcessorNotificationChannel { /** * The Amazon Resource Number (ARN) of the Amazon Amazon Simple Notification Service topic to which Amazon Rekognition posts the completion status. */ snsTopicArn?: pulumi.Input; } export interface StreamProcessorOutput { /** * The Amazon Kinesis Data Streams stream to which the Amazon Rekognition stream processor streams the analysis results. See `kinesisDataStream`. */ kinesisDataStream?: pulumi.Input; /** * The Amazon S3 bucket location to which Amazon Rekognition publishes the detailed inference results of a video analysis operation. See `s3Destination`. */ s3Destination?: pulumi.Input; } export interface StreamProcessorOutputKinesisDataStream { /** * ARN of the output Amazon Kinesis Data Streams stream. */ arn?: pulumi.Input; } export interface StreamProcessorOutputS3Destination { /** * Name of the Amazon S3 bucket you want to associate with the streaming video project. */ bucket?: pulumi.Input; /** * The prefix value of the location within the bucket that you want the information to be published to. */ keyPrefix?: pulumi.Input; } export interface StreamProcessorRegionsOfInterest { /** * Box representing a region of interest on screen. Only 1 per region is allowed. See `boundingBox`. */ boundingBox?: pulumi.Input; /** * Shape made up of up to 10 Point objects to define a region of interest. See `polygon`. */ polygons?: pulumi.Input[]>; } export interface StreamProcessorRegionsOfInterestBoundingBox { /** * Height of the bounding box as a ratio of the overall image height. */ height?: pulumi.Input; /** * Left coordinate of the bounding box as a ratio of overall image width. */ left?: pulumi.Input; /** * Top coordinate of the bounding box as a ratio of overall image height. */ top?: pulumi.Input; /** * Width of the bounding box as a ratio of the overall image width. */ width?: pulumi.Input; } export interface StreamProcessorRegionsOfInterestPolygon { /** * The value of the X coordinate for a point on a Polygon. */ x?: pulumi.Input; /** * The value of the Y coordinate for a point on a Polygon. */ y?: pulumi.Input; } export interface StreamProcessorSettings { /** * Label detection settings to use on a streaming video. See `connectedHome`. */ connectedHome?: pulumi.Input; /** * Input face recognition parameters for an Amazon Rekognition stream processor. See `faceSearch`. */ faceSearch?: pulumi.Input; } export interface StreamProcessorSettingsConnectedHome { /** * Specifies what you want to detect in the video, such as people, packages, or pets. The current valid labels you can include in this list are: `PERSON`, `PET`, `PACKAGE`, and `ALL`. */ labels?: pulumi.Input[]>; /** * Minimum confidence required to label an object in the video. */ minConfidence?: pulumi.Input; } export interface StreamProcessorSettingsFaceSearch { /** * ID of a collection that contains faces that you want to search for. */ collectionId: pulumi.Input; /** * Minimum face match confidence score that must be met to return a result for a recognized face. */ faceMatchThreshold?: pulumi.Input; } export interface StreamProcessorTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } } export namespace resiliencehub { export interface ResiliencyPolicyPolicy { /** * Specifies Availability Zone failure policy. See `policy.az` */ az?: pulumi.Input; /** * Specifies Infrastructure failure policy. See `policy.hardware` */ hardware?: pulumi.Input; /** * Specifies Region failure policy. `policy.region` */ region?: pulumi.Input; /** * Specifies Application failure policy. See `policy.software` * * The following arguments are optional: */ software?: pulumi.Input; } export interface ResiliencyPolicyPolicyAz { /** * Recovery Point Objective (RPO) as a Go duration. */ rpo: pulumi.Input; /** * Recovery Time Objective (RTO) as a Go duration. */ rto: pulumi.Input; } export interface ResiliencyPolicyPolicyHardware { /** * Recovery Point Objective (RPO) as a Go duration. */ rpo: pulumi.Input; /** * Recovery Time Objective (RTO) as a Go duration. */ rto: pulumi.Input; } export interface ResiliencyPolicyPolicyRegion { /** * Recovery Point Objective (RPO) as a Go duration. */ rpo?: pulumi.Input; /** * Recovery Time Objective (RTO) as a Go duration. */ rto?: pulumi.Input; } export interface ResiliencyPolicyPolicySoftware { /** * Recovery Point Objective (RPO) as a Go duration. */ rpo: pulumi.Input; /** * Recovery Time Objective (RTO) as a Go duration. */ rto: pulumi.Input; } export interface ResiliencyPolicyTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } } export namespace resourceexplorer { export interface IndexTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface ViewFilters { /** * The string that contains the search keywords, prefixes, and operators to control the results that can be returned by a search operation. For more details, see [Search query syntax](https://docs.aws.amazon.com/resource-explorer/latest/userguide/using-search-query-syntax.html). */ filterString: pulumi.Input; } export interface ViewIncludedProperty { /** * The name of the property that is included in this view. Valid values: `tags`. */ name: pulumi.Input; } } export namespace resourcegroups { export interface GroupConfiguration { /** * A collection of parameters for this group configuration item. See below for details. */ parameters?: pulumi.Input[]>; /** * Specifies the type of group configuration item. */ type: pulumi.Input; } export interface GroupConfigurationParameter { /** * The name of the group configuration parameter. */ name: pulumi.Input; /** * The value or values to be used for the specified parameter. */ values: pulumi.Input[]>; } export interface GroupResourceQuery { /** * The resource query as a JSON string. */ query: pulumi.Input; /** * The type of the resource query. Defaults to `TAG_FILTERS_1_0`. */ type?: pulumi.Input; } } export namespace resourcegroupstaggingapi { export interface GetResourcesTagFilter { /** * One part of a key-value pair that makes up a tag. */ key: string; /** * Optional part of a key-value pair that make up a tag. */ values?: string[]; } export interface GetResourcesTagFilterArgs { /** * One part of a key-value pair that makes up a tag. */ key: pulumi.Input; /** * Optional part of a key-value pair that make up a tag. */ values?: pulumi.Input[]>; } } export namespace rolesanywhere { export interface TrustAnchorNotificationSetting { channel?: pulumi.Input; configuredBy?: pulumi.Input; /** * Whether or not the Trust Anchor should be enabled. */ enabled?: pulumi.Input; event?: pulumi.Input; threshold?: pulumi.Input; } export interface TrustAnchorSource { /** * The data denoting the source of trust, documented below */ sourceData: pulumi.Input; /** * The type of the source of trust. Must be either `AWS_ACM_PCA` or `CERTIFICATE_BUNDLE`. */ sourceType: pulumi.Input; } export interface TrustAnchorSourceSourceData { /** * The ARN of an ACM Private Certificate Authority. */ acmPcaArn?: pulumi.Input; x509CertificateData?: pulumi.Input; } } export namespace route53 { export interface GetQueryLogConfigFilter { /** * The name of the query logging configuration. */ name: string; values: string[]; } export interface GetQueryLogConfigFilterArgs { /** * The name of the query logging configuration. */ name: pulumi.Input; values: pulumi.Input[]>; } export interface GetResolverEndpointFilter { name: string; values: string[]; } export interface GetResolverEndpointFilterArgs { name: pulumi.Input; values: pulumi.Input[]>; } export interface GetTrafficPolicyDocumentEndpoint { /** * ID of an endpoint you want to assign. */ id: string; /** * To route traffic to an Amazon S3 bucket that is configured as a website endpoint, specify the region in which you created the bucket for `region`. */ region?: string; /** * Type of the endpoint. Valid values are `value`, `cloudfront`, `elastic-load-balancer`, `s3-website`, `application-load-balancer`, `network-load-balancer` and `elastic-beanstalk` */ type?: string; /** * Value of the `type`. */ value?: string; } export interface GetTrafficPolicyDocumentEndpointArgs { /** * ID of an endpoint you want to assign. */ id: pulumi.Input; /** * To route traffic to an Amazon S3 bucket that is configured as a website endpoint, specify the region in which you created the bucket for `region`. */ region?: pulumi.Input; /** * Type of the endpoint. Valid values are `value`, `cloudfront`, `elastic-load-balancer`, `s3-website`, `application-load-balancer`, `network-load-balancer` and `elastic-beanstalk` */ type?: pulumi.Input; /** * Value of the `type`. */ value?: pulumi.Input; } export interface GetTrafficPolicyDocumentRule { /** * Configuration block for when you add a geoproximity rule, you configure Amazon Route 53 to route traffic to your resources based on the geographic location of your resources. Only valid for `geoproximity` type. See below */ geoProximityLocations?: inputs.route53.GetTrafficPolicyDocumentRuleGeoProximityLocation[]; /** * ID of a rule you want to assign. */ id: string; /** * Configuration block for when you add a multivalue answer rule, you configure your traffic policy to route traffic approximately randomly to your healthy resources. Only valid for `multivalue` type. See below */ items?: inputs.route53.GetTrafficPolicyDocumentRuleItem[]; /** * Configuration block for when you add a geolocation rule, you configure your traffic policy to route your traffic based on the geographic location of your users. Only valid for `geo` type. See below */ locations?: inputs.route53.GetTrafficPolicyDocumentRuleLocation[]; /** * Configuration block for the settings for the rule or endpoint that you want to route traffic to whenever the corresponding resources are available. Only valid for `failover` type. See below */ primary?: inputs.route53.GetTrafficPolicyDocumentRulePrimary; regions?: inputs.route53.GetTrafficPolicyDocumentRuleRegion[]; /** * Configuration block for the rule or endpoint that you want to route traffic to whenever the primary resources are not available. Only valid for `failover` type. See below */ secondary?: inputs.route53.GetTrafficPolicyDocumentRuleSecondary; /** * Type of the rule. */ type?: string; } export interface GetTrafficPolicyDocumentRuleArgs { /** * Configuration block for when you add a geoproximity rule, you configure Amazon Route 53 to route traffic to your resources based on the geographic location of your resources. Only valid for `geoproximity` type. See below */ geoProximityLocations?: pulumi.Input[]>; /** * ID of a rule you want to assign. */ id: pulumi.Input; /** * Configuration block for when you add a multivalue answer rule, you configure your traffic policy to route traffic approximately randomly to your healthy resources. Only valid for `multivalue` type. See below */ items?: pulumi.Input[]>; /** * Configuration block for when you add a geolocation rule, you configure your traffic policy to route your traffic based on the geographic location of your users. Only valid for `geo` type. See below */ locations?: pulumi.Input[]>; /** * Configuration block for the settings for the rule or endpoint that you want to route traffic to whenever the corresponding resources are available. Only valid for `failover` type. See below */ primary?: pulumi.Input; regions?: pulumi.Input[]>; /** * Configuration block for the rule or endpoint that you want to route traffic to whenever the primary resources are not available. Only valid for `failover` type. See below */ secondary?: pulumi.Input; /** * Type of the rule. */ type?: pulumi.Input; } export interface GetTrafficPolicyDocumentRuleGeoProximityLocation { /** * Specify a value for `bias` if you want to route more traffic to an endpoint from nearby endpoints (positive values) or route less traffic to an endpoint (negative values). */ bias?: string; /** * References to an endpoint. */ endpointReference?: string; /** * Indicates whether you want Amazon Route 53 to evaluate the health of the endpoint and route traffic only to healthy endpoints. */ evaluateTargetHealth?: boolean; /** * If you want to associate a health check with the endpoint or rule. */ healthCheck?: string; /** * Represents the location south (negative) or north (positive) of the equator. Valid values are -90 degrees to 90 degrees. */ latitude?: string; /** * Represents the location west (negative) or east (positive) of the prime meridian. Valid values are -180 degrees to 180 degrees. */ longitude?: string; /** * If your endpoint is an AWS resource, specify the AWS Region that you created the resource in. */ region?: string; /** * References to a rule. */ ruleReference?: string; } export interface GetTrafficPolicyDocumentRuleGeoProximityLocationArgs { /** * Specify a value for `bias` if you want to route more traffic to an endpoint from nearby endpoints (positive values) or route less traffic to an endpoint (negative values). */ bias?: pulumi.Input; /** * References to an endpoint. */ endpointReference?: pulumi.Input; /** * Indicates whether you want Amazon Route 53 to evaluate the health of the endpoint and route traffic only to healthy endpoints. */ evaluateTargetHealth?: pulumi.Input; /** * If you want to associate a health check with the endpoint or rule. */ healthCheck?: pulumi.Input; /** * Represents the location south (negative) or north (positive) of the equator. Valid values are -90 degrees to 90 degrees. */ latitude?: pulumi.Input; /** * Represents the location west (negative) or east (positive) of the prime meridian. Valid values are -180 degrees to 180 degrees. */ longitude?: pulumi.Input; /** * If your endpoint is an AWS resource, specify the AWS Region that you created the resource in. */ region?: pulumi.Input; /** * References to a rule. */ ruleReference?: pulumi.Input; } export interface GetTrafficPolicyDocumentRuleItem { endpointReference?: string; healthCheck?: string; } export interface GetTrafficPolicyDocumentRuleItemArgs { endpointReference?: pulumi.Input; healthCheck?: pulumi.Input; } export interface GetTrafficPolicyDocumentRuleLocation { /** * Value of a continent. */ continent?: string; /** * Value of a country. */ country?: string; /** * References to an endpoint. */ endpointReference?: string; /** * Indicates whether you want Amazon Route 53 to evaluate the health of the endpoint and route traffic only to healthy endpoints. */ evaluateTargetHealth?: boolean; /** * If you want to associate a health check with the endpoint or rule. */ healthCheck?: string; /** * Indicates whether this set of values represents the default location. */ isDefault?: boolean; /** * References to a rule. */ ruleReference?: string; /** * Value of a subdivision. */ subdivision?: string; } export interface GetTrafficPolicyDocumentRuleLocationArgs { /** * Value of a continent. */ continent?: pulumi.Input; /** * Value of a country. */ country?: pulumi.Input; /** * References to an endpoint. */ endpointReference?: pulumi.Input; /** * Indicates whether you want Amazon Route 53 to evaluate the health of the endpoint and route traffic only to healthy endpoints. */ evaluateTargetHealth?: pulumi.Input; /** * If you want to associate a health check with the endpoint or rule. */ healthCheck?: pulumi.Input; /** * Indicates whether this set of values represents the default location. */ isDefault?: pulumi.Input; /** * References to a rule. */ ruleReference?: pulumi.Input; /** * Value of a subdivision. */ subdivision?: pulumi.Input; } export interface GetTrafficPolicyDocumentRulePrimary { /** * References to an endpoint. */ endpointReference?: string; /** * Indicates whether you want Amazon Route 53 to evaluate the health of the endpoint and route traffic only to healthy endpoints. */ evaluateTargetHealth?: boolean; /** * If you want to associate a health check with the endpoint or rule. */ healthCheck?: string; /** * References to a rule. */ ruleReference?: string; } export interface GetTrafficPolicyDocumentRulePrimaryArgs { /** * References to an endpoint. */ endpointReference?: pulumi.Input; /** * Indicates whether you want Amazon Route 53 to evaluate the health of the endpoint and route traffic only to healthy endpoints. */ evaluateTargetHealth?: pulumi.Input; /** * If you want to associate a health check with the endpoint or rule. */ healthCheck?: pulumi.Input; /** * References to a rule. */ ruleReference?: pulumi.Input; } export interface GetTrafficPolicyDocumentRuleRegion { /** * References to an endpoint. */ endpointReference?: string; /** * Indicates whether you want Amazon Route 53 to evaluate the health of the endpoint and route traffic only to healthy endpoints. */ evaluateTargetHealth?: boolean; /** * If you want to associate a health check with the endpoint or rule. */ healthCheck?: string; /** * Region code for the AWS Region that you created the resource in. */ region?: string; /** * References to a rule. */ ruleReference?: string; } export interface GetTrafficPolicyDocumentRuleRegionArgs { /** * References to an endpoint. */ endpointReference?: pulumi.Input; /** * Indicates whether you want Amazon Route 53 to evaluate the health of the endpoint and route traffic only to healthy endpoints. */ evaluateTargetHealth?: pulumi.Input; /** * If you want to associate a health check with the endpoint or rule. */ healthCheck?: pulumi.Input; /** * Region code for the AWS Region that you created the resource in. */ region?: pulumi.Input; /** * References to a rule. */ ruleReference?: pulumi.Input; } export interface GetTrafficPolicyDocumentRuleSecondary { endpointReference?: string; evaluateTargetHealth?: boolean; healthCheck?: string; ruleReference?: string; } export interface GetTrafficPolicyDocumentRuleSecondaryArgs { endpointReference?: pulumi.Input; evaluateTargetHealth?: pulumi.Input; healthCheck?: pulumi.Input; ruleReference?: pulumi.Input; } export interface ProfilesAssociationTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface ProfilesProfileTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Read operations occur during any refresh or planning operation when refresh is enabled. */ read?: pulumi.Input; } export interface ProfilesResourceAssociationTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Read operations occur during any refresh or planning operation when refresh is enabled. */ read?: pulumi.Input; } export interface RecordAlias { /** * Set to `true` if you want Route 53 to determine whether to respond to DNS queries using this resource record set by checking the health of the resource record set. Some resources have special requirements, see [related part of documentation](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resource-record-sets-values.html#rrsets-values-alias-evaluate-target-health). */ evaluateTargetHealth: pulumi.Input; /** * DNS domain name for a CloudFront distribution, S3 bucket, ELB, AWS Global Accelerator, or another resource record set in this hosted zone. */ name: pulumi.Input; /** * Hosted zone ID for a CloudFront distribution, S3 bucket, ELB, AWS Global Accelerator, or Route 53 hosted zone. See `resource_elb.zone_id` for example. */ zoneId: pulumi.Input; } export interface RecordCidrRoutingPolicy { /** * The CIDR collection ID. See the `aws.route53.CidrCollection` resource for more details. */ collectionId: pulumi.Input; /** * The CIDR collection location name. See the `aws.route53.CidrLocation` resource for more details. A `locationName` with an asterisk `"*"` can be used to create a default CIDR record. `collectionId` is still required for default record. */ locationName: pulumi.Input; } export interface RecordFailoverRoutingPolicy { /** * `PRIMARY` or `SECONDARY`. A `PRIMARY` record will be served if its healthcheck is passing, otherwise the `SECONDARY` will be served. See http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-configuring-options.html#dns-failover-failover-rrsets */ type: pulumi.Input; } export interface RecordGeolocationRoutingPolicy { /** * A two-letter continent code. See http://docs.aws.amazon.com/Route53/latest/APIReference/API_GetGeoLocation.html for code details. Either `continent` or `country` must be specified. */ continent?: pulumi.Input; /** * A two-character country code or `*` to indicate a default resource record set. */ country?: pulumi.Input; /** * A subdivision code for a country. */ subdivision?: pulumi.Input; } export interface RecordGeoproximityRoutingPolicy { /** * A AWS region where the resource is present. */ awsRegion?: pulumi.Input; /** * Route more traffic or less traffic to the resource by specifying a value ranges between -90 to 90. See https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy-geoproximity.html for bias details. */ bias?: pulumi.Input; /** * Specify `latitude` and `longitude` for routing traffic to non-AWS resources. */ coordinates?: pulumi.Input[]>; /** * A AWS local zone group where the resource is present. See https://docs.aws.amazon.com/local-zones/latest/ug/available-local-zones.html for local zone group list. */ localZoneGroup?: pulumi.Input; } export interface RecordGeoproximityRoutingPolicyCoordinate { latitude: pulumi.Input; longitude: pulumi.Input; } export interface RecordLatencyRoutingPolicy { /** * An AWS region from which to measure latency. See http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy.html#routing-policy-latency */ region: pulumi.Input; } export interface RecordWeightedRoutingPolicy { /** * A numeric value indicating the relative weight of the record. See http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy.html#routing-policy-weighted. */ weight: pulumi.Input; } export interface RecordsExclusiveResourceRecordSet { /** * Alias target block. * See `aliasTarget` below. */ aliasTarget?: pulumi.Input; cidrRoutingConfig?: pulumi.Input; /** * Type of failover resource record. * Valid values are `PRIMARY` and `SECONDARY`. * See the [AWS documentation on DNS failover](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover.html) for additional details. */ failover?: pulumi.Input; /** * Geolocation block to control how Amazon Route 53 responds to DNS queries based on the geographic origin of the query. * See `geolocation` below. */ geolocation?: pulumi.Input; /** * Geoproximity location block. * See `geoproximityLocation` below. */ geoproximityLocation?: pulumi.Input; /** * Health check the record should be associated with. */ healthCheckId?: pulumi.Input; multiValueAnswer?: pulumi.Input; /** * Name of the record. */ name: pulumi.Input; /** * AWS region of the resource this record set refers to. * Must be a valid AWS region name. * See the [AWS documentation](http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy.html#routing-policy-latency) on latency based routing for additional details. */ region?: pulumi.Input; /** * Information about the resource records to act upon. * See `resourceRecords` below. */ resourceRecords?: pulumi.Input[]>; /** * An identifier that differentiates among multiple resource record sets that have the same combination of name and type. * Required if using `cidrRoutingConfig`, `failover`, `geolocation`,`geoproximityLocation`, `multivalueAnswer`, `region`, or `weight`. */ setIdentifier?: pulumi.Input; trafficPolicyInstanceId?: pulumi.Input; /** * Resource record cache time to live (TTL), in seconds. */ ttl?: pulumi.Input; /** * Record type. * Valid values are `A`, `AAAA`, `CAA`, `CNAME`, `DS`, `MX`, `NAPTR`, `NS`, `PTR`, `SOA`, `SPF`, `SRV`, `TXT`, `TLSA`, `SSHFP`, `SVCB`, and `HTTPS`. * * The following arguments are optional: * * > Exactly one of `resourceRecords` or `aliasTarget` must be specified. */ type?: pulumi.Input; /** * Among resource record sets that have the same combination of DNS name and type, a value that determines the proportion of DNS queries that Amazon Route 53 responds to using the current resource record set. */ weight?: pulumi.Input; } export interface RecordsExclusiveResourceRecordSetAliasTarget { /** * DNS domain name for another resource record set in this hosted zone. */ dnsName: pulumi.Input; /** * Set to `true` if you want Route 53 to determine whether to respond to DNS queries using this resource record set by checking the health of the resource record set. Some resources have special requirements, see [the AWS documentation](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resource-record-sets-values.html#rrsets-values-alias-evaluate-target-health) for additional details. */ evaluateTargetHealth: pulumi.Input; /** * Hosted zone ID for a CloudFront distribution, S3 bucket, ELB, AWS Global Accelerator, or Route 53 hosted zone. See `resource_elb.zone_id` for an example. */ hostedZoneId: pulumi.Input; } export interface RecordsExclusiveResourceRecordSetCidrRoutingConfig { /** * CIDR collection ID. * See the `aws.route53.CidrCollection` resource for more details. */ collectionId: pulumi.Input; /** * CIDR collection location name. * See the `aws.route53.CidrLocation` resource for more details. * A `locationName` with an asterisk `"*"` can be used to create a default CIDR record. * `collectionId` is still required for a default record. */ locationName: pulumi.Input; } export interface RecordsExclusiveResourceRecordSetGeolocation { continentCode?: pulumi.Input; countryCode?: pulumi.Input; subdivisionCode?: pulumi.Input; } export interface RecordsExclusiveResourceRecordSetGeoproximityLocation { /** * AWS region of the resource where DNS traffic is directed to. */ awsRegion?: pulumi.Input; /** * Increases or decreases the size of the geographic region from which Route 53 routes traffic to a resource. * To expand the size of the geographic region from which Route 53 routes traffic to a resource, specify a positive integer from `1` to `99`. * To shrink the size of the geographic region from which Route 53 routes traffic to a resource, specify a negative bias of `-1` to `-99`. * See the [AWS documentation](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy-geoproximity.html) for additional details. */ bias?: pulumi.Input; /** * Coordinates for a geoproximity resource record. * See `coordinates` below. */ coordinates?: pulumi.Input; /** * AWS local zone group. * Identify the Local Zones Group for a specific Local Zone by using the [`describe-availability-zones` CLI command](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-availability-zones.html). */ localZoneGroup?: pulumi.Input; } export interface RecordsExclusiveResourceRecordSetGeoproximityLocationCoordinates { /** * A coordinate of the north–south position of a geographic point on the surface of the Earth (`-90` - `90`). */ latitude: pulumi.Input; /** * A coordinate of the east–west position of a geographic point on the surface of the Earth (`-180` - `180`). */ longitude: pulumi.Input; } export interface RecordsExclusiveResourceRecordSetResourceRecord { /** * DNS record value. */ value: pulumi.Input; } export interface RecordsExclusiveTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface ResolverEndpointIpAddress { /** * IPv4 address in the subnet that you want to use for DNS queries. */ ip?: pulumi.Input; ipId?: pulumi.Input; /** * IPv6 address in the subnet that you want to use for DNS queries. */ ipv6?: pulumi.Input; /** * ID of the subnet that contains the IP address. */ subnetId: pulumi.Input; } export interface ResolverRuleTargetIp { /** * One IPv4 address that you want to forward DNS queries to. */ ip?: pulumi.Input; /** * One IPv6 address that you want to forward DNS queries to. */ ipv6?: pulumi.Input; /** * Port at `ip` that you want to forward DNS queries to. Default value is `53`. */ port?: pulumi.Input; /** * Protocol for the resolver endpoint. Valid values can be found in the [AWS documentation](https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_TargetAddress.html). Default value is `Do53`. */ protocol?: pulumi.Input; } export interface ZoneVpc { /** * ID of the VPC to associate. */ vpcId: pulumi.Input; /** * Region of the VPC to associate. Defaults to AWS provider region. */ vpcRegion?: pulumi.Input; } } export namespace route53domains { export interface DelegationSignerRecordSigningAttributes { /** * Algorithm which was used to generate the digest from the public key. */ algorithm: pulumi.Input; /** * Defines the type of key. It can be either a KSK (key-signing-key, value `257`) or ZSK (zone-signing-key, value `256`). */ flags: pulumi.Input; /** * The base64-encoded public key part of the key pair that is passed to the registry. */ publicKey: pulumi.Input; } export interface DelegationSignerRecordTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; } export interface DomainAdminContact { /** * First line of the contact's address. */ addressLine1?: pulumi.Input; /** * Second line of contact's address, if any. */ addressLine2?: pulumi.Input; /** * The city of the contact's address. */ city?: pulumi.Input; /** * Indicates whether the contact is a person, company, association, or public organization. See the [AWS API documentation](https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_ContactDetail.html#Route53Domains-Type-domains_ContactDetail-ContactType) for valid values. */ contactType?: pulumi.Input; /** * Code for the country of the contact's address. See the [AWS API documentation](https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_ContactDetail.html#Route53Domains-Type-domains_ContactDetail-CountryCode) for valid values. */ countryCode?: pulumi.Input; /** * Email address of the contact. */ email?: pulumi.Input; /** * A list of name-value pairs for parameters required by certain top-level domains. */ extraParams?: pulumi.Input[]>; /** * Fax number of the contact. Phone number must be specified in the format "+[country dialing code].[number including any area code]". */ fax?: pulumi.Input; /** * First name of contact. */ firstName?: pulumi.Input; /** * Last name of contact. */ lastName?: pulumi.Input; /** * Name of the organization for contact types other than `PERSON`. */ organizationName?: pulumi.Input; /** * The phone number of the contact. Phone number must be specified in the format "+[country dialing code].[number including any area code]". */ phoneNumber?: pulumi.Input; /** * The state or province of the contact's city. */ state?: pulumi.Input; /** * The zip or postal code of the contact's address. */ zipCode?: pulumi.Input; } export interface DomainAdminContactExtraParam { /** * The name of an additional parameter that is required by a top-level domain. */ name: pulumi.Input; /** * The value that corresponds with the name of an extra parameter. */ value: pulumi.Input; } export interface DomainBillingContact { /** * First line of the contact's address. */ addressLine1: pulumi.Input; /** * Second line of contact's address, if any. */ addressLine2: pulumi.Input; /** * The city of the contact's address. */ city: pulumi.Input; /** * Indicates whether the contact is a person, company, association, or public organization. See the [AWS API documentation](https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_ContactDetail.html#Route53Domains-Type-domains_ContactDetail-ContactType) for valid values. */ contactType: pulumi.Input; /** * Code for the country of the contact's address. See the [AWS API documentation](https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_ContactDetail.html#Route53Domains-Type-domains_ContactDetail-CountryCode) for valid values. */ countryCode: pulumi.Input; /** * Email address of the contact. */ email: pulumi.Input; /** * A list of name-value pairs for parameters required by certain top-level domains. */ extraParams: pulumi.Input[]>; /** * Fax number of the contact. Phone number must be specified in the format "+[country dialing code].[number including any area code]". */ fax: pulumi.Input; /** * First name of contact. */ firstName: pulumi.Input; /** * Last name of contact. */ lastName: pulumi.Input; /** * Name of the organization for contact types other than `PERSON`. */ organizationName: pulumi.Input; /** * The phone number of the contact. Phone number must be specified in the format "+[country dialing code].[number including any area code]". */ phoneNumber: pulumi.Input; /** * The state or province of the contact's city. */ state: pulumi.Input; /** * The zip or postal code of the contact's address. */ zipCode: pulumi.Input; } export interface DomainBillingContactExtraParam { /** * The name of an additional parameter that is required by a top-level domain. */ name: pulumi.Input; /** * The value that corresponds with the name of an extra parameter. */ value: pulumi.Input; } export interface DomainNameServer { /** * Glue IP addresses of a name server. The list can contain only one IPv4 and one IPv6 address. */ glueIps: pulumi.Input[]>; /** * The fully qualified host name of the name server. */ name: pulumi.Input; } export interface DomainRegistrantContact { /** * First line of the contact's address. */ addressLine1?: pulumi.Input; /** * Second line of contact's address, if any. */ addressLine2?: pulumi.Input; /** * The city of the contact's address. */ city?: pulumi.Input; /** * Indicates whether the contact is a person, company, association, or public organization. See the [AWS API documentation](https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_ContactDetail.html#Route53Domains-Type-domains_ContactDetail-ContactType) for valid values. */ contactType?: pulumi.Input; /** * Code for the country of the contact's address. See the [AWS API documentation](https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_ContactDetail.html#Route53Domains-Type-domains_ContactDetail-CountryCode) for valid values. */ countryCode?: pulumi.Input; /** * Email address of the contact. */ email?: pulumi.Input; /** * A list of name-value pairs for parameters required by certain top-level domains. */ extraParams?: pulumi.Input[]>; /** * Fax number of the contact. Phone number must be specified in the format "+[country dialing code].[number including any area code]". */ fax?: pulumi.Input; /** * First name of contact. */ firstName?: pulumi.Input; /** * Last name of contact. */ lastName?: pulumi.Input; /** * Name of the organization for contact types other than `PERSON`. */ organizationName?: pulumi.Input; /** * The phone number of the contact. Phone number must be specified in the format "+[country dialing code].[number including any area code]". */ phoneNumber?: pulumi.Input; /** * The state or province of the contact's city. */ state?: pulumi.Input; /** * The zip or postal code of the contact's address. */ zipCode?: pulumi.Input; } export interface DomainRegistrantContactExtraParam { /** * The name of an additional parameter that is required by a top-level domain. */ name: pulumi.Input; /** * The value that corresponds with the name of an extra parameter. */ value: pulumi.Input; } export interface DomainTechContact { /** * First line of the contact's address. */ addressLine1?: pulumi.Input; /** * Second line of contact's address, if any. */ addressLine2?: pulumi.Input; /** * The city of the contact's address. */ city?: pulumi.Input; /** * Indicates whether the contact is a person, company, association, or public organization. See the [AWS API documentation](https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_ContactDetail.html#Route53Domains-Type-domains_ContactDetail-ContactType) for valid values. */ contactType?: pulumi.Input; /** * Code for the country of the contact's address. See the [AWS API documentation](https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_ContactDetail.html#Route53Domains-Type-domains_ContactDetail-CountryCode) for valid values. */ countryCode?: pulumi.Input; /** * Email address of the contact. */ email?: pulumi.Input; /** * A list of name-value pairs for parameters required by certain top-level domains. */ extraParams?: pulumi.Input[]>; /** * Fax number of the contact. Phone number must be specified in the format "+[country dialing code].[number including any area code]". */ fax?: pulumi.Input; /** * First name of contact. */ firstName?: pulumi.Input; /** * Last name of contact. */ lastName?: pulumi.Input; /** * Name of the organization for contact types other than `PERSON`. */ organizationName?: pulumi.Input; /** * The phone number of the contact. Phone number must be specified in the format "+[country dialing code].[number including any area code]". */ phoneNumber?: pulumi.Input; /** * The state or province of the contact's city. */ state?: pulumi.Input; /** * The zip or postal code of the contact's address. */ zipCode?: pulumi.Input; } export interface DomainTechContactExtraParam { /** * The name of an additional parameter that is required by a top-level domain. */ name: pulumi.Input; /** * The value that corresponds with the name of an extra parameter. */ value: pulumi.Input; } export interface DomainTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface RegisteredDomainAdminContact { /** * First line of the contact's address. */ addressLine1?: pulumi.Input; /** * Second line of contact's address, if any. */ addressLine2?: pulumi.Input; /** * The city of the contact's address. */ city?: pulumi.Input; /** * Indicates whether the contact is a person, company, association, or public organization. See the [AWS API documentation](https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_ContactDetail.html#Route53Domains-Type-domains_ContactDetail-ContactType) for valid values. */ contactType?: pulumi.Input; /** * Code for the country of the contact's address. See the [AWS API documentation](https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_ContactDetail.html#Route53Domains-Type-domains_ContactDetail-CountryCode) for valid values. */ countryCode?: pulumi.Input; /** * Email address of the contact. */ email?: pulumi.Input; /** * A key-value map of parameters required by certain top-level domains. */ extraParams?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Fax number of the contact. Phone number must be specified in the format "+[country dialing code].[number including any area code]". */ fax?: pulumi.Input; /** * First name of contact. */ firstName?: pulumi.Input; /** * Last name of contact. */ lastName?: pulumi.Input; /** * Name of the organization for contact types other than `PERSON`. */ organizationName?: pulumi.Input; /** * The phone number of the contact. Phone number must be specified in the format "+[country dialing code].[number including any area code]". */ phoneNumber?: pulumi.Input; /** * The state or province of the contact's city. */ state?: pulumi.Input; /** * The zip or postal code of the contact's address. */ zipCode?: pulumi.Input; } export interface RegisteredDomainBillingContact { /** * First line of the contact's address. */ addressLine1?: pulumi.Input; /** * Second line of contact's address, if any. */ addressLine2?: pulumi.Input; /** * The city of the contact's address. */ city?: pulumi.Input; /** * Indicates whether the contact is a person, company, association, or public organization. See the [AWS API documentation](https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_ContactDetail.html#Route53Domains-Type-domains_ContactDetail-ContactType) for valid values. */ contactType?: pulumi.Input; /** * Code for the country of the contact's address. See the [AWS API documentation](https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_ContactDetail.html#Route53Domains-Type-domains_ContactDetail-CountryCode) for valid values. */ countryCode?: pulumi.Input; /** * Email address of the contact. */ email?: pulumi.Input; /** * A key-value map of parameters required by certain top-level domains. */ extraParams?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Fax number of the contact. Phone number must be specified in the format "+[country dialing code].[number including any area code]". */ fax?: pulumi.Input; /** * First name of contact. */ firstName?: pulumi.Input; /** * Last name of contact. */ lastName?: pulumi.Input; /** * Name of the organization for contact types other than `PERSON`. */ organizationName?: pulumi.Input; /** * The phone number of the contact. Phone number must be specified in the format "+[country dialing code].[number including any area code]". */ phoneNumber?: pulumi.Input; /** * The state or province of the contact's city. */ state?: pulumi.Input; /** * The zip or postal code of the contact's address. */ zipCode?: pulumi.Input; } export interface RegisteredDomainNameServer { /** * Glue IP addresses of a name server. The list can contain only one IPv4 and one IPv6 address. */ glueIps?: pulumi.Input[]>; /** * The fully qualified host name of the name server. */ name: pulumi.Input; } export interface RegisteredDomainRegistrantContact { /** * First line of the contact's address. */ addressLine1?: pulumi.Input; /** * Second line of contact's address, if any. */ addressLine2?: pulumi.Input; /** * The city of the contact's address. */ city?: pulumi.Input; /** * Indicates whether the contact is a person, company, association, or public organization. See the [AWS API documentation](https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_ContactDetail.html#Route53Domains-Type-domains_ContactDetail-ContactType) for valid values. */ contactType?: pulumi.Input; /** * Code for the country of the contact's address. See the [AWS API documentation](https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_ContactDetail.html#Route53Domains-Type-domains_ContactDetail-CountryCode) for valid values. */ countryCode?: pulumi.Input; /** * Email address of the contact. */ email?: pulumi.Input; /** * A key-value map of parameters required by certain top-level domains. */ extraParams?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Fax number of the contact. Phone number must be specified in the format "+[country dialing code].[number including any area code]". */ fax?: pulumi.Input; /** * First name of contact. */ firstName?: pulumi.Input; /** * Last name of contact. */ lastName?: pulumi.Input; /** * Name of the organization for contact types other than `PERSON`. */ organizationName?: pulumi.Input; /** * The phone number of the contact. Phone number must be specified in the format "+[country dialing code].[number including any area code]". */ phoneNumber?: pulumi.Input; /** * The state or province of the contact's city. */ state?: pulumi.Input; /** * The zip or postal code of the contact's address. */ zipCode?: pulumi.Input; } export interface RegisteredDomainTechContact { /** * First line of the contact's address. */ addressLine1?: pulumi.Input; /** * Second line of contact's address, if any. */ addressLine2?: pulumi.Input; /** * The city of the contact's address. */ city?: pulumi.Input; /** * Indicates whether the contact is a person, company, association, or public organization. See the [AWS API documentation](https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_ContactDetail.html#Route53Domains-Type-domains_ContactDetail-ContactType) for valid values. */ contactType?: pulumi.Input; /** * Code for the country of the contact's address. See the [AWS API documentation](https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_ContactDetail.html#Route53Domains-Type-domains_ContactDetail-CountryCode) for valid values. */ countryCode?: pulumi.Input; /** * Email address of the contact. */ email?: pulumi.Input; /** * A key-value map of parameters required by certain top-level domains. */ extraParams?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Fax number of the contact. Phone number must be specified in the format "+[country dialing code].[number including any area code]". */ fax?: pulumi.Input; /** * First name of contact. */ firstName?: pulumi.Input; /** * Last name of contact. */ lastName?: pulumi.Input; /** * Name of the organization for contact types other than `PERSON`. */ organizationName?: pulumi.Input; /** * The phone number of the contact. Phone number must be specified in the format "+[country dialing code].[number including any area code]". */ phoneNumber?: pulumi.Input; /** * The state or province of the contact's city. */ state?: pulumi.Input; /** * The zip or postal code of the contact's address. */ zipCode?: pulumi.Input; } } export namespace route53recoverycontrol { export interface ClusterClusterEndpoint { /** * Cluster endpoint. */ endpoint?: pulumi.Input; /** * Region of the endpoint. */ region?: pulumi.Input; } export interface SafetyRuleRuleConfig { /** * Logical negation of the rule. */ inverted: pulumi.Input; /** * Number of controls that must be set when you specify an `ATLEAST` type rule. */ threshold: pulumi.Input; /** * Rule type. Valid values are `ATLEAST`, `AND`, and `OR`. */ type: pulumi.Input; } } export namespace route53recoveryreadiness { export interface ResourceSetResource { componentId?: pulumi.Input; /** * Component for DNS/Routing Control Readiness Checks. */ dnsTargetResource?: pulumi.Input; /** * Recovery group ARN or cell ARN that contains this resource set. */ readinessScopes?: pulumi.Input[]>; /** * ARN of the resource. */ resourceArn?: pulumi.Input; } export interface ResourceSetResourceDnsTargetResource { /** * DNS Name that acts as the ingress point to a portion of application. */ domainName: pulumi.Input; /** * Hosted Zone ARN that contains the DNS record with the provided name of target resource. */ hostedZoneArn?: pulumi.Input; /** * Route53 record set id to uniquely identify a record given a `domainName` and a `recordType`. */ recordSetId?: pulumi.Input; /** * Type of DNS Record of target resource. */ recordType?: pulumi.Input; /** * Target resource the R53 record specified with the above params points to. */ targetResource?: pulumi.Input; } export interface ResourceSetResourceDnsTargetResourceTargetResource { /** * NLB resource a DNS Target Resource points to. Required if `r53Resource` is not set. */ nlbResource?: pulumi.Input; /** * Route53 resource a DNS Target Resource record points to. */ r53Resource?: pulumi.Input; } export interface ResourceSetResourceDnsTargetResourceTargetResourceNlbResource { /** * NLB resource ARN. */ arn?: pulumi.Input; } export interface ResourceSetResourceDnsTargetResourceTargetResourceR53Resource { /** * Domain name that is targeted. */ domainName?: pulumi.Input; /** * Resource record set ID that is targeted. */ recordSetId?: pulumi.Input; } } export namespace rum { export interface AppMonitorAppMonitorConfiguration { /** * If you set this to `true`, RUM web client sets two cookies, a session cookie and a user cookie. The cookies allow the RUM web client to collect data relating to the number of users an application has and the behavior of the application across a sequence of events. Cookies are stored in the top-level domain of the current page. */ allowCookies?: pulumi.Input; /** * If you set this to `true`, RUM enables X-Ray tracing for the user sessions that RUM samples. RUM adds an X-Ray trace header to allowed HTTP requests. It also records an X-Ray segment for allowed HTTP requests. */ enableXray?: pulumi.Input; /** * A list of URLs in your website or application to exclude from RUM data collection. */ excludedPages?: pulumi.Input[]>; /** * A list of pages in the CloudWatch RUM console that are to be displayed with a "favorite" icon. */ favoritePages?: pulumi.Input[]>; /** * The ARN of the guest IAM role that is attached to the Amazon Cognito identity pool that is used to authorize the sending of data to RUM. */ guestRoleArn?: pulumi.Input; /** * The ID of the Amazon Cognito identity pool that is used to authorize the sending of data to RUM. */ identityPoolId?: pulumi.Input; /** * If this app monitor is to collect data from only certain pages in your application, this structure lists those pages. */ includedPages?: pulumi.Input[]>; /** * Specifies the percentage of user sessions to use for RUM data collection. Choosing a higher percentage gives you more data but also incurs more costs. The number you specify is the percentage of user sessions that will be used. Default value is `0.1`. */ sessionSampleRate?: pulumi.Input; /** * An array that lists the types of telemetry data that this app monitor is to collect. Valid values are `errors`, `performance`, and `http`. */ telemetries?: pulumi.Input[]>; } export interface AppMonitorCustomEvents { /** * Specifies whether this app monitor allows the web client to define and send custom events. The default is for custom events to be `DISABLED`. Valid values are `DISABLED` and `ENABLED`. */ status?: pulumi.Input; } } export namespace s3 { export interface AccessPointPublicAccessBlockConfiguration { /** * Whether Amazon S3 should block public ACLs for buckets in this account. Defaults to `true`. Enabling this setting does not affect existing policies or ACLs. When set to `true` causes the following behavior: * * PUT Bucket acl and PUT Object acl calls fail if the specified ACL is public. * * PUT Object calls fail if the request includes a public ACL. * * PUT Bucket calls fail if the request includes a public ACL. */ blockPublicAcls?: pulumi.Input; /** * Whether Amazon S3 should block public bucket policies for buckets in this account. Defaults to `true`. Enabling this setting does not affect existing bucket policies. When set to `true` causes Amazon S3 to: * * Reject calls to PUT Bucket policy if the specified bucket policy allows public access. */ blockPublicPolicy?: pulumi.Input; /** * Whether Amazon S3 should ignore public ACLs for buckets in this account. Defaults to `true`. Enabling this setting does not affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set. When set to `true` causes Amazon S3 to: * * Ignore all public ACLs on buckets in this account and any objects that they contain. */ ignorePublicAcls?: pulumi.Input; /** * Whether Amazon S3 should restrict public bucket policies for buckets in this account. Defaults to `true`. Enabling this setting does not affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked. When set to `true`: * * Only the bucket owner and AWS Services can access buckets with public policies. */ restrictPublicBuckets?: pulumi.Input; } export interface AccessPointVpcConfiguration { /** * This access point will only allow connections from the specified VPC ID. */ vpcId: pulumi.Input; } export interface AnalyticsConfigurationFilter { /** * Object prefix for filtering. */ prefix?: pulumi.Input; /** * Set of object tags for filtering. */ tags?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface AnalyticsConfigurationStorageClassAnalysis { /** * Data export configuration (documented below). */ dataExport: pulumi.Input; } export interface AnalyticsConfigurationStorageClassAnalysisDataExport { /** * Specifies the destination for the exported analytics data (documented below). */ destination: pulumi.Input; /** * Schema version of exported analytics data. Allowed values: `V_1`. Default value: `V_1`. */ outputSchemaVersion?: pulumi.Input; } export interface AnalyticsConfigurationStorageClassAnalysisDataExportDestination { /** * Analytics data export currently only supports an S3 bucket destination (documented below). */ s3BucketDestination: pulumi.Input; } export interface AnalyticsConfigurationStorageClassAnalysisDataExportDestinationS3BucketDestination { /** * Account ID that owns the destination bucket. */ bucketAccountId?: pulumi.Input; /** * ARN of the destination bucket. */ bucketArn: pulumi.Input; /** * Output format of exported analytics data. Allowed values: `CSV`. Default value: `CSV`. */ format?: pulumi.Input; /** * Prefix to append to exported analytics data. */ prefix?: pulumi.Input; } export interface BucketAbacAbacStatus { /** * ABAC status of the general purpose bucket. * Valid values are `Enabled` and `Disabled`. * By default, ABAC is disabled for all Amazon S3 general purpose buckets. */ status: pulumi.Input; } export interface BucketAclAccessControlPolicy { /** * Set of `grant` configuration blocks. See below. */ grants?: pulumi.Input[]>; /** * Configuration block for the bucket owner's display name and ID. See below. */ owner: pulumi.Input; } export interface BucketAclAccessControlPolicyGrant { /** * Configuration block for the person being granted permissions. See below. */ grantee?: pulumi.Input; /** * Logging permissions assigned to the grantee for the bucket. Valid values: `FULL_CONTROL`, `WRITE`, `WRITE_ACP`, `READ`, `READ_ACP`. See [What permissions can I grant?](https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#permissions) for more details about what each permission means in the context of buckets. */ permission: pulumi.Input; } export interface BucketAclAccessControlPolicyGrantGrantee { /** * Display name of the owner. * * @deprecated display_name is deprecated. This attribute is no longer returned by AWS and will be removed in a future major version. */ displayName?: pulumi.Input; /** * Email address of the grantee. See [Regions and Endpoints](https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) for supported AWS regions where this argument can be specified. */ emailAddress?: pulumi.Input; /** * Canonical user ID of the grantee. */ id?: pulumi.Input; /** * Type of grantee. Valid values: `CanonicalUser`, `AmazonCustomerByEmail`, `Group`. */ type: pulumi.Input; /** * URI of the grantee group. */ uri?: pulumi.Input; } export interface BucketAclAccessControlPolicyOwner { /** * Display name of the owner. * * @deprecated display_name is deprecated. This attribute is no longer returned by AWS and will be removed in a future major version. */ displayName?: pulumi.Input; /** * ID of the owner. */ id: pulumi.Input; } export interface BucketAclV2AccessControlPolicy { /** * Set of `grant` configuration blocks. See below. */ grants?: pulumi.Input[]>; /** * Configuration block for the bucket owner's display name and ID. See below. */ owner: pulumi.Input; } export interface BucketAclV2AccessControlPolicyGrant { /** * Configuration block for the person being granted permissions. See below. */ grantee?: pulumi.Input; /** * Logging permissions assigned to the grantee for the bucket. Valid values: `FULL_CONTROL`, `WRITE`, `WRITE_ACP`, `READ`, `READ_ACP`. See [What permissions can I grant?](https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#permissions) for more details about what each permission means in the context of buckets. */ permission: pulumi.Input; } export interface BucketAclV2AccessControlPolicyGrantGrantee { /** * Display name of the owner. * * @deprecated display_name is deprecated. This attribute is no longer returned by AWS and will be removed in a future major version. */ displayName?: pulumi.Input; /** * Email address of the grantee. See [Regions and Endpoints](https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) for supported AWS regions where this argument can be specified. */ emailAddress?: pulumi.Input; /** * Canonical user ID of the grantee. */ id?: pulumi.Input; /** * Type of grantee. Valid values: `CanonicalUser`, `AmazonCustomerByEmail`, `Group`. */ type: pulumi.Input; /** * URI of the grantee group. */ uri?: pulumi.Input; } export interface BucketAclV2AccessControlPolicyOwner { /** * Display name of the owner. * * @deprecated display_name is deprecated. This attribute is no longer returned by AWS and will be removed in a future major version. */ displayName?: pulumi.Input; /** * ID of the owner. */ id: pulumi.Input; } export interface BucketCorsConfigurationCorsRule { /** * Set of Headers that are specified in the `Access-Control-Request-Headers` header. */ allowedHeaders?: pulumi.Input[]>; /** * Set of HTTP methods that you allow the origin to execute. Valid values are `GET`, `PUT`, `HEAD`, `POST`, and `DELETE`. */ allowedMethods: pulumi.Input[]>; /** * Set of origins you want customers to be able to access the bucket from. */ allowedOrigins: pulumi.Input[]>; /** * Set of headers in the response that you want customers to be able to access from their applications (for example, from a JavaScript `XMLHttpRequest` object). */ exposeHeaders?: pulumi.Input[]>; /** * Unique identifier for the rule. The value cannot be longer than 255 characters. */ id?: pulumi.Input; /** * Time in seconds that your browser is to cache the preflight response for the specified resource. */ maxAgeSeconds?: pulumi.Input; } export interface BucketCorsConfigurationV2CorsRule { /** * Set of Headers that are specified in the `Access-Control-Request-Headers` header. */ allowedHeaders?: pulumi.Input[]>; /** * Set of HTTP methods that you allow the origin to execute. Valid values are `GET`, `PUT`, `HEAD`, `POST`, and `DELETE`. */ allowedMethods: pulumi.Input[]>; /** * Set of origins you want customers to be able to access the bucket from. */ allowedOrigins: pulumi.Input[]>; /** * Set of headers in the response that you want customers to be able to access from their applications (for example, from a JavaScript `XMLHttpRequest` object). */ exposeHeaders?: pulumi.Input[]>; /** * Unique identifier for the rule. The value cannot be longer than 255 characters. */ id?: pulumi.Input; /** * Time in seconds that your browser is to cache the preflight response for the specified resource. */ maxAgeSeconds?: pulumi.Input; } export interface BucketCorsRule { /** * List of headers allowed. */ allowedHeaders?: pulumi.Input[]>; /** * One or more HTTP methods that you allow the origin to execute. Can be `GET`, `PUT`, `POST`, `DELETE` or `HEAD`. */ allowedMethods: pulumi.Input[]>; /** * One or more origins you want customers to be able to access the bucket from. */ allowedOrigins: pulumi.Input[]>; /** * One or more headers in the response that you want customers to be able to access from their applications (for example, from a JavaScript `XMLHttpRequest` object). */ exposeHeaders?: pulumi.Input[]>; /** * Specifies time in seconds that browser can cache the response for a preflight request. */ maxAgeSeconds?: pulumi.Input; } export interface BucketGrant { /** * Canonical user id to grant for. Used only when `type` is `CanonicalUser`. */ id?: pulumi.Input; /** * List of permissions to apply for grantee. Valid values are `READ`, `WRITE`, `READ_ACP`, `WRITE_ACP`, `FULL_CONTROL`. */ permissions: pulumi.Input[]>; /** * Type of grantee to apply for. Valid values are `CanonicalUser` and `Group`. `AmazonCustomerByEmail` is not supported. */ type: pulumi.Input; /** * Uri address to grant for. Used only when `type` is `Group`. */ uri?: pulumi.Input; } export interface BucketIntelligentTieringConfigurationFilter { /** * Object key name prefix that identifies the subset of objects to which the configuration applies. */ prefix?: pulumi.Input; /** * All of these tags must exist in the object's tag set in order for the configuration to apply. */ tags?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface BucketIntelligentTieringConfigurationTiering { /** * S3 Intelligent-Tiering access tier. Valid values: `ARCHIVE_ACCESS`, `DEEP_ARCHIVE_ACCESS`. */ accessTier: pulumi.Input; /** * Number of consecutive days of no access after which an object will be eligible to be transitioned to the corresponding tier. */ days: pulumi.Input; } export interface BucketLifecycleConfigurationRule { /** * Configuration block that specifies the days since the initiation of an incomplete multipart upload that Amazon S3 will wait before permanently removing all parts of the upload. See below. */ abortIncompleteMultipartUpload?: pulumi.Input; /** * Configuration block that specifies the expiration for the lifecycle of the object in the form of date, days and, whether the object has a delete marker. See below. */ expiration?: pulumi.Input; /** * Configuration block used to identify objects that a Lifecycle Rule applies to. * See below. */ filter?: pulumi.Input; /** * Unique identifier for the rule. The value cannot be longer than 255 characters. */ id: pulumi.Input; /** * Configuration block that specifies when noncurrent object versions expire. See below. */ noncurrentVersionExpiration?: pulumi.Input; /** * Set of configuration blocks that specify the transition rule for the lifecycle rule that describes when noncurrent objects transition to a specific storage class. See below. */ noncurrentVersionTransitions?: pulumi.Input[]>; /** * **DEPRECATED** Use `filter` instead. * This has been deprecated by Amazon S3. * Prefix identifying one or more objects to which the rule applies. * * @deprecated Specify a prefix using 'filter' instead */ prefix?: pulumi.Input; /** * Whether the rule is currently being applied. Valid values: `Enabled` or `Disabled`. */ status: pulumi.Input; /** * Set of configuration blocks that specify when an Amazon S3 object transitions to a specified storage class. See below. */ transitions?: pulumi.Input[]>; } export interface BucketLifecycleConfigurationRuleAbortIncompleteMultipartUpload { /** * Number of days after which Amazon S3 aborts an incomplete multipart upload. */ daysAfterInitiation?: pulumi.Input; } export interface BucketLifecycleConfigurationRuleExpiration { /** * Date the object is to be moved or deleted. The date value must be in [RFC3339 full-date format](https://datatracker.ietf.org/doc/html/rfc3339#section-5.6) e.g. `2023-08-22`. */ date?: pulumi.Input; /** * Lifetime, in days, of the objects that are subject to the rule. The value must be a non-zero positive integer. */ days?: pulumi.Input; /** * Indicates whether Amazon S3 will remove a delete marker with no noncurrent versions. If set to `true`, the delete marker will be expired; if set to `false` the policy takes no action. */ expiredObjectDeleteMarker?: pulumi.Input; } export interface BucketLifecycleConfigurationRuleFilter { /** * Configuration block used to apply a logical `AND` to two or more predicates. See below. The Lifecycle Rule will apply to any object matching all the predicates configured inside the `and` block. */ and?: pulumi.Input; /** * Minimum object size (in bytes) to which the rule applies. */ objectSizeGreaterThan?: pulumi.Input; /** * Maximum object size (in bytes) to which the rule applies. */ objectSizeLessThan?: pulumi.Input; /** * Prefix identifying one or more objects to which the rule applies. Defaults to an empty string (`""`) if not specified. */ prefix?: pulumi.Input; /** * Configuration block for specifying a tag key and value. See below. */ tag?: pulumi.Input; } export interface BucketLifecycleConfigurationRuleFilterAnd { /** * Minimum object size to which the rule applies. Value must be at least `0` if specified. Defaults to 128000 (128 KB) for all `storageClass` values unless `transitionDefaultMinimumObjectSize` specifies otherwise. */ objectSizeGreaterThan?: pulumi.Input; /** * Maximum object size to which the rule applies. Value must be at least `1` if specified. */ objectSizeLessThan?: pulumi.Input; /** * Prefix identifying one or more objects to which the rule applies. */ prefix?: pulumi.Input; /** * Key-value map of resource tags. * All of these tags must exist in the object's tag set in order for the rule to apply. * If set, must contain at least one key-value pair. */ tags?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface BucketLifecycleConfigurationRuleFilterTag { /** * Name of the object key. */ key: pulumi.Input; /** * Value of the tag. */ value: pulumi.Input; } export interface BucketLifecycleConfigurationRuleNoncurrentVersionExpiration { /** * Number of noncurrent versions Amazon S3 will retain. Must be a non-zero positive integer. */ newerNoncurrentVersions?: pulumi.Input; /** * Number of days an object is noncurrent before Amazon S3 can perform the associated action. Must be a positive integer. */ noncurrentDays: pulumi.Input; } export interface BucketLifecycleConfigurationRuleNoncurrentVersionTransition { /** * Number of noncurrent versions Amazon S3 will retain. Must be a non-zero positive integer. */ newerNoncurrentVersions?: pulumi.Input; /** * Number of days an object is noncurrent before Amazon S3 can perform the associated action. */ noncurrentDays: pulumi.Input; /** * Class of storage used to store the object. Valid Values: `GLACIER`, `STANDARD_IA`, `ONEZONE_IA`, `INTELLIGENT_TIERING`, `DEEP_ARCHIVE`, `GLACIER_IR`. */ storageClass: pulumi.Input; } export interface BucketLifecycleConfigurationRuleTransition { /** * Date objects are transitioned to the specified storage class. The date value must be in [RFC3339 full-date format](https://datatracker.ietf.org/doc/html/rfc3339#section-5.6) e.g. `2023-08-22`. */ date?: pulumi.Input; /** * Number of days after creation when objects are transitioned to the specified storage class. The value must be a positive integer. If both `days` and `date` are not specified, defaults to `0`. Valid values depend on `storageClass`, see [Transition objects using Amazon S3 Lifecycle](https://docs.aws.amazon.com/AmazonS3/latest/userguide/lifecycle-transition-general-considerations.html) for more details. */ days?: pulumi.Input; /** * Class of storage used to store the object. Valid Values: `GLACIER`, `STANDARD_IA`, `ONEZONE_IA`, `INTELLIGENT_TIERING`, `DEEP_ARCHIVE`, `GLACIER_IR`. */ storageClass: pulumi.Input; } export interface BucketLifecycleConfigurationTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface BucketLifecycleConfigurationV2Rule { /** * Configuration block that specifies the days since the initiation of an incomplete multipart upload that Amazon S3 will wait before permanently removing all parts of the upload. See below. */ abortIncompleteMultipartUpload?: pulumi.Input; /** * Configuration block that specifies the expiration for the lifecycle of the object in the form of date, days and, whether the object has a delete marker. See below. */ expiration?: pulumi.Input; /** * Configuration block used to identify objects that a Lifecycle Rule applies to. * See below. */ filter?: pulumi.Input; /** * Unique identifier for the rule. The value cannot be longer than 255 characters. */ id: pulumi.Input; /** * Configuration block that specifies when noncurrent object versions expire. See below. */ noncurrentVersionExpiration?: pulumi.Input; /** * Set of configuration blocks that specify the transition rule for the lifecycle rule that describes when noncurrent objects transition to a specific storage class. See below. */ noncurrentVersionTransitions?: pulumi.Input[]>; /** * **DEPRECATED** Use `filter` instead. * This has been deprecated by Amazon S3. * Prefix identifying one or more objects to which the rule applies. * * @deprecated Specify a prefix using 'filter' instead */ prefix?: pulumi.Input; /** * Whether the rule is currently being applied. Valid values: `Enabled` or `Disabled`. */ status: pulumi.Input; /** * Set of configuration blocks that specify when an Amazon S3 object transitions to a specified storage class. See below. */ transitions?: pulumi.Input[]>; } export interface BucketLifecycleConfigurationV2RuleAbortIncompleteMultipartUpload { /** * Number of days after which Amazon S3 aborts an incomplete multipart upload. */ daysAfterInitiation?: pulumi.Input; } export interface BucketLifecycleConfigurationV2RuleExpiration { /** * Date the object is to be moved or deleted. The date value must be in [RFC3339 full-date format](https://datatracker.ietf.org/doc/html/rfc3339#section-5.6) e.g. `2023-08-22`. */ date?: pulumi.Input; /** * Lifetime, in days, of the objects that are subject to the rule. The value must be a non-zero positive integer. */ days?: pulumi.Input; /** * Indicates whether Amazon S3 will remove a delete marker with no noncurrent versions. If set to `true`, the delete marker will be expired; if set to `false` the policy takes no action. */ expiredObjectDeleteMarker?: pulumi.Input; } export interface BucketLifecycleConfigurationV2RuleFilter { /** * Configuration block used to apply a logical `AND` to two or more predicates. See below. The Lifecycle Rule will apply to any object matching all the predicates configured inside the `and` block. */ and?: pulumi.Input; /** * Minimum object size (in bytes) to which the rule applies. */ objectSizeGreaterThan?: pulumi.Input; /** * Maximum object size (in bytes) to which the rule applies. */ objectSizeLessThan?: pulumi.Input; /** * Prefix identifying one or more objects to which the rule applies. Defaults to an empty string (`""`) if not specified. */ prefix?: pulumi.Input; /** * Configuration block for specifying a tag key and value. See below. */ tag?: pulumi.Input; } export interface BucketLifecycleConfigurationV2RuleFilterAnd { /** * Minimum object size to which the rule applies. Value must be at least `0` if specified. Defaults to 128000 (128 KB) for all `storageClass` values unless `transitionDefaultMinimumObjectSize` specifies otherwise. */ objectSizeGreaterThan?: pulumi.Input; /** * Maximum object size to which the rule applies. Value must be at least `1` if specified. */ objectSizeLessThan?: pulumi.Input; /** * Prefix identifying one or more objects to which the rule applies. */ prefix?: pulumi.Input; /** * Key-value map of resource tags. * All of these tags must exist in the object's tag set in order for the rule to apply. * If set, must contain at least one key-value pair. */ tags?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface BucketLifecycleConfigurationV2RuleFilterTag { /** * Name of the object key. */ key: pulumi.Input; /** * Value of the tag. */ value: pulumi.Input; } export interface BucketLifecycleConfigurationV2RuleNoncurrentVersionExpiration { /** * Number of noncurrent versions Amazon S3 will retain. Must be a non-zero positive integer. */ newerNoncurrentVersions?: pulumi.Input; /** * Number of days an object is noncurrent before Amazon S3 can perform the associated action. Must be a positive integer. */ noncurrentDays: pulumi.Input; } export interface BucketLifecycleConfigurationV2RuleNoncurrentVersionTransition { /** * Number of noncurrent versions Amazon S3 will retain. Must be a non-zero positive integer. */ newerNoncurrentVersions?: pulumi.Input; /** * Number of days an object is noncurrent before Amazon S3 can perform the associated action. */ noncurrentDays: pulumi.Input; /** * Class of storage used to store the object. Valid Values: `GLACIER`, `STANDARD_IA`, `ONEZONE_IA`, `INTELLIGENT_TIERING`, `DEEP_ARCHIVE`, `GLACIER_IR`. */ storageClass: pulumi.Input; } export interface BucketLifecycleConfigurationV2RuleTransition { /** * Date objects are transitioned to the specified storage class. The date value must be in [RFC3339 full-date format](https://datatracker.ietf.org/doc/html/rfc3339#section-5.6) e.g. `2023-08-22`. */ date?: pulumi.Input; /** * Number of days after creation when objects are transitioned to the specified storage class. The value must be a positive integer. If both `days` and `date` are not specified, defaults to `0`. Valid values depend on `storageClass`, see [Transition objects using Amazon S3 Lifecycle](https://docs.aws.amazon.com/AmazonS3/latest/userguide/lifecycle-transition-general-considerations.html) for more details. */ days?: pulumi.Input; /** * Class of storage used to store the object. Valid Values: `GLACIER`, `STANDARD_IA`, `ONEZONE_IA`, `INTELLIGENT_TIERING`, `DEEP_ARCHIVE`, `GLACIER_IR`. */ storageClass: pulumi.Input; } export interface BucketLifecycleConfigurationV2Timeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface BucketLifecycleRule { /** * Specifies the number of days after initiating a multipart upload when the multipart upload must be completed. */ abortIncompleteMultipartUploadDays?: pulumi.Input; /** * Specifies lifecycle rule status. */ enabled: pulumi.Input; /** * Specifies a period in the object's expire. See Expiration below for details. */ expiration?: pulumi.Input; /** * Unique identifier for the rule. Must be less than or equal to 255 characters in length. */ id?: pulumi.Input; /** * Specifies when noncurrent object versions expire. See Noncurrent Version Expiration below for details. */ noncurrentVersionExpiration?: pulumi.Input; /** * Specifies when noncurrent object versions transitions. See Noncurrent Version Transition below for details. */ noncurrentVersionTransitions?: pulumi.Input[]>; /** * Object key prefix identifying one or more objects to which the rule applies. */ prefix?: pulumi.Input; /** * Specifies object tags key and value. */ tags?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Specifies a period in the object's transitions. See Transition below for details. */ transitions?: pulumi.Input[]>; } export interface BucketLifecycleRuleExpiration { /** * Specifies the date after which you want the corresponding action to take effect. */ date?: pulumi.Input; /** * Specifies the number of days after object creation when the specific rule action takes effect. */ days?: pulumi.Input; /** * On a versioned bucket (versioning-enabled or versioning-suspended bucket), you can add this element in the lifecycle configuration to direct Amazon S3 to delete expired object delete markers. This cannot be specified with Days or Date in a Lifecycle Expiration Policy. */ expiredObjectDeleteMarker?: pulumi.Input; } export interface BucketLifecycleRuleNoncurrentVersionExpiration { /** * Specifies the number of days noncurrent object versions expire. */ days?: pulumi.Input; } export interface BucketLifecycleRuleNoncurrentVersionTransition { /** * Specifies the number of days noncurrent object versions transition. */ days?: pulumi.Input; /** * Specifies the Amazon S3 [storage class](https://docs.aws.amazon.com/AmazonS3/latest/API/API_Transition.html#AmazonS3-Type-Transition-StorageClass) to which you want the object to transition. */ storageClass: pulumi.Input; } export interface BucketLifecycleRuleTransition { /** * Specifies the date after which you want the corresponding action to take effect. */ date?: pulumi.Input; /** * Specifies the number of days after object creation when the specific rule action takes effect. */ days?: pulumi.Input; /** * Specifies the Amazon S3 [storage class](https://docs.aws.amazon.com/AmazonS3/latest/API/API_Transition.html#AmazonS3-Type-Transition-StorageClass) to which you want the object to transition. */ storageClass: pulumi.Input; } export interface BucketLogging { /** * Name of the bucket that will receive the log objects. */ targetBucket: pulumi.Input; /** * To specify a key prefix for log objects. */ targetPrefix?: pulumi.Input; } export interface BucketLoggingTargetGrant { /** * Configuration block for the person being granted permissions. See below. */ grantee: pulumi.Input; /** * Logging permissions assigned to the grantee for the bucket. Valid values: `FULL_CONTROL`, `READ`, `WRITE`. */ permission: pulumi.Input; } export interface BucketLoggingTargetGrantGrantee { /** * @deprecated display_name is deprecated. This attribute is no longer returned by AWS and will be removed in a future major version. */ displayName?: pulumi.Input; /** * Email address of the grantee. See [Regions and Endpoints](https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) for supported AWS regions where this argument can be specified. */ emailAddress?: pulumi.Input; /** * Canonical user ID of the grantee. */ id?: pulumi.Input; /** * Type of grantee. Valid values: `CanonicalUser`, `AmazonCustomerByEmail`, `Group`. */ type: pulumi.Input; /** * URI of the grantee group. */ uri?: pulumi.Input; } export interface BucketLoggingTargetObjectKeyFormat { /** * Partitioned S3 key for log objects, in the form `[targetPrefix][SourceAccountId]/[SourceRegion]/[SourceBucket]/[YYYY]/[MM]/[DD]/[YYYY]-[MM]-[DD]-[hh]-[mm]-[ss]-[UniqueString]`. Conflicts with `simplePrefix`. See below. */ partitionedPrefix?: pulumi.Input; /** * Use the simple format for S3 keys for log objects, in the form `[targetPrefix][YYYY]-[MM]-[DD]-[hh]-[mm]-[ss]-[UniqueString]`. To use, set `simplePrefix {}`. Conflicts with `partitionedPrefix`. */ simplePrefix?: pulumi.Input; } export interface BucketLoggingTargetObjectKeyFormatPartitionedPrefix { /** * Specifies the partition date source for the partitioned prefix. Valid values: `EventTime`, `DeliveryTime`. */ partitionDateSource: pulumi.Input; } export interface BucketLoggingTargetObjectKeyFormatSimplePrefix { } export interface BucketLoggingV2TargetGrant { /** * Configuration block for the person being granted permissions. See below. */ grantee: pulumi.Input; /** * Logging permissions assigned to the grantee for the bucket. Valid values: `FULL_CONTROL`, `READ`, `WRITE`. */ permission: pulumi.Input; } export interface BucketLoggingV2TargetGrantGrantee { /** * @deprecated display_name is deprecated. This attribute is no longer returned by AWS and will be removed in a future major version. */ displayName?: pulumi.Input; /** * Email address of the grantee. See [Regions and Endpoints](https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) for supported AWS regions where this argument can be specified. */ emailAddress?: pulumi.Input; /** * Canonical user ID of the grantee. */ id?: pulumi.Input; /** * Type of grantee. Valid values: `CanonicalUser`, `AmazonCustomerByEmail`, `Group`. */ type: pulumi.Input; /** * URI of the grantee group. */ uri?: pulumi.Input; } export interface BucketLoggingV2TargetObjectKeyFormat { /** * Partitioned S3 key for log objects, in the form `[targetPrefix][SourceAccountId]/[SourceRegion]/[SourceBucket]/[YYYY]/[MM]/[DD]/[YYYY]-[MM]-[DD]-[hh]-[mm]-[ss]-[UniqueString]`. Conflicts with `simplePrefix`. See below. */ partitionedPrefix?: pulumi.Input; /** * Use the simple format for S3 keys for log objects, in the form `[targetPrefix][YYYY]-[MM]-[DD]-[hh]-[mm]-[ss]-[UniqueString]`. To use, set `simplePrefix {}`. Conflicts with `partitionedPrefix`. */ simplePrefix?: pulumi.Input; } export interface BucketLoggingV2TargetObjectKeyFormatPartitionedPrefix { /** * Specifies the partition date source for the partitioned prefix. Valid values: `EventTime`, `DeliveryTime`. */ partitionDateSource: pulumi.Input; } export interface BucketLoggingV2TargetObjectKeyFormatSimplePrefix { } export interface BucketMetadataConfigurationMetadataConfiguration { /** * Destination information for the S3 Metadata configuration. */ destinations?: pulumi.Input[]>; /** * Inventory table configuration. See `inventoryTableConfiguration` Block for details. */ inventoryTableConfiguration: pulumi.Input; /** * Journal table configuration. See `journalTableConfiguration` Block for details. */ journalTableConfiguration: pulumi.Input; } export interface BucketMetadataConfigurationMetadataConfigurationDestination { /** * ARN of the table bucket where the metadata configuration is stored. */ tableBucketArn: pulumi.Input; /** * Type of the table bucket where the metadata configuration is stored. */ tableBucketType: pulumi.Input; /** * Namespace in the table bucket where the metadata tables for the metadata configuration are stored. */ tableNamespace: pulumi.Input; } export interface BucketMetadataConfigurationMetadataConfigurationInventoryTableConfiguration { /** * Configuration state of the inventory table, indicating whether the inventory table is enabled or disabled. Valid values: `ENABLED`, `DISABLED`. */ configurationState: pulumi.Input; /** * Encryption configuration for the inventory table. See `encryptionConfiguration` Block for details. */ encryptionConfiguration?: pulumi.Input; /** * Inventory table ARN. */ tableArn?: pulumi.Input; /** * Inventory table name. */ tableName?: pulumi.Input; } export interface BucketMetadataConfigurationMetadataConfigurationInventoryTableConfigurationEncryptionConfiguration { /** * KMS key ARN when `sseAlgorithm` is `aws:kms`. */ kmsKeyArn?: pulumi.Input; /** * Encryption type for the metadata table. Valid values: `aws:kms`, `AES256`. */ sseAlgorithm: pulumi.Input; } export interface BucketMetadataConfigurationMetadataConfigurationJournalTableConfiguration { /** * Encryption configuration for the journal table. See `encryptionConfiguration` Block for details. */ encryptionConfiguration?: pulumi.Input; /** * Journal table record expiration settings. See `recordExpiration` Block for details. */ recordExpiration: pulumi.Input; /** * Journal table ARN. */ tableArn?: pulumi.Input; /** * Journal table name. */ tableName?: pulumi.Input; } export interface BucketMetadataConfigurationMetadataConfigurationJournalTableConfigurationEncryptionConfiguration { /** * KMS key ARN when `sseAlgorithm` is `aws:kms`. */ kmsKeyArn?: pulumi.Input; /** * Encryption type for the metadata table. Valid values: `aws:kms`, `AES256`. */ sseAlgorithm: pulumi.Input; } export interface BucketMetadataConfigurationMetadataConfigurationJournalTableConfigurationRecordExpiration { /** * Number of days to retain journal table records. */ days?: pulumi.Input; /** * Whether journal table record expiration is enabled or disabled. Valid values: `ENABLED`, `DISABLED`. */ expiration: pulumi.Input; } export interface BucketMetadataConfigurationTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; } export interface BucketMetricFilter { /** * S3 Access Point ARN for filtering (singular). */ accessPoint?: pulumi.Input; /** * Object prefix for filtering (singular). */ prefix?: pulumi.Input; /** * Object tags for filtering (up to 10). */ tags?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface BucketNotificationLambdaFunction { /** * [Event](http://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html#notification-how-to-event-types-and-destinations) for which to send notifications. */ events: pulumi.Input[]>; /** * Object key name prefix. */ filterPrefix?: pulumi.Input; /** * Object key name suffix. */ filterSuffix?: pulumi.Input; /** * Unique identifier for each of the notification configurations. */ id?: pulumi.Input; /** * Lambda function ARN. */ lambdaFunctionArn?: pulumi.Input; } export interface BucketNotificationQueue { /** * Specifies [event](http://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html#notification-how-to-event-types-and-destinations) for which to send notifications. */ events: pulumi.Input[]>; /** * Object key name prefix. */ filterPrefix?: pulumi.Input; /** * Object key name suffix. */ filterSuffix?: pulumi.Input; /** * Unique identifier for each of the notification configurations. */ id?: pulumi.Input; /** * SQS queue ARN. */ queueArn: pulumi.Input; } export interface BucketNotificationTopic { /** * [Event](http://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html#notification-how-to-event-types-and-destinations) for which to send notifications. */ events: pulumi.Input[]>; /** * Object key name prefix. */ filterPrefix?: pulumi.Input; /** * Object key name suffix. */ filterSuffix?: pulumi.Input; /** * Unique identifier for each of the notification configurations. */ id?: pulumi.Input; /** * SNS topic ARN. */ topicArn: pulumi.Input; } export interface BucketObjectLockConfiguration { /** * Indicates whether this bucket has an Object Lock configuration enabled. Valid values are `true` or `false`. This argument is not supported in all regions or partitions. * * @deprecated object_lock_enabled is deprecated. Use the top-level parameter objectLockEnabled instead. */ objectLockEnabled?: pulumi.Input; /** * Object Lock rule in place for this bucket (documented below). * * @deprecated rule is deprecated. Use the aws.s3.BucketObjectLockConfiguration resource instead. */ rule?: pulumi.Input; } export interface BucketObjectLockConfigurationRule { /** * Configuration block for specifying the default Object Lock retention settings for new objects placed in the specified bucket. See below. */ defaultRetention: pulumi.Input; } export interface BucketObjectLockConfigurationRuleDefaultRetention { /** * Number of days that you want to specify for the default retention period. */ days?: pulumi.Input; /** * Default Object Lock retention mode you want to apply to new objects placed in the specified bucket. Valid values: `COMPLIANCE`, `GOVERNANCE`. */ mode?: pulumi.Input; /** * Number of years that you want to specify for the default retention period. */ years?: pulumi.Input; } export interface BucketObjectLockConfigurationV2Rule { /** * Configuration block for specifying the default Object Lock retention settings for new objects placed in the specified bucket. See below. */ defaultRetention: pulumi.Input; } export interface BucketObjectLockConfigurationV2RuleDefaultRetention { /** * Number of days that you want to specify for the default retention period. */ days?: pulumi.Input; /** * Default Object Lock retention mode you want to apply to new objects placed in the specified bucket. Valid values: `COMPLIANCE`, `GOVERNANCE`. */ mode?: pulumi.Input; /** * Number of years that you want to specify for the default retention period. */ years?: pulumi.Input; } export interface BucketObjectv2OverrideProvider { /** * Override the provider `defaultTags` configuration block. */ defaultTags?: pulumi.Input; } export interface BucketObjectv2OverrideProviderDefaultTags { /** * Map of tags to assign to the object. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. */ tags?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface BucketOwnershipControlsRule { /** * Object ownership. Valid values: `BucketOwnerPreferred`, `ObjectWriter` or `BucketOwnerEnforced` * * `BucketOwnerPreferred` - Objects uploaded to the bucket change ownership to the bucket owner if the objects are uploaded with the `bucket-owner-full-control` canned ACL. * * `ObjectWriter` - Uploading account will own the object if the object is uploaded with the `bucket-owner-full-control` canned ACL. * * `BucketOwnerEnforced` - Bucket owner automatically owns and has full control over every object in the bucket. ACLs no longer affect permissions to data in the S3 bucket. */ objectOwnership: pulumi.Input; } export interface BucketReplicationConfigRule { /** * Whether delete markers are replicated. This argument is only valid with V2 replication configurations (i.e., when `filter` is used)documented below. */ deleteMarkerReplication?: pulumi.Input; /** * Specifies the destination for the rule. See below. */ destination: pulumi.Input; /** * Replicate existing objects in the source bucket according to the rule configurations. See below. */ existingObjectReplication?: pulumi.Input; /** * Filter that identifies subset of objects to which the replication rule applies. See below. If not specified, the `rule` will default to using `prefix`. */ filter?: pulumi.Input; /** * Unique identifier for the rule. Must be less than or equal to 255 characters in length. */ id?: pulumi.Input; /** * Object key name prefix identifying one or more objects to which the rule applies. Must be less than or equal to 1024 characters in length. Defaults to an empty string (`""`) if `filter` is not specified. * * @deprecated prefix is deprecated. Use filter instead. */ prefix?: pulumi.Input; /** * Priority associated with the rule. Priority should only be set if `filter` is configured. If not provided, defaults to `0`. Priority must be unique between multiple rules. */ priority?: pulumi.Input; /** * Specifies special object selection criteria. See below. */ sourceSelectionCriteria?: pulumi.Input; /** * Status of the rule. Either `"Enabled"` or `"Disabled"`. The rule is ignored if status is not "Enabled". */ status: pulumi.Input; } export interface BucketReplicationConfigRuleDeleteMarkerReplication { /** * Whether delete markers should be replicated. Either `"Enabled"` or `"Disabled"`. */ status: pulumi.Input; } export interface BucketReplicationConfigRuleDestination { /** * Configuration block that specifies the overrides to use for object owners on replication. See below. Specify this only in a cross-account scenario (where source and destination bucket owners are not the same), and you want to change replica ownership to the AWS account that owns the destination bucket. If this is not specified in the replication configuration, the replicas are owned by same AWS account that owns the source object. Must be used in conjunction with `account` owner override configuration. */ accessControlTranslation?: pulumi.Input; /** * Account ID to specify the replica ownership. Must be used in conjunction with `accessControlTranslation` override configuration. */ account?: pulumi.Input; /** * ARN of the bucket where you want Amazon S3 to store the results. */ bucket: pulumi.Input; /** * Configuration block that provides information about encryption. See below. If `sourceSelectionCriteria` is specified, you must specify this element. */ encryptionConfiguration?: pulumi.Input; /** * Configuration block that specifies replication metrics-related settings enabling replication metrics and events. See below. */ metrics?: pulumi.Input; /** * Configuration block that specifies S3 Replication Time Control (S3 RTC), including whether S3 RTC is enabled and the time when all objects and operations on objects must be replicated. See below. Replication Time Control must be used in conjunction with `metrics`. */ replicationTime?: pulumi.Input; /** * The [storage class](https://docs.aws.amazon.com/AmazonS3/latest/API/API_Destination.html#AmazonS3-Type-Destination-StorageClass) used to store the object. By default, Amazon S3 uses the storage class of the source object to create the object replica. */ storageClass?: pulumi.Input; } export interface BucketReplicationConfigRuleDestinationAccessControlTranslation { /** * Specifies the replica ownership. For default and valid values, see [PUT bucket replication](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTreplication.html) in the Amazon S3 API Reference. Valid values: `Destination`. */ owner: pulumi.Input; } export interface BucketReplicationConfigRuleDestinationEncryptionConfiguration { /** * ID (Key ARN or Alias ARN) of the customer managed AWS KMS key stored in AWS Key Management Service (KMS) for the destination bucket. */ replicaKmsKeyId: pulumi.Input; } export interface BucketReplicationConfigRuleDestinationMetrics { /** * Configuration block that specifies the time threshold for emitting the `s3:Replication:OperationMissedThreshold` event. See below. */ eventThreshold?: pulumi.Input; /** * Status of the Destination Metrics. Either `"Enabled"` or `"Disabled"`. */ status: pulumi.Input; } export interface BucketReplicationConfigRuleDestinationMetricsEventThreshold { /** * Time in minutes. Valid values: `15`. */ minutes: pulumi.Input; } export interface BucketReplicationConfigRuleDestinationReplicationTime { /** * Status of the Replication Time Control. Either `"Enabled"` or `"Disabled"`. */ status: pulumi.Input; /** * Configuration block specifying the time by which replication should be complete for all objects and operations on objects. See below. */ time: pulumi.Input; } export interface BucketReplicationConfigRuleDestinationReplicationTimeTime { /** * Time in minutes. Valid values: `15`. */ minutes: pulumi.Input; } export interface BucketReplicationConfigRuleExistingObjectReplication { /** * Whether the existing objects should be replicated. Either `"Enabled"` or `"Disabled"`. */ status: pulumi.Input; } export interface BucketReplicationConfigRuleFilter { /** * Configuration block for specifying rule filters. This element is required only if you specify more than one filter. See and below for more details. */ and?: pulumi.Input; /** * Object key name prefix that identifies subset of objects to which the rule applies. Must be less than or equal to 1024 characters in length. */ prefix?: pulumi.Input; /** * Configuration block for specifying a tag key and value. See below. */ tag?: pulumi.Input; } export interface BucketReplicationConfigRuleFilterAnd { /** * Object key name prefix that identifies subset of objects to which the rule applies. Must be less than or equal to 1024 characters in length. */ prefix?: pulumi.Input; /** * Map of tags (key and value pairs) that identifies a subset of objects to which the rule applies. The rule applies only to objects having all the tags in its tagset. */ tags?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface BucketReplicationConfigRuleFilterTag { /** * Name of the object key. */ key: pulumi.Input; /** * Value of the tag. */ value: pulumi.Input; } export interface BucketReplicationConfigRuleSourceSelectionCriteria { /** * Configuration block that you can specify for selections for modifications on replicas. Amazon S3 doesn't replicate replica modifications by default. In the latest version of replication configuration (when `filter` is specified), you can specify this element and set the status to `Enabled` to replicate modifications on replicas. */ replicaModifications?: pulumi.Input; /** * Configuration block for filter information for the selection of Amazon S3 objects encrypted with AWS KMS. If specified, `replicaKmsKeyId` in `destination` `encryptionConfiguration` must be specified as well. */ sseKmsEncryptedObjects?: pulumi.Input; } export interface BucketReplicationConfigRuleSourceSelectionCriteriaReplicaModifications { /** * Whether the existing objects should be replicated. Either `"Enabled"` or `"Disabled"`. */ status: pulumi.Input; } export interface BucketReplicationConfigRuleSourceSelectionCriteriaSseKmsEncryptedObjects { /** * Whether the existing objects should be replicated. Either `"Enabled"` or `"Disabled"`. */ status: pulumi.Input; } export interface BucketReplicationConfiguration { /** * ARN of the IAM role for Amazon S3 to assume when replicating the objects. */ role: pulumi.Input; /** * Specifies the rules managing the replication (documented below). */ rules: pulumi.Input[]>; } export interface BucketReplicationConfigurationRule { /** * Whether delete markers are replicated. The only valid value is `Enabled`. To disable, omit this argument. This argument is only valid with V2 replication configurations (i.e., when `filter` is used). */ deleteMarkerReplicationStatus?: pulumi.Input; /** * Specifies the destination for the rule (documented below). */ destination: pulumi.Input; /** * Filter that identifies subset of objects to which the replication rule applies (documented below). */ filter?: pulumi.Input; /** * Unique identifier for the rule. Must be less than or equal to 255 characters in length. */ id?: pulumi.Input; /** * Object keyname prefix identifying one or more objects to which the rule applies. Must be less than or equal to 1024 characters in length. */ prefix?: pulumi.Input; /** * Priority associated with the rule. Priority should only be set if `filter` is configured. If not provided, defaults to `0`. Priority must be unique between multiple rules. */ priority?: pulumi.Input; /** * Specifies special object selection criteria (documented below). */ sourceSelectionCriteria?: pulumi.Input; /** * Status of the rule. Either `Enabled` or `Disabled`. The rule is ignored if status is not Enabled. */ status: pulumi.Input; } export interface BucketReplicationConfigurationRuleDestination { /** * Specifies the overrides to use for object owners on replication (documented below). Must be used in conjunction with `accountId` owner override configuration. */ accessControlTranslation?: pulumi.Input; /** * Account ID to use for overriding the object owner on replication. Must be used in conjunction with `accessControlTranslation` override configuration. */ accountId?: pulumi.Input; /** * ARN of the S3 bucket where you want Amazon S3 to store replicas of the object identified by the rule. */ bucket: pulumi.Input; /** * Enables replication metrics (required for S3 RTC) (documented below). */ metrics?: pulumi.Input; /** * Destination KMS encryption key ARN for SSE-KMS replication. Must be used in conjunction with * `sseKmsEncryptedObjects` source selection criteria. */ replicaKmsKeyId?: pulumi.Input; /** * Enables S3 Replication Time Control (S3 RTC) (documented below). */ replicationTime?: pulumi.Input; /** * The [storage class](https://docs.aws.amazon.com/AmazonS3/latest/API/API_Destination.html#AmazonS3-Type-Destination-StorageClass) used to store the object. By default, Amazon S3 uses the storage class of the source object to create the object replica. */ storageClass?: pulumi.Input; } export interface BucketReplicationConfigurationRuleDestinationAccessControlTranslation { /** * Specifies the replica ownership. For default and valid values, see [PUT bucket replication](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketReplication.html) in the Amazon S3 API Reference. The only valid value is `Destination`. */ owner: pulumi.Input; } export interface BucketReplicationConfigurationRuleDestinationMetrics { /** * Threshold within which objects are to be replicated. The only valid value is `15`. */ minutes?: pulumi.Input; /** * Status of replication metrics. Either `Enabled` or `Disabled`. */ status?: pulumi.Input; } export interface BucketReplicationConfigurationRuleDestinationReplicationTime { /** * Threshold within which objects are to be replicated. The only valid value is `15`. */ minutes?: pulumi.Input; /** * Status of RTC. Either `Enabled` or `Disabled`. */ status?: pulumi.Input; } export interface BucketReplicationConfigurationRuleFilter { /** * Object keyname prefix that identifies subset of objects to which the rule applies. Must be less than or equal to 1024 characters in length. */ prefix?: pulumi.Input; /** * A map of tags that identifies subset of objects to which the rule applies. * The rule applies only to objects having all the tags in its tagset. */ tags?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface BucketReplicationConfigurationRuleSourceSelectionCriteria { /** * Match SSE-KMS encrypted objects (documented below). If specified, `replicaKmsKeyId` * in `destination` must be specified as well. */ sseKmsEncryptedObjects?: pulumi.Input; } export interface BucketReplicationConfigurationRuleSourceSelectionCriteriaSseKmsEncryptedObjects { /** * Boolean which indicates if this criteria is enabled. */ enabled: pulumi.Input; } export interface BucketServerSideEncryptionConfiguration { /** * Single object for server-side encryption by default configuration. (documented below) */ rule: pulumi.Input; } export interface BucketServerSideEncryptionConfigurationRule { /** * Single object for setting server-side encryption by default. See below. */ applyServerSideEncryptionByDefault?: pulumi.Input; /** * List of server-side encryption types to block for object uploads. Valid values are `SSE-C` (blocks uploads using server-side encryption with customer-provided keys) and `NONE` (unblocks all encryption types). Starting in March 2026, Amazon S3 will automatically block SSE-C uploads for all new buckets. */ blockedEncryptionTypes?: pulumi.Input[]>; /** * Whether or not to use [Amazon S3 Bucket Keys](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html) for SSE-KMS. */ bucketKeyEnabled?: pulumi.Input; } export interface BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefault { /** * AWS KMS master key ID used for the SSE-KMS encryption. This can only be used when you set the value of `sseAlgorithm` as `aws:kms`. The default `aws/s3` AWS KMS master key is used if this element is absent while the `sseAlgorithm` is `aws:kms`. */ kmsMasterKeyId?: pulumi.Input; /** * Server-side encryption algorithm to use. Valid values are `AES256`, `aws:kms`, and `aws:kms:dsse` */ sseAlgorithm: pulumi.Input; } export interface BucketServerSideEncryptionConfigurationV2Rule { /** * Single object for setting server-side encryption by default. See below. */ applyServerSideEncryptionByDefault?: pulumi.Input; /** * List of server-side encryption types to block for object uploads. Valid values are `SSE-C` (blocks uploads using server-side encryption with customer-provided keys) and `NONE` (unblocks all encryption types). Starting in March 2026, Amazon S3 will automatically block SSE-C uploads for all new buckets. */ blockedEncryptionTypes?: pulumi.Input[]>; /** * Whether or not to use [Amazon S3 Bucket Keys](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html) for SSE-KMS. */ bucketKeyEnabled?: pulumi.Input; } export interface BucketServerSideEncryptionConfigurationV2RuleApplyServerSideEncryptionByDefault { /** * AWS KMS master key ID used for the SSE-KMS encryption. This can only be used when you set the value of `sseAlgorithm` as `aws:kms`. The default `aws/s3` AWS KMS master key is used if this element is absent while the `sseAlgorithm` is `aws:kms`. */ kmsMasterKeyId?: pulumi.Input; /** * Server-side encryption algorithm to use. Valid values are `AES256`, `aws:kms`, and `aws:kms:dsse` */ sseAlgorithm: pulumi.Input; } export interface BucketV2CorsRule { /** * List of headers allowed. */ allowedHeaders?: pulumi.Input[]>; /** * One or more HTTP methods that you allow the origin to execute. Can be `GET`, `PUT`, `POST`, `DELETE` or `HEAD`. */ allowedMethods: pulumi.Input[]>; /** * One or more origins you want customers to be able to access the bucket from. */ allowedOrigins: pulumi.Input[]>; /** * One or more headers in the response that you want customers to be able to access from their applications (for example, from a JavaScript `XMLHttpRequest` object). */ exposeHeaders?: pulumi.Input[]>; /** * Specifies time in seconds that browser can cache the response for a preflight request. */ maxAgeSeconds?: pulumi.Input; } export interface BucketV2Grant { /** * Canonical user id to grant for. Used only when `type` is `CanonicalUser`. */ id?: pulumi.Input; /** * List of permissions to apply for grantee. Valid values are `READ`, `WRITE`, `READ_ACP`, `WRITE_ACP`, `FULL_CONTROL`. */ permissions: pulumi.Input[]>; /** * Type of grantee to apply for. Valid values are `CanonicalUser` and `Group`. `AmazonCustomerByEmail` is not supported. */ type: pulumi.Input; /** * Uri address to grant for. Used only when `type` is `Group`. */ uri?: pulumi.Input; } export interface BucketV2LifecycleRule { /** * Specifies the number of days after initiating a multipart upload when the multipart upload must be completed. */ abortIncompleteMultipartUploadDays?: pulumi.Input; /** * Specifies lifecycle rule status. */ enabled: pulumi.Input; /** * Specifies a period in the object's expire. See Expiration below for details. */ expirations?: pulumi.Input[]>; /** * Unique identifier for the rule. Must be less than or equal to 255 characters in length. */ id?: pulumi.Input; /** * Specifies when noncurrent object versions expire. See Noncurrent Version Expiration below for details. */ noncurrentVersionExpirations?: pulumi.Input[]>; /** * Specifies when noncurrent object versions transitions. See Noncurrent Version Transition below for details. */ noncurrentVersionTransitions?: pulumi.Input[]>; /** * Object key prefix identifying one or more objects to which the rule applies. */ prefix?: pulumi.Input; /** * Specifies object tags key and value. */ tags?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Specifies a period in the object's transitions. See Transition below for details. */ transitions?: pulumi.Input[]>; } export interface BucketV2LifecycleRuleExpiration { /** * Specifies the date after which you want the corresponding action to take effect. */ date?: pulumi.Input; /** * Specifies the number of days after object creation when the specific rule action takes effect. */ days?: pulumi.Input; /** * On a versioned bucket (versioning-enabled or versioning-suspended bucket), you can add this element in the lifecycle configuration to direct Amazon S3 to delete expired object delete markers. This cannot be specified with Days or Date in a Lifecycle Expiration Policy. */ expiredObjectDeleteMarker?: pulumi.Input; } export interface BucketV2LifecycleRuleNoncurrentVersionExpiration { /** * Specifies the number of days noncurrent object versions expire. */ days?: pulumi.Input; } export interface BucketV2LifecycleRuleNoncurrentVersionTransition { /** * Specifies the number of days noncurrent object versions transition. */ days?: pulumi.Input; /** * Specifies the Amazon S3 [storage class](https://docs.aws.amazon.com/AmazonS3/latest/API/API_Transition.html#AmazonS3-Type-Transition-StorageClass) to which you want the object to transition. */ storageClass: pulumi.Input; } export interface BucketV2LifecycleRuleTransition { /** * Specifies the date after which you want the corresponding action to take effect. */ date?: pulumi.Input; /** * Specifies the number of days after object creation when the specific rule action takes effect. */ days?: pulumi.Input; /** * Specifies the Amazon S3 [storage class](https://docs.aws.amazon.com/AmazonS3/latest/API/API_Transition.html#AmazonS3-Type-Transition-StorageClass) to which you want the object to transition. */ storageClass: pulumi.Input; } export interface BucketV2Logging { /** * Name of the bucket that will receive the log objects. */ targetBucket: pulumi.Input; /** * To specify a key prefix for log objects. */ targetPrefix?: pulumi.Input; } export interface BucketV2ObjectLockConfiguration { /** * Indicates whether this bucket has an Object Lock configuration enabled. Valid values are `true` or `false`. This argument is not supported in all regions or partitions. * * @deprecated object_lock_enabled is deprecated. Use the top-level parameter objectLockEnabled instead. */ objectLockEnabled?: pulumi.Input; /** * Object Lock rule in place for this bucket (documented below). * * @deprecated rule is deprecated. Use the aws.s3.BucketObjectLockConfiguration resource instead. */ rules?: pulumi.Input[]>; } export interface BucketV2ObjectLockConfigurationRule { /** * Default retention period that you want to apply to new objects placed in this bucket (documented below). */ defaultRetentions: pulumi.Input[]>; } export interface BucketV2ObjectLockConfigurationRuleDefaultRetention { /** * Number of days that you want to specify for the default retention period. */ days?: pulumi.Input; /** * Default Object Lock retention mode you want to apply to new objects placed in this bucket. Valid values are `GOVERNANCE` and `COMPLIANCE`. */ mode: pulumi.Input; /** * Number of years that you want to specify for the default retention period. */ years?: pulumi.Input; } export interface BucketV2ReplicationConfiguration { /** * ARN of the IAM role for Amazon S3 to assume when replicating the objects. */ role: pulumi.Input; /** * Specifies the rules managing the replication (documented below). */ rules: pulumi.Input[]>; } export interface BucketV2ReplicationConfigurationRule { /** * Whether delete markers are replicated. The only valid value is `Enabled`. To disable, omit this argument. This argument is only valid with V2 replication configurations (i.e., when `filter` is used). */ deleteMarkerReplicationStatus?: pulumi.Input; /** * Specifies the destination for the rule (documented below). */ destinations: pulumi.Input[]>; /** * Filter that identifies subset of objects to which the replication rule applies (documented below). */ filters?: pulumi.Input[]>; /** * Unique identifier for the rule. Must be less than or equal to 255 characters in length. */ id?: pulumi.Input; /** * Object keyname prefix identifying one or more objects to which the rule applies. Must be less than or equal to 1024 characters in length. */ prefix?: pulumi.Input; /** * Priority associated with the rule. Priority should only be set if `filter` is configured. If not provided, defaults to `0`. Priority must be unique between multiple rules. */ priority?: pulumi.Input; /** * Specifies special object selection criteria (documented below). */ sourceSelectionCriterias?: pulumi.Input[]>; /** * Status of the rule. Either `Enabled` or `Disabled`. The rule is ignored if status is not Enabled. */ status: pulumi.Input; } export interface BucketV2ReplicationConfigurationRuleDestination { /** * Specifies the overrides to use for object owners on replication (documented below). Must be used in conjunction with `accountId` owner override configuration. */ accessControlTranslations?: pulumi.Input[]>; /** * Account ID to use for overriding the object owner on replication. Must be used in conjunction with `accessControlTranslation` override configuration. */ accountId?: pulumi.Input; /** * ARN of the S3 bucket where you want Amazon S3 to store replicas of the object identified by the rule. */ bucket: pulumi.Input; /** * Enables replication metrics (required for S3 RTC) (documented below). */ metrics?: pulumi.Input[]>; /** * Destination KMS encryption key ARN for SSE-KMS replication. Must be used in conjunction with * `sseKmsEncryptedObjects` source selection criteria. */ replicaKmsKeyId?: pulumi.Input; /** * Enables S3 Replication Time Control (S3 RTC) (documented below). */ replicationTimes?: pulumi.Input[]>; /** * The [storage class](https://docs.aws.amazon.com/AmazonS3/latest/API/API_Destination.html#AmazonS3-Type-Destination-StorageClass) used to store the object. By default, Amazon S3 uses the storage class of the source object to create the object replica. */ storageClass?: pulumi.Input; } export interface BucketV2ReplicationConfigurationRuleDestinationAccessControlTranslation { /** * Specifies the replica ownership. For default and valid values, see [PUT bucket replication](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketReplication.html) in the Amazon S3 API Reference. The only valid value is `Destination`. */ owner: pulumi.Input; } export interface BucketV2ReplicationConfigurationRuleDestinationMetric { /** * Threshold within which objects are to be replicated. The only valid value is `15`. */ minutes?: pulumi.Input; /** * Status of replication metrics. Either `Enabled` or `Disabled`. */ status?: pulumi.Input; } export interface BucketV2ReplicationConfigurationRuleDestinationReplicationTime { /** * Threshold within which objects are to be replicated. The only valid value is `15`. */ minutes?: pulumi.Input; /** * Status of RTC. Either `Enabled` or `Disabled`. */ status?: pulumi.Input; } export interface BucketV2ReplicationConfigurationRuleFilter { /** * Object keyname prefix that identifies subset of objects to which the rule applies. Must be less than or equal to 1024 characters in length. */ prefix?: pulumi.Input; /** * A map of tags that identifies subset of objects to which the rule applies. * The rule applies only to objects having all the tags in its tagset. */ tags?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface BucketV2ReplicationConfigurationRuleSourceSelectionCriteria { /** * Match SSE-KMS encrypted objects (documented below). If specified, `replicaKmsKeyId` * in `destination` must be specified as well. */ sseKmsEncryptedObjects?: pulumi.Input[]>; } export interface BucketV2ReplicationConfigurationRuleSourceSelectionCriteriaSseKmsEncryptedObject { /** * Boolean which indicates if this criteria is enabled. */ enabled: pulumi.Input; } export interface BucketV2ServerSideEncryptionConfiguration { /** * Single object for server-side encryption by default configuration. (documented below) */ rules: pulumi.Input[]>; } export interface BucketV2ServerSideEncryptionConfigurationRule { /** * Single object for setting server-side encryption by default. (documented below) */ applyServerSideEncryptionByDefaults: pulumi.Input[]>; /** * Whether or not to use [Amazon S3 Bucket Keys](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html) for SSE-KMS. */ bucketKeyEnabled?: pulumi.Input; } export interface BucketV2ServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefault { /** * AWS KMS master key ID used for the SSE-KMS encryption. This can only be used when you set the value of `sseAlgorithm` as `aws:kms`. The default `aws/s3` AWS KMS master key is used if this element is absent while the `sseAlgorithm` is `aws:kms`. */ kmsMasterKeyId?: pulumi.Input; /** * Server-side encryption algorithm to use. Valid values are `AES256` and `aws:kms` */ sseAlgorithm: pulumi.Input; } export interface BucketV2Versioning { /** * Enable versioning. Once you version-enable a bucket, it can never return to an unversioned state. You can, however, suspend versioning on that bucket. */ enabled?: pulumi.Input; /** * Enable MFA delete for either `Change the versioning state of your bucket` or `Permanently delete an object version`. Default is `false`. This cannot be used to toggle this setting but is available to allow managed buckets to reflect the state in AWS */ mfaDelete?: pulumi.Input; } export interface BucketV2Website { /** * Absolute path to the document to return in case of a 4XX error. */ errorDocument?: pulumi.Input; /** * Amazon S3 returns this index document when requests are made to the root domain or any of the subfolders. */ indexDocument?: pulumi.Input; /** * Hostname to redirect all website requests for this bucket to. Hostname can optionally be prefixed with a protocol (`http://` or `https://`) to use when redirecting requests. The default is the protocol that is used in the original request. */ redirectAllRequestsTo?: pulumi.Input; /** * JSON array containing [routing rules](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-websiteconfiguration-routingrules.html) * describing redirect behavior and when redirects are applied. */ routingRules?: pulumi.Input; } export interface BucketVersioning { /** * Enable versioning. Once you version-enable a bucket, it can never return to an unversioned state. You can, however, suspend versioning on that bucket. */ enabled?: pulumi.Input; /** * Enable MFA delete for either `Change the versioning state of your bucket` or `Permanently delete an object version`. Default is `false`. This cannot be used to toggle this setting but is available to allow managed buckets to reflect the state in AWS */ mfaDelete?: pulumi.Input; } export interface BucketVersioningV2VersioningConfiguration { /** * Specifies whether MFA delete is enabled in the bucket versioning configuration. Valid values: `Enabled` or `Disabled`. */ mfaDelete?: pulumi.Input; /** * Versioning state of the bucket. Valid values: `Enabled`, `Suspended`, or `Disabled`. `Disabled` should only be used when creating or importing resources that correspond to unversioned S3 buckets. */ status: pulumi.Input; } export interface BucketVersioningVersioningConfiguration { /** * Specifies whether MFA delete is enabled in the bucket versioning configuration. Valid values: `Enabled` or `Disabled`. */ mfaDelete?: pulumi.Input; /** * Versioning state of the bucket. Valid values: `Enabled`, `Suspended`, or `Disabled`. `Disabled` should only be used when creating or importing resources that correspond to unversioned S3 buckets. */ status: pulumi.Input; } export interface BucketWebsite { /** * Absolute path to the document to return in case of a 4XX error. */ errorDocument?: pulumi.Input; /** * Amazon S3 returns this index document when requests are made to the root domain or any of the subfolders. */ indexDocument?: pulumi.Input; /** * Hostname to redirect all website requests for this bucket to. Hostname can optionally be prefixed with a protocol (`http://` or `https://`) to use when redirecting requests. The default is the protocol that is used in the original request. */ redirectAllRequestsTo?: pulumi.Input; /** * JSON array containing [routing rules](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-websiteconfiguration-routingrules.html) * describing redirect behavior and when redirects are applied. */ routingRules?: pulumi.Input; } export interface BucketWebsiteConfigurationErrorDocument { /** * Object key name to use when a 4XX class error occurs. */ key: pulumi.Input; } export interface BucketWebsiteConfigurationIndexDocument { /** * Suffix that is appended to a request that is for a directory on the website endpoint. * For example, if the suffix is `index.html` and you make a request to `samplebucket/images/`, the data that is returned will be for the object with the key name `images/index.html`. * The suffix must not be empty and must not include a slash character. */ suffix: pulumi.Input; } export interface BucketWebsiteConfigurationRedirectAllRequestsTo { /** * Name of the host where requests are redirected. */ hostName: pulumi.Input; /** * Protocol to use when redirecting requests. The default is the protocol that is used in the original request. Valid values: `http`, `https`. */ protocol?: pulumi.Input; } export interface BucketWebsiteConfigurationRoutingRule { /** * Configuration block for describing a condition that must be met for the specified redirect to apply. See below. */ condition?: pulumi.Input; /** * Configuration block for redirect information. See below. */ redirect: pulumi.Input; } export interface BucketWebsiteConfigurationRoutingRuleCondition { /** * HTTP error code when the redirect is applied. If specified with `keyPrefixEquals`, then both must be true for the redirect to be applied. */ httpErrorCodeReturnedEquals?: pulumi.Input; /** * Object key name prefix when the redirect is applied. If specified with `httpErrorCodeReturnedEquals`, then both must be true for the redirect to be applied. */ keyPrefixEquals?: pulumi.Input; } export interface BucketWebsiteConfigurationRoutingRuleRedirect { /** * Host name to use in the redirect request. */ hostName?: pulumi.Input; /** * HTTP redirect code to use on the response. */ httpRedirectCode?: pulumi.Input; /** * Protocol to use when redirecting requests. The default is the protocol that is used in the original request. Valid values: `http`, `https`. */ protocol?: pulumi.Input; /** * Object key prefix to use in the redirect request. For example, to redirect requests for all pages with prefix `docs/` (objects in the `docs/` folder) to `documents/`, you can set a `condition` block with `keyPrefixEquals` set to `docs/` and in the `redirect` set `replaceKeyPrefixWith` to `/documents`. */ replaceKeyPrefixWith?: pulumi.Input; /** * Specific object key to use in the redirect request. For example, redirect request to `error.html`. */ replaceKeyWith?: pulumi.Input; } export interface BucketWebsiteConfigurationV2ErrorDocument { /** * Object key name to use when a 4XX class error occurs. */ key: pulumi.Input; } export interface BucketWebsiteConfigurationV2IndexDocument { /** * Suffix that is appended to a request that is for a directory on the website endpoint. * For example, if the suffix is `index.html` and you make a request to `samplebucket/images/`, the data that is returned will be for the object with the key name `images/index.html`. * The suffix must not be empty and must not include a slash character. */ suffix: pulumi.Input; } export interface BucketWebsiteConfigurationV2RedirectAllRequestsTo { /** * Name of the host where requests are redirected. */ hostName: pulumi.Input; /** * Protocol to use when redirecting requests. The default is the protocol that is used in the original request. Valid values: `http`, `https`. */ protocol?: pulumi.Input; } export interface BucketWebsiteConfigurationV2RoutingRule { /** * Configuration block for describing a condition that must be met for the specified redirect to apply. See below. */ condition?: pulumi.Input; /** * Configuration block for redirect information. See below. */ redirect: pulumi.Input; } export interface BucketWebsiteConfigurationV2RoutingRuleCondition { /** * HTTP error code when the redirect is applied. If specified with `keyPrefixEquals`, then both must be true for the redirect to be applied. */ httpErrorCodeReturnedEquals?: pulumi.Input; /** * Object key name prefix when the redirect is applied. If specified with `httpErrorCodeReturnedEquals`, then both must be true for the redirect to be applied. */ keyPrefixEquals?: pulumi.Input; } export interface BucketWebsiteConfigurationV2RoutingRuleRedirect { /** * Host name to use in the redirect request. */ hostName?: pulumi.Input; /** * HTTP redirect code to use on the response. */ httpRedirectCode?: pulumi.Input; /** * Protocol to use when redirecting requests. The default is the protocol that is used in the original request. Valid values: `http`, `https`. */ protocol?: pulumi.Input; /** * Object key prefix to use in the redirect request. For example, to redirect requests for all pages with prefix `docs/` (objects in the `docs/` folder) to `documents/`, you can set a `condition` block with `keyPrefixEquals` set to `docs/` and in the `redirect` set `replaceKeyPrefixWith` to `/documents`. */ replaceKeyPrefixWith?: pulumi.Input; /** * Specific object key to use in the redirect request. For example, redirect request to `error.html`. */ replaceKeyWith?: pulumi.Input; } export interface DirectoryBucketLocation { /** * [Availability Zone ID](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#az-ids) or Local Zone ID. */ name: pulumi.Input; /** * Location type. Valid values: `AvailabilityZone`, `LocalZone`. */ type?: pulumi.Input; } export interface InventoryDestination { /** * S3 bucket configuration where inventory results are published (documented below). */ bucket: pulumi.Input; } export interface InventoryDestinationBucket { /** * ID of the account that owns the destination bucket. Recommended to be set to prevent problems if the destination bucket ownership changes. */ accountId?: pulumi.Input; /** * Amazon S3 bucket ARN of the destination. */ bucketArn: pulumi.Input; /** * Contains the type of server-side encryption to use to encrypt the inventory (documented below). */ encryption?: pulumi.Input; /** * Specifies the output format of the inventory results. Can be `CSV`, [`ORC`](https://orc.apache.org/) or [`Parquet`](https://parquet.apache.org/). */ format: pulumi.Input; /** * Prefix that is prepended to all inventory results. */ prefix?: pulumi.Input; } export interface InventoryDestinationBucketEncryption { /** * Specifies to use server-side encryption with AWS KMS-managed keys to encrypt the inventory file (documented below). */ sseKms?: pulumi.Input; /** * Specifies to use server-side encryption with Amazon S3-managed keys (SSE-S3) to encrypt the inventory file. */ sseS3?: pulumi.Input; } export interface InventoryDestinationBucketEncryptionSseKms { /** * ARN of the KMS customer master key (CMK) used to encrypt the inventory file. */ keyId: pulumi.Input; } export interface InventoryDestinationBucketEncryptionSseS3 { } export interface InventoryFilter { /** * Prefix that an object must have to be included in the inventory results. */ prefix?: pulumi.Input; } export interface InventorySchedule { /** * Specifies how frequently inventory results are produced. Valid values: `Daily`, `Weekly`. */ frequency: pulumi.Input; } export interface ObjectCopyGrant { /** * Email address of the grantee. Used only when `type` is `AmazonCustomerByEmail`. */ email?: pulumi.Input; /** * Canonical user ID of the grantee. Used only when `type` is `CanonicalUser`. */ id?: pulumi.Input; /** * List of permissions to grant to grantee. Valid values are `READ`, `READ_ACP`, `WRITE_ACP`, `FULL_CONTROL`. */ permissions: pulumi.Input[]>; /** * Type of grantee. Valid values are `CanonicalUser`, `Group`, and `AmazonCustomerByEmail`. * * This configuration block has the following optional arguments (one of the three is required): */ type: pulumi.Input; /** * URI of the grantee group. Used only when `type` is `Group`. */ uri?: pulumi.Input; } export interface ObjectCopyOverrideProvider { /** * Override the provider `defaultTags` configuration block. */ defaultTags?: pulumi.Input; } export interface ObjectCopyOverrideProviderDefaultTags { /** * Map of tags to assign to the object. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. */ tags?: pulumi.Input<{[key: string]: pulumi.Input}>; } /** * Represents an AWS IAM policy document that defines permissions for AWS resources and actions. */ export interface PolicyDocument { Id?: pulumi.Input; Statement: pulumi.Input[]>; Version: pulumi.Input; } export interface VectorsIndexEncryptionConfiguration { /** * AWS Key Management Service (KMS) customer managed key ID to use for the encryption configuration. This parameter is allowed if and only if `sseType` is set to `aws:kms`. To specify the KMS key, you must use the format of the KMS key Amazon Resource Name (ARN). */ kmsKeyArn: pulumi.Input; /** * Type of encryption to use. Valid values: `AES256`, `aws:kms`. Defaults to `AES256`. */ sseType: pulumi.Input; } export interface VectorsIndexMetadataConfiguration { /** * List of non-filterable metadata keys. */ nonFilterableMetadataKeys: pulumi.Input[]>; } export interface VectorsVectorBucketEncryptionConfiguration { /** * AWS KMS CMK ARN to use for the default encryption of the vector bucket. Allowed if and only if `sseType` is set to `aws:kms`. */ kmsKeyArn: pulumi.Input; /** * Server-side encryption type to use for the default encryption of the vector bucket. Valid values: `AES256`, `aws:kms`. */ sseType: pulumi.Input; } } export namespace s3control { export interface AccessGrantAccessGrantsLocationConfiguration { /** * Sub-prefix. */ s3SubPrefix?: pulumi.Input; } export interface AccessGrantGrantee { /** * Grantee identifier. */ granteeIdentifier: pulumi.Input; /** * Grantee types. Valid values: `DIRECTORY_USER`, `DIRECTORY_GROUP`, `IAM`. */ granteeType: pulumi.Input; } export interface BucketLifecycleConfigurationRule { /** * Configuration block containing settings for abort incomplete multipart upload. */ abortIncompleteMultipartUpload?: pulumi.Input; /** * Configuration block containing settings for expiration of objects. */ expiration?: pulumi.Input; /** * Configuration block containing settings for filtering. */ filter?: pulumi.Input; /** * Unique identifier for the rule. */ id: pulumi.Input; /** * Status of the rule. Valid values: `Enabled` and `Disabled`. Defaults to `Enabled`. */ status?: pulumi.Input; } export interface BucketLifecycleConfigurationRuleAbortIncompleteMultipartUpload { /** * Number of days after which Amazon S3 aborts an incomplete multipart upload. */ daysAfterInitiation: pulumi.Input; } export interface BucketLifecycleConfigurationRuleExpiration { /** * Date the object is to be deleted. Should be in `YYYY-MM-DD` date format, e.g., `2020-09-30`. */ date?: pulumi.Input; /** * Number of days before the object is to be deleted. */ days?: pulumi.Input; /** * Enable to remove a delete marker with no noncurrent versions. Cannot be specified with `date` or `days`. */ expiredObjectDeleteMarker?: pulumi.Input; } export interface BucketLifecycleConfigurationRuleFilter { /** * Object prefix for rule filtering. */ prefix?: pulumi.Input; /** * Key-value map of object tags for rule filtering. */ tags?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface DirectoryBucketAccessPointScopeScope { /** * You can specify a list of API operations as permissions for the access point. */ permissions?: pulumi.Input[]>; /** * You can specify a list of prefixes, but the total length of characters of all prefixes must be less than 256 bytes. * * * For more information on access point scope, see [AWS Documentation](https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-points-directory-buckets-manage-scope.html). */ prefixes?: pulumi.Input[]>; } export interface MultiRegionAccessPointDetails { name: pulumi.Input; publicAccessBlock?: pulumi.Input; /** * Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration. */ regions: pulumi.Input[]>; } export interface MultiRegionAccessPointDetailsPublicAccessBlock { blockPublicAcls?: pulumi.Input; blockPublicPolicy?: pulumi.Input; ignorePublicAcls?: pulumi.Input; restrictPublicBuckets?: pulumi.Input; } export interface MultiRegionAccessPointDetailsRegion { bucket: pulumi.Input; bucketAccountId?: pulumi.Input; /** * Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration. */ region?: pulumi.Input; } export interface MultiRegionAccessPointPolicyDetails { /** * The name of the Multi-Region Access Point. */ name: pulumi.Input; /** * A valid JSON document that specifies the policy that you want to associate with this Multi-Region Access Point. Once applied, the policy can be edited, but not deleted. For more information, see the documentation on [Multi-Region Access Point Permissions](https://docs.aws.amazon.com/AmazonS3/latest/userguide/MultiRegionAccessPointPermissions.html). * * > **NOTE:** When you update the `policy`, the update is first listed as the proposed policy. After the update is finished and all Regions have been updated, the proposed policy is listed as the established policy. If both policies have the same version number, the proposed policy is the established policy. */ policy: pulumi.Input; } export interface ObjectLambdaAccessPointConfiguration { /** * Allowed features. Valid values: `GetObject-Range`, `GetObject-PartNumber`. */ allowedFeatures?: pulumi.Input[]>; /** * Whether or not the CloudWatch metrics configuration is enabled. */ cloudWatchMetricsEnabled?: pulumi.Input; /** * Standard access point associated with the Object Lambda Access Point. */ supportingAccessPoint: pulumi.Input; /** * List of transformation configurations for the Object Lambda Access Point. See Transformation Configuration below for more details. */ transformationConfigurations: pulumi.Input[]>; } export interface ObjectLambdaAccessPointConfigurationTransformationConfiguration { /** * The actions of an Object Lambda Access Point configuration. Valid values: `GetObject`. */ actions: pulumi.Input[]>; /** * The content transformation of an Object Lambda Access Point configuration. See Content Transformation below for more details. */ contentTransformation: pulumi.Input; } export interface ObjectLambdaAccessPointConfigurationTransformationConfigurationContentTransformation { /** * Configuration for an AWS Lambda function. See AWS Lambda below for more details. */ awsLambda: pulumi.Input; } export interface ObjectLambdaAccessPointConfigurationTransformationConfigurationContentTransformationAwsLambda { /** * The Amazon Resource Name (ARN) of the AWS Lambda function. */ functionArn: pulumi.Input; /** * Additional JSON that provides supplemental data to the Lambda function used to transform objects. */ functionPayload?: pulumi.Input; } export interface StorageLensConfigurationStorageLensConfiguration { /** * The account-level configurations of the S3 Storage Lens configuration. See Account Level below for more details. */ accountLevel: pulumi.Input; /** * The Amazon Web Services organization for the S3 Storage Lens configuration. See AWS Org below for more details. */ awsOrg?: pulumi.Input; /** * Properties of S3 Storage Lens metrics export including the destination, schema and format. See Data Export below for more details. */ dataExport?: pulumi.Input; /** * Whether the S3 Storage Lens configuration is enabled. */ enabled: pulumi.Input; /** * What is excluded in this configuration. Conflicts with `include`. See Exclude below for more details. */ exclude?: pulumi.Input; /** * What is included in this configuration. Conflicts with `exclude`. See Include below for more details. */ include?: pulumi.Input; } export interface StorageLensConfigurationStorageLensConfigurationAccountLevel { /** * S3 Storage Lens activity metrics. See Activity Metrics below for more details. */ activityMetrics?: pulumi.Input; /** * Advanced cost-optimization metrics for S3 Storage Lens. See Advanced Cost-Optimization Metrics below for more details. */ advancedCostOptimizationMetrics?: pulumi.Input; /** * Advanced data-protection metrics for S3 Storage Lens. See Advanced Data-Protection Metrics below for more details. */ advancedDataProtectionMetrics?: pulumi.Input; /** * S3 Storage Lens bucket-level configuration. See Bucket Level below for more details. */ bucketLevel: pulumi.Input; /** * Detailed status code metrics for S3 Storage Lens. See Detailed Status Code Metrics below for more details. */ detailedStatusCodeMetrics?: pulumi.Input; } export interface StorageLensConfigurationStorageLensConfigurationAccountLevelActivityMetrics { /** * Whether the activity metrics are enabled. */ enabled?: pulumi.Input; } export interface StorageLensConfigurationStorageLensConfigurationAccountLevelAdvancedCostOptimizationMetrics { /** * Whether advanced cost-optimization metrics are enabled. */ enabled?: pulumi.Input; } export interface StorageLensConfigurationStorageLensConfigurationAccountLevelAdvancedDataProtectionMetrics { /** * Whether advanced data-protection metrics are enabled. */ enabled?: pulumi.Input; } export interface StorageLensConfigurationStorageLensConfigurationAccountLevelBucketLevel { /** * S3 Storage Lens activity metrics. See Activity Metrics above for more details. */ activityMetrics?: pulumi.Input; /** * Advanced cost-optimization metrics for S3 Storage Lens. See Advanced Cost-Optimization Metrics above for more details. */ advancedCostOptimizationMetrics?: pulumi.Input; /** * Advanced data-protection metrics for S3 Storage Lens. See Advanced Data-Protection Metrics above for more details. */ advancedDataProtectionMetrics?: pulumi.Input; /** * Detailed status code metrics for S3 Storage Lens. See Detailed Status Code Metrics above for more details. */ detailedStatusCodeMetrics?: pulumi.Input; /** * Prefix-level metrics for S3 Storage Lens. See Prefix Level below for more details. */ prefixLevel?: pulumi.Input; } export interface StorageLensConfigurationStorageLensConfigurationAccountLevelBucketLevelActivityMetrics { /** * Whether the activity metrics are enabled. */ enabled?: pulumi.Input; } export interface StorageLensConfigurationStorageLensConfigurationAccountLevelBucketLevelAdvancedCostOptimizationMetrics { /** * Whether advanced cost-optimization metrics are enabled. */ enabled?: pulumi.Input; } export interface StorageLensConfigurationStorageLensConfigurationAccountLevelBucketLevelAdvancedDataProtectionMetrics { /** * Whether advanced data-protection metrics are enabled. */ enabled?: pulumi.Input; } export interface StorageLensConfigurationStorageLensConfigurationAccountLevelBucketLevelDetailedStatusCodeMetrics { /** * Whether detailed status code metrics are enabled. */ enabled?: pulumi.Input; } export interface StorageLensConfigurationStorageLensConfigurationAccountLevelBucketLevelPrefixLevel { /** * Prefix-level storage metrics for S3 Storage Lens. See Prefix Level Storage Metrics below for more details. */ storageMetrics: pulumi.Input; } export interface StorageLensConfigurationStorageLensConfigurationAccountLevelBucketLevelPrefixLevelStorageMetrics { /** * Whether prefix-level storage metrics are enabled. */ enabled?: pulumi.Input; /** * Selection criteria. See Selection Criteria below for more details. */ selectionCriteria?: pulumi.Input; } export interface StorageLensConfigurationStorageLensConfigurationAccountLevelBucketLevelPrefixLevelStorageMetricsSelectionCriteria { /** * The delimiter of the selection criteria being used. */ delimiter?: pulumi.Input; /** * The max depth of the selection criteria. */ maxDepth?: pulumi.Input; /** * The minimum number of storage bytes percentage whose metrics will be selected. */ minStorageBytesPercentage?: pulumi.Input; } export interface StorageLensConfigurationStorageLensConfigurationAccountLevelDetailedStatusCodeMetrics { /** * Whether detailed status code metrics are enabled. */ enabled?: pulumi.Input; } export interface StorageLensConfigurationStorageLensConfigurationAwsOrg { /** * The Amazon Resource Name (ARN) of the Amazon Web Services organization. */ arn: pulumi.Input; } export interface StorageLensConfigurationStorageLensConfigurationDataExport { /** * Amazon CloudWatch publishing for S3 Storage Lens metrics. See Cloud Watch Metrics below for more details. */ cloudWatchMetrics?: pulumi.Input; /** * The bucket where the S3 Storage Lens metrics export will be located. See S3 Bucket Destination below for more details. */ s3BucketDestination?: pulumi.Input; } export interface StorageLensConfigurationStorageLensConfigurationDataExportCloudWatchMetrics { /** * Whether CloudWatch publishing for S3 Storage Lens metrics is enabled. */ enabled: pulumi.Input; } export interface StorageLensConfigurationStorageLensConfigurationDataExportS3BucketDestination { /** * The account ID of the owner of the S3 Storage Lens metrics export bucket. */ accountId: pulumi.Input; /** * The Amazon Resource Name (ARN) of the bucket. */ arn: pulumi.Input; /** * Encryption of the metrics exports in this bucket. See Encryption below for more details. */ encryption?: pulumi.Input; /** * The export format. Valid values: `CSV`, `Parquet`. */ format: pulumi.Input; /** * The schema version of the export file. Valid values: `V_1`. */ outputSchemaVersion: pulumi.Input; /** * The prefix of the destination bucket where the metrics export will be delivered. */ prefix?: pulumi.Input; } export interface StorageLensConfigurationStorageLensConfigurationDataExportS3BucketDestinationEncryption { /** * SSE-KMS encryption. See SSE KMS below for more details. */ sseKms?: pulumi.Input; /** * SSE-S3 encryption. An empty configuration block `{}` should be used. */ sseS3s?: pulumi.Input[]>; } export interface StorageLensConfigurationStorageLensConfigurationDataExportS3BucketDestinationEncryptionSseKms { /** * KMS key ARN. */ keyId: pulumi.Input; } export interface StorageLensConfigurationStorageLensConfigurationDataExportS3BucketDestinationEncryptionSseS3 { } export interface StorageLensConfigurationStorageLensConfigurationExclude { /** * List of S3 bucket ARNs. */ buckets?: pulumi.Input[]>; /** * List of AWS Regions. */ regions?: pulumi.Input[]>; } export interface StorageLensConfigurationStorageLensConfigurationInclude { /** * List of S3 bucket ARNs. */ buckets?: pulumi.Input[]>; /** * List of AWS Regions. */ regions?: pulumi.Input[]>; } } export namespace s3outposts { export interface EndpointNetworkInterface { /** * Identifier of the Elastic Network Interface (ENI). */ networkInterfaceId?: pulumi.Input; } } export namespace s3tables { export interface TableBucketEncryptionConfiguration { /** * The ARN of a KMS Key to be used with `aws:kms` `sseAlgorithm` */ kmsKeyArn: pulumi.Input; /** * One of `aws:kms` or `AES256` */ sseAlgorithm: pulumi.Input; } export interface TableBucketMaintenanceConfiguration { /** * A single Iceberg unreferenced file removal settings object. * See `icebergUnreferencedFileRemoval` below. */ icebergUnreferencedFileRemoval: pulumi.Input; } export interface TableBucketMaintenanceConfigurationIcebergUnreferencedFileRemoval { /** * Settings object for unreferenced file removal. * See `iceberg_unreferenced_file_removal.settings` below. */ settings: pulumi.Input; /** * Whether the configuration is enabled. * Valid values are `enabled` and `disabled`. */ status: pulumi.Input; } export interface TableBucketMaintenanceConfigurationIcebergUnreferencedFileRemovalSettings { /** * Data objects marked for deletion are deleted after this many days. * Must be at least `1`. */ nonCurrentDays: pulumi.Input; /** * Unreferenced data objects are marked for deletion after this many days. * Must be at least `1`. */ unreferencedDays: pulumi.Input; } export interface TableBucketReplicationRule { /** * Replication destination. See Destination below for more details. */ destinations: pulumi.Input[]>; } export interface TableBucketReplicationRuleDestination { /** * ARN of destination table bucket to replicate source tables to. */ destinationTableBucketArn: pulumi.Input; } export interface TableEncryptionConfiguration { /** * The ARN of a KMS Key to be used with `aws:kms` `sseAlgorithm` */ kmsKeyArn: pulumi.Input; /** * One of `aws:kms` or `AES256` */ sseAlgorithm: pulumi.Input; } export interface TableMaintenanceConfiguration { /** * A single Iceberg compaction settings object. * See `icebergCompaction` below. */ icebergCompaction: pulumi.Input; /** * A single Iceberg snapshot management settings object. * See `icebergSnapshotManagement` below. */ icebergSnapshotManagement: pulumi.Input; } export interface TableMaintenanceConfigurationIcebergCompaction { /** * Settings object for compaction. * See `iceberg_compaction.settings` below. */ settings: pulumi.Input; /** * Whether the configuration is enabled. * Valid values are `enabled` and `disabled`. */ status: pulumi.Input; } export interface TableMaintenanceConfigurationIcebergCompactionSettings { /** * Data objects smaller than this size may be combined with others to improve query performance. * Must be between `64` and `512`. */ targetFileSizeMb: pulumi.Input; } export interface TableMaintenanceConfigurationIcebergSnapshotManagement { /** * Settings object for snapshot management. * See `iceberg_snapshot_management.settings` below. */ settings: pulumi.Input; /** * Whether the configuration is enabled. * Valid values are `enabled` and `disabled`. */ status: pulumi.Input; } export interface TableMaintenanceConfigurationIcebergSnapshotManagementSettings { /** * Snapshots older than this will be marked for deletiion. * Must be at least `1`. */ maxSnapshotAgeHours: pulumi.Input; /** * Minimum number of snapshots to keep. * Must be at least `1`. */ minSnapshotsToKeep: pulumi.Input; } export interface TableMetadata { /** * Contains details about the metadata for an Iceberg table. This block defines the schema structure for the Apache Iceberg table format. * See `iceberg` below. */ iceberg: pulumi.Input; } export interface TableMetadataIceberg { /** * Schema configuration for the Iceberg table. * See `schema` below. */ schema: pulumi.Input; } export interface TableMetadataIcebergSchema { /** * List of schema fields for the Iceberg table. Each field defines a column in the table schema. * See `field` below. */ fields: pulumi.Input[]>; } export interface TableMetadataIcebergSchemaField { /** * The name of the field. */ name: pulumi.Input; /** * A Boolean value that specifies whether values are required for each row in this field. Defaults to `false`. */ required?: pulumi.Input; /** * The field type. S3 Tables supports all Apache Iceberg primitive types including: `boolean`, `int`, `long`, `float`, `double`, `decimal(precision,scale)`, `date`, `time`, `timestamp`, `timestamptz`, `string`, `uuid`, `fixed(length)`, `binary`. */ type: pulumi.Input; } export interface TableReplicationRule { /** * Replication destination. See Destination below for more details. */ destinations: pulumi.Input[]>; } export interface TableReplicationRuleDestination { /** * ARN of destination table bucket to replicate source tables to. */ destinationTableBucketArn: pulumi.Input; } } export namespace sagemaker { export interface AppImageConfigCodeEditorAppImageConfig { /** * The configuration used to run the application image container. See Container Config details below. */ containerConfig?: pulumi.Input; /** * The URL where the Git repository is located. See File System Config details below. */ fileSystemConfig?: pulumi.Input; } export interface AppImageConfigCodeEditorAppImageConfigContainerConfig { /** * The arguments for the container when you're running the application. */ containerArguments?: pulumi.Input[]>; /** * The entrypoint used to run the application in the container. */ containerEntrypoints?: pulumi.Input[]>; /** * The environment variables to set in the container. */ containerEnvironmentVariables?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface AppImageConfigCodeEditorAppImageConfigFileSystemConfig { /** * The default POSIX group ID (GID). If not specified, defaults to `100`. Valid values are `0` and `100`. */ defaultGid?: pulumi.Input; /** * The default POSIX user ID (UID). If not specified, defaults to `1000`. Valid values are `0` and `1000`. */ defaultUid?: pulumi.Input; /** * The path within the image to mount the user's EFS home directory. The directory should be empty. If not specified, defaults to `/home/sagemaker-user`. * * > **Note:** When specifying `defaultGid` and `defaultUid`, Valid value pairs are [`0`, `0`] and [`100`, `1000`]. */ mountPath?: pulumi.Input; } export interface AppImageConfigJupyterLabImageConfig { /** * The configuration used to run the application image container. See Container Config details below. */ containerConfig?: pulumi.Input; /** * The URL where the Git repository is located. See File System Config details below. */ fileSystemConfig?: pulumi.Input; } export interface AppImageConfigJupyterLabImageConfigContainerConfig { /** * The arguments for the container when you're running the application. */ containerArguments?: pulumi.Input[]>; /** * The entrypoint used to run the application in the container. */ containerEntrypoints?: pulumi.Input[]>; /** * The environment variables to set in the container. */ containerEnvironmentVariables?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface AppImageConfigJupyterLabImageConfigFileSystemConfig { /** * The default POSIX group ID (GID). If not specified, defaults to `100`. Valid values are `0` and `100`. */ defaultGid?: pulumi.Input; /** * The default POSIX user ID (UID). If not specified, defaults to `1000`. Valid values are `0` and `1000`. */ defaultUid?: pulumi.Input; /** * The path within the image to mount the user's EFS home directory. The directory should be empty. If not specified, defaults to `/home/sagemaker-user`. * * > **Note:** When specifying `defaultGid` and `defaultUid`, Valid value pairs are [`0`, `0`] and [`100`, `1000`]. */ mountPath?: pulumi.Input; } export interface AppImageConfigKernelGatewayImageConfig { /** * The URL where the Git repository is located. See File System Config details below. */ fileSystemConfig?: pulumi.Input; /** * The default branch for the Git repository. See Kernel Spec details below. */ kernelSpecs: pulumi.Input[]>; } export interface AppImageConfigKernelGatewayImageConfigFileSystemConfig { /** * The default POSIX group ID (GID). If not specified, defaults to `100`. Valid values are `0` and `100`. */ defaultGid?: pulumi.Input; /** * The default POSIX user ID (UID). If not specified, defaults to `1000`. Valid values are `0` and `1000`. */ defaultUid?: pulumi.Input; /** * The path within the image to mount the user's EFS home directory. The directory should be empty. If not specified, defaults to `/home/sagemaker-user`. * * > **Note:** When specifying `defaultGid` and `defaultUid`, Valid value pairs are [`0`, `0`] and [`100`, `1000`]. */ mountPath?: pulumi.Input; } export interface AppImageConfigKernelGatewayImageConfigKernelSpec { /** * The display name of the kernel. */ displayName?: pulumi.Input; /** * The name of the kernel. */ name: pulumi.Input; } export interface AppResourceSpec { /** * The instance type that the image version runs on. For valid values see [SageMaker AI Instance Types](https://docs.aws.amazon.com/sagemaker/latest/dg/notebooks-available-instance-types.html). */ instanceType?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Lifecycle Configuration attached to the Resource. */ lifecycleConfigArn?: pulumi.Input; /** * The ARN of the SageMaker AI image that the image version belongs to. */ sagemakerImageArn?: pulumi.Input; /** * The SageMaker AI Image Version Alias. */ sagemakerImageVersionAlias?: pulumi.Input; /** * The ARN of the image version created on the instance. */ sagemakerImageVersionArn?: pulumi.Input; } export interface CodeRepositoryGitConfig { /** * The default branch for the Git repository. */ branch?: pulumi.Input; /** * The URL where the Git repository is located. */ repositoryUrl: pulumi.Input; /** * The Amazon Resource Name (ARN) of the AWS Secrets Manager secret that contains the credentials used to access the git repository. The secret must have a staging label of AWSCURRENT and must be in the following format: `{"username": UserName, "password": Password}` */ secretArn?: pulumi.Input; } export interface DataQualityJobDefinitionDataQualityAppSpecification { /** * Sets the environment variables in the container that the monitoring job runs. A list of key value pairs. */ environment?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * The container image that the data quality monitoring job runs. */ imageUri: pulumi.Input; /** * An Amazon S3 URI to a script that is called after analysis has been performed. Applicable only for the built-in (first party) containers. */ postAnalyticsProcessorSourceUri?: pulumi.Input; /** * An Amazon S3 URI to a script that is called per row prior to running analysis. It can base64 decode the payload and convert it into a flatted json so that the built-in container can use the converted data. Applicable only for the built-in (first party) containers. */ recordPreprocessorSourceUri?: pulumi.Input; } export interface DataQualityJobDefinitionDataQualityBaselineConfig { /** * The constraints resource for a monitoring job. Fields are documented below. */ constraintsResource?: pulumi.Input; /** * The statistics resource for a monitoring job. Fields are documented below. */ statisticsResource?: pulumi.Input; } export interface DataQualityJobDefinitionDataQualityBaselineConfigConstraintsResource { /** * The Amazon S3 URI for the constraints resource. */ s3Uri?: pulumi.Input; } export interface DataQualityJobDefinitionDataQualityBaselineConfigStatisticsResource { /** * The Amazon S3 URI for the statistics resource. */ s3Uri?: pulumi.Input; } export interface DataQualityJobDefinitionDataQualityJobInput { /** * Input object for the batch transform job. Fields are documented below. */ batchTransformInput?: pulumi.Input; /** * Input object for the endpoint. Fields are documented below. */ endpointInput?: pulumi.Input; } export interface DataQualityJobDefinitionDataQualityJobInputBatchTransformInput { /** * The Amazon S3 location being used to capture the data. */ dataCapturedDestinationS3Uri: pulumi.Input; /** * The dataset format for your batch transform job. Fields are documented below. */ datasetFormat: pulumi.Input; /** * Path to the filesystem where the batch transform data is available to the container. Defaults to `/opt/ml/processing/input`. */ localPath?: pulumi.Input; /** * Whether input data distributed in Amazon S3 is fully replicated or sharded by an S3 key. Defaults to `FullyReplicated`. Valid values are `FullyReplicated` or `ShardedByS3Key` */ s3DataDistributionType?: pulumi.Input; /** * Whether the `Pipe` or `File` is used as the input mode for transferring data for the monitoring job. `Pipe` mode is recommended for large datasets. `File` mode is useful for small files that fit in memory. Defaults to `File`. Valid values are `Pipe` or `File` */ s3InputMode?: pulumi.Input; } export interface DataQualityJobDefinitionDataQualityJobInputBatchTransformInputDatasetFormat { /** * The CSV dataset used in the monitoring job. Fields are documented below. */ csv?: pulumi.Input; /** * The JSON dataset used in the monitoring job. Fields are documented below. */ json?: pulumi.Input; } export interface DataQualityJobDefinitionDataQualityJobInputBatchTransformInputDatasetFormatCsv { /** * Indicates if the CSV data has a header. */ header?: pulumi.Input; } export interface DataQualityJobDefinitionDataQualityJobInputBatchTransformInputDatasetFormatJson { /** * Indicates if the file should be read as a json object per line. */ line?: pulumi.Input; } export interface DataQualityJobDefinitionDataQualityJobInputEndpointInput { /** * An endpoint in customer's account which has `dataCaptureConfig` enabled. */ endpointName: pulumi.Input; /** * Path to the filesystem where the endpoint data is available to the container. Defaults to `/opt/ml/processing/input`. */ localPath?: pulumi.Input; /** * Whether input data distributed in Amazon S3 is fully replicated or sharded by an S3 key. Defaults to `FullyReplicated`. Valid values are `FullyReplicated` or `ShardedByS3Key` */ s3DataDistributionType?: pulumi.Input; /** * Whether the `Pipe` or `File` is used as the input mode for transferring data for the monitoring job. `Pipe` mode is recommended for large datasets. `File` mode is useful for small files that fit in memory. Defaults to `File`. Valid values are `Pipe` or `File` */ s3InputMode?: pulumi.Input; } export interface DataQualityJobDefinitionDataQualityJobOutputConfig { /** * The AWS Key Management Service (AWS KMS) key that Amazon SageMaker AI uses to encrypt the model artifacts at rest using Amazon S3 server-side encryption. */ kmsKeyId?: pulumi.Input; /** * Monitoring outputs for monitoring jobs. This is where the output of the periodic monitoring jobs is uploaded. Fields are documented below. */ monitoringOutputs: pulumi.Input; } export interface DataQualityJobDefinitionDataQualityJobOutputConfigMonitoringOutputs { /** * The Amazon S3 storage location where the results of a monitoring job are saved. Fields are documented below. */ s3Output: pulumi.Input; } export interface DataQualityJobDefinitionDataQualityJobOutputConfigMonitoringOutputsS3Output { /** * The local path to the Amazon S3 storage location where Amazon SageMaker AI saves the results of a monitoring job. LocalPath is an absolute path for the output data. Defaults to `/opt/ml/processing/output`. */ localPath?: pulumi.Input; /** * Whether to upload the results of the monitoring job continuously or after the job completes. Valid values are `Continuous` or `EndOfJob` */ s3UploadMode?: pulumi.Input; /** * A URI that identifies the Amazon S3 storage location where Amazon SageMaker AI saves the results of a monitoring job. */ s3Uri: pulumi.Input; } export interface DataQualityJobDefinitionJobResources { /** * The configuration for the cluster resources used to run the processing job. Fields are documented below. */ clusterConfig: pulumi.Input; } export interface DataQualityJobDefinitionJobResourcesClusterConfig { /** * The number of ML compute instances to use in the model monitoring job. For distributed processing jobs, specify a value greater than 1. */ instanceCount: pulumi.Input; /** * The ML compute instance type for the processing job. */ instanceType: pulumi.Input; /** * The AWS Key Management Service (AWS KMS) key that Amazon SageMaker AI uses to encrypt data on the storage volume attached to the ML compute instance(s) that run the model monitoring job. */ volumeKmsKeyId?: pulumi.Input; /** * The size of the ML storage volume, in gigabytes, that you want to provision. You must specify sufficient ML storage for your scenario. */ volumeSizeInGb: pulumi.Input; } export interface DataQualityJobDefinitionNetworkConfig { /** * Whether to encrypt all communications between the instances used for the monitoring jobs. Choose `true` to encrypt communications. Encryption provides greater security for distributed jobs, but the processing might take longer. */ enableInterContainerTrafficEncryption?: pulumi.Input; /** * Whether to allow inbound and outbound network calls to and from the containers used for the monitoring job. */ enableNetworkIsolation?: pulumi.Input; /** * Specifies a VPC that your training jobs and hosted models have access to. Control access to and from your training and model containers by configuring the VPC. Fields are documented below. */ vpcConfig?: pulumi.Input; } export interface DataQualityJobDefinitionNetworkConfigVpcConfig { /** * The VPC security group IDs, in the form sg-xxxxxxxx. Specify the security groups for the VPC that is specified in the `subnets` field. */ securityGroupIds: pulumi.Input[]>; /** * The ID of the subnets in the VPC to which you want to connect your training job or model. */ subnets: pulumi.Input[]>; } export interface DataQualityJobDefinitionStoppingCondition { /** * The maximum runtime allowed in seconds. */ maxRuntimeInSeconds?: pulumi.Input; } export interface DeviceDevice { /** * A description for the device. */ description?: pulumi.Input; /** * The name of the device. */ deviceName: pulumi.Input; /** * Amazon Web Services Internet of Things (IoT) object name. */ iotThingName?: pulumi.Input; } export interface DeviceFleetOutputConfig { /** * The AWS Key Management Service (AWS KMS) key that Amazon SageMaker AI uses to encrypt data on the storage volume after compilation job. If you don't provide a KMS key ID, Amazon SageMaker AI uses the default KMS key for Amazon S3 for your role's account. */ kmsKeyId?: pulumi.Input; /** * The Amazon Simple Storage (S3) bucker URI. */ s3OutputLocation: pulumi.Input; } export interface DomainDefaultSpaceSettings { /** * The settings for assigning a custom file system to a user profile. Permitted users can access this file system in Amazon SageMaker AI Studio. See `customFileSystemConfig` Block below. */ customFileSystemConfigs?: pulumi.Input[]>; /** * Details about the POSIX identity that is used for file system operations. See `customPosixUserConfig` Block below. */ customPosixUserConfig?: pulumi.Input; /** * The execution role for the space. */ executionRole: pulumi.Input; /** * The settings for the JupyterLab application. See `jupyterLabAppSettings` Block below. */ jupyterLabAppSettings?: pulumi.Input; /** * The Jupyter server's app settings. See `jupyterServerAppSettings` Block below. */ jupyterServerAppSettings?: pulumi.Input; /** * The kernel gateway app settings. See `kernelGatewayAppSettings` Block below. */ kernelGatewayAppSettings?: pulumi.Input; /** * The security groups for the Amazon Virtual Private Cloud that the space uses for communication. */ securityGroups?: pulumi.Input[]>; /** * The storage settings for a private space. See `spaceStorageSettings` Block below. */ spaceStorageSettings?: pulumi.Input; } export interface DomainDefaultSpaceSettingsCustomFileSystemConfig { /** * The default EBS storage settings for a private space. See `efsFileSystemConfig` Block below. */ efsFileSystemConfig?: pulumi.Input; } export interface DomainDefaultSpaceSettingsCustomFileSystemConfigEfsFileSystemConfig { /** * The ID of your Amazon EFS file system. */ fileSystemId: pulumi.Input; /** * The path to the file system directory that is accessible in Amazon SageMaker AI Studio. Permitted users can access only this directory and below. */ fileSystemPath: pulumi.Input; } export interface DomainDefaultSpaceSettingsCustomPosixUserConfig { /** * The POSIX group ID. */ gid: pulumi.Input; /** * The POSIX user ID. */ uid: pulumi.Input; } export interface DomainDefaultSpaceSettingsJupyterLabAppSettings { /** * Indicates whether idle shutdown is activated for JupyterLab applications. see `appLifecycleManagement` Block below. */ appLifecycleManagement?: pulumi.Input; /** * The lifecycle configuration that runs before the default lifecycle configuration. It can override changes made in the default lifecycle configuration. */ builtInLifecycleConfigArn?: pulumi.Input; /** * A list of Git repositories that SageMaker AI automatically displays to users for cloning in the JupyterServer application. see `codeRepository` Block below. */ codeRepositories?: pulumi.Input[]>; /** * A list of custom SageMaker AI images that are configured to run as a JupyterLab app. see `customImage` Block below. */ customImages?: pulumi.Input[]>; /** * The default instance type and the Amazon Resource Name (ARN) of the SageMaker AI image created on the instance. see `defaultResourceSpec` Block below. */ defaultResourceSpec?: pulumi.Input; /** * The configuration parameters that specify the IAM roles assumed by the execution role of SageMaker AI (assumable roles) and the cluster instances or job execution environments (execution roles or runtime roles) to manage and access resources required for running Amazon EMR clusters or Amazon EMR Serverless applications. see `emrSettings` Block below. */ emrSettings?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Lifecycle Configurations. */ lifecycleConfigArns?: pulumi.Input[]>; } export interface DomainDefaultSpaceSettingsJupyterLabAppSettingsAppLifecycleManagement { /** * Settings related to idle shutdown of Studio applications. see `idleSettings` Block below. */ idleSettings?: pulumi.Input; } export interface DomainDefaultSpaceSettingsJupyterLabAppSettingsAppLifecycleManagementIdleSettings { /** * The time that SageMaker AI waits after the application becomes idle before shutting it down. Valid values are between `60` and `525600`. */ idleTimeoutInMinutes?: pulumi.Input; /** * Indicates whether idle shutdown is activated for the application type. Valid values are `ENABLED` and `DISABLED`. */ lifecycleManagement?: pulumi.Input; /** * The maximum value in minutes that custom idle shutdown can be set to by the user. Valid values are between `60` and `525600`. */ maxIdleTimeoutInMinutes?: pulumi.Input; /** * The minimum value in minutes that custom idle shutdown can be set to by the user. Valid values are between `60` and `525600`. */ minIdleTimeoutInMinutes?: pulumi.Input; } export interface DomainDefaultSpaceSettingsJupyterLabAppSettingsCodeRepository { /** * The URL of the Git repository. */ repositoryUrl: pulumi.Input; } export interface DomainDefaultSpaceSettingsJupyterLabAppSettingsCustomImage { /** * The name of the App Image Config. */ appImageConfigName: pulumi.Input; /** * The name of the Custom Image. */ imageName: pulumi.Input; /** * The version number of the Custom Image. */ imageVersionNumber?: pulumi.Input; } export interface DomainDefaultSpaceSettingsJupyterLabAppSettingsDefaultResourceSpec { /** * The instance type that the image version runs on.. For valid values see [SageMaker AI Instance Types](https://docs.aws.amazon.com/sagemaker/latest/dg/notebooks-available-instance-types.html). */ instanceType?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Lifecycle Configuration attached to the Resource. */ lifecycleConfigArn?: pulumi.Input; /** * The ARN of the SageMaker AI image that the image version belongs to. */ sagemakerImageArn?: pulumi.Input; /** * The SageMaker AI Image Version Alias. */ sagemakerImageVersionAlias?: pulumi.Input; /** * The ARN of the image version created on the instance. */ sagemakerImageVersionArn?: pulumi.Input; } export interface DomainDefaultSpaceSettingsJupyterLabAppSettingsEmrSettings { /** * An array of Amazon Resource Names (ARNs) of the IAM roles that the execution role of SageMaker AI can assume for performing operations or tasks related to Amazon EMR clusters or Amazon EMR Serverless applications. These roles define the permissions and access policies required when performing Amazon EMR-related operations, such as listing, connecting to, or terminating Amazon EMR clusters or Amazon EMR Serverless applications. They are typically used in cross-account access scenarios, where the Amazon EMR resources (clusters or serverless applications) are located in a different AWS account than the SageMaker AI domain. */ assumableRoleArns?: pulumi.Input[]>; /** * An array of Amazon Resource Names (ARNs) of the IAM roles used by the Amazon EMR cluster instances or job execution environments to access other AWS services and resources needed during the runtime of your Amazon EMR or Amazon EMR Serverless workloads, such as Amazon S3 for data access, Amazon CloudWatch for logging, or other AWS services based on the particular workload requirements. */ executionRoleArns?: pulumi.Input[]>; } export interface DomainDefaultSpaceSettingsJupyterServerAppSettings { /** * A list of Git repositories that SageMaker AI automatically displays to users for cloning in the JupyterServer application. see `codeRepository` Block below. */ codeRepositories?: pulumi.Input[]>; /** * The default instance type and the Amazon Resource Name (ARN) of the SageMaker AI image created on the instance. see `defaultResourceSpec` Block below. */ defaultResourceSpec?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Lifecycle Configurations. */ lifecycleConfigArns?: pulumi.Input[]>; } export interface DomainDefaultSpaceSettingsJupyterServerAppSettingsCodeRepository { /** * The URL of the Git repository. */ repositoryUrl: pulumi.Input; } export interface DomainDefaultSpaceSettingsJupyterServerAppSettingsDefaultResourceSpec { /** * The instance type that the image version runs on.. For valid values see [SageMaker AI Instance Types](https://docs.aws.amazon.com/sagemaker/latest/dg/notebooks-available-instance-types.html). */ instanceType?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Lifecycle Configuration attached to the Resource. */ lifecycleConfigArn?: pulumi.Input; /** * The ARN of the SageMaker AI image that the image version belongs to. */ sagemakerImageArn?: pulumi.Input; /** * The SageMaker AI Image Version Alias. */ sagemakerImageVersionAlias?: pulumi.Input; /** * The ARN of the image version created on the instance. */ sagemakerImageVersionArn?: pulumi.Input; } export interface DomainDefaultSpaceSettingsKernelGatewayAppSettings { /** * A list of custom SageMaker AI images that are configured to run as a KernelGateway app. see `customImage` Block below. */ customImages?: pulumi.Input[]>; /** * The default instance type and the Amazon Resource Name (ARN) of the SageMaker AI image created on the instance. see `defaultResourceSpec` Block below. */ defaultResourceSpec?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Lifecycle Configurations. */ lifecycleConfigArns?: pulumi.Input[]>; } export interface DomainDefaultSpaceSettingsKernelGatewayAppSettingsCustomImage { /** * The name of the App Image Config. */ appImageConfigName: pulumi.Input; /** * The name of the Custom Image. */ imageName: pulumi.Input; /** * The version number of the Custom Image. */ imageVersionNumber?: pulumi.Input; } export interface DomainDefaultSpaceSettingsKernelGatewayAppSettingsDefaultResourceSpec { /** * The instance type that the image version runs on.. For valid values see [SageMaker AI Instance Types](https://docs.aws.amazon.com/sagemaker/latest/dg/notebooks-available-instance-types.html). */ instanceType?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Lifecycle Configuration attached to the Resource. */ lifecycleConfigArn?: pulumi.Input; /** * The ARN of the SageMaker AI image that the image version belongs to. */ sagemakerImageArn?: pulumi.Input; /** * The SageMaker AI Image Version Alias. */ sagemakerImageVersionAlias?: pulumi.Input; /** * The ARN of the image version created on the instance. */ sagemakerImageVersionArn?: pulumi.Input; } export interface DomainDefaultSpaceSettingsSpaceStorageSettings { /** * The default EBS storage settings for a private space. See `defaultEbsStorageSettings` Block below. */ defaultEbsStorageSettings?: pulumi.Input; } export interface DomainDefaultSpaceSettingsSpaceStorageSettingsDefaultEbsStorageSettings { /** * The default size of the EBS storage volume for a private space. */ defaultEbsVolumeSizeInGb: pulumi.Input; /** * The maximum size of the EBS storage volume for a private space. */ maximumEbsVolumeSizeInGb: pulumi.Input; } export interface DomainDefaultUserSettings { /** * Indicates whether auto-mounting of an EFS volume is supported for the user profile. The `DefaultAsDomain` value is only supported for user profiles. Do not use the `DefaultAsDomain` value when setting this parameter for a domain. Valid values are: `Enabled`, `Disabled`, and `DefaultAsDomain`. */ autoMountHomeEfs?: pulumi.Input; /** * The Canvas app settings. See `canvasAppSettings` Block below. */ canvasAppSettings?: pulumi.Input; /** * The Code Editor application settings. See `codeEditorAppSettings` Block below. */ codeEditorAppSettings?: pulumi.Input; /** * The settings for assigning a custom file system to a user profile. Permitted users can access this file system in Amazon SageMaker AI Studio. See `customFileSystemConfig` Block below. */ customFileSystemConfigs?: pulumi.Input[]>; /** * Details about the POSIX identity that is used for file system operations. See `customPosixUserConfig` Block below. */ customPosixUserConfig?: pulumi.Input; /** * The default experience that the user is directed to when accessing the domain. The supported values are: `studio::`: Indicates that Studio is the default experience. This value can only be passed if StudioWebPortal is set to ENABLED. `app:JupyterServer:`: Indicates that Studio Classic is the default experience. */ defaultLandingUri?: pulumi.Input; /** * The execution role ARN for the user. */ executionRole: pulumi.Input; /** * The settings for the JupyterLab application. See `jupyterLabAppSettings` Block below. */ jupyterLabAppSettings?: pulumi.Input; /** * The Jupyter server's app settings. See `jupyterServerAppSettings` Block below. */ jupyterServerAppSettings?: pulumi.Input; /** * The kernel gateway app settings. See `kernelGatewayAppSettings` Block below. */ kernelGatewayAppSettings?: pulumi.Input; /** * The RSession app settings. See `rSessionAppSettings` Block below. */ rSessionAppSettings?: pulumi.Input; /** * A collection of settings that configure user interaction with the RStudioServerPro app. See `rStudioServerProAppSettings` Block below. */ rStudioServerProAppSettings?: pulumi.Input; /** * A list of security group IDs that will be attached to the user. */ securityGroups?: pulumi.Input[]>; /** * The sharing settings. See `sharingSettings` Block below. */ sharingSettings?: pulumi.Input; /** * The storage settings for a private space. See `spaceStorageSettings` Block below. */ spaceStorageSettings?: pulumi.Input; /** * Whether the user can access Studio. If this value is set to `DISABLED`, the user cannot access Studio, even if that is the default experience for the domain. Valid values are `ENABLED` and `DISABLED`. */ studioWebPortal?: pulumi.Input; /** * The Studio Web Portal settings. See `studioWebPortalSettings` Block below. */ studioWebPortalSettings?: pulumi.Input; /** * The TensorBoard app settings. See `tensorBoardAppSettings` Block below. */ tensorBoardAppSettings?: pulumi.Input; } export interface DomainDefaultUserSettingsCanvasAppSettings { /** * The model deployment settings for the SageMaker AI Canvas application. See `directDeploySettings` Block below. */ directDeploySettings?: pulumi.Input; /** * The settings for running Amazon EMR Serverless jobs in SageMaker AI Canvas. See `emrServerlessSettings` Block below. */ emrServerlessSettings?: pulumi.Input; generativeAiSettings?: pulumi.Input; /** * The settings for connecting to an external data source with OAuth. See `identityProviderOauthSettings` Block below. */ identityProviderOauthSettings?: pulumi.Input[]>; /** * The settings for document querying. See `kendraSettings` Block below. */ kendraSettings?: pulumi.Input; /** * The model registry settings for the SageMaker AI Canvas application. See `modelRegisterSettings` Block below. */ modelRegisterSettings?: pulumi.Input; /** * Time series forecast settings for the Canvas app. See `timeSeriesForecastingSettings` Block below. */ timeSeriesForecastingSettings?: pulumi.Input; /** * The workspace settings for the SageMaker AI Canvas application. See `workspaceSettings` Block below. */ workspaceSettings?: pulumi.Input; } export interface DomainDefaultUserSettingsCanvasAppSettingsDirectDeploySettings { /** * Describes whether model deployment permissions are enabled or disabled in the Canvas application. Valid values are `ENABLED` and `DISABLED`. */ status?: pulumi.Input; } export interface DomainDefaultUserSettingsCanvasAppSettingsEmrServerlessSettings { /** * The Amazon Resource Name (ARN) of the AWS IAM role that is assumed for running Amazon EMR Serverless jobs in SageMaker AI Canvas. This role should have the necessary permissions to read and write data attached and a trust relationship with EMR Serverless. */ executionRoleArn?: pulumi.Input; /** * Describes whether Amazon EMR Serverless job capabilities are enabled or disabled in the SageMaker AI Canvas application. Valid values are: `ENABLED` and `DISABLED`. */ status?: pulumi.Input; } export interface DomainDefaultUserSettingsCanvasAppSettingsGenerativeAiSettings { amazonBedrockRoleArn?: pulumi.Input; } export interface DomainDefaultUserSettingsCanvasAppSettingsIdentityProviderOauthSetting { /** * The name of the data source that you're connecting to. Canvas currently supports OAuth for Snowflake and Salesforce Data Cloud. Valid values are `SalesforceGenie` and `Snowflake`. */ dataSourceName?: pulumi.Input; /** * The ARN of an Amazon Web Services Secrets Manager secret that stores the credentials from your identity provider, such as the client ID and secret, authorization URL, and token URL. */ secretArn: pulumi.Input; /** * Describes whether OAuth for a data source is enabled or disabled in the Canvas application. Valid values are `ENABLED` and `DISABLED`. */ status?: pulumi.Input; } export interface DomainDefaultUserSettingsCanvasAppSettingsKendraSettings { /** * Describes whether the document querying feature is enabled or disabled in the Canvas application. Valid values are `ENABLED` and `DISABLED`. */ status?: pulumi.Input; } export interface DomainDefaultUserSettingsCanvasAppSettingsModelRegisterSettings { /** * The Amazon Resource Name (ARN) of the SageMaker AI model registry account. Required only to register model versions created by a different SageMaker AI Canvas AWS account than the AWS account in which SageMaker AI model registry is set up. */ crossAccountModelRegisterRoleArn?: pulumi.Input; /** * Describes whether the integration to the model registry is enabled or disabled in the Canvas application. Valid values are `ENABLED` and `DISABLED`. */ status?: pulumi.Input; } export interface DomainDefaultUserSettingsCanvasAppSettingsTimeSeriesForecastingSettings { /** * The IAM role that Canvas passes to Amazon Forecast for time series forecasting. By default, Canvas uses the execution role specified in the UserProfile that launches the Canvas app. If an execution role is not specified in the UserProfile, Canvas uses the execution role specified in the Domain that owns the UserProfile. To allow time series forecasting, this IAM role should have the [AmazonSageMakerCanvasForecastAccess](https://docs.aws.amazon.com/sagemaker/latest/dg/security-iam-awsmanpol-canvas.html#security-iam-awsmanpol-AmazonSageMakerCanvasForecastAccess) policy attached and forecast.amazonaws.com added in the trust relationship as a service principal. */ amazonForecastRoleArn?: pulumi.Input; /** * Describes whether time series forecasting is enabled or disabled in the Canvas app. Valid values are `ENABLED` and `DISABLED`. */ status?: pulumi.Input; } export interface DomainDefaultUserSettingsCanvasAppSettingsWorkspaceSettings { /** * The Amazon S3 bucket used to store artifacts generated by Canvas. Updating the Amazon S3 location impacts existing configuration settings, and Canvas users no longer have access to their artifacts. Canvas users must log out and log back in to apply the new location. */ s3ArtifactPath?: pulumi.Input; /** * The Amazon Web Services Key Management Service (KMS) encryption key ID that is used to encrypt artifacts generated by Canvas in the Amazon S3 bucket. */ s3KmsKeyId?: pulumi.Input; } export interface DomainDefaultUserSettingsCodeEditorAppSettings { /** * Indicates whether idle shutdown is activated for JupyterLab applications. see `appLifecycleManagement` Block below. */ appLifecycleManagement?: pulumi.Input; /** * The lifecycle configuration that runs before the default lifecycle configuration. It can override changes made in the default lifecycle configuration. */ builtInLifecycleConfigArn?: pulumi.Input; /** * A list of custom SageMaker AI images that are configured to run as a CodeEditor app. see `customImage` Block below. */ customImages?: pulumi.Input[]>; /** * The default instance type and the Amazon Resource Name (ARN) of the SageMaker AI image created on the instance. see `defaultResourceSpec` Block below. */ defaultResourceSpec?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Lifecycle Configurations. */ lifecycleConfigArns?: pulumi.Input[]>; } export interface DomainDefaultUserSettingsCodeEditorAppSettingsAppLifecycleManagement { /** * Settings related to idle shutdown of Studio applications. see `idleSettings` Block below. */ idleSettings?: pulumi.Input; } export interface DomainDefaultUserSettingsCodeEditorAppSettingsAppLifecycleManagementIdleSettings { /** * The time that SageMaker AI waits after the application becomes idle before shutting it down. Valid values are between `60` and `525600`. */ idleTimeoutInMinutes?: pulumi.Input; /** * Indicates whether idle shutdown is activated for the application type. Valid values are `ENABLED` and `DISABLED`. */ lifecycleManagement?: pulumi.Input; /** * The maximum value in minutes that custom idle shutdown can be set to by the user. Valid values are between `60` and `525600`. */ maxIdleTimeoutInMinutes?: pulumi.Input; /** * The minimum value in minutes that custom idle shutdown can be set to by the user. Valid values are between `60` and `525600`. */ minIdleTimeoutInMinutes?: pulumi.Input; } export interface DomainDefaultUserSettingsCodeEditorAppSettingsCustomImage { /** * The name of the App Image Config. */ appImageConfigName: pulumi.Input; /** * The name of the Custom Image. */ imageName: pulumi.Input; /** * The version number of the Custom Image. */ imageVersionNumber?: pulumi.Input; } export interface DomainDefaultUserSettingsCodeEditorAppSettingsDefaultResourceSpec { /** * The instance type that the image version runs on.. For valid values see [SageMaker AI Instance Types](https://docs.aws.amazon.com/sagemaker/latest/dg/notebooks-available-instance-types.html). */ instanceType?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Lifecycle Configuration attached to the Resource. */ lifecycleConfigArn?: pulumi.Input; /** * The ARN of the SageMaker AI image that the image version belongs to. */ sagemakerImageArn?: pulumi.Input; /** * The SageMaker AI Image Version Alias. */ sagemakerImageVersionAlias?: pulumi.Input; /** * The ARN of the image version created on the instance. */ sagemakerImageVersionArn?: pulumi.Input; } export interface DomainDefaultUserSettingsCustomFileSystemConfig { /** * The default EBS storage settings for a private space. See `efsFileSystemConfig` Block below. */ efsFileSystemConfig?: pulumi.Input; } export interface DomainDefaultUserSettingsCustomFileSystemConfigEfsFileSystemConfig { /** * The ID of your Amazon EFS file system. */ fileSystemId: pulumi.Input; /** * The path to the file system directory that is accessible in Amazon SageMaker AI Studio. Permitted users can access only this directory and below. */ fileSystemPath: pulumi.Input; } export interface DomainDefaultUserSettingsCustomPosixUserConfig { /** * The POSIX group ID. */ gid: pulumi.Input; /** * The POSIX user ID. */ uid: pulumi.Input; } export interface DomainDefaultUserSettingsJupyterLabAppSettings { /** * Indicates whether idle shutdown is activated for JupyterLab applications. see `appLifecycleManagement` Block below. */ appLifecycleManagement?: pulumi.Input; /** * The lifecycle configuration that runs before the default lifecycle configuration. It can override changes made in the default lifecycle configuration. */ builtInLifecycleConfigArn?: pulumi.Input; /** * A list of Git repositories that SageMaker AI automatically displays to users for cloning in the JupyterServer application. see `codeRepository` Block below. */ codeRepositories?: pulumi.Input[]>; /** * A list of custom SageMaker AI images that are configured to run as a JupyterLab app. see `customImage` Block below. */ customImages?: pulumi.Input[]>; /** * The default instance type and the Amazon Resource Name (ARN) of the SageMaker AI image created on the instance. see `defaultResourceSpec` Block below. */ defaultResourceSpec?: pulumi.Input; /** * The configuration parameters that specify the IAM roles assumed by the execution role of SageMaker AI (assumable roles) and the cluster instances or job execution environments (execution roles or runtime roles) to manage and access resources required for running Amazon EMR clusters or Amazon EMR Serverless applications. see `emrSettings` Block below. */ emrSettings?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Lifecycle Configurations. */ lifecycleConfigArns?: pulumi.Input[]>; } export interface DomainDefaultUserSettingsJupyterLabAppSettingsAppLifecycleManagement { /** * Settings related to idle shutdown of Studio applications. see `idleSettings` Block below. */ idleSettings?: pulumi.Input; } export interface DomainDefaultUserSettingsJupyterLabAppSettingsAppLifecycleManagementIdleSettings { /** * The time that SageMaker AI waits after the application becomes idle before shutting it down. Valid values are between `60` and `525600`. */ idleTimeoutInMinutes?: pulumi.Input; /** * Indicates whether idle shutdown is activated for the application type. Valid values are `ENABLED` and `DISABLED`. */ lifecycleManagement?: pulumi.Input; /** * The maximum value in minutes that custom idle shutdown can be set to by the user. Valid values are between `60` and `525600`. */ maxIdleTimeoutInMinutes?: pulumi.Input; /** * The minimum value in minutes that custom idle shutdown can be set to by the user. Valid values are between `60` and `525600`. */ minIdleTimeoutInMinutes?: pulumi.Input; } export interface DomainDefaultUserSettingsJupyterLabAppSettingsCodeRepository { /** * The URL of the Git repository. */ repositoryUrl: pulumi.Input; } export interface DomainDefaultUserSettingsJupyterLabAppSettingsCustomImage { /** * The name of the App Image Config. */ appImageConfigName: pulumi.Input; /** * The name of the Custom Image. */ imageName: pulumi.Input; /** * The version number of the Custom Image. */ imageVersionNumber?: pulumi.Input; } export interface DomainDefaultUserSettingsJupyterLabAppSettingsDefaultResourceSpec { /** * The instance type that the image version runs on.. For valid values see [SageMaker AI Instance Types](https://docs.aws.amazon.com/sagemaker/latest/dg/notebooks-available-instance-types.html). */ instanceType?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Lifecycle Configuration attached to the Resource. */ lifecycleConfigArn?: pulumi.Input; /** * The ARN of the SageMaker AI image that the image version belongs to. */ sagemakerImageArn?: pulumi.Input; /** * The SageMaker AI Image Version Alias. */ sagemakerImageVersionAlias?: pulumi.Input; /** * The ARN of the image version created on the instance. */ sagemakerImageVersionArn?: pulumi.Input; } export interface DomainDefaultUserSettingsJupyterLabAppSettingsEmrSettings { /** * An array of Amazon Resource Names (ARNs) of the IAM roles that the execution role of SageMaker AI can assume for performing operations or tasks related to Amazon EMR clusters or Amazon EMR Serverless applications. These roles define the permissions and access policies required when performing Amazon EMR-related operations, such as listing, connecting to, or terminating Amazon EMR clusters or Amazon EMR Serverless applications. They are typically used in cross-account access scenarios, where the Amazon EMR resources (clusters or serverless applications) are located in a different AWS account than the SageMaker AI domain. */ assumableRoleArns?: pulumi.Input[]>; /** * An array of Amazon Resource Names (ARNs) of the IAM roles used by the Amazon EMR cluster instances or job execution environments to access other AWS services and resources needed during the runtime of your Amazon EMR or Amazon EMR Serverless workloads, such as Amazon S3 for data access, Amazon CloudWatch for logging, or other AWS services based on the particular workload requirements. */ executionRoleArns?: pulumi.Input[]>; } export interface DomainDefaultUserSettingsJupyterServerAppSettings { /** * A list of Git repositories that SageMaker AI automatically displays to users for cloning in the JupyterServer application. see `codeRepository` Block below. */ codeRepositories?: pulumi.Input[]>; /** * The default instance type and the Amazon Resource Name (ARN) of the SageMaker AI image created on the instance. see `defaultResourceSpec` Block below. */ defaultResourceSpec?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Lifecycle Configurations. */ lifecycleConfigArns?: pulumi.Input[]>; } export interface DomainDefaultUserSettingsJupyterServerAppSettingsCodeRepository { /** * The URL of the Git repository. */ repositoryUrl: pulumi.Input; } export interface DomainDefaultUserSettingsJupyterServerAppSettingsDefaultResourceSpec { /** * The instance type that the image version runs on.. For valid values see [SageMaker AI Instance Types](https://docs.aws.amazon.com/sagemaker/latest/dg/notebooks-available-instance-types.html). */ instanceType?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Lifecycle Configuration attached to the Resource. */ lifecycleConfigArn?: pulumi.Input; /** * The ARN of the SageMaker AI image that the image version belongs to. */ sagemakerImageArn?: pulumi.Input; /** * The SageMaker AI Image Version Alias. */ sagemakerImageVersionAlias?: pulumi.Input; /** * The ARN of the image version created on the instance. */ sagemakerImageVersionArn?: pulumi.Input; } export interface DomainDefaultUserSettingsKernelGatewayAppSettings { /** * A list of custom SageMaker AI images that are configured to run as a KernelGateway app. see `customImage` Block below. */ customImages?: pulumi.Input[]>; /** * The default instance type and the Amazon Resource Name (ARN) of the SageMaker AI image created on the instance. see `defaultResourceSpec` Block below. */ defaultResourceSpec?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Lifecycle Configurations. */ lifecycleConfigArns?: pulumi.Input[]>; } export interface DomainDefaultUserSettingsKernelGatewayAppSettingsCustomImage { /** * The name of the App Image Config. */ appImageConfigName: pulumi.Input; /** * The name of the Custom Image. */ imageName: pulumi.Input; /** * The version number of the Custom Image. */ imageVersionNumber?: pulumi.Input; } export interface DomainDefaultUserSettingsKernelGatewayAppSettingsDefaultResourceSpec { /** * The instance type that the image version runs on.. For valid values see [SageMaker AI Instance Types](https://docs.aws.amazon.com/sagemaker/latest/dg/notebooks-available-instance-types.html). */ instanceType?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Lifecycle Configuration attached to the Resource. */ lifecycleConfigArn?: pulumi.Input; /** * The ARN of the SageMaker AI image that the image version belongs to. */ sagemakerImageArn?: pulumi.Input; /** * The SageMaker AI Image Version Alias. */ sagemakerImageVersionAlias?: pulumi.Input; /** * The ARN of the image version created on the instance. */ sagemakerImageVersionArn?: pulumi.Input; } export interface DomainDefaultUserSettingsRSessionAppSettings { /** * A list of custom SageMaker AI images that are configured to run as a RSession app. see `customImage` Block below. */ customImages?: pulumi.Input[]>; /** * The default instance type and the Amazon Resource Name (ARN) of the SageMaker AI image created on the instance. see `defaultResourceSpec` Block above. */ defaultResourceSpec?: pulumi.Input; } export interface DomainDefaultUserSettingsRSessionAppSettingsCustomImage { /** * The name of the App Image Config. */ appImageConfigName: pulumi.Input; /** * The name of the Custom Image. */ imageName: pulumi.Input; /** * The version number of the Custom Image. */ imageVersionNumber?: pulumi.Input; } export interface DomainDefaultUserSettingsRSessionAppSettingsDefaultResourceSpec { /** * The instance type that the image version runs on.. For valid values see [SageMaker AI Instance Types](https://docs.aws.amazon.com/sagemaker/latest/dg/notebooks-available-instance-types.html). */ instanceType?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Lifecycle Configuration attached to the Resource. */ lifecycleConfigArn?: pulumi.Input; /** * The ARN of the SageMaker AI image that the image version belongs to. */ sagemakerImageArn?: pulumi.Input; /** * The SageMaker AI Image Version Alias. */ sagemakerImageVersionAlias?: pulumi.Input; /** * The ARN of the image version created on the instance. */ sagemakerImageVersionArn?: pulumi.Input; } export interface DomainDefaultUserSettingsRStudioServerProAppSettings { /** * Indicates whether the current user has access to the RStudioServerPro app. Valid values are `ENABLED` and `DISABLED`. */ accessStatus?: pulumi.Input; /** * The level of permissions that the user has within the RStudioServerPro app. This value defaults to `R_STUDIO_USER`. The `R_STUDIO_ADMIN` value allows the user access to the RStudio Administrative Dashboard. Valid values are `R_STUDIO_USER` and `R_STUDIO_ADMIN`. */ userGroup?: pulumi.Input; } export interface DomainDefaultUserSettingsSharingSettings { /** * Whether to include the notebook cell output when sharing the notebook. The default is `Disabled`. Valid values are `Allowed` and `Disabled`. */ notebookOutputOption?: pulumi.Input; /** * When `notebookOutputOption` is Allowed, the AWS Key Management Service (KMS) encryption key ID used to encrypt the notebook cell output in the Amazon S3 bucket. */ s3KmsKeyId?: pulumi.Input; /** * When `notebookOutputOption` is Allowed, the Amazon S3 bucket used to save the notebook cell output. */ s3OutputPath?: pulumi.Input; } export interface DomainDefaultUserSettingsSpaceStorageSettings { /** * The default EBS storage settings for a private space. See `defaultEbsStorageSettings` Block below. */ defaultEbsStorageSettings?: pulumi.Input; } export interface DomainDefaultUserSettingsSpaceStorageSettingsDefaultEbsStorageSettings { /** * The default size of the EBS storage volume for a private space. */ defaultEbsVolumeSizeInGb: pulumi.Input; /** * The maximum size of the EBS storage volume for a private space. */ maximumEbsVolumeSizeInGb: pulumi.Input; } export interface DomainDefaultUserSettingsStudioWebPortalSettings { /** * The Applications supported in Studio that are hidden from the Studio left navigation pane. */ hiddenAppTypes?: pulumi.Input[]>; /** * The instance types you are hiding from the Studio user interface. */ hiddenInstanceTypes?: pulumi.Input[]>; /** * The machine learning tools that are hidden from the Studio left navigation pane. */ hiddenMlTools?: pulumi.Input[]>; } export interface DomainDefaultUserSettingsTensorBoardAppSettings { /** * The default instance type and the Amazon Resource Name (ARN) of the SageMaker AI image created on the instance. see `defaultResourceSpec` Block below. */ defaultResourceSpec?: pulumi.Input; } export interface DomainDefaultUserSettingsTensorBoardAppSettingsDefaultResourceSpec { /** * The instance type that the image version runs on.. For valid values see [SageMaker AI Instance Types](https://docs.aws.amazon.com/sagemaker/latest/dg/notebooks-available-instance-types.html). */ instanceType?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Lifecycle Configuration attached to the Resource. */ lifecycleConfigArn?: pulumi.Input; /** * The ARN of the SageMaker AI image that the image version belongs to. */ sagemakerImageArn?: pulumi.Input; /** * The SageMaker AI Image Version Alias. */ sagemakerImageVersionAlias?: pulumi.Input; /** * The ARN of the image version created on the instance. */ sagemakerImageVersionArn?: pulumi.Input; } export interface DomainDomainSettings { /** * A collection of settings that configure the domain’s Docker interaction. see `dockerSettings` Block below. */ dockerSettings?: pulumi.Input; /** * The configuration for attaching a SageMaker AI user profile name to the execution role as a sts:SourceIdentity key [AWS Docs](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html). Valid values are `USER_PROFILE_NAME` and `DISABLED`. */ executionRoleIdentityConfig?: pulumi.Input; /** * A collection of settings that configure the RStudioServerPro Domain-level app. see `rStudioServerProDomainSettings` Block below. */ rStudioServerProDomainSettings?: pulumi.Input; /** * The security groups for the Amazon Virtual Private Cloud that the Domain uses for communication between Domain-level apps and user apps. */ securityGroupIds?: pulumi.Input[]>; } export interface DomainDomainSettingsDockerSettings { /** * Indicates whether the domain can access Docker. Valid values are `ENABLED` and `DISABLED`. */ enableDockerAccess?: pulumi.Input; /** * The list of Amazon Web Services accounts that are trusted when the domain is created in VPC-only mode. */ vpcOnlyTrustedAccounts?: pulumi.Input[]>; } export interface DomainDomainSettingsRStudioServerProDomainSettings { /** * The default instance type and the Amazon Resource Name (ARN) of the SageMaker AI image created on the instance. see `defaultResourceSpec` Block above. */ defaultResourceSpec?: pulumi.Input; /** * The ARN of the execution role for the RStudioServerPro Domain-level app. */ domainExecutionRoleArn: pulumi.Input; /** * A URL pointing to an RStudio Connect server. */ rStudioConnectUrl?: pulumi.Input; /** * A URL pointing to an RStudio Package Manager server. */ rStudioPackageManagerUrl?: pulumi.Input; } export interface DomainDomainSettingsRStudioServerProDomainSettingsDefaultResourceSpec { /** * The instance type that the image version runs on.. For valid values see [SageMaker AI Instance Types](https://docs.aws.amazon.com/sagemaker/latest/dg/notebooks-available-instance-types.html). */ instanceType?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Lifecycle Configuration attached to the Resource. */ lifecycleConfigArn?: pulumi.Input; /** * The ARN of the SageMaker AI image that the image version belongs to. */ sagemakerImageArn?: pulumi.Input; /** * The SageMaker AI Image Version Alias. */ sagemakerImageVersionAlias?: pulumi.Input; /** * The ARN of the image version created on the instance. */ sagemakerImageVersionArn?: pulumi.Input; } export interface DomainRetentionPolicy { /** * The retention policy for data stored on an Amazon Elastic File System (EFS) volume. Valid values are `Retain` or `Delete`. Default value is `Retain`. */ homeEfsFileSystem?: pulumi.Input; } export interface EndpointConfigurationAsyncInferenceConfig { /** * Configures the behavior of the client used by SageMaker AI to interact with the model container during asynchronous inference. */ clientConfig?: pulumi.Input; /** * Configuration for asynchronous inference invocation outputs. */ outputConfig: pulumi.Input; } export interface EndpointConfigurationAsyncInferenceConfigClientConfig { /** * Maximum number of concurrent requests sent by the SageMaker AI client to the model container. If no value is provided, SageMaker AI will choose an optimal value for you. */ maxConcurrentInvocationsPerInstance?: pulumi.Input; } export interface EndpointConfigurationAsyncInferenceConfigOutputConfig { /** * KMS key that SageMaker AI uses to encrypt the asynchronous inference output in S3. */ kmsKeyId?: pulumi.Input; /** * Configuration for notifications of inference results for asynchronous inference. */ notificationConfig?: pulumi.Input; /** * S3 location to upload failure inference responses to. */ s3FailurePath?: pulumi.Input; /** * S3 location to upload inference responses to. */ s3OutputPath: pulumi.Input; } export interface EndpointConfigurationAsyncInferenceConfigOutputConfigNotificationConfig { /** * SNS topic to post a notification to when inference fails. If no topic is provided, no notification is sent on failure. */ errorTopic?: pulumi.Input; /** * SNS topics where you want the inference response to be included. Valid values are `SUCCESS_NOTIFICATION_TOPIC` and `ERROR_NOTIFICATION_TOPIC`. */ includeInferenceResponseIns?: pulumi.Input[]>; /** * SNS topic to post a notification to when inference completes successfully. If no topic is provided, no notification is sent on success. */ successTopic?: pulumi.Input; } export interface EndpointConfigurationDataCaptureConfig { /** * Content type headers to capture. See `captureContentTypeHeader` below. */ captureContentTypeHeader?: pulumi.Input; /** * What data to capture. Fields are documented below. */ captureOptions: pulumi.Input[]>; /** * URL for S3 location where the captured data is stored. */ destinationS3Uri: pulumi.Input; /** * Flag to enable data capture. Defaults to `false`. */ enableCapture?: pulumi.Input; /** * Portion of data to capture. Should be between 0 and 100. */ initialSamplingPercentage: pulumi.Input; /** * ARN of a KMS key that SageMaker AI uses to encrypt the captured data on S3. */ kmsKeyId?: pulumi.Input; } export interface EndpointConfigurationDataCaptureConfigCaptureContentTypeHeader { /** * CSV content type headers to capture. One of `csvContentTypes` or `jsonContentTypes` is required. */ csvContentTypes?: pulumi.Input[]>; /** * The JSON content type headers to capture. One of `jsonContentTypes` or `csvContentTypes` is required. */ jsonContentTypes?: pulumi.Input[]>; } export interface EndpointConfigurationDataCaptureConfigCaptureOption { /** * Data to be captured. Should be one of `Input`, `Output` or `InputAndOutput`. */ captureMode: pulumi.Input; } export interface EndpointConfigurationProductionVariant { /** * Size of the Elastic Inference (EI) instance to use for the production variant. */ acceleratorType?: pulumi.Input; /** * Timeout value, in seconds, for your inference container to pass health check by SageMaker AI Hosting. For more information about health check, see [How Your Container Should Respond to Health Check (Ping) Requests](https://docs.aws.amazon.com/sagemaker/latest/dg/your-algorithms-inference-code.html#your-algorithms-inference-algo-ping-requests). Valid values between `60` and `3600`. */ containerStartupHealthCheckTimeoutInSeconds?: pulumi.Input; /** * Core dump configuration from the model container when the process crashes. Fields are documented below. */ coreDumpConfig?: pulumi.Input; /** * Whether to turn on native AWS SSM access for a production variant behind an endpoint. By default, SSM access is disabled for all production variants behind endpoints. Ignored if `modelName` is not set (Inference Components endpoint). */ enableSsmAccess?: pulumi.Input; /** * Option from a collection of preconfigured AMI images. Each image is configured by AWS with a set of software and driver versions. AWS optimizes these configurations for different machine learning workloads. */ inferenceAmiVersion?: pulumi.Input; /** * Initial number of instances used for auto-scaling. */ initialInstanceCount?: pulumi.Input; /** * Initial traffic distribution among all of the models that you specify in the endpoint configuration. If unspecified, defaults to `1.0`. Ignored if `modelName` is not set (Inference Components endpoint). */ initialVariantWeight?: pulumi.Input; /** * Type of instance to start. */ instanceType?: pulumi.Input; /** * Control the range in the number of instances that the endpoint provisions as it scales up or down to accommodate traffic. */ managedInstanceScaling?: pulumi.Input; /** * Timeout value, in seconds, to download and extract the model that you want to host from S3 to the individual inference instance associated with this production variant. Valid values between `60` and `3600`. */ modelDataDownloadTimeoutInSeconds?: pulumi.Input; /** * Name of the model to use. Required unless using Inference Components (in which case `executionRoleArn` must be specified at the endpoint configuration level). */ modelName?: pulumi.Input; /** * How the endpoint routes incoming traffic. See routingConfig below. */ routingConfigs?: pulumi.Input[]>; /** * How an endpoint performs asynchronous inference. */ serverlessConfig?: pulumi.Input; /** * Name of the variant. If omitted, the provider will assign a random, unique name. */ variantName?: pulumi.Input; /** * Size, in GB, of the ML storage volume attached to individual inference instance associated with the production variant. Valid values between `1` and `512`. */ volumeSizeInGb?: pulumi.Input; } export interface EndpointConfigurationProductionVariantCoreDumpConfig { /** * S3 bucket to send the core dump to. */ destinationS3Uri: pulumi.Input; /** * KMS key that SageMaker AI uses to encrypt the core dump data at rest using S3 server-side encryption. */ kmsKeyId?: pulumi.Input; } export interface EndpointConfigurationProductionVariantManagedInstanceScaling { /** * Maximum number of instances that the endpoint can provision when it scales up to accommodate an increase in traffic. */ maxInstanceCount?: pulumi.Input; /** * Minimum number of instances that the endpoint must retain when it scales down to accommodate a decrease in traffic. */ minInstanceCount?: pulumi.Input; /** * Whether managed instance scaling is enabled. Valid values are `ENABLED` and `DISABLED`. */ status?: pulumi.Input; } export interface EndpointConfigurationProductionVariantRoutingConfig { /** * How the endpoint routes incoming traffic. Valid values are `LEAST_OUTSTANDING_REQUESTS` and `RANDOM`. `LEAST_OUTSTANDING_REQUESTS` routes requests to the specific instances that have more capacity to process them. `RANDOM` routes each request to a randomly chosen instance. */ routingStrategy: pulumi.Input; } export interface EndpointConfigurationProductionVariantServerlessConfig { /** * Maximum number of concurrent invocations your serverless endpoint can process. Valid values are between `1` and `200`. */ maxConcurrency: pulumi.Input; /** * Memory size of your serverless endpoint. Valid values are in 1 GB increments: `1024` MB, `2048` MB, `3072` MB, `4096` MB, `5120` MB, or `6144` MB. */ memorySizeInMb: pulumi.Input; /** * Amount of provisioned concurrency to allocate for the serverless endpoint. Should be less than or equal to `maxConcurrency`. Valid values are between `1` and `200`. */ provisionedConcurrency?: pulumi.Input; } export interface EndpointConfigurationShadowProductionVariant { /** * Size of the Elastic Inference (EI) instance to use for the production variant. */ acceleratorType?: pulumi.Input; /** * Timeout value, in seconds, for your inference container to pass health check by SageMaker AI Hosting. For more information about health check, see [How Your Container Should Respond to Health Check (Ping) Requests](https://docs.aws.amazon.com/sagemaker/latest/dg/your-algorithms-inference-code.html#your-algorithms-inference-algo-ping-requests). Valid values between `60` and `3600`. */ containerStartupHealthCheckTimeoutInSeconds?: pulumi.Input; /** * Core dump configuration from the model container when the process crashes. Fields are documented below. */ coreDumpConfig?: pulumi.Input; /** * Whether to turn on native AWS SSM access for a production variant behind an endpoint. By default, SSM access is disabled for all production variants behind endpoints. Ignored if `modelName` is not set (Inference Components endpoint). */ enableSsmAccess?: pulumi.Input; /** * Option from a collection of preconfigured AMI images. Each image is configured by AWS with a set of software and driver versions. AWS optimizes these configurations for different machine learning workloads. */ inferenceAmiVersion?: pulumi.Input; /** * Initial number of instances used for auto-scaling. */ initialInstanceCount?: pulumi.Input; /** * Initial traffic distribution among all of the models that you specify in the endpoint configuration. If unspecified, defaults to `1.0`. Ignored if `modelName` is not set (Inference Components endpoint). */ initialVariantWeight?: pulumi.Input; /** * Type of instance to start. */ instanceType?: pulumi.Input; /** * Control the range in the number of instances that the endpoint provisions as it scales up or down to accommodate traffic. */ managedInstanceScaling?: pulumi.Input; /** * Timeout value, in seconds, to download and extract the model that you want to host from S3 to the individual inference instance associated with this production variant. Valid values between `60` and `3600`. */ modelDataDownloadTimeoutInSeconds?: pulumi.Input; /** * Name of the model to use. Required unless using Inference Components (in which case `executionRoleArn` must be specified at the endpoint configuration level). */ modelName?: pulumi.Input; /** * How the endpoint routes incoming traffic. See routingConfig below. */ routingConfigs?: pulumi.Input[]>; /** * How an endpoint performs asynchronous inference. */ serverlessConfig?: pulumi.Input; /** * Name of the variant. If omitted, the provider will assign a random, unique name. */ variantName?: pulumi.Input; /** * Size, in GB, of the ML storage volume attached to individual inference instance associated with the production variant. Valid values between `1` and `512`. */ volumeSizeInGb?: pulumi.Input; } export interface EndpointConfigurationShadowProductionVariantCoreDumpConfig { /** * S3 bucket to send the core dump to. */ destinationS3Uri: pulumi.Input; /** * KMS key that SageMaker AI uses to encrypt the core dump data at rest using S3 server-side encryption. */ kmsKeyId: pulumi.Input; } export interface EndpointConfigurationShadowProductionVariantManagedInstanceScaling { /** * Maximum number of instances that the endpoint can provision when it scales up to accommodate an increase in traffic. */ maxInstanceCount?: pulumi.Input; /** * Minimum number of instances that the endpoint must retain when it scales down to accommodate a decrease in traffic. */ minInstanceCount?: pulumi.Input; /** * Whether managed instance scaling is enabled. Valid values are `ENABLED` and `DISABLED`. */ status?: pulumi.Input; } export interface EndpointConfigurationShadowProductionVariantRoutingConfig { /** * How the endpoint routes incoming traffic. Valid values are `LEAST_OUTSTANDING_REQUESTS` and `RANDOM`. `LEAST_OUTSTANDING_REQUESTS` routes requests to the specific instances that have more capacity to process them. `RANDOM` routes each request to a randomly chosen instance. */ routingStrategy: pulumi.Input; } export interface EndpointConfigurationShadowProductionVariantServerlessConfig { /** * Maximum number of concurrent invocations your serverless endpoint can process. Valid values are between `1` and `200`. */ maxConcurrency: pulumi.Input; /** * Memory size of your serverless endpoint. Valid values are in 1 GB increments: `1024` MB, `2048` MB, `3072` MB, `4096` MB, `5120` MB, or `6144` MB. */ memorySizeInMb: pulumi.Input; /** * Amount of provisioned concurrency to allocate for the serverless endpoint. Should be less than or equal to `maxConcurrency`. Valid values are between `1` and `200`. */ provisionedConcurrency?: pulumi.Input; } export interface EndpointDeploymentConfig { /** * Automatic rollback configuration for handling endpoint deployment failures and recovery. See Auto Rollback Configuration. */ autoRollbackConfiguration?: pulumi.Input; /** * Update policy for a blue/green deployment. If this update policy is specified, SageMaker AI creates a new fleet during the deployment while maintaining the old fleet. SageMaker AI flips traffic to the new fleet according to the specified traffic routing configuration. Only one update policy should be used in the deployment configuration. If no update policy is specified, SageMaker AI uses a blue/green deployment strategy with all at once traffic shifting by default. See Blue Green Update Config. */ blueGreenUpdatePolicy?: pulumi.Input; /** * Specifies a rolling deployment strategy for updating a SageMaker AI endpoint. See Rolling Update Policy. */ rollingUpdatePolicy?: pulumi.Input; } export interface EndpointDeploymentConfigAutoRollbackConfiguration { /** * List of CloudWatch alarms in your account that are configured to monitor metrics on an endpoint. If any alarms are tripped during a deployment, SageMaker AI rolls back the deployment. See Alarms. */ alarms?: pulumi.Input[]>; } export interface EndpointDeploymentConfigAutoRollbackConfigurationAlarm { /** * The name of a CloudWatch alarm in your account. */ alarmName: pulumi.Input; } export interface EndpointDeploymentConfigBlueGreenUpdatePolicy { maximumExecutionTimeoutInSeconds?: pulumi.Input; /** * Additional waiting time in seconds after the completion of an endpoint deployment before terminating the old endpoint fleet. Default is `0`. Valid values are between `0` and `3600`. */ terminationWaitInSeconds?: pulumi.Input; /** * Defines the traffic routing strategy to shift traffic from the old fleet to the new fleet during an endpoint deployment. See Traffic Routing Configuration. */ trafficRoutingConfiguration: pulumi.Input; } export interface EndpointDeploymentConfigBlueGreenUpdatePolicyTrafficRoutingConfiguration { /** * Batch size for the first step to turn on traffic on the new endpoint fleet. Value must be less than or equal to 50% of the variant's total instance count. See Canary Size. */ canarySize?: pulumi.Input; /** * Batch size for each step to turn on traffic on the new endpoint fleet. Value must be 10-50% of the variant's total instance count. See Linear Step Size. */ linearStepSize?: pulumi.Input; /** * Traffic routing strategy type. Valid values are: `ALL_AT_ONCE`, `CANARY`, and `LINEAR`. */ type: pulumi.Input; /** * The waiting time (in seconds) between incremental steps to turn on traffic on the new endpoint fleet. Valid values are between `0` and `3600`. */ waitIntervalInSeconds: pulumi.Input; } export interface EndpointDeploymentConfigBlueGreenUpdatePolicyTrafficRoutingConfigurationCanarySize { /** * Specifies the endpoint capacity type. Valid values are: `INSTANCE_COUNT`, or `CAPACITY_PERCENT`. */ type: pulumi.Input; /** * Defines the capacity size, either as a number of instances or a capacity percentage. */ value: pulumi.Input; } export interface EndpointDeploymentConfigBlueGreenUpdatePolicyTrafficRoutingConfigurationLinearStepSize { /** * Specifies the endpoint capacity type. Valid values are: `INSTANCE_COUNT`, or `CAPACITY_PERCENT`. */ type: pulumi.Input; /** * Defines the capacity size, either as a number of instances or a capacity percentage. */ value: pulumi.Input; } export interface EndpointDeploymentConfigRollingUpdatePolicy { /** * Batch size for each rolling step to provision capacity and turn on traffic on the new endpoint fleet, and terminate capacity on the old endpoint fleet. Value must be between 5% to 50% of the variant's total instance count. See Maximum Batch Size. */ maximumBatchSize: pulumi.Input; /** * The time limit for the total deployment. Exceeding this limit causes a timeout. Valid values are between `600` and `14400`. */ maximumExecutionTimeoutInSeconds?: pulumi.Input; /** * Batch size for rollback to the old endpoint fleet. Each rolling step to provision capacity and turn on traffic on the old endpoint fleet, and terminate capacity on the new endpoint fleet. If this field is absent, the default value will be set to 100% of total capacity which means to bring up the whole capacity of the old fleet at once during rollback. See Rollback Maximum Batch Size. */ rollbackMaximumBatchSize?: pulumi.Input; /** * The length of the baking period, during which SageMaker AI monitors alarms for each batch on the new fleet. Valid values are between `0` and `3600`. */ waitIntervalInSeconds: pulumi.Input; } export interface EndpointDeploymentConfigRollingUpdatePolicyMaximumBatchSize { /** * Specifies the endpoint capacity type. Valid values are: `INSTANCE_COUNT`, or `CAPACITY_PERCENT`. */ type: pulumi.Input; /** * Defines the capacity size, either as a number of instances or a capacity percentage. */ value: pulumi.Input; } export interface EndpointDeploymentConfigRollingUpdatePolicyRollbackMaximumBatchSize { /** * Specifies the endpoint capacity type. Valid values are: `INSTANCE_COUNT`, or `CAPACITY_PERCENT`. */ type: pulumi.Input; /** * Defines the capacity size, either as a number of instances or a capacity percentage. */ value: pulumi.Input; } export interface FeatureGroupFeatureDefinition { collectionConfig?: pulumi.Input; collectionType?: pulumi.Input; /** * The name of a feature. `featureName` cannot be any of the following: `isDeleted`, `writeTime`, `apiInvocationTime`. */ featureName?: pulumi.Input; /** * The value type of a feature. Valid values are `Integral`, `Fractional`, or `String`. */ featureType?: pulumi.Input; } export interface FeatureGroupFeatureDefinitionCollectionConfig { vectorConfig?: pulumi.Input; } export interface FeatureGroupFeatureDefinitionCollectionConfigVectorConfig { dimension?: pulumi.Input; } export interface FeatureGroupOfflineStoreConfig { /** * The meta data of the Glue table that is autogenerated when an OfflineStore is created. See Data Catalog Config Below. */ dataCatalogConfig?: pulumi.Input; /** * Set to `true` to turn Online Store On. */ disableGlueTableCreation?: pulumi.Input; /** * The Amazon Simple Storage (Amazon S3) location of OfflineStore. See S3 Storage Config Below. */ s3StorageConfig: pulumi.Input; /** * Format for the offline store table. Supported formats are `Glue` (Default) and Apache `Iceberg` (https://iceberg.apache.org/). */ tableFormat?: pulumi.Input; } export interface FeatureGroupOfflineStoreConfigDataCatalogConfig { /** * The name of the Glue table catalog. */ catalog?: pulumi.Input; /** * The name of the Glue table database. */ database?: pulumi.Input; /** * The name of the Glue table. */ tableName?: pulumi.Input; } export interface FeatureGroupOfflineStoreConfigS3StorageConfig { /** * The AWS Key Management Service (KMS) key ID of the key used to encrypt any objects written into the OfflineStore S3 location. */ kmsKeyId?: pulumi.Input; /** * The S3 path where offline records are written. */ resolvedOutputS3Uri?: pulumi.Input; /** * The S3 URI, or location in Amazon S3, of OfflineStore. */ s3Uri: pulumi.Input; } export interface FeatureGroupOnlineStoreConfig { /** * Set to `true` to disable the automatic creation of an AWS Glue table when configuring an OfflineStore. */ enableOnlineStore?: pulumi.Input; /** * Security config for at-rest encryption of your OnlineStore. See Security Config Below. */ securityConfig?: pulumi.Input; /** * Option for different tiers of low latency storage for real-time data retrieval. Valid values are `Standard`, or `InMemory`. */ storageType?: pulumi.Input; /** * Time to live duration, where the record is hard deleted after the expiration time is reached; ExpiresAt = EventTime + TtlDuration.. See TTl Duration Below. */ ttlDuration?: pulumi.Input; } export interface FeatureGroupOnlineStoreConfigSecurityConfig { /** * The ID of the AWS Key Management Service (AWS KMS) key that SageMaker AI Feature Store uses to encrypt the Amazon S3 objects at rest using Amazon S3 server-side encryption. */ kmsKeyId?: pulumi.Input; } export interface FeatureGroupOnlineStoreConfigTtlDuration { /** * TtlDuration time unit. Valid values are `Seconds`, `Minutes`, `Hours`, `Days`, or `Weeks`. */ unit?: pulumi.Input; /** * TtlDuration time value. */ value?: pulumi.Input; } export interface FeatureGroupThroughputConfig { provisionedReadCapacityUnits?: pulumi.Input; provisionedWriteCapacityUnits?: pulumi.Input; throughputMode?: pulumi.Input; } export interface FlowDefinitionHumanLoopActivationConfig { /** * defines under what conditions SageMaker AI creates a human loop. See Human Loop Activation Conditions Config details below. */ humanLoopActivationConditionsConfig?: pulumi.Input; } export interface FlowDefinitionHumanLoopActivationConfigHumanLoopActivationConditionsConfig { /** * A JSON expressing use-case specific conditions declaratively. If any condition is matched, atomic tasks are created against the configured work team. For more information about how to structure the JSON, see [JSON Schema for Human Loop Activation Conditions in Amazon Augmented AI](https://docs.aws.amazon.com/sagemaker/latest/dg/a2i-human-fallback-conditions-json-schema.html). */ humanLoopActivationConditions: pulumi.Input; } export interface FlowDefinitionHumanLoopConfig { /** * The Amazon Resource Name (ARN) of the human task user interface. */ humanTaskUiArn: pulumi.Input; /** * Defines the amount of money paid to an Amazon Mechanical Turk worker for each task performed. See Public Workforce Task Price details below. */ publicWorkforceTaskPrice?: pulumi.Input; /** * The length of time that a task remains available for review by human workers. Valid value range between `1` and `864000`. */ taskAvailabilityLifetimeInSeconds?: pulumi.Input; /** * The number of distinct workers who will perform the same task on each object. Valid value range between `1` and `3`. */ taskCount: pulumi.Input; /** * A description for the human worker task. */ taskDescription: pulumi.Input; /** * An array of keywords used to describe the task so that workers can discover the task. */ taskKeywords?: pulumi.Input[]>; /** * The amount of time that a worker has to complete a task. The default value is `3600` seconds. */ taskTimeLimitInSeconds?: pulumi.Input; /** * A title for the human worker task. */ taskTitle: pulumi.Input; /** * The Amazon Resource Name (ARN) of the human task user interface. Amazon Resource Name (ARN) of a team of workers. For Public workforces see [AWS Docs](https://docs.aws.amazon.com/sagemaker/latest/dg/sms-workforce-management-public.html). */ workteamArn: pulumi.Input; } export interface FlowDefinitionHumanLoopConfigPublicWorkforceTaskPrice { /** * Defines the amount of money paid to an Amazon Mechanical Turk worker in United States dollars. See Amount In Usd details below. */ amountInUsd?: pulumi.Input; } export interface FlowDefinitionHumanLoopConfigPublicWorkforceTaskPriceAmountInUsd { /** * The fractional portion, in cents, of the amount. Valid value range between `0` and `99`. */ cents?: pulumi.Input; /** * The whole number of dollars in the amount. Valid value range between `0` and `2`. */ dollars?: pulumi.Input; /** * Fractions of a cent, in tenths. Valid value range between `0` and `9`. */ tenthFractionsOfACent?: pulumi.Input; } export interface FlowDefinitionHumanLoopRequestSource { /** * Specifies whether Amazon Rekognition or Amazon Textract are used as the integration source. Valid values are: `AWS/Rekognition/DetectModerationLabels/Image/V3` and `AWS/Textract/AnalyzeDocument/Forms/V1`. */ awsManagedHumanLoopRequestSource: pulumi.Input; } export interface FlowDefinitionOutputConfig { /** * The Amazon Key Management Service (KMS) key ARN for server-side encryption. */ kmsKeyId?: pulumi.Input; /** * The Amazon S3 path where the object containing human output will be made available. */ s3OutputPath: pulumi.Input; } export interface HubS3StorageConfig { /** * The Amazon S3 bucket prefix for hosting hub content.interface. */ s3OutputPath?: pulumi.Input; } export interface HumanTaskUIUiTemplate { /** * The content of the Liquid template for the worker user interface. */ content?: pulumi.Input; /** * The SHA-256 digest of the contents of the template. */ contentSha256?: pulumi.Input; /** * The URL for the user interface template. */ url?: pulumi.Input; } export interface LabelingJobHumanTaskConfig { /** * How labels are consolidated across human workers. Fields are documented below. */ annotationConsolidationConfig?: pulumi.Input; /** * Maximum number of data objects that can be labeled by human workers at the same time. */ maxConcurrentTaskCount?: pulumi.Input; /** * Number of human workers that will label an object. */ numberOfHumanWorkersPerDataObject: pulumi.Input; /** * ARN of a Lambda function that is run before a data object is sent to a human worker. */ preHumanTaskLambdaArn?: pulumi.Input; /** * Price to pay for each task performed by an Amazon Mechanical Turk worker. Fields are documented below. */ publicWorkforceTaskPrice?: pulumi.Input; /** * length of time that a task remains available for labeling by human workers. */ taskAvailabilityLifetimeInSeconds?: pulumi.Input; /** * Description of the task. */ taskDescription: pulumi.Input; /** * Keywords used to describe the task. */ taskKeywords?: pulumi.Input[]>; /** * Amount of time that a worker has to complete a task. */ taskTimeLimitInSeconds: pulumi.Input; /** * Title for the task. */ taskTitle: pulumi.Input; /** * Information about the user interface that workers use to complete the labeling task. Fields are documented below. */ uiConfig: pulumi.Input; /** * ARN of the work team assigned to complete the tasks. */ workteamArn: pulumi.Input; } export interface LabelingJobHumanTaskConfigAnnotationConsolidationConfig { /** * ARN of a Lambda function that implements the logic for annotation consolidation and to process output data. */ annotationConsolidationLambdaArn: pulumi.Input; } export interface LabelingJobHumanTaskConfigPublicWorkforceTaskPrice { /** * Amount of money paid to an Amazon Mechanical Turk worker in United States dollars. Fields are documented below. */ amountInUsd?: pulumi.Input; } export interface LabelingJobHumanTaskConfigPublicWorkforceTaskPriceAmountInUsd { /** * Fractional portion, in cents, of the amount. */ cents?: pulumi.Input; /** * Whole number of dollars in the amount. */ dollars?: pulumi.Input; /** * Fractions of a cent, in tenths. */ tenthFractionsOfACent?: pulumi.Input; } export interface LabelingJobHumanTaskConfigUiConfig { /** * ARN of the worker task template used to render the worker UI and tools for labeling job tasks. */ humanTaskUiArn?: pulumi.Input; /** * S3 bucket location of the UI template, or worker task template. */ uiTemplateS3Uri?: pulumi.Input; } export interface LabelingJobInputConfig { /** * Attributes of the data. Fields are documented below. */ dataAttributes?: pulumi.Input; /** * Location of the input data.. Fields are documented below. */ dataSource: pulumi.Input; } export interface LabelingJobInputConfigDataAttributes { /** * Declares that your content is free of personally identifiable information or adult content. Valid values: `FreeOfPersonallyIdentifiableInformation`, `FreeOfAdultContent`. */ contentClassifiers?: pulumi.Input[]>; } export interface LabelingJobInputConfigDataSource { /** * S3 location of the input data objects.. Fields are documented below. */ s3DataSource?: pulumi.Input; /** * SNS data source used for streaming labeling jobs. Fields are documented below. */ snsDataSource?: pulumi.Input; } export interface LabelingJobInputConfigDataSourceS3DataSource { /** * S3 location of the manifest file that describes the input data objects. */ manifestS3Uri: pulumi.Input; } export interface LabelingJobInputConfigDataSourceSnsDataSource { /** * SNS input topic ARN. */ snsTopicArn: pulumi.Input; } export interface LabelingJobLabelCounter { /** * Total number of objects that could not be labeled due to an error. */ failedNonRetryableError: pulumi.Input; /** * Total number of objects labeled by a human worker. */ humanLabeled: pulumi.Input; /** * Total number of objects labeled by automated data labeling. */ machineLabeled: pulumi.Input; /** * Total number of objects labeled. */ totalLabeled: pulumi.Input; /** * Total number of objects not yet labeled. */ unlabeled: pulumi.Input; } export interface LabelingJobLabelingJobAlgorithmsConfig { /** * ARN of the final model used for auto-labeling. */ initialActiveLearningModelArn?: pulumi.Input; /** * ARN of the algorithm used for auto-labeling. */ labelingJobAlgorithmSpecificationArn: pulumi.Input; /** * Configuration information for the labeling job. Fields are documented below. */ labelingJobResourceConfig?: pulumi.Input; } export interface LabelingJobLabelingJobAlgorithmsConfigLabelingJobResourceConfig { /** * ID of the key that Amazon SageMaker uses to encrypt data on the storage volume attached to the ML compute instance(s) that run the training and inference jobs used for automated data labeling. */ volumeKmsKeyId?: pulumi.Input; /** * VPC that SageMaker jobs, hosted models, and compute resources have access to. Fields are documented below. */ vpcConfig?: pulumi.Input; } export interface LabelingJobLabelingJobAlgorithmsConfigLabelingJobResourceConfigVpcConfig { /** * VPC security group IDs. */ securityGroupIds: pulumi.Input[]>; /** * IDs of the subnets in the VPC to which to connect the training job. Fields are documented below. */ subnets: pulumi.Input[]>; } export interface LabelingJobOutputConfig { /** * ID of the key used to encrypt the output data. */ kmsKeyId?: pulumi.Input; /** * S3 location to write output data. */ s3OutputPath: pulumi.Input; /** * SNS output topic ARN. */ snsTopicArn?: pulumi.Input; } export interface LabelingJobStoppingCondition { /** * Maximum number of objects that can be labeled by human workers. */ maxHumanLabeledObjectCount: pulumi.Input; /** * Maximum number of input data objects that should be labeled. */ maxPercentageOfInputDatasetLabeled: pulumi.Input; } export interface ModelCardExportJobExportArtifact { /** * Amazon S3 URI of the exported model artifacts. */ s3ExportArtifacts: pulumi.Input; } export interface ModelCardExportJobOutputConfig { /** * Amazon S3 output path. */ s3OutputPath: pulumi.Input; } export interface ModelCardExportJobTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; } export interface ModelCardSecurityConfig { /** * KMS key ARN. */ kmsKeyId: pulumi.Input; } export interface ModelCardTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; } export interface ModelContainer { /** * Additional data sources that are available to the model in addition to those specified in `modelDataSource`. See Additional Model Data Source. */ additionalModelDataSources?: pulumi.Input[]>; /** * DNS host name for the container. */ containerHostname?: pulumi.Input; /** * Environment variables for the Docker container. */ environment?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Registry path where the inference code image is stored in Amazon ECR. */ image?: pulumi.Input; /** * Specifies whether the model container is in Amazon ECR or a private Docker registry accessible from your Amazon Virtual Private Cloud (VPC). For more information see [Using a Private Docker Registry for Real-Time Inference Containers](https://docs.aws.amazon.com/sagemaker/latest/dg/your-algorithms-containers-inference-private.html). see Image Config. */ imageConfig?: pulumi.Input; /** * Inference specification name in the model package version. */ inferenceSpecificationName?: pulumi.Input; /** * Container hosts value. Allowed values are: `SingleModel` and `MultiModel`. The default value is `SingleModel`. */ mode?: pulumi.Input; /** * Location of model data to deploy. Use this for uncompressed model deployment. For information about how to deploy an uncompressed model, see [Deploying uncompressed models](https://docs.aws.amazon.com/sagemaker/latest/dg/large-model-inference-uncompressed.html) in the _AWS SageMaker AI Developer Guide_. */ modelDataSource?: pulumi.Input; /** * URL for the S3 location where model artifacts are stored. */ modelDataUrl?: pulumi.Input; /** * Amazon Resource Name (ARN) of the model package to use to create the model. * A list of key value pairs. */ modelPackageName?: pulumi.Input; /** * Specifies additional configuration for multi-model endpoints. see Multi Model Config. */ multiModelConfig?: pulumi.Input; } export interface ModelContainerAdditionalModelDataSource { /** * Custom name for the additional model data source object. It will be stored in `/opt/ml/additional-model-data-sources//`. */ channelName: pulumi.Input; /** * S3 location of model data to deploy. See S3 Data Source. */ s3DataSources: pulumi.Input[]>; } export interface ModelContainerAdditionalModelDataSourceS3DataSource { /** * How the model data is prepared. Allowed values are: `None` and `Gzip`. */ compressionType: pulumi.Input; /** * Specifies the access configuration file for the ML model. You can explicitly accept the model end-user license agreement (EULA) within the [`modelAccessConfig` configuration block]. See Model Access Config. */ modelAccessConfig?: pulumi.Input; /** * Type of model data to deploy. Allowed values are: `S3Object` and `S3Prefix`. */ s3DataType: pulumi.Input; /** * The S3 path of model data to deploy. */ s3Uri: pulumi.Input; } export interface ModelContainerAdditionalModelDataSourceS3DataSourceModelAccessConfig { /** * Specifies agreement to the model end-user license agreement (EULA). The value must be set to `true` in order to accept the EULA that this model requires. You are responsible for reviewing and complying with any applicable license terms and making sure they are acceptable for your use case before downloading or using a model. */ acceptEula: pulumi.Input; } export interface ModelContainerImageConfig { /** * Specifies whether the model container is in Amazon ECR or a private Docker registry accessible from your Amazon Virtual Private Cloud (VPC). Allowed values are: `Platform` and `Vpc`. */ repositoryAccessMode: pulumi.Input; /** * Specifies an authentication configuration for the private docker registry where your model image is hosted. Specify a value for this property only if you specified Vpc as the value for the RepositoryAccessMode field, and the private Docker registry where the model image is hosted requires authentication. see Repository Auth Config. */ repositoryAuthConfig?: pulumi.Input; } export interface ModelContainerImageConfigRepositoryAuthConfig { /** * Amazon Resource Name (ARN) of an AWS Lambda function that provides credentials to authenticate to the private Docker registry where your model image is hosted. For information about how to create an AWS Lambda function, see [Create a Lambda function with the console](https://docs.aws.amazon.com/lambda/latest/dg/getting-started-create-function.html) in the _AWS Lambda Developer Guide_. */ repositoryCredentialsProviderArn: pulumi.Input; } export interface ModelContainerModelDataSource { /** * S3 location of model data to deploy. See S3 Data Source. */ s3DataSources: pulumi.Input[]>; } export interface ModelContainerModelDataSourceS3DataSource { /** * How the model data is prepared. Allowed values are: `None` and `Gzip`. */ compressionType: pulumi.Input; /** * Specifies the access configuration file for the ML model. You can explicitly accept the model end-user license agreement (EULA) within the [`modelAccessConfig` configuration block]. See Model Access Config. */ modelAccessConfig?: pulumi.Input; /** * Type of model data to deploy. Allowed values are: `S3Object` and `S3Prefix`. */ s3DataType: pulumi.Input; /** * The S3 path of model data to deploy. */ s3Uri: pulumi.Input; } export interface ModelContainerModelDataSourceS3DataSourceModelAccessConfig { /** * Specifies agreement to the model end-user license agreement (EULA). The value must be set to `true` in order to accept the EULA that this model requires. You are responsible for reviewing and complying with any applicable license terms and making sure they are acceptable for your use case before downloading or using a model. */ acceptEula: pulumi.Input; } export interface ModelContainerMultiModelConfig { /** * Whether to cache models for a multi-model endpoint. By default, multi-model endpoints cache models so that a model does not have to be loaded into memory each time it is invoked. Some use cases do not benefit from model caching. For example, if an endpoint hosts a large number of models that are each invoked infrequently, the endpoint might perform better if you disable model caching. To disable model caching, set the value of this parameter to `Disabled`. Allowed values are: `Enabled` and `Disabled`. */ modelCacheSetting?: pulumi.Input; } export interface ModelInferenceExecutionConfig { /** * How containers in a multi-container are run. Allowed values are: `Serial` and `Direct`. */ mode: pulumi.Input; } export interface ModelPrimaryContainer { /** * Additional data sources that are available to the model in addition to those specified in `modelDataSource`. See Additional Model Data Source. */ additionalModelDataSources?: pulumi.Input[]>; /** * DNS host name for the container. */ containerHostname?: pulumi.Input; /** * Environment variables for the Docker container. */ environment?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Registry path where the inference code image is stored in Amazon ECR. */ image?: pulumi.Input; /** * Specifies whether the model container is in Amazon ECR or a private Docker registry accessible from your Amazon Virtual Private Cloud (VPC). For more information see [Using a Private Docker Registry for Real-Time Inference Containers](https://docs.aws.amazon.com/sagemaker/latest/dg/your-algorithms-containers-inference-private.html). see Image Config. */ imageConfig?: pulumi.Input; /** * Inference specification name in the model package version. */ inferenceSpecificationName?: pulumi.Input; mode?: pulumi.Input; /** * Location of model data to deploy. Use this for uncompressed model deployment. For information about how to deploy an uncompressed model, see [Deploying uncompressed models](https://docs.aws.amazon.com/sagemaker/latest/dg/large-model-inference-uncompressed.html) in the _AWS SageMaker AI Developer Guide_. */ modelDataSource?: pulumi.Input; /** * URL for the S3 location where model artifacts are stored. */ modelDataUrl?: pulumi.Input; /** * Amazon Resource Name (ARN) of the model package to use to create the model. * A list of key value pairs. */ modelPackageName?: pulumi.Input; /** * Specifies additional configuration for multi-model endpoints. see Multi Model Config. */ multiModelConfig?: pulumi.Input; } export interface ModelPrimaryContainerAdditionalModelDataSource { /** * Custom name for the additional model data source object. It will be stored in `/opt/ml/additional-model-data-sources//`. */ channelName: pulumi.Input; /** * S3 location of model data to deploy. See S3 Data Source. */ s3DataSources: pulumi.Input[]>; } export interface ModelPrimaryContainerAdditionalModelDataSourceS3DataSource { /** * How the model data is prepared. Allowed values are: `None` and `Gzip`. */ compressionType: pulumi.Input; /** * Specifies the access configuration file for the ML model. You can explicitly accept the model end-user license agreement (EULA) within the [`modelAccessConfig` configuration block]. See Model Access Config. */ modelAccessConfig?: pulumi.Input; /** * Type of model data to deploy. Allowed values are: `S3Object` and `S3Prefix`. */ s3DataType: pulumi.Input; /** * The S3 path of model data to deploy. */ s3Uri: pulumi.Input; } export interface ModelPrimaryContainerAdditionalModelDataSourceS3DataSourceModelAccessConfig { /** * Specifies agreement to the model end-user license agreement (EULA). The value must be set to `true` in order to accept the EULA that this model requires. You are responsible for reviewing and complying with any applicable license terms and making sure they are acceptable for your use case before downloading or using a model. */ acceptEula: pulumi.Input; } export interface ModelPrimaryContainerImageConfig { /** * Specifies whether the model container is in Amazon ECR or a private Docker registry accessible from your Amazon Virtual Private Cloud (VPC). Allowed values are: `Platform` and `Vpc`. */ repositoryAccessMode: pulumi.Input; /** * Specifies an authentication configuration for the private docker registry where your model image is hosted. Specify a value for this property only if you specified Vpc as the value for the RepositoryAccessMode field, and the private Docker registry where the model image is hosted requires authentication. see Repository Auth Config. */ repositoryAuthConfig?: pulumi.Input; } export interface ModelPrimaryContainerImageConfigRepositoryAuthConfig { /** * Amazon Resource Name (ARN) of an AWS Lambda function that provides credentials to authenticate to the private Docker registry where your model image is hosted. For information about how to create an AWS Lambda function, see [Create a Lambda function with the console](https://docs.aws.amazon.com/lambda/latest/dg/getting-started-create-function.html) in the _AWS Lambda Developer Guide_. */ repositoryCredentialsProviderArn: pulumi.Input; } export interface ModelPrimaryContainerModelDataSource { /** * S3 location of model data to deploy. See S3 Data Source. */ s3DataSources: pulumi.Input[]>; } export interface ModelPrimaryContainerModelDataSourceS3DataSource { /** * How the model data is prepared. Allowed values are: `None` and `Gzip`. */ compressionType: pulumi.Input; /** * Specifies the access configuration file for the ML model. You can explicitly accept the model end-user license agreement (EULA) within the [`modelAccessConfig` configuration block]. See Model Access Config. */ modelAccessConfig?: pulumi.Input; /** * Type of model data to deploy. Allowed values are: `S3Object` and `S3Prefix`. */ s3DataType: pulumi.Input; /** * The S3 path of model data to deploy. */ s3Uri: pulumi.Input; } export interface ModelPrimaryContainerModelDataSourceS3DataSourceModelAccessConfig { /** * Specifies agreement to the model end-user license agreement (EULA). The value must be set to `true` in order to accept the EULA that this model requires. You are responsible for reviewing and complying with any applicable license terms and making sure they are acceptable for your use case before downloading or using a model. */ acceptEula: pulumi.Input; } export interface ModelPrimaryContainerMultiModelConfig { /** * Whether to cache models for a multi-model endpoint. By default, multi-model endpoints cache models so that a model does not have to be loaded into memory each time it is invoked. Some use cases do not benefit from model caching. For example, if an endpoint hosts a large number of models that are each invoked infrequently, the endpoint might perform better if you disable model caching. To disable model caching, set the value of this parameter to `Disabled`. Allowed values are: `Enabled` and `Disabled`. */ modelCacheSetting?: pulumi.Input; } export interface ModelVpcConfig { /** * List of security group IDs you want to be applied to your training job or model. Specify the security groups for the VPC that is specified in the Subnets field. */ securityGroupIds: pulumi.Input[]>; /** * List of subnet IDs in the VPC to which you want to connect your training job or model. */ subnets: pulumi.Input[]>; } export interface MonitoringScheduleMonitoringScheduleConfig { /** * Defines the monitoring job. Fields are documented below. */ monitoringJobDefinition?: pulumi.Input; /** * The name of the monitoring job definition to schedule. */ monitoringJobDefinitionName?: pulumi.Input; /** * The type of the monitoring job definition to schedule. Valid values are `DataQuality`, `ModelQuality`, `ModelBias` or `ModelExplainability` */ monitoringType: pulumi.Input; /** * Configures the monitoring schedule. Fields are documented below. */ scheduleConfig?: pulumi.Input; } export interface MonitoringScheduleMonitoringScheduleConfigMonitoringJobDefinition { /** * Baseline configuration used to validate that the data conforms to the specified constraints and statistics. Fields are documented below. */ baseline?: pulumi.Input; /** * Map of environment variables in the Docker container. */ environment?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Configures the monitoring job to run a specified Docker container image. Fields are documented below. */ monitoringAppSpecification: pulumi.Input; /** * Inputs for the monitoring job. Fields are documented below. */ monitoringInputs: pulumi.Input; /** * Outputs from the monitoring job to be uploaded to Amazon S3. Fields are documented below. */ monitoringOutputConfig: pulumi.Input; /** * Identifies the resources, ML compute instances, and ML storage volumes to deploy for a monitoring job. Fields are documented below. */ monitoringResources: pulumi.Input; /** * Networking options for the monitoring job. Fields are documented below. */ networkConfig?: pulumi.Input; /** * ARN of an IAM role that Amazon SageMaker AI can assume to perform tasks on your behalf. */ roleArn: pulumi.Input; /** * How long the monitoring job is allowed to run. Fields are documented below. */ stoppingConditions?: pulumi.Input[]>; } export interface MonitoringScheduleMonitoringScheduleConfigMonitoringJobDefinitionBaseline { baseliningJobName?: pulumi.Input; constraintsResource?: pulumi.Input; statisticsResource?: pulumi.Input; } export interface MonitoringScheduleMonitoringScheduleConfigMonitoringJobDefinitionBaselineConstraintsResource { /** * URI that identifies the Amazon S3 storage location where Amazon SageMaker AI saves the results of a monitoring job. */ s3Uri?: pulumi.Input; } export interface MonitoringScheduleMonitoringScheduleConfigMonitoringJobDefinitionBaselineStatisticsResource { /** * URI that identifies the Amazon S3 storage location where Amazon SageMaker AI saves the results of a monitoring job. */ s3Uri?: pulumi.Input; } export interface MonitoringScheduleMonitoringScheduleConfigMonitoringJobDefinitionMonitoringAppSpecification { /** * List of arguments for the container used to run the monitoring job. */ containerArguments?: pulumi.Input[]>; /** * Entrypoint for the container used to run the monitoring job. */ containerEntrypoints?: pulumi.Input[]>; /** * Container image to be run by the monitoring job. */ imageUri: pulumi.Input; /** * Script that is called after analysis has been performed. */ postAnalyticsProcessorSourceUri?: pulumi.Input; /** * Script that is called per row prior to running analysis. */ recordPreprocessorSourceUri?: pulumi.Input; } export interface MonitoringScheduleMonitoringScheduleConfigMonitoringJobDefinitionMonitoringInputs { /** * Input object for the batch transform job. Fields are documented below. */ batchTransformInput?: pulumi.Input; /** * Endpoint for a monitoring job. Fields are documented below. */ endpointInput?: pulumi.Input; } export interface MonitoringScheduleMonitoringScheduleConfigMonitoringJobDefinitionMonitoringInputsBatchTransformInput { /** * Amazon S3 location being used to capture the data. */ dataCapturedDestinationS3Uri: pulumi.Input; /** * Dataset format for the batch transform job. Fields are documented below. */ datasetFormat: pulumi.Input; /** * Monitoring jobs subtract this time from the end time. */ endTimeOffset?: pulumi.Input; /** * Attributes of the input data to exclude from the analysis. */ excludeFeaturesAttribute?: pulumi.Input; /** * Attributes of the input data that are the input features. */ featuresAttribute?: pulumi.Input; /** * Attribute of the input data that represents the ground truth label. */ inferenceAttribute?: pulumi.Input; /** * Path to the filesystem where the batch transform data is available to the container. */ localPath: pulumi.Input; /** * In a classification problem, the attribute that represents the class probability. */ probabilityAttribute?: pulumi.Input; /** * Threshold for the class probability to be evaluated as a positive result. */ probabilityThresholdAttribute?: pulumi.Input; /** * Whether input data distributed in Amazon S3 is fully replicated or sharded by an S3 key. Valid values: `FullyReplicated`, `ShardedByS3Key`. */ s3DataDistributionType?: pulumi.Input; /** * Input mode for transferring data for the monitoring job. Valid values: `Pipe`, `File`. */ s3InputMode?: pulumi.Input; /** * Monitoring jobs subtract this time from the start time. */ startTimeOffset?: pulumi.Input; } export interface MonitoringScheduleMonitoringScheduleConfigMonitoringJobDefinitionMonitoringInputsBatchTransformInputDatasetFormat { /** * CSV dataset used in the monitoring job. Fields are documented below. */ csv?: pulumi.Input; /** * JSON dataset used in the monitoring job. Fields are documented below. */ json?: pulumi.Input; } export interface MonitoringScheduleMonitoringScheduleConfigMonitoringJobDefinitionMonitoringInputsBatchTransformInputDatasetFormatCsv { /** * Indicates if the CSV data has a header. */ header?: pulumi.Input; } export interface MonitoringScheduleMonitoringScheduleConfigMonitoringJobDefinitionMonitoringInputsBatchTransformInputDatasetFormatJson { /** * Indicates if the file should be read as a JSON object per line. */ line?: pulumi.Input; } export interface MonitoringScheduleMonitoringScheduleConfigMonitoringJobDefinitionMonitoringInputsEndpointInput { /** * Monitoring jobs subtract this time from the end time. */ endTimeOffset?: pulumi.Input; /** * Endpoint in customer's account which has enabled `DataCaptureConfig`. */ endpointName: pulumi.Input; /** * Attributes of the input data to exclude from the analysis. */ excludeFeaturesAttribute?: pulumi.Input; /** * Attributes of the input data that are the input features. */ featuresAttribute?: pulumi.Input; /** * Attribute of the input data that represents the ground truth label. */ inferenceAttribute?: pulumi.Input; /** * Path to the filesystem where the endpoint data is available to the container. */ localPath: pulumi.Input; /** * In a classification problem, the attribute that represents the class probability. */ probabilityAttribute?: pulumi.Input; /** * Threshold for the class probability to be evaluated as a positive result. */ probabilityThresholdAttribute?: pulumi.Input; /** * Whether input data distributed in Amazon S3 is fully replicated or sharded by an S3 key. Valid values: `FullyReplicated`, `ShardedByS3Key`. */ s3DataDistributionType?: pulumi.Input; /** * Input mode for transferring data for the monitoring job. Valid values: `Pipe`, `File`. */ s3InputMode?: pulumi.Input; /** * Monitoring jobs subtract this time from the start time. */ startTimeOffset?: pulumi.Input; } export interface MonitoringScheduleMonitoringScheduleConfigMonitoringJobDefinitionMonitoringOutputConfig { /** * AWS KMS key that Amazon SageMaker AI uses to encrypt the model artifacts at rest using Amazon S3 server-side encryption. */ kmsKeyId?: pulumi.Input; /** * Monitoring outputs for monitoring jobs. Fields are documented below. */ monitoringOutputs: pulumi.Input; } export interface MonitoringScheduleMonitoringScheduleConfigMonitoringJobDefinitionMonitoringOutputConfigMonitoringOutputs { /** * Amazon S3 storage location where the results of a monitoring job are saved. Fields are documented below. */ s3Output: pulumi.Input; } export interface MonitoringScheduleMonitoringScheduleConfigMonitoringJobDefinitionMonitoringOutputConfigMonitoringOutputsS3Output { /** * Local path to the Amazon S3 storage location where Amazon SageMaker AI saves the results of a monitoring job. */ localPath: pulumi.Input; /** * Whether to upload the results of the monitoring job continuously or after the job completes. Valid values: `Continuous`, `EndOfJob`. */ s3UploadMode?: pulumi.Input; /** * URI that identifies the Amazon S3 storage location where Amazon SageMaker AI saves the results of a monitoring job. */ s3Uri: pulumi.Input; } export interface MonitoringScheduleMonitoringScheduleConfigMonitoringJobDefinitionMonitoringResources { /** * Configuration for the cluster resources used to run the processing job. Fields are documented below. */ clusterConfig: pulumi.Input; } export interface MonitoringScheduleMonitoringScheduleConfigMonitoringJobDefinitionMonitoringResourcesClusterConfig { /** * Number of ML compute instances to use in the model monitoring job. */ instanceCount: pulumi.Input; /** * ML compute instance type for the processing job. */ instanceType: pulumi.Input; /** * AWS KMS key that Amazon SageMaker AI uses to encrypt data on the storage volume attached to the ML compute instance(s) that run the model monitoring job. */ volumeKmsKeyId?: pulumi.Input; /** * size of the ML storage volume, in gigabytes, to provision. */ volumeSizeInGb: pulumi.Input; } export interface MonitoringScheduleMonitoringScheduleConfigMonitoringJobDefinitionNetworkConfig { /** * Whether to encrypt all communications between distributed processing jobs. */ enableInterContainerTrafficEncryption?: pulumi.Input; /** * Whether to allow inbound and outbound network calls to and from the containers used for the processing job. */ enableNetworkIsolation?: pulumi.Input; /** * VPC that SageMaker jobs, hosted models, and compute resources have access to. Fields are documented below. */ vpcConfig?: pulumi.Input; } export interface MonitoringScheduleMonitoringScheduleConfigMonitoringJobDefinitionNetworkConfigVpcConfig { /** * VPC security group IDs. */ securityGroupIds: pulumi.Input[]>; /** * Subnet IDs. */ subnets: pulumi.Input[]>; } export interface MonitoringScheduleMonitoringScheduleConfigMonitoringJobDefinitionStoppingCondition { /** * Maximum runtime allowed in seconds. */ maxRuntimeInSeconds?: pulumi.Input; } export interface MonitoringScheduleMonitoringScheduleConfigScheduleConfig { /** * A cron expression that describes details about the monitoring schedule. For example, and hourly schedule would be `cron(0 * ? * * *)`. */ scheduleExpression: pulumi.Input; } export interface NotebookInstanceInstanceMetadataServiceConfiguration { /** * Indicates the minimum IMDS version that the notebook instance supports. When passed "1" is passed. This means that both IMDSv1 and IMDSv2 are supported. Valid values are `1` and `2`. */ minimumInstanceMetadataServiceVersion?: pulumi.Input; } export interface PipelineParallelismConfiguration { /** * The max number of steps that can be executed in parallel. */ maxParallelExecutionSteps: pulumi.Input; } export interface PipelinePipelineDefinitionS3Location { /** * Name of the S3 bucket. */ bucket: pulumi.Input; /** * The object key (or key name) uniquely identifies the object in an S3 bucket. */ objectKey: pulumi.Input; /** * Version Id of the pipeline definition file. If not specified, Amazon SageMaker AI will retrieve the latest version. */ versionId?: pulumi.Input; } export interface ProjectServiceCatalogProvisioningDetails { /** * The path identifier of the product. This value is optional if the product has a default path, and required if the product has more than one path. */ pathId?: pulumi.Input; /** * The ID of the product to provision. */ productId: pulumi.Input; /** * The ID of the provisioning artifact. */ provisioningArtifactId?: pulumi.Input; /** * A list of key value pairs that you specify when you provision a product. See Provisioning Parameter below. */ provisioningParameters?: pulumi.Input[]>; } export interface ProjectServiceCatalogProvisioningDetailsProvisioningParameter { /** * The key that identifies a provisioning parameter. */ key: pulumi.Input; /** * The value of the provisioning parameter. */ value?: pulumi.Input; } export interface SpaceOwnershipSettings { /** * The user profile who is the owner of the private space. */ ownerUserProfileName: pulumi.Input; } export interface SpaceSpaceSettings { /** * The type of app created within the space. */ appType?: pulumi.Input; /** * The Code Editor application settings. See `codeEditorAppSettings` Block below. */ codeEditorAppSettings?: pulumi.Input; /** * A file system, created by you, that you assign to a space for an Amazon SageMaker AI Domain. See `customFileSystem` Block below. */ customFileSystems?: pulumi.Input[]>; /** * The settings for the JupyterLab application. See `jupyterLabAppSettings` Block below. */ jupyterLabAppSettings?: pulumi.Input; /** * The Jupyter server's app settings. See `jupyterServerAppSettings` Block below. */ jupyterServerAppSettings?: pulumi.Input; /** * The kernel gateway app settings. See `kernelGatewayAppSettings` Block below. */ kernelGatewayAppSettings?: pulumi.Input; /** * The storage settings. See `spaceStorageSettings` Block below. */ spaceStorageSettings?: pulumi.Input; } export interface SpaceSpaceSettingsCodeEditorAppSettings { /** * Settings that are used to configure and manage the lifecycle of JupyterLab applications in a space. See `appLifecycleManagement` Block below. */ appLifecycleManagement?: pulumi.Input; /** * The default instance type and the Amazon Resource Name (ARN) of the SageMaker AI image created on the instance. See `defaultResourceSpec` Block below. */ defaultResourceSpec: pulumi.Input; } export interface SpaceSpaceSettingsCodeEditorAppSettingsAppLifecycleManagement { /** * Settings related to idle shutdown of Studio applications. See `idleSettings` Block below. */ idleSettings?: pulumi.Input; } export interface SpaceSpaceSettingsCodeEditorAppSettingsAppLifecycleManagementIdleSettings { /** * The time that SageMaker AI waits after the application becomes idle before shutting it down. Valid values are between `60` and `525600`. */ idleTimeoutInMinutes?: pulumi.Input; } export interface SpaceSpaceSettingsCodeEditorAppSettingsDefaultResourceSpec { /** * The instance type. */ instanceType?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Lifecycle Configuration attached to the Resource. */ lifecycleConfigArn?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the SageMaker AI image created on the instance. */ sagemakerImageArn?: pulumi.Input; /** * The SageMaker AI Image Version Alias. */ sagemakerImageVersionAlias?: pulumi.Input; /** * The ARN of the image version created on the instance. */ sagemakerImageVersionArn?: pulumi.Input; } export interface SpaceSpaceSettingsCustomFileSystem { /** * A custom file system in Amazon EFS. See `efsFileSystem` Block below. */ efsFileSystem: pulumi.Input; } export interface SpaceSpaceSettingsCustomFileSystemEfsFileSystem { /** * The ID of your Amazon EFS file system. */ fileSystemId: pulumi.Input; } export interface SpaceSpaceSettingsJupyterLabAppSettings { /** * Settings that are used to configure and manage the lifecycle of JupyterLab applications in a space. See `appLifecycleManagement` Block below. */ appLifecycleManagement?: pulumi.Input; /** * A list of Git repositories that SageMaker AI automatically displays to users for cloning in the JupyterLab application. See `codeRepository` Block below. */ codeRepositories?: pulumi.Input[]>; /** * The default instance type and the Amazon Resource Name (ARN) of the SageMaker AI image created on the instance. See `defaultResourceSpec` Block below. */ defaultResourceSpec: pulumi.Input; } export interface SpaceSpaceSettingsJupyterLabAppSettingsAppLifecycleManagement { /** * Settings related to idle shutdown of Studio applications. See `idleSettings` Block below. */ idleSettings?: pulumi.Input; } export interface SpaceSpaceSettingsJupyterLabAppSettingsAppLifecycleManagementIdleSettings { /** * The time that SageMaker AI waits after the application becomes idle before shutting it down. Valid values are between `60` and `525600`. */ idleTimeoutInMinutes?: pulumi.Input; } export interface SpaceSpaceSettingsJupyterLabAppSettingsCodeRepository { /** * The URL of the Git repository. */ repositoryUrl: pulumi.Input; } export interface SpaceSpaceSettingsJupyterLabAppSettingsDefaultResourceSpec { /** * The instance type. */ instanceType?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Lifecycle Configuration attached to the Resource. */ lifecycleConfigArn?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the SageMaker AI image created on the instance. */ sagemakerImageArn?: pulumi.Input; /** * The SageMaker AI Image Version Alias. */ sagemakerImageVersionAlias?: pulumi.Input; /** * The ARN of the image version created on the instance. */ sagemakerImageVersionArn?: pulumi.Input; } export interface SpaceSpaceSettingsJupyterServerAppSettings { /** * A list of Git repositories that SageMaker AI automatically displays to users for cloning in the JupyterServer application. See `codeRepository` Block below. */ codeRepositories?: pulumi.Input[]>; /** * The default instance type and the Amazon Resource Name (ARN) of the SageMaker AI image created on the instance. See `defaultResourceSpec` Block below. */ defaultResourceSpec: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Lifecycle Configurations. */ lifecycleConfigArns?: pulumi.Input[]>; } export interface SpaceSpaceSettingsJupyterServerAppSettingsCodeRepository { /** * The URL of the Git repository. */ repositoryUrl: pulumi.Input; } export interface SpaceSpaceSettingsJupyterServerAppSettingsDefaultResourceSpec { /** * The instance type. */ instanceType?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Lifecycle Configuration attached to the Resource. */ lifecycleConfigArn?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the SageMaker AI image created on the instance. */ sagemakerImageArn?: pulumi.Input; /** * The SageMaker AI Image Version Alias. */ sagemakerImageVersionAlias?: pulumi.Input; /** * The ARN of the image version created on the instance. */ sagemakerImageVersionArn?: pulumi.Input; } export interface SpaceSpaceSettingsKernelGatewayAppSettings { /** * A list of custom SageMaker AI images that are configured to run as a KernelGateway app. See `customImage` Block below. */ customImages?: pulumi.Input[]>; /** * The default instance type and the Amazon Resource Name (ARN) of the SageMaker AI image created on the instance. See `defaultResourceSpec` Block below. */ defaultResourceSpec: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Lifecycle Configurations. */ lifecycleConfigArns?: pulumi.Input[]>; } export interface SpaceSpaceSettingsKernelGatewayAppSettingsCustomImage { /** * The name of the App Image Config. */ appImageConfigName: pulumi.Input; /** * The name of the Custom Image. */ imageName: pulumi.Input; /** * The version number of the Custom Image. */ imageVersionNumber?: pulumi.Input; } export interface SpaceSpaceSettingsKernelGatewayAppSettingsDefaultResourceSpec { /** * The instance type. */ instanceType?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Lifecycle Configuration attached to the Resource. */ lifecycleConfigArn?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the SageMaker AI image created on the instance. */ sagemakerImageArn?: pulumi.Input; /** * The SageMaker AI Image Version Alias. */ sagemakerImageVersionAlias?: pulumi.Input; /** * The ARN of the image version created on the instance. */ sagemakerImageVersionArn?: pulumi.Input; } export interface SpaceSpaceSettingsSpaceStorageSettings { /** * A collection of EBS storage settings for a space. See `ebsStorageSettings` Block below. */ ebsStorageSettings: pulumi.Input; } export interface SpaceSpaceSettingsSpaceStorageSettingsEbsStorageSettings { /** * The size of an EBS storage volume for a space. */ ebsVolumeSizeInGb: pulumi.Input; } export interface SpaceSpaceSharingSettings { /** * Specifies the sharing type of the space. Valid values are `Private` and `Shared`. */ sharingType: pulumi.Input; } export interface UserProfileUserSettings { /** * Indicates whether auto-mounting of an EFS volume is supported for the user profile. The `DefaultAsDomain` value is only supported for user profiles. Do not use the `DefaultAsDomain` value when setting this parameter for a domain. Valid values are: `Enabled`, `Disabled`, and `DefaultAsDomain`. */ autoMountHomeEfs?: pulumi.Input; /** * The Canvas app settings. See Canvas App Settings below. */ canvasAppSettings?: pulumi.Input; /** * The Code Editor application settings. See Code Editor App Settings below. */ codeEditorAppSettings?: pulumi.Input; /** * The settings for assigning a custom file system to a user profile. Permitted users can access this file system in Amazon SageMaker AI Studio. See Custom File System Config below. */ customFileSystemConfigs?: pulumi.Input[]>; /** * Details about the POSIX identity that is used for file system operations. See Custom Posix User Config below. */ customPosixUserConfig?: pulumi.Input; /** * The default experience that the user is directed to when accessing the domain. The supported values are: `studio::`: Indicates that Studio is the default experience. This value can only be passed if StudioWebPortal is set to ENABLED. `app:JupyterServer:`: Indicates that Studio Classic is the default experience. */ defaultLandingUri?: pulumi.Input; /** * The execution role ARN for the user. */ executionRole: pulumi.Input; /** * The settings for the JupyterLab application. See Jupyter Lab App Settings below. */ jupyterLabAppSettings?: pulumi.Input; /** * The Jupyter server's app settings. See Jupyter Server App Settings below. */ jupyterServerAppSettings?: pulumi.Input; /** * The kernel gateway app settings. See Kernel Gateway App Settings below. */ kernelGatewayAppSettings?: pulumi.Input; /** * The RSession app settings. See RSession App Settings below. */ rSessionAppSettings?: pulumi.Input; /** * A collection of settings that configure user interaction with the RStudioServerPro app. See RStudioServerProAppSettings below. */ rStudioServerProAppSettings?: pulumi.Input; /** * A list of security group IDs that will be attached to the user. */ securityGroups?: pulumi.Input[]>; /** * The sharing settings. See Sharing Settings below. */ sharingSettings?: pulumi.Input; /** * The storage settings for a private space. See Space Storage Settings below. */ spaceStorageSettings?: pulumi.Input; /** * Whether the user can access Studio. If this value is set to `DISABLED`, the user cannot access Studio, even if that is the default experience for the domain. Valid values are `ENABLED` and `DISABLED`. */ studioWebPortal?: pulumi.Input; /** * The Studio Web Portal settings. See `studioWebPortalSettings` Block below. */ studioWebPortalSettings?: pulumi.Input; /** * The TensorBoard app settings. See TensorBoard App Settings below. */ tensorBoardAppSettings?: pulumi.Input; } export interface UserProfileUserSettingsCanvasAppSettings { /** * The model deployment settings for the SageMaker AI Canvas application. See Direct Deploy Settings below. */ directDeploySettings?: pulumi.Input; /** * The settings for running Amazon EMR Serverless jobs in SageMaker AI Canvas. See `emrServerlessSettings` Block below. */ emrServerlessSettings?: pulumi.Input; generativeAiSettings?: pulumi.Input; /** * The settings for connecting to an external data source with OAuth. See Identity Provider OAuth Settings below. */ identityProviderOauthSettings?: pulumi.Input[]>; /** * The settings for document querying. See Kendra Settings below. */ kendraSettings?: pulumi.Input; /** * The model registry settings for the SageMaker AI Canvas application. See Model Register Settings below. */ modelRegisterSettings?: pulumi.Input; /** * Time series forecast settings for the Canvas app. See Time Series Forecasting Settings below. */ timeSeriesForecastingSettings?: pulumi.Input; /** * The workspace settings for the SageMaker AI Canvas application. See Workspace Settings below. */ workspaceSettings?: pulumi.Input; } export interface UserProfileUserSettingsCanvasAppSettingsDirectDeploySettings { /** * Describes whether model deployment permissions are enabled or disabled in the Canvas application. Valid values are `ENABLED` and `DISABLED`. */ status?: pulumi.Input; } export interface UserProfileUserSettingsCanvasAppSettingsEmrServerlessSettings { /** * The Amazon Resource Name (ARN) of the AWS IAM role that is assumed for running Amazon EMR Serverless jobs in SageMaker AI Canvas. This role should have the necessary permissions to read and write data attached and a trust relationship with EMR Serverless. */ executionRoleArn?: pulumi.Input; /** * Describes whether Amazon EMR Serverless job capabilities are enabled or disabled in the SageMaker AI Canvas application. Valid values are: `ENABLED` and `DISABLED`. */ status?: pulumi.Input; } export interface UserProfileUserSettingsCanvasAppSettingsGenerativeAiSettings { amazonBedrockRoleArn?: pulumi.Input; } export interface UserProfileUserSettingsCanvasAppSettingsIdentityProviderOauthSetting { /** * The name of the data source that you're connecting to. Canvas currently supports OAuth for Snowflake and Salesforce Data Cloud. Valid values are `SalesforceGenie` and `Snowflake`. */ dataSourceName?: pulumi.Input; /** * The ARN of an Amazon Web Services Secrets Manager secret that stores the credentials from your identity provider, such as the client ID and secret, authorization URL, and token URL. */ secretArn: pulumi.Input; /** * Describes whether OAuth for a data source is enabled or disabled in the Canvas application. Valid values are `ENABLED` and `DISABLED`. */ status?: pulumi.Input; } export interface UserProfileUserSettingsCanvasAppSettingsKendraSettings { /** * Describes whether the document querying feature is enabled or disabled in the Canvas application. Valid values are `ENABLED` and `DISABLED`. */ status?: pulumi.Input; } export interface UserProfileUserSettingsCanvasAppSettingsModelRegisterSettings { /** * The Amazon Resource Name (ARN) of the SageMaker AI model registry account. Required only to register model versions created by a different SageMaker AI Canvas AWS account than the AWS account in which SageMaker AI model registry is set up. */ crossAccountModelRegisterRoleArn?: pulumi.Input; /** * Describes whether the integration to the model registry is enabled or disabled in the Canvas application. Valid values are `ENABLED` and `DISABLED`. */ status?: pulumi.Input; } export interface UserProfileUserSettingsCanvasAppSettingsTimeSeriesForecastingSettings { /** * The IAM role that Canvas passes to Amazon Forecast for time series forecasting. By default, Canvas uses the execution role specified in the UserProfile that launches the Canvas app. If an execution role is not specified in the UserProfile, Canvas uses the execution role specified in the Domain that owns the UserProfile. To allow time series forecasting, this IAM role should have the [AmazonSageMakerCanvasForecastAccess](https://docs.aws.amazon.com/sagemaker/latest/dg/security-iam-awsmanpol-canvas.html#security-iam-awsmanpol-AmazonSageMakerCanvasForecastAccess) policy attached and forecast.amazonaws.com added in the trust relationship as a service principal. */ amazonForecastRoleArn?: pulumi.Input; /** * Describes whether time series forecasting is enabled or disabled in the Canvas app. Valid values are `ENABLED` and `DISABLED`. */ status?: pulumi.Input; } export interface UserProfileUserSettingsCanvasAppSettingsWorkspaceSettings { /** * The Amazon S3 bucket used to store artifacts generated by Canvas. Updating the Amazon S3 location impacts existing configuration settings, and Canvas users no longer have access to their artifacts. Canvas users must log out and log back in to apply the new location. */ s3ArtifactPath?: pulumi.Input; /** * The Amazon Web Services Key Management Service (KMS) encryption key ID that is used to encrypt artifacts generated by Canvas in the Amazon S3 bucket. */ s3KmsKeyId?: pulumi.Input; } export interface UserProfileUserSettingsCodeEditorAppSettings { /** * Indicates whether idle shutdown is activated for JupyterLab applications. see `appLifecycleManagement` Block below. */ appLifecycleManagement?: pulumi.Input; /** * The lifecycle configuration that runs before the default lifecycle configuration. It can override changes made in the default lifecycle configuration. */ builtInLifecycleConfigArn?: pulumi.Input; /** * A list of custom SageMaker AI images that are configured to run as a CodeEditor app. see Custom Image below. */ customImages?: pulumi.Input[]>; /** * The default instance type and the Amazon Resource Name (ARN) of the SageMaker AI image created on the instance. see Default Resource Spec below. */ defaultResourceSpec?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Lifecycle Configurations. */ lifecycleConfigArns?: pulumi.Input[]>; } export interface UserProfileUserSettingsCodeEditorAppSettingsAppLifecycleManagement { /** * Settings related to idle shutdown of Studio applications. see `idleSettings` Block below. */ idleSettings?: pulumi.Input; } export interface UserProfileUserSettingsCodeEditorAppSettingsAppLifecycleManagementIdleSettings { /** * The time that SageMaker AI waits after the application becomes idle before shutting it down. Valid values are between `60` and `525600`. */ idleTimeoutInMinutes?: pulumi.Input; /** * Indicates whether idle shutdown is activated for the application type. Valid values are `ENABLED` and `DISABLED`. */ lifecycleManagement?: pulumi.Input; /** * The maximum value in minutes that custom idle shutdown can be set to by the user. Valid values are between `60` and `525600`. */ maxIdleTimeoutInMinutes?: pulumi.Input; /** * The minimum value in minutes that custom idle shutdown can be set to by the user. Valid values are between `60` and `525600`. */ minIdleTimeoutInMinutes?: pulumi.Input; } export interface UserProfileUserSettingsCodeEditorAppSettingsCustomImage { /** * The name of the App Image Config. */ appImageConfigName: pulumi.Input; /** * The name of the Custom Image. */ imageName: pulumi.Input; /** * The version number of the Custom Image. */ imageVersionNumber?: pulumi.Input; } export interface UserProfileUserSettingsCodeEditorAppSettingsDefaultResourceSpec { /** * The instance type that the image version runs on.. For valid values see [SageMaker AI Instance Types](https://docs.aws.amazon.com/sagemaker/latest/dg/notebooks-available-instance-types.html). */ instanceType?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Lifecycle Configuration attached to the Resource. */ lifecycleConfigArn?: pulumi.Input; /** * The ARN of the SageMaker AI image that the image version belongs to. */ sagemakerImageArn?: pulumi.Input; /** * The SageMaker AI Image Version Alias. */ sagemakerImageVersionAlias?: pulumi.Input; /** * The ARN of the image version created on the instance. */ sagemakerImageVersionArn?: pulumi.Input; } export interface UserProfileUserSettingsCustomFileSystemConfig { /** * The default EBS storage settings for a private space. See EFS File System Config below. */ efsFileSystemConfigs?: pulumi.Input[]>; } export interface UserProfileUserSettingsCustomFileSystemConfigEfsFileSystemConfig { /** * The ID of your Amazon EFS file system. */ fileSystemId: pulumi.Input; /** * The path to the file system directory that is accessible in Amazon SageMaker AI Studio. Permitted users can access only this directory and below. */ fileSystemPath?: pulumi.Input; } export interface UserProfileUserSettingsCustomPosixUserConfig { /** * The POSIX group ID. */ gid: pulumi.Input; /** * The POSIX user ID. */ uid: pulumi.Input; } export interface UserProfileUserSettingsJupyterLabAppSettings { /** * Indicates whether idle shutdown is activated for JupyterLab applications. see `appLifecycleManagement` Block below. */ appLifecycleManagement?: pulumi.Input; /** * The lifecycle configuration that runs before the default lifecycle configuration. It can override changes made in the default lifecycle configuration. */ builtInLifecycleConfigArn?: pulumi.Input; /** * A list of Git repositories that SageMaker AI automatically displays to users for cloning in the JupyterServer application. see Code Repository below. */ codeRepositories?: pulumi.Input[]>; customImages?: pulumi.Input[]>; /** * The default instance type and the Amazon Resource Name (ARN) of the SageMaker AI image created on the instance. see Default Resource Spec below. */ defaultResourceSpec?: pulumi.Input; /** * The configuration parameters that specify the IAM roles assumed by the execution role of SageMaker AI (assumable roles) and the cluster instances or job execution environments (execution roles or runtime roles) to manage and access resources required for running Amazon EMR clusters or Amazon EMR Serverless applications. see `emrSettings` Block below. */ emrSettings?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Lifecycle Configurations. */ lifecycleConfigArns?: pulumi.Input[]>; } export interface UserProfileUserSettingsJupyterLabAppSettingsAppLifecycleManagement { /** * Settings related to idle shutdown of Studio applications. see `idleSettings` Block below. */ idleSettings?: pulumi.Input; } export interface UserProfileUserSettingsJupyterLabAppSettingsAppLifecycleManagementIdleSettings { /** * The time that SageMaker AI waits after the application becomes idle before shutting it down. Valid values are between `60` and `525600`. */ idleTimeoutInMinutes?: pulumi.Input; /** * Indicates whether idle shutdown is activated for the application type. Valid values are `ENABLED` and `DISABLED`. */ lifecycleManagement?: pulumi.Input; /** * The maximum value in minutes that custom idle shutdown can be set to by the user. Valid values are between `60` and `525600`. */ maxIdleTimeoutInMinutes?: pulumi.Input; /** * The minimum value in minutes that custom idle shutdown can be set to by the user. Valid values are between `60` and `525600`. */ minIdleTimeoutInMinutes?: pulumi.Input; } export interface UserProfileUserSettingsJupyterLabAppSettingsCodeRepository { /** * The URL of the Git repository. */ repositoryUrl: pulumi.Input; } export interface UserProfileUserSettingsJupyterLabAppSettingsCustomImage { /** * The name of the App Image Config. */ appImageConfigName: pulumi.Input; /** * The name of the Custom Image. */ imageName: pulumi.Input; /** * The version number of the Custom Image. */ imageVersionNumber?: pulumi.Input; } export interface UserProfileUserSettingsJupyterLabAppSettingsDefaultResourceSpec { /** * The instance type that the image version runs on.. For valid values see [SageMaker AI Instance Types](https://docs.aws.amazon.com/sagemaker/latest/dg/notebooks-available-instance-types.html). */ instanceType?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Lifecycle Configuration attached to the Resource. */ lifecycleConfigArn?: pulumi.Input; /** * The ARN of the SageMaker AI image that the image version belongs to. */ sagemakerImageArn?: pulumi.Input; /** * The SageMaker AI Image Version Alias. */ sagemakerImageVersionAlias?: pulumi.Input; /** * The ARN of the image version created on the instance. */ sagemakerImageVersionArn?: pulumi.Input; } export interface UserProfileUserSettingsJupyterLabAppSettingsEmrSettings { /** * An array of Amazon Resource Names (ARNs) of the IAM roles that the execution role of SageMaker AI can assume for performing operations or tasks related to Amazon EMR clusters or Amazon EMR Serverless applications. These roles define the permissions and access policies required when performing Amazon EMR-related operations, such as listing, connecting to, or terminating Amazon EMR clusters or Amazon EMR Serverless applications. They are typically used in cross-account access scenarios, where the Amazon EMR resources (clusters or serverless applications) are located in a different AWS account than the SageMaker AI domain. */ assumableRoleArns?: pulumi.Input[]>; /** * An array of Amazon Resource Names (ARNs) of the IAM roles used by the Amazon EMR cluster instances or job execution environments to access other AWS services and resources needed during the runtime of your Amazon EMR or Amazon EMR Serverless workloads, such as Amazon S3 for data access, Amazon CloudWatch for logging, or other AWS services based on the particular workload requirements. */ executionRoleArns?: pulumi.Input[]>; } export interface UserProfileUserSettingsJupyterServerAppSettings { /** * A list of Git repositories that SageMaker AI automatically displays to users for cloning in the JupyterServer application. see Code Repository below. */ codeRepositories?: pulumi.Input[]>; /** * The default instance type and the Amazon Resource Name (ARN) of the SageMaker AI image created on the instance. see Default Resource Spec below. */ defaultResourceSpec?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Lifecycle Configurations. */ lifecycleConfigArns?: pulumi.Input[]>; } export interface UserProfileUserSettingsJupyterServerAppSettingsCodeRepository { /** * The URL of the Git repository. */ repositoryUrl: pulumi.Input; } export interface UserProfileUserSettingsJupyterServerAppSettingsDefaultResourceSpec { /** * The instance type that the image version runs on.. For valid values see [SageMaker AI Instance Types](https://docs.aws.amazon.com/sagemaker/latest/dg/notebooks-available-instance-types.html). */ instanceType?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Lifecycle Configuration attached to the Resource. */ lifecycleConfigArn?: pulumi.Input; /** * The ARN of the SageMaker AI image that the image version belongs to. */ sagemakerImageArn?: pulumi.Input; /** * The SageMaker AI Image Version Alias. */ sagemakerImageVersionAlias?: pulumi.Input; /** * The ARN of the image version created on the instance. */ sagemakerImageVersionArn?: pulumi.Input; } export interface UserProfileUserSettingsKernelGatewayAppSettings { /** * A list of custom SageMaker AI images that are configured to run as a KernelGateway app. see Custom Image below. */ customImages?: pulumi.Input[]>; /** * The default instance type and the Amazon Resource Name (ARN) of the SageMaker AI image created on the instance. see Default Resource Spec below. */ defaultResourceSpec?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Lifecycle Configurations. */ lifecycleConfigArns?: pulumi.Input[]>; } export interface UserProfileUserSettingsKernelGatewayAppSettingsCustomImage { /** * The name of the App Image Config. */ appImageConfigName: pulumi.Input; /** * The name of the Custom Image. */ imageName: pulumi.Input; /** * The version number of the Custom Image. */ imageVersionNumber?: pulumi.Input; } export interface UserProfileUserSettingsKernelGatewayAppSettingsDefaultResourceSpec { /** * The instance type that the image version runs on.. For valid values see [SageMaker AI Instance Types](https://docs.aws.amazon.com/sagemaker/latest/dg/notebooks-available-instance-types.html). */ instanceType?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Lifecycle Configuration attached to the Resource. */ lifecycleConfigArn?: pulumi.Input; /** * The ARN of the SageMaker AI image that the image version belongs to. */ sagemakerImageArn?: pulumi.Input; /** * The SageMaker AI Image Version Alias. */ sagemakerImageVersionAlias?: pulumi.Input; /** * The ARN of the image version created on the instance. */ sagemakerImageVersionArn?: pulumi.Input; } export interface UserProfileUserSettingsRSessionAppSettings { /** * A list of custom SageMaker AI images that are configured to run as a KernelGateway app. see Custom Image below. */ customImages?: pulumi.Input[]>; /** * The default instance type and the Amazon Resource Name (ARN) of the SageMaker AI image created on the instance. see Default Resource Spec below. */ defaultResourceSpec?: pulumi.Input; } export interface UserProfileUserSettingsRSessionAppSettingsCustomImage { /** * The name of the App Image Config. */ appImageConfigName: pulumi.Input; /** * The name of the Custom Image. */ imageName: pulumi.Input; /** * The version number of the Custom Image. */ imageVersionNumber?: pulumi.Input; } export interface UserProfileUserSettingsRSessionAppSettingsDefaultResourceSpec { /** * The instance type that the image version runs on.. For valid values see [SageMaker AI Instance Types](https://docs.aws.amazon.com/sagemaker/latest/dg/notebooks-available-instance-types.html). */ instanceType?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Lifecycle Configuration attached to the Resource. */ lifecycleConfigArn?: pulumi.Input; /** * The ARN of the SageMaker AI image that the image version belongs to. */ sagemakerImageArn?: pulumi.Input; /** * The SageMaker AI Image Version Alias. */ sagemakerImageVersionAlias?: pulumi.Input; /** * The ARN of the image version created on the instance. */ sagemakerImageVersionArn?: pulumi.Input; } export interface UserProfileUserSettingsRStudioServerProAppSettings { /** * Indicates whether the current user has access to the RStudioServerPro app. Valid values are `ENABLED` and `DISABLED`. */ accessStatus?: pulumi.Input; /** * The level of permissions that the user has within the RStudioServerPro app. This value defaults to `R_STUDIO_USER`. The `R_STUDIO_ADMIN` value allows the user access to the RStudio Administrative Dashboard. Valid values are `R_STUDIO_USER` and `R_STUDIO_ADMIN`. */ userGroup?: pulumi.Input; } export interface UserProfileUserSettingsSharingSettings { /** * Whether to include the notebook cell output when sharing the notebook. The default is `Disabled`. Valid values are `Allowed` and `Disabled`. */ notebookOutputOption?: pulumi.Input; /** * When `notebookOutputOption` is Allowed, the AWS Key Management Service (KMS) encryption key ID used to encrypt the notebook cell output in the Amazon S3 bucket. */ s3KmsKeyId?: pulumi.Input; /** * When `notebookOutputOption` is Allowed, the Amazon S3 bucket used to save the notebook cell output. */ s3OutputPath?: pulumi.Input; } export interface UserProfileUserSettingsSpaceStorageSettings { /** * The default EBS storage settings for a private space. See Default EBS Storage Settings below. */ defaultEbsStorageSettings?: pulumi.Input; } export interface UserProfileUserSettingsSpaceStorageSettingsDefaultEbsStorageSettings { /** * The default size of the EBS storage volume for a private space. */ defaultEbsVolumeSizeInGb: pulumi.Input; /** * The maximum size of the EBS storage volume for a private space. */ maximumEbsVolumeSizeInGb: pulumi.Input; } export interface UserProfileUserSettingsStudioWebPortalSettings { /** * The Applications supported in Studio that are hidden from the Studio left navigation pane. */ hiddenAppTypes?: pulumi.Input[]>; /** * The instance types you are hiding from the Studio user interface. */ hiddenInstanceTypes?: pulumi.Input[]>; /** * The machine learning tools that are hidden from the Studio left navigation pane. */ hiddenMlTools?: pulumi.Input[]>; } export interface UserProfileUserSettingsTensorBoardAppSettings { /** * The default instance type and the Amazon Resource Name (ARN) of the SageMaker AI image created on the instance. see Default Resource Spec below. */ defaultResourceSpec?: pulumi.Input; } export interface UserProfileUserSettingsTensorBoardAppSettingsDefaultResourceSpec { /** * The instance type that the image version runs on.. For valid values see [SageMaker AI Instance Types](https://docs.aws.amazon.com/sagemaker/latest/dg/notebooks-available-instance-types.html). */ instanceType?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Lifecycle Configuration attached to the Resource. */ lifecycleConfigArn?: pulumi.Input; /** * The ARN of the SageMaker AI image that the image version belongs to. */ sagemakerImageArn?: pulumi.Input; /** * The SageMaker AI Image Version Alias. */ sagemakerImageVersionAlias?: pulumi.Input; /** * The ARN of the image version created on the instance. */ sagemakerImageVersionArn?: pulumi.Input; } export interface WorkforceCognitoConfig { /** * The client ID for your Amazon Cognito user pool. */ clientId: pulumi.Input; /** * ID for your Amazon Cognito user pool. */ userPool: pulumi.Input; } export interface WorkforceOidcConfig { /** * A string to string map of identifiers specific to the custom identity provider (IdP) being used. */ authenticationRequestExtraParams?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * The OIDC IdP authorization endpoint used to configure your private workforce. */ authorizationEndpoint: pulumi.Input; /** * The OIDC IdP client ID used to configure your private workforce. */ clientId: pulumi.Input; /** * The OIDC IdP client secret used to configure your private workforce. */ clientSecret: pulumi.Input; /** * The OIDC IdP issuer used to configure your private workforce. */ issuer: pulumi.Input; /** * The OIDC IdP JSON Web Key Set (Jwks) URI used to configure your private workforce. */ jwksUri: pulumi.Input; /** * The OIDC IdP logout endpoint used to configure your private workforce. */ logoutEndpoint: pulumi.Input; /** * An array of string identifiers used to refer to the specific pieces of user data or claims that the client application wants to access. */ scope?: pulumi.Input; /** * The OIDC IdP token endpoint used to configure your private workforce. */ tokenEndpoint: pulumi.Input; /** * The OIDC IdP user information endpoint used to configure your private workforce. */ userInfoEndpoint: pulumi.Input; } export interface WorkforceSourceIpConfig { /** * A list of up to 10 CIDR values. */ cidrs: pulumi.Input[]>; } export interface WorkforceWorkforceVpcConfig { /** * The VPC security group IDs. The security groups must be for the same VPC as specified in the subnet. */ securityGroupIds?: pulumi.Input[]>; /** * The ID of the subnets in the VPC that you want to connect. */ subnets?: pulumi.Input[]>; /** * The IDs for the VPC service endpoints of your VPC workforce. */ vpcEndpointId?: pulumi.Input; /** * The ID of the VPC that the workforce uses for communication. */ vpcId?: pulumi.Input; } export interface WorkteamMemberDefinition { /** * The Amazon Cognito user group that is part of the work team. See Cognito Member Definition details below. */ cognitoMemberDefinition?: pulumi.Input; /** * A list user groups that exist in your OIDC Identity Provider (IdP). One to ten groups can be used to create a single private work team. See Cognito Member Definition details below. */ oidcMemberDefinition?: pulumi.Input; } export interface WorkteamMemberDefinitionCognitoMemberDefinition { /** * An identifier for an application client. You must create the app client ID using Amazon Cognito. */ clientId: pulumi.Input; /** * An identifier for a user group. */ userGroup: pulumi.Input; /** * An identifier for a user pool. The user pool must be in the same region as the service that you are calling. */ userPool: pulumi.Input; } export interface WorkteamMemberDefinitionOidcMemberDefinition { /** * A list of comma separated strings that identifies user groups in your OIDC IdP. Each user group is made up of a group of private workers. */ groups: pulumi.Input[]>; } export interface WorkteamNotificationConfiguration { /** * The ARN for the SNS topic to which notifications should be published. */ notificationTopicArn?: pulumi.Input; } export interface WorkteamWorkerAccessConfiguration { /** * Defines any Amazon S3 resource constraints. see S3 Presign details below. */ s3Presign?: pulumi.Input; } export interface WorkteamWorkerAccessConfigurationS3Presign { /** * Use this parameter to specify the allowed request source. Possible sources are either SourceIp or VpcSourceIp. see IAM Policy Constraints details below. */ iamPolicyConstraints?: pulumi.Input; } export interface WorkteamWorkerAccessConfigurationS3PresignIamPolicyConstraints { /** * When SourceIp is Enabled the worker's IP address when a task is rendered in the worker portal is added to the IAM policy as a Condition used to generate the Amazon S3 presigned URL. This IP address is checked by Amazon S3 and must match in order for the Amazon S3 resource to be rendered in the worker portal. Valid values are `Enabled` or `Disabled` */ sourceIp?: pulumi.Input; /** * When VpcSourceIp is Enabled the worker's IP address when a task is rendered in private worker portal inside the VPC is added to the IAM policy as a Condition used to generate the Amazon S3 presigned URL. To render the task successfully Amazon S3 checks that the presigned URL is being accessed over an Amazon S3 VPC Endpoint, and that the worker's IP address matches the IP address in the IAM policy. To learn more about configuring private worker portal, see [Use Amazon VPC mode from a private worker portal](https://docs.aws.amazon.com/sagemaker/latest/dg/samurai-vpc-worker-portal.html). Valid values are `Enabled` or `Disabled` */ vpcSourceIp?: pulumi.Input; } } export namespace savingsplans { export interface SavingsPlanTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; } } export namespace scheduler { export interface ScheduleFlexibleTimeWindow { /** * Maximum time window during which a schedule can be invoked. Ranges from `1` to `1440` minutes. */ maximumWindowInMinutes?: pulumi.Input; /** * Determines whether the schedule is invoked within a flexible time window. One of: `OFF`, `FLEXIBLE`. */ mode: pulumi.Input; } export interface ScheduleTarget { /** * ARN of the target of this schedule, such as a SQS queue or ECS cluster. For universal targets, this is a [Service ARN specific to the target service](https://docs.aws.amazon.com/scheduler/latest/UserGuide/managing-targets-universal.html#supported-universal-targets). */ arn: pulumi.Input; /** * Information about an Amazon SQS queue that EventBridge Scheduler uses as a dead-letter queue for your schedule. If specified, EventBridge Scheduler delivers failed events that could not be successfully delivered to a target to the queue. Detailed below. */ deadLetterConfig?: pulumi.Input; /** * Templated target type for the Amazon ECS [`RunTask`](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_RunTask.html) API operation. Detailed below. */ ecsParameters?: pulumi.Input; /** * Templated target type for the EventBridge [`PutEvents`](https://docs.aws.amazon.com/eventbridge/latest/APIReference/API_PutEvents.html) API operation. Detailed below. */ eventbridgeParameters?: pulumi.Input; /** * Text, or well-formed JSON, passed to the target. Read more in [Universal target](https://docs.aws.amazon.com/scheduler/latest/UserGuide/managing-targets-universal.html). */ input?: pulumi.Input; /** * Templated target type for the Amazon Kinesis [`PutRecord`](https://docs.aws.amazon.com/kinesis/latest/APIReference/API_PutRecord.html) API operation. Detailed below. */ kinesisParameters?: pulumi.Input; /** * Information about the retry policy settings. Detailed below. */ retryPolicy?: pulumi.Input; /** * ARN of the IAM role that EventBridge Scheduler will use for this target when the schedule is invoked. Read more in [Set up the execution role](https://docs.aws.amazon.com/scheduler/latest/UserGuide/setting-up.html#setting-up-execution-role). * * The following arguments are optional: */ roleArn: pulumi.Input; /** * Templated target type for the Amazon SageMaker AI [`StartPipelineExecution`](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_StartPipelineExecution.html) API operation. Detailed below. */ sagemakerPipelineParameters?: pulumi.Input; /** * The templated target type for the Amazon SQS [`SendMessage`](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/APIReference/API_SendMessage.html) API operation. Detailed below. */ sqsParameters?: pulumi.Input; } export interface ScheduleTargetDeadLetterConfig { /** * ARN of the SQS queue specified as the destination for the dead-letter queue. */ arn: pulumi.Input; } export interface ScheduleTargetEcsParameters { /** * Up to `6` capacity provider strategies to use for the task. Detailed below. */ capacityProviderStrategies?: pulumi.Input[]>; /** * Specifies whether to enable Amazon ECS managed tags for the task. For more information, see [Tagging Your Amazon ECS Resources](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-using-tags.html) in the Amazon ECS Developer Guide. */ enableEcsManagedTags?: pulumi.Input; /** * Specifies whether to enable the execute command functionality for the containers in this task. */ enableExecuteCommand?: pulumi.Input; /** * Specifies an ECS task group for the task. At most 255 characters. */ group?: pulumi.Input; /** * Specifies the launch type on which your task is running. The launch type that you specify here must match one of the launch type (compatibilities) of the target task. One of: `EC2`, `FARGATE`, `EXTERNAL`. */ launchType?: pulumi.Input; /** * Configures the networking associated with the task. Detailed below. */ networkConfiguration?: pulumi.Input; /** * A set of up to 10 placement constraints to use for the task. Detailed below. */ placementConstraints?: pulumi.Input[]>; /** * A set of up to 5 placement strategies. Detailed below. */ placementStrategies?: pulumi.Input[]>; /** * Specifies the platform version for the task. Specify only the numeric portion of the platform version, such as `1.1.0`. */ platformVersion?: pulumi.Input; /** * Specifies whether to propagate the tags from the task definition to the task. One of: `TASK_DEFINITION`. */ propagateTags?: pulumi.Input; /** * Reference ID to use for the task. */ referenceId?: pulumi.Input; /** * The metadata that you apply to the task. Each tag consists of a key and an optional value. For more information, see [`RunTask`](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_RunTask.html) in the Amazon ECS API Reference. */ tags?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * The number of tasks to create. Ranges from `1` (default) to `10`. */ taskCount?: pulumi.Input; /** * ARN of the task definition to use. * * The following arguments are optional: */ taskDefinitionArn: pulumi.Input; } export interface ScheduleTargetEcsParametersCapacityProviderStrategy { /** * How many tasks, at a minimum, to run on the specified capacity provider. Only one capacity provider in a capacity provider strategy can have a base defined. Ranges from `0` (default) to `100000`. */ base?: pulumi.Input; /** * Short name of the capacity provider. */ capacityProvider: pulumi.Input; /** * Designates the relative percentage of the total number of tasks launched that should use the specified capacity provider. The weight value is taken into consideration after the base value, if defined, is satisfied. Ranges from from `0` to `1000`. */ weight?: pulumi.Input; } export interface ScheduleTargetEcsParametersNetworkConfiguration { /** * Specifies whether the task's elastic network interface receives a public IP address. This attribute is a boolean type, where `true` maps to `ENABLED` and `false` to `DISABLED`. You can specify `true` only when the `launchType` is set to `FARGATE`. */ assignPublicIp?: pulumi.Input; /** * Set of 1 to 5 Security Group ID-s to be associated with the task. These security groups must all be in the same VPC. */ securityGroups?: pulumi.Input[]>; /** * Set of 1 to 16 subnets to be associated with the task. These subnets must all be in the same VPC. */ subnets: pulumi.Input[]>; } export interface ScheduleTargetEcsParametersPlacementConstraint { /** * A cluster query language expression to apply to the constraint. You cannot specify an expression if the constraint type is `distinctInstance`. For more information, see [Cluster query language](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/cluster-query-language.html) in the Amazon ECS Developer Guide. */ expression?: pulumi.Input; /** * The type of constraint. One of: `distinctInstance`, `memberOf`. */ type: pulumi.Input; } export interface ScheduleTargetEcsParametersPlacementStrategy { /** * The field to apply the placement strategy against. */ field?: pulumi.Input; /** * The type of placement strategy. One of: `random`, `spread`, `binpack`. */ type: pulumi.Input; } export interface ScheduleTargetEventbridgeParameters { /** * Free-form string used to decide what fields to expect in the event detail. Up to 128 characters. */ detailType: pulumi.Input; /** * Source of the event. */ source: pulumi.Input; } export interface ScheduleTargetKinesisParameters { /** * Specifies the shard to which EventBridge Scheduler sends the event. Up to 256 characters. */ partitionKey: pulumi.Input; } export interface ScheduleTargetRetryPolicy { /** * Maximum amount of time, in seconds, to continue to make retry attempts. Ranges from `60` to `86400` (default). */ maximumEventAgeInSeconds?: pulumi.Input; /** * Maximum number of retry attempts to make before the request fails. Ranges from `0` to `185` (default). */ maximumRetryAttempts?: pulumi.Input; } export interface ScheduleTargetSagemakerPipelineParameters { /** * Set of up to 200 parameter names and values to use when executing the SageMaker AI Model Building Pipeline. Detailed below. */ pipelineParameters?: pulumi.Input[]>; } export interface ScheduleTargetSagemakerPipelineParametersPipelineParameter { /** * Name of parameter to start execution of a SageMaker AI Model Building Pipeline. */ name: pulumi.Input; /** * Value of parameter to start execution of a SageMaker AI Model Building Pipeline. */ value: pulumi.Input; } export interface ScheduleTargetSqsParameters { /** * FIFO message group ID to use as the target. */ messageGroupId?: pulumi.Input; } } export namespace secretsmanager { export interface GetSecretsFilter { /** * Name of the filter field. Valid values can be found in the [Secrets Manager ListSecrets API Reference](https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_ListSecrets.html). */ name: string; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: string[]; } export interface GetSecretsFilterArgs { /** * Name of the filter field. Valid values can be found in the [Secrets Manager ListSecrets API Reference](https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_ListSecrets.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: pulumi.Input[]>; } export interface SecretReplica { /** * ARN, Key ID, or Alias of the AWS KMS key within the region secret is replicated to. If one is not specified, then Secrets Manager defaults to using the AWS account's default KMS key (`aws/secretsmanager`) in the region or creates one for use if non-existent. */ kmsKeyId?: pulumi.Input; /** * Date that you last accessed the secret in the Region. */ lastAccessedDate?: pulumi.Input; /** * Region for replicating the secret. */ region: pulumi.Input; /** * Status can be `InProgress`, `Failed`, or `InSync`. */ status?: pulumi.Input; /** * Message such as `Replication succeeded` or `Secret with this name already exists in this region`. */ statusMessage?: pulumi.Input; } export interface SecretRotationRotationRules { /** * Specifies the number of days between automatic scheduled rotations of the secret. Either `automaticallyAfterDays` or `scheduleExpression` must be specified. */ automaticallyAfterDays?: pulumi.Input; /** * The length of the rotation window in hours. For example, `3h` for a three hour window. */ duration?: pulumi.Input; /** * A `cron()` or `rate()` expression that defines the schedule for rotating your secret. Either `automaticallyAfterDays` or `scheduleExpression` must be specified. */ scheduleExpression?: pulumi.Input; } } export namespace securityhub { export interface AutomationRuleAction { /** * A block that specifies that the automation rule action is an update to a finding field. Documented below. */ findingFieldsUpdate?: pulumi.Input; /** * Specifies that the rule action should update the `Types` finding field. The `Types` finding field classifies findings in the format of namespace/category/classifier. */ type?: pulumi.Input; } export interface AutomationRuleActionFindingFieldsUpdate { /** * The rule action updates the `Confidence` field of a finding. */ confidence?: pulumi.Input; /** * The rule action updates the `Criticality` field of a finding. */ criticality?: pulumi.Input; /** * A resource block that updates the note. Documented below. */ note?: pulumi.Input; /** * A resource block that the rule action updates the `RelatedFindings` field of a finding. Documented below. */ relatedFindings?: pulumi.Input[]>; /** * A resource block that updates to the severity information for a finding. Documented below. */ severity?: pulumi.Input; /** * The rule action updates the `Types` field of a finding. */ types?: pulumi.Input[]>; /** * The rule action updates the `UserDefinedFields` field of a finding. */ userDefinedFields?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * The rule action updates the `VerificationState` field of a finding. The allowed values are the following `UNKNOWN`, `TRUE_POSITIVE`, `FALSE_POSITIVE` and `BENIGN_POSITIVE`. */ verificationState?: pulumi.Input; /** * A resource block that is used to update information about the investigation into the finding. Documented below. */ workflow?: pulumi.Input; } export interface AutomationRuleActionFindingFieldsUpdateNote { /** * The updated note text. */ text: pulumi.Input; /** * The principal that updated the note. */ updatedBy: pulumi.Input; } export interface AutomationRuleActionFindingFieldsUpdateRelatedFinding { /** * The product-generated identifier for a related finding. */ id: pulumi.Input; /** * The ARN of the product that generated a related finding. */ productArn: pulumi.Input; } export interface AutomationRuleActionFindingFieldsUpdateSeverity { /** * The severity value of the finding. The allowed values are the following `INFORMATIONAL`, `LOW`, `MEDIUM`, `HIGH` and `CRITICAL`. */ label?: pulumi.Input; /** * The native severity as defined by the AWS service or integrated partner product that generated the finding. */ product?: pulumi.Input; } export interface AutomationRuleActionFindingFieldsUpdateWorkflow { /** * The status of the investigation into the finding. The allowed values are the following `NEW`, `NOTIFIED`, `RESOLVED` and `SUPPRESSED`. */ status?: pulumi.Input; } export interface AutomationRuleCriteria { /** * The AWS account ID in which a finding was generated. Documented below. */ awsAccountIds?: pulumi.Input[]>; /** * The name of the AWS account in which a finding was generated. Documented below. */ awsAccountNames?: pulumi.Input[]>; /** * The name of the company for the product that generated the finding. For control-based findings, the company is AWS. Documented below. */ companyNames?: pulumi.Input[]>; /** * The unique identifier of a standard in which a control is enabled. Documented below. */ complianceAssociatedStandardsIds?: pulumi.Input[]>; /** * The security control ID for which a finding was generated. Security control IDs are the same across standards. Documented below. */ complianceSecurityControlIds?: pulumi.Input[]>; /** * The result of a security check. This field is only used for findings generated from controls. Documented below. */ complianceStatuses?: pulumi.Input[]>; /** * The likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. `Confidence` is scored on a 0–100 basis using a ratio scale. A value of `0` means 0 percent confidence, and a value of `100` means 100 percent confidence. Documented below. */ confidences?: pulumi.Input[]>; /** * A timestamp that indicates when this finding record was created. Documented below. */ createdAts?: pulumi.Input[]>; /** * The level of importance that is assigned to the resources that are associated with a finding. Documented below. */ criticalities?: pulumi.Input[]>; /** * A finding's description. Documented below. */ descriptions?: pulumi.Input[]>; /** * A timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings product. Documented below. */ firstObservedAts?: pulumi.Input[]>; /** * The identifier for the solution-specific component that generated a finding. Documented below. */ generatorIds?: pulumi.Input[]>; /** * The product-specific identifier for a finding. Documented below. */ ids?: pulumi.Input[]>; /** * A timestamp that indicates when the potential security issue captured by a finding was most recently observed by the security findings product. Documented below. */ lastObservedAts?: pulumi.Input[]>; /** * The text of a user-defined note that's added to a finding. Documented below. */ noteTexts?: pulumi.Input[]>; /** * The timestamp of when the note was updated. Documented below. */ noteUpdatedAts?: pulumi.Input[]>; /** * The principal that created a note. Documented below. */ noteUpdatedBies?: pulumi.Input[]>; /** * The Amazon Resource Name (ARN) for a third-party product that generated a finding in Security Hub. Documented below. */ productArns?: pulumi.Input[]>; /** * Provides the name of the product that generated the finding. For control-based findings, the product name is Security Hub. Documented below. */ productNames?: pulumi.Input[]>; /** * Provides the current state of a finding. Documented below. */ recordStates?: pulumi.Input[]>; /** * The product-generated identifier for a related finding. Documented below. */ relatedFindingsIds?: pulumi.Input[]>; /** * The ARN for the product that generated a related finding. Documented below. */ relatedFindingsProductArns?: pulumi.Input[]>; /** * The Amazon Resource Name (ARN) of the application that is related to a finding. Documented below. */ resourceApplicationArns?: pulumi.Input[]>; /** * The name of the application that is related to a finding. Documented below. */ resourceApplicationNames?: pulumi.Input[]>; /** * Custom fields and values about the resource that a finding pertains to. Documented below. */ resourceDetailsOthers?: pulumi.Input[]>; /** * The identifier for the given resource type. For AWS resources that are identified by Amazon Resource Names (ARNs), this is the ARN. For AWS resources that lack ARNs, this is the identifier as defined by the AWS service that created the resource. For non-AWS resources, this is a unique identifier that is associated with the resource. Documented below. */ resourceIds?: pulumi.Input[]>; /** * The partition in which the resource that the finding pertains to is located. A partition is a group of AWS Regions. Each AWS account is scoped to one partition. Documented below. */ resourcePartitions?: pulumi.Input[]>; /** * The AWS Region where the resource that a finding pertains to is located. Documented below. */ resourceRegions?: pulumi.Input[]>; /** * A list of AWS tags associated with a resource at the time the finding was processed. Documented below. */ resourceTags?: pulumi.Input[]>; /** * The type of resource that the finding pertains to. Documented below. */ resourceTypes?: pulumi.Input[]>; /** * The severity value of the finding. Documented below. */ severityLabels?: pulumi.Input[]>; /** * Provides a URL that links to a page about the current finding in the finding product. Documented below. */ sourceUrls?: pulumi.Input[]>; /** * A finding's title. Documented below. */ titles?: pulumi.Input[]>; /** * One or more finding types in the format of namespace/category/classifier that classify a finding. Documented below. */ types?: pulumi.Input[]>; /** * A timestamp that indicates when the finding record was most recently updated. Documented below. */ updatedAts?: pulumi.Input[]>; /** * A list of user-defined name and value string pairs added to a finding. Documented below. */ userDefinedFields?: pulumi.Input[]>; /** * Provides the veracity of a finding. Documented below. */ verificationStates?: pulumi.Input[]>; /** * Provides information about the status of the investigation into a finding. Documented below. */ workflowStatuses?: pulumi.Input[]>; } export interface AutomationRuleCriteriaAwsAccountId { comparison: pulumi.Input; value: pulumi.Input; } export interface AutomationRuleCriteriaAwsAccountName { comparison: pulumi.Input; value: pulumi.Input; } export interface AutomationRuleCriteriaCompanyName { comparison: pulumi.Input; value: pulumi.Input; } export interface AutomationRuleCriteriaComplianceAssociatedStandardsId { comparison: pulumi.Input; value: pulumi.Input; } export interface AutomationRuleCriteriaComplianceSecurityControlId { comparison: pulumi.Input; value: pulumi.Input; } export interface AutomationRuleCriteriaComplianceStatus { comparison: pulumi.Input; value: pulumi.Input; } export interface AutomationRuleCriteriaConfidence { /** * The equal-to condition to be applied to a single field when querying for findings, provided as a String. */ eq?: pulumi.Input; gt?: pulumi.Input; /** * The greater-than-equal condition to be applied to a single field when querying for findings, provided as a String. */ gte?: pulumi.Input; lt?: pulumi.Input; /** * The less-than-equal condition to be applied to a single field when querying for findings, provided as a String. */ lte?: pulumi.Input; } export interface AutomationRuleCriteriaCreatedAt { /** * A configuration block of the date range for the date filter. See dateRange below for more details. */ dateRange?: pulumi.Input; /** * An end date for the date filter. Required with `start` if `dateRange` is not specified. */ end?: pulumi.Input; /** * A start date for the date filter. Required with `end` if `dateRange` is not specified. */ start?: pulumi.Input; } export interface AutomationRuleCriteriaCreatedAtDateRange { /** * A date range unit for the date filter. Valid values: `DAYS`. */ unit: pulumi.Input; /** * A date range value for the date filter, provided as an Integer. */ value: pulumi.Input; } export interface AutomationRuleCriteriaCriticality { /** * The equal-to condition to be applied to a single field when querying for findings, provided as a String. */ eq?: pulumi.Input; gt?: pulumi.Input; /** * The greater-than-equal condition to be applied to a single field when querying for findings, provided as a String. */ gte?: pulumi.Input; lt?: pulumi.Input; /** * The less-than-equal condition to be applied to a single field when querying for findings, provided as a String. */ lte?: pulumi.Input; } export interface AutomationRuleCriteriaDescription { comparison: pulumi.Input; value: pulumi.Input; } export interface AutomationRuleCriteriaFirstObservedAt { /** * A configuration block of the date range for the date filter. See dateRange below for more details. */ dateRange?: pulumi.Input; /** * An end date for the date filter. Required with `start` if `dateRange` is not specified. */ end?: pulumi.Input; /** * A start date for the date filter. Required with `end` if `dateRange` is not specified. */ start?: pulumi.Input; } export interface AutomationRuleCriteriaFirstObservedAtDateRange { /** * A date range unit for the date filter. Valid values: `DAYS`. */ unit: pulumi.Input; /** * A date range value for the date filter, provided as an Integer. */ value: pulumi.Input; } export interface AutomationRuleCriteriaGeneratorId { comparison: pulumi.Input; value: pulumi.Input; } export interface AutomationRuleCriteriaId { comparison: pulumi.Input; value: pulumi.Input; } export interface AutomationRuleCriteriaLastObservedAt { /** * A configuration block of the date range for the date filter. See dateRange below for more details. */ dateRange?: pulumi.Input; /** * An end date for the date filter. Required with `start` if `dateRange` is not specified. */ end?: pulumi.Input; /** * A start date for the date filter. Required with `end` if `dateRange` is not specified. */ start?: pulumi.Input; } export interface AutomationRuleCriteriaLastObservedAtDateRange { /** * A date range unit for the date filter. Valid values: `DAYS`. */ unit: pulumi.Input; /** * A date range value for the date filter, provided as an Integer. */ value: pulumi.Input; } export interface AutomationRuleCriteriaNoteText { comparison: pulumi.Input; value: pulumi.Input; } export interface AutomationRuleCriteriaNoteUpdatedAt { /** * A configuration block of the date range for the date filter. See dateRange below for more details. */ dateRange?: pulumi.Input; /** * An end date for the date filter. Required with `start` if `dateRange` is not specified. */ end?: pulumi.Input; /** * A start date for the date filter. Required with `end` if `dateRange` is not specified. */ start?: pulumi.Input; } export interface AutomationRuleCriteriaNoteUpdatedAtDateRange { /** * A date range unit for the date filter. Valid values: `DAYS`. */ unit: pulumi.Input; /** * A date range value for the date filter, provided as an Integer. */ value: pulumi.Input; } export interface AutomationRuleCriteriaNoteUpdatedBy { comparison: pulumi.Input; value: pulumi.Input; } export interface AutomationRuleCriteriaProductArn { comparison: pulumi.Input; value: pulumi.Input; } export interface AutomationRuleCriteriaProductName { comparison: pulumi.Input; value: pulumi.Input; } export interface AutomationRuleCriteriaRecordState { comparison: pulumi.Input; value: pulumi.Input; } export interface AutomationRuleCriteriaRelatedFindingsId { comparison: pulumi.Input; value: pulumi.Input; } export interface AutomationRuleCriteriaRelatedFindingsProductArn { comparison: pulumi.Input; value: pulumi.Input; } export interface AutomationRuleCriteriaResourceApplicationArn { comparison: pulumi.Input; value: pulumi.Input; } export interface AutomationRuleCriteriaResourceApplicationName { comparison: pulumi.Input; value: pulumi.Input; } export interface AutomationRuleCriteriaResourceDetailsOther { comparison: pulumi.Input; /** * The key of the map filter. */ key: pulumi.Input; value: pulumi.Input; } export interface AutomationRuleCriteriaResourceId { comparison: pulumi.Input; value: pulumi.Input; } export interface AutomationRuleCriteriaResourcePartition { comparison: pulumi.Input; value: pulumi.Input; } export interface AutomationRuleCriteriaResourceRegion { comparison: pulumi.Input; value: pulumi.Input; } export interface AutomationRuleCriteriaResourceTag { comparison: pulumi.Input; /** * The key of the map filter. */ key: pulumi.Input; value: pulumi.Input; } export interface AutomationRuleCriteriaResourceType { comparison: pulumi.Input; value: pulumi.Input; } export interface AutomationRuleCriteriaSeverityLabel { comparison: pulumi.Input; value: pulumi.Input; } export interface AutomationRuleCriteriaSourceUrl { comparison: pulumi.Input; value: pulumi.Input; } export interface AutomationRuleCriteriaTitle { comparison: pulumi.Input; value: pulumi.Input; } export interface AutomationRuleCriteriaType { comparison: pulumi.Input; value: pulumi.Input; } export interface AutomationRuleCriteriaUpdatedAt { /** * A configuration block of the date range for the date filter. See dateRange below for more details. */ dateRange?: pulumi.Input; /** * An end date for the date filter. Required with `start` if `dateRange` is not specified. */ end?: pulumi.Input; /** * A start date for the date filter. Required with `end` if `dateRange` is not specified. */ start?: pulumi.Input; } export interface AutomationRuleCriteriaUpdatedAtDateRange { /** * A date range unit for the date filter. Valid values: `DAYS`. */ unit: pulumi.Input; /** * A date range value for the date filter, provided as an Integer. */ value: pulumi.Input; } export interface AutomationRuleCriteriaUserDefinedField { comparison: pulumi.Input; /** * The key of the map filter. */ key: pulumi.Input; value: pulumi.Input; } export interface AutomationRuleCriteriaVerificationState { comparison: pulumi.Input; value: pulumi.Input; } export interface AutomationRuleCriteriaWorkflowStatus { comparison: pulumi.Input; value: pulumi.Input; } export interface ConfigurationPolicyConfigurationPolicy { /** * A list that defines which security standards are enabled in the configuration policy. It must be defined if `serviceEnabled` is set to true. */ enabledStandardArns?: pulumi.Input[]>; /** * Defines which security controls are enabled in the configuration policy and any customizations to parameters affecting them. See below. */ securityControlsConfiguration?: pulumi.Input; /** * Indicates whether Security Hub is enabled in the policy. */ serviceEnabled: pulumi.Input; } export interface ConfigurationPolicyConfigurationPolicySecurityControlsConfiguration { /** * A list of security controls that are disabled in the configuration policy Security Hub enables all other controls (including newly released controls) other than the listed controls. Conflicts with `enabledControlIdentifiers`. */ disabledControlIdentifiers?: pulumi.Input[]>; /** * A list of security controls that are enabled in the configuration policy. Security Hub disables all other controls (including newly released controls) other than the listed controls. Conflicts with `disabledControlIdentifiers`. */ enabledControlIdentifiers?: pulumi.Input[]>; /** * A list of control parameter customizations that are included in a configuration policy. Include multiple blocks to define multiple control custom parameters. See below. */ securityControlCustomParameters?: pulumi.Input[]>; } export interface ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameter { /** * An object that specifies parameter values for a control in a configuration policy. See below. */ parameters: pulumi.Input[]>; /** * The ID of the security control. For more information see the [Security Hub controls reference] documentation. */ securityControlId: pulumi.Input; } export interface ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameter { /** * The bool `value` for a Boolean-typed Security Hub Control Parameter. */ bool?: pulumi.Input; /** * The float `value` for a Double-typed Security Hub Control Parameter. */ double?: pulumi.Input; /** * The string `value` for a Enum-typed Security Hub Control Parameter. */ enum?: pulumi.Input; /** * The string list `value` for a EnumList-typed Security Hub Control Parameter. */ enumList?: pulumi.Input; /** * The int `value` for a Int-typed Security Hub Control Parameter. */ int?: pulumi.Input; /** * The int list `value` for a IntList-typed Security Hub Control Parameter. */ intList?: pulumi.Input; /** * The name of the control parameter. For more information see the [Security Hub controls reference] documentation. */ name: pulumi.Input; /** * The string `value` for a String-typed Security Hub Control Parameter. */ string?: pulumi.Input; /** * The string list `value` for a StringList-typed Security Hub Control Parameter. */ stringList?: pulumi.Input; /** * Identifies whether a control parameter uses a custom user-defined value or subscribes to the default Security Hub behavior. Valid values: `DEFAULT`, `CUSTOM`. */ valueType: pulumi.Input; } export interface ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterBool { value: pulumi.Input; } export interface ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterDouble { value: pulumi.Input; } export interface ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterEnum { value: pulumi.Input; } export interface ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterEnumList { values: pulumi.Input[]>; } export interface ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterInt { value: pulumi.Input; } export interface ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterIntList { values: pulumi.Input[]>; } export interface ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterString { value: pulumi.Input; } export interface ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterStringList { values: pulumi.Input[]>; } export interface InsightFilters { /** * AWS account ID that a finding is generated in. See String_Filter below for more details. */ awsAccountIds?: pulumi.Input[]>; /** * The name of the findings provider (company) that owns the solution (product) that generates findings. See String_Filter below for more details. */ companyNames?: pulumi.Input[]>; /** * Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard, such as CIS AWS Foundations. Contains security standard-related finding details. See String Filter below for more details. */ complianceStatuses?: pulumi.Input[]>; /** * A finding's confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence. See Number Filter below for more details. */ confidences?: pulumi.Input[]>; /** * An ISO8601-formatted timestamp that indicates when the security-findings provider captured the potential security issue that a finding captured. See Date Filter below for more details. */ createdAts?: pulumi.Input[]>; /** * The level of importance assigned to the resources associated with the finding. A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources. See Number Filter below for more details. */ criticalities?: pulumi.Input[]>; /** * A finding's description. See String Filter below for more details. */ descriptions?: pulumi.Input[]>; /** * The finding provider value for the finding confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence. See Number Filter below for more details. */ findingProviderFieldsConfidences?: pulumi.Input[]>; /** * The finding provider value for the level of importance assigned to the resources associated with the findings. A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources. See Number Filter below for more details. */ findingProviderFieldsCriticalities?: pulumi.Input[]>; /** * The finding identifier of a related finding that is identified by the finding provider. See String Filter below for more details. */ findingProviderFieldsRelatedFindingsIds?: pulumi.Input[]>; /** * The ARN of the solution that generated a related finding that is identified by the finding provider. See String Filter below for more details. */ findingProviderFieldsRelatedFindingsProductArns?: pulumi.Input[]>; /** * The finding provider value for the severity label. See String Filter below for more details. */ findingProviderFieldsSeverityLabels?: pulumi.Input[]>; /** * The finding provider's original value for the severity. See String Filter below for more details. */ findingProviderFieldsSeverityOriginals?: pulumi.Input[]>; /** * One or more finding types that the finding provider assigned to the finding. Uses the format of `namespace/category/classifier` that classify a finding. Valid namespace values include: `Software and Configuration Checks`, `TTPs`, `Effects`, `Unusual Behaviors`, and `Sensitive Data Identifications`. See String Filter below for more details. */ findingProviderFieldsTypes?: pulumi.Input[]>; /** * An ISO8601-formatted timestamp that indicates when the security-findings provider first observed the potential security issue that a finding captured. See Date Filter below for more details. */ firstObservedAts?: pulumi.Input[]>; /** * The identifier for the solution-specific component (a discrete unit of logic) that generated a finding. See String Filter below for more details. */ generatorIds?: pulumi.Input[]>; /** * The security findings provider-specific identifier for a finding. See String Filter below for more details. */ ids?: pulumi.Input[]>; /** * A keyword for a finding. See Keyword Filter below for more details. */ keywords?: pulumi.Input[]>; /** * An ISO8601-formatted timestamp that indicates when the security-findings provider most recently observed the potential security issue that a finding captured. See Date Filter below for more details. */ lastObservedAts?: pulumi.Input[]>; /** * The name of the malware that was observed. See String Filter below for more details. */ malwareNames?: pulumi.Input[]>; /** * The filesystem path of the malware that was observed. See String Filter below for more details. */ malwarePaths?: pulumi.Input[]>; /** * The state of the malware that was observed. See String Filter below for more details. */ malwareStates?: pulumi.Input[]>; /** * The type of the malware that was observed. See String Filter below for more details. */ malwareTypes?: pulumi.Input[]>; /** * The destination domain of network-related information about a finding. See String Filter below for more details. */ networkDestinationDomains?: pulumi.Input[]>; /** * The destination IPv4 address of network-related information about a finding. See Ip Filter below for more details. */ networkDestinationIpv4s?: pulumi.Input[]>; /** * The destination IPv6 address of network-related information about a finding. See Ip Filter below for more details. */ networkDestinationIpv6s?: pulumi.Input[]>; /** * The destination port of network-related information about a finding. See Number Filter below for more details. */ networkDestinationPorts?: pulumi.Input[]>; /** * Indicates the direction of network traffic associated with a finding. See String Filter below for more details. */ networkDirections?: pulumi.Input[]>; /** * The protocol of network-related information about a finding. See String Filter below for more details. */ networkProtocols?: pulumi.Input[]>; /** * The source domain of network-related information about a finding. See String Filter below for more details. */ networkSourceDomains?: pulumi.Input[]>; /** * The source IPv4 address of network-related information about a finding. See Ip Filter below for more details. */ networkSourceIpv4s?: pulumi.Input[]>; /** * The source IPv6 address of network-related information about a finding. See Ip Filter below for more details. */ networkSourceIpv6s?: pulumi.Input[]>; /** * The source media access control (MAC) address of network-related information about a finding. See String Filter below for more details. */ networkSourceMacs?: pulumi.Input[]>; /** * The source port of network-related information about a finding. See Number Filter below for more details. */ networkSourcePorts?: pulumi.Input[]>; /** * The text of a note. See String Filter below for more details. */ noteTexts?: pulumi.Input[]>; /** * The timestamp of when the note was updated. See Date Filter below for more details. */ noteUpdatedAts?: pulumi.Input[]>; /** * The principal that created a note. See String Filter below for more details. */ noteUpdatedBies?: pulumi.Input[]>; /** * The date/time that the process was launched. See Date Filter below for more details. */ processLaunchedAts?: pulumi.Input[]>; /** * The name of the process. See String Filter below for more details. */ processNames?: pulumi.Input[]>; /** * The parent process ID. See Number Filter below for more details. */ processParentPids?: pulumi.Input[]>; /** * The path to the process executable. See String Filter below for more details. */ processPaths?: pulumi.Input[]>; /** * The process ID. See Number Filter below for more details. */ processPids?: pulumi.Input[]>; /** * The date/time that the process was terminated. See Date Filter below for more details. */ processTerminatedAts?: pulumi.Input[]>; /** * The ARN generated by Security Hub that uniquely identifies a third-party company (security findings provider) after this provider's product (solution that generates findings) is registered with Security Hub. See String Filter below for more details. */ productArns?: pulumi.Input[]>; /** * A data type where security-findings providers can include additional solution-specific details that aren't part of the defined `AwsSecurityFinding` format. See Map Filter below for more details. */ productFields?: pulumi.Input[]>; /** * The name of the solution (product) that generates findings. See String Filter below for more details. */ productNames?: pulumi.Input[]>; /** * The recommendation of what to do about the issue described in a finding. See String Filter below for more details. */ recommendationTexts?: pulumi.Input[]>; /** * The updated record state for the finding. See String Filter below for more details. */ recordStates?: pulumi.Input[]>; /** * The solution-generated identifier for a related finding. See String Filter below for more details. */ relatedFindingsIds?: pulumi.Input[]>; /** * The ARN of the solution that generated a related finding. See String Filter below for more details. */ relatedFindingsProductArns?: pulumi.Input[]>; /** * The IAM profile ARN of the instance. See String Filter below for more details. */ resourceAwsEc2InstanceIamInstanceProfileArns?: pulumi.Input[]>; /** * The Amazon Machine Image (AMI) ID of the instance. See String Filter below for more details. */ resourceAwsEc2InstanceImageIds?: pulumi.Input[]>; /** * The IPv4 addresses associated with the instance. See Ip Filter below for more details. */ resourceAwsEc2InstanceIpv4Addresses?: pulumi.Input[]>; /** * The IPv6 addresses associated with the instance. See Ip Filter below for more details. */ resourceAwsEc2InstanceIpv6Addresses?: pulumi.Input[]>; /** * The key name associated with the instance. See String Filter below for more details. */ resourceAwsEc2InstanceKeyNames?: pulumi.Input[]>; /** * The date and time the instance was launched. See Date Filter below for more details. */ resourceAwsEc2InstanceLaunchedAts?: pulumi.Input[]>; /** * The identifier of the subnet that the instance was launched in. See String Filter below for more details. */ resourceAwsEc2InstanceSubnetIds?: pulumi.Input[]>; /** * The instance type of the instance. See String Filter below for more details. */ resourceAwsEc2InstanceTypes?: pulumi.Input[]>; /** * The identifier of the VPC that the instance was launched in. See String Filter below for more details. */ resourceAwsEc2InstanceVpcIds?: pulumi.Input[]>; /** * The creation date/time of the IAM access key related to a finding. See Date Filter below for more details. */ resourceAwsIamAccessKeyCreatedAts?: pulumi.Input[]>; /** * The status of the IAM access key related to a finding. See String Filter below for more details. */ resourceAwsIamAccessKeyStatuses?: pulumi.Input[]>; /** * The user associated with the IAM access key related to a finding. See String Filter below for more details. */ resourceAwsIamAccessKeyUserNames?: pulumi.Input[]>; /** * The canonical user ID of the owner of the S3 bucket. See String Filter below for more details. */ resourceAwsS3BucketOwnerIds?: pulumi.Input[]>; /** * The display name of the owner of the S3 bucket. See String Filter below for more details. */ resourceAwsS3BucketOwnerNames?: pulumi.Input[]>; /** * The identifier of the image related to a finding. See String Filter below for more details. */ resourceContainerImageIds?: pulumi.Input[]>; /** * The name of the image related to a finding. See String Filter below for more details. */ resourceContainerImageNames?: pulumi.Input[]>; /** * The date/time that the container was started. See Date Filter below for more details. */ resourceContainerLaunchedAts?: pulumi.Input[]>; /** * The name of the container related to a finding. See String Filter below for more details. */ resourceContainerNames?: pulumi.Input[]>; /** * The details of a resource that doesn't have a specific subfield for the resource type defined. See Map Filter below for more details. */ resourceDetailsOthers?: pulumi.Input[]>; /** * The canonical identifier for the given resource type. See String Filter below for more details. */ resourceIds?: pulumi.Input[]>; /** * The canonical AWS partition name that the Region is assigned to. See String Filter below for more details. */ resourcePartitions?: pulumi.Input[]>; /** * The canonical AWS external Region name where this resource is located. See String Filter below for more details. */ resourceRegions?: pulumi.Input[]>; /** * A list of AWS tags associated with a resource at the time the finding was processed. See Map Filter below for more details. */ resourceTags?: pulumi.Input[]>; /** * Specifies the type of the resource that details are provided for. See String Filter below for more details. */ resourceTypes?: pulumi.Input[]>; /** * The label of a finding's severity. See String Filter below for more details. */ severityLabels?: pulumi.Input[]>; /** * A URL that links to a page about the current finding in the security-findings provider's solution. See String Filter below for more details. */ sourceUrls?: pulumi.Input[]>; /** * The category of a threat intelligence indicator. See String Filter below for more details. */ threatIntelIndicatorCategories?: pulumi.Input[]>; /** * The date/time of the last observation of a threat intelligence indicator. See Date Filter below for more details. */ threatIntelIndicatorLastObservedAts?: pulumi.Input[]>; /** * The URL for more details from the source of the threat intelligence. See String Filter below for more details. */ threatIntelIndicatorSourceUrls?: pulumi.Input[]>; /** * The source of the threat intelligence. See String Filter below for more details. */ threatIntelIndicatorSources?: pulumi.Input[]>; /** * The type of a threat intelligence indicator. See String Filter below for more details. */ threatIntelIndicatorTypes?: pulumi.Input[]>; /** * The value of a threat intelligence indicator. See String Filter below for more details. */ threatIntelIndicatorValues?: pulumi.Input[]>; /** * A finding's title. See String Filter below for more details. */ titles?: pulumi.Input[]>; /** * A finding type in the format of `namespace/category/classifier` that classifies a finding. See String Filter below for more details. */ types?: pulumi.Input[]>; /** * An ISO8601-formatted timestamp that indicates when the security-findings provider last updated the finding record. See Date Filter below for more details. */ updatedAts?: pulumi.Input[]>; /** * A list of name/value string pairs associated with the finding. These are custom, user-defined fields added to a finding. See Map Filter below for more details. */ userDefinedValues?: pulumi.Input[]>; /** * The veracity of a finding. See String Filter below for more details. */ verificationStates?: pulumi.Input[]>; /** * The status of the investigation into a finding. See Workflow Status Filter below for more details. */ workflowStatuses?: pulumi.Input[]>; } export interface InsightFiltersAwsAccountId { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersCompanyName { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersComplianceStatus { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersConfidence { /** * The equal-to condition to be applied to a single field when querying for findings, provided as a String. */ eq?: pulumi.Input; /** * The greater-than-equal condition to be applied to a single field when querying for findings, provided as a String. */ gte?: pulumi.Input; /** * The less-than-equal condition to be applied to a single field when querying for findings, provided as a String. */ lte?: pulumi.Input; } export interface InsightFiltersCreatedAt { /** * A configuration block of the date range for the date filter. See dateRange below for more details. */ dateRange?: pulumi.Input; /** * An end date for the date filter. Required with `start` if `dateRange` is not specified. */ end?: pulumi.Input; /** * A start date for the date filter. Required with `end` if `dateRange` is not specified. */ start?: pulumi.Input; } export interface InsightFiltersCreatedAtDateRange { /** * A date range unit for the date filter. Valid values: `DAYS`. */ unit: pulumi.Input; /** * A date range value for the date filter, provided as an Integer. */ value: pulumi.Input; } export interface InsightFiltersCriticality { /** * The equal-to condition to be applied to a single field when querying for findings, provided as a String. */ eq?: pulumi.Input; /** * The greater-than-equal condition to be applied to a single field when querying for findings, provided as a String. */ gte?: pulumi.Input; /** * The less-than-equal condition to be applied to a single field when querying for findings, provided as a String. */ lte?: pulumi.Input; } export interface InsightFiltersDescription { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersFindingProviderFieldsConfidence { /** * The equal-to condition to be applied to a single field when querying for findings, provided as a String. */ eq?: pulumi.Input; /** * The greater-than-equal condition to be applied to a single field when querying for findings, provided as a String. */ gte?: pulumi.Input; /** * The less-than-equal condition to be applied to a single field when querying for findings, provided as a String. */ lte?: pulumi.Input; } export interface InsightFiltersFindingProviderFieldsCriticality { /** * The equal-to condition to be applied to a single field when querying for findings, provided as a String. */ eq?: pulumi.Input; /** * The greater-than-equal condition to be applied to a single field when querying for findings, provided as a String. */ gte?: pulumi.Input; /** * The less-than-equal condition to be applied to a single field when querying for findings, provided as a String. */ lte?: pulumi.Input; } export interface InsightFiltersFindingProviderFieldsRelatedFindingsId { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersFindingProviderFieldsRelatedFindingsProductArn { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersFindingProviderFieldsSeverityLabel { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersFindingProviderFieldsSeverityOriginal { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersFindingProviderFieldsType { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersFirstObservedAt { /** * A configuration block of the date range for the date filter. See dateRange below for more details. */ dateRange?: pulumi.Input; /** * An end date for the date filter. Required with `start` if `dateRange` is not specified. */ end?: pulumi.Input; /** * A start date for the date filter. Required with `end` if `dateRange` is not specified. */ start?: pulumi.Input; } export interface InsightFiltersFirstObservedAtDateRange { /** * A date range unit for the date filter. Valid values: `DAYS`. */ unit: pulumi.Input; /** * A date range value for the date filter, provided as an Integer. */ value: pulumi.Input; } export interface InsightFiltersGeneratorId { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersId { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersKeyword { /** * A value for the keyword. */ value: pulumi.Input; } export interface InsightFiltersLastObservedAt { /** * A configuration block of the date range for the date filter. See dateRange below for more details. */ dateRange?: pulumi.Input; /** * An end date for the date filter. Required with `start` if `dateRange` is not specified. */ end?: pulumi.Input; /** * A start date for the date filter. Required with `end` if `dateRange` is not specified. */ start?: pulumi.Input; } export interface InsightFiltersLastObservedAtDateRange { /** * A date range unit for the date filter. Valid values: `DAYS`. */ unit: pulumi.Input; /** * A date range value for the date filter, provided as an Integer. */ value: pulumi.Input; } export interface InsightFiltersMalwareName { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersMalwarePath { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersMalwareState { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersMalwareType { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersNetworkDestinationDomain { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersNetworkDestinationIpv4 { /** * A finding's CIDR value. */ cidr: pulumi.Input; } export interface InsightFiltersNetworkDestinationIpv6 { /** * A finding's CIDR value. */ cidr: pulumi.Input; } export interface InsightFiltersNetworkDestinationPort { /** * The equal-to condition to be applied to a single field when querying for findings, provided as a String. */ eq?: pulumi.Input; /** * The greater-than-equal condition to be applied to a single field when querying for findings, provided as a String. */ gte?: pulumi.Input; /** * The less-than-equal condition to be applied to a single field when querying for findings, provided as a String. */ lte?: pulumi.Input; } export interface InsightFiltersNetworkDirection { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersNetworkProtocol { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersNetworkSourceDomain { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersNetworkSourceIpv4 { /** * A finding's CIDR value. */ cidr: pulumi.Input; } export interface InsightFiltersNetworkSourceIpv6 { /** * A finding's CIDR value. */ cidr: pulumi.Input; } export interface InsightFiltersNetworkSourceMac { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersNetworkSourcePort { /** * The equal-to condition to be applied to a single field when querying for findings, provided as a String. */ eq?: pulumi.Input; /** * The greater-than-equal condition to be applied to a single field when querying for findings, provided as a String. */ gte?: pulumi.Input; /** * The less-than-equal condition to be applied to a single field when querying for findings, provided as a String. */ lte?: pulumi.Input; } export interface InsightFiltersNoteText { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersNoteUpdatedAt { /** * A configuration block of the date range for the date filter. See dateRange below for more details. */ dateRange?: pulumi.Input; /** * An end date for the date filter. Required with `start` if `dateRange` is not specified. */ end?: pulumi.Input; /** * A start date for the date filter. Required with `end` if `dateRange` is not specified. */ start?: pulumi.Input; } export interface InsightFiltersNoteUpdatedAtDateRange { /** * A date range unit for the date filter. Valid values: `DAYS`. */ unit: pulumi.Input; /** * A date range value for the date filter, provided as an Integer. */ value: pulumi.Input; } export interface InsightFiltersNoteUpdatedBy { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersProcessLaunchedAt { /** * A configuration block of the date range for the date filter. See dateRange below for more details. */ dateRange?: pulumi.Input; /** * An end date for the date filter. Required with `start` if `dateRange` is not specified. */ end?: pulumi.Input; /** * A start date for the date filter. Required with `end` if `dateRange` is not specified. */ start?: pulumi.Input; } export interface InsightFiltersProcessLaunchedAtDateRange { /** * A date range unit for the date filter. Valid values: `DAYS`. */ unit: pulumi.Input; /** * A date range value for the date filter, provided as an Integer. */ value: pulumi.Input; } export interface InsightFiltersProcessName { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersProcessParentPid { /** * The equal-to condition to be applied to a single field when querying for findings, provided as a String. */ eq?: pulumi.Input; /** * The greater-than-equal condition to be applied to a single field when querying for findings, provided as a String. */ gte?: pulumi.Input; /** * The less-than-equal condition to be applied to a single field when querying for findings, provided as a String. */ lte?: pulumi.Input; } export interface InsightFiltersProcessPath { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersProcessPid { /** * The equal-to condition to be applied to a single field when querying for findings, provided as a String. */ eq?: pulumi.Input; /** * The greater-than-equal condition to be applied to a single field when querying for findings, provided as a String. */ gte?: pulumi.Input; /** * The less-than-equal condition to be applied to a single field when querying for findings, provided as a String. */ lte?: pulumi.Input; } export interface InsightFiltersProcessTerminatedAt { /** * A configuration block of the date range for the date filter. See dateRange below for more details. */ dateRange?: pulumi.Input; /** * An end date for the date filter. Required with `start` if `dateRange` is not specified. */ end?: pulumi.Input; /** * A start date for the date filter. Required with `end` if `dateRange` is not specified. */ start?: pulumi.Input; } export interface InsightFiltersProcessTerminatedAtDateRange { /** * A date range unit for the date filter. Valid values: `DAYS`. */ unit: pulumi.Input; /** * A date range value for the date filter, provided as an Integer. */ value: pulumi.Input; } export interface InsightFiltersProductArn { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersProductField { comparison: pulumi.Input; /** * The key of the map filter. For example, for `ResourceTags`, `Key` identifies the name of the tag. For `UserDefinedFields`, `Key` is the name of the field. */ key: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersProductName { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersRecommendationText { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersRecordState { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersRelatedFindingsId { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersRelatedFindingsProductArn { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersResourceAwsEc2InstanceIamInstanceProfileArn { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersResourceAwsEc2InstanceImageId { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersResourceAwsEc2InstanceIpv4Address { /** * A finding's CIDR value. */ cidr: pulumi.Input; } export interface InsightFiltersResourceAwsEc2InstanceIpv6Address { /** * A finding's CIDR value. */ cidr: pulumi.Input; } export interface InsightFiltersResourceAwsEc2InstanceKeyName { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersResourceAwsEc2InstanceLaunchedAt { /** * A configuration block of the date range for the date filter. See dateRange below for more details. */ dateRange?: pulumi.Input; /** * An end date for the date filter. Required with `start` if `dateRange` is not specified. */ end?: pulumi.Input; /** * A start date for the date filter. Required with `end` if `dateRange` is not specified. */ start?: pulumi.Input; } export interface InsightFiltersResourceAwsEc2InstanceLaunchedAtDateRange { /** * A date range unit for the date filter. Valid values: `DAYS`. */ unit: pulumi.Input; /** * A date range value for the date filter, provided as an Integer. */ value: pulumi.Input; } export interface InsightFiltersResourceAwsEc2InstanceSubnetId { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersResourceAwsEc2InstanceType { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersResourceAwsEc2InstanceVpcId { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersResourceAwsIamAccessKeyCreatedAt { /** * A configuration block of the date range for the date filter. See dateRange below for more details. */ dateRange?: pulumi.Input; /** * An end date for the date filter. Required with `start` if `dateRange` is not specified. */ end?: pulumi.Input; /** * A start date for the date filter. Required with `end` if `dateRange` is not specified. */ start?: pulumi.Input; } export interface InsightFiltersResourceAwsIamAccessKeyCreatedAtDateRange { /** * A date range unit for the date filter. Valid values: `DAYS`. */ unit: pulumi.Input; /** * A date range value for the date filter, provided as an Integer. */ value: pulumi.Input; } export interface InsightFiltersResourceAwsIamAccessKeyStatus { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersResourceAwsIamAccessKeyUserName { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersResourceAwsS3BucketOwnerId { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersResourceAwsS3BucketOwnerName { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersResourceContainerImageId { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersResourceContainerImageName { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersResourceContainerLaunchedAt { /** * A configuration block of the date range for the date filter. See dateRange below for more details. */ dateRange?: pulumi.Input; /** * An end date for the date filter. Required with `start` if `dateRange` is not specified. */ end?: pulumi.Input; /** * A start date for the date filter. Required with `end` if `dateRange` is not specified. */ start?: pulumi.Input; } export interface InsightFiltersResourceContainerLaunchedAtDateRange { /** * A date range unit for the date filter. Valid values: `DAYS`. */ unit: pulumi.Input; /** * A date range value for the date filter, provided as an Integer. */ value: pulumi.Input; } export interface InsightFiltersResourceContainerName { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersResourceDetailsOther { comparison: pulumi.Input; /** * The key of the map filter. For example, for `ResourceTags`, `Key` identifies the name of the tag. For `UserDefinedFields`, `Key` is the name of the field. */ key: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersResourceId { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersResourcePartition { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersResourceRegion { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersResourceTag { comparison: pulumi.Input; /** * The key of the map filter. For example, for `ResourceTags`, `Key` identifies the name of the tag. For `UserDefinedFields`, `Key` is the name of the field. */ key: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersResourceType { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersSeverityLabel { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersSourceUrl { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersThreatIntelIndicatorCategory { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersThreatIntelIndicatorLastObservedAt { /** * A configuration block of the date range for the date filter. See dateRange below for more details. */ dateRange?: pulumi.Input; /** * An end date for the date filter. Required with `start` if `dateRange` is not specified. */ end?: pulumi.Input; /** * A start date for the date filter. Required with `end` if `dateRange` is not specified. */ start?: pulumi.Input; } export interface InsightFiltersThreatIntelIndicatorLastObservedAtDateRange { /** * A date range unit for the date filter. Valid values: `DAYS`. */ unit: pulumi.Input; /** * A date range value for the date filter, provided as an Integer. */ value: pulumi.Input; } export interface InsightFiltersThreatIntelIndicatorSource { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersThreatIntelIndicatorSourceUrl { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersThreatIntelIndicatorType { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersThreatIntelIndicatorValue { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersTitle { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersType { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersUpdatedAt { /** * A configuration block of the date range for the date filter. See dateRange below for more details. */ dateRange?: pulumi.Input; /** * An end date for the date filter. Required with `start` if `dateRange` is not specified. */ end?: pulumi.Input; /** * A start date for the date filter. Required with `end` if `dateRange` is not specified. */ start?: pulumi.Input; } export interface InsightFiltersUpdatedAtDateRange { /** * A date range unit for the date filter. Valid values: `DAYS`. */ unit: pulumi.Input; /** * A date range value for the date filter, provided as an Integer. */ value: pulumi.Input; } export interface InsightFiltersUserDefinedValue { comparison: pulumi.Input; /** * The key of the map filter. For example, for `ResourceTags`, `Key` identifies the name of the tag. For `UserDefinedFields`, `Key` is the name of the field. */ key: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersVerificationState { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersWorkflowStatus { comparison: pulumi.Input; value: pulumi.Input; } export interface OrganizationConfigurationOrganizationConfiguration { /** * Indicates whether the organization uses local or central configuration. If using central configuration, `autoEnable` must be set to `false` and `autoEnableStandards` set to `NONE`. More information can be found in the [documentation for central configuration](https://docs.aws.amazon.com/securityhub/latest/userguide/central-configuration-intro.html). Valid values: `LOCAL`, `CENTRAL`. */ configurationType: pulumi.Input; } } export namespace securitylake { export interface AwsLogSourceSource { /** * Specify the AWS account information where you want to enable Security Lake. * If not specified, uses all accounts included in the Security Lake. */ accounts?: pulumi.Input[]>; /** * Specify the Regions where you want to enable Security Lake. */ regions: pulumi.Input[]>; /** * The name for a AWS source. This must be a Regionally unique value. Valid values: `ROUTE53`, `VPC_FLOW`, `SH_FINDINGS`, `CLOUD_TRAIL_MGMT`, `LAMBDA_EXECUTION`, `S3_DATA`, `EKS_AUDIT`, `WAF`. */ sourceName: pulumi.Input; /** * The version for a AWS source. * If not specified, the version will be the default. * This must be a Regionally unique value. */ sourceVersion?: pulumi.Input; } export interface CustomLogSourceAttribute { /** * The ARN of the AWS Glue crawler. */ crawlerArn: pulumi.Input; /** * The ARN of the AWS Glue database where results are written. */ databaseArn: pulumi.Input; /** * The ARN of the AWS Glue table. */ tableArn: pulumi.Input; } export interface CustomLogSourceConfiguration { /** * The configuration for the Glue Crawler for the third-party custom source. */ crawlerConfiguration: pulumi.Input; /** * The identity of the log provider for the third-party custom source. */ providerIdentity: pulumi.Input; } export interface CustomLogSourceConfigurationCrawlerConfiguration { /** * The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role to be used by the AWS Glue crawler. */ roleArn: pulumi.Input; } export interface CustomLogSourceConfigurationProviderIdentity { /** * The external ID used to estalish trust relationship with the AWS identity. */ externalId: pulumi.Input; /** * The AWS identity principal. */ principal: pulumi.Input; } export interface CustomLogSourceProviderDetail { /** * The location of the partition in the Amazon S3 bucket for Security Lake. */ location: pulumi.Input; /** * The ARN of the IAM role to be used by the entity putting logs into your custom source partition. */ roleArn: pulumi.Input; } export interface DataLakeConfiguration { /** * Provides encryption details of Amazon Security Lake object. */ encryptionConfigurations?: pulumi.Input[]>; /** * Provides lifecycle details of Amazon Security Lake object. */ lifecycleConfiguration?: pulumi.Input; /** * The AWS Regions where Security Lake is automatically enabled. */ region: pulumi.Input; /** * Provides replication details of Amazon Security Lake object. */ replicationConfiguration?: pulumi.Input; } export interface DataLakeConfigurationEncryptionConfiguration { /** * The id of KMS encryption key used by Amazon Security Lake to encrypt the Security Lake object. */ kmsKeyId: pulumi.Input; } export interface DataLakeConfigurationLifecycleConfiguration { /** * Provides data expiration details of Amazon Security Lake object. */ expiration?: pulumi.Input; /** * Provides data storage transition details of Amazon Security Lake object. */ transitions?: pulumi.Input[]>; } export interface DataLakeConfigurationLifecycleConfigurationExpiration { /** * Number of days before data transition to a different S3 Storage Class in the Amazon Security Lake object. */ days?: pulumi.Input; } export interface DataLakeConfigurationLifecycleConfigurationTransition { /** * Number of days before data transition to a different S3 Storage Class in the Amazon Security Lake object. */ days?: pulumi.Input; /** * The range of storage classes that you can choose from based on the data access, resiliency, and cost requirements of your workloads. */ storageClass?: pulumi.Input; } export interface DataLakeConfigurationReplicationConfiguration { /** * Replication enables automatic, asynchronous copying of objects across Amazon S3 buckets. Amazon S3 buckets that are configured for object replication can be owned by the same AWS account or by different accounts. You can replicate objects to a single destination bucket or to multiple destination buckets. The destination buckets can be in different AWS Regions or within the same Region as the source bucket. */ regions?: pulumi.Input[]>; /** * Replication settings for the Amazon S3 buckets. This parameter uses the AWS Identity and Access Management (IAM) role you created that is managed by Security Lake, to ensure the replication setting is correct. */ roleArn?: pulumi.Input; } export interface DataLakeTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface SubscriberNotificationConfiguration { /** * The configurations for HTTPS subscriber notification. */ httpsNotificationConfiguration?: pulumi.Input; /** * The configurations for SQS subscriber notification. * There are no parameters within `sqsNotificationConfiguration`. */ sqsNotificationConfiguration?: pulumi.Input; } export interface SubscriberNotificationConfigurationHttpsNotificationConfiguration { /** * The API key name for the notification subscription. */ authorizationApiKeyName?: pulumi.Input; /** * The API key value for the notification subscription. */ authorizationApiKeyValue?: pulumi.Input; /** * The subscription endpoint in Security Lake. * If you prefer notification with an HTTPS endpoint, populate this field. */ endpoint: pulumi.Input; /** * The HTTP method used for the notification subscription. * Valid values are `POST` and `PUT`. */ httpMethod?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the EventBridge API destinations IAM role that you created. * For more information about ARNs and how to use them in policies, see Managing data access and AWS Managed Policies in the Amazon Security Lake User Guide. */ targetRoleArn: pulumi.Input; } export interface SubscriberNotificationConfigurationSqsNotificationConfiguration { } export interface SubscriberSource { /** * Amazon Security Lake supports log and event collection for natively supported AWS services. See `awsLogSourceResource` Block below. */ awsLogSourceResource?: pulumi.Input; /** * Amazon Security Lake supports custom source types. See `customLogSourceResource` Block below. */ customLogSourceResource?: pulumi.Input; } export interface SubscriberSourceAwsLogSourceResource { /** * The name for a AWS source. This must be a Regionally unique value. Valid values: `ROUTE53`, `VPC_FLOW`, `SH_FINDINGS`, `CLOUD_TRAIL_MGMT`, `LAMBDA_EXECUTION`, `S3_DATA`, `EKS_AUDIT` and `WAF`. */ sourceName: pulumi.Input; /** * The version for a AWS source. This must be a Regionally unique value. */ sourceVersion?: pulumi.Input; } export interface SubscriberSourceCustomLogSourceResource { /** * The attributes of the third-party custom source. See `attributes` Block below. */ attributes?: pulumi.Input[]>; /** * The details of the log provider for the third-party custom source. See `provider` Block below. */ providers?: pulumi.Input[]>; /** * The name for a third-party custom source. This must be a Regionally unique value. */ sourceName: pulumi.Input; /** * The version for a third-party custom source. This must be a Regionally unique value. */ sourceVersion?: pulumi.Input; } export interface SubscriberSourceCustomLogSourceResourceAttribute { /** * The ARN of the AWS Glue crawler. */ crawlerArn: pulumi.Input; /** * The ARN of the AWS Glue database where results are written. */ databaseArn: pulumi.Input; /** * The ARN of the AWS Glue table. */ tableArn: pulumi.Input; } export interface SubscriberSourceCustomLogSourceResourceProvider { /** * The location of the partition in the Amazon S3 bucket for Security Lake. */ location: pulumi.Input; /** * The ARN of the IAM role to be used by the entity putting logs into your custom source partition. */ roleArn: pulumi.Input; } export interface SubscriberSubscriberIdentity { /** * The AWS Regions where Security Lake is automatically enabled. */ externalId: pulumi.Input; /** * Provides encryption details of Amazon Security Lake object. */ principal: pulumi.Input; } export interface SubscriberTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } } export namespace servicecatalog { export interface ProductProvisioningArtifactParameters { /** * Description of the provisioning artifact (i.e., version), including how it differs from the previous provisioning artifact. */ description?: pulumi.Input; /** * Whether AWS Service Catalog stops validating the specified provisioning artifact template even if it is invalid. */ disableTemplateValidation?: pulumi.Input; /** * Name of the provisioning artifact (for example, `v1`, `v2beta`). No spaces are allowed. */ name?: pulumi.Input; /** * Template source as the physical ID of the resource that contains the template. Currently only supports CloudFormation stack ARN. Specify the physical ID as `arn:[partition]:cloudformation:[region]:[account ID]:stack/[stack name]/[resource ID]`. */ templatePhysicalId?: pulumi.Input; /** * Template source as URL of the CloudFormation template in Amazon S3. */ templateUrl?: pulumi.Input; /** * Type of provisioning artifact. See [AWS Docs](https://docs.aws.amazon.com/servicecatalog/latest/dg/API_ProvisioningArtifactProperties.html) for valid list of values. */ type?: pulumi.Input; } export interface ProvisionedProductOutput { /** * The description of the output. */ description?: pulumi.Input; /** * The output key. */ key?: pulumi.Input; /** * The output value. */ value?: pulumi.Input; } export interface ProvisionedProductProvisioningParameter { /** * Parameter key. */ key: pulumi.Input; /** * Whether to ignore `value` and keep the previous parameter value. Ignored when initially provisioning a product. */ usePreviousValue?: pulumi.Input; /** * Parameter value. */ value?: pulumi.Input; } export interface ProvisionedProductStackSetProvisioningPreferences { /** * One or more AWS accounts that will have access to the provisioned product. The AWS accounts specified should be within the list of accounts in the STACKSET constraint. To get the list of accounts in the STACKSET constraint, use the `awsServicecatalogProvisioningParameters` data source. If no values are specified, the default value is all accounts from the STACKSET constraint. */ accounts?: pulumi.Input[]>; /** * Number of accounts, per region, for which this operation can fail before AWS Service Catalog stops the operation in that region. If the operation is stopped in a region, AWS Service Catalog doesn't attempt the operation in any subsequent regions. You must specify either `failureToleranceCount` or `failureTolerancePercentage`, but not both. The default value is 0 if no value is specified. */ failureToleranceCount?: pulumi.Input; /** * Percentage of accounts, per region, for which this stack operation can fail before AWS Service Catalog stops the operation in that region. If the operation is stopped in a region, AWS Service Catalog doesn't attempt the operation in any subsequent regions. When calculating the number of accounts based on the specified percentage, AWS Service Catalog rounds down to the next whole number. You must specify either `failureToleranceCount` or `failureTolerancePercentage`, but not both. */ failureTolerancePercentage?: pulumi.Input; /** * Maximum number of accounts in which to perform this operation at one time. This is dependent on the value of `failureToleranceCount`. `maxConcurrencyCount` is at most one more than the `failureToleranceCount`. Note that this setting lets you specify the maximum for operations. For large deployments, under certain circumstances the actual number of accounts acted upon concurrently may be lower due to service throttling. You must specify either `maxConcurrencyCount` or `maxConcurrencyPercentage`, but not both. */ maxConcurrencyCount?: pulumi.Input; /** * Maximum percentage of accounts in which to perform this operation at one time. When calculating the number of accounts based on the specified percentage, AWS Service Catalog rounds down to the next whole number. This is true except in cases where rounding down would result is zero. In this case, AWS Service Catalog sets the number as 1 instead. Note that this setting lets you specify the maximum for operations. For large deployments, under certain circumstances the actual number of accounts acted upon concurrently may be lower due to service throttling. You must specify either `maxConcurrencyCount` or `maxConcurrencyPercentage`, but not both. */ maxConcurrencyPercentage?: pulumi.Input; /** * One or more AWS Regions where the provisioned product will be available. The specified regions should be within the list of regions from the STACKSET constraint. To get the list of regions in the STACKSET constraint, use the `awsServicecatalogProvisioningParameters` data source. If no values are specified, the default value is all regions from the STACKSET constraint. */ regions?: pulumi.Input[]>; } export interface ServiceActionDefinition { /** * ARN of the role that performs the self-service actions on your behalf. For example, `arn:aws:iam::12345678910:role/ActionRole`. To reuse the provisioned product launch role, set to `LAUNCH_ROLE`. */ assumeRole?: pulumi.Input; /** * Name of the SSM document. For example, `AWS-RestartEC2Instance`. If you are using a shared SSM document, you must provide the ARN instead of the name. */ name: pulumi.Input; /** * List of parameters in JSON format. For example: `[{\"Name\":\"InstanceId\",\"Type\":\"TARGET\"}]` or `[{\"Name\":\"InstanceId\",\"Type\":\"TEXT_VALUE\"}]`. */ parameters?: pulumi.Input; /** * Service action definition type. Valid value is `SSM_AUTOMATION`. Default is `SSM_AUTOMATION`. */ type?: pulumi.Input; /** * SSM document version. For example, `1`. */ version: pulumi.Input; } } export namespace servicediscovery { export interface ServiceDnsConfig { /** * An array that contains one DnsRecord object for each resource record set. See `dnsRecords` Block for details. */ dnsRecords: pulumi.Input[]>; /** * The ID of the namespace to use for DNS configuration. */ namespaceId: pulumi.Input; /** * The routing policy that you want to apply to all records that Route 53 creates when you register an instance and specify the service. Valid Values: MULTIVALUE, WEIGHTED */ routingPolicy?: pulumi.Input; } export interface ServiceDnsConfigDnsRecord { /** * The amount of time, in seconds, that you want DNS resolvers to cache the settings for this resource record set. */ ttl: pulumi.Input; /** * The type of the resource, which indicates the value that Amazon Route 53 returns in response to DNS queries. Valid Values: A, AAAA, SRV, CNAME */ type: pulumi.Input; } export interface ServiceHealthCheckConfig { /** * The number of consecutive health checks. Maximum value of 10. */ failureThreshold?: pulumi.Input; /** * The path that you want Route 53 to request when performing health checks. Route 53 automatically adds the DNS name for the service. If you don't specify a value, the default value is /. */ resourcePath?: pulumi.Input; /** * The type of health check that you want to create, which indicates how Route 53 determines whether an endpoint is healthy. Valid Values: HTTP, HTTPS, TCP */ type?: pulumi.Input; } export interface ServiceHealthCheckCustomConfig { /** * The number of 30-second intervals that you want service discovery to wait before it changes the health status of a service instance. Value is always set to 1. * * @deprecated failure_threshold is deprecated. The argument is no longer supported by AWS and the value is always set to 1. The attribute will be removed in a future major version. */ failureThreshold?: pulumi.Input; } } export namespace servicequotas { export interface ServiceQuotaUsageMetric { /** * The metric dimensions. */ metricDimensions?: pulumi.Input[]>; /** * The name of the metric. */ metricName?: pulumi.Input; /** * The namespace of the metric. */ metricNamespace?: pulumi.Input; /** * The metric statistic that AWS recommend you use when determining quota usage. */ metricStatisticRecommendation?: pulumi.Input; } export interface ServiceQuotaUsageMetricMetricDimension { class?: pulumi.Input; resource?: pulumi.Input; service?: pulumi.Input; type?: pulumi.Input; } } export namespace ses { export interface ConfigurationSetDeliveryOptions { /** * Whether messages that use the configuration set are required to use Transport Layer Security (TLS). If the value is `Require`, messages are only delivered if a TLS connection can be established. If the value is `Optional`, messages can be delivered in plain text if a TLS connection can't be established. Valid values: `Require` or `Optional`. Defaults to `Optional`. */ tlsPolicy?: pulumi.Input; } export interface ConfigurationSetTrackingOptions { /** * Custom subdomain that is used to redirect email recipients to the Amazon SES event tracking domain. */ customRedirectDomain?: pulumi.Input; } export interface EventDestinationCloudwatchDestination { /** * The default value for the event */ defaultValue: pulumi.Input; /** * The name for the dimension */ dimensionName: pulumi.Input; /** * The source for the value. May be any of `"messageTag"`, `"emailHeader"` or `"linkTag"`. */ valueSource: pulumi.Input; } export interface EventDestinationKinesisDestination { /** * The ARN of the role that has permissions to access the Kinesis Stream */ roleArn: pulumi.Input; /** * The ARN of the Kinesis Stream */ streamArn: pulumi.Input; } export interface EventDestinationSnsDestination { /** * The ARN of the SNS topic */ topicArn: pulumi.Input; } export interface ReceiptRuleAddHeaderAction { /** * The name of the header to add */ headerName: pulumi.Input; /** * The value of the header to add */ headerValue: pulumi.Input; /** * The position of the action in the receipt rule */ position: pulumi.Input; } export interface ReceiptRuleBounceAction { /** * The message to send */ message: pulumi.Input; /** * The position of the action in the receipt rule */ position: pulumi.Input; /** * The email address of the sender */ sender: pulumi.Input; /** * The RFC 5321 SMTP reply code */ smtpReplyCode: pulumi.Input; /** * The RFC 3463 SMTP enhanced status code */ statusCode?: pulumi.Input; /** * The ARN of an SNS topic to notify */ topicArn?: pulumi.Input; } export interface ReceiptRuleLambdaAction { /** * The ARN of the Lambda function to invoke */ functionArn: pulumi.Input; /** * `Event` or `RequestResponse` */ invocationType?: pulumi.Input; /** * The position of the action in the receipt rule */ position: pulumi.Input; /** * The ARN of an SNS topic to notify */ topicArn?: pulumi.Input; } export interface ReceiptRuleS3Action { /** * The name of the S3 bucket */ bucketName: pulumi.Input; /** * The ARN of the IAM role to be used by Amazon Simple Email Service while writing to the Amazon S3 bucket, optionally encrypting your mail via the provided customer managed key, and publishing to the Amazon SNS topic */ iamRoleArn?: pulumi.Input; /** * The ARN of the KMS key */ kmsKeyArn?: pulumi.Input; /** * The key prefix of the S3 bucket */ objectKeyPrefix?: pulumi.Input; /** * The position of the action in the receipt rule */ position: pulumi.Input; /** * The ARN of an SNS topic to notify */ topicArn?: pulumi.Input; } export interface ReceiptRuleSnsAction { /** * The encoding to use for the email within the Amazon SNS notification. Default value is `UTF-8`. */ encoding?: pulumi.Input; /** * The position of the action in the receipt rule */ position: pulumi.Input; /** * The ARN of an SNS topic to notify */ topicArn: pulumi.Input; } export interface ReceiptRuleStopAction { /** * The position of the action in the receipt rule */ position: pulumi.Input; /** * The scope to apply. The only acceptable value is `RuleSet`. */ scope: pulumi.Input; /** * The ARN of an SNS topic to notify */ topicArn?: pulumi.Input; } export interface ReceiptRuleWorkmailAction { /** * The ARN of the WorkMail organization */ organizationArn: pulumi.Input; /** * The position of the action in the receipt rule */ position: pulumi.Input; /** * The ARN of an SNS topic to notify */ topicArn?: pulumi.Input; } } export namespace sesv2 { export interface AccountVdmAttributesDashboardAttributes { /** * Specifies the status of your VDM engagement metrics collection. Valid values: `ENABLED`, `DISABLED`. */ engagementMetrics?: pulumi.Input; } export interface AccountVdmAttributesGuardianAttributes { /** * Specifies the status of your VDM optimized shared delivery. Valid values: `ENABLED`, `DISABLED`. */ optimizedSharedDelivery?: pulumi.Input; } export interface ConfigurationSetDeliveryOptions { /** * The maximum amount of time, in seconds, that Amazon SES API v2 will attempt delivery of email. If specified, the value must greater than or equal to 300 seconds (5 minutes) and less than or equal to 50400 seconds (840 minutes). */ maxDeliverySeconds?: pulumi.Input; /** * The name of the dedicated IP pool to associate with the configuration set. */ sendingPoolName?: pulumi.Input; /** * Specifies whether messages that use the configuration set are required to use Transport Layer Security (TLS). Valid values: `REQUIRE`, `OPTIONAL`. */ tlsPolicy?: pulumi.Input; } export interface ConfigurationSetEventDestinationEventDestination { /** * An object that defines an Amazon CloudWatch destination for email events. See `cloudWatchDestination` Block for details. */ cloudWatchDestination?: pulumi.Input; /** * When the event destination is enabled, the specified event types are sent to the destinations. Default: `false`. */ enabled?: pulumi.Input; /** * An object that defines an Amazon EventBridge destination for email events. You can use Amazon EventBridge to send notifications when certain email events occur. See `eventBridgeDestination` Block for details. */ eventBridgeDestination?: pulumi.Input; /** * An object that defines an Amazon Kinesis Data Firehose destination for email events. See `kinesisFirehoseDestination` Block for details. */ kinesisFirehoseDestination?: pulumi.Input; /** * An array that specifies which events the Amazon SES API v2 should send to the destinations. Valid values: `SEND`, `REJECT`, `BOUNCE`, `COMPLAINT`, `DELIVERY`, `OPEN`, `CLICK`, `RENDERING_FAILURE`, `DELIVERY_DELAY`, `SUBSCRIPTION`. */ matchingEventTypes: pulumi.Input[]>; /** * An object that defines an Amazon Pinpoint project destination for email events. See `pinpointDestination` Block for details. */ pinpointDestination?: pulumi.Input; /** * An object that defines an Amazon SNS destination for email events. See `snsDestination` Block for details. */ snsDestination?: pulumi.Input; } export interface ConfigurationSetEventDestinationEventDestinationCloudWatchDestination { /** * An array of objects that define the dimensions to use when you send email events to Amazon CloudWatch. See `dimensionConfiguration` Block for details. */ dimensionConfigurations: pulumi.Input[]>; } export interface ConfigurationSetEventDestinationEventDestinationCloudWatchDestinationDimensionConfiguration { /** * The default value of the dimension that is published to Amazon CloudWatch if you don't provide the value of the dimension when you send an email. */ defaultDimensionValue: pulumi.Input; /** * The name of an Amazon CloudWatch dimension associated with an email sending metric. */ dimensionName: pulumi.Input; /** * The location where the Amazon SES API v2 finds the value of a dimension to publish to Amazon CloudWatch. Valid values: `MESSAGE_TAG`, `EMAIL_HEADER`, `LINK_TAG`. */ dimensionValueSource: pulumi.Input; } export interface ConfigurationSetEventDestinationEventDestinationEventBridgeDestination { /** * The Amazon Resource Name (ARN) of the Amazon EventBridge bus to publish email events to. Only the default bus is supported. */ eventBusArn: pulumi.Input; } export interface ConfigurationSetEventDestinationEventDestinationKinesisFirehoseDestination { /** * The Amazon Resource Name (ARN) of the Amazon Kinesis Data Firehose stream that the Amazon SES API v2 sends email events to. */ deliveryStreamArn: pulumi.Input; /** * The Amazon Resource Name (ARN) of the IAM role that the Amazon SES API v2 uses to send email events to the Amazon Kinesis Data Firehose stream. */ iamRoleArn: pulumi.Input; } export interface ConfigurationSetEventDestinationEventDestinationPinpointDestination { applicationArn: pulumi.Input; } export interface ConfigurationSetEventDestinationEventDestinationSnsDestination { /** * The Amazon Resource Name (ARN) of the Amazon SNS topic to publish email events to. */ topicArn: pulumi.Input; } export interface ConfigurationSetReputationOptions { /** * The date and time (in Unix time) when the reputation metrics were last given a fresh start. When your account is given a fresh start, your reputation metrics are calculated starting from the date of the fresh start. */ lastFreshStart?: pulumi.Input; /** * If `true`, tracking of reputation metrics is enabled for the configuration set. If `false`, tracking of reputation metrics is disabled for the configuration set. */ reputationMetricsEnabled?: pulumi.Input; } export interface ConfigurationSetSendingOptions { /** * If `true`, email sending is enabled for the configuration set. If `false`, email sending is disabled for the configuration set. */ sendingEnabled?: pulumi.Input; } export interface ConfigurationSetSuppressionOptions { /** * A list that contains the reasons that email addresses are automatically added to the suppression list for your account. Valid values: `BOUNCE`, `COMPLAINT`. */ suppressedReasons?: pulumi.Input[]>; } export interface ConfigurationSetTrackingOptions { /** * The domain to use for tracking open and click events. */ customRedirectDomain: pulumi.Input; /** * The https policy to use for tracking open and click events. Valid values are `REQUIRE`, `REQUIRE_OPEN_ONLY` or `OPTIONAL`. */ httpsPolicy?: pulumi.Input; } export interface ConfigurationSetVdmOptions { /** * Specifies additional settings for your VDM configuration as applicable to the Dashboard. See `dashboardOptions` Block for details. */ dashboardOptions?: pulumi.Input; /** * Specifies additional settings for your VDM configuration as applicable to the Guardian. See `guardianOptions` Block for details. */ guardianOptions?: pulumi.Input; } export interface ConfigurationSetVdmOptionsDashboardOptions { /** * Specifies the status of your VDM engagement metrics collection. Valid values: `ENABLED`, `DISABLED`. */ engagementMetrics?: pulumi.Input; } export interface ConfigurationSetVdmOptionsGuardianOptions { /** * Specifies the status of your VDM optimized shared delivery. Valid values: `ENABLED`, `DISABLED`. */ optimizedSharedDelivery?: pulumi.Input; } export interface ContactListTopic { /** * Default subscription status to be applied to a contact if the contact has not noted their preference for subscribing to a topic. */ defaultSubscriptionStatus: pulumi.Input; /** * Description of what the topic is about, which the contact will see. */ description?: pulumi.Input; /** * Name of the topic the contact will see. */ displayName: pulumi.Input; /** * Name of the topic. * * The following arguments are optional: */ topicName: pulumi.Input; } export interface EmailIdentityDkimSigningAttributes { /** * [Easy DKIM] The key length of the DKIM key pair in use. */ currentSigningKeyLength?: pulumi.Input; /** * [Bring Your Own DKIM] A private key that's used to generate a DKIM signature. The private key must use 1024 or 2048-bit RSA encryption, and must be encoded using base64 encoding. * * > **NOTE:** You have to delete the first and last lines ('-----BEGIN PRIVATE KEY-----' and '-----END PRIVATE KEY-----', respectively) of the generated private key. Additionally, you have to remove the line breaks in the generated private key. The resulting value is a string of characters with no spaces or line breaks. */ domainSigningPrivateKey?: pulumi.Input; /** * [Bring Your Own DKIM] A string that's used to identify a public key in the DNS configuration for a domain. */ domainSigningSelector?: pulumi.Input; /** * [Easy DKIM] The last time a key pair was generated for this identity. */ lastKeyGenerationTimestamp?: pulumi.Input; /** * [Easy DKIM] The key length of the future DKIM key pair to be generated. This can be changed at most once per day. Valid values: `RSA_1024_BIT`, `RSA_2048_BIT`. */ nextSigningKeyLength?: pulumi.Input; /** * A string that indicates how DKIM was configured for the identity. `AWS_SES` indicates that DKIM was configured for the identity by using Easy DKIM. `EXTERNAL` indicates that DKIM was configured for the identity by using Bring Your Own DKIM (BYODKIM). */ signingAttributesOrigin?: pulumi.Input; /** * Describes whether or not Amazon SES has successfully located the DKIM records in the DNS records for the domain. See the [AWS SES API v2 Reference](https://docs.aws.amazon.com/ses/latest/APIReference-V2/API_DkimAttributes.html#SES-Type-DkimAttributes-Status) for supported statuses. */ status?: pulumi.Input; /** * If you used Easy DKIM to configure DKIM authentication for the domain, then this object contains a set of unique strings that you use to create a set of CNAME records that you add to the DNS configuration for your domain. When Amazon SES detects these records in the DNS configuration for your domain, the DKIM authentication process is complete. If you configured DKIM authentication for the domain by providing your own public-private key pair, then this object contains the selector for the public key. */ tokens?: pulumi.Input[]>; } } export namespace sfn { export interface ActivityEncryptionConfiguration { /** * Maximum duration for which Activities will reuse data keys. When the period expires, Activities will call GenerateDataKey. This setting only applies to customer managed KMS key and does not apply to AWS owned KMS key. */ kmsDataKeyReusePeriodSeconds?: pulumi.Input; /** * The alias, alias ARN, key ID, or key ARN of the symmetric encryption KMS key that encrypts the data key. To specify a KMS key in a different AWS account, the customer must use the key ARN or alias ARN. For more information regarding kms_key_id, see [KeyId](https://docs.aws.amazon.com/kms/latest/APIReference/API_DescribeKey.html#API_DescribeKey_RequestParameters) in the KMS documentation. */ kmsKeyId?: pulumi.Input; /** * The encryption option specified for the activity. Valid values: `AWS_KMS_KEY`, `CUSTOMER_MANAGED_KMS_KEY` */ type?: pulumi.Input; } export interface AliasRoutingConfiguration { /** * The Amazon Resource Name (ARN) of the state machine version. */ stateMachineVersionArn: pulumi.Input; /** * Percentage of traffic routed to the state machine version. */ weight: pulumi.Input; } export interface StateMachineEncryptionConfiguration { /** * Maximum duration for which Step Functions will reuse data keys. When the period expires, Step Functions will call GenerateDataKey. This setting only applies to customer managed KMS key and does not apply when `type` is `AWS_OWNED_KEY`. */ kmsDataKeyReusePeriodSeconds?: pulumi.Input; /** * The alias, alias ARN, key ID, or key ARN of the symmetric encryption KMS key that encrypts the data key. To specify a KMS key in a different AWS account, the customer must use the key ARN or alias ARN. For more information regarding kms_key_id, see [KeyId](https://docs.aws.amazon.com/kms/latest/APIReference/API_DescribeKey.html#API_DescribeKey_RequestParameters) in the KMS documentation. */ kmsKeyId?: pulumi.Input; /** * The encryption option specified for the state machine. Valid values: `AWS_OWNED_KEY`, `CUSTOMER_MANAGED_KMS_KEY` */ type?: pulumi.Input; } export interface StateMachineLoggingConfiguration { /** * Determines whether execution data is included in your log. When set to `false`, data is excluded. */ includeExecutionData?: pulumi.Input; /** * Defines which category of execution history events are logged. Valid values: `ALL`, `ERROR`, `FATAL`, `OFF` */ level?: pulumi.Input; /** * Amazon Resource Name (ARN) of a CloudWatch log group. Make sure the State Machine has the correct IAM policies for logging. The ARN must end with `:*` */ logDestination?: pulumi.Input; } export interface StateMachineTracingConfiguration { /** * When set to `true`, AWS X-Ray tracing is enabled. Make sure the State Machine has the correct IAM policies for logging. See the [AWS Step Functions Developer Guide](https://docs.aws.amazon.com/step-functions/latest/dg/xray-iam.html) for details. */ enabled?: pulumi.Input; } } export namespace shield { export interface ApplicationLayerAutomaticResponseTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface DrtAccessLogBucketAssociationTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; } export interface DrtAccessRoleArnAssociationTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface ProactiveEngagementEmergencyContact { /** * Additional notes regarding the contact. */ contactNotes?: pulumi.Input; /** * A valid email address that will be used for this contact. */ emailAddress: pulumi.Input; /** * A phone number, starting with `+` and up to 15 digits that will be used for this contact. */ phoneNumber?: pulumi.Input; } } export namespace signer { export interface SigningJobDestination { /** * A configuration block describing the S3 Destination object: See S3 Destination below for details. */ s3: pulumi.Input; } export interface SigningJobDestinationS3 { bucket: pulumi.Input; /** * An Amazon S3 object key prefix that you can use to limit signed objects keys to begin with the specified prefix. */ prefix?: pulumi.Input; } export interface SigningJobRevocationRecord { reason?: pulumi.Input; revokedAt?: pulumi.Input; revokedBy?: pulumi.Input; } export interface SigningJobSignedObject { s3s?: pulumi.Input[]>; } export interface SigningJobSignedObjectS3 { bucket?: pulumi.Input; /** * Key name of the object that contains your unsigned code. */ key?: pulumi.Input; } export interface SigningJobSource { /** * A configuration block describing the S3 Source object: See S3 Source below for details. */ s3: pulumi.Input; } export interface SigningJobSourceS3 { bucket: pulumi.Input; /** * Key name of the object that contains your unsigned code. */ key: pulumi.Input; /** * Version of your source image in your version enabled S3 bucket. */ version: pulumi.Input; } export interface SigningProfileRevocationRecord { /** * The time when revocation becomes effective. */ revocationEffectiveFrom?: pulumi.Input; /** * The time when the signing profile was revoked. */ revokedAt?: pulumi.Input; /** * The identity of the revoker. */ revokedBy?: pulumi.Input; } export interface SigningProfileSignatureValidityPeriod { /** * The time unit for signature validity. Valid values: `DAYS`, `MONTHS`, `YEARS`. */ type: pulumi.Input; /** * The numerical value of the time unit for signature validity. */ value: pulumi.Input; } export interface SigningProfileSigningMaterial { /** * The Amazon Resource Name (ARN) of the certificates that is used to sign your code. */ certificateArn: pulumi.Input; } } export namespace sns { /** * Represents an AWS IAM policy document that defines permissions for AWS resources and actions. */ export interface PolicyDocument { Id?: pulumi.Input; Statement: pulumi.Input[]>; Version: pulumi.Input; } } export namespace sqs { /** * Represents an AWS IAM policy document that defines permissions for AWS resources and actions. */ export interface PolicyDocument { Id?: pulumi.Input; Statement: pulumi.Input[]>; Version: pulumi.Input; } } export namespace ssm { export interface AssociationOutputLocation { /** * The S3 bucket name. */ s3BucketName: pulumi.Input; /** * The S3 bucket prefix. Results stored in the root if not configured. */ s3KeyPrefix?: pulumi.Input; /** * The S3 bucket region. * * Targets specify what instance IDs or tags to apply the document to and has these keys: */ s3Region?: pulumi.Input; } export interface AssociationTarget { /** * Either `InstanceIds` or `tag:Tag Name` to specify an EC2 tag. */ key: pulumi.Input; /** * User-defined criteria that maps to Key. A list of instance IDs or tag values. */ values: pulumi.Input[]>; } export interface ContactsRotationRecurrence { dailySettings?: pulumi.Input[]>; /** * (Optional) Information about on-call rotations that recur monthly. See Monthly Settings for more details. */ monthlySettings?: pulumi.Input[]>; /** * (Required) The number of contacts, or shift team members designated to be on call concurrently during a shift. */ numberOfOnCalls: pulumi.Input; /** * (Required) The number of days, weeks, or months a single rotation lasts. */ recurrenceMultiplier: pulumi.Input; /** * (Optional) Information about the days of the week that the on-call rotation coverage includes. See Shift Coverages for more details. */ shiftCoverages?: pulumi.Input[]>; /** * (Optional) Information about on-call rotations that recur weekly. See Weekly Settings for more details. */ weeklySettings?: pulumi.Input[]>; } export interface ContactsRotationRecurrenceDailySetting { /** * (Required) The hour of the day. */ hourOfDay: pulumi.Input; /** * (Required) The minutes of the hour. */ minuteOfHour: pulumi.Input; } export interface ContactsRotationRecurrenceMonthlySetting { /** * (Required) The day of the month when monthly recurring on-call rotations begin. */ dayOfMonth: pulumi.Input; /** * (Required) The hand off time. See Hand Off Time for more details. */ handOffTime?: pulumi.Input; } export interface ContactsRotationRecurrenceMonthlySettingHandOffTime { /** * (Required) The hour of the day. */ hourOfDay: pulumi.Input; /** * (Required) The minutes of the hour. */ minuteOfHour: pulumi.Input; } export interface ContactsRotationRecurrenceShiftCoverage { /** * (Required) Information about when an on-call shift begins and ends. See Coverage Times for more details. */ coverageTimes: pulumi.Input[]>; mapBlockKey: pulumi.Input; } export interface ContactsRotationRecurrenceShiftCoverageCoverageTime { /** * (Required) The end time of the on-call shift. See Hand Off Time for more details. */ end?: pulumi.Input; /** * (Required) The start time of the on-call shift. See Hand Off Time for more details. */ start?: pulumi.Input; } export interface ContactsRotationRecurrenceShiftCoverageCoverageTimeEnd { /** * (Required) The hour of the day. */ hourOfDay: pulumi.Input; /** * (Required) The minutes of the hour. */ minuteOfHour: pulumi.Input; } export interface ContactsRotationRecurrenceShiftCoverageCoverageTimeStart { /** * (Required) The hour of the day. */ hourOfDay: pulumi.Input; /** * (Required) The minutes of the hour. */ minuteOfHour: pulumi.Input; } export interface ContactsRotationRecurrenceWeeklySetting { /** * (Required) The day of the week when the shift coverage occurs. */ dayOfWeek: pulumi.Input; /** * (Required) The hand off time. See Hand Off Time for more details. */ handOffTime?: pulumi.Input; } export interface ContactsRotationRecurrenceWeeklySettingHandOffTime { /** * (Required) The hour of the day. */ hourOfDay: pulumi.Input; /** * (Required) The minutes of the hour. */ minuteOfHour: pulumi.Input; } export interface DocumentAttachmentsSource { /** * The key of a key-value pair that identifies the location of an attachment to the document. Valid values: `SourceUrl`, `S3FileUrl`, `AttachmentReference`. */ key: pulumi.Input; /** * The name of the document attachment file. */ name?: pulumi.Input; /** * The value of a key-value pair that identifies the location of an attachment to the document. The argument format is a list of a single string that depends on the type of key you specify - see the [API Reference](https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_AttachmentsSource.html) for details. */ values: pulumi.Input[]>; } export interface DocumentParameter { /** * If specified, the default values for the parameters. Parameters without a default value are required. Parameters with a default value are optional. */ defaultValue?: pulumi.Input; /** * A description of what the parameter does, how to use it, the default value, and whether or not the parameter is optional. */ description?: pulumi.Input; /** * The name of the document. */ name?: pulumi.Input; /** * The type of parameter. Valid values: `String`, `StringList`. */ type?: pulumi.Input; } export interface GetInstancesFilter { /** * Name of the filter field. Valid values can be found in the [SSM InstanceInformationStringFilter API Reference](https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_InstanceInformationStringFilter.html). */ name: string; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: string[]; } export interface GetInstancesFilterArgs { /** * Name of the filter field. Valid values can be found in the [SSM InstanceInformationStringFilter API Reference](https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_InstanceInformationStringFilter.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: pulumi.Input[]>; } export interface GetMaintenanceWindowsFilter { /** * Name of the filter field. Valid values can be found in the [SSM DescribeMaintenanceWindows API Reference](https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeMaintenanceWindows.html#API_DescribeMaintenanceWindows_RequestSyntax). */ name: string; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: string[]; } export interface GetMaintenanceWindowsFilterArgs { /** * Name of the filter field. Valid values can be found in the [SSM DescribeMaintenanceWindows API Reference](https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeMaintenanceWindows.html#API_DescribeMaintenanceWindows_RequestSyntax). */ name: pulumi.Input; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: pulumi.Input[]>; } export interface GetPatchBaselinesFilter { /** * Filter key. See the [AWS SSM documentation](https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribePatchBaselines.html) for valid values. */ key: string; /** * Filter values. See the [AWS SSM documentation](https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribePatchBaselines.html) for example values. */ values: string[]; } export interface GetPatchBaselinesFilterArgs { /** * Filter key. See the [AWS SSM documentation](https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribePatchBaselines.html) for valid values. */ key: pulumi.Input; /** * Filter values. See the [AWS SSM documentation](https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribePatchBaselines.html) for example values. */ values: pulumi.Input[]>; } export interface MaintenanceWindowTargetTarget { key: pulumi.Input; values: pulumi.Input[]>; } export interface MaintenanceWindowTaskTarget { key: pulumi.Input; /** * The array of strings. */ values: pulumi.Input[]>; } export interface MaintenanceWindowTaskTaskInvocationParameters { /** * The parameters for an AUTOMATION task type. Documented below. */ automationParameters?: pulumi.Input; /** * The parameters for a LAMBDA task type. Documented below. */ lambdaParameters?: pulumi.Input; /** * The parameters for a RUN_COMMAND task type. Documented below. */ runCommandParameters?: pulumi.Input; /** * The parameters for a STEP_FUNCTIONS task type. Documented below. */ stepFunctionsParameters?: pulumi.Input; } export interface MaintenanceWindowTaskTaskInvocationParametersAutomationParameters { /** * The version of an Automation document to use during task execution. */ documentVersion?: pulumi.Input; /** * The parameters for the RUN_COMMAND task execution. Documented below. */ parameters?: pulumi.Input[]>; } export interface MaintenanceWindowTaskTaskInvocationParametersAutomationParametersParameter { /** * The parameter name. */ name: pulumi.Input; /** * The array of strings. */ values: pulumi.Input[]>; } export interface MaintenanceWindowTaskTaskInvocationParametersLambdaParameters { /** * Pass client-specific information to the Lambda function that you are invoking. */ clientContext?: pulumi.Input; /** * JSON to provide to your Lambda function as input. */ payload?: pulumi.Input; /** * Specify a Lambda function version or alias name. */ qualifier?: pulumi.Input; } export interface MaintenanceWindowTaskTaskInvocationParametersRunCommandParameters { /** * Configuration options for sending command output to CloudWatch Logs. Documented below. */ cloudwatchConfig?: pulumi.Input; /** * Information about the command(s) to execute. */ comment?: pulumi.Input; /** * The SHA-256 or SHA-1 hash created by the system when the document was created. SHA-1 hashes have been deprecated. */ documentHash?: pulumi.Input; /** * SHA-256 or SHA-1. SHA-1 hashes have been deprecated. Valid values: `Sha256` and `Sha1` */ documentHashType?: pulumi.Input; /** * The version of an Automation document to use during task execution. */ documentVersion?: pulumi.Input; /** * Configurations for sending notifications about command status changes on a per-instance basis. Documented below. */ notificationConfig?: pulumi.Input; /** * The name of the Amazon S3 bucket. */ outputS3Bucket?: pulumi.Input; /** * The Amazon S3 bucket subfolder. */ outputS3KeyPrefix?: pulumi.Input; /** * The parameters for the RUN_COMMAND task execution. Documented below. */ parameters?: pulumi.Input[]>; /** * The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) service role to use to publish Amazon Simple Notification Service (Amazon SNS) notifications for maintenance window Run Command tasks. */ serviceRoleArn?: pulumi.Input; /** * If this time is reached and the command has not already started executing, it doesn't run. */ timeoutSeconds?: pulumi.Input; } export interface MaintenanceWindowTaskTaskInvocationParametersRunCommandParametersCloudwatchConfig { /** * The name of the CloudWatch log group where you want to send command output. If you don't specify a group name, Systems Manager automatically creates a log group for you. The log group uses the following naming format: aws/ssm/SystemsManagerDocumentName. */ cloudwatchLogGroupName?: pulumi.Input; /** * Enables Systems Manager to send command output to CloudWatch Logs. */ cloudwatchOutputEnabled?: pulumi.Input; } export interface MaintenanceWindowTaskTaskInvocationParametersRunCommandParametersNotificationConfig { /** * An Amazon Resource Name (ARN) for a Simple Notification Service (SNS) topic. Run Command pushes notifications about command status changes to this topic. */ notificationArn?: pulumi.Input; /** * The different events for which you can receive notifications. Valid values: `All`, `InProgress`, `Success`, `TimedOut`, `Cancelled`, and `Failed` */ notificationEvents?: pulumi.Input[]>; /** * When specified with `Command`, receive notification when the status of a command changes. When specified with `Invocation`, for commands sent to multiple instances, receive notification on a per-instance basis when the status of a command changes. Valid values: `Command` and `Invocation` */ notificationType?: pulumi.Input; } export interface MaintenanceWindowTaskTaskInvocationParametersRunCommandParametersParameter { /** * The parameter name. */ name: pulumi.Input; /** * The array of strings. */ values: pulumi.Input[]>; } export interface MaintenanceWindowTaskTaskInvocationParametersStepFunctionsParameters { /** * The inputs for the STEP_FUNCTION task. */ input?: pulumi.Input; /** * The name of the STEP_FUNCTION task. */ name?: pulumi.Input; } export interface PatchBaselineApprovalRule { /** * Number of days after the release date of each patch matched by the rule the patch is marked as approved in the patch baseline. Valid Range: 0 to 360. Conflicts with `approveUntilDate`. */ approveAfterDays?: pulumi.Input; /** * Cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically. Date is formatted as `YYYY-MM-DD`. Conflicts with `approveAfterDays` */ approveUntilDate?: pulumi.Input; /** * Compliance level for patches approved by this rule. Valid values are `CRITICAL`, `HIGH`, `MEDIUM`, `LOW`, `INFORMATIONAL`, and `UNSPECIFIED`. The default value is `UNSPECIFIED`. */ complianceLevel?: pulumi.Input; /** * Boolean enabling the application of non-security updates. The default value is `false`. Valid for Linux instances only. */ enableNonSecurity?: pulumi.Input; /** * Patch filter group that defines the criteria for the rule. Up to 5 patch filters can be specified per approval rule using Key/Value pairs. Valid combinations of these Keys and the `operatingSystem` value can be found in the [SSM DescribePatchProperties API Reference](https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribePatchProperties.html). Valid Values are exact values for the patch property given as the key, or a wildcard `*`, which matches all values. `PATCH_SET` defaults to `OS` if unspecified */ patchFilters: pulumi.Input[]>; } export interface PatchBaselineApprovalRulePatchFilter { key: pulumi.Input; values: pulumi.Input[]>; } export interface PatchBaselineGlobalFilter { key: pulumi.Input; values: pulumi.Input[]>; } export interface PatchBaselineSource { /** * Value of the yum repo configuration. For information about other options available for your yum repository configuration, see the [`dnf.conf` documentation](https://man7.org/linux/man-pages/man5/dnf.conf.5.html) */ configuration: pulumi.Input; /** * Name specified to identify the patch source. */ name: pulumi.Input; /** * Specific operating system versions a patch repository applies to, such as `"Ubuntu16.04"`, `"AmazonLinux2016.09"`, `"RedhatEnterpriseLinux7.2"` or `"Suse12.7"`. For lists of supported product values, see [PatchFilter](https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_PatchFilter.html). */ products: pulumi.Input[]>; } export interface QuicksetupConfigurationManagerConfigurationDefinition { id?: pulumi.Input; localDeploymentAdministrationRoleArn?: pulumi.Input; /** * Name of the IAM role used to deploy local configurations. */ localDeploymentExecutionRoleName?: pulumi.Input; /** * Parameters for the configuration definition type. Parameters for configuration definitions vary based the configuration type. See the [AWS API documentation](https://docs.aws.amazon.com/quick-setup/latest/APIReference/API_ConfigurationDefinitionInput.html) for a complete list of parameters for each configuration type. */ parameters: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Type of the Quick Setup configuration. */ type: pulumi.Input; /** * Version of the Quick Setup type to use. */ typeVersion?: pulumi.Input; } export interface QuicksetupConfigurationManagerStatusSummary { /** * Current status. */ status: pulumi.Input; /** * When applicable, returns an informational message relevant to the current status and status type of the status summary object. */ statusMessage: pulumi.Input; /** * Type of a status summary. */ statusType: pulumi.Input; } export interface QuicksetupConfigurationManagerTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface ResourceDataSyncS3Destination { /** * Name of S3 bucket where the aggregated data is stored. */ bucketName: pulumi.Input; /** * ARN of an encryption key for a destination in Amazon S3. */ kmsKeyArn?: pulumi.Input; /** * Prefix for the bucket. */ prefix?: pulumi.Input; /** * Region with the bucket targeted by the Resource Data Sync. */ region: pulumi.Input; /** * A supported sync format. Only JsonSerDe is currently supported. Defaults to JsonSerDe. */ syncFormat?: pulumi.Input; } } export namespace ssmcontacts { export interface ContactChannelDeliveryAddress { /** * Details to engage this contact channel. The expected format depends on the contact channel type and is described in the [`ContactChannelAddress` section of the SSM Contacts API Reference](https://docs.aws.amazon.com/incident-manager/latest/APIReference/API_SSMContacts_ContactChannelAddress.html). */ simpleAddress: pulumi.Input; } export interface PlanStage { /** * The time to wait until beginning the next stage. The duration can only be set to 0 if a target is specified. */ durationInMinutes: pulumi.Input; /** * One or more configuration blocks for specifying the contacts or contact methods that the escalation plan or engagement plan is engaging. See Target below for more details. */ targets?: pulumi.Input[]>; } export interface PlanStageTarget { /** * A configuration block for specifying information about the contact channel that Incident Manager engages. See Channel Target Info for more details. */ channelTargetInfo?: pulumi.Input; /** * A configuration block for specifying information about the contact that Incident Manager engages. See Contact Target Info for more details. */ contactTargetInfo?: pulumi.Input; } export interface PlanStageTargetChannelTargetInfo { /** * The Amazon Resource Name (ARN) of the contact channel. */ contactChannelId: pulumi.Input; /** * The number of minutes to wait before retrying to send engagement if the engagement initially failed. */ retryIntervalInMinutes?: pulumi.Input; } export interface PlanStageTargetContactTargetInfo { /** * The Amazon Resource Name (ARN) of the contact. */ contactId?: pulumi.Input; /** * A Boolean value determining if the contact's acknowledgement stops the progress of stages in the plan. */ isEssential: pulumi.Input; } } export namespace ssmincidents { export interface ReplicationSetRegion { /** * The Amazon Resource name (ARN) of the customer managed key. If omitted, AWS manages the AWS KMS keys for you, using an AWS owned key, as indicated by a default value of `DefaultKey`. */ kmsKeyArn?: pulumi.Input; /** * The name of the Region, such as `ap-southeast-2`. */ name: pulumi.Input; /** * The current status of the Region. * * Valid Values: `ACTIVE` | `CREATING` | `UPDATING` | `DELETING` | `FAILED` */ status?: pulumi.Input; /** * More information about the status of a Region. */ statusMessage?: pulumi.Input; } export interface ResponsePlanAction { /** * The Systems Manager automation document to start as the runbook at the beginning of the incident. The following values are supported: */ ssmAutomations?: pulumi.Input[]>; } export interface ResponsePlanActionSsmAutomation { /** * The automation document's name. */ documentName: pulumi.Input; /** * The version of the automation document to use at runtime. */ documentVersion?: pulumi.Input; /** * The key-value pair to resolve dynamic parameter values when processing a Systems Manager Automation runbook. */ dynamicParameters?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * The key-value pair parameters to use when the automation document runs. The following values are supported: */ parameters?: pulumi.Input[]>; /** * The Amazon Resource Name (ARN) of the role that the automation document assumes when it runs commands. */ roleArn: pulumi.Input; /** * The account that the automation document runs in. This can be in either the management account or an application account. */ targetAccount?: pulumi.Input; } export interface ResponsePlanActionSsmAutomationParameter { /** * The name of parameter. */ name: pulumi.Input; /** * The values for the associated parameter name. */ values: pulumi.Input[]>; } export interface ResponsePlanIncidentTemplate { /** * A string used to stop Incident Manager from creating multiple incident records for the same incident. */ dedupeString?: pulumi.Input; /** * The impact value of a generated incident. The following values are supported: */ impact: pulumi.Input; /** * The tags assigned to an incident template. When an incident starts, Incident Manager assigns the tags specified in the template to the incident. */ incidentTags?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * The Amazon Simple Notification Service (Amazon SNS) targets that this incident notifies when it is updated. The `notificationTarget` configuration block supports the following argument: */ notificationTargets?: pulumi.Input[]>; /** * The summary of an incident. */ summary?: pulumi.Input; /** * The title of a generated incident. */ title: pulumi.Input; } export interface ResponsePlanIncidentTemplateNotificationTarget { /** * The ARN of the Amazon SNS topic. */ snsTopicArn: pulumi.Input; } export interface ResponsePlanIntegration { /** * Details about the PagerDuty configuration for a response plan. The following values are supported: */ pagerduties?: pulumi.Input[]>; } export interface ResponsePlanIntegrationPagerduty { /** * The name of the PagerDuty configuration. */ name: pulumi.Input; /** * The ID of the AWS Secrets Manager secret that stores your PagerDuty key — either a General Access REST API Key or User Token REST API Key — and other user credentials. * * For more information about the constraints for each field, see [CreateResponsePlan](https://docs.aws.amazon.com/incident-manager/latest/APIReference/API_CreateResponsePlan.html) in the *AWS Systems Manager Incident Manager API Reference*. */ secretId: pulumi.Input; /** * The ID of the PagerDuty service that the response plan associated with the incident at launch. */ serviceId: pulumi.Input; } } export namespace ssoadmin { export interface ApplicationPortalOptions { /** * Sign-in options for the access portal. See `signInOptions` below. */ signInOptions?: pulumi.Input; /** * Indicates whether this application is visible in the access portal. Valid values are `ENABLED` and `DISABLED`. */ visibility?: pulumi.Input; } export interface ApplicationPortalOptionsSignInOptions { /** * URL that accepts authentication requests for an application. */ applicationUrl?: pulumi.Input; /** * Determines how IAM Identity Center navigates the user to the target application. * Valid values are `APPLICATION` and `IDENTITY_CENTER`. * If `APPLICATION` is set, IAM Identity Center redirects the customer to the configured `applicationUrl`. * If `IDENTITY_CENTER` is set, IAM Identity Center uses SAML identity-provider initiated authentication to sign the customer directly into a SAML-based application. */ origin: pulumi.Input; } export interface CustomerManagedPolicyAttachmentCustomerManagedPolicyReference { /** * Name of the customer managed IAM Policy to be attached. */ name: pulumi.Input; /** * The path to the IAM policy to be attached. The default is `/`. See [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-friendly-names) for more information. */ path?: pulumi.Input; } export interface CustomerManagedPolicyAttachmentsExclusiveCustomerManagedPolicyReference { /** * Name of the customer managed IAM Policy to be attached. */ name: pulumi.Input; /** * The path to the IAM policy to be attached. The default is `/`. See [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-friendly-names) for more information. */ path?: pulumi.Input; } export interface CustomerManagedPolicyAttachmentsExclusiveTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface GetPrincipalApplicationAssignmentsApplicationAssignment { /** * ARN of the application. */ applicationArn?: string; /** * An identifier for an object in IAM Identity Center, such as a user or group. */ principalId?: string; /** * Entity type for which the assignment will be created. Valid values are `USER` or `GROUP`. */ principalType?: string; } export interface GetPrincipalApplicationAssignmentsApplicationAssignmentArgs { /** * ARN of the application. */ applicationArn?: pulumi.Input; /** * An identifier for an object in IAM Identity Center, such as a user or group. */ principalId?: pulumi.Input; /** * Entity type for which the assignment will be created. Valid values are `USER` or `GROUP`. */ principalType?: pulumi.Input; } export interface InstanceAccessControlAttributesAttribute { /** * The name of the attribute associated with your identities in your identity source. This is used to map a specified attribute in your identity source with an attribute in AWS SSO. */ key: pulumi.Input; /** * The value used for mapping a specified attribute to an identity source. See AccessControlAttributeValue */ values: pulumi.Input[]>; } export interface InstanceAccessControlAttributesAttributeValue { /** * The identity source to use when mapping a specified attribute to AWS SSO. */ sources: pulumi.Input[]>; } export interface ManagedPolicyAttachmentsExclusiveTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface PermissionsBoundaryAttachmentPermissionsBoundary { /** * Specifies the name and path of a customer managed policy. See below. */ customerManagedPolicyReference?: pulumi.Input; /** * AWS-managed IAM policy ARN to use as the permissions boundary. */ managedPolicyArn?: pulumi.Input; } export interface PermissionsBoundaryAttachmentPermissionsBoundaryCustomerManagedPolicyReference { /** * Name of the customer managed IAM Policy to be attached. */ name: pulumi.Input; /** * The path to the IAM policy to be attached. The default is `/`. See [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-friendly-names) for more information. */ path?: pulumi.Input; } export interface TrustedTokenIssuerTrustedTokenIssuerConfiguration { /** * A block that describes the settings for a trusted token issuer that works with OpenID Connect (OIDC) by using JSON Web Tokens (JWT). See Documented below below. */ oidcJwtConfiguration: pulumi.Input; } export interface TrustedTokenIssuerTrustedTokenIssuerConfigurationOidcJwtConfiguration { /** * Specifies the path of the source attribute in the JWT from the trusted token issuer. */ claimAttributePath: pulumi.Input; /** * Specifies path of the destination attribute in a JWT from IAM Identity Center. The attribute mapped by this JMESPath expression is compared against the attribute mapped by `claimAttributePath` when a trusted token issuer token is exchanged for an IAM Identity Center token. */ identityStoreAttributePath: pulumi.Input; /** * Specifies the URL that IAM Identity Center uses for OpenID Discovery. OpenID Discovery is used to obtain the information required to verify the tokens that the trusted token issuer generates. */ issuerUrl: pulumi.Input; /** * The method that the trusted token issuer can use to retrieve the JSON Web Key Set used to verify a JWT. Valid values are `OPEN_ID_DISCOVERY` */ jwksRetrievalOption: pulumi.Input; } } export namespace storagegateway { export interface FileSystemAssociationCacheAttributes { /** * Refreshes a file share's cache by using Time To Live (TTL). * TTL is the length of time since the last refresh after which access to the directory would cause the file gateway * to first refresh that directory's contents from the Amazon S3 bucket. Valid Values: `0` or `300` to `2592000` seconds (5 minutes to 30 days). Defaults to `0` */ cacheStaleTimeoutInSeconds?: pulumi.Input; } export interface GatewayGatewayNetworkInterface { /** * The Internet Protocol version 4 (IPv4) address of the interface. */ ipv4Address?: pulumi.Input; } export interface GatewayMaintenanceStartTime { /** * The day of the month component of the maintenance start time represented as an ordinal number from 1 to 28, where 1 represents the first day of the month and 28 represents the last day of the month. */ dayOfMonth?: pulumi.Input; /** * The day of the week component of the maintenance start time week represented as an ordinal number from 0 to 6, where 0 represents Sunday and 6 Saturday. */ dayOfWeek?: pulumi.Input; /** * The hour component of the maintenance start time represented as _hh_, where _hh_ is the hour (00 to 23). The hour of the day is in the time zone of the gateway. */ hourOfDay: pulumi.Input; /** * The minute component of the maintenance start time represented as _mm_, where _mm_ is the minute (00 to 59). The minute of the hour is in the time zone of the gateway. */ minuteOfHour?: pulumi.Input; } export interface GatewaySmbActiveDirectorySettings { activeDirectoryStatus?: pulumi.Input; /** * List of IPv4 addresses, NetBIOS names, or host names of your domain server. * If you need to specify the port number include it after the colon (“:”). For example, `mydc.mydomain.com:389`. */ domainControllers?: pulumi.Input[]>; /** * The name of the domain that you want the gateway to join. */ domainName: pulumi.Input; /** * The organizational unit (OU) is a container in an Active Directory that can hold users, groups, * computers, and other OUs and this parameter specifies the OU that the gateway will join within the AD domain. */ organizationalUnit?: pulumi.Input; /** * The password of the user who has permission to add the gateway to the Active Directory domain. */ password: pulumi.Input; /** * Specifies the time in seconds, in which the JoinDomain operation must complete. The default is `20` seconds. */ timeoutInSeconds?: pulumi.Input; /** * The user name of user who has permission to add the gateway to the Active Directory domain. */ username: pulumi.Input; } export interface NfsFileShareCacheAttributes { /** * Refreshes a file share's cache by using Time To Live (TTL). * TTL is the length of time since the last refresh after which access to the directory would cause the file gateway * to first refresh that directory's contents from the Amazon S3 bucket. Valid Values: 300 to 2,592,000 seconds (5 minutes to 30 days) */ cacheStaleTimeoutInSeconds?: pulumi.Input; } export interface NfsFileShareNfsFileShareDefaults { /** * The Unix directory mode in the string form "nnnn". Defaults to `"0777"`. */ directoryMode?: pulumi.Input; /** * The Unix file mode in the string form "nnnn". Defaults to `"0666"`. */ fileMode?: pulumi.Input; /** * The default group ID for the file share (unless the files have another group ID specified). Defaults to `65534` (`nfsnobody`). Valid values: `0` through `4294967294`. */ groupId?: pulumi.Input; /** * The default owner ID for the file share (unless the files have another owner ID specified). Defaults to `65534` (`nfsnobody`). Valid values: `0` through `4294967294`. */ ownerId?: pulumi.Input; } export interface SmbFileShareCacheAttributes { /** * Refreshes a file share's cache by using Time To Live (TTL). * TTL is the length of time since the last refresh after which access to the directory would cause the file gateway * to first refresh that directory's contents from the Amazon S3 bucket. Valid Values: 300 to 2,592,000 seconds (5 minutes to 30 days) */ cacheStaleTimeoutInSeconds?: pulumi.Input; } } export namespace synthetics { export interface CanaryArtifactConfig { /** * Configuration of the encryption-at-rest settings for artifacts that the canary uploads to Amazon S3. See S3 Encryption. */ s3Encryption?: pulumi.Input; } export interface CanaryArtifactConfigS3Encryption { /** * The encryption method to use for artifacts created by this canary. Valid values are: `SSE_S3` and `SSE_KMS`. */ encryptionMode?: pulumi.Input; /** * The ARN of the customer-managed KMS key to use, if you specify `SSE_KMS` for `encryptionMode`. */ kmsKeyArn?: pulumi.Input; } export interface CanaryRunConfig { /** * Whether this canary is to use active AWS X-Ray tracing when it runs. You can enable active tracing only for canaries that use version syn-nodejs-2.0 or later for their canary runtime. */ activeTracing?: pulumi.Input; /** * Map of environment variables that are accessible from the canary during execution. Please see [AWS Docs](https://docs.aws.amazon.com/lambda/latest/dg/configuration-envvars.html#configuration-envvars-runtime) for variables reserved for Lambda. */ environmentVariables?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Amount of ephemeral storage (in MB) allocated for the canary run during execution. Defaults to 1024. */ ephemeralStorage?: pulumi.Input; /** * Maximum amount of memory available to the canary while it is running, in MB. The value you specify must be a multiple of 64. */ memoryInMb?: pulumi.Input; /** * Number of seconds the canary is allowed to run before it must stop. If you omit this field, the frequency of the canary is used, up to a maximum of 840 (14 minutes). */ timeoutInSeconds?: pulumi.Input; } export interface CanarySchedule { /** * Duration in seconds, for the canary to continue making regular runs according to the schedule in the Expression value. */ durationInSeconds?: pulumi.Input; /** * Rate expression or cron expression that defines how often the canary is to run. For rate expression, the syntax is `rate(number unit)`. _unit_ can be `minute`, `minutes`, or `hour`. For cron expression, the syntax is `cron(expression)`. For more information about the syntax for cron expressions, see [Scheduling canary runs using cron](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch_Synthetics_Canaries_cron.html). */ expression: pulumi.Input; /** * Configuration block for canary retries. Detailed below. */ retryConfig?: pulumi.Input; } export interface CanaryScheduleRetryConfig { /** * Maximum number of retries. The value must be less than or equal to `2`. If `maxRetries` is `2`, `run_config.timeout_in_seconds` should be less than 600 seconds. Defaults to `0`. */ maxRetries: pulumi.Input; } export interface CanaryTimeline { /** * Date and time the canary was created. */ created?: pulumi.Input; /** * Date and time the canary was most recently modified. */ lastModified?: pulumi.Input; /** * Date and time that the canary's most recent run started. */ lastStarted?: pulumi.Input; /** * Date and time that the canary's most recent run ended. */ lastStopped?: pulumi.Input; } export interface CanaryVpcConfig { /** * If `true`, allow outbound IPv6 traffic on VPC canaries that are connected to dual-stack subnets. The default is `false`. */ ipv6AllowedForDualStack?: pulumi.Input; /** * IDs of the security groups for this canary. */ securityGroupIds?: pulumi.Input[]>; /** * IDs of the subnets where this canary is to run. */ subnetIds?: pulumi.Input[]>; /** * ID of the VPC where this canary is to run. */ vpcId?: pulumi.Input; } } export namespace timestreaminfluxdb { export interface DbClusterLogDeliveryConfiguration { /** * Configuration for S3 bucket log delivery. */ s3Configuration?: pulumi.Input; } export interface DbClusterLogDeliveryConfigurationS3Configuration { /** * Name of the S3 bucket to deliver logs to. */ bucketName: pulumi.Input; /** * Indicates whether log delivery to the S3 bucket is enabled. * * **Note**: The following arguments do updates in-place: `dbParameterGroupIdentifier`, `logDeliveryConfiguration`, `port`, `dbInstanceType`, `failoverMode`, and `tags`. Changes to any other argument after a cluster has been deployed will cause destruction and re-creation of the cluster. Additionally, when `dbParameterGroupIdentifier` is added to a cluster or modified, the cluster will be updated in-place but if `dbParameterGroupIdentifier` is removed from a cluster, the cluster will be destroyed and re-created. */ enabled: pulumi.Input; } export interface DbClusterTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface DbInstanceLogDeliveryConfiguration { /** * Configuration for S3 bucket log delivery. */ s3Configuration?: pulumi.Input; } export interface DbInstanceLogDeliveryConfigurationS3Configuration { /** * Name of the S3 bucket to deliver logs to. */ bucketName: pulumi.Input; /** * Indicates whether log delivery to the S3 bucket is enabled. * * **Note**: The following arguments do updates in-place: `dbParameterGroupIdentifier`, `logDeliveryConfiguration`, `port`, `deploymentType`, `dbInstanceType`, and `tags`. Changes to any other argument after a DB instance has been deployed will cause destruction and re-creation of the DB instance. Additionally, when `dbParameterGroupIdentifier` is added to a DB instance or modified, the DB instance will be updated in-place but if `dbParameterGroupIdentifier` is removed from a DB instance, the DB instance will be destroyed and re-created. */ enabled: pulumi.Input; } export interface DbInstanceTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } } export namespace timestreamquery { export interface ScheduledQueryErrorReportConfiguration { /** * Configuration block for the S3 configuration for the error reports. See below. */ s3Configuration: pulumi.Input; } export interface ScheduledQueryErrorReportConfigurationS3Configuration { /** * Name of the S3 bucket under which error reports will be created. */ bucketName: pulumi.Input; /** * Encryption at rest options for the error reports. If no encryption option is specified, Timestream will choose `SSE_S3` as default. Valid values are `SSE_S3`, `SSE_KMS`. */ encryptionOption?: pulumi.Input; /** * Prefix for the error report key. */ objectKeyPrefix?: pulumi.Input; } export interface ScheduledQueryLastRunSummary { /** * S3 location for error report. */ errorReportLocations?: pulumi.Input[]>; /** * Statistics for a single scheduled query run. */ executionStats?: pulumi.Input[]>; /** * Error message for the scheduled query in case of failure. You might have to look at the error report to get more detailed error reasons. */ failureReason?: pulumi.Input; /** * InvocationTime for this run. This is the time at which the query is scheduled to run. Parameter `@scheduled_runtime` can be used in the query to get the value. */ invocationTime?: pulumi.Input; /** * Various insights and metrics related to the run summary of the scheduled query. */ queryInsightsResponses?: pulumi.Input[]>; /** * Status of a scheduled query run. Valid values: `AUTO_TRIGGER_SUCCESS`, `AUTO_TRIGGER_FAILURE`, `MANUAL_TRIGGER_SUCCESS`, `MANUAL_TRIGGER_FAILURE`. */ runStatus?: pulumi.Input; /** * Actual time when the query was run. */ triggerTime?: pulumi.Input; } export interface ScheduledQueryLastRunSummaryErrorReportLocation { /** * S3 location where error reports are written. */ s3ReportLocations?: pulumi.Input[]>; } export interface ScheduledQueryLastRunSummaryErrorReportLocationS3ReportLocation { /** * S3 bucket name. */ bucketName?: pulumi.Input; /** * S3 key. */ objectKey?: pulumi.Input; } export interface ScheduledQueryLastRunSummaryExecutionStat { /** * Bytes metered for a single scheduled query run. */ bytesMetered?: pulumi.Input; /** * Bytes scanned for a single scheduled query run. */ cumulativeBytesScanned?: pulumi.Input; /** * Data writes metered for records ingested in a single scheduled query run. */ dataWrites?: pulumi.Input; /** * Total time, measured in milliseconds, that was needed for the scheduled query run to complete. */ executionTimeInMillis?: pulumi.Input; /** * Number of rows present in the output from running a query before ingestion to destination data source. */ queryResultRows?: pulumi.Input; /** * Number of records ingested for a single scheduled query run. */ recordsIngested?: pulumi.Input; } export interface ScheduledQueryLastRunSummaryQueryInsightsResponse { /** * Size of query result set in bytes. You can use this data to validate if the result set has changed as part of the query tuning exercise. */ outputBytes?: pulumi.Input; /** * Total number of rows returned as part of the query result set. You can use this data to validate if the number of rows in the result set have changed as part of the query tuning exercise. */ outputRows?: pulumi.Input; /** * Insights into the spatial coverage of the query, including the table with sub-optimal (max) spatial pruning. This information can help you identify areas for improvement in your partitioning strategy to enhance spatial pruning. */ querySpatialCoverages?: pulumi.Input[]>; /** * Number of tables in the query. */ queryTableCount?: pulumi.Input; /** * Insights into the temporal range of the query, including the table with the largest (max) time range. Following are some of the potential options for optimizing time-based pruning: add missing time-predicates, remove functions around the time predicates, add time predicates to all the sub-queries. */ queryTemporalRanges?: pulumi.Input[]>; } export interface ScheduledQueryLastRunSummaryQueryInsightsResponseQuerySpatialCoverage { /** * Insights into the most sub-optimal performing table on the temporal axis: */ maxes?: pulumi.Input[]>; } export interface ScheduledQueryLastRunSummaryQueryInsightsResponseQuerySpatialCoverageMaxis { /** * Partition key used for partitioning, which can be a default measureName or a customer defined partition key. */ partitionKeys?: pulumi.Input[]>; /** * ARN of the table which is queried with the largest time range. */ tableArn?: pulumi.Input; /** * Maximum duration in nanoseconds between the start and end of the query. */ value?: pulumi.Input; } export interface ScheduledQueryLastRunSummaryQueryInsightsResponseQueryTemporalRange { /** * Insights into the most sub-optimal performing table on the temporal axis: */ maxes?: pulumi.Input[]>; } export interface ScheduledQueryLastRunSummaryQueryInsightsResponseQueryTemporalRangeMaxis { /** * ARN of the table which is queried with the largest time range. */ tableArn?: pulumi.Input; /** * Maximum duration in nanoseconds between the start and end of the query. */ value?: pulumi.Input; } export interface ScheduledQueryNotificationConfiguration { /** * Configuration block for details about the Amazon Simple Notification Service (SNS) configuration. See below. */ snsConfiguration: pulumi.Input; } export interface ScheduledQueryNotificationConfigurationSnsConfiguration { /** * SNS topic ARN that the scheduled query status notifications will be sent to. */ topicArn: pulumi.Input; } export interface ScheduledQueryRecentlyFailedRun { /** * S3 location for error report. */ errorReportLocations?: pulumi.Input[]>; /** * Statistics for a single scheduled query run. */ executionStats?: pulumi.Input[]>; /** * Error message for the scheduled query in case of failure. You might have to look at the error report to get more detailed error reasons. */ failureReason?: pulumi.Input; /** * InvocationTime for this run. This is the time at which the query is scheduled to run. Parameter `@scheduled_runtime` can be used in the query to get the value. */ invocationTime?: pulumi.Input; /** * Various insights and metrics related to the run summary of the scheduled query. */ queryInsightsResponses?: pulumi.Input[]>; /** * Status of a scheduled query run. Valid values: `AUTO_TRIGGER_SUCCESS`, `AUTO_TRIGGER_FAILURE`, `MANUAL_TRIGGER_SUCCESS`, `MANUAL_TRIGGER_FAILURE`. */ runStatus?: pulumi.Input; /** * Actual time when the query was run. */ triggerTime?: pulumi.Input; } export interface ScheduledQueryRecentlyFailedRunErrorReportLocation { /** * S3 location where error reports are written. */ s3ReportLocations?: pulumi.Input[]>; } export interface ScheduledQueryRecentlyFailedRunErrorReportLocationS3ReportLocation { /** * S3 bucket name. */ bucketName?: pulumi.Input; /** * S3 key. */ objectKey?: pulumi.Input; } export interface ScheduledQueryRecentlyFailedRunExecutionStat { /** * Bytes metered for a single scheduled query run. */ bytesMetered?: pulumi.Input; /** * Bytes scanned for a single scheduled query run. */ cumulativeBytesScanned?: pulumi.Input; /** * Data writes metered for records ingested in a single scheduled query run. */ dataWrites?: pulumi.Input; /** * Total time, measured in milliseconds, that was needed for the scheduled query run to complete. */ executionTimeInMillis?: pulumi.Input; /** * Number of rows present in the output from running a query before ingestion to destination data source. */ queryResultRows?: pulumi.Input; /** * Number of records ingested for a single scheduled query run. */ recordsIngested?: pulumi.Input; } export interface ScheduledQueryRecentlyFailedRunQueryInsightsResponse { /** * Size of query result set in bytes. You can use this data to validate if the result set has changed as part of the query tuning exercise. */ outputBytes?: pulumi.Input; /** * Total number of rows returned as part of the query result set. You can use this data to validate if the number of rows in the result set have changed as part of the query tuning exercise. */ outputRows?: pulumi.Input; /** * Insights into the spatial coverage of the query, including the table with sub-optimal (max) spatial pruning. This information can help you identify areas for improvement in your partitioning strategy to enhance spatial pruning. */ querySpatialCoverages?: pulumi.Input[]>; /** * Number of tables in the query. */ queryTableCount?: pulumi.Input; /** * Insights into the temporal range of the query, including the table with the largest (max) time range. Following are some of the potential options for optimizing time-based pruning: add missing time-predicates, remove functions around the time predicates, add time predicates to all the sub-queries. */ queryTemporalRanges?: pulumi.Input[]>; } export interface ScheduledQueryRecentlyFailedRunQueryInsightsResponseQuerySpatialCoverage { /** * Insights into the most sub-optimal performing table on the temporal axis: */ maxes?: pulumi.Input[]>; } export interface ScheduledQueryRecentlyFailedRunQueryInsightsResponseQuerySpatialCoverageMaxis { /** * Partition key used for partitioning, which can be a default measureName or a customer defined partition key. */ partitionKeys?: pulumi.Input[]>; /** * ARN of the table which is queried with the largest time range. */ tableArn?: pulumi.Input; /** * Maximum duration in nanoseconds between the start and end of the query. */ value?: pulumi.Input; } export interface ScheduledQueryRecentlyFailedRunQueryInsightsResponseQueryTemporalRange { /** * Insights into the most sub-optimal performing table on the temporal axis: */ maxes?: pulumi.Input[]>; } export interface ScheduledQueryRecentlyFailedRunQueryInsightsResponseQueryTemporalRangeMaxis { /** * ARN of the table which is queried with the largest time range. */ tableArn?: pulumi.Input; /** * Maximum duration in nanoseconds between the start and end of the query. */ value?: pulumi.Input; } export interface ScheduledQueryScheduleConfiguration { /** * When to trigger the scheduled query run. This can be a cron expression or a rate expression. */ scheduleExpression: pulumi.Input; } export interface ScheduledQueryTargetConfiguration { /** * Configuration block for information needed to write data into the Timestream database and table. See below. */ timestreamConfiguration: pulumi.Input; } export interface ScheduledQueryTargetConfigurationTimestreamConfiguration { /** * Name of Timestream database to which the query result will be written. */ databaseName: pulumi.Input; /** * Configuration block for mapping of column(s) from the query result to the dimension in the destination table. See below. */ dimensionMappings: pulumi.Input[]>; /** * Name of the measure column. */ measureNameColumn?: pulumi.Input; /** * Configuration block for how to map measures to multi-measure records. See below. */ mixedMeasureMappings?: pulumi.Input[]>; /** * Configuration block for multi-measure mappings. Only one of `mixedMeasureMappings` or `multiMeasureMappings` can be provided. `multiMeasureMappings` can be used to ingest data as multi measures in the derived table. See below. */ multiMeasureMappings?: pulumi.Input; /** * Name of Timestream table that the query result will be written to. The table should be within the same database that is provided in Timestream configuration. */ tableName: pulumi.Input; /** * Column from query result that should be used as the time column in destination table. Column type for this should be TIMESTAMP. */ timeColumn: pulumi.Input; } export interface ScheduledQueryTargetConfigurationTimestreamConfigurationDimensionMapping { /** * Type for the dimension. Valid value: `VARCHAR`. */ dimensionValueType: pulumi.Input; /** * Column name from query result. */ name: pulumi.Input; } export interface ScheduledQueryTargetConfigurationTimestreamConfigurationMixedMeasureMapping { /** * Refers to the value of measureName in a result row. This field is required if `measureNameColumn` is provided. */ measureName?: pulumi.Input; /** * Type of the value that is to be read from `sourceColumn`. Valid values are `BIGINT`, `BOOLEAN`, `DOUBLE`, `VARCHAR`, `MULTI`. */ measureValueType: pulumi.Input; /** * Configuration block for attribute mappings for `MULTI` value measures. Required when `measureValueType` is `MULTI`. See below. */ multiMeasureAttributeMappings?: pulumi.Input[]>; /** * Source column from which measure-value is to be read for result materialization. */ sourceColumn?: pulumi.Input; /** * Target measure name to be used. If not provided, the target measure name by default is `measureName`, if provided, or `sourceColumn` otherwise. */ targetMeasureName?: pulumi.Input; } export interface ScheduledQueryTargetConfigurationTimestreamConfigurationMixedMeasureMappingMultiMeasureAttributeMapping { /** * Type of the attribute to be read from the source column. Valid values are `BIGINT`, `BOOLEAN`, `DOUBLE`, `VARCHAR`, `TIMESTAMP`. */ measureValueType: pulumi.Input; /** * Source column from where the attribute value is to be read. */ sourceColumn: pulumi.Input; /** * Custom name to be used for attribute name in derived table. If not provided, `sourceColumn` is used. */ targetMultiMeasureAttributeName?: pulumi.Input; } export interface ScheduledQueryTargetConfigurationTimestreamConfigurationMultiMeasureMappings { /** * Attribute mappings to be used for mapping query results to ingest data for multi-measure attributes. See above. */ multiMeasureAttributeMappings: pulumi.Input[]>; /** * Name of the target multi-measure name in the derived table. This input is required when `measureNameColumn` is not provided. If `measureNameColumn` is provided, then the value from that column will be used as the multi-measure name. */ targetMultiMeasureName?: pulumi.Input; } export interface ScheduledQueryTargetConfigurationTimestreamConfigurationMultiMeasureMappingsMultiMeasureAttributeMapping { /** * Type of the attribute to be read from the source column. Valid values are `BIGINT`, `BOOLEAN`, `DOUBLE`, `VARCHAR`, `TIMESTAMP`. */ measureValueType: pulumi.Input; /** * Source column from where the attribute value is to be read. */ sourceColumn: pulumi.Input; /** * Custom name to be used for attribute name in derived table. If not provided, `sourceColumn` is used. */ targetMultiMeasureAttributeName?: pulumi.Input; } export interface ScheduledQueryTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } } export namespace timestreamwrite { export interface TableMagneticStoreWriteProperties { /** * A flag to enable magnetic store writes. */ enableMagneticStoreWrites?: pulumi.Input; /** * The location to write error reports for records rejected asynchronously during magnetic store writes. See Magnetic Store Rejected Data Location below for more details. */ magneticStoreRejectedDataLocation?: pulumi.Input; } export interface TableMagneticStoreWritePropertiesMagneticStoreRejectedDataLocation { /** * Configuration of an S3 location to write error reports for records rejected, asynchronously, during magnetic store writes. See S3 Configuration below for more details. */ s3Configuration?: pulumi.Input; } export interface TableMagneticStoreWritePropertiesMagneticStoreRejectedDataLocationS3Configuration { /** * Bucket name of the customer S3 bucket. */ bucketName?: pulumi.Input; /** * Encryption option for the customer s3 location. Options are S3 server side encryption with an S3-managed key or KMS managed key. Valid values are `SSE_KMS` and `SSE_S3`. */ encryptionOption?: pulumi.Input; /** * KMS key arn for the customer s3 location when encrypting with a KMS managed key. */ kmsKeyId?: pulumi.Input; /** * Object key prefix for the customer S3 location. */ objectKeyPrefix?: pulumi.Input; } export interface TableRetentionProperties { /** * The duration for which data must be stored in the magnetic store. Minimum value of 1. Maximum value of 73000. */ magneticStoreRetentionPeriodInDays: pulumi.Input; /** * The duration for which data must be stored in the memory store. Minimum value of 1. Maximum value of 8766. */ memoryStoreRetentionPeriodInHours: pulumi.Input; } export interface TableSchema { /** * A non-empty list of partition keys defining the attributes used to partition the table data. The order of the list determines the partition hierarchy. The name and type of each partition key as well as the partition key order cannot be changed after the table is created. However, the enforcement level of each partition key can be changed. See Composite Partition Key below for more details. */ compositePartitionKey?: pulumi.Input; } export interface TableSchemaCompositePartitionKey { /** * The level of enforcement for the specification of a dimension key in ingested records. Valid values: `REQUIRED`, `OPTIONAL`. */ enforcementInRecord?: pulumi.Input; /** * The name of the attribute used for a dimension key. */ name?: pulumi.Input; /** * The type of the partition key. Valid values: `DIMENSION`, `MEASURE`. */ type: pulumi.Input; } } export namespace transcribe { export interface LanguageModelInputDataConfig { /** * IAM role with access to S3 bucket. */ dataAccessRoleArn: pulumi.Input; /** * S3 URI where training data is located. */ s3Uri: pulumi.Input; /** * S3 URI where tuning data is located. * * The following arguments are optional: */ tuningDataS3Uri?: pulumi.Input; } } export namespace transfer { export interface AccessHomeDirectoryMapping { /** * Represents an entry and a target. */ entry: pulumi.Input; /** * Represents the map target. */ target: pulumi.Input; } export interface AccessPosixProfile { /** * The POSIX group ID used for all EFS operations by this user. */ gid: pulumi.Input; /** * The secondary POSIX group IDs used for all EFS operations by this user. */ secondaryGids?: pulumi.Input[]>; /** * The POSIX user ID used for all EFS operations by this user. */ uid: pulumi.Input; } export interface ConnectorAs2Config { /** * Specifies weather AS2 file is compressed. The valud values are ZLIB and DISABLED. */ compression: pulumi.Input; /** * The algorithm that is used to encrypt the file. The valid values are AES128_CBC | AES192_CBC | AES256_CBC | NONE. */ encryptionAlgorithm: pulumi.Input; /** * The unique identifier for the AS2 local profile. */ localProfileId: pulumi.Input; /** * Used for outbound requests to determine if a partner response for transfers is synchronous or asynchronous. The valid values are SYNC and NONE. */ mdnResponse: pulumi.Input; /** * The signing algorithm for the Mdn response. The valid values are SHA256 | SHA384 | SHA512 | SHA1 | NONE | DEFAULT. */ mdnSigningAlgorithm?: pulumi.Input; /** * Used as the subject HTTP header attribute in AS2 messages that are being sent with the connector. */ messageSubject?: pulumi.Input; /** * The unique identifier for the AS2 partner profile. */ partnerProfileId: pulumi.Input; /** * The algorithm that is used to sign AS2 messages sent with the connector. The valid values are SHA256 | SHA384 | SHA512 | SHA1 | NONE . */ signingAlgorithm: pulumi.Input; } export interface ConnectorEgressConfig { /** * VPC Lattice configuration for routing connector traffic through customer VPCs. Fields documented below. */ vpcLattice?: pulumi.Input; } export interface ConnectorEgressConfigVpcLattice { /** * Port number for connecting to the SFTP server through VPC Lattice. Defaults to 22 if not specified. Must match the port on which the target SFTP server is listening. Valid values are between 1 and 65535. */ portNumber?: pulumi.Input; /** * ARN of the VPC Lattice Resource Configuration that defines the target SFTP server location. Must point to a valid Resource Configuration in a VPC with appropriate network connectivity to the SFTP server. */ resourceConfigurationArn: pulumi.Input; } export interface ConnectorSftpConfig { /** * A list of public portion of the host key, or keys, that are used to authenticate the user to the external server to which you are connecting.(https://docs.aws.amazon.com/transfer/latest/userguide/API_SftpConnectorConfig.html) */ trustedHostKeys?: pulumi.Input[]>; /** * The identifier for the secret (in AWS Secrets Manager) that contains the SFTP user's private key, password, or both. The identifier can be either the Amazon Resource Name (ARN) or the name of the secret. */ userSecretId?: pulumi.Input; } export interface ServerEndpointDetails { /** * A list of address allocation IDs that are required to attach an Elastic IP address to your SFTP server's endpoint. This property can only be used when `endpointType` is set to `VPC`. */ addressAllocationIds?: pulumi.Input[]>; /** * A list of security groups IDs that are available to attach to your server's endpoint. If no security groups are specified, the VPC's default security groups are automatically assigned to your endpoint. This property can only be used when `endpointType` is set to `VPC`. */ securityGroupIds?: pulumi.Input[]>; /** * A list of subnet IDs that are required to host your SFTP server endpoint in your VPC. This property can only be used when `endpointType` is set to `VPC`. */ subnetIds?: pulumi.Input[]>; /** * The ID of the VPC endpoint. This property can only be used when `endpointType` is set to `VPC_ENDPOINT` */ vpcEndpointId?: pulumi.Input; /** * The VPC ID of the virtual private cloud in which the SFTP server's endpoint will be hosted. This property can only be used when `endpointType` is set to `VPC`. */ vpcId?: pulumi.Input; } export interface ServerProtocolDetails { /** * Indicates the transport method for the AS2 messages. Currently, only `HTTP` is supported. */ as2Transports?: pulumi.Input[]>; /** * Indicates passive mode, for FTP and FTPS protocols. Enter a single IPv4 address, such as the public IP address of a firewall, router, or load balancer. */ passiveIp?: pulumi.Input; /** * Use to ignore the error that is generated when the client attempts to use `SETSTAT` on a file you are uploading to an S3 bucket. Valid values: `DEFAULT`, `ENABLE_NO_OP`. */ setStatOption?: pulumi.Input; /** * A property used with Transfer Family servers that use the FTPS protocol. Provides a mechanism to resume or share a negotiated secret key between the control and data connection for an FTPS session. Valid values: `DISABLED`, `ENABLED`, `ENFORCED`. */ tlsSessionResumptionMode?: pulumi.Input; } export interface ServerS3StorageOptions { /** * Specifies whether or not performance for your Amazon S3 directories is optimized. Valid values are `DISABLED`, `ENABLED`. * * By default, home directory mappings have a `TYPE` of `DIRECTORY`. If you enable this option, you would then need to explicitly set the `HomeDirectoryMapEntry` Type to `FILE` if you want a mapping to have a file target. See [Using logical directories to simplify your Transfer Family directory structures](https://docs.aws.amazon.com/transfer/latest/userguide/logical-dir-mappings.html) for details. */ directoryListingOptimization?: pulumi.Input; } export interface ServerWorkflowDetails { /** * A trigger that starts a workflow if a file is only partially uploaded. See Workflow Detail below. See `onPartialUpload` Block below for details. */ onPartialUpload?: pulumi.Input; /** * A trigger that starts a workflow: the workflow begins to execute after a file is uploaded. See `onUpload` Block below for details. */ onUpload?: pulumi.Input; } export interface ServerWorkflowDetailsOnPartialUpload { /** * Includes the necessary permissions for S3, EFS, and Lambda operations that Transfer can assume, so that all workflow steps can operate on the required resources. */ executionRole: pulumi.Input; /** * A unique identifier for the workflow. */ workflowId: pulumi.Input; } export interface ServerWorkflowDetailsOnUpload { /** * Includes the necessary permissions for S3, EFS, and Lambda operations that Transfer can assume, so that all workflow steps can operate on the required resources. */ executionRole: pulumi.Input; /** * A unique identifier for the workflow. */ workflowId: pulumi.Input; } export interface UserHomeDirectoryMapping { /** * Represents an entry and a target. */ entry: pulumi.Input; /** * Represents the map target. * * The `Restricted` option is achieved using the following mapping: * * ``` * home_directory_mappings { * entry = "/" * target = "/${aws_s3_bucket.foo.id}/$${Transfer:UserName}" * } * ``` */ target: pulumi.Input; } export interface UserPosixProfile { /** * The POSIX group ID used for all EFS operations by this user. */ gid: pulumi.Input; /** * The secondary POSIX group IDs used for all EFS operations by this user. */ secondaryGids?: pulumi.Input[]>; /** * The POSIX user ID used for all EFS operations by this user. */ uid: pulumi.Input; } export interface WebAppEndpointDetails { /** * Block defining VPC configuration for hosting the web app endpoint within a VPC. See Vpc below. */ vpc?: pulumi.Input; } export interface WebAppEndpointDetailsVpc { /** * List of security group IDs that control access to the web app endpoint. If not specified, the VPC's default security group is used. */ securityGroupIds?: pulumi.Input[]>; /** * List of subnet IDs within the VPC where the web app endpoint will be deployed. These subnets must be in the same VPC specified in the `vpcId` parameter. */ subnetIds: pulumi.Input[]>; /** * ID of the VPC endpoint created for the web app. */ vpcEndpointId?: pulumi.Input; /** * ID of the VPC where the web app endpoint will be hosted. The VPC must be dual-stack, meaning it supports both IPv4 and IPv6 addressing. */ vpcId: pulumi.Input; } export interface WebAppIdentityProviderDetails { /** * Block that describes the values to use for the IAM Identity Center settings. See Identity center config below. */ identityCenterConfig?: pulumi.Input; } export interface WebAppIdentityProviderDetailsIdentityCenterConfig { applicationArn?: pulumi.Input; /** * ARN of the IAM Identity Center used for the web app. */ instanceArn?: pulumi.Input; /** * ARN of an identity bearer role for your web app. */ role?: pulumi.Input; } export interface WebAppWebAppUnit { provisioned: pulumi.Input; } export interface WorkflowOnExceptionStep { /** * Details for a step that performs a file copy. See Copy Step Details below. */ copyStepDetails?: pulumi.Input; /** * Details for a step that invokes a lambda function. */ customStepDetails?: pulumi.Input; /** * Details for a step that decrypts the file. */ decryptStepDetails?: pulumi.Input; /** * Details for a step that deletes the file. */ deleteStepDetails?: pulumi.Input; /** * Details for a step that creates one or more tags. */ tagStepDetails?: pulumi.Input; type: pulumi.Input; } export interface WorkflowOnExceptionStepCopyStepDetails { /** * Specifies the location for the file being copied. Use ${Transfer:username} in this field to parametrize the destination prefix by username. */ destinationFileLocation?: pulumi.Input; /** * The name of the step, used as an identifier. */ name?: pulumi.Input; /** * A flag that indicates whether or not to overwrite an existing file of the same name. The default is `FALSE`. Valid values are `TRUE` and `FALSE`. */ overwriteExisting?: pulumi.Input; /** * Specifies which file to use as input to the workflow step: either the output from the previous step, or the originally uploaded file for the workflow. Enter ${previous.file} to use the previous file as the input. In this case, this workflow step uses the output file from the previous workflow step as input. This is the default value. Enter ${original.file} to use the originally-uploaded file location as input for this step. */ sourceFileLocation?: pulumi.Input; } export interface WorkflowOnExceptionStepCopyStepDetailsDestinationFileLocation { /** * Specifies the details for the EFS file being copied. */ efsFileLocation?: pulumi.Input; /** * Specifies the details for the S3 file being copied. */ s3FileLocation?: pulumi.Input; } export interface WorkflowOnExceptionStepCopyStepDetailsDestinationFileLocationEfsFileLocation { /** * The ID of the file system, assigned by Amazon EFS. */ fileSystemId?: pulumi.Input; /** * The pathname for the folder being used by a workflow. */ path?: pulumi.Input; } export interface WorkflowOnExceptionStepCopyStepDetailsDestinationFileLocationS3FileLocation { /** * Specifies the S3 bucket for the customer input file. */ bucket?: pulumi.Input; /** * The name assigned to the file when it was created in S3. You use the object key to retrieve the object. */ key?: pulumi.Input; } export interface WorkflowOnExceptionStepCustomStepDetails { /** * The name of the step, used as an identifier. */ name?: pulumi.Input; /** * Specifies which file to use as input to the workflow step: either the output from the previous step, or the originally uploaded file for the workflow. Enter ${previous.file} to use the previous file as the input. In this case, this workflow step uses the output file from the previous workflow step as input. This is the default value. Enter ${original.file} to use the originally-uploaded file location as input for this step. */ sourceFileLocation?: pulumi.Input; /** * The ARN for the lambda function that is being called. */ target?: pulumi.Input; /** * Timeout, in seconds, for the step. */ timeoutSeconds?: pulumi.Input; } export interface WorkflowOnExceptionStepDecryptStepDetails { /** * Specifies the location for the file being copied. Use ${Transfer:username} in this field to parametrize the destination prefix by username. */ destinationFileLocation?: pulumi.Input; /** * The name of the step, used as an identifier. */ name?: pulumi.Input; /** * A flag that indicates whether or not to overwrite an existing file of the same name. The default is `FALSE`. Valid values are `TRUE` and `FALSE`. */ overwriteExisting?: pulumi.Input; /** * Specifies which file to use as input to the workflow step: either the output from the previous step, or the originally uploaded file for the workflow. Enter ${previous.file} to use the previous file as the input. In this case, this workflow step uses the output file from the previous workflow step as input. This is the default value. Enter ${original.file} to use the originally-uploaded file location as input for this step. */ sourceFileLocation?: pulumi.Input; /** * The type of encryption used. Currently, this value must be `"PGP"`. */ type: pulumi.Input; } export interface WorkflowOnExceptionStepDecryptStepDetailsDestinationFileLocation { /** * Specifies the details for the EFS file being copied. */ efsFileLocation?: pulumi.Input; /** * Specifies the details for the S3 file being copied. */ s3FileLocation?: pulumi.Input; } export interface WorkflowOnExceptionStepDecryptStepDetailsDestinationFileLocationEfsFileLocation { /** * The ID of the file system, assigned by Amazon EFS. */ fileSystemId?: pulumi.Input; /** * The pathname for the folder being used by a workflow. */ path?: pulumi.Input; } export interface WorkflowOnExceptionStepDecryptStepDetailsDestinationFileLocationS3FileLocation { /** * Specifies the S3 bucket for the customer input file. */ bucket?: pulumi.Input; /** * The name assigned to the file when it was created in S3. You use the object key to retrieve the object. */ key?: pulumi.Input; } export interface WorkflowOnExceptionStepDeleteStepDetails { /** * The name of the step, used as an identifier. */ name?: pulumi.Input; /** * Specifies which file to use as input to the workflow step: either the output from the previous step, or the originally uploaded file for the workflow. Enter ${previous.file} to use the previous file as the input. In this case, this workflow step uses the output file from the previous workflow step as input. This is the default value. Enter ${original.file} to use the originally-uploaded file location as input for this step. */ sourceFileLocation?: pulumi.Input; } export interface WorkflowOnExceptionStepTagStepDetails { /** * The name of the step, used as an identifier. */ name?: pulumi.Input; /** * Specifies which file to use as input to the workflow step: either the output from the previous step, or the originally uploaded file for the workflow. Enter ${previous.file} to use the previous file as the input. In this case, this workflow step uses the output file from the previous workflow step as input. This is the default value. Enter ${original.file} to use the originally-uploaded file location as input for this step. */ sourceFileLocation?: pulumi.Input; /** * Array that contains from 1 to 10 key/value pairs. See S3 Tags below. */ tags?: pulumi.Input[]>; } export interface WorkflowOnExceptionStepTagStepDetailsTag { key: pulumi.Input; /** * The value that corresponds to the key. */ value: pulumi.Input; } export interface WorkflowStep { /** * Details for a step that performs a file copy. See Copy Step Details below. */ copyStepDetails?: pulumi.Input; /** * Details for a step that invokes a lambda function. */ customStepDetails?: pulumi.Input; /** * Details for a step that decrypts the file. */ decryptStepDetails?: pulumi.Input; /** * Details for a step that deletes the file. */ deleteStepDetails?: pulumi.Input; /** * Details for a step that creates one or more tags. */ tagStepDetails?: pulumi.Input; type: pulumi.Input; } export interface WorkflowStepCopyStepDetails { /** * Specifies the location for the file being copied. Use ${Transfer:username} in this field to parametrize the destination prefix by username. */ destinationFileLocation?: pulumi.Input; /** * The name of the step, used as an identifier. */ name?: pulumi.Input; /** * A flag that indicates whether or not to overwrite an existing file of the same name. The default is `FALSE`. Valid values are `TRUE` and `FALSE`. */ overwriteExisting?: pulumi.Input; /** * Specifies which file to use as input to the workflow step: either the output from the previous step, or the originally uploaded file for the workflow. Enter ${previous.file} to use the previous file as the input. In this case, this workflow step uses the output file from the previous workflow step as input. This is the default value. Enter ${original.file} to use the originally-uploaded file location as input for this step. */ sourceFileLocation?: pulumi.Input; } export interface WorkflowStepCopyStepDetailsDestinationFileLocation { /** * Specifies the details for the EFS file being copied. */ efsFileLocation?: pulumi.Input; /** * Specifies the details for the S3 file being copied. */ s3FileLocation?: pulumi.Input; } export interface WorkflowStepCopyStepDetailsDestinationFileLocationEfsFileLocation { /** * The ID of the file system, assigned by Amazon EFS. */ fileSystemId?: pulumi.Input; /** * The pathname for the folder being used by a workflow. */ path?: pulumi.Input; } export interface WorkflowStepCopyStepDetailsDestinationFileLocationS3FileLocation { /** * Specifies the S3 bucket for the customer input file. */ bucket?: pulumi.Input; /** * The name assigned to the file when it was created in S3. You use the object key to retrieve the object. */ key?: pulumi.Input; } export interface WorkflowStepCustomStepDetails { /** * The name of the step, used as an identifier. */ name?: pulumi.Input; /** * Specifies which file to use as input to the workflow step: either the output from the previous step, or the originally uploaded file for the workflow. Enter ${previous.file} to use the previous file as the input. In this case, this workflow step uses the output file from the previous workflow step as input. This is the default value. Enter ${original.file} to use the originally-uploaded file location as input for this step. */ sourceFileLocation?: pulumi.Input; /** * The ARN for the lambda function that is being called. */ target?: pulumi.Input; /** * Timeout, in seconds, for the step. */ timeoutSeconds?: pulumi.Input; } export interface WorkflowStepDecryptStepDetails { /** * Specifies the location for the file being copied. Use ${Transfer:username} in this field to parametrize the destination prefix by username. */ destinationFileLocation?: pulumi.Input; /** * The name of the step, used as an identifier. */ name?: pulumi.Input; /** * A flag that indicates whether or not to overwrite an existing file of the same name. The default is `FALSE`. Valid values are `TRUE` and `FALSE`. */ overwriteExisting?: pulumi.Input; /** * Specifies which file to use as input to the workflow step: either the output from the previous step, or the originally uploaded file for the workflow. Enter ${previous.file} to use the previous file as the input. In this case, this workflow step uses the output file from the previous workflow step as input. This is the default value. Enter ${original.file} to use the originally-uploaded file location as input for this step. */ sourceFileLocation?: pulumi.Input; /** * The type of encryption used. Currently, this value must be `"PGP"`. */ type: pulumi.Input; } export interface WorkflowStepDecryptStepDetailsDestinationFileLocation { /** * Specifies the details for the EFS file being copied. */ efsFileLocation?: pulumi.Input; /** * Specifies the details for the S3 file being copied. */ s3FileLocation?: pulumi.Input; } export interface WorkflowStepDecryptStepDetailsDestinationFileLocationEfsFileLocation { /** * The ID of the file system, assigned by Amazon EFS. */ fileSystemId?: pulumi.Input; /** * The pathname for the folder being used by a workflow. */ path?: pulumi.Input; } export interface WorkflowStepDecryptStepDetailsDestinationFileLocationS3FileLocation { /** * Specifies the S3 bucket for the customer input file. */ bucket?: pulumi.Input; /** * The name assigned to the file when it was created in S3. You use the object key to retrieve the object. */ key?: pulumi.Input; } export interface WorkflowStepDeleteStepDetails { /** * The name of the step, used as an identifier. */ name?: pulumi.Input; /** * Specifies which file to use as input to the workflow step: either the output from the previous step, or the originally uploaded file for the workflow. Enter ${previous.file} to use the previous file as the input. In this case, this workflow step uses the output file from the previous workflow step as input. This is the default value. Enter ${original.file} to use the originally-uploaded file location as input for this step. */ sourceFileLocation?: pulumi.Input; } export interface WorkflowStepTagStepDetails { /** * The name of the step, used as an identifier. */ name?: pulumi.Input; /** * Specifies which file to use as input to the workflow step: either the output from the previous step, or the originally uploaded file for the workflow. Enter ${previous.file} to use the previous file as the input. In this case, this workflow step uses the output file from the previous workflow step as input. This is the default value. Enter ${original.file} to use the originally-uploaded file location as input for this step. */ sourceFileLocation?: pulumi.Input; /** * Array that contains from 1 to 10 key/value pairs. See S3 Tags below. */ tags?: pulumi.Input[]>; } export interface WorkflowStepTagStepDetailsTag { key: pulumi.Input; /** * The value that corresponds to the key. */ value: pulumi.Input; } } export namespace verifiedaccess { export interface EndpointCidrOptions { cidr: pulumi.Input; portRanges: pulumi.Input[]>; protocol?: pulumi.Input; subnetIds?: pulumi.Input[]>; } export interface EndpointCidrOptionsPortRange { fromPort: pulumi.Input; toPort: pulumi.Input; } export interface EndpointLoadBalancerOptions { loadBalancerArn?: pulumi.Input; port?: pulumi.Input; portRanges?: pulumi.Input[]>; protocol?: pulumi.Input; subnetIds?: pulumi.Input[]>; } export interface EndpointLoadBalancerOptionsPortRange { fromPort: pulumi.Input; toPort: pulumi.Input; } export interface EndpointNetworkInterfaceOptions { networkInterfaceId?: pulumi.Input; port?: pulumi.Input; portRanges?: pulumi.Input[]>; protocol?: pulumi.Input; } export interface EndpointNetworkInterfaceOptionsPortRange { fromPort: pulumi.Input; toPort: pulumi.Input; } export interface EndpointRdsOptions { port?: pulumi.Input; protocol?: pulumi.Input; rdsDbClusterArn?: pulumi.Input; rdsDbInstanceArn?: pulumi.Input; rdsDbProxyArn?: pulumi.Input; rdsEndpoint?: pulumi.Input; subnetIds?: pulumi.Input[]>; } export interface EndpointSseSpecification { customerManagedKeyEnabled?: pulumi.Input; kmsKeyArn?: pulumi.Input; } export interface GroupSseConfiguration { /** * Boolean flag to indicate that the CMK should be used. */ customerManagedKeyEnabled?: pulumi.Input; /** * ARN of the KMS key to use. */ kmsKeyArn?: pulumi.Input; } export interface InstanceLoggingConfigurationAccessLogs { /** * A block that specifies configures sending Verified Access logs to CloudWatch Logs. Detailed below. */ cloudwatchLogs?: pulumi.Input; /** * Include trust data sent by trust providers into the logs. */ includeTrustContext?: pulumi.Input; /** * A block that specifies configures sending Verified Access logs to Kinesis. Detailed below. */ kinesisDataFirehose?: pulumi.Input; /** * The logging version to use. Refer to [VerifiedAccessLogOptions](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_VerifiedAccessLogOptions.html) for the allowed values. */ logVersion?: pulumi.Input; /** * A block that specifies configures sending Verified Access logs to S3. Detailed below. */ s3?: pulumi.Input; } export interface InstanceLoggingConfigurationAccessLogsCloudwatchLogs { /** * Indicates whether logging is enabled. */ enabled: pulumi.Input; /** * The name of the CloudWatch Logs Log Group. */ logGroup?: pulumi.Input; } export interface InstanceLoggingConfigurationAccessLogsKinesisDataFirehose { /** * The name of the delivery stream. */ deliveryStream?: pulumi.Input; /** * Indicates whether logging is enabled. */ enabled: pulumi.Input; } export interface InstanceLoggingConfigurationAccessLogsS3 { /** * The name of S3 bucket. */ bucketName?: pulumi.Input; /** * The ID of the AWS account that owns the Amazon S3 bucket. */ bucketOwner?: pulumi.Input; /** * Indicates whether logging is enabled. */ enabled: pulumi.Input; /** * The bucket prefix. */ prefix?: pulumi.Input; } export interface InstanceVerifiedAccessTrustProvider { /** * A description for the AWS Verified Access Instance. */ description?: pulumi.Input; /** * The type of device-based trust provider. */ deviceTrustProviderType?: pulumi.Input; /** * The type of trust provider (user- or device-based). */ trustProviderType?: pulumi.Input; /** * The type of user-based trust provider. */ userTrustProviderType?: pulumi.Input; /** * The ID of the trust provider. */ verifiedAccessTrustProviderId?: pulumi.Input; } export interface TrustProviderDeviceOptions { tenantId?: pulumi.Input; } export interface TrustProviderNativeApplicationOidcOptions { authorizationEndpoint?: pulumi.Input; clientId?: pulumi.Input; clientSecret: pulumi.Input; issuer?: pulumi.Input; publicSigningKeyEndpoint?: pulumi.Input; scope?: pulumi.Input; tokenEndpoint?: pulumi.Input; userInfoEndpoint?: pulumi.Input; } export interface TrustProviderOidcOptions { authorizationEndpoint?: pulumi.Input; clientId?: pulumi.Input; clientSecret: pulumi.Input; issuer?: pulumi.Input; scope?: pulumi.Input; tokenEndpoint?: pulumi.Input; userInfoEndpoint?: pulumi.Input; } export interface TrustProviderSseSpecification { customerManagedKeyEnabled?: pulumi.Input; kmsKeyArn?: pulumi.Input; } } export namespace verifiedpermissions { export interface IdentitySourceConfiguration { /** * Specifies the configuration details of an Amazon Cognito user pool that Verified Permissions can use as a source of authenticated identities as entities. See Cognito User Pool Configuration below. */ cognitoUserPoolConfiguration?: pulumi.Input; /** * Specifies the configuration details of an OpenID Connect (OIDC) identity provider, or identity source, that Verified Permissions can use to generate entities from authenticated identities. See Open ID Connect Configuration below. */ openIdConnectConfiguration?: pulumi.Input; } export interface IdentitySourceConfigurationCognitoUserPoolConfiguration { /** * The unique application client IDs that are associated with the specified Amazon Cognito user pool. */ clientIds?: pulumi.Input[]>; /** * The type of entity that a policy store maps to groups from an Amazon Cognito user pool identity source. See Group Configuration below. */ groupConfiguration?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Amazon Cognito user pool that contains the identities to be authorized. */ userPoolArn: pulumi.Input; } export interface IdentitySourceConfigurationCognitoUserPoolConfigurationGroupConfiguration { /** * The name of the schema entity type that's mapped to the user pool group. Defaults to `AWS::CognitoGroup`. */ groupEntityType: pulumi.Input; } export interface IdentitySourceConfigurationOpenIdConnectConfiguration { /** * A descriptive string that you want to prefix to user entities from your OIDC identity provider. */ entityIdPrefix?: pulumi.Input; /** * The type of entity that a policy store maps to groups from an Amazon Cognito user pool identity source. See Group Configuration below. */ groupConfiguration?: pulumi.Input; /** * The issuer URL of an OIDC identity provider. This URL must have an OIDC discovery endpoint at the path `.well-known/openid-configuration`. */ issuer: pulumi.Input; /** * The token type that you want to process from your OIDC identity provider. Your policy store can process either identity (ID) or access tokens from a given OIDC identity source. See Token Selection below. */ tokenSelection: pulumi.Input; } export interface IdentitySourceConfigurationOpenIdConnectConfigurationGroupConfiguration { /** * The token claim that you want Verified Permissions to interpret as group membership. For example, `groups`. */ groupClaim: pulumi.Input; /** * The name of the schema entity type that's mapped to the user pool group. Defaults to `AWS::CognitoGroup`. */ groupEntityType: pulumi.Input; } export interface IdentitySourceConfigurationOpenIdConnectConfigurationTokenSelection { /** * The OIDC configuration for processing access tokens. See Access Token Only below. */ accessTokenOnly?: pulumi.Input; /** * The OIDC configuration for processing identity (ID) tokens. See Identity Token Only below. */ identityTokenOnly?: pulumi.Input; } export interface IdentitySourceConfigurationOpenIdConnectConfigurationTokenSelectionAccessTokenOnly { /** * The access token aud claim values that you want to accept in your policy store. */ audiences?: pulumi.Input[]>; /** * The claim that determines the principal in OIDC access tokens. */ principalIdClaim?: pulumi.Input; } export interface IdentitySourceConfigurationOpenIdConnectConfigurationTokenSelectionIdentityTokenOnly { /** * The ID token audience, or client ID, claim values that you want to accept in your policy store from an OIDC identity provider. */ clientIds?: pulumi.Input[]>; /** * The claim that determines the principal in OIDC identity tokens. */ principalIdClaim?: pulumi.Input; } export interface PolicyDefinition { /** * The static policy statement. See Static below. */ static?: pulumi.Input; /** * The template linked policy. See Template Linked below. */ templateLinked?: pulumi.Input; } export interface PolicyDefinitionStatic { /** * The description of the static policy. */ description?: pulumi.Input; /** * The statement of the static policy. */ statement: pulumi.Input; } export interface PolicyDefinitionTemplateLinked { /** * The ID of the template. */ policyTemplateId: pulumi.Input; /** * The principal of the template linked policy. */ principal?: pulumi.Input; /** * The resource of the template linked policy. */ resource?: pulumi.Input; } export interface PolicyDefinitionTemplateLinkedPrincipal { /** * The entity ID of the principal. */ entityId: pulumi.Input; /** * The entity type of the principal. */ entityType: pulumi.Input; } export interface PolicyDefinitionTemplateLinkedResource { /** * The entity ID of the resource. */ entityId: pulumi.Input; /** * The entity type of the resource. */ entityType: pulumi.Input; } export interface PolicyStoreValidationSettings { /** * The mode for the validation settings. Valid values: `OFF`, `STRICT`. * * The following arguments are optional: */ mode: pulumi.Input; } export interface SchemaDefinition { /** * A JSON string representation of the schema. */ value: pulumi.Input; } } export namespace vpc { export interface EndpointServicePrivateDnsVerificationTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; } export interface GetSecurityGroupRuleFilter { /** * Name of the filter field. Valid values can be found in the EC2 [`DescribeSecurityGroupRules`](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroupRules.html) API Reference. */ name: string; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: string[]; } export interface GetSecurityGroupRuleFilterArgs { /** * Name of the filter field. Valid values can be found in the EC2 [`DescribeSecurityGroupRules`](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroupRules.html) API Reference. */ name: pulumi.Input; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: pulumi.Input[]>; } export interface GetSecurityGroupRulesFilter { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroupRules.html). */ name: string; /** * Set of values that are accepted for the given field. * * Security group rule IDs will be selected if any one of the given values match. */ values: string[]; } export interface GetSecurityGroupRulesFilterArgs { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroupRules.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given field. * * Security group rule IDs will be selected if any one of the given values match. */ values: pulumi.Input[]>; } export interface RouteServerEndpointTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; } export interface RouteServerPeerBgpOptions { /** * The Border Gateway Protocol (BGP) Autonomous System Number (ASN) for the appliance. Valid values are from 1 to 4294967295. We recommend using a private ASN in the 64512–65534 (16-bit ASN) or 4200000000–4294967294 (32-bit ASN) range. */ peerAsn: pulumi.Input; /** * The requested liveness detection protocol for the BGP peer. Valid values are `bgp-keepalive` and `bfd`. Default value is `bgp-keepalive`. */ peerLivenessDetection?: pulumi.Input; } export interface RouteServerPeerTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; } export interface RouteServerPropagationTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; } export interface RouteServerTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface RouteServerVpcAssociationTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; } export interface SecurityGroupVpcAssociationTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; } } export namespace vpclattice { export interface ListenerDefaultAction { fixedResponse?: pulumi.Input; /** * Route requests to one or more target groups. See Forward blocks below. * * > **NOTE:** You must specify exactly one of the following argument blocks: `fixedResponse` or `forward`. */ forwards?: pulumi.Input[]>; } export interface ListenerDefaultActionFixedResponse { /** * Custom HTTP status code to return, e.g. a 404 response code. See [Listeners](https://docs.aws.amazon.com/vpc-lattice/latest/ug/listeners.html) in the AWS documentation for a list of supported codes. */ statusCode: pulumi.Input; } export interface ListenerDefaultActionForward { /** * One or more target group blocks. */ targetGroups?: pulumi.Input[]>; } export interface ListenerDefaultActionForwardTargetGroup { /** * ID or Amazon Resource Name (ARN) of the target group. */ targetGroupIdentifier?: pulumi.Input; /** * Determines how requests are distributed to the target group. Only required if you specify multiple target groups for a forward action. For example, if you specify two target groups, one with a * weight of 10 and the other with a weight of 20, the target group with a weight of 20 receives twice as many requests as the other target group. See [Listener rules](https://docs.aws.amazon.com/vpc-lattice/latest/ug/listeners.html#listener-rules) in the AWS documentation for additional examples. Default: `100`. */ weight?: pulumi.Input; } export interface ListenerRuleAction { /** * Describes the rule action that returns a custom HTTP response. * See `fixedResponse` Block for details. */ fixedResponse?: pulumi.Input; /** * The forward action. Traffic that matches the rule is forwarded to the specified target groups. * See `forward` Block for details. */ forward?: pulumi.Input; } export interface ListenerRuleActionFixedResponse { /** * The HTTP response code. */ statusCode: pulumi.Input; } export interface ListenerRuleActionForward { /** * The target groups. Traffic matching the rule is forwarded to the specified target groups. With forward actions, you can assign a weight that controls the prioritization and selection of each target group. This means that requests are distributed to individual target groups based on their weights. For example, if two target groups have the same weight, each target group receives half of the traffic. * * The default value is 1 with maximum number of 2. If only one target group is provided, there is no need to set the weight; 100% of traffic will go to that target group. */ targetGroups: pulumi.Input[]>; } export interface ListenerRuleActionForwardTargetGroup { targetGroupIdentifier: pulumi.Input; weight?: pulumi.Input; } export interface ListenerRuleMatch { /** * The HTTP criteria that a rule must match. * See `httpMatch` Block for details. */ httpMatch: pulumi.Input; } export interface ListenerRuleMatchHttpMatch { /** * The header matches. * Matches incoming requests with rule based on request header value before applying rule action. * See `headerMatches` Block for details. */ headerMatches?: pulumi.Input[]>; /** * The HTTP method type. */ method?: pulumi.Input; /** * The path match. * See `pathMatch` Block for details. */ pathMatch?: pulumi.Input; } export interface ListenerRuleMatchHttpMatchHeaderMatch { /** * Indicates whether the match is case sensitive. * Default is `false`. */ caseSensitive?: pulumi.Input; /** * The header match type. * See Header Match `match` Block for details. */ match: pulumi.Input; /** * The name of the header. */ name: pulumi.Input; } export interface ListenerRuleMatchHttpMatchHeaderMatchMatch { /** * Specifies a contains type match. */ contains?: pulumi.Input; /** * Specifies an exact type match. */ exact?: pulumi.Input; /** * Specifies a prefix type match. * Matches the value with the prefix. */ prefix?: pulumi.Input; } export interface ListenerRuleMatchHttpMatchPathMatch { /** * Indicates whether the match is case sensitive. * Default is `false`. */ caseSensitive?: pulumi.Input; /** * The header match type. * See Path Match `match` Block for details. */ match: pulumi.Input; } export interface ListenerRuleMatchHttpMatchPathMatchMatch { /** * Specifies an exact type match. */ exact?: pulumi.Input; /** * Specifies a prefix type match. * Matches the value with the prefix. */ prefix?: pulumi.Input; } export interface ResourceConfigurationResourceConfigurationDefinition { /** * Resource DNS Configuration. See `arnResource` Block for details. */ arnResource?: pulumi.Input; /** * Resource DNS Configuration. See `dnsResource` Block for details. */ dnsResource?: pulumi.Input; /** * Resource DNS Configuration. See `ipResource` Block for details. */ ipResource?: pulumi.Input; } export interface ResourceConfigurationResourceConfigurationDefinitionArnResource { /** * The ARN of the Resource for this configuration. */ arn: pulumi.Input; } export interface ResourceConfigurationResourceConfigurationDefinitionDnsResource { /** * The hostname of the Resource for this configuration. */ domainName: pulumi.Input; /** * The IP Address type either `IPV4` or `IPV6` */ ipAddressType: pulumi.Input; } export interface ResourceConfigurationResourceConfigurationDefinitionIpResource { /** * The IP Address of the Resource for this configuration. */ ipAddress: pulumi.Input; } export interface ResourceConfigurationTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface ResourceGatewayTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface ServiceDnsEntry { domainName?: pulumi.Input; hostedZoneId?: pulumi.Input; } export interface ServiceNetworkResourceAssociationDnsEntry { /** * The domain name of the association in the service network. */ domainName: pulumi.Input; /** * The ID of the hosted zone containing the domain name. */ hostedZoneId: pulumi.Input; } export interface ServiceNetworkResourceAssociationTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; } export interface ServiceNetworkServiceAssociationDnsEntry { /** * The domain name of the service. */ domainName?: pulumi.Input; /** * The ID of the hosted zone. */ hostedZoneId?: pulumi.Input; } export interface ServiceNetworkVpcAssociationDnsOptions { /** * Preference for which private domains have a private hosted zone created for and associated with the specified VPC. Only supported when `privateDnsEnabled` is `true`. Valid Values are `VERIFIED_DOMAINS_ONLY`, `ALL_DOMAINS`, `VERIFIED_DOMAINS_AND_SPECIFIED_DOMAINS` and `SPECIFIED_DOMAINS_ONLY`. */ privateDnsPreference?: pulumi.Input; /** * Private domains to create private hosted zones for and associate with the specified VPC. Only supported when `privateDnsEnabled` is `true` and `privateDnsPreference` is `VERIFIED_DOMAINS_AND_SPECIFIED_DOMAINS` or `SPECIFIED_DOMAINS_ONLY`. */ privateDnsSpecifiedDomains?: pulumi.Input[]>; } export interface TargetGroupAttachmentTarget { /** * The ID of the target. If the target type of the target group is INSTANCE, this is an instance ID. If the target type is IP , this is an IP address. If the target type is LAMBDA, this is the ARN of the Lambda function. If the target type is ALB, this is the ARN of the Application Load Balancer. */ id: pulumi.Input; /** * This port is used for routing traffic to the target, and defaults to the target group port. However, you can override the default and specify a custom port. */ port?: pulumi.Input; } export interface TargetGroupConfig { /** * The health check configuration. */ healthCheck?: pulumi.Input; /** * The type of IP address used for the target group. Valid values: `IPV4` | `IPV6`. */ ipAddressType?: pulumi.Input; /** * The version of the event structure that the Lambda function receives. Supported only if `type` is `LAMBDA`. Valid Values are `V1` | `V2`. */ lambdaEventStructureVersion?: pulumi.Input; /** * The port on which the targets are listening. */ port?: pulumi.Input; /** * The protocol to use for routing traffic to the targets. Valid Values are `HTTP` | `HTTPS`. */ protocol?: pulumi.Input; /** * The protocol version. Valid Values are `HTTP1` | `HTTP2` | `GRPC`. Default value is `HTTP1`. */ protocolVersion?: pulumi.Input; /** * The ID of the VPC. */ vpcIdentifier?: pulumi.Input; } export interface TargetGroupConfigHealthCheck { /** * Indicates whether health checking is enabled. Defaults to `true`. */ enabled?: pulumi.Input; /** * The approximate amount of time, in seconds, between health checks of an individual target. The range is 5–300 seconds. The default is 30 seconds. */ healthCheckIntervalSeconds?: pulumi.Input; /** * The amount of time, in seconds, to wait before reporting a target as unhealthy. The range is 1–120 seconds. The default is 5 seconds. * * `healthyThresholdCount ` - (Optional) The number of consecutive successful health checks required before considering an unhealthy target healthy. The range is 2–10. The default is 5. */ healthCheckTimeoutSeconds?: pulumi.Input; healthyThresholdCount?: pulumi.Input; /** * The codes to use when checking for a successful response from a target. These are called _Success codes_ in the console. */ matcher?: pulumi.Input; /** * The destination for health checks on the targets. If the protocol version is HTTP/1.1 or HTTP/2, specify a valid URI (for example, /path?query). The default path is `/`. Health checks are not supported if the protocol version is gRPC, however, you can choose HTTP/1.1 or HTTP/2 and specify a valid URI. */ path?: pulumi.Input; /** * The port used when performing health checks on targets. The default setting is the port that a target receives traffic on. */ port?: pulumi.Input; /** * The protocol used when performing health checks on targets. The possible protocols are `HTTP` and `HTTPS`. */ protocol?: pulumi.Input; /** * The protocol version used when performing health checks on targets. The possible protocol versions are `HTTP1` and `HTTP2`. The default is `HTTP1`. */ protocolVersion?: pulumi.Input; /** * The number of consecutive failed health checks required before considering a target unhealthy. The range is 2–10. The default is 2. */ unhealthyThresholdCount?: pulumi.Input; } export interface TargetGroupConfigHealthCheckMatcher { /** * The HTTP codes to use when checking for a successful response from a target. */ value?: pulumi.Input; } } export namespace vpn { export interface GetConnectionFilter { /** * Name of the filter field. Valid values can be found in the [EC2 `DescribeVPNConnections` API Reference](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeVpnConnections.html). */ name: string; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: string[]; } export interface GetConnectionFilterArgs { /** * Name of the filter field. Valid values can be found in the [EC2 `DescribeVPNConnections` API Reference](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeVpnConnections.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: pulumi.Input[]>; } } export namespace waf { export interface ByteMatchSetByteMatchTuple { /** * The part of a web request that you want to search, such as a specified header or a query string. */ fieldToMatch: pulumi.Input; /** * Within the portion of a web request that you want to search * (for example, in the query string, if any), specify where you want to search. * e.g., `CONTAINS`, `CONTAINS_WORD` or `EXACTLY`. * See [docs](http://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchTuple.html#WAF-Type-ByteMatchTuple-PositionalConstraint) * for all supported values. */ positionalConstraint: pulumi.Input; /** * The value that you want to search for within the field specified by `fieldToMatch`, e.g., `badrefer1`. * See [docs](https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_ByteMatchTuple.html) * for all supported values. */ targetString?: pulumi.Input; /** * Text transformations used to eliminate unusual formatting that attackers use in web requests in an effort to bypass AWS WAF. * If you specify a transformation, AWS WAF performs the transformation on `targetString` before inspecting a request for a match. * e.g., `CMD_LINE`, `HTML_ENTITY_DECODE` or `NONE`. * See [docs](http://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchTuple.html#WAF-Type-ByteMatchTuple-TextTransformation) * for all supported values. */ textTransformation: pulumi.Input; } export interface ByteMatchSetByteMatchTupleFieldToMatch { /** * When `type` is `HEADER`, enter the name of the header that you want to search, e.g., `User-Agent` or `Referer`. * If `type` is any other value, omit this field. */ data?: pulumi.Input; /** * The part of the web request that you want AWS WAF to search for a specified string. * e.g., `HEADER`, `METHOD` or `BODY`. * See [docs](http://docs.aws.amazon.com/waf/latest/APIReference/API_FieldToMatch.html) * for all supported values. */ type: pulumi.Input; } export interface GeoMatchSetGeoMatchConstraint { /** * The type of geographical area you want AWS WAF to search for. Currently Country is the only valid value. */ type: pulumi.Input; /** * The country that you want AWS WAF to search for. * This is the two-letter country code, e.g., `US`, `CA`, `RU`, `CN`, etc. * See [docs](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchConstraint.html) for all supported values. */ value: pulumi.Input; } export interface IpSetIpSetDescriptor { /** * Type of the IP address - `IPV4` or `IPV6`. */ type: pulumi.Input; /** * An IPv4 or IPv6 address specified via CIDR notationE.g., `192.0.2.44/32` or `1111:0000:0000:0000:0000:0000:0000:0000/64` */ value: pulumi.Input; } export interface RateBasedRulePredicate { /** * A unique identifier for a predicate in the rule, such as Byte Match Set ID or IPSet ID. */ dataId: pulumi.Input; /** * Set this to `false` if you want to allow, block, or count requests * based on the settings in the specified `ByteMatchSet`, `IPSet`, `SqlInjectionMatchSet`, `XssMatchSet`, or `SizeConstraintSet`. * For example, if an IPSet includes the IP address `192.0.2.44`, AWS WAF will allow or block requests based on that IP address. * If set to `true`, AWS WAF will allow, block, or count requests based on all IP addresses _except_ `192.0.2.44`. */ negated: pulumi.Input; /** * The type of predicate in a rule. Valid values: `ByteMatch`, `GeoMatch`, `IPMatch`, `RegexMatch`, `SizeConstraint`, `SqlInjectionMatch`, or `XssMatch`. */ type: pulumi.Input; } export interface RegexMatchSetRegexMatchTuple { /** * The part of a web request that you want to search, such as a specified header or a query string. */ fieldToMatch: pulumi.Input; /** * The ID of a Regex Pattern Set. */ regexPatternSetId: pulumi.Input; /** * Text transformations used to eliminate unusual formatting that attackers use in web requests in an effort to bypass AWS WAF. * e.g., `CMD_LINE`, `HTML_ENTITY_DECODE` or `NONE`. * See [docs](http://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchTuple.html#WAF-Type-ByteMatchTuple-TextTransformation) * for all supported values. */ textTransformation: pulumi.Input; } export interface RegexMatchSetRegexMatchTupleFieldToMatch { /** * When `type` is `HEADER`, enter the name of the header that you want to search, e.g., `User-Agent` or `Referer`. * If `type` is any other value, omit this field. */ data?: pulumi.Input; /** * The part of the web request that you want AWS WAF to search for a specified string. * e.g., `HEADER`, `METHOD` or `BODY`. * See [docs](http://docs.aws.amazon.com/waf/latest/APIReference/API_FieldToMatch.html) * for all supported values. */ type: pulumi.Input; } export interface RuleGroupActivatedRule { /** * Specifies the action that CloudFront or AWS WAF takes when a web request matches the conditions in the rule. */ action: pulumi.Input; /** * Specifies the order in which the rules are evaluated. Rules with a lower value are evaluated before rules with a higher value. */ priority: pulumi.Input; /** * The ID of a rule */ ruleId: pulumi.Input; type?: pulumi.Input; } export interface RuleGroupActivatedRuleAction { type: pulumi.Input; } export interface RulePredicate { /** * A unique identifier for a predicate in the rule, such as Byte Match Set ID or IPSet ID. */ dataId: pulumi.Input; /** * Set this to `false` if you want to allow, block, or count requests * based on the settings in the specified waf_byte_match_set, waf_ipset, aws_waf_size_constraint_set, aws.waf.SqlInjectionMatchSet or aws_waf_xss_match_set. * For example, if an IPSet includes the IP address `192.0.2.44`, AWS WAF will allow or block requests based on that IP address. * If set to `true`, AWS WAF will allow, block, or count requests based on all IP addresses except `192.0.2.44`. */ negated: pulumi.Input; /** * The type of predicate in a rule. Valid values: `ByteMatch`, `GeoMatch`, `IPMatch`, `RegexMatch`, `SizeConstraint`, `SqlInjectionMatch`, or `XssMatch`. */ type: pulumi.Input; } export interface SizeConstraintSetSizeConstraint { /** * Type of comparison you want to perform, such as `EQ`, `NE`, `LT`, or `GT`. Please refer to the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_SizeConstraint.html) for a complete list of supported values. */ comparisonOperator: pulumi.Input; /** * Parameter that specifies where in a web request to look for the size constraint. */ fieldToMatch: pulumi.Input; /** * Size in bytes that you want to compare against the size of the specified `fieldToMatch`. Valid values for `size` are between 0 and 21474836480 bytes (0 and 20 GB). */ size: pulumi.Input; /** * Parameter is used to eliminate unusual formatting that attackers may use in web requests to bypass AWS WAF. When a transformation is specified, AWS WAF performs the transformation on the `fieldToMatch` before inspecting the request for a match. Some examples of supported transformations are `CMD_LINE`, `HTML_ENTITY_DECODE`, and `NONE`. You can find a complete list of supported values in the [AWS WAF API Reference](http://docs.aws.amazon.com/waf/latest/APIReference/API_SizeConstraint.html#WAF-Type-SizeConstraint-TextTransformation). * **Note:** If you choose `BODY` as the `type`, you must also choose `NONE` because CloudFront only forwards the first 8192 bytes for inspection. */ textTransformation: pulumi.Input; } export interface SizeConstraintSetSizeConstraintFieldToMatch { /** * When the `type` is `HEADER`, specify the name of the header that you want to search using the `data` field, for example, `User-Agent` or `Referer`. If the `type` is any other value, you can omit this field. */ data?: pulumi.Input; /** * Part of the web request that you want AWS WAF to search for a specified string. For example, `HEADER`, `METHOD`, or `BODY`. See the [docs](http://docs.aws.amazon.com/waf/latest/APIReference/API_FieldToMatch.html) for all supported values. */ type: pulumi.Input; } export interface SqlInjectionMatchSetSqlInjectionMatchTuple { /** * Specifies where in a web request to look for snippets of malicious SQL code. */ fieldToMatch: pulumi.Input; /** * Text transformations used to eliminate unusual formatting that attackers use in web requests in an effort to bypass AWS WAF. * If you specify a transformation, AWS WAF performs the transformation on `fieldToMatch` before inspecting a request for a match. * e.g., `CMD_LINE`, `HTML_ENTITY_DECODE` or `NONE`. * See [docs](http://docs.aws.amazon.com/waf/latest/APIReference/API_SqlInjectionMatchTuple.html#WAF-Type-SqlInjectionMatchTuple-TextTransformation) * for all supported values. */ textTransformation: pulumi.Input; } export interface SqlInjectionMatchSetSqlInjectionMatchTupleFieldToMatch { /** * When `type` is `HEADER`, enter the name of the header that you want to search, e.g., `User-Agent` or `Referer`. * If `type` is any other value, omit this field. */ data?: pulumi.Input; /** * The part of the web request that you want AWS WAF to search for a specified string. * e.g., `HEADER`, `METHOD` or `BODY`. * See [docs](http://docs.aws.amazon.com/waf/latest/APIReference/API_FieldToMatch.html) * for all supported values. */ type: pulumi.Input; } export interface WebAclDefaultAction { /** * Specifies how you want AWS WAF to respond to requests that don't match the criteria in any of the `rules`. * e.g., `ALLOW` or `BLOCK` */ type: pulumi.Input; } export interface WebAclLoggingConfiguration { /** * Amazon Resource Name (ARN) of Kinesis Firehose Delivery Stream */ logDestination: pulumi.Input; /** * Configuration block containing parts of the request that you want redacted from the logs. Detailed below. */ redactedFields?: pulumi.Input; } export interface WebAclLoggingConfigurationRedactedFields { /** * Set of configuration blocks for fields to redact. Detailed below. */ fieldToMatches: pulumi.Input[]>; } export interface WebAclLoggingConfigurationRedactedFieldsFieldToMatch { /** * When the value of `type` is `HEADER`, enter the name of the header that you want the WAF to search, for example, `User-Agent` or `Referer`. If the value of `type` is any other value, omit `data`. */ data?: pulumi.Input; /** * The part of the web request that you want AWS WAF to search for a specified stringE.g., `HEADER` or `METHOD` */ type: pulumi.Input; } export interface WebAclRule { /** * The action that CloudFront or AWS WAF takes when a web request matches the conditions in the rule. Not used if `type` is `GROUP`. */ action?: pulumi.Input; /** * Override the action that a group requests CloudFront or AWS WAF takes when a web request matches the conditions in the rule. Only used if `type` is `GROUP`. */ overrideAction?: pulumi.Input; /** * Specifies the order in which the rules in a WebACL are evaluated. * Rules with a lower value are evaluated before rules with a higher value. */ priority: pulumi.Input; /** * ID of the associated WAF (Global) rule (e.g., `aws.waf.Rule`). WAF (Regional) rules cannot be used. */ ruleId: pulumi.Input; /** * The rule type, either `REGULAR`, as defined by [Rule](http://docs.aws.amazon.com/waf/latest/APIReference/API_Rule.html), `RATE_BASED`, as defined by [RateBasedRule](http://docs.aws.amazon.com/waf/latest/APIReference/API_RateBasedRule.html), or `GROUP`, as defined by [RuleGroup](https://docs.aws.amazon.com/waf/latest/APIReference/API_RuleGroup.html). The default is REGULAR. If you add a RATE_BASED rule, you need to set `type` as `RATE_BASED`. If you add a GROUP rule, you need to set `type` as `GROUP`. */ type?: pulumi.Input; } export interface WebAclRuleAction { /** * valid values are: `BLOCK`, `ALLOW`, or `COUNT` */ type: pulumi.Input; } export interface WebAclRuleOverrideAction { /** * valid values are: `NONE` or `COUNT` */ type: pulumi.Input; } export interface XssMatchSetXssMatchTuple { /** * Specifies where in a web request to look for cross-site scripting attacks. */ fieldToMatch: pulumi.Input; /** * Text transformations used to eliminate unusual formatting that attackers use in web requests in an effort to bypass AWS WAF. * If you specify a transformation, AWS WAF performs the transformation on `targetString` before inspecting a request for a match. * e.g., `CMD_LINE`, `HTML_ENTITY_DECODE` or `NONE`. * See [docs](http://docs.aws.amazon.com/waf/latest/APIReference/API_XssMatchTuple.html#WAF-Type-XssMatchTuple-TextTransformation) * for all supported values. */ textTransformation: pulumi.Input; } export interface XssMatchSetXssMatchTupleFieldToMatch { /** * When `type` is `HEADER`, enter the name of the header that you want to search, e.g., `User-Agent` or `Referer`. * If `type` is any other value, omit this field. */ data?: pulumi.Input; /** * The part of the web request that you want AWS WAF to search for a specified string. * e.g., `HEADER`, `METHOD` or `BODY`. * See [docs](http://docs.aws.amazon.com/waf/latest/APIReference/API_FieldToMatch.html) * for all supported values. */ type: pulumi.Input; } } export namespace wafregional { export interface ByteMatchSetByteMatchTuple { /** * Settings for the ByteMatchTuple. FieldToMatch documented below. */ fieldToMatch: pulumi.Input; /** * Within the portion of a web request that you want to search. */ positionalConstraint: pulumi.Input; /** * The value that you want AWS WAF to search for. The maximum length of the value is 50 bytes. */ targetString?: pulumi.Input; /** * The formatting way for web request. * * FieldToMatch(field_to_match) support following: */ textTransformation: pulumi.Input; } export interface ByteMatchSetByteMatchTupleFieldToMatch { /** * When the value of Type is HEADER, enter the name of the header that you want AWS WAF to search, for example, User-Agent or Referer. If the value of Type is any other value, omit Data. */ data?: pulumi.Input; /** * The part of the web request that you want AWS WAF to search for a specified string. */ type: pulumi.Input; } export interface GeoMatchSetGeoMatchConstraint { /** * The type of geographical area you want AWS WAF to search for. Currently Country is the only valid value. */ type: pulumi.Input; /** * The country that you want AWS WAF to search for. * This is the two-letter country code, e.g., `US`, `CA`, `RU`, `CN`, etc. * See [docs](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchConstraint.html) for all supported values. */ value: pulumi.Input; } export interface IpSetIpSetDescriptor { /** * The string like IPV4 or IPV6. */ type: pulumi.Input; /** * The CIDR notation. */ value: pulumi.Input; } export interface RateBasedRulePredicate { /** * A unique identifier for a predicate in the rule, such as Byte Match Set ID or IPSet ID. */ dataId: pulumi.Input; /** * Set this to `false` if you want to allow, block, or count requests * based on the settings in the specified `ByteMatchSet`, `IPSet`, `SqlInjectionMatchSet`, `XssMatchSet`, or `SizeConstraintSet`. * For example, if an IPSet includes the IP address `192.0.2.44`, AWS WAF will allow or block requests based on that IP address. * If set to `true`, AWS WAF will allow, block, or count requests based on all IP addresses _except_ `192.0.2.44`. */ negated: pulumi.Input; /** * The type of predicate in a rule. Valid values: `ByteMatch`, `GeoMatch`, `IPMatch`, `RegexMatch`, `SizeConstraint`, `SqlInjectionMatch`, or `XssMatch`. */ type: pulumi.Input; } export interface RegexMatchSetRegexMatchTuple { /** * The part of a web request that you want to search, such as a specified header or a query string. */ fieldToMatch: pulumi.Input; /** * The ID of a Regex Pattern Set. */ regexPatternSetId: pulumi.Input; /** * Text transformations used to eliminate unusual formatting that attackers use in web requests in an effort to bypass AWS WAF. * e.g., `CMD_LINE`, `HTML_ENTITY_DECODE` or `NONE`. * See [docs](http://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchTuple.html#WAF-Type-ByteMatchTuple-TextTransformation) * for all supported values. */ textTransformation: pulumi.Input; } export interface RegexMatchSetRegexMatchTupleFieldToMatch { /** * When `type` is `HEADER`, enter the name of the header that you want to search, e.g., `User-Agent` or `Referer`. * If `type` is any other value, omit this field. */ data?: pulumi.Input; /** * The part of the web request that you want AWS WAF to search for a specified string. * e.g., `HEADER`, `METHOD` or `BODY`. * See [docs](http://docs.aws.amazon.com/waf/latest/APIReference/API_FieldToMatch.html) * for all supported values. */ type: pulumi.Input; } export interface RuleGroupActivatedRule { /** * Specifies the action that CloudFront or AWS WAF takes when a web request matches the conditions in the rule. */ action: pulumi.Input; /** * Specifies the order in which the rules are evaluated. Rules with a lower value are evaluated before rules with a higher value. */ priority: pulumi.Input; /** * The ID of a rule */ ruleId: pulumi.Input; type?: pulumi.Input; } export interface RuleGroupActivatedRuleAction { type: pulumi.Input; } export interface RulePredicate { dataId: pulumi.Input; negated: pulumi.Input; type: pulumi.Input; } export interface SizeConstraintSetSizeConstraint { /** * The type of comparison you want to perform. * e.g., `EQ`, `NE`, `LT`, `GT`. * See [docs](https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_SizeConstraint.html) for all supported values. */ comparisonOperator: pulumi.Input; /** * Specifies where in a web request to look for the size constraint. */ fieldToMatch: pulumi.Input; /** * The size in bytes that you want to compare against the size of the specified `fieldToMatch`. * Valid values are between 0 - 21474836480 bytes (0 - 20 GB). */ size: pulumi.Input; /** * Text transformations used to eliminate unusual formatting that attackers use in web requests in an effort to bypass AWS WAF. * If you specify a transformation, AWS WAF performs the transformation on `fieldToMatch` before inspecting a request for a match. * e.g., `CMD_LINE`, `HTML_ENTITY_DECODE` or `NONE`. * See [docs](http://docs.aws.amazon.com/waf/latest/APIReference/API_SizeConstraint.html#WAF-Type-SizeConstraint-TextTransformation) * for all supported values. * **Note:** if you choose `BODY` as `type`, you must choose `NONE` because CloudFront forwards only the first 8192 bytes for inspection. */ textTransformation: pulumi.Input; } export interface SizeConstraintSetSizeConstraintFieldToMatch { /** * When `type` is `HEADER`, enter the name of the header that you want to search, e.g., `User-Agent` or `Referer`. * If `type` is any other value, omit this field. */ data?: pulumi.Input; /** * The part of the web request that you want AWS WAF to search for a specified string. * e.g., `HEADER`, `METHOD` or `BODY`. * See [docs](http://docs.aws.amazon.com/waf/latest/APIReference/API_FieldToMatch.html) * for all supported values. */ type: pulumi.Input; } export interface SqlInjectionMatchSetSqlInjectionMatchTuple { /** * Specifies where in a web request to look for snippets of malicious SQL code. */ fieldToMatch: pulumi.Input; /** * Text transformations used to eliminate unusual formatting that attackers use in web requests in an effort to bypass AWS WAF. * If you specify a transformation, AWS WAF performs the transformation on `fieldToMatch` before inspecting a request for a match. * e.g., `CMD_LINE`, `HTML_ENTITY_DECODE` or `NONE`. * See [docs](https://docs.aws.amazon.com/waf/latest/APIReference/API_regional_SqlInjectionMatchTuple.html#WAF-Type-regional_SqlInjectionMatchTuple-TextTransformation) * for all supported values. */ textTransformation: pulumi.Input; } export interface SqlInjectionMatchSetSqlInjectionMatchTupleFieldToMatch { /** * When `type` is `HEADER`, enter the name of the header that you want to search, e.g., `User-Agent` or `Referer`. * If `type` is any other value, omit this field. */ data?: pulumi.Input; /** * The part of the web request that you want AWS WAF to search for a specified string. * e.g., `HEADER`, `METHOD` or `BODY`. * See [docs](https://docs.aws.amazon.com/waf/latest/APIReference/API_regional_FieldToMatch.html) * for all supported values. */ type: pulumi.Input; } export interface WebAclDefaultAction { /** * Specifies how you want AWS WAF Regional to respond to requests that match the settings in a ruleE.g., `ALLOW`, `BLOCK` or `COUNT` */ type: pulumi.Input; } export interface WebAclLoggingConfiguration { /** * Amazon Resource Name (ARN) of Kinesis Firehose Delivery Stream */ logDestination: pulumi.Input; /** * Configuration block containing parts of the request that you want redacted from the logs. Detailed below. */ redactedFields?: pulumi.Input; } export interface WebAclLoggingConfigurationRedactedFields { /** * Set of configuration blocks for fields to redact. Detailed below. */ fieldToMatches: pulumi.Input[]>; } export interface WebAclLoggingConfigurationRedactedFieldsFieldToMatch { /** * When the value of `type` is `HEADER`, enter the name of the header that you want the WAF to search, for example, `User-Agent` or `Referer`. If the value of `type` is any other value, omit `data`. */ data?: pulumi.Input; /** * The part of the web request that you want AWS WAF to search for a specified stringE.g., `HEADER` or `METHOD` */ type: pulumi.Input; } export interface WebAclRule { /** * Configuration block of the action that CloudFront or AWS WAF takes when a web request matches the conditions in the rule. Not used if `type` is `GROUP`. Detailed below. */ action?: pulumi.Input; /** * Configuration block of the override the action that a group requests CloudFront or AWS WAF takes when a web request matches the conditions in the rule. Only used if `type` is `GROUP`. Detailed below. */ overrideAction?: pulumi.Input; /** * Specifies the order in which the rules in a WebACL are evaluated. * Rules with a lower value are evaluated before rules with a higher value. */ priority: pulumi.Input; /** * ID of the associated WAF (Regional) rule (e.g., `aws.wafregional.Rule`). WAF (Global) rules cannot be used. */ ruleId: pulumi.Input; /** * The rule type, either `REGULAR`, as defined by [Rule](http://docs.aws.amazon.com/waf/latest/APIReference/API_Rule.html), `RATE_BASED`, as defined by [RateBasedRule](http://docs.aws.amazon.com/waf/latest/APIReference/API_RateBasedRule.html), or `GROUP`, as defined by [RuleGroup](https://docs.aws.amazon.com/waf/latest/APIReference/API_RuleGroup.html). The default is REGULAR. If you add a RATE_BASED rule, you need to set `type` as `RATE_BASED`. If you add a GROUP rule, you need to set `type` as `GROUP`. */ type?: pulumi.Input; } export interface WebAclRuleAction { /** * Specifies how you want AWS WAF Regional to respond to requests that match the settings in a rule. Valid values for `action` are `ALLOW`, `BLOCK` or `COUNT`. Valid values for `overrideAction` are `COUNT` and `NONE`. */ type: pulumi.Input; } export interface WebAclRuleOverrideAction { type: pulumi.Input; } export interface XssMatchSetXssMatchTuple { /** * Specifies where in a web request to look for cross-site scripting attacks. */ fieldToMatch: pulumi.Input; /** * Which text transformation, if any, to perform on the web request before inspecting the request for cross-site scripting attacks. */ textTransformation: pulumi.Input; } export interface XssMatchSetXssMatchTupleFieldToMatch { /** * When the value of `type` is `HEADER`, enter the name of the header that you want the WAF to search, for example, `User-Agent` or `Referer`. If the value of `type` is any other value, omit `data`. */ data?: pulumi.Input; /** * The part of the web request that you want AWS WAF to search for a specified stringE.g., `HEADER` or `METHOD` */ type: pulumi.Input; } } export namespace wafv2 { export interface RegexPatternSetRegularExpression { /** * The string representing the regular expression, see the AWS WAF [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-regex-pattern-set-creating.html) for more information. */ regexString: pulumi.Input; } export interface RuleGroupCustomResponseBody { /** * The payload of the custom response. */ content: pulumi.Input; /** * The type of content in the payload that you are defining in the `content` argument. Valid values are `TEXT_PLAIN`, `TEXT_HTML`, or `APPLICATION_JSON`. */ contentType: pulumi.Input; /** * A unique key identifying the custom response body. This is referenced by the `customResponseBodyKey` argument in the Custom Response block. */ key: pulumi.Input; } export interface RuleGroupRule { /** * The action that AWS WAF should take on a web request when it matches the rule's statement. Settings at the `aws.wafv2.WebAcl` level can override the rule action setting. See Action below for details. */ action: pulumi.Input; /** * Specifies how AWS WAF should handle CAPTCHA evaluations. See Captcha Configuration below for details. */ captchaConfig?: pulumi.Input; /** * A friendly name of the rule. */ name: pulumi.Input; /** * If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the `rules` in order based on the value of `priority`. AWS WAF processes rules with lower priority first. */ priority: pulumi.Input; /** * Labels to apply to web requests that match the rule match statement. See Rule Label below for details. */ ruleLabels?: pulumi.Input[]>; /** * The AWS WAF processing statement for the rule, for example `byteMatchStatement` or `geoMatchStatement`. See Statement below for details. */ statement: pulumi.Input; /** * Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details. */ visibilityConfig: pulumi.Input; } export interface RuleGroupRuleAction { /** * Instructs AWS WAF to allow the web request. See Allow below for details. */ allow?: pulumi.Input; /** * Instructs AWS WAF to block the web request. See Block below for details. */ block?: pulumi.Input; /** * Instructs AWS WAF to run a `CAPTCHA` check against the web request. See Captcha below for details. */ captcha?: pulumi.Input; /** * Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See Challenge below for details. */ challenge?: pulumi.Input; /** * Instructs AWS WAF to count the web request and allow it. See Count below for details. */ count?: pulumi.Input; } export interface RuleGroupRuleActionAllow { /** * Defines custom handling for the web request. See Custom Request Handling below for details. */ customRequestHandling?: pulumi.Input; } export interface RuleGroupRuleActionAllowCustomRequestHandling { /** * The `insertHeader` blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details. */ insertHeaders: pulumi.Input[]>; } export interface RuleGroupRuleActionAllowCustomRequestHandlingInsertHeader { /** * A friendly name of the rule group. */ name: pulumi.Input; /** * The value of the custom header. */ value: pulumi.Input; } export interface RuleGroupRuleActionBlock { /** * Defines a custom response for the web request. See Custom Response below for details. */ customResponse?: pulumi.Input; } export interface RuleGroupRuleActionBlockCustomResponse { /** * References the response body that you want AWS WAF to return to the web request client. This must reference a `key` defined in a `customResponseBody` block of this resource. */ customResponseBodyKey?: pulumi.Input; /** * The HTTP status code to return to the client. */ responseCode: pulumi.Input; /** * The `responseHeader` blocks used to define the HTTP response headers added to the response. See Custom HTTP Header below for details. */ responseHeaders?: pulumi.Input[]>; } export interface RuleGroupRuleActionBlockCustomResponseResponseHeader { /** * A friendly name of the rule group. */ name: pulumi.Input; /** * The value of the custom header. */ value: pulumi.Input; } export interface RuleGroupRuleActionCaptcha { /** * Defines custom handling for the web request. See Custom Request Handling below for details. */ customRequestHandling?: pulumi.Input; } export interface RuleGroupRuleActionCaptchaCustomRequestHandling { /** * The `insertHeader` blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details. */ insertHeaders: pulumi.Input[]>; } export interface RuleGroupRuleActionCaptchaCustomRequestHandlingInsertHeader { /** * A friendly name of the rule group. */ name: pulumi.Input; /** * The value of the custom header. */ value: pulumi.Input; } export interface RuleGroupRuleActionChallenge { /** * Defines custom handling for the web request. See Custom Request Handling below for details. */ customRequestHandling?: pulumi.Input; } export interface RuleGroupRuleActionChallengeCustomRequestHandling { /** * The `insertHeader` blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details. */ insertHeaders: pulumi.Input[]>; } export interface RuleGroupRuleActionChallengeCustomRequestHandlingInsertHeader { /** * A friendly name of the rule group. */ name: pulumi.Input; /** * The value of the custom header. */ value: pulumi.Input; } export interface RuleGroupRuleActionCount { /** * Defines custom handling for the web request. See Custom Request Handling below for details. */ customRequestHandling?: pulumi.Input; } export interface RuleGroupRuleActionCountCustomRequestHandling { /** * The `insertHeader` blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details. */ insertHeaders: pulumi.Input[]>; } export interface RuleGroupRuleActionCountCustomRequestHandlingInsertHeader { /** * A friendly name of the rule group. */ name: pulumi.Input; /** * The value of the custom header. */ value: pulumi.Input; } export interface RuleGroupRuleCaptchaConfig { /** * Defines custom immunity time. See Immunity Time Property below for details. */ immunityTimeProperty?: pulumi.Input; } export interface RuleGroupRuleCaptchaConfigImmunityTimeProperty { /** * The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300. */ immunityTime?: pulumi.Input; } export interface RuleGroupRuleRuleLabel { /** * The label string. */ name: pulumi.Input; } export interface RuleGroupRuleStatement { /** * A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details. */ andStatement?: pulumi.Input; /** * Rule statement that inspects web traffic based on the Autonomous System Number (ASN) associated with the request's IP address. See `asnMatchStatement` below for details. */ asnMatchStatement?: pulumi.Input; /** * A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details. */ byteMatchStatement?: pulumi.Input; /** * A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details. */ geoMatchStatement?: pulumi.Input; /** * A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details. */ ipSetReferenceStatement?: pulumi.Input; /** * A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details. */ labelMatchStatement?: pulumi.Input; /** * A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details. */ notStatement?: pulumi.Input; /** * A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details. */ orStatement?: pulumi.Input; /** * A rate-based rule tracks the rate of requests for each originating `IP address`, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any `5-minute` time span. This statement can not be nested. See Rate Based Statement below for details. */ rateBasedStatement?: pulumi.Input; /** * A rule statement used to search web request components for a match against a single regular expression. See Regex Match Statement below for details. */ regexMatchStatement?: pulumi.Input; /** * A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details. */ regexPatternSetReferenceStatement?: pulumi.Input; /** * A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details. */ sizeConstraintStatement?: pulumi.Input; /** * An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details. */ sqliMatchStatement?: pulumi.Input; /** * A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details. */ xssMatchStatement?: pulumi.Input; } export interface RuleGroupRuleStatementAndStatement { /** * The statements to combine. */ statements: pulumi.Input[]>; } export interface RuleGroupRuleStatementAsnMatchStatement { /** * List of Autonomous System Numbers (ASNs). */ asnLists: pulumi.Input[]>; /** * Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for more details. */ forwardedIpConfig?: pulumi.Input; } export interface RuleGroupRuleStatementAsnMatchStatementForwardedIpConfig { /** * The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; /** * The name of the HTTP header to use for the IP address. */ headerName: pulumi.Input; } export interface RuleGroupRuleStatementByteMatchStatement { /** * The part of a web request that you want AWS WAF to inspect. See Field to Match below for details. */ fieldToMatch?: pulumi.Input; /** * The area within the portion of a web request that you want AWS WAF to search for `searchString`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information. */ positionalConstraint: pulumi.Input; /** * A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `fieldToMatch`. The maximum length of the value is 50 bytes. */ searchString: pulumi.Input; /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. * At least one required. * See Text Transformation below for details. */ textTransformations: pulumi.Input[]>; } export interface RuleGroupRuleStatementByteMatchStatementFieldToMatch { /** * Inspect all query arguments. */ allQueryArguments?: pulumi.Input; /** * Inspect the request body, which immediately follows the request headers. */ body?: pulumi.Input; /** * Inspect the cookies in the web request. See Cookies below for details. */ cookies?: pulumi.Input; /** * Inspect the request headers. See Header Order below for details. */ headerOrders?: pulumi.Input[]>; /** * Inspect the request headers. See Headers below for details. */ headers?: pulumi.Input[]>; /** * Inspect the JA3 fingerprint. See `ja3Fingerprint` below for details. */ ja3Fingerprint?: pulumi.Input; /** * Inspect the JA4 fingerprint. See `ja4Fingerprint` below for details. */ ja4Fingerprint?: pulumi.Input; /** * Inspect the request body as JSON. See JSON Body for details. */ jsonBody?: pulumi.Input; /** * Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform. */ method?: pulumi.Input; /** * Inspect the query string. This is the part of a URL that appears after a `?` character, if any. */ queryString?: pulumi.Input; /** * Inspect a single header. See Single Header below for details. */ singleHeader?: pulumi.Input; /** * Inspect a single query argument. See Single Query Argument below for details. */ singleQueryArgument?: pulumi.Input; /** * Inspect the part of a URL that follows the "#" symbol, providing additional information about the resource. See URI Fragment below for details. */ uriFragment?: pulumi.Input; /** * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`. */ uriPath?: pulumi.Input; } export interface RuleGroupRuleStatementByteMatchStatementFieldToMatchAllQueryArguments { } export interface RuleGroupRuleStatementByteMatchStatementFieldToMatchBody { oversizeHandling?: pulumi.Input; } export interface RuleGroupRuleStatementByteMatchStatementFieldToMatchCookies { /** * The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either `all`, `includedCookies` or `excludedCookies`. More details: [CookieMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_CookieMatchPattern.html) */ matchPatterns: pulumi.Input[]>; /** * The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: `ALL`, `KEY`, `VALUE` */ matchScope: pulumi.Input; /** * What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH` */ oversizeHandling: pulumi.Input; } export interface RuleGroupRuleStatementByteMatchStatementFieldToMatchCookiesMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; excludedCookies?: pulumi.Input[]>; includedCookies?: pulumi.Input[]>; } export interface RuleGroupRuleStatementByteMatchStatementFieldToMatchCookiesMatchPatternAll { } export interface RuleGroupRuleStatementByteMatchStatementFieldToMatchHeader { /** * The filter to use to identify the subset of headers to inspect in a web request. The `matchPattern` block supports only one of the following arguments: */ matchPattern: pulumi.Input; /** * The parts of the headers to inspect with the rule inspection criteria. If you specify `All`, AWS WAF inspects both keys and values. Valid values include the following: `ALL`, `Key`, `Value`. */ matchScope: pulumi.Input; /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface RuleGroupRuleStatementByteMatchStatementFieldToMatchHeaderMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; /** * An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values. */ excludedHeaders?: pulumi.Input[]>; /** * An array of strings that will be used for inspecting headers that have a key that matches one of the provided values. */ includedHeaders?: pulumi.Input[]>; } export interface RuleGroupRuleStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll { } export interface RuleGroupRuleStatementByteMatchStatementFieldToMatchHeaderOrder { /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface RuleGroupRuleStatementByteMatchStatementFieldToMatchJa3Fingerprint { /** * The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface RuleGroupRuleStatementByteMatchStatementFieldToMatchJa4Fingerprint { /** * The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface RuleGroupRuleStatementByteMatchStatementFieldToMatchJsonBody { /** * What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are `EVALUATE_AS_STRING`, `MATCH` and `NO_MATCH`. */ invalidFallbackBehavior?: pulumi.Input; /** * The patterns to look for in the JSON body. You must specify exactly one setting: either `all` or `includedPaths`. See [JsonMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_JsonMatchPattern.html) for details. */ matchPattern: pulumi.Input; /** * The parts of the JSON to match against using the `matchPattern`. Valid values are `ALL`, `KEY` and `VALUE`. */ matchScope: pulumi.Input; /** * What to do if the body is larger than can be inspected. Valid values are `CONTINUE` (default), `MATCH` and `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface RuleGroupRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; includedPaths?: pulumi.Input[]>; } export interface RuleGroupRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternAll { } export interface RuleGroupRuleStatementByteMatchStatementFieldToMatchMethod { } export interface RuleGroupRuleStatementByteMatchStatementFieldToMatchQueryString { } export interface RuleGroupRuleStatementByteMatchStatementFieldToMatchSingleHeader { /** * The name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface RuleGroupRuleStatementByteMatchStatementFieldToMatchSingleQueryArgument { /** * The name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface RuleGroupRuleStatementByteMatchStatementFieldToMatchUriFragment { /** * What AWS WAF should do if it fails to completely parse the JSON body. Valid values are `MATCH` (default) and `NO_MATCH`. */ fallbackBehavior?: pulumi.Input; } export interface RuleGroupRuleStatementByteMatchStatementFieldToMatchUriPath { } export interface RuleGroupRuleStatementByteMatchStatementTextTransformation { /** * The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * The transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface RuleGroupRuleStatementGeoMatchStatement { /** * An array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values. */ countryCodes: pulumi.Input[]>; /** * The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details. */ forwardedIpConfig?: pulumi.Input; } export interface RuleGroupRuleStatementGeoMatchStatementForwardedIpConfig { /** * The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; /** * The name of the HTTP header to use for the IP address. */ headerName: pulumi.Input; } export interface RuleGroupRuleStatementIpSetReferenceStatement { /** * The Amazon Resource Name (ARN) of the IP Set that this statement references. */ arn: pulumi.Input; /** * The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details. */ ipSetForwardedIpConfig?: pulumi.Input; } export interface RuleGroupRuleStatementIpSetReferenceStatementIpSetForwardedIpConfig { /** * The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; /** * The name of the HTTP header to use for the IP address. */ headerName: pulumi.Input; /** * The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10. */ position: pulumi.Input; } export interface RuleGroupRuleStatementLabelMatchStatement { /** * The string to match against. */ key: pulumi.Input; /** * Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`. */ scope: pulumi.Input; } export interface RuleGroupRuleStatementNotStatement { /** * The statements to combine. */ statements: pulumi.Input[]>; } export interface RuleGroupRuleStatementOrStatement { /** * The statements to combine. */ statements: pulumi.Input[]>; } export interface RuleGroupRuleStatementRateBasedStatement { /** * Setting that indicates how to aggregate the request counts. Valid values include: `CONSTANT`, `CUSTOM_KEYS`, `FORWARDED_IP` or `IP`. Default: `IP`. */ aggregateKeyType?: pulumi.Input; /** * Aggregate the request counts using one or more web request components as the aggregate keys. See `customKey` below for details. */ customKeys?: pulumi.Input[]>; /** * The amount of time, in seconds, that AWS WAF should include in its request counts, looking back from the current time. Valid values are `60`, `120`, `300`, and `600`. Defaults to `300` (5 minutes). * * **NOTE:** This setting doesn't determine how often AWS WAF checks the rate, but how far back it looks each time it checks. AWS WAF checks the rate about every 10 seconds. */ evaluationWindowSec?: pulumi.Input; /** * The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. If `aggregateKeyType` is set to `FORWARDED_IP`, this block is required. See Forwarded IP Config below for details. */ forwardedIpConfig?: pulumi.Input; /** * Limit on requests per 5-minute (or `evaluationWindowSec`) period for a single originating IP address (or for other aggregate key, depending on `aggregateKeyType` and `customKey`). */ limit: pulumi.Input; /** * An optional nested statement that narrows the scope of the rate-based statement to matching web requests. This can be any nestable statement, and you can nest statements at any level below this scope-down statement. See Statement above for details. If `aggregateKeyType` is set to `CONSTANT`, this block is required. */ scopeDownStatement?: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementCustomKey { asn?: pulumi.Input; /** * (Optional) Use the value of a cookie in the request as an aggregate key. See RateLimit `cookie` below for details. */ cookie?: pulumi.Input; /** * (Optional) Use the first IP address in an HTTP header as an aggregate key. See `forwardedIp` below for details. */ forwardedIp?: pulumi.Input; /** * (Optional) Use the value of a header in the request as an aggregate key. See RateLimit `header` below for details. */ header?: pulumi.Input; /** * (Optional) Use the request's HTTP method as an aggregate key. See RateLimit `httpMethod` below for details. */ httpMethod?: pulumi.Input; /** * (Optional) Use the request's originating IP address as an aggregate key. See `RateLimit ip` below for details. */ ip?: pulumi.Input; /** * (Optional) Use the JA3 fingerprint in the request as an aggregate key. See `RateLimit ip` below for details. */ ja3Fingerprint?: pulumi.Input; /** * (Optional) Use the JA3 fingerprint in the request as an aggregate key. See `RateLimit ip` below for details. */ ja4Fingerprint?: pulumi.Input; /** * (Optional) Use the specified label namespace as an aggregate key. See RateLimit `labelNamespace` below for details. */ labelNamespace?: pulumi.Input; /** * (Optional) Use the specified query argument as an aggregate key. See RateLimit `queryArgument` below for details. */ queryArgument?: pulumi.Input; /** * (Optional) Use the request's query string as an aggregate key. See RateLimit `queryString` below for details. */ queryString?: pulumi.Input; /** * (Optional) Use the request's URI path as an aggregate key. See RateLimit `uriPath` below for details. */ uriPath?: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementCustomKeyAsn { } export interface RuleGroupRuleStatementRateBasedStatementCustomKeyCookie { /** * A friendly name of the rule group. */ name: pulumi.Input; /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details. */ textTransformations: pulumi.Input[]>; } export interface RuleGroupRuleStatementRateBasedStatementCustomKeyCookieTextTransformation { /** * The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * The transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementCustomKeyForwardedIp { } export interface RuleGroupRuleStatementRateBasedStatementCustomKeyHeader { /** * A friendly name of the rule group. */ name: pulumi.Input; /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details. */ textTransformations: pulumi.Input[]>; } export interface RuleGroupRuleStatementRateBasedStatementCustomKeyHeaderTextTransformation { /** * The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * The transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementCustomKeyHttpMethod { } export interface RuleGroupRuleStatementRateBasedStatementCustomKeyIp { } export interface RuleGroupRuleStatementRateBasedStatementCustomKeyJa3Fingerprint { /** * The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementCustomKeyJa4Fingerprint { /** * The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementCustomKeyLabelNamespace { /** * The namespace to use for aggregation */ namespace: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementCustomKeyQueryArgument { /** * A friendly name of the rule group. */ name: pulumi.Input; /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details. */ textTransformations: pulumi.Input[]>; } export interface RuleGroupRuleStatementRateBasedStatementCustomKeyQueryArgumentTextTransformation { /** * The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * The transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementCustomKeyQueryString { /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details. */ textTransformations: pulumi.Input[]>; } export interface RuleGroupRuleStatementRateBasedStatementCustomKeyQueryStringTextTransformation { /** * The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * The transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementCustomKeyUriPath { /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details. */ textTransformations: pulumi.Input[]>; } export interface RuleGroupRuleStatementRateBasedStatementCustomKeyUriPathTextTransformation { /** * The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * The transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementForwardedIpConfig { /** * The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; /** * The name of the HTTP header to use for the IP address. */ headerName: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatement { /** * A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details. */ andStatement?: pulumi.Input; /** * Rule statement that inspects web traffic based on the Autonomous System Number (ASN) associated with the request's IP address. See `asnMatchStatement` below for details. */ asnMatchStatement?: pulumi.Input; /** * A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details. */ byteMatchStatement?: pulumi.Input; /** * A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details. */ geoMatchStatement?: pulumi.Input; /** * A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details. */ ipSetReferenceStatement?: pulumi.Input; /** * A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details. */ labelMatchStatement?: pulumi.Input; /** * A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details. */ notStatement?: pulumi.Input; /** * A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details. */ orStatement?: pulumi.Input; /** * A rule statement used to search web request components for a match against a single regular expression. See Regex Match Statement below for details. */ regexMatchStatement?: pulumi.Input; /** * A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details. */ regexPatternSetReferenceStatement?: pulumi.Input; /** * A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details. */ sizeConstraintStatement?: pulumi.Input; /** * An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details. */ sqliMatchStatement?: pulumi.Input; /** * A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details. */ xssMatchStatement?: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementAndStatement { /** * The statements to combine. */ statements: pulumi.Input[]>; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementAsnMatchStatement { /** * List of Autonomous System Numbers (ASNs). */ asnLists: pulumi.Input[]>; /** * Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for more details. */ forwardedIpConfig?: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementAsnMatchStatementForwardedIpConfig { /** * The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; /** * The name of the HTTP header to use for the IP address. */ headerName: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatement { /** * The part of a web request that you want AWS WAF to inspect. See Field to Match below for details. */ fieldToMatch?: pulumi.Input; /** * The area within the portion of a web request that you want AWS WAF to search for `searchString`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information. */ positionalConstraint: pulumi.Input; /** * A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `fieldToMatch`. The maximum length of the value is 50 bytes. */ searchString: pulumi.Input; /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. * At least one required. * See Text Transformation below for details. */ textTransformations: pulumi.Input[]>; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatch { /** * Inspect all query arguments. */ allQueryArguments?: pulumi.Input; /** * Inspect the request body, which immediately follows the request headers. */ body?: pulumi.Input; /** * Inspect the cookies in the web request. See Cookies below for details. */ cookies?: pulumi.Input; /** * Inspect the request headers. See Header Order below for details. */ headerOrders?: pulumi.Input[]>; /** * Inspect the request headers. See Headers below for details. */ headers?: pulumi.Input[]>; /** * Inspect the JA3 fingerprint. See `ja3Fingerprint` below for details. */ ja3Fingerprint?: pulumi.Input; /** * Inspect the JA4 fingerprint. See `ja4Fingerprint` below for details. */ ja4Fingerprint?: pulumi.Input; /** * Inspect the request body as JSON. See JSON Body for details. */ jsonBody?: pulumi.Input; /** * Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform. */ method?: pulumi.Input; /** * Inspect the query string. This is the part of a URL that appears after a `?` character, if any. */ queryString?: pulumi.Input; /** * Inspect a single header. See Single Header below for details. */ singleHeader?: pulumi.Input; /** * Inspect a single query argument. See Single Query Argument below for details. */ singleQueryArgument?: pulumi.Input; /** * Inspect the part of a URL that follows the "#" symbol, providing additional information about the resource. See URI Fragment below for details. */ uriFragment?: pulumi.Input; /** * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`. */ uriPath?: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchAllQueryArguments { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchBody { oversizeHandling?: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchCookies { /** * The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either `all`, `includedCookies` or `excludedCookies`. More details: [CookieMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_CookieMatchPattern.html) */ matchPatterns: pulumi.Input[]>; /** * The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: `ALL`, `KEY`, `VALUE` */ matchScope: pulumi.Input; /** * What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH` */ oversizeHandling: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; excludedCookies?: pulumi.Input[]>; includedCookies?: pulumi.Input[]>; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPatternAll { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeader { /** * The filter to use to identify the subset of headers to inspect in a web request. The `matchPattern` block supports only one of the following arguments: */ matchPattern: pulumi.Input; /** * The parts of the headers to inspect with the rule inspection criteria. If you specify `All`, AWS WAF inspects both keys and values. Valid values include the following: `ALL`, `Key`, `Value`. */ matchScope: pulumi.Input; /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; /** * An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values. */ excludedHeaders?: pulumi.Input[]>; /** * An array of strings that will be used for inspecting headers that have a key that matches one of the provided values. */ includedHeaders?: pulumi.Input[]>; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderOrder { /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJa3Fingerprint { /** * The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJa4Fingerprint { /** * The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBody { /** * What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are `EVALUATE_AS_STRING`, `MATCH` and `NO_MATCH`. */ invalidFallbackBehavior?: pulumi.Input; /** * The patterns to look for in the JSON body. You must specify exactly one setting: either `all` or `includedPaths`. See [JsonMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_JsonMatchPattern.html) for details. */ matchPattern: pulumi.Input; /** * The parts of the JSON to match against using the `matchPattern`. Valid values are `ALL`, `KEY` and `VALUE`. */ matchScope: pulumi.Input; /** * What to do if the body is larger than can be inspected. Valid values are `CONTINUE` (default), `MATCH` and `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; includedPaths?: pulumi.Input[]>; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternAll { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchMethod { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchQueryString { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchSingleHeader { /** * The name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchSingleQueryArgument { /** * The name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchUriFragment { /** * What AWS WAF should do if it fails to completely parse the JSON body. Valid values are `MATCH` (default) and `NO_MATCH`. */ fallbackBehavior?: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchUriPath { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementTextTransformation { /** * The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * The transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementGeoMatchStatement { /** * An array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values. */ countryCodes: pulumi.Input[]>; /** * The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details. */ forwardedIpConfig?: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementGeoMatchStatementForwardedIpConfig { /** * The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; /** * The name of the HTTP header to use for the IP address. */ headerName: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementIpSetReferenceStatement { /** * The Amazon Resource Name (ARN) of the IP Set that this statement references. */ arn: pulumi.Input; /** * The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details. */ ipSetForwardedIpConfig?: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementIpSetReferenceStatementIpSetForwardedIpConfig { /** * The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; /** * The name of the HTTP header to use for the IP address. */ headerName: pulumi.Input; /** * The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10. */ position: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementLabelMatchStatement { /** * The string to match against. */ key: pulumi.Input; /** * Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`. */ scope: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementNotStatement { /** * The statements to combine. */ statements: pulumi.Input[]>; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementOrStatement { /** * The statements to combine. */ statements: pulumi.Input[]>; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatement { /** * The part of a web request that you want AWS WAF to inspect. See Field to Match below for details. */ fieldToMatch?: pulumi.Input; /** * The string representing the regular expression. **Note:** The fixed quota for the maximum number of characters in each regex pattern is 200, which can't be changed. See [AWS WAF quotas](https://docs.aws.amazon.com/waf/latest/developerguide/limits.html) for details. */ regexString: pulumi.Input; /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. * At least one required. * See Text Transformation below for details. */ textTransformations: pulumi.Input[]>; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatch { /** * Inspect all query arguments. */ allQueryArguments?: pulumi.Input; /** * Inspect the request body, which immediately follows the request headers. */ body?: pulumi.Input; /** * Inspect the cookies in the web request. See Cookies below for details. */ cookies?: pulumi.Input; /** * Inspect the request headers. See Header Order below for details. */ headerOrders?: pulumi.Input[]>; /** * Inspect the request headers. See Headers below for details. */ headers?: pulumi.Input[]>; /** * Inspect the JA3 fingerprint. See `ja3Fingerprint` below for details. */ ja3Fingerprint?: pulumi.Input; /** * Inspect the JA4 fingerprint. See `ja4Fingerprint` below for details. */ ja4Fingerprint?: pulumi.Input; /** * Inspect the request body as JSON. See JSON Body for details. */ jsonBody?: pulumi.Input; /** * Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform. */ method?: pulumi.Input; /** * Inspect the query string. This is the part of a URL that appears after a `?` character, if any. */ queryString?: pulumi.Input; /** * Inspect a single header. See Single Header below for details. */ singleHeader?: pulumi.Input; /** * Inspect a single query argument. See Single Query Argument below for details. */ singleQueryArgument?: pulumi.Input; /** * Inspect the part of a URL that follows the "#" symbol, providing additional information about the resource. See URI Fragment below for details. */ uriFragment?: pulumi.Input; /** * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`. */ uriPath?: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchAllQueryArguments { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchBody { oversizeHandling?: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchCookies { /** * The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either `all`, `includedCookies` or `excludedCookies`. More details: [CookieMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_CookieMatchPattern.html) */ matchPatterns: pulumi.Input[]>; /** * The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: `ALL`, `KEY`, `VALUE` */ matchScope: pulumi.Input; /** * What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH` */ oversizeHandling: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; excludedCookies?: pulumi.Input[]>; includedCookies?: pulumi.Input[]>; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesMatchPatternAll { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeader { /** * The filter to use to identify the subset of headers to inspect in a web request. The `matchPattern` block supports only one of the following arguments: */ matchPattern: pulumi.Input; /** * The parts of the headers to inspect with the rule inspection criteria. If you specify `All`, AWS WAF inspects both keys and values. Valid values include the following: `ALL`, `Key`, `Value`. */ matchScope: pulumi.Input; /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; /** * An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values. */ excludedHeaders?: pulumi.Input[]>; /** * An array of strings that will be used for inspecting headers that have a key that matches one of the provided values. */ includedHeaders?: pulumi.Input[]>; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPatternAll { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderOrder { /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJa3Fingerprint { /** * The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJa4Fingerprint { /** * The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBody { /** * What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are `EVALUATE_AS_STRING`, `MATCH` and `NO_MATCH`. */ invalidFallbackBehavior?: pulumi.Input; /** * The patterns to look for in the JSON body. You must specify exactly one setting: either `all` or `includedPaths`. See [JsonMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_JsonMatchPattern.html) for details. */ matchPattern: pulumi.Input; /** * The parts of the JSON to match against using the `matchPattern`. Valid values are `ALL`, `KEY` and `VALUE`. */ matchScope: pulumi.Input; /** * What to do if the body is larger than can be inspected. Valid values are `CONTINUE` (default), `MATCH` and `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; includedPaths?: pulumi.Input[]>; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyMatchPatternAll { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchMethod { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchQueryString { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleHeader { /** * The name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleQueryArgument { /** * The name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchUriFragment { /** * What AWS WAF should do if it fails to completely parse the JSON body. Valid values are `MATCH` (default) and `NO_MATCH`. */ fallbackBehavior?: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchUriPath { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementTextTransformation { /** * The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * The transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatement { /** * The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references. */ arn: pulumi.Input; /** * The part of a web request that you want AWS WAF to inspect. See Field to Match below for details. */ fieldToMatch?: pulumi.Input; /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. * At least one required. * See Text Transformation below for details. */ textTransformations: pulumi.Input[]>; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatch { /** * Inspect all query arguments. */ allQueryArguments?: pulumi.Input; /** * Inspect the request body, which immediately follows the request headers. */ body?: pulumi.Input; /** * Inspect the cookies in the web request. See Cookies below for details. */ cookies?: pulumi.Input; /** * Inspect the request headers. See Header Order below for details. */ headerOrders?: pulumi.Input[]>; /** * Inspect the request headers. See Headers below for details. */ headers?: pulumi.Input[]>; /** * Inspect the JA3 fingerprint. See `ja3Fingerprint` below for details. */ ja3Fingerprint?: pulumi.Input; /** * Inspect the JA4 fingerprint. See `ja4Fingerprint` below for details. */ ja4Fingerprint?: pulumi.Input; /** * Inspect the request body as JSON. See JSON Body for details. */ jsonBody?: pulumi.Input; /** * Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform. */ method?: pulumi.Input; /** * Inspect the query string. This is the part of a URL that appears after a `?` character, if any. */ queryString?: pulumi.Input; /** * Inspect a single header. See Single Header below for details. */ singleHeader?: pulumi.Input; /** * Inspect a single query argument. See Single Query Argument below for details. */ singleQueryArgument?: pulumi.Input; /** * Inspect the part of a URL that follows the "#" symbol, providing additional information about the resource. See URI Fragment below for details. */ uriFragment?: pulumi.Input; /** * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`. */ uriPath?: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchBody { oversizeHandling?: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookies { /** * The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either `all`, `includedCookies` or `excludedCookies`. More details: [CookieMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_CookieMatchPattern.html) */ matchPatterns: pulumi.Input[]>; /** * The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: `ALL`, `KEY`, `VALUE` */ matchScope: pulumi.Input; /** * What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH` */ oversizeHandling: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; excludedCookies?: pulumi.Input[]>; includedCookies?: pulumi.Input[]>; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPatternAll { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeader { /** * The filter to use to identify the subset of headers to inspect in a web request. The `matchPattern` block supports only one of the following arguments: */ matchPattern: pulumi.Input; /** * The parts of the headers to inspect with the rule inspection criteria. If you specify `All`, AWS WAF inspects both keys and values. Valid values include the following: `ALL`, `Key`, `Value`. */ matchScope: pulumi.Input; /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; /** * An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values. */ excludedHeaders?: pulumi.Input[]>; /** * An array of strings that will be used for inspecting headers that have a key that matches one of the provided values. */ includedHeaders?: pulumi.Input[]>; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPatternAll { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderOrder { /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa3Fingerprint { /** * The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa4Fingerprint { /** * The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBody { /** * What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are `EVALUATE_AS_STRING`, `MATCH` and `NO_MATCH`. */ invalidFallbackBehavior?: pulumi.Input; /** * The patterns to look for in the JSON body. You must specify exactly one setting: either `all` or `includedPaths`. See [JsonMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_JsonMatchPattern.html) for details. */ matchPattern: pulumi.Input; /** * The parts of the JSON to match against using the `matchPattern`. Valid values are `ALL`, `KEY` and `VALUE`. */ matchScope: pulumi.Input; /** * What to do if the body is larger than can be inspected. Valid values are `CONTINUE` (default), `MATCH` and `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; includedPaths?: pulumi.Input[]>; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPatternAll { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchMethod { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchQueryString { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader { /** * The name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument { /** * The name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchUriFragment { /** * What AWS WAF should do if it fails to completely parse the JSON body. Valid values are `MATCH` (default) and `NO_MATCH`. */ fallbackBehavior?: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchUriPath { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementTextTransformation { /** * The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * The transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatement { /** * The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`. */ comparisonOperator: pulumi.Input; /** * The part of a web request that you want AWS WAF to inspect. See Field to Match below for details. */ fieldToMatch?: pulumi.Input; /** * The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive. */ size: pulumi.Input; /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. * At least one required. * See Text Transformation below for details. */ textTransformations: pulumi.Input[]>; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatch { /** * Inspect all query arguments. */ allQueryArguments?: pulumi.Input; /** * Inspect the request body, which immediately follows the request headers. */ body?: pulumi.Input; /** * Inspect the cookies in the web request. See Cookies below for details. */ cookies?: pulumi.Input; /** * Inspect the request headers. See Header Order below for details. */ headerOrders?: pulumi.Input[]>; /** * Inspect the request headers. See Headers below for details. */ headers?: pulumi.Input[]>; /** * Inspect the JA3 fingerprint. See `ja3Fingerprint` below for details. */ ja3Fingerprint?: pulumi.Input; /** * Inspect the JA4 fingerprint. See `ja4Fingerprint` below for details. */ ja4Fingerprint?: pulumi.Input; /** * Inspect the request body as JSON. See JSON Body for details. */ jsonBody?: pulumi.Input; /** * Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform. */ method?: pulumi.Input; /** * Inspect the query string. This is the part of a URL that appears after a `?` character, if any. */ queryString?: pulumi.Input; /** * Inspect a single header. See Single Header below for details. */ singleHeader?: pulumi.Input; /** * Inspect a single query argument. See Single Query Argument below for details. */ singleQueryArgument?: pulumi.Input; /** * Inspect the part of a URL that follows the "#" symbol, providing additional information about the resource. See URI Fragment below for details. */ uriFragment?: pulumi.Input; /** * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`. */ uriPath?: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchAllQueryArguments { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchBody { oversizeHandling?: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookies { /** * The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either `all`, `includedCookies` or `excludedCookies`. More details: [CookieMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_CookieMatchPattern.html) */ matchPatterns: pulumi.Input[]>; /** * The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: `ALL`, `KEY`, `VALUE` */ matchScope: pulumi.Input; /** * What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH` */ oversizeHandling: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; excludedCookies?: pulumi.Input[]>; includedCookies?: pulumi.Input[]>; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesMatchPatternAll { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeader { /** * The filter to use to identify the subset of headers to inspect in a web request. The `matchPattern` block supports only one of the following arguments: */ matchPattern: pulumi.Input; /** * The parts of the headers to inspect with the rule inspection criteria. If you specify `All`, AWS WAF inspects both keys and values. Valid values include the following: `ALL`, `Key`, `Value`. */ matchScope: pulumi.Input; /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; /** * An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values. */ excludedHeaders?: pulumi.Input[]>; /** * An array of strings that will be used for inspecting headers that have a key that matches one of the provided values. */ includedHeaders?: pulumi.Input[]>; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPatternAll { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderOrder { /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa3Fingerprint { /** * The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa4Fingerprint { /** * The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBody { /** * What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are `EVALUATE_AS_STRING`, `MATCH` and `NO_MATCH`. */ invalidFallbackBehavior?: pulumi.Input; /** * The patterns to look for in the JSON body. You must specify exactly one setting: either `all` or `includedPaths`. See [JsonMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_JsonMatchPattern.html) for details. */ matchPattern: pulumi.Input; /** * The parts of the JSON to match against using the `matchPattern`. Valid values are `ALL`, `KEY` and `VALUE`. */ matchScope: pulumi.Input; /** * What to do if the body is larger than can be inspected. Valid values are `CONTINUE` (default), `MATCH` and `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; includedPaths?: pulumi.Input[]>; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPatternAll { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchMethod { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchQueryString { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleHeader { /** * The name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleQueryArgument { /** * The name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchUriFragment { /** * What AWS WAF should do if it fails to completely parse the JSON body. Valid values are `MATCH` (default) and `NO_MATCH`. */ fallbackBehavior?: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchUriPath { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementTextTransformation { /** * The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * The transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatement { /** * The part of a web request that you want AWS WAF to inspect. See Field to Match below for details. */ fieldToMatch?: pulumi.Input; /** * Sensitivity that you want AWS WAF to use to inspect for SQL injection attacks. Valid values include: `LOW`, `HIGH`. */ sensitivityLevel?: pulumi.Input; /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. * At least one required. * See Text Transformation below for details. */ textTransformations: pulumi.Input[]>; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatch { /** * Inspect all query arguments. */ allQueryArguments?: pulumi.Input; /** * Inspect the request body, which immediately follows the request headers. */ body?: pulumi.Input; /** * Inspect the cookies in the web request. See Cookies below for details. */ cookies?: pulumi.Input; /** * Inspect the request headers. See Header Order below for details. */ headerOrders?: pulumi.Input[]>; /** * Inspect the request headers. See Headers below for details. */ headers?: pulumi.Input[]>; /** * Inspect the JA3 fingerprint. See `ja3Fingerprint` below for details. */ ja3Fingerprint?: pulumi.Input; /** * Inspect the JA4 fingerprint. See `ja4Fingerprint` below for details. */ ja4Fingerprint?: pulumi.Input; /** * Inspect the request body as JSON. See JSON Body for details. */ jsonBody?: pulumi.Input; /** * Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform. */ method?: pulumi.Input; /** * Inspect the query string. This is the part of a URL that appears after a `?` character, if any. */ queryString?: pulumi.Input; /** * Inspect a single header. See Single Header below for details. */ singleHeader?: pulumi.Input; /** * Inspect a single query argument. See Single Query Argument below for details. */ singleQueryArgument?: pulumi.Input; /** * Inspect the part of a URL that follows the "#" symbol, providing additional information about the resource. See URI Fragment below for details. */ uriFragment?: pulumi.Input; /** * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`. */ uriPath?: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchAllQueryArguments { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchBody { oversizeHandling?: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchCookies { /** * The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either `all`, `includedCookies` or `excludedCookies`. More details: [CookieMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_CookieMatchPattern.html) */ matchPatterns: pulumi.Input[]>; /** * The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: `ALL`, `KEY`, `VALUE` */ matchScope: pulumi.Input; /** * What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH` */ oversizeHandling: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; excludedCookies?: pulumi.Input[]>; includedCookies?: pulumi.Input[]>; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesMatchPatternAll { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeader { /** * The filter to use to identify the subset of headers to inspect in a web request. The `matchPattern` block supports only one of the following arguments: */ matchPattern: pulumi.Input; /** * The parts of the headers to inspect with the rule inspection criteria. If you specify `All`, AWS WAF inspects both keys and values. Valid values include the following: `ALL`, `Key`, `Value`. */ matchScope: pulumi.Input; /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; /** * An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values. */ excludedHeaders?: pulumi.Input[]>; /** * An array of strings that will be used for inspecting headers that have a key that matches one of the provided values. */ includedHeaders?: pulumi.Input[]>; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPatternAll { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderOrder { /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJa3Fingerprint { /** * The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJa4Fingerprint { /** * The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBody { /** * What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are `EVALUATE_AS_STRING`, `MATCH` and `NO_MATCH`. */ invalidFallbackBehavior?: pulumi.Input; /** * The patterns to look for in the JSON body. You must specify exactly one setting: either `all` or `includedPaths`. See [JsonMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_JsonMatchPattern.html) for details. */ matchPattern: pulumi.Input; /** * The parts of the JSON to match against using the `matchPattern`. Valid values are `ALL`, `KEY` and `VALUE`. */ matchScope: pulumi.Input; /** * What to do if the body is larger than can be inspected. Valid values are `CONTINUE` (default), `MATCH` and `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBodyMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; includedPaths?: pulumi.Input[]>; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBodyMatchPatternAll { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchMethod { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchQueryString { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleHeader { /** * The name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleQueryArgument { /** * The name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchUriFragment { /** * What AWS WAF should do if it fails to completely parse the JSON body. Valid values are `MATCH` (default) and `NO_MATCH`. */ fallbackBehavior?: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchUriPath { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementTextTransformation { /** * The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * The transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatement { /** * The part of a web request that you want AWS WAF to inspect. See Field to Match below for details. */ fieldToMatch?: pulumi.Input; /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. * At least one required. * See Text Transformation below for details. */ textTransformations: pulumi.Input[]>; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatch { /** * Inspect all query arguments. */ allQueryArguments?: pulumi.Input; /** * Inspect the request body, which immediately follows the request headers. */ body?: pulumi.Input; /** * Inspect the cookies in the web request. See Cookies below for details. */ cookies?: pulumi.Input; /** * Inspect the request headers. See Header Order below for details. */ headerOrders?: pulumi.Input[]>; /** * Inspect the request headers. See Headers below for details. */ headers?: pulumi.Input[]>; /** * Inspect the JA3 fingerprint. See `ja3Fingerprint` below for details. */ ja3Fingerprint?: pulumi.Input; /** * Inspect the JA4 fingerprint. See `ja4Fingerprint` below for details. */ ja4Fingerprint?: pulumi.Input; /** * Inspect the request body as JSON. See JSON Body for details. */ jsonBody?: pulumi.Input; /** * Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform. */ method?: pulumi.Input; /** * Inspect the query string. This is the part of a URL that appears after a `?` character, if any. */ queryString?: pulumi.Input; /** * Inspect a single header. See Single Header below for details. */ singleHeader?: pulumi.Input; /** * Inspect a single query argument. See Single Query Argument below for details. */ singleQueryArgument?: pulumi.Input; /** * Inspect the part of a URL that follows the "#" symbol, providing additional information about the resource. See URI Fragment below for details. */ uriFragment?: pulumi.Input; /** * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`. */ uriPath?: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchAllQueryArguments { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchBody { oversizeHandling?: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchCookies { /** * The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either `all`, `includedCookies` or `excludedCookies`. More details: [CookieMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_CookieMatchPattern.html) */ matchPatterns: pulumi.Input[]>; /** * The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: `ALL`, `KEY`, `VALUE` */ matchScope: pulumi.Input; /** * What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH` */ oversizeHandling: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchCookiesMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; excludedCookies?: pulumi.Input[]>; includedCookies?: pulumi.Input[]>; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchCookiesMatchPatternAll { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeader { /** * The filter to use to identify the subset of headers to inspect in a web request. The `matchPattern` block supports only one of the following arguments: */ matchPattern: pulumi.Input; /** * The parts of the headers to inspect with the rule inspection criteria. If you specify `All`, AWS WAF inspects both keys and values. Valid values include the following: `ALL`, `Key`, `Value`. */ matchScope: pulumi.Input; /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; /** * An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values. */ excludedHeaders?: pulumi.Input[]>; /** * An array of strings that will be used for inspecting headers that have a key that matches one of the provided values. */ includedHeaders?: pulumi.Input[]>; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderMatchPatternAll { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderOrder { /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJa3Fingerprint { /** * The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJa4Fingerprint { /** * The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBody { /** * What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are `EVALUATE_AS_STRING`, `MATCH` and `NO_MATCH`. */ invalidFallbackBehavior?: pulumi.Input; /** * The patterns to look for in the JSON body. You must specify exactly one setting: either `all` or `includedPaths`. See [JsonMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_JsonMatchPattern.html) for details. */ matchPattern: pulumi.Input; /** * The parts of the JSON to match against using the `matchPattern`. Valid values are `ALL`, `KEY` and `VALUE`. */ matchScope: pulumi.Input; /** * What to do if the body is larger than can be inspected. Valid values are `CONTINUE` (default), `MATCH` and `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBodyMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; includedPaths?: pulumi.Input[]>; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBodyMatchPatternAll { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchMethod { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchQueryString { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchSingleHeader { /** * The name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchSingleQueryArgument { /** * The name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchUriFragment { /** * What AWS WAF should do if it fails to completely parse the JSON body. Valid values are `MATCH` (default) and `NO_MATCH`. */ fallbackBehavior?: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchUriPath { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementTextTransformation { /** * The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * The transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface RuleGroupRuleStatementRegexMatchStatement { /** * The part of a web request that you want AWS WAF to inspect. See Field to Match below for details. */ fieldToMatch?: pulumi.Input; /** * The string representing the regular expression. **Note:** The fixed quota for the maximum number of characters in each regex pattern is 200, which can't be changed. See [AWS WAF quotas](https://docs.aws.amazon.com/waf/latest/developerguide/limits.html) for details. */ regexString: pulumi.Input; /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. * At least one required. * See Text Transformation below for details. */ textTransformations: pulumi.Input[]>; } export interface RuleGroupRuleStatementRegexMatchStatementFieldToMatch { /** * Inspect all query arguments. */ allQueryArguments?: pulumi.Input; /** * Inspect the request body, which immediately follows the request headers. */ body?: pulumi.Input; /** * Inspect the cookies in the web request. See Cookies below for details. */ cookies?: pulumi.Input; /** * Inspect the request headers. See Header Order below for details. */ headerOrders?: pulumi.Input[]>; /** * Inspect the request headers. See Headers below for details. */ headers?: pulumi.Input[]>; /** * Inspect the JA3 fingerprint. See `ja3Fingerprint` below for details. */ ja3Fingerprint?: pulumi.Input; /** * Inspect the JA4 fingerprint. See `ja4Fingerprint` below for details. */ ja4Fingerprint?: pulumi.Input; /** * Inspect the request body as JSON. See JSON Body for details. */ jsonBody?: pulumi.Input; /** * Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform. */ method?: pulumi.Input; /** * Inspect the query string. This is the part of a URL that appears after a `?` character, if any. */ queryString?: pulumi.Input; /** * Inspect a single header. See Single Header below for details. */ singleHeader?: pulumi.Input; /** * Inspect a single query argument. See Single Query Argument below for details. */ singleQueryArgument?: pulumi.Input; /** * Inspect the part of a URL that follows the "#" symbol, providing additional information about the resource. See URI Fragment below for details. */ uriFragment?: pulumi.Input; /** * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`. */ uriPath?: pulumi.Input; } export interface RuleGroupRuleStatementRegexMatchStatementFieldToMatchAllQueryArguments { } export interface RuleGroupRuleStatementRegexMatchStatementFieldToMatchBody { oversizeHandling?: pulumi.Input; } export interface RuleGroupRuleStatementRegexMatchStatementFieldToMatchCookies { /** * The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either `all`, `includedCookies` or `excludedCookies`. More details: [CookieMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_CookieMatchPattern.html) */ matchPatterns: pulumi.Input[]>; /** * The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: `ALL`, `KEY`, `VALUE` */ matchScope: pulumi.Input; /** * What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH` */ oversizeHandling: pulumi.Input; } export interface RuleGroupRuleStatementRegexMatchStatementFieldToMatchCookiesMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; excludedCookies?: pulumi.Input[]>; includedCookies?: pulumi.Input[]>; } export interface RuleGroupRuleStatementRegexMatchStatementFieldToMatchCookiesMatchPatternAll { } export interface RuleGroupRuleStatementRegexMatchStatementFieldToMatchHeader { /** * The filter to use to identify the subset of headers to inspect in a web request. The `matchPattern` block supports only one of the following arguments: */ matchPattern: pulumi.Input; /** * The parts of the headers to inspect with the rule inspection criteria. If you specify `All`, AWS WAF inspects both keys and values. Valid values include the following: `ALL`, `Key`, `Value`. */ matchScope: pulumi.Input; /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface RuleGroupRuleStatementRegexMatchStatementFieldToMatchHeaderMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; /** * An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values. */ excludedHeaders?: pulumi.Input[]>; /** * An array of strings that will be used for inspecting headers that have a key that matches one of the provided values. */ includedHeaders?: pulumi.Input[]>; } export interface RuleGroupRuleStatementRegexMatchStatementFieldToMatchHeaderMatchPatternAll { } export interface RuleGroupRuleStatementRegexMatchStatementFieldToMatchHeaderOrder { /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface RuleGroupRuleStatementRegexMatchStatementFieldToMatchJa3Fingerprint { /** * The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface RuleGroupRuleStatementRegexMatchStatementFieldToMatchJa4Fingerprint { /** * The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface RuleGroupRuleStatementRegexMatchStatementFieldToMatchJsonBody { /** * What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are `EVALUATE_AS_STRING`, `MATCH` and `NO_MATCH`. */ invalidFallbackBehavior?: pulumi.Input; /** * The patterns to look for in the JSON body. You must specify exactly one setting: either `all` or `includedPaths`. See [JsonMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_JsonMatchPattern.html) for details. */ matchPattern: pulumi.Input; /** * The parts of the JSON to match against using the `matchPattern`. Valid values are `ALL`, `KEY` and `VALUE`. */ matchScope: pulumi.Input; /** * What to do if the body is larger than can be inspected. Valid values are `CONTINUE` (default), `MATCH` and `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface RuleGroupRuleStatementRegexMatchStatementFieldToMatchJsonBodyMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; includedPaths?: pulumi.Input[]>; } export interface RuleGroupRuleStatementRegexMatchStatementFieldToMatchJsonBodyMatchPatternAll { } export interface RuleGroupRuleStatementRegexMatchStatementFieldToMatchMethod { } export interface RuleGroupRuleStatementRegexMatchStatementFieldToMatchQueryString { } export interface RuleGroupRuleStatementRegexMatchStatementFieldToMatchSingleHeader { /** * The name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface RuleGroupRuleStatementRegexMatchStatementFieldToMatchSingleQueryArgument { /** * The name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface RuleGroupRuleStatementRegexMatchStatementFieldToMatchUriFragment { /** * What AWS WAF should do if it fails to completely parse the JSON body. Valid values are `MATCH` (default) and `NO_MATCH`. */ fallbackBehavior?: pulumi.Input; } export interface RuleGroupRuleStatementRegexMatchStatementFieldToMatchUriPath { } export interface RuleGroupRuleStatementRegexMatchStatementTextTransformation { /** * The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * The transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface RuleGroupRuleStatementRegexPatternSetReferenceStatement { /** * The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references. */ arn: pulumi.Input; /** * The part of a web request that you want AWS WAF to inspect. See Field to Match below for details. */ fieldToMatch?: pulumi.Input; /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. * At least one required. * See Text Transformation below for details. */ textTransformations: pulumi.Input[]>; } export interface RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatch { /** * Inspect all query arguments. */ allQueryArguments?: pulumi.Input; /** * Inspect the request body, which immediately follows the request headers. */ body?: pulumi.Input; /** * Inspect the cookies in the web request. See Cookies below for details. */ cookies?: pulumi.Input; /** * Inspect the request headers. See Header Order below for details. */ headerOrders?: pulumi.Input[]>; /** * Inspect the request headers. See Headers below for details. */ headers?: pulumi.Input[]>; /** * Inspect the JA3 fingerprint. See `ja3Fingerprint` below for details. */ ja3Fingerprint?: pulumi.Input; /** * Inspect the JA4 fingerprint. See `ja4Fingerprint` below for details. */ ja4Fingerprint?: pulumi.Input; /** * Inspect the request body as JSON. See JSON Body for details. */ jsonBody?: pulumi.Input; /** * Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform. */ method?: pulumi.Input; /** * Inspect the query string. This is the part of a URL that appears after a `?` character, if any. */ queryString?: pulumi.Input; /** * Inspect a single header. See Single Header below for details. */ singleHeader?: pulumi.Input; /** * Inspect a single query argument. See Single Query Argument below for details. */ singleQueryArgument?: pulumi.Input; /** * Inspect the part of a URL that follows the "#" symbol, providing additional information about the resource. See URI Fragment below for details. */ uriFragment?: pulumi.Input; /** * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`. */ uriPath?: pulumi.Input; } export interface RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments { } export interface RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchBody { oversizeHandling?: pulumi.Input; } export interface RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchCookies { /** * The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either `all`, `includedCookies` or `excludedCookies`. More details: [CookieMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_CookieMatchPattern.html) */ matchPatterns: pulumi.Input[]>; /** * The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: `ALL`, `KEY`, `VALUE` */ matchScope: pulumi.Input; /** * What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH` */ oversizeHandling: pulumi.Input; } export interface RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; excludedCookies?: pulumi.Input[]>; includedCookies?: pulumi.Input[]>; } export interface RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPatternAll { } export interface RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeader { /** * The filter to use to identify the subset of headers to inspect in a web request. The `matchPattern` block supports only one of the following arguments: */ matchPattern: pulumi.Input; /** * The parts of the headers to inspect with the rule inspection criteria. If you specify `All`, AWS WAF inspects both keys and values. Valid values include the following: `ALL`, `Key`, `Value`. */ matchScope: pulumi.Input; /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; /** * An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values. */ excludedHeaders?: pulumi.Input[]>; /** * An array of strings that will be used for inspecting headers that have a key that matches one of the provided values. */ includedHeaders?: pulumi.Input[]>; } export interface RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPatternAll { } export interface RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeaderOrder { /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJa3Fingerprint { /** * The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJa4Fingerprint { /** * The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJsonBody { /** * What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are `EVALUATE_AS_STRING`, `MATCH` and `NO_MATCH`. */ invalidFallbackBehavior?: pulumi.Input; /** * The patterns to look for in the JSON body. You must specify exactly one setting: either `all` or `includedPaths`. See [JsonMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_JsonMatchPattern.html) for details. */ matchPattern: pulumi.Input; /** * The parts of the JSON to match against using the `matchPattern`. Valid values are `ALL`, `KEY` and `VALUE`. */ matchScope: pulumi.Input; /** * What to do if the body is larger than can be inspected. Valid values are `CONTINUE` (default), `MATCH` and `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; includedPaths?: pulumi.Input[]>; } export interface RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPatternAll { } export interface RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchMethod { } export interface RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchQueryString { } export interface RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader { /** * The name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument { /** * The name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchUriFragment { /** * What AWS WAF should do if it fails to completely parse the JSON body. Valid values are `MATCH` (default) and `NO_MATCH`. */ fallbackBehavior?: pulumi.Input; } export interface RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchUriPath { } export interface RuleGroupRuleStatementRegexPatternSetReferenceStatementTextTransformation { /** * The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * The transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface RuleGroupRuleStatementSizeConstraintStatement { /** * The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`. */ comparisonOperator: pulumi.Input; /** * The part of a web request that you want AWS WAF to inspect. See Field to Match below for details. */ fieldToMatch?: pulumi.Input; /** * The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive. */ size: pulumi.Input; /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. * At least one required. * See Text Transformation below for details. */ textTransformations: pulumi.Input[]>; } export interface RuleGroupRuleStatementSizeConstraintStatementFieldToMatch { /** * Inspect all query arguments. */ allQueryArguments?: pulumi.Input; /** * Inspect the request body, which immediately follows the request headers. */ body?: pulumi.Input; /** * Inspect the cookies in the web request. See Cookies below for details. */ cookies?: pulumi.Input; /** * Inspect the request headers. See Header Order below for details. */ headerOrders?: pulumi.Input[]>; /** * Inspect the request headers. See Headers below for details. */ headers?: pulumi.Input[]>; /** * Inspect the JA3 fingerprint. See `ja3Fingerprint` below for details. */ ja3Fingerprint?: pulumi.Input; /** * Inspect the JA4 fingerprint. See `ja4Fingerprint` below for details. */ ja4Fingerprint?: pulumi.Input; /** * Inspect the request body as JSON. See JSON Body for details. */ jsonBody?: pulumi.Input; /** * Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform. */ method?: pulumi.Input; /** * Inspect the query string. This is the part of a URL that appears after a `?` character, if any. */ queryString?: pulumi.Input; /** * Inspect a single header. See Single Header below for details. */ singleHeader?: pulumi.Input; /** * Inspect a single query argument. See Single Query Argument below for details. */ singleQueryArgument?: pulumi.Input; /** * Inspect the part of a URL that follows the "#" symbol, providing additional information about the resource. See URI Fragment below for details. */ uriFragment?: pulumi.Input; /** * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`. */ uriPath?: pulumi.Input; } export interface RuleGroupRuleStatementSizeConstraintStatementFieldToMatchAllQueryArguments { } export interface RuleGroupRuleStatementSizeConstraintStatementFieldToMatchBody { oversizeHandling?: pulumi.Input; } export interface RuleGroupRuleStatementSizeConstraintStatementFieldToMatchCookies { /** * The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either `all`, `includedCookies` or `excludedCookies`. More details: [CookieMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_CookieMatchPattern.html) */ matchPatterns: pulumi.Input[]>; /** * The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: `ALL`, `KEY`, `VALUE` */ matchScope: pulumi.Input; /** * What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH` */ oversizeHandling: pulumi.Input; } export interface RuleGroupRuleStatementSizeConstraintStatementFieldToMatchCookiesMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; excludedCookies?: pulumi.Input[]>; includedCookies?: pulumi.Input[]>; } export interface RuleGroupRuleStatementSizeConstraintStatementFieldToMatchCookiesMatchPatternAll { } export interface RuleGroupRuleStatementSizeConstraintStatementFieldToMatchHeader { /** * The filter to use to identify the subset of headers to inspect in a web request. The `matchPattern` block supports only one of the following arguments: */ matchPattern: pulumi.Input; /** * The parts of the headers to inspect with the rule inspection criteria. If you specify `All`, AWS WAF inspects both keys and values. Valid values include the following: `ALL`, `Key`, `Value`. */ matchScope: pulumi.Input; /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface RuleGroupRuleStatementSizeConstraintStatementFieldToMatchHeaderMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; /** * An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values. */ excludedHeaders?: pulumi.Input[]>; /** * An array of strings that will be used for inspecting headers that have a key that matches one of the provided values. */ includedHeaders?: pulumi.Input[]>; } export interface RuleGroupRuleStatementSizeConstraintStatementFieldToMatchHeaderMatchPatternAll { } export interface RuleGroupRuleStatementSizeConstraintStatementFieldToMatchHeaderOrder { /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface RuleGroupRuleStatementSizeConstraintStatementFieldToMatchJa3Fingerprint { /** * The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface RuleGroupRuleStatementSizeConstraintStatementFieldToMatchJa4Fingerprint { /** * The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface RuleGroupRuleStatementSizeConstraintStatementFieldToMatchJsonBody { /** * What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are `EVALUATE_AS_STRING`, `MATCH` and `NO_MATCH`. */ invalidFallbackBehavior?: pulumi.Input; /** * The patterns to look for in the JSON body. You must specify exactly one setting: either `all` or `includedPaths`. See [JsonMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_JsonMatchPattern.html) for details. */ matchPattern: pulumi.Input; /** * The parts of the JSON to match against using the `matchPattern`. Valid values are `ALL`, `KEY` and `VALUE`. */ matchScope: pulumi.Input; /** * What to do if the body is larger than can be inspected. Valid values are `CONTINUE` (default), `MATCH` and `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface RuleGroupRuleStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; includedPaths?: pulumi.Input[]>; } export interface RuleGroupRuleStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPatternAll { } export interface RuleGroupRuleStatementSizeConstraintStatementFieldToMatchMethod { } export interface RuleGroupRuleStatementSizeConstraintStatementFieldToMatchQueryString { } export interface RuleGroupRuleStatementSizeConstraintStatementFieldToMatchSingleHeader { /** * The name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface RuleGroupRuleStatementSizeConstraintStatementFieldToMatchSingleQueryArgument { /** * The name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface RuleGroupRuleStatementSizeConstraintStatementFieldToMatchUriFragment { /** * What AWS WAF should do if it fails to completely parse the JSON body. Valid values are `MATCH` (default) and `NO_MATCH`. */ fallbackBehavior?: pulumi.Input; } export interface RuleGroupRuleStatementSizeConstraintStatementFieldToMatchUriPath { } export interface RuleGroupRuleStatementSizeConstraintStatementTextTransformation { /** * The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * The transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface RuleGroupRuleStatementSqliMatchStatement { /** * The part of a web request that you want AWS WAF to inspect. See Field to Match below for details. */ fieldToMatch?: pulumi.Input; /** * Sensitivity that you want AWS WAF to use to inspect for SQL injection attacks. Valid values include: `LOW`, `HIGH`. */ sensitivityLevel?: pulumi.Input; /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. * At least one required. * See Text Transformation below for details. */ textTransformations: pulumi.Input[]>; } export interface RuleGroupRuleStatementSqliMatchStatementFieldToMatch { /** * Inspect all query arguments. */ allQueryArguments?: pulumi.Input; /** * Inspect the request body, which immediately follows the request headers. */ body?: pulumi.Input; /** * Inspect the cookies in the web request. See Cookies below for details. */ cookies?: pulumi.Input; /** * Inspect the request headers. See Header Order below for details. */ headerOrders?: pulumi.Input[]>; /** * Inspect the request headers. See Headers below for details. */ headers?: pulumi.Input[]>; /** * Inspect the JA3 fingerprint. See `ja3Fingerprint` below for details. */ ja3Fingerprint?: pulumi.Input; /** * Inspect the JA4 fingerprint. See `ja4Fingerprint` below for details. */ ja4Fingerprint?: pulumi.Input; /** * Inspect the request body as JSON. See JSON Body for details. */ jsonBody?: pulumi.Input; /** * Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform. */ method?: pulumi.Input; /** * Inspect the query string. This is the part of a URL that appears after a `?` character, if any. */ queryString?: pulumi.Input; /** * Inspect a single header. See Single Header below for details. */ singleHeader?: pulumi.Input; /** * Inspect a single query argument. See Single Query Argument below for details. */ singleQueryArgument?: pulumi.Input; /** * Inspect the part of a URL that follows the "#" symbol, providing additional information about the resource. See URI Fragment below for details. */ uriFragment?: pulumi.Input; /** * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`. */ uriPath?: pulumi.Input; } export interface RuleGroupRuleStatementSqliMatchStatementFieldToMatchAllQueryArguments { } export interface RuleGroupRuleStatementSqliMatchStatementFieldToMatchBody { oversizeHandling?: pulumi.Input; } export interface RuleGroupRuleStatementSqliMatchStatementFieldToMatchCookies { /** * The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either `all`, `includedCookies` or `excludedCookies`. More details: [CookieMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_CookieMatchPattern.html) */ matchPatterns: pulumi.Input[]>; /** * The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: `ALL`, `KEY`, `VALUE` */ matchScope: pulumi.Input; /** * What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH` */ oversizeHandling: pulumi.Input; } export interface RuleGroupRuleStatementSqliMatchStatementFieldToMatchCookiesMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; excludedCookies?: pulumi.Input[]>; includedCookies?: pulumi.Input[]>; } export interface RuleGroupRuleStatementSqliMatchStatementFieldToMatchCookiesMatchPatternAll { } export interface RuleGroupRuleStatementSqliMatchStatementFieldToMatchHeader { /** * The filter to use to identify the subset of headers to inspect in a web request. The `matchPattern` block supports only one of the following arguments: */ matchPattern: pulumi.Input; /** * The parts of the headers to inspect with the rule inspection criteria. If you specify `All`, AWS WAF inspects both keys and values. Valid values include the following: `ALL`, `Key`, `Value`. */ matchScope: pulumi.Input; /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface RuleGroupRuleStatementSqliMatchStatementFieldToMatchHeaderMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; /** * An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values. */ excludedHeaders?: pulumi.Input[]>; /** * An array of strings that will be used for inspecting headers that have a key that matches one of the provided values. */ includedHeaders?: pulumi.Input[]>; } export interface RuleGroupRuleStatementSqliMatchStatementFieldToMatchHeaderMatchPatternAll { } export interface RuleGroupRuleStatementSqliMatchStatementFieldToMatchHeaderOrder { /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface RuleGroupRuleStatementSqliMatchStatementFieldToMatchJa3Fingerprint { /** * The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface RuleGroupRuleStatementSqliMatchStatementFieldToMatchJa4Fingerprint { /** * The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface RuleGroupRuleStatementSqliMatchStatementFieldToMatchJsonBody { /** * What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are `EVALUATE_AS_STRING`, `MATCH` and `NO_MATCH`. */ invalidFallbackBehavior?: pulumi.Input; /** * The patterns to look for in the JSON body. You must specify exactly one setting: either `all` or `includedPaths`. See [JsonMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_JsonMatchPattern.html) for details. */ matchPattern: pulumi.Input; /** * The parts of the JSON to match against using the `matchPattern`. Valid values are `ALL`, `KEY` and `VALUE`. */ matchScope: pulumi.Input; /** * What to do if the body is larger than can be inspected. Valid values are `CONTINUE` (default), `MATCH` and `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface RuleGroupRuleStatementSqliMatchStatementFieldToMatchJsonBodyMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; includedPaths?: pulumi.Input[]>; } export interface RuleGroupRuleStatementSqliMatchStatementFieldToMatchJsonBodyMatchPatternAll { } export interface RuleGroupRuleStatementSqliMatchStatementFieldToMatchMethod { } export interface RuleGroupRuleStatementSqliMatchStatementFieldToMatchQueryString { } export interface RuleGroupRuleStatementSqliMatchStatementFieldToMatchSingleHeader { /** * The name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface RuleGroupRuleStatementSqliMatchStatementFieldToMatchSingleQueryArgument { /** * The name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface RuleGroupRuleStatementSqliMatchStatementFieldToMatchUriFragment { /** * What AWS WAF should do if it fails to completely parse the JSON body. Valid values are `MATCH` (default) and `NO_MATCH`. */ fallbackBehavior?: pulumi.Input; } export interface RuleGroupRuleStatementSqliMatchStatementFieldToMatchUriPath { } export interface RuleGroupRuleStatementSqliMatchStatementTextTransformation { /** * The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * The transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface RuleGroupRuleStatementXssMatchStatement { /** * The part of a web request that you want AWS WAF to inspect. See Field to Match below for details. */ fieldToMatch?: pulumi.Input; /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. * At least one required. * See Text Transformation below for details. */ textTransformations: pulumi.Input[]>; } export interface RuleGroupRuleStatementXssMatchStatementFieldToMatch { /** * Inspect all query arguments. */ allQueryArguments?: pulumi.Input; /** * Inspect the request body, which immediately follows the request headers. */ body?: pulumi.Input; /** * Inspect the cookies in the web request. See Cookies below for details. */ cookies?: pulumi.Input; /** * Inspect the request headers. See Header Order below for details. */ headerOrders?: pulumi.Input[]>; /** * Inspect the request headers. See Headers below for details. */ headers?: pulumi.Input[]>; /** * Inspect the JA3 fingerprint. See `ja3Fingerprint` below for details. */ ja3Fingerprint?: pulumi.Input; /** * Inspect the JA4 fingerprint. See `ja4Fingerprint` below for details. */ ja4Fingerprint?: pulumi.Input; /** * Inspect the request body as JSON. See JSON Body for details. */ jsonBody?: pulumi.Input; /** * Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform. */ method?: pulumi.Input; /** * Inspect the query string. This is the part of a URL that appears after a `?` character, if any. */ queryString?: pulumi.Input; /** * Inspect a single header. See Single Header below for details. */ singleHeader?: pulumi.Input; /** * Inspect a single query argument. See Single Query Argument below for details. */ singleQueryArgument?: pulumi.Input; /** * Inspect the part of a URL that follows the "#" symbol, providing additional information about the resource. See URI Fragment below for details. */ uriFragment?: pulumi.Input; /** * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`. */ uriPath?: pulumi.Input; } export interface RuleGroupRuleStatementXssMatchStatementFieldToMatchAllQueryArguments { } export interface RuleGroupRuleStatementXssMatchStatementFieldToMatchBody { oversizeHandling?: pulumi.Input; } export interface RuleGroupRuleStatementXssMatchStatementFieldToMatchCookies { /** * The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either `all`, `includedCookies` or `excludedCookies`. More details: [CookieMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_CookieMatchPattern.html) */ matchPatterns: pulumi.Input[]>; /** * The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: `ALL`, `KEY`, `VALUE` */ matchScope: pulumi.Input; /** * What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH` */ oversizeHandling: pulumi.Input; } export interface RuleGroupRuleStatementXssMatchStatementFieldToMatchCookiesMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; excludedCookies?: pulumi.Input[]>; includedCookies?: pulumi.Input[]>; } export interface RuleGroupRuleStatementXssMatchStatementFieldToMatchCookiesMatchPatternAll { } export interface RuleGroupRuleStatementXssMatchStatementFieldToMatchHeader { /** * The filter to use to identify the subset of headers to inspect in a web request. The `matchPattern` block supports only one of the following arguments: */ matchPattern: pulumi.Input; /** * The parts of the headers to inspect with the rule inspection criteria. If you specify `All`, AWS WAF inspects both keys and values. Valid values include the following: `ALL`, `Key`, `Value`. */ matchScope: pulumi.Input; /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface RuleGroupRuleStatementXssMatchStatementFieldToMatchHeaderMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; /** * An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values. */ excludedHeaders?: pulumi.Input[]>; /** * An array of strings that will be used for inspecting headers that have a key that matches one of the provided values. */ includedHeaders?: pulumi.Input[]>; } export interface RuleGroupRuleStatementXssMatchStatementFieldToMatchHeaderMatchPatternAll { } export interface RuleGroupRuleStatementXssMatchStatementFieldToMatchHeaderOrder { /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface RuleGroupRuleStatementXssMatchStatementFieldToMatchJa3Fingerprint { /** * The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface RuleGroupRuleStatementXssMatchStatementFieldToMatchJa4Fingerprint { /** * The match status to assign to the web request if the request doesn't have a JA4 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface RuleGroupRuleStatementXssMatchStatementFieldToMatchJsonBody { /** * What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are `EVALUATE_AS_STRING`, `MATCH` and `NO_MATCH`. */ invalidFallbackBehavior?: pulumi.Input; /** * The patterns to look for in the JSON body. You must specify exactly one setting: either `all` or `includedPaths`. See [JsonMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_JsonMatchPattern.html) for details. */ matchPattern: pulumi.Input; /** * The parts of the JSON to match against using the `matchPattern`. Valid values are `ALL`, `KEY` and `VALUE`. */ matchScope: pulumi.Input; /** * What to do if the body is larger than can be inspected. Valid values are `CONTINUE` (default), `MATCH` and `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface RuleGroupRuleStatementXssMatchStatementFieldToMatchJsonBodyMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; includedPaths?: pulumi.Input[]>; } export interface RuleGroupRuleStatementXssMatchStatementFieldToMatchJsonBodyMatchPatternAll { } export interface RuleGroupRuleStatementXssMatchStatementFieldToMatchMethod { } export interface RuleGroupRuleStatementXssMatchStatementFieldToMatchQueryString { } export interface RuleGroupRuleStatementXssMatchStatementFieldToMatchSingleHeader { /** * The name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface RuleGroupRuleStatementXssMatchStatementFieldToMatchSingleQueryArgument { /** * The name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface RuleGroupRuleStatementXssMatchStatementFieldToMatchUriFragment { /** * What AWS WAF should do if it fails to completely parse the JSON body. Valid values are `MATCH` (default) and `NO_MATCH`. */ fallbackBehavior?: pulumi.Input; } export interface RuleGroupRuleStatementXssMatchStatementFieldToMatchUriPath { } export interface RuleGroupRuleStatementXssMatchStatementTextTransformation { /** * The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * The transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface RuleGroupRuleVisibilityConfig { /** * A boolean indicating whether the associated resource sends metrics to CloudWatch. For the list of available metrics, see [AWS WAF Metrics](https://docs.aws.amazon.com/waf/latest/developerguide/monitoring-cloudwatch.html#waf-metrics). */ cloudwatchMetricsEnabled: pulumi.Input; /** * A friendly name of the CloudWatch metric. The name can contain only alphanumeric characters (A-Z, a-z, 0-9) hyphen(-) and underscore (_), with length from one to 128 characters. It can't contain whitespace or metric names reserved for AWS WAF, for example `All` and `Default_Action`. */ metricName: pulumi.Input; /** * A boolean indicating whether AWS WAF should store a sampling of the web requests that match the rules. You can view the sampled requests through the AWS WAF console. */ sampledRequestsEnabled: pulumi.Input; } export interface RuleGroupVisibilityConfig { /** * A boolean indicating whether the associated resource sends metrics to CloudWatch. For the list of available metrics, see [AWS WAF Metrics](https://docs.aws.amazon.com/waf/latest/developerguide/monitoring-cloudwatch.html#waf-metrics). */ cloudwatchMetricsEnabled: pulumi.Input; /** * A friendly name of the CloudWatch metric. The name can contain only alphanumeric characters (A-Z, a-z, 0-9) hyphen(-) and underscore (_), with length from one to 128 characters. It can't contain whitespace or metric names reserved for AWS WAF, for example `All` and `Default_Action`. */ metricName: pulumi.Input; /** * A boolean indicating whether AWS WAF should store a sampling of the web requests that match the rules. You can view the sampled requests through the AWS WAF console. */ sampledRequestsEnabled: pulumi.Input; } export interface WebAclAssociationConfig { /** * Customizes the request body that your protected resource forward to AWS WAF for inspection. See `requestBody` below for details. */ requestBodies?: pulumi.Input[]>; } export interface WebAclAssociationConfigRequestBody { /** * Customizes the request body that your protected Amazon API Gateway REST APIs forward to AWS WAF for inspection. Applicable only when `scope` is set to `CLOUDFRONT`. See `apiGateway` below for details. */ apiGateway?: pulumi.Input; /** * Customizes the request body that your protected Amazon App Runner services forward to AWS WAF for inspection. Applicable only when `scope` is set to `REGIONAL`. See `appRunnerService` below for details. */ appRunnerService?: pulumi.Input; /** * Customizes the request body that your protected Amazon CloudFront distributions forward to AWS WAF for inspection. Applicable only when `scope` is set to `REGIONAL`. See `cloudfront` below for details. */ cloudfront?: pulumi.Input; /** * Customizes the request body that your protected Amazon Cognito user pools forward to AWS WAF for inspection. Applicable only when `scope` is set to `REGIONAL`. See `cognitoUserPool` below for details. */ cognitoUserPool?: pulumi.Input; /** * Customizes the request body that your protected AWS Verfied Access instances forward to AWS WAF for inspection. Applicable only when `scope` is set to `REGIONAL`. See `verifiedAccessInstance` below for details. */ verifiedAccessInstance?: pulumi.Input; } export interface WebAclAssociationConfigRequestBodyApiGateway { /** * Specifies the maximum size of the web request body component that an associated Amazon API Gateway REST APIs should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are `KB_16`, `KB_32`, `KB_48` and `KB_64`. */ defaultSizeInspectionLimit: pulumi.Input; } export interface WebAclAssociationConfigRequestBodyAppRunnerService { /** * Specifies the maximum size of the web request body component that an associated Amazon App Runner services should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are `KB_16`, `KB_32`, `KB_48` and `KB_64`. */ defaultSizeInspectionLimit: pulumi.Input; } export interface WebAclAssociationConfigRequestBodyCloudfront { /** * Specifies the maximum size of the web request body component that an associated Amazon CloudFront distribution should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are `KB_16`, `KB_32`, `KB_48` and `KB_64`. */ defaultSizeInspectionLimit: pulumi.Input; } export interface WebAclAssociationConfigRequestBodyCognitoUserPool { /** * Specifies the maximum size of the web request body component that an associated Amazon Cognito user pools should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are `KB_16`, `KB_32`, `KB_48` and `KB_64`. */ defaultSizeInspectionLimit: pulumi.Input; } export interface WebAclAssociationConfigRequestBodyVerifiedAccessInstance { /** * Specifies the maximum size of the web request body component that an associated AWS Verified Access instances should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are `KB_16`, `KB_32`, `KB_48` and `KB_64`. */ defaultSizeInspectionLimit: pulumi.Input; } export interface WebAclCaptchaConfig { /** * Defines custom immunity time. See `immunityTimeProperty` below for details. */ immunityTimeProperty?: pulumi.Input; } export interface WebAclCaptchaConfigImmunityTimeProperty { /** * The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300. */ immunityTime?: pulumi.Input; } export interface WebAclChallengeConfig { /** * Defines custom immunity time. See `immunityTimeProperty` below for details. */ immunityTimeProperty?: pulumi.Input; } export interface WebAclChallengeConfigImmunityTimeProperty { /** * The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300. */ immunityTime?: pulumi.Input; } export interface WebAclCustomResponseBody { /** * Payload of the custom response. */ content: pulumi.Input; /** * Type of content in the payload that you are defining in the `content` argument. Valid values are `TEXT_PLAIN`, `TEXT_HTML`, or `APPLICATION_JSON`. */ contentType: pulumi.Input; /** * Unique key identifying the custom response body. This is referenced by the `customResponseBodyKey` argument in the `customResponse` block. */ key: pulumi.Input; } export interface WebAclDataProtectionConfig { /** * A block for data protection configurations for specific web request field types. See `dataProtection` block for details. */ dataProtections?: pulumi.Input[]>; } export interface WebAclDataProtectionConfigDataProtection { /** * Specifies how to protect the field. Valid values are `SUBSTITUTION` or `HASH`. */ action: pulumi.Input; /** * Boolean to specify whether to also exclude any rate-based rule details from the data protection you have enabled for a given field. */ excludeRateBasedDetails?: pulumi.Input; /** * Boolean to specify whether to also exclude any rule match details from the data protection you have enabled for a given field. AWS WAF logs these details for non-terminating matching rules and for the terminating matching rule. */ excludeRuleMatchDetails?: pulumi.Input; /** * Specifies the field type and optional keys to apply the protection behavior to. See `field` block below for details. */ field: pulumi.Input; } export interface WebAclDataProtectionConfigDataProtectionField { /** * Array of strings to specify the keys to protect for the specified field type. If you don't specify any key, then all keys for the field type are protected. */ fieldKeys?: pulumi.Input[]>; /** * Specifies the web request component type to protect. Valid Values are `SINGLE_HEADER`, `SINGLE_COOKIE`, `SINGLE_QUERY_ARGUMENT`, `QUERY_STRING`, `BODY`. */ fieldType: pulumi.Input; } export interface WebAclDefaultAction { /** * Specifies that AWS WAF should allow requests by default. See `allow` below for details. */ allow?: pulumi.Input; /** * Specifies that AWS WAF should block requests by default. See `block` below for details. */ block?: pulumi.Input; } export interface WebAclDefaultActionAllow { /** * Defines custom handling for the web request. See `customRequestHandling` below for details. */ customRequestHandling?: pulumi.Input; } export interface WebAclDefaultActionAllowCustomRequestHandling { /** * The `insertHeader` blocks used to define HTTP headers added to the request. See `insertHeader` below for details. */ insertHeaders: pulumi.Input[]>; } export interface WebAclDefaultActionAllowCustomRequestHandlingInsertHeader { /** * Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name `x-amzn-waf-`, to avoid confusion with the headers that are already in the request. For example, for the header name `sample`, AWS WAF inserts the header `x-amzn-waf-sample`. */ name: pulumi.Input; /** * Value of the custom header. */ value: pulumi.Input; } export interface WebAclDefaultActionBlock { /** * Defines a custom response for the web request. See `customResponse` below for details. */ customResponse?: pulumi.Input; } export interface WebAclDefaultActionBlockCustomResponse { /** * References the response body that you want AWS WAF to return to the web request client. This must reference a `key` defined in a `customResponseBody` block of this resource. */ customResponseBodyKey?: pulumi.Input; /** * The HTTP status code to return to the client. */ responseCode: pulumi.Input; /** * The `responseHeader` blocks used to define the HTTP response headers added to the response. See `responseHeader` below for details. */ responseHeaders?: pulumi.Input[]>; } export interface WebAclDefaultActionBlockCustomResponseResponseHeader { /** * Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name `x-amzn-waf-`, to avoid confusion with the headers that are already in the request. For example, for the header name `sample`, AWS WAF inserts the header `x-amzn-waf-sample`. */ name: pulumi.Input; /** * Value of the custom header. */ value: pulumi.Input; } export interface WebAclLoggingConfigurationLoggingFilter { /** * Default handling for logs that don't match any of the specified filtering conditions. Valid values for `defaultBehavior` are `KEEP` or `DROP`. */ defaultBehavior: pulumi.Input; /** * Filter(s) that you want to apply to the logs. See Filter below for more details. */ filters: pulumi.Input[]>; } export interface WebAclLoggingConfigurationLoggingFilterFilter { /** * Parameter that determines how to handle logs that meet the conditions and requirements of the filter. The valid values for `behavior` are `KEEP` or `DROP`. */ behavior: pulumi.Input; /** * Match condition(s) for the filter. See Condition below for more details. */ conditions: pulumi.Input[]>; /** * Logic to apply to the filtering conditions. You can specify that a log must match all conditions or at least one condition in order to satisfy the filter. Valid values for `requirement` are `MEETS_ALL` or `MEETS_ANY`. */ requirement: pulumi.Input; } export interface WebAclLoggingConfigurationLoggingFilterFilterCondition { /** * Configuration for a single action condition. See Action Condition below for more details. */ actionCondition?: pulumi.Input; /** * Condition for a single label name. See Label Name Condition below for more details. */ labelNameCondition?: pulumi.Input; } export interface WebAclLoggingConfigurationLoggingFilterFilterConditionActionCondition { /** * Action setting that a log record must contain in order to meet the condition. Valid values for `action` are `ALLOW`, `BLOCK`, `COUNT`, `CAPTCHA`, `CHALLENGE` and `EXCLUDED_AS_COUNT`. */ action: pulumi.Input; } export interface WebAclLoggingConfigurationLoggingFilterFilterConditionLabelNameCondition { /** * Name of the label that a log record must contain in order to meet the condition. It must be a fully qualified label name, which includes a prefix, optional namespaces, and the label name itself. The prefix identifies the rule group or web ACL context of the rule that added the label. */ labelName: pulumi.Input; } export interface WebAclLoggingConfigurationRedactedField { /** * HTTP method to be redacted. It must be specified as an empty configuration block `{}`. The method indicates the type of operation that the request is asking the origin to perform. */ method?: pulumi.Input; /** * Whether to redact the query string. It must be specified as an empty configuration block `{}`. The query string is the part of a URL that appears after a `?` character, if any. */ queryString?: pulumi.Input; /** * "singleHeader" refers to the redaction of a single header. For more information, please see the details below under Single Header. */ singleHeader?: pulumi.Input; /** * Configuration block that redacts the request URI path. It should be specified as an empty configuration block `{}`. The URI path is the part of a web request that identifies a resource, such as `/images/daily-ad.jpg`. */ uriPath?: pulumi.Input; } export interface WebAclLoggingConfigurationRedactedFieldMethod { } export interface WebAclLoggingConfigurationRedactedFieldQueryString { } export interface WebAclLoggingConfigurationRedactedFieldSingleHeader { /** * Name of the query header to redact. This setting must be provided in lowercase characters. */ name: pulumi.Input; } export interface WebAclLoggingConfigurationRedactedFieldUriPath { } export interface WebAclRule { /** * Action that AWS WAF should take on a web request when it matches the rule's statement. This is used only for rules whose **statements do not reference a rule group**. See `action` for details. */ action?: pulumi.Input; /** * Specifies how AWS WAF should handle CAPTCHA evaluations. See `captchaConfig` below for details. */ captchaConfig?: pulumi.Input; /** * Specifies how AWS WAF should handle Challenge evaluations on the rule level. See `challengeConfig` below for details. */ challengeConfig?: pulumi.Input; /** * Friendly name of the rule. Note that the provider assumes that rules with names matching this pattern, `^ShieldMitigationRuleGroup___.*`, are AWS-added for [automatic application layer DDoS mitigation activities](https://docs.aws.amazon.com/waf/latest/developerguide/ddos-automatic-app-layer-response-rg.html). Such rules will be ignored by the provider unless you explicitly include them in your configuration (for example, by using the AWS CLI to discover their properties and creating matching configuration). However, since these rules are owned and managed by AWS, you may get permission errors. */ name: pulumi.Input; /** * Override action to apply to the rules in a rule group. Used only for rule **statements that reference a rule group**, like `ruleGroupReferenceStatement` and `managedRuleGroupStatement`. See `overrideAction` below for details. */ overrideAction?: pulumi.Input; /** * If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the `rules` in order based on the value of `priority`. AWS WAF processes rules with lower priority first. */ priority: pulumi.Input; /** * Labels to apply to web requests that match the rule match statement. See `ruleLabel` below for details. */ ruleLabels?: pulumi.Input[]>; /** * The AWS WAF processing statement for the rule, for example `byteMatchStatement` or `geoMatchStatement`. See `statement` below for details. */ statement: pulumi.Input; /** * Defines and enables Amazon CloudWatch metrics and web request sample collection. See `visibilityConfig` below for details. */ visibilityConfig: pulumi.Input; } export interface WebAclRuleAction { /** * Instructs AWS WAF to allow the web request. See `allow` below for details. */ allow?: pulumi.Input; /** * Instructs AWS WAF to block the web request. See `block` below for details. */ block?: pulumi.Input; /** * Instructs AWS WAF to run a Captcha check against the web request. See `captcha` below for details. */ captcha?: pulumi.Input; /** * Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See `challenge` below for details. */ challenge?: pulumi.Input; /** * Instructs AWS WAF to count the web request and allow it. See `count` below for details. */ count?: pulumi.Input; } export interface WebAclRuleActionAllow { /** * Defines custom handling for the web request. See `customRequestHandling` below for details. */ customRequestHandling?: pulumi.Input; } export interface WebAclRuleActionAllowCustomRequestHandling { /** * The `insertHeader` blocks used to define HTTP headers added to the request. See `insertHeader` below for details. */ insertHeaders: pulumi.Input[]>; } export interface WebAclRuleActionAllowCustomRequestHandlingInsertHeader { /** * Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name `x-amzn-waf-`, to avoid confusion with the headers that are already in the request. For example, for the header name `sample`, AWS WAF inserts the header `x-amzn-waf-sample`. */ name: pulumi.Input; /** * Value of the custom header. */ value: pulumi.Input; } export interface WebAclRuleActionBlock { /** * Defines a custom response for the web request. See `customResponse` below for details. */ customResponse?: pulumi.Input; } export interface WebAclRuleActionBlockCustomResponse { /** * References the response body that you want AWS WAF to return to the web request client. This must reference a `key` defined in a `customResponseBody` block of this resource. */ customResponseBodyKey?: pulumi.Input; /** * The HTTP status code to return to the client. */ responseCode: pulumi.Input; /** * The `responseHeader` blocks used to define the HTTP response headers added to the response. See `responseHeader` below for details. */ responseHeaders?: pulumi.Input[]>; } export interface WebAclRuleActionBlockCustomResponseResponseHeader { /** * Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name `x-amzn-waf-`, to avoid confusion with the headers that are already in the request. For example, for the header name `sample`, AWS WAF inserts the header `x-amzn-waf-sample`. */ name: pulumi.Input; /** * Value of the custom header. */ value: pulumi.Input; } export interface WebAclRuleActionCaptcha { /** * Defines custom handling for the web request. See `customRequestHandling` below for details. */ customRequestHandling?: pulumi.Input; } export interface WebAclRuleActionCaptchaCustomRequestHandling { /** * The `insertHeader` blocks used to define HTTP headers added to the request. See `insertHeader` below for details. */ insertHeaders: pulumi.Input[]>; } export interface WebAclRuleActionCaptchaCustomRequestHandlingInsertHeader { /** * Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name `x-amzn-waf-`, to avoid confusion with the headers that are already in the request. For example, for the header name `sample`, AWS WAF inserts the header `x-amzn-waf-sample`. */ name: pulumi.Input; /** * Value of the custom header. */ value: pulumi.Input; } export interface WebAclRuleActionChallenge { /** * Defines custom handling for the web request. See `customRequestHandling` below for details. */ customRequestHandling?: pulumi.Input; } export interface WebAclRuleActionChallengeCustomRequestHandling { /** * The `insertHeader` blocks used to define HTTP headers added to the request. See `insertHeader` below for details. */ insertHeaders: pulumi.Input[]>; } export interface WebAclRuleActionChallengeCustomRequestHandlingInsertHeader { /** * Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name `x-amzn-waf-`, to avoid confusion with the headers that are already in the request. For example, for the header name `sample`, AWS WAF inserts the header `x-amzn-waf-sample`. */ name: pulumi.Input; /** * Value of the custom header. */ value: pulumi.Input; } export interface WebAclRuleActionCount { /** * Defines custom handling for the web request. See `customRequestHandling` below for details. */ customRequestHandling?: pulumi.Input; } export interface WebAclRuleActionCountCustomRequestHandling { /** * The `insertHeader` blocks used to define HTTP headers added to the request. See `insertHeader` below for details. */ insertHeaders: pulumi.Input[]>; } export interface WebAclRuleActionCountCustomRequestHandlingInsertHeader { /** * Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name `x-amzn-waf-`, to avoid confusion with the headers that are already in the request. For example, for the header name `sample`, AWS WAF inserts the header `x-amzn-waf-sample`. */ name: pulumi.Input; /** * Value of the custom header. */ value: pulumi.Input; } export interface WebAclRuleCaptchaConfig { /** * Defines custom immunity time. See `immunityTimeProperty` below for details. */ immunityTimeProperty?: pulumi.Input; } export interface WebAclRuleCaptchaConfigImmunityTimeProperty { /** * The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300. */ immunityTime?: pulumi.Input; } export interface WebAclRuleChallengeConfig { /** * Defines custom immunity time. See `immunityTimeProperty` below for details. */ immunityTimeProperty?: pulumi.Input; } export interface WebAclRuleChallengeConfigImmunityTimeProperty { /** * The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300. */ immunityTime?: pulumi.Input; } export interface WebAclRuleGroupAssociationManagedRuleGroup { /** * Name of the managed rule group. */ name: pulumi.Input; /** * Override actions for specific rules within the rule group. See below. */ ruleActionOverrides?: pulumi.Input[]>; /** * Name of the managed rule group vendor. For AWS managed rule groups, this is `AWS`. */ vendorName: pulumi.Input; /** * Version of the managed rule group. If not specified, the default version is used. */ version?: pulumi.Input; } export interface WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverride { /** * Action to use instead of the rule's original action. See below. */ actionToUse?: pulumi.Input; /** * Name of the rule to override within the rule group. Verify the name carefully. With managed rule groups, WAF silently ignores any override that uses an invalid rule name. With customer-owned rule groups, invalid rule names in your overrides will cause web ACL updates to fail. An invalid rule name is any name that doesn't exactly match the case-sensitive name of an existing rule in the rule group. */ name: pulumi.Input; } export interface WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUse { /** * Allow the request. See below. */ allow?: pulumi.Input; /** * Block the request. See below. */ block?: pulumi.Input; /** * Require CAPTCHA verification. See below. */ captcha?: pulumi.Input; /** * Require challenge verification. See below. */ challenge?: pulumi.Input; /** * Count the request without taking action. See below. */ count?: pulumi.Input; } export interface WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseAllow { /** * Custom handling for allowed requests. See below. */ customRequestHandling?: pulumi.Input; } export interface WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseAllowCustomRequestHandling { /** * Headers to insert into the request. See below. */ insertHeaders?: pulumi.Input[]>; } export interface WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseAllowCustomRequestHandlingInsertHeader { /** * Name of the header to insert. */ name: pulumi.Input; /** * Value of the header to insert. */ value: pulumi.Input; } export interface WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseBlock { /** * Custom response for blocked requests. See below. */ customResponse?: pulumi.Input; } export interface WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseBlockCustomResponse { /** * Key of a custom response body to use. */ customResponseBodyKey?: pulumi.Input; /** * HTTP response code to return (200-599). */ responseCode: pulumi.Input; /** * Headers to include in the response. See below. */ responseHeaders?: pulumi.Input[]>; } export interface WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseBlockCustomResponseResponseHeader { /** * Name of the response header. */ name: pulumi.Input; /** * Value of the response header. */ value: pulumi.Input; } export interface WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCaptcha { /** * Custom handling for CAPTCHA requests. See below. */ customRequestHandling?: pulumi.Input; } export interface WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCaptchaCustomRequestHandling { /** * Headers to insert into the request. See below. */ insertHeaders?: pulumi.Input[]>; } export interface WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeader { /** * Name of the header to insert. */ name: pulumi.Input; /** * Value of the header to insert. */ value: pulumi.Input; } export interface WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseChallenge { /** * Custom handling for challenge requests. See below. */ customRequestHandling?: pulumi.Input; } export interface WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseChallengeCustomRequestHandling { /** * Headers to insert into the request. See below. */ insertHeaders?: pulumi.Input[]>; } export interface WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseChallengeCustomRequestHandlingInsertHeader { /** * Name of the header to insert. */ name: pulumi.Input; /** * Value of the header to insert. */ value: pulumi.Input; } export interface WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCount { /** * Custom handling for counted requests. See below. */ customRequestHandling?: pulumi.Input; } export interface WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCountCustomRequestHandling { /** * Headers to insert into the request. See below. */ insertHeaders?: pulumi.Input[]>; } export interface WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeader { /** * Name of the header to insert. */ name: pulumi.Input; /** * Value of the header to insert. */ value: pulumi.Input; } export interface WebAclRuleGroupAssociationRuleGroupReference { /** * ARN of the Rule Group to associate with the Web ACL. */ arn: pulumi.Input; /** * Override actions for specific rules within the rule group. See below. */ ruleActionOverrides?: pulumi.Input[]>; } export interface WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverride { /** * Action to use instead of the rule's original action. See below. */ actionToUse?: pulumi.Input; /** * Name of the rule to override within the rule group. Verify the name carefully. With managed rule groups, WAF silently ignores any override that uses an invalid rule name. With customer-owned rule groups, invalid rule names in your overrides will cause web ACL updates to fail. An invalid rule name is any name that doesn't exactly match the case-sensitive name of an existing rule in the rule group. */ name: pulumi.Input; } export interface WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUse { /** * Allow the request. See below. */ allow?: pulumi.Input; /** * Block the request. See below. */ block?: pulumi.Input; /** * Require CAPTCHA verification. See below. */ captcha?: pulumi.Input; /** * Require challenge verification. See below. */ challenge?: pulumi.Input; /** * Count the request without taking action. See below. */ count?: pulumi.Input; } export interface WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseAllow { /** * Custom handling for allowed requests. See below. */ customRequestHandling?: pulumi.Input; } export interface WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseAllowCustomRequestHandling { /** * Headers to insert into the request. See below. */ insertHeaders?: pulumi.Input[]>; } export interface WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseAllowCustomRequestHandlingInsertHeader { /** * Name of the header to insert. */ name: pulumi.Input; /** * Value of the header to insert. */ value: pulumi.Input; } export interface WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseBlock { /** * Custom response for blocked requests. See below. */ customResponse?: pulumi.Input; } export interface WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseBlockCustomResponse { /** * Key of a custom response body to use. */ customResponseBodyKey?: pulumi.Input; /** * HTTP response code to return (200-599). */ responseCode: pulumi.Input; /** * Headers to include in the response. See below. */ responseHeaders?: pulumi.Input[]>; } export interface WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseBlockCustomResponseResponseHeader { /** * Name of the response header. */ name: pulumi.Input; /** * Value of the response header. */ value: pulumi.Input; } export interface WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCaptcha { /** * Custom handling for CAPTCHA requests. See below. */ customRequestHandling?: pulumi.Input; } export interface WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCaptchaCustomRequestHandling { /** * Headers to insert into the request. See below. */ insertHeaders?: pulumi.Input[]>; } export interface WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeader { /** * Name of the header to insert. */ name: pulumi.Input; /** * Value of the header to insert. */ value: pulumi.Input; } export interface WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseChallenge { /** * Custom handling for challenge requests. See below. */ customRequestHandling?: pulumi.Input; } export interface WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseChallengeCustomRequestHandling { /** * Headers to insert into the request. See below. */ insertHeaders?: pulumi.Input[]>; } export interface WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseChallengeCustomRequestHandlingInsertHeader { /** * Name of the header to insert. */ name: pulumi.Input; /** * Value of the header to insert. */ value: pulumi.Input; } export interface WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCount { /** * Custom handling for counted requests. See below. */ customRequestHandling?: pulumi.Input; } export interface WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCountCustomRequestHandling { /** * Headers to insert into the request. See below. */ insertHeaders?: pulumi.Input[]>; } export interface WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeader { /** * Name of the header to insert. */ name: pulumi.Input; /** * Value of the header to insert. */ value: pulumi.Input; } export interface WebAclRuleGroupAssociationTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface WebAclRuleOverrideAction { /** * Override the rule action setting to count (i.e., only count matches). Configured as an empty block `{}`. */ count?: pulumi.Input; /** * Don't override the rule action setting. Configured as an empty block `{}`. */ none?: pulumi.Input; } export interface WebAclRuleOverrideActionCount { } export interface WebAclRuleOverrideActionNone { } export interface WebAclRuleRuleLabel { /** * Label string. */ name: pulumi.Input; } export interface WebAclRuleStatement { /** * Logical rule statement used to combine other rule statements with AND logic. See `andStatement` below for details. */ andStatement?: pulumi.Input; /** * Rule statement that inspects web traffic based on the Autonomous System Number (ASN) associated with the request's IP address. See `asnMatchStatement` below for details. */ asnMatchStatement?: pulumi.Input; /** * Rule statement that defines a string match search for AWS WAF to apply to web requests. See `byteMatchStatement` below for details. */ byteMatchStatement?: pulumi.Input; /** * Rule statement used to identify web requests based on country of origin. See `geoMatchStatement` below for details. */ geoMatchStatement?: pulumi.Input; /** * Rule statement used to detect web requests coming from particular IP addresses or address ranges. See `ipSetReferenceStatement` below for details. */ ipSetReferenceStatement?: pulumi.Input; /** * Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See `labelMatchStatement` below for details. */ labelMatchStatement?: pulumi.Input; /** * Rule statement used to run the rules that are defined in a managed rule group. This statement can not be nested. See `managedRuleGroupStatement` below for details. */ managedRuleGroupStatement?: pulumi.Input; /** * Logical rule statement used to negate the results of another rule statement. See `notStatement` below for details. */ notStatement?: pulumi.Input; /** * Logical rule statement used to combine other rule statements with OR logic. See `orStatement` below for details. */ orStatement?: pulumi.Input; /** * Rate-based rule tracks the rate of requests for each originating `IP address`, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any `5-minute` time span. This statement can not be nested. See `rateBasedStatement` below for details. */ rateBasedStatement?: pulumi.Input; /** * Rule statement used to search web request components for a match against a single regular expression. See `regexMatchStatement` below for details. */ regexMatchStatement?: pulumi.Input; /** * Rule statement used to search web request components for matches with regular expressions. See `regexPatternSetReferenceStatement` below for details. */ regexPatternSetReferenceStatement?: pulumi.Input; /** * Rule statement used to run the rules that are defined in an WAFv2 Rule Group. See `ruleGroupReferenceStatement` below for details. */ ruleGroupReferenceStatement?: pulumi.Input; /** * Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See `sizeConstraintStatement` below for more details. */ sizeConstraintStatement?: pulumi.Input; /** * An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See `sqliMatchStatement` below for details. */ sqliMatchStatement?: pulumi.Input; /** * Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See `xssMatchStatement` below for details. */ xssMatchStatement?: pulumi.Input; } export interface WebAclRuleStatementAndStatement { /** * The statements to combine. */ statements: pulumi.Input[]>; } export interface WebAclRuleStatementAsnMatchStatement { /** * List of Autonomous System Numbers (ASNs). */ asnLists: pulumi.Input[]>; /** * Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See `forwardedIpConfig` below for more details. */ forwardedIpConfig?: pulumi.Input; } export interface WebAclRuleStatementAsnMatchStatementForwardedIpConfig { /** * Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; /** * Name of the HTTP header to use for the IP address. */ headerName: pulumi.Input; } export interface WebAclRuleStatementByteMatchStatement { /** * Part of a web request that you want AWS WAF to inspect. See `fieldToMatch` below for details. */ fieldToMatch?: pulumi.Input; /** * Area within the portion of a web request that you want AWS WAF to search for `searchString`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information. */ positionalConstraint: pulumi.Input; /** * String value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `fieldToMatch`. The maximum length of the value is 50 bytes. */ searchString: pulumi.Input; /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See `textTransformation` below for details. */ textTransformations: pulumi.Input[]>; } export interface WebAclRuleStatementByteMatchStatementFieldToMatch { /** * Inspect all query arguments. */ allQueryArguments?: pulumi.Input; /** * Inspect the request body, which immediately follows the request headers. See `body` below for details. */ body?: pulumi.Input; /** * Inspect the cookies in the web request. See `cookies` below for details. */ cookies?: pulumi.Input; /** * Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See `headerOrder` below for details. */ headerOrders?: pulumi.Input[]>; /** * Inspect the request headers. See `headers` below for details. */ headers?: pulumi.Input[]>; /** * Inspect the JA3 fingerprint. See `ja3Fingerprint` below for details. */ ja3Fingerprint?: pulumi.Input; /** * Inspect the JA3 fingerprint. See `ja4Fingerprint` below for details. */ ja4Fingerprint?: pulumi.Input; /** * Inspect the request body as JSON. See `jsonBody` for details. */ jsonBody?: pulumi.Input; /** * Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform. */ method?: pulumi.Input; /** * Inspect the query string. This is the part of a URL that appears after a `?` character, if any. */ queryString?: pulumi.Input; /** * Inspect a single header. See `singleHeader` below for details. */ singleHeader?: pulumi.Input; /** * Inspect a single query argument. See `singleQueryArgument` below for details. */ singleQueryArgument?: pulumi.Input; /** * Inspect the part of a URL that follows the "#" symbol, providing additional information about the resource. See `uriFragment` below for details. */ uriFragment?: pulumi.Input; /** * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`. */ uriPath?: pulumi.Input; } export interface WebAclRuleStatementByteMatchStatementFieldToMatchAllQueryArguments { } export interface WebAclRuleStatementByteMatchStatementFieldToMatchBody { /** * What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface WebAclRuleStatementByteMatchStatementFieldToMatchCookies { /** * The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either `all`, `includedCookies` or `excludedCookies`. More details: [CookieMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_CookieMatchPattern.html) */ matchPatterns: pulumi.Input[]>; /** * The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: `ALL`, `KEY`, `VALUE` */ matchScope: pulumi.Input; /** * What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH`. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementByteMatchStatementFieldToMatchCookiesMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; excludedCookies?: pulumi.Input[]>; includedCookies?: pulumi.Input[]>; } export interface WebAclRuleStatementByteMatchStatementFieldToMatchCookiesMatchPatternAll { } export interface WebAclRuleStatementByteMatchStatementFieldToMatchHeader { /** * The filter to use to identify the subset of headers to inspect in a web request. The `matchPattern` block supports only one of the following arguments: */ matchPattern: pulumi.Input; /** * The parts of the headers to inspect with the rule inspection criteria. If you specify `All`, AWS WAF inspects both keys and values. Valid values include the following: `ALL`, `Key`, `Value`. */ matchScope: pulumi.Input; /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementByteMatchStatementFieldToMatchHeaderMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; /** * An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values. */ excludedHeaders?: pulumi.Input[]>; /** * An array of strings that will be used for inspecting headers that have a key that matches one of the provided values. */ includedHeaders?: pulumi.Input[]>; } export interface WebAclRuleStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll { } export interface WebAclRuleStatementByteMatchStatementFieldToMatchHeaderOrder { /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementByteMatchStatementFieldToMatchJa3Fingerprint { /** * Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface WebAclRuleStatementByteMatchStatementFieldToMatchJa4Fingerprint { /** * Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA4 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface WebAclRuleStatementByteMatchStatementFieldToMatchJsonBody { /** * What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are `EVALUATE_AS_STRING`, `MATCH` and `NO_MATCH`. */ invalidFallbackBehavior?: pulumi.Input; /** * The patterns to look for in the JSON body. You must specify exactly one setting: either `all` or `includedPaths`. See [JsonMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_JsonMatchPattern.html) for details. */ matchPattern: pulumi.Input; /** * The parts of the JSON to match against using the `matchPattern`. Valid values are `ALL`, `KEY` and `VALUE`. */ matchScope: pulumi.Input; /** * What to do if the body is larger than can be inspected. Valid values are `CONTINUE` (default), `MATCH` and `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface WebAclRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; includedPaths?: pulumi.Input[]>; } export interface WebAclRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternAll { } export interface WebAclRuleStatementByteMatchStatementFieldToMatchMethod { } export interface WebAclRuleStatementByteMatchStatementFieldToMatchQueryString { } export interface WebAclRuleStatementByteMatchStatementFieldToMatchSingleHeader { /** * Name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface WebAclRuleStatementByteMatchStatementFieldToMatchSingleQueryArgument { /** * Name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface WebAclRuleStatementByteMatchStatementFieldToMatchUriFragment { /** * What AWS WAF should do if it fails to completely parse the JSON body. Valid values are `MATCH` (default) and `NO_MATCH`. */ fallbackBehavior?: pulumi.Input; } export interface WebAclRuleStatementByteMatchStatementFieldToMatchUriPath { } export interface WebAclRuleStatementByteMatchStatementTextTransformation { /** * Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * Transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface WebAclRuleStatementGeoMatchStatement { /** * Array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values. */ countryCodes: pulumi.Input[]>; /** * Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See `forwardedIpConfig` below for details. */ forwardedIpConfig?: pulumi.Input; } export interface WebAclRuleStatementGeoMatchStatementForwardedIpConfig { /** * Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; /** * Name of the HTTP header to use for the IP address. */ headerName: pulumi.Input; } export interface WebAclRuleStatementIpSetReferenceStatement { /** * The Amazon Resource Name (ARN) of the IP Set that this statement references. */ arn: pulumi.Input; /** * Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See `ipSetForwardedIpConfig` below for more details. */ ipSetForwardedIpConfig?: pulumi.Input; } export interface WebAclRuleStatementIpSetReferenceStatementIpSetForwardedIpConfig { /** * Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; /** * Name of the HTTP header to use for the IP address. */ headerName: pulumi.Input; /** * Position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10. */ position: pulumi.Input; } export interface WebAclRuleStatementLabelMatchStatement { /** * String to match against. */ key: pulumi.Input; /** * Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`. */ scope: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatement { /** * Additional information that's used by a managed rule group. Only one rule attribute is allowed in each config. See `managedRuleGroupConfigs` for more details */ managedRuleGroupConfigs?: pulumi.Input[]>; /** * Name of the managed rule group. */ name: pulumi.Input; /** * Action settings to use in the place of the rule actions that are configured inside the rule group. You specify one override for each rule whose action you want to change. See `ruleActionOverride` below for details. */ ruleActionOverrides?: pulumi.Input[]>; /** * Narrows the scope of the statement to matching web requests. This can be any nestable statement, and you can nest statements at any level below this scope-down statement. See `statement` above for details. */ scopeDownStatement?: pulumi.Input; /** * Name of the managed rule group vendor. */ vendorName: pulumi.Input; /** * Version of the managed rule group. You can set `Version_1.0` or `Version_1.1` etc. If you want to use the default version, do not set anything. */ version?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfig { /** * Additional configuration for using the Account Creation Fraud Prevention managed rule group. Use this to specify information such as the registration page of your application and the type of content to accept or reject from the client. */ awsManagedRulesAcfpRuleSet?: pulumi.Input; /** * Configuration for using the anti-DDoS managed rule group. See `awsManagedRulesAntiDdosRuleSet` for more details. */ awsManagedRulesAntiDdosRuleSet?: pulumi.Input; /** * Additional configuration for using the Account Takeover Protection managed rule group. Use this to specify information such as the sign-in page of your application and the type of content to accept or reject from the client. */ awsManagedRulesAtpRuleSet?: pulumi.Input; /** * Additional configuration for using the Bot Control managed rule group. Use this to specify the inspection level that you want to use. See `awsManagedRulesBotControlRuleSet` for more details */ awsManagedRulesBotControlRuleSet?: pulumi.Input; /** * The path of the login endpoint for your application. */ loginPath?: pulumi.Input; /** * Details about your login page password field. See `passwordField` for more details. */ passwordField?: pulumi.Input; /** * The payload type for your login endpoint, either JSON or form encoded. */ payloadType?: pulumi.Input; /** * Details about your login page username field. See `usernameField` for more details. */ usernameField?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSet { /** * The path of the account creation endpoint for your application. This is the page on your website that accepts the completed registration form for a new user. This page must accept POST requests. */ creationPath: pulumi.Input; /** * Whether or not to allow the use of regular expressions in the login page path. */ enableRegexInPath?: pulumi.Input; /** * The path of the account registration endpoint for your application. This is the page on your website that presents the registration form to new users. This page must accept GET text/html requests. */ registrationPagePath: pulumi.Input; /** * The criteria for inspecting login requests, used by the ATP rule group to validate credentials usage. See `requestInspection` for more details. */ requestInspection: pulumi.Input; /** * The criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates. Note that Response Inspection is available only on web ACLs that protect CloudFront distributions. See `responseInspection` for more details. */ responseInspection?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspection { addressFields?: pulumi.Input; emailField?: pulumi.Input; /** * Details about your login page password field. See `passwordField` for more details. */ passwordField?: pulumi.Input; /** * The payload type for your login endpoint, either JSON or form encoded. */ payloadType: pulumi.Input; phoneNumberFields?: pulumi.Input; /** * Details about your login page username field. See `usernameField` for more details. */ usernameField?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionAddressFields { /** * The names of the address fields. */ identifiers: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionEmailField { /** * The name of the field in the request payload that contains your customer's email. */ identifier: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionPasswordField { /** * The name of the password field. */ identifier: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionPhoneNumberFields { /** * The names of the phone number fields. */ identifiers: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionUsernameField { /** * The name of the username field. */ identifier: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspection { /** * Configures inspection of the response body. See `bodyContains` for more details. */ bodyContains?: pulumi.Input; /** * Configures inspection of the response header.See `header` for more details. */ header?: pulumi.Input; /** * Configures inspection of the response JSON. See `json` for more details. */ json?: pulumi.Input; /** * Configures inspection of the response status code.See `statusCode` for more details. */ statusCode?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionBodyContains { /** * Strings in the body of the response that indicate a failed login attempt. */ failureStrings: pulumi.Input[]>; /** * Strings in the body of the response that indicate a successful login attempt. */ successStrings: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionHeader { /** * Values in the response header with the specified name that indicate a failed login attempt. */ failureValues: pulumi.Input[]>; /** * The name of the header to use. */ name: pulumi.Input; /** * Values in the response header with the specified name that indicate a successful login attempt. */ successValues: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionJson { /** * Values in the response header with the specified name that indicate a failed login attempt. */ failureValues: pulumi.Input[]>; /** * The identifier for the value to match against in the JSON. */ identifier: pulumi.Input; /** * Values in the response header with the specified name that indicate a successful login attempt. */ successValues: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionStatusCode { /** * Status codes in the response that indicate a failed login attempt. */ failureCodes: pulumi.Input[]>; /** * Status codes in the response that indicate a successful login attempt. */ successCodes: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAntiDdosRuleSet { /** * Configuration for the request handling that's applied by the managed rule group rules `ChallengeAllDuringEvent` and `ChallengeDDoSRequests` during a distributed denial of service (DDoS) attack. See `clientSideActionConfig` for more details. */ clientSideActionConfig: pulumi.Input; /** * Sensitivity that the rule group rule DDoSRequests uses when matching against the DDoS suspicion labeling on a request. Valid values are `LOW` (Default), `MEDIUM`, and `HIGH`. */ sensitivityToBlock?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAntiDdosRuleSetClientSideActionConfig { /** * Configuration for the use of the `AWSManagedRulesAntiDDoSRuleSet` rules `ChallengeAllDuringEvent` and `ChallengeDDoSRequests`. */ challenge: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAntiDdosRuleSetClientSideActionConfigChallenge { /** * Block for the list of the regular expressions to match against the web request URI, used to identify requests that can't handle a silent browser challenge. */ exemptUriRegularExpressions?: pulumi.Input[]>; /** * Sensitivity that the rule group rule ChallengeDDoSRequests uses when matching against the DDoS suspicion labeling on a request. Valid values are `LOW`, `MEDIUM` and `HIGH` (Default). */ sensitivity?: pulumi.Input; /** * Configuration whether to use the `AWSManagedRulesAntiDDoSRuleSet` rules `ChallengeAllDuringEvent` and `ChallengeDDoSRequests` in the rule group evaluation. Valid values are `ENABLED` and `DISABLED`. */ usageOfAction: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAntiDdosRuleSetClientSideActionConfigChallengeExemptUriRegularExpression { /** * Regular expression string. */ regexString?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSet { /** * Whether or not to allow the use of regular expressions in the login page path. */ enableRegexInPath?: pulumi.Input; /** * The path of the login endpoint for your application. */ loginPath: pulumi.Input; /** * The criteria for inspecting login requests, used by the ATP rule group to validate credentials usage. See `requestInspection` for more details. */ requestInspection?: pulumi.Input; /** * The criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates. Note that Response Inspection is available only on web ACLs that protect CloudFront distributions. See `responseInspection` for more details. */ responseInspection?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspection { /** * Details about your login page password field. See `passwordField` for more details. */ passwordField: pulumi.Input; /** * The payload type for your login endpoint, either JSON or form encoded. */ payloadType: pulumi.Input; /** * Details about your login page username field. See `usernameField` for more details. */ usernameField: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionPasswordField { /** * The name of the password field. */ identifier: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionUsernameField { /** * The name of the username field. */ identifier: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspection { /** * Configures inspection of the response body. See `bodyContains` for more details. */ bodyContains?: pulumi.Input; /** * Configures inspection of the response header.See `header` for more details. */ header?: pulumi.Input; /** * Configures inspection of the response JSON. See `json` for more details. */ json?: pulumi.Input; /** * Configures inspection of the response status code.See `statusCode` for more details. */ statusCode?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionBodyContains { /** * Strings in the body of the response that indicate a failed login attempt. */ failureStrings: pulumi.Input[]>; /** * Strings in the body of the response that indicate a successful login attempt. */ successStrings: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionHeader { /** * Values in the response header with the specified name that indicate a failed login attempt. */ failureValues: pulumi.Input[]>; /** * The name of the header to use. */ name: pulumi.Input; /** * Values in the response header with the specified name that indicate a successful login attempt. */ successValues: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionJson { /** * Values in the response header with the specified name that indicate a failed login attempt. */ failureValues: pulumi.Input[]>; /** * The identifier for the value to match against in the JSON. */ identifier: pulumi.Input; /** * Values in the response header with the specified name that indicate a successful login attempt. */ successValues: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionStatusCode { /** * Status codes in the response that indicate a failed login attempt. */ failureCodes: pulumi.Input[]>; /** * Status codes in the response that indicate a successful login attempt. */ successCodes: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesBotControlRuleSet { /** * Applies only to the targeted inspection level. Determines whether to use machine learning (ML) to analyze your web traffic for bot-related activity. Defaults to `true`. */ enableMachineLearning?: pulumi.Input; /** * The inspection level to use for the Bot Control rule group. */ inspectionLevel: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigPasswordField { /** * The name of the password field. */ identifier: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigUsernameField { /** * The name of the username field. */ identifier: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementRuleActionOverride { /** * Override action to use, in place of the configured action of the rule in the rule group. See `action` for details. */ actionToUse: pulumi.Input; /** * Name of the rule to override. See the [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-list.html) for a list of names in the appropriate rule group in use. */ name: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUse { allow?: pulumi.Input; block?: pulumi.Input; /** * Instructs AWS WAF to run a Captcha check against the web request. See `captcha` below for details. */ captcha?: pulumi.Input; challenge?: pulumi.Input; count?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllow { /** * Defines custom handling for the web request. See `customRequestHandling` below for details. */ customRequestHandling?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowCustomRequestHandling { /** * The `insertHeader` blocks used to define HTTP headers added to the request. See `insertHeader` below for details. */ insertHeaders: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowCustomRequestHandlingInsertHeader { /** * Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name `x-amzn-waf-`, to avoid confusion with the headers that are already in the request. For example, for the header name `sample`, AWS WAF inserts the header `x-amzn-waf-sample`. */ name: pulumi.Input; /** * Value of the custom header. */ value: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlock { /** * Defines a custom response for the web request. See `customResponse` below for details. */ customResponse?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockCustomResponse { /** * References the response body that you want AWS WAF to return to the web request client. This must reference a `key` defined in a `customResponseBody` block of this resource. */ customResponseBodyKey?: pulumi.Input; /** * The HTTP status code to return to the client. */ responseCode: pulumi.Input; /** * The `responseHeader` blocks used to define the HTTP response headers added to the response. See `responseHeader` below for details. */ responseHeaders?: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockCustomResponseResponseHeader { /** * Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name `x-amzn-waf-`, to avoid confusion with the headers that are already in the request. For example, for the header name `sample`, AWS WAF inserts the header `x-amzn-waf-sample`. */ name: pulumi.Input; /** * Value of the custom header. */ value: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptcha { /** * Defines custom handling for the web request. See `customRequestHandling` below for details. */ customRequestHandling?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaCustomRequestHandling { /** * The `insertHeader` blocks used to define HTTP headers added to the request. See `insertHeader` below for details. */ insertHeaders: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeader { /** * Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name `x-amzn-waf-`, to avoid confusion with the headers that are already in the request. For example, for the header name `sample`, AWS WAF inserts the header `x-amzn-waf-sample`. */ name: pulumi.Input; /** * Value of the custom header. */ value: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallenge { /** * Defines custom handling for the web request. See `customRequestHandling` below for details. */ customRequestHandling?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeCustomRequestHandling { /** * The `insertHeader` blocks used to define HTTP headers added to the request. See `insertHeader` below for details. */ insertHeaders: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeCustomRequestHandlingInsertHeader { /** * Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name `x-amzn-waf-`, to avoid confusion with the headers that are already in the request. For example, for the header name `sample`, AWS WAF inserts the header `x-amzn-waf-sample`. */ name: pulumi.Input; /** * Value of the custom header. */ value: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCount { /** * Defines custom handling for the web request. See `customRequestHandling` below for details. */ customRequestHandling?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountCustomRequestHandling { /** * The `insertHeader` blocks used to define HTTP headers added to the request. See `insertHeader` below for details. */ insertHeaders: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeader { /** * Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name `x-amzn-waf-`, to avoid confusion with the headers that are already in the request. For example, for the header name `sample`, AWS WAF inserts the header `x-amzn-waf-sample`. */ name: pulumi.Input; /** * Value of the custom header. */ value: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatement { /** * Logical rule statement used to combine other rule statements with AND logic. See `andStatement` below for details. */ andStatement?: pulumi.Input; /** * Rule statement that inspects web traffic based on the Autonomous System Number (ASN) associated with the request's IP address. See `asnMatchStatement` below for details. */ asnMatchStatement?: pulumi.Input; /** * Rule statement that defines a string match search for AWS WAF to apply to web requests. See `byteMatchStatement` below for details. */ byteMatchStatement?: pulumi.Input; /** * Rule statement used to identify web requests based on country of origin. See `geoMatchStatement` below for details. */ geoMatchStatement?: pulumi.Input; /** * Rule statement used to detect web requests coming from particular IP addresses or address ranges. See `ipSetReferenceStatement` below for details. */ ipSetReferenceStatement?: pulumi.Input; /** * Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See `labelMatchStatement` below for details. */ labelMatchStatement?: pulumi.Input; /** * Logical rule statement used to negate the results of another rule statement. See `notStatement` below for details. */ notStatement?: pulumi.Input; /** * Logical rule statement used to combine other rule statements with OR logic. See `orStatement` below for details. */ orStatement?: pulumi.Input; /** * Rule statement used to search web request components for a match against a single regular expression. See `regexMatchStatement` below for details. */ regexMatchStatement?: pulumi.Input; /** * Rule statement used to search web request components for matches with regular expressions. See `regexPatternSetReferenceStatement` below for details. */ regexPatternSetReferenceStatement?: pulumi.Input; /** * Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See `sizeConstraintStatement` below for more details. */ sizeConstraintStatement?: pulumi.Input; /** * An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See `sqliMatchStatement` below for details. */ sqliMatchStatement?: pulumi.Input; /** * Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See `xssMatchStatement` below for details. */ xssMatchStatement?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatement { /** * The statements to combine. */ statements: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAsnMatchStatement { /** * List of Autonomous System Numbers (ASNs). */ asnLists: pulumi.Input[]>; /** * Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See `forwardedIpConfig` below for more details. */ forwardedIpConfig?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAsnMatchStatementForwardedIpConfig { /** * Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; /** * Name of the HTTP header to use for the IP address. */ headerName: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatement { /** * Part of a web request that you want AWS WAF to inspect. See `fieldToMatch` below for details. */ fieldToMatch?: pulumi.Input; /** * Area within the portion of a web request that you want AWS WAF to search for `searchString`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information. */ positionalConstraint: pulumi.Input; /** * String value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `fieldToMatch`. The maximum length of the value is 50 bytes. */ searchString: pulumi.Input; /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See `textTransformation` below for details. */ textTransformations: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatch { /** * Inspect all query arguments. */ allQueryArguments?: pulumi.Input; /** * Inspect the request body, which immediately follows the request headers. See `body` below for details. */ body?: pulumi.Input; /** * Inspect the cookies in the web request. See `cookies` below for details. */ cookies?: pulumi.Input; /** * Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See `headerOrder` below for details. */ headerOrders?: pulumi.Input[]>; /** * Inspect the request headers. See `headers` below for details. */ headers?: pulumi.Input[]>; /** * Inspect the JA3 fingerprint. See `ja3Fingerprint` below for details. */ ja3Fingerprint?: pulumi.Input; /** * Inspect the JA3 fingerprint. See `ja4Fingerprint` below for details. */ ja4Fingerprint?: pulumi.Input; /** * Inspect the request body as JSON. See `jsonBody` for details. */ jsonBody?: pulumi.Input; /** * Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform. */ method?: pulumi.Input; /** * Inspect the query string. This is the part of a URL that appears after a `?` character, if any. */ queryString?: pulumi.Input; /** * Inspect a single header. See `singleHeader` below for details. */ singleHeader?: pulumi.Input; /** * Inspect a single query argument. See `singleQueryArgument` below for details. */ singleQueryArgument?: pulumi.Input; /** * Inspect the part of a URL that follows the "#" symbol, providing additional information about the resource. See `uriFragment` below for details. */ uriFragment?: pulumi.Input; /** * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`. */ uriPath?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchAllQueryArguments { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchBody { /** * What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookies { /** * The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either `all`, `includedCookies` or `excludedCookies`. More details: [CookieMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_CookieMatchPattern.html) */ matchPatterns: pulumi.Input[]>; /** * The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: `ALL`, `KEY`, `VALUE` */ matchScope: pulumi.Input; /** * What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH`. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; excludedCookies?: pulumi.Input[]>; includedCookies?: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPatternAll { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeader { /** * The filter to use to identify the subset of headers to inspect in a web request. The `matchPattern` block supports only one of the following arguments: */ matchPattern: pulumi.Input; /** * The parts of the headers to inspect with the rule inspection criteria. If you specify `All`, AWS WAF inspects both keys and values. Valid values include the following: `ALL`, `Key`, `Value`. */ matchScope: pulumi.Input; /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; /** * An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values. */ excludedHeaders?: pulumi.Input[]>; /** * An array of strings that will be used for inspecting headers that have a key that matches one of the provided values. */ includedHeaders?: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderOrder { /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJa3Fingerprint { /** * Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJa4Fingerprint { /** * Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA4 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBody { /** * What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are `EVALUATE_AS_STRING`, `MATCH` and `NO_MATCH`. */ invalidFallbackBehavior?: pulumi.Input; /** * The patterns to look for in the JSON body. You must specify exactly one setting: either `all` or `includedPaths`. See [JsonMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_JsonMatchPattern.html) for details. */ matchPattern: pulumi.Input; /** * The parts of the JSON to match against using the `matchPattern`. Valid values are `ALL`, `KEY` and `VALUE`. */ matchScope: pulumi.Input; /** * What to do if the body is larger than can be inspected. Valid values are `CONTINUE` (default), `MATCH` and `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; includedPaths?: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternAll { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchMethod { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchQueryString { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleHeader { /** * Name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleQueryArgument { /** * Name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchUriFragment { /** * What AWS WAF should do if it fails to completely parse the JSON body. Valid values are `MATCH` (default) and `NO_MATCH`. */ fallbackBehavior?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchUriPath { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementTextTransformation { /** * Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * Transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatement { /** * Array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values. */ countryCodes: pulumi.Input[]>; /** * Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See `forwardedIpConfig` below for details. */ forwardedIpConfig?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatementForwardedIpConfig { /** * Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; /** * Name of the HTTP header to use for the IP address. */ headerName: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementIpSetReferenceStatement { /** * The Amazon Resource Name (ARN) of the IP Set that this statement references. */ arn: pulumi.Input; /** * Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See `ipSetForwardedIpConfig` below for more details. */ ipSetForwardedIpConfig?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementIpSetReferenceStatementIpSetForwardedIpConfig { /** * Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; /** * Name of the HTTP header to use for the IP address. */ headerName: pulumi.Input; /** * Position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10. */ position: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementLabelMatchStatement { /** * String to match against. */ key: pulumi.Input; /** * Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`. */ scope: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatement { /** * The statements to combine. */ statements: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatement { /** * The statements to combine. */ statements: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatement { /** * The part of a web request that you want AWS WAF to inspect. See `fieldToMatch` below for details. */ fieldToMatch?: pulumi.Input; /** * String representing the regular expression. Minimum of `1` and maximum of `512` characters. */ regexString: pulumi.Input; /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See `textTransformation` below for details. */ textTransformations: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatch { /** * Inspect all query arguments. */ allQueryArguments?: pulumi.Input; /** * Inspect the request body, which immediately follows the request headers. See `body` below for details. */ body?: pulumi.Input; /** * Inspect the cookies in the web request. See `cookies` below for details. */ cookies?: pulumi.Input; /** * Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See `headerOrder` below for details. */ headerOrders?: pulumi.Input[]>; /** * Inspect the request headers. See `headers` below for details. */ headers?: pulumi.Input[]>; /** * Inspect the JA3 fingerprint. See `ja3Fingerprint` below for details. */ ja3Fingerprint?: pulumi.Input; /** * Inspect the JA3 fingerprint. See `ja4Fingerprint` below for details. */ ja4Fingerprint?: pulumi.Input; /** * Inspect the request body as JSON. See `jsonBody` for details. */ jsonBody?: pulumi.Input; /** * Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform. */ method?: pulumi.Input; /** * Inspect the query string. This is the part of a URL that appears after a `?` character, if any. */ queryString?: pulumi.Input; /** * Inspect a single header. See `singleHeader` below for details. */ singleHeader?: pulumi.Input; /** * Inspect a single query argument. See `singleQueryArgument` below for details. */ singleQueryArgument?: pulumi.Input; /** * Inspect the part of a URL that follows the "#" symbol, providing additional information about the resource. See `uriFragment` below for details. */ uriFragment?: pulumi.Input; /** * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`. */ uriPath?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchAllQueryArguments { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchBody { /** * What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchCookies { /** * The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either `all`, `includedCookies` or `excludedCookies`. More details: [CookieMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_CookieMatchPattern.html) */ matchPatterns: pulumi.Input[]>; /** * The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: `ALL`, `KEY`, `VALUE` */ matchScope: pulumi.Input; /** * What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH`. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; excludedCookies?: pulumi.Input[]>; includedCookies?: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesMatchPatternAll { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeader { /** * The filter to use to identify the subset of headers to inspect in a web request. The `matchPattern` block supports only one of the following arguments: */ matchPattern: pulumi.Input; /** * The parts of the headers to inspect with the rule inspection criteria. If you specify `All`, AWS WAF inspects both keys and values. Valid values include the following: `ALL`, `Key`, `Value`. */ matchScope: pulumi.Input; /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; /** * An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values. */ excludedHeaders?: pulumi.Input[]>; /** * An array of strings that will be used for inspecting headers that have a key that matches one of the provided values. */ includedHeaders?: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPatternAll { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderOrder { /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJa3Fingerprint { /** * Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJa4Fingerprint { /** * Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA4 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBody { /** * What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are `EVALUATE_AS_STRING`, `MATCH` and `NO_MATCH`. */ invalidFallbackBehavior?: pulumi.Input; /** * The patterns to look for in the JSON body. You must specify exactly one setting: either `all` or `includedPaths`. See [JsonMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_JsonMatchPattern.html) for details. */ matchPattern: pulumi.Input; /** * The parts of the JSON to match against using the `matchPattern`. Valid values are `ALL`, `KEY` and `VALUE`. */ matchScope: pulumi.Input; /** * What to do if the body is larger than can be inspected. Valid values are `CONTINUE` (default), `MATCH` and `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; includedPaths?: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyMatchPatternAll { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchMethod { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchQueryString { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleHeader { /** * Name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleQueryArgument { /** * Name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchUriFragment { /** * What AWS WAF should do if it fails to completely parse the JSON body. Valid values are `MATCH` (default) and `NO_MATCH`. */ fallbackBehavior?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchUriPath { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementTextTransformation { /** * Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * Transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatement { /** * The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references. */ arn: pulumi.Input; /** * Part of a web request that you want AWS WAF to inspect. See `fieldToMatch` below for details. */ fieldToMatch?: pulumi.Input; /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See `textTransformation` below for details. */ textTransformations: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatch { /** * Inspect all query arguments. */ allQueryArguments?: pulumi.Input; /** * Inspect the request body, which immediately follows the request headers. See `body` below for details. */ body?: pulumi.Input; /** * Inspect the cookies in the web request. See `cookies` below for details. */ cookies?: pulumi.Input; /** * Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See `headerOrder` below for details. */ headerOrders?: pulumi.Input[]>; /** * Inspect the request headers. See `headers` below for details. */ headers?: pulumi.Input[]>; /** * Inspect the JA3 fingerprint. See `ja3Fingerprint` below for details. */ ja3Fingerprint?: pulumi.Input; /** * Inspect the JA3 fingerprint. See `ja4Fingerprint` below for details. */ ja4Fingerprint?: pulumi.Input; /** * Inspect the request body as JSON. See `jsonBody` for details. */ jsonBody?: pulumi.Input; /** * Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform. */ method?: pulumi.Input; /** * Inspect the query string. This is the part of a URL that appears after a `?` character, if any. */ queryString?: pulumi.Input; /** * Inspect a single header. See `singleHeader` below for details. */ singleHeader?: pulumi.Input; /** * Inspect a single query argument. See `singleQueryArgument` below for details. */ singleQueryArgument?: pulumi.Input; /** * Inspect the part of a URL that follows the "#" symbol, providing additional information about the resource. See `uriFragment` below for details. */ uriFragment?: pulumi.Input; /** * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`. */ uriPath?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchBody { /** * What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookies { /** * The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either `all`, `includedCookies` or `excludedCookies`. More details: [CookieMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_CookieMatchPattern.html) */ matchPatterns: pulumi.Input[]>; /** * The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: `ALL`, `KEY`, `VALUE` */ matchScope: pulumi.Input; /** * What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH`. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; excludedCookies?: pulumi.Input[]>; includedCookies?: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPatternAll { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeader { /** * The filter to use to identify the subset of headers to inspect in a web request. The `matchPattern` block supports only one of the following arguments: */ matchPattern: pulumi.Input; /** * The parts of the headers to inspect with the rule inspection criteria. If you specify `All`, AWS WAF inspects both keys and values. Valid values include the following: `ALL`, `Key`, `Value`. */ matchScope: pulumi.Input; /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; /** * An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values. */ excludedHeaders?: pulumi.Input[]>; /** * An array of strings that will be used for inspecting headers that have a key that matches one of the provided values. */ includedHeaders?: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPatternAll { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderOrder { /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa3Fingerprint { /** * Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa4Fingerprint { /** * Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA4 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBody { /** * What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are `EVALUATE_AS_STRING`, `MATCH` and `NO_MATCH`. */ invalidFallbackBehavior?: pulumi.Input; /** * The patterns to look for in the JSON body. You must specify exactly one setting: either `all` or `includedPaths`. See [JsonMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_JsonMatchPattern.html) for details. */ matchPattern: pulumi.Input; /** * The parts of the JSON to match against using the `matchPattern`. Valid values are `ALL`, `KEY` and `VALUE`. */ matchScope: pulumi.Input; /** * What to do if the body is larger than can be inspected. Valid values are `CONTINUE` (default), `MATCH` and `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; includedPaths?: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPatternAll { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchMethod { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchQueryString { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader { /** * Name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument { /** * Name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchUriFragment { /** * What AWS WAF should do if it fails to completely parse the JSON body. Valid values are `MATCH` (default) and `NO_MATCH`. */ fallbackBehavior?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchUriPath { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementTextTransformation { /** * Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * Transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatement { /** * Operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`. */ comparisonOperator: pulumi.Input; /** * Part of a web request that you want AWS WAF to inspect. See `fieldToMatch` below for details. */ fieldToMatch?: pulumi.Input; /** * Size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive. */ size: pulumi.Input; /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See `textTransformation` below for details. */ textTransformations: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatch { /** * Inspect all query arguments. */ allQueryArguments?: pulumi.Input; /** * Inspect the request body, which immediately follows the request headers. See `body` below for details. */ body?: pulumi.Input; /** * Inspect the cookies in the web request. See `cookies` below for details. */ cookies?: pulumi.Input; /** * Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See `headerOrder` below for details. */ headerOrders?: pulumi.Input[]>; /** * Inspect the request headers. See `headers` below for details. */ headers?: pulumi.Input[]>; /** * Inspect the JA3 fingerprint. See `ja3Fingerprint` below for details. */ ja3Fingerprint?: pulumi.Input; /** * Inspect the JA3 fingerprint. See `ja4Fingerprint` below for details. */ ja4Fingerprint?: pulumi.Input; /** * Inspect the request body as JSON. See `jsonBody` for details. */ jsonBody?: pulumi.Input; /** * Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform. */ method?: pulumi.Input; /** * Inspect the query string. This is the part of a URL that appears after a `?` character, if any. */ queryString?: pulumi.Input; /** * Inspect a single header. See `singleHeader` below for details. */ singleHeader?: pulumi.Input; /** * Inspect a single query argument. See `singleQueryArgument` below for details. */ singleQueryArgument?: pulumi.Input; /** * Inspect the part of a URL that follows the "#" symbol, providing additional information about the resource. See `uriFragment` below for details. */ uriFragment?: pulumi.Input; /** * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`. */ uriPath?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchAllQueryArguments { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchBody { /** * What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookies { /** * The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either `all`, `includedCookies` or `excludedCookies`. More details: [CookieMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_CookieMatchPattern.html) */ matchPatterns: pulumi.Input[]>; /** * The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: `ALL`, `KEY`, `VALUE` */ matchScope: pulumi.Input; /** * What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH`. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; excludedCookies?: pulumi.Input[]>; includedCookies?: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesMatchPatternAll { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeader { /** * The filter to use to identify the subset of headers to inspect in a web request. The `matchPattern` block supports only one of the following arguments: */ matchPattern: pulumi.Input; /** * The parts of the headers to inspect with the rule inspection criteria. If you specify `All`, AWS WAF inspects both keys and values. Valid values include the following: `ALL`, `Key`, `Value`. */ matchScope: pulumi.Input; /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; /** * An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values. */ excludedHeaders?: pulumi.Input[]>; /** * An array of strings that will be used for inspecting headers that have a key that matches one of the provided values. */ includedHeaders?: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPatternAll { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderOrder { /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa3Fingerprint { /** * Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa4Fingerprint { /** * Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA4 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBody { /** * What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are `EVALUATE_AS_STRING`, `MATCH` and `NO_MATCH`. */ invalidFallbackBehavior?: pulumi.Input; /** * The patterns to look for in the JSON body. You must specify exactly one setting: either `all` or `includedPaths`. See [JsonMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_JsonMatchPattern.html) for details. */ matchPattern: pulumi.Input; /** * The parts of the JSON to match against using the `matchPattern`. Valid values are `ALL`, `KEY` and `VALUE`. */ matchScope: pulumi.Input; /** * What to do if the body is larger than can be inspected. Valid values are `CONTINUE` (default), `MATCH` and `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; includedPaths?: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPatternAll { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchMethod { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchQueryString { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleHeader { /** * Name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleQueryArgument { /** * Name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchUriFragment { /** * What AWS WAF should do if it fails to completely parse the JSON body. Valid values are `MATCH` (default) and `NO_MATCH`. */ fallbackBehavior?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchUriPath { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementTextTransformation { /** * Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * Transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatement { /** * Part of a web request that you want AWS WAF to inspect. See `fieldToMatch` below for details. */ fieldToMatch?: pulumi.Input; /** * Sensitivity that you want AWS WAF to use to inspect for SQL injection attacks. Valid values include: `LOW`, `HIGH`. */ sensitivityLevel?: pulumi.Input; /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See `textTransformation` below for details. */ textTransformations: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatch { /** * Inspect all query arguments. */ allQueryArguments?: pulumi.Input; /** * Inspect the request body, which immediately follows the request headers. See `body` below for details. */ body?: pulumi.Input; /** * Inspect the cookies in the web request. See `cookies` below for details. */ cookies?: pulumi.Input; /** * Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See `headerOrder` below for details. */ headerOrders?: pulumi.Input[]>; /** * Inspect the request headers. See `headers` below for details. */ headers?: pulumi.Input[]>; /** * Inspect the JA3 fingerprint. See `ja3Fingerprint` below for details. */ ja3Fingerprint?: pulumi.Input; /** * Inspect the JA3 fingerprint. See `ja4Fingerprint` below for details. */ ja4Fingerprint?: pulumi.Input; /** * Inspect the request body as JSON. See `jsonBody` for details. */ jsonBody?: pulumi.Input; /** * Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform. */ method?: pulumi.Input; /** * Inspect the query string. This is the part of a URL that appears after a `?` character, if any. */ queryString?: pulumi.Input; /** * Inspect a single header. See `singleHeader` below for details. */ singleHeader?: pulumi.Input; /** * Inspect a single query argument. See `singleQueryArgument` below for details. */ singleQueryArgument?: pulumi.Input; /** * Inspect the part of a URL that follows the "#" symbol, providing additional information about the resource. See `uriFragment` below for details. */ uriFragment?: pulumi.Input; /** * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`. */ uriPath?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchAllQueryArguments { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchBody { /** * What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchCookies { /** * The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either `all`, `includedCookies` or `excludedCookies`. More details: [CookieMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_CookieMatchPattern.html) */ matchPatterns: pulumi.Input[]>; /** * The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: `ALL`, `KEY`, `VALUE` */ matchScope: pulumi.Input; /** * What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH`. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; excludedCookies?: pulumi.Input[]>; includedCookies?: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesMatchPatternAll { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeader { /** * The filter to use to identify the subset of headers to inspect in a web request. The `matchPattern` block supports only one of the following arguments: */ matchPattern: pulumi.Input; /** * The parts of the headers to inspect with the rule inspection criteria. If you specify `All`, AWS WAF inspects both keys and values. Valid values include the following: `ALL`, `Key`, `Value`. */ matchScope: pulumi.Input; /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; /** * An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values. */ excludedHeaders?: pulumi.Input[]>; /** * An array of strings that will be used for inspecting headers that have a key that matches one of the provided values. */ includedHeaders?: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPatternAll { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderOrder { /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJa3Fingerprint { /** * Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJa4Fingerprint { /** * Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA4 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBody { /** * What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are `EVALUATE_AS_STRING`, `MATCH` and `NO_MATCH`. */ invalidFallbackBehavior?: pulumi.Input; /** * The patterns to look for in the JSON body. You must specify exactly one setting: either `all` or `includedPaths`. See [JsonMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_JsonMatchPattern.html) for details. */ matchPattern: pulumi.Input; /** * The parts of the JSON to match against using the `matchPattern`. Valid values are `ALL`, `KEY` and `VALUE`. */ matchScope: pulumi.Input; /** * What to do if the body is larger than can be inspected. Valid values are `CONTINUE` (default), `MATCH` and `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBodyMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; includedPaths?: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBodyMatchPatternAll { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchMethod { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchQueryString { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleHeader { /** * Name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleQueryArgument { /** * Name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchUriFragment { /** * What AWS WAF should do if it fails to completely parse the JSON body. Valid values are `MATCH` (default) and `NO_MATCH`. */ fallbackBehavior?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchUriPath { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementTextTransformation { /** * Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * Transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatement { /** * Part of a web request that you want AWS WAF to inspect. See `fieldToMatch` below for details. */ fieldToMatch?: pulumi.Input; /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See `textTransformation` below for details. */ textTransformations: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatch { /** * Inspect all query arguments. */ allQueryArguments?: pulumi.Input; /** * Inspect the request body, which immediately follows the request headers. See `body` below for details. */ body?: pulumi.Input; /** * Inspect the cookies in the web request. See `cookies` below for details. */ cookies?: pulumi.Input; /** * Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See `headerOrder` below for details. */ headerOrders?: pulumi.Input[]>; /** * Inspect the request headers. See `headers` below for details. */ headers?: pulumi.Input[]>; /** * Inspect the JA3 fingerprint. See `ja3Fingerprint` below for details. */ ja3Fingerprint?: pulumi.Input; /** * Inspect the JA3 fingerprint. See `ja4Fingerprint` below for details. */ ja4Fingerprint?: pulumi.Input; /** * Inspect the request body as JSON. See `jsonBody` for details. */ jsonBody?: pulumi.Input; /** * Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform. */ method?: pulumi.Input; /** * Inspect the query string. This is the part of a URL that appears after a `?` character, if any. */ queryString?: pulumi.Input; /** * Inspect a single header. See `singleHeader` below for details. */ singleHeader?: pulumi.Input; /** * Inspect a single query argument. See `singleQueryArgument` below for details. */ singleQueryArgument?: pulumi.Input; /** * Inspect the part of a URL that follows the "#" symbol, providing additional information about the resource. See `uriFragment` below for details. */ uriFragment?: pulumi.Input; /** * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`. */ uriPath?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchAllQueryArguments { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchBody { /** * What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchCookies { /** * The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either `all`, `includedCookies` or `excludedCookies`. More details: [CookieMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_CookieMatchPattern.html) */ matchPatterns: pulumi.Input[]>; /** * The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: `ALL`, `KEY`, `VALUE` */ matchScope: pulumi.Input; /** * What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH`. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchCookiesMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; excludedCookies?: pulumi.Input[]>; includedCookies?: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchCookiesMatchPatternAll { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchHeader { /** * The filter to use to identify the subset of headers to inspect in a web request. The `matchPattern` block supports only one of the following arguments: */ matchPattern: pulumi.Input; /** * The parts of the headers to inspect with the rule inspection criteria. If you specify `All`, AWS WAF inspects both keys and values. Valid values include the following: `ALL`, `Key`, `Value`. */ matchScope: pulumi.Input; /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; /** * An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values. */ excludedHeaders?: pulumi.Input[]>; /** * An array of strings that will be used for inspecting headers that have a key that matches one of the provided values. */ includedHeaders?: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderMatchPatternAll { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderOrder { /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchJa3Fingerprint { /** * Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchJa4Fingerprint { /** * Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA4 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBody { /** * What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are `EVALUATE_AS_STRING`, `MATCH` and `NO_MATCH`. */ invalidFallbackBehavior?: pulumi.Input; /** * The patterns to look for in the JSON body. You must specify exactly one setting: either `all` or `includedPaths`. See [JsonMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_JsonMatchPattern.html) for details. */ matchPattern: pulumi.Input; /** * The parts of the JSON to match against using the `matchPattern`. Valid values are `ALL`, `KEY` and `VALUE`. */ matchScope: pulumi.Input; /** * What to do if the body is larger than can be inspected. Valid values are `CONTINUE` (default), `MATCH` and `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBodyMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; includedPaths?: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBodyMatchPatternAll { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchMethod { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchQueryString { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchSingleHeader { /** * Name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchSingleQueryArgument { /** * Name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchUriFragment { /** * What AWS WAF should do if it fails to completely parse the JSON body. Valid values are `MATCH` (default) and `NO_MATCH`. */ fallbackBehavior?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchUriPath { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementTextTransformation { /** * Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * Transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface WebAclRuleStatementNotStatement { /** * The statements to combine. */ statements: pulumi.Input[]>; } export interface WebAclRuleStatementOrStatement { /** * The statements to combine. */ statements: pulumi.Input[]>; } export interface WebAclRuleStatementRateBasedStatement { /** * Setting that indicates how to aggregate the request counts. Valid values include: `CONSTANT`, `CUSTOM_KEYS`, `FORWARDED_IP`, or `IP`. Default: `IP`. */ aggregateKeyType?: pulumi.Input; /** * Aggregate the request counts using one or more web request components as the aggregate keys. See `customKey` below for details. */ customKeys?: pulumi.Input[]>; /** * The amount of time, in seconds, that AWS WAF should include in its request counts, looking back from the current time. Valid values are `60`, `120`, `300`, and `600`. Defaults to `300` (5 minutes). * * **NOTE:** This setting doesn't determine how often AWS WAF checks the rate, but how far back it looks each time it checks. AWS WAF checks the rate about every 10 seconds. */ evaluationWindowSec?: pulumi.Input; /** * Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. If `aggregateKeyType` is set to `FORWARDED_IP`, this block is required. See `forwardedIpConfig` below for details. */ forwardedIpConfig?: pulumi.Input; /** * Limit on requests per 5-minute (or `evaluationWindowSec`) period for a single originating IP address (or for other aggregate key, depending on `aggregateKeyType` and `customKey`). */ limit: pulumi.Input; /** * Optional nested statement that narrows the scope of the rate-based statement to matching web requests. This can be any nestable statement, and you can nest statements at any level below this scope-down statement. See `statement` above for details. If `aggregateKeyType` is set to `CONSTANT`, this block is required. */ scopeDownStatement?: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementCustomKey { /** * Use an Autonomous System Number (ASN) derived from the request's originating or forwarded IP address as an aggregate key. See RateLimit `asn` below for details. */ asn?: pulumi.Input; /** * Use the value of a cookie in the request as an aggregate key. See RateLimit `cookie` below for details. */ cookie?: pulumi.Input; /** * Use the first IP address in an HTTP header as an aggregate key. See `forwardedIp` below for details. */ forwardedIp?: pulumi.Input; /** * Use the value of a header in the request as an aggregate key. See RateLimit `header` below for details. */ header?: pulumi.Input; /** * Use the request's HTTP method as an aggregate key. See RateLimit `httpMethod` below for details. */ httpMethod?: pulumi.Input; /** * Use the request's originating IP address as an aggregate key. See `RateLimit ip` below for details. */ ip?: pulumi.Input; /** * Use the JA3 fingerprint in the request as an aggregate key. See `RateLimit ip` below for details. */ ja3Fingerprint?: pulumi.Input; /** * Use the JA3 fingerprint in the request as an aggregate key. See `RateLimit ip` below for details. */ ja4Fingerprint?: pulumi.Input; /** * Use the specified label namespace as an aggregate key. See RateLimit `labelNamespace` below for details. */ labelNamespace?: pulumi.Input; /** * Use the specified query argument as an aggregate key. See RateLimit `queryArgument` below for details. */ queryArgument?: pulumi.Input; /** * Use the request's query string as an aggregate key. See RateLimit `queryString` below for details. */ queryString?: pulumi.Input; /** * Use the request's URI path as an aggregate key. See RateLimit `uriPath` below for details. */ uriPath?: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementCustomKeyAsn { } export interface WebAclRuleStatementRateBasedStatementCustomKeyCookie { /** * The name of the cookie to use. */ name: pulumi.Input; /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See `textTransformation` above for details. */ textTransformations: pulumi.Input[]>; } export interface WebAclRuleStatementRateBasedStatementCustomKeyCookieTextTransformation { /** * Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * Transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementCustomKeyForwardedIp { } export interface WebAclRuleStatementRateBasedStatementCustomKeyHeader { /** * The name of the header to use. */ name: pulumi.Input; /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See `textTransformation` above for details. */ textTransformations: pulumi.Input[]>; } export interface WebAclRuleStatementRateBasedStatementCustomKeyHeaderTextTransformation { /** * Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * Transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementCustomKeyHttpMethod { } export interface WebAclRuleStatementRateBasedStatementCustomKeyIp { } export interface WebAclRuleStatementRateBasedStatementCustomKeyJa3Fingerprint { /** * Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementCustomKeyJa4Fingerprint { /** * Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA4 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementCustomKeyLabelNamespace { /** * The namespace to use for aggregation */ namespace: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementCustomKeyQueryArgument { /** * The name of the query argument to use. */ name: pulumi.Input; /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See `textTransformation` above for details. */ textTransformations: pulumi.Input[]>; } export interface WebAclRuleStatementRateBasedStatementCustomKeyQueryArgumentTextTransformation { /** * Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * Transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementCustomKeyQueryString { /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See `textTransformation` above for details. */ textTransformations: pulumi.Input[]>; } export interface WebAclRuleStatementRateBasedStatementCustomKeyQueryStringTextTransformation { /** * Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * Transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementCustomKeyUriPath { /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See `textTransformation` above for details. */ textTransformations: pulumi.Input[]>; } export interface WebAclRuleStatementRateBasedStatementCustomKeyUriPathTextTransformation { /** * Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * Transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementForwardedIpConfig { /** * Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; /** * Name of the HTTP header to use for the IP address. */ headerName: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatement { /** * Logical rule statement used to combine other rule statements with AND logic. See `andStatement` below for details. */ andStatement?: pulumi.Input; /** * Rule statement that inspects web traffic based on the Autonomous System Number (ASN) associated with the request's IP address. See `asnMatchStatement` below for details. */ asnMatchStatement?: pulumi.Input; /** * Rule statement that defines a string match search for AWS WAF to apply to web requests. See `byteMatchStatement` below for details. */ byteMatchStatement?: pulumi.Input; /** * Rule statement used to identify web requests based on country of origin. See `geoMatchStatement` below for details. */ geoMatchStatement?: pulumi.Input; /** * Rule statement used to detect web requests coming from particular IP addresses or address ranges. See `ipSetReferenceStatement` below for details. */ ipSetReferenceStatement?: pulumi.Input; /** * Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See `labelMatchStatement` below for details. */ labelMatchStatement?: pulumi.Input; /** * Logical rule statement used to negate the results of another rule statement. See `notStatement` below for details. */ notStatement?: pulumi.Input; /** * Logical rule statement used to combine other rule statements with OR logic. See `orStatement` below for details. */ orStatement?: pulumi.Input; /** * Rule statement used to search web request components for a match against a single regular expression. See `regexMatchStatement` below for details. */ regexMatchStatement?: pulumi.Input; /** * Rule statement used to search web request components for matches with regular expressions. See `regexPatternSetReferenceStatement` below for details. */ regexPatternSetReferenceStatement?: pulumi.Input; /** * Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See `sizeConstraintStatement` below for more details. */ sizeConstraintStatement?: pulumi.Input; /** * An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See `sqliMatchStatement` below for details. */ sqliMatchStatement?: pulumi.Input; /** * Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See `xssMatchStatement` below for details. */ xssMatchStatement?: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatement { /** * The statements to combine. */ statements: pulumi.Input[]>; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementAsnMatchStatement { /** * List of Autonomous System Numbers (ASNs). */ asnLists: pulumi.Input[]>; /** * Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See `forwardedIpConfig` below for more details. */ forwardedIpConfig?: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementAsnMatchStatementForwardedIpConfig { /** * Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; /** * Name of the HTTP header to use for the IP address. */ headerName: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatement { /** * Part of a web request that you want AWS WAF to inspect. See `fieldToMatch` below for details. */ fieldToMatch?: pulumi.Input; /** * Area within the portion of a web request that you want AWS WAF to search for `searchString`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information. */ positionalConstraint: pulumi.Input; /** * String value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `fieldToMatch`. The maximum length of the value is 50 bytes. */ searchString: pulumi.Input; /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See `textTransformation` below for details. */ textTransformations: pulumi.Input[]>; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatch { /** * Inspect all query arguments. */ allQueryArguments?: pulumi.Input; /** * Inspect the request body, which immediately follows the request headers. See `body` below for details. */ body?: pulumi.Input; /** * Inspect the cookies in the web request. See `cookies` below for details. */ cookies?: pulumi.Input; /** * Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See `headerOrder` below for details. */ headerOrders?: pulumi.Input[]>; /** * Inspect the request headers. See `headers` below for details. */ headers?: pulumi.Input[]>; /** * Inspect the JA3 fingerprint. See `ja3Fingerprint` below for details. */ ja3Fingerprint?: pulumi.Input; /** * Inspect the JA3 fingerprint. See `ja4Fingerprint` below for details. */ ja4Fingerprint?: pulumi.Input; /** * Inspect the request body as JSON. See `jsonBody` for details. */ jsonBody?: pulumi.Input; /** * Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform. */ method?: pulumi.Input; /** * Inspect the query string. This is the part of a URL that appears after a `?` character, if any. */ queryString?: pulumi.Input; /** * Inspect a single header. See `singleHeader` below for details. */ singleHeader?: pulumi.Input; /** * Inspect a single query argument. See `singleQueryArgument` below for details. */ singleQueryArgument?: pulumi.Input; /** * Inspect the part of a URL that follows the "#" symbol, providing additional information about the resource. See `uriFragment` below for details. */ uriFragment?: pulumi.Input; /** * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`. */ uriPath?: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchAllQueryArguments { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchBody { /** * What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchCookies { /** * The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either `all`, `includedCookies` or `excludedCookies`. More details: [CookieMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_CookieMatchPattern.html) */ matchPatterns: pulumi.Input[]>; /** * The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: `ALL`, `KEY`, `VALUE` */ matchScope: pulumi.Input; /** * What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH`. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; excludedCookies?: pulumi.Input[]>; includedCookies?: pulumi.Input[]>; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPatternAll { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeader { /** * The filter to use to identify the subset of headers to inspect in a web request. The `matchPattern` block supports only one of the following arguments: */ matchPattern: pulumi.Input; /** * The parts of the headers to inspect with the rule inspection criteria. If you specify `All`, AWS WAF inspects both keys and values. Valid values include the following: `ALL`, `Key`, `Value`. */ matchScope: pulumi.Input; /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; /** * An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values. */ excludedHeaders?: pulumi.Input[]>; /** * An array of strings that will be used for inspecting headers that have a key that matches one of the provided values. */ includedHeaders?: pulumi.Input[]>; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderOrder { /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJa3Fingerprint { /** * Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJa4Fingerprint { /** * Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA4 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBody { /** * What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are `EVALUATE_AS_STRING`, `MATCH` and `NO_MATCH`. */ invalidFallbackBehavior?: pulumi.Input; /** * The patterns to look for in the JSON body. You must specify exactly one setting: either `all` or `includedPaths`. See [JsonMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_JsonMatchPattern.html) for details. */ matchPattern: pulumi.Input; /** * The parts of the JSON to match against using the `matchPattern`. Valid values are `ALL`, `KEY` and `VALUE`. */ matchScope: pulumi.Input; /** * What to do if the body is larger than can be inspected. Valid values are `CONTINUE` (default), `MATCH` and `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; includedPaths?: pulumi.Input[]>; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternAll { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchMethod { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchQueryString { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchSingleHeader { /** * Name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchSingleQueryArgument { /** * Name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchUriFragment { /** * What AWS WAF should do if it fails to completely parse the JSON body. Valid values are `MATCH` (default) and `NO_MATCH`. */ fallbackBehavior?: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchUriPath { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementTextTransformation { /** * Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * Transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementGeoMatchStatement { /** * Array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values. */ countryCodes: pulumi.Input[]>; /** * Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See `forwardedIpConfig` below for details. */ forwardedIpConfig?: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementGeoMatchStatementForwardedIpConfig { /** * Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; /** * Name of the HTTP header to use for the IP address. */ headerName: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementIpSetReferenceStatement { /** * The Amazon Resource Name (ARN) of the IP Set that this statement references. */ arn: pulumi.Input; /** * Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See `ipSetForwardedIpConfig` below for more details. */ ipSetForwardedIpConfig?: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementIpSetReferenceStatementIpSetForwardedIpConfig { /** * Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; /** * Name of the HTTP header to use for the IP address. */ headerName: pulumi.Input; /** * Position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10. */ position: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementLabelMatchStatement { /** * String to match against. */ key: pulumi.Input; /** * Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`. */ scope: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatement { /** * The statements to combine. */ statements: pulumi.Input[]>; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatement { /** * The statements to combine. */ statements: pulumi.Input[]>; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatement { /** * The part of a web request that you want AWS WAF to inspect. See `fieldToMatch` below for details. */ fieldToMatch?: pulumi.Input; /** * String representing the regular expression. Minimum of `1` and maximum of `512` characters. */ regexString: pulumi.Input; /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See `textTransformation` below for details. */ textTransformations: pulumi.Input[]>; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatch { /** * Inspect all query arguments. */ allQueryArguments?: pulumi.Input; /** * Inspect the request body, which immediately follows the request headers. See `body` below for details. */ body?: pulumi.Input; /** * Inspect the cookies in the web request. See `cookies` below for details. */ cookies?: pulumi.Input; /** * Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See `headerOrder` below for details. */ headerOrders?: pulumi.Input[]>; /** * Inspect the request headers. See `headers` below for details. */ headers?: pulumi.Input[]>; /** * Inspect the JA3 fingerprint. See `ja3Fingerprint` below for details. */ ja3Fingerprint?: pulumi.Input; /** * Inspect the JA3 fingerprint. See `ja4Fingerprint` below for details. */ ja4Fingerprint?: pulumi.Input; /** * Inspect the request body as JSON. See `jsonBody` for details. */ jsonBody?: pulumi.Input; /** * Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform. */ method?: pulumi.Input; /** * Inspect the query string. This is the part of a URL that appears after a `?` character, if any. */ queryString?: pulumi.Input; /** * Inspect a single header. See `singleHeader` below for details. */ singleHeader?: pulumi.Input; /** * Inspect a single query argument. See `singleQueryArgument` below for details. */ singleQueryArgument?: pulumi.Input; /** * Inspect the part of a URL that follows the "#" symbol, providing additional information about the resource. See `uriFragment` below for details. */ uriFragment?: pulumi.Input; /** * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`. */ uriPath?: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchAllQueryArguments { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchBody { /** * What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchCookies { /** * The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either `all`, `includedCookies` or `excludedCookies`. More details: [CookieMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_CookieMatchPattern.html) */ matchPatterns: pulumi.Input[]>; /** * The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: `ALL`, `KEY`, `VALUE` */ matchScope: pulumi.Input; /** * What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH`. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; excludedCookies?: pulumi.Input[]>; includedCookies?: pulumi.Input[]>; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesMatchPatternAll { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeader { /** * The filter to use to identify the subset of headers to inspect in a web request. The `matchPattern` block supports only one of the following arguments: */ matchPattern: pulumi.Input; /** * The parts of the headers to inspect with the rule inspection criteria. If you specify `All`, AWS WAF inspects both keys and values. Valid values include the following: `ALL`, `Key`, `Value`. */ matchScope: pulumi.Input; /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; /** * An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values. */ excludedHeaders?: pulumi.Input[]>; /** * An array of strings that will be used for inspecting headers that have a key that matches one of the provided values. */ includedHeaders?: pulumi.Input[]>; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPatternAll { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderOrder { /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJa3Fingerprint { /** * Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJa4Fingerprint { /** * Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA4 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBody { /** * What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are `EVALUATE_AS_STRING`, `MATCH` and `NO_MATCH`. */ invalidFallbackBehavior?: pulumi.Input; /** * The patterns to look for in the JSON body. You must specify exactly one setting: either `all` or `includedPaths`. See [JsonMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_JsonMatchPattern.html) for details. */ matchPattern: pulumi.Input; /** * The parts of the JSON to match against using the `matchPattern`. Valid values are `ALL`, `KEY` and `VALUE`. */ matchScope: pulumi.Input; /** * What to do if the body is larger than can be inspected. Valid values are `CONTINUE` (default), `MATCH` and `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; includedPaths?: pulumi.Input[]>; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyMatchPatternAll { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchMethod { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchQueryString { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleHeader { /** * Name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleQueryArgument { /** * Name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchUriFragment { /** * What AWS WAF should do if it fails to completely parse the JSON body. Valid values are `MATCH` (default) and `NO_MATCH`. */ fallbackBehavior?: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchUriPath { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementTextTransformation { /** * Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * Transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatement { /** * The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references. */ arn: pulumi.Input; /** * Part of a web request that you want AWS WAF to inspect. See `fieldToMatch` below for details. */ fieldToMatch?: pulumi.Input; /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See `textTransformation` below for details. */ textTransformations: pulumi.Input[]>; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatch { /** * Inspect all query arguments. */ allQueryArguments?: pulumi.Input; /** * Inspect the request body, which immediately follows the request headers. See `body` below for details. */ body?: pulumi.Input; /** * Inspect the cookies in the web request. See `cookies` below for details. */ cookies?: pulumi.Input; /** * Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See `headerOrder` below for details. */ headerOrders?: pulumi.Input[]>; /** * Inspect the request headers. See `headers` below for details. */ headers?: pulumi.Input[]>; /** * Inspect the JA3 fingerprint. See `ja3Fingerprint` below for details. */ ja3Fingerprint?: pulumi.Input; /** * Inspect the JA3 fingerprint. See `ja4Fingerprint` below for details. */ ja4Fingerprint?: pulumi.Input; /** * Inspect the request body as JSON. See `jsonBody` for details. */ jsonBody?: pulumi.Input; /** * Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform. */ method?: pulumi.Input; /** * Inspect the query string. This is the part of a URL that appears after a `?` character, if any. */ queryString?: pulumi.Input; /** * Inspect a single header. See `singleHeader` below for details. */ singleHeader?: pulumi.Input; /** * Inspect a single query argument. See `singleQueryArgument` below for details. */ singleQueryArgument?: pulumi.Input; /** * Inspect the part of a URL that follows the "#" symbol, providing additional information about the resource. See `uriFragment` below for details. */ uriFragment?: pulumi.Input; /** * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`. */ uriPath?: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchBody { /** * What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookies { /** * The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either `all`, `includedCookies` or `excludedCookies`. More details: [CookieMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_CookieMatchPattern.html) */ matchPatterns: pulumi.Input[]>; /** * The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: `ALL`, `KEY`, `VALUE` */ matchScope: pulumi.Input; /** * What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH`. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; excludedCookies?: pulumi.Input[]>; includedCookies?: pulumi.Input[]>; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPatternAll { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeader { /** * The filter to use to identify the subset of headers to inspect in a web request. The `matchPattern` block supports only one of the following arguments: */ matchPattern: pulumi.Input; /** * The parts of the headers to inspect with the rule inspection criteria. If you specify `All`, AWS WAF inspects both keys and values. Valid values include the following: `ALL`, `Key`, `Value`. */ matchScope: pulumi.Input; /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; /** * An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values. */ excludedHeaders?: pulumi.Input[]>; /** * An array of strings that will be used for inspecting headers that have a key that matches one of the provided values. */ includedHeaders?: pulumi.Input[]>; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPatternAll { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderOrder { /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa3Fingerprint { /** * Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa4Fingerprint { /** * Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA4 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBody { /** * What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are `EVALUATE_AS_STRING`, `MATCH` and `NO_MATCH`. */ invalidFallbackBehavior?: pulumi.Input; /** * The patterns to look for in the JSON body. You must specify exactly one setting: either `all` or `includedPaths`. See [JsonMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_JsonMatchPattern.html) for details. */ matchPattern: pulumi.Input; /** * The parts of the JSON to match against using the `matchPattern`. Valid values are `ALL`, `KEY` and `VALUE`. */ matchScope: pulumi.Input; /** * What to do if the body is larger than can be inspected. Valid values are `CONTINUE` (default), `MATCH` and `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; includedPaths?: pulumi.Input[]>; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPatternAll { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchMethod { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchQueryString { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader { /** * Name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument { /** * Name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchUriFragment { /** * What AWS WAF should do if it fails to completely parse the JSON body. Valid values are `MATCH` (default) and `NO_MATCH`. */ fallbackBehavior?: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchUriPath { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementTextTransformation { /** * Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * Transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatement { /** * Operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`. */ comparisonOperator: pulumi.Input; /** * Part of a web request that you want AWS WAF to inspect. See `fieldToMatch` below for details. */ fieldToMatch?: pulumi.Input; /** * Size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive. */ size: pulumi.Input; /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See `textTransformation` below for details. */ textTransformations: pulumi.Input[]>; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatch { /** * Inspect all query arguments. */ allQueryArguments?: pulumi.Input; /** * Inspect the request body, which immediately follows the request headers. See `body` below for details. */ body?: pulumi.Input; /** * Inspect the cookies in the web request. See `cookies` below for details. */ cookies?: pulumi.Input; /** * Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See `headerOrder` below for details. */ headerOrders?: pulumi.Input[]>; /** * Inspect the request headers. See `headers` below for details. */ headers?: pulumi.Input[]>; /** * Inspect the JA3 fingerprint. See `ja3Fingerprint` below for details. */ ja3Fingerprint?: pulumi.Input; /** * Inspect the JA3 fingerprint. See `ja4Fingerprint` below for details. */ ja4Fingerprint?: pulumi.Input; /** * Inspect the request body as JSON. See `jsonBody` for details. */ jsonBody?: pulumi.Input; /** * Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform. */ method?: pulumi.Input; /** * Inspect the query string. This is the part of a URL that appears after a `?` character, if any. */ queryString?: pulumi.Input; /** * Inspect a single header. See `singleHeader` below for details. */ singleHeader?: pulumi.Input; /** * Inspect a single query argument. See `singleQueryArgument` below for details. */ singleQueryArgument?: pulumi.Input; /** * Inspect the part of a URL that follows the "#" symbol, providing additional information about the resource. See `uriFragment` below for details. */ uriFragment?: pulumi.Input; /** * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`. */ uriPath?: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchAllQueryArguments { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchBody { /** * What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookies { /** * The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either `all`, `includedCookies` or `excludedCookies`. More details: [CookieMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_CookieMatchPattern.html) */ matchPatterns: pulumi.Input[]>; /** * The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: `ALL`, `KEY`, `VALUE` */ matchScope: pulumi.Input; /** * What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH`. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; excludedCookies?: pulumi.Input[]>; includedCookies?: pulumi.Input[]>; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesMatchPatternAll { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeader { /** * The filter to use to identify the subset of headers to inspect in a web request. The `matchPattern` block supports only one of the following arguments: */ matchPattern: pulumi.Input; /** * The parts of the headers to inspect with the rule inspection criteria. If you specify `All`, AWS WAF inspects both keys and values. Valid values include the following: `ALL`, `Key`, `Value`. */ matchScope: pulumi.Input; /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; /** * An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values. */ excludedHeaders?: pulumi.Input[]>; /** * An array of strings that will be used for inspecting headers that have a key that matches one of the provided values. */ includedHeaders?: pulumi.Input[]>; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPatternAll { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderOrder { /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa3Fingerprint { /** * Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa4Fingerprint { /** * Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA4 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBody { /** * What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are `EVALUATE_AS_STRING`, `MATCH` and `NO_MATCH`. */ invalidFallbackBehavior?: pulumi.Input; /** * The patterns to look for in the JSON body. You must specify exactly one setting: either `all` or `includedPaths`. See [JsonMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_JsonMatchPattern.html) for details. */ matchPattern: pulumi.Input; /** * The parts of the JSON to match against using the `matchPattern`. Valid values are `ALL`, `KEY` and `VALUE`. */ matchScope: pulumi.Input; /** * What to do if the body is larger than can be inspected. Valid values are `CONTINUE` (default), `MATCH` and `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; includedPaths?: pulumi.Input[]>; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPatternAll { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchMethod { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchQueryString { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleHeader { /** * Name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleQueryArgument { /** * Name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchUriFragment { /** * What AWS WAF should do if it fails to completely parse the JSON body. Valid values are `MATCH` (default) and `NO_MATCH`. */ fallbackBehavior?: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchUriPath { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementTextTransformation { /** * Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * Transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatement { /** * Part of a web request that you want AWS WAF to inspect. See `fieldToMatch` below for details. */ fieldToMatch?: pulumi.Input; /** * Sensitivity that you want AWS WAF to use to inspect for SQL injection attacks. Valid values include: `LOW`, `HIGH`. */ sensitivityLevel?: pulumi.Input; /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See `textTransformation` below for details. */ textTransformations: pulumi.Input[]>; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatch { /** * Inspect all query arguments. */ allQueryArguments?: pulumi.Input; /** * Inspect the request body, which immediately follows the request headers. See `body` below for details. */ body?: pulumi.Input; /** * Inspect the cookies in the web request. See `cookies` below for details. */ cookies?: pulumi.Input; /** * Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See `headerOrder` below for details. */ headerOrders?: pulumi.Input[]>; /** * Inspect the request headers. See `headers` below for details. */ headers?: pulumi.Input[]>; /** * Inspect the JA3 fingerprint. See `ja3Fingerprint` below for details. */ ja3Fingerprint?: pulumi.Input; /** * Inspect the JA3 fingerprint. See `ja4Fingerprint` below for details. */ ja4Fingerprint?: pulumi.Input; /** * Inspect the request body as JSON. See `jsonBody` for details. */ jsonBody?: pulumi.Input; /** * Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform. */ method?: pulumi.Input; /** * Inspect the query string. This is the part of a URL that appears after a `?` character, if any. */ queryString?: pulumi.Input; /** * Inspect a single header. See `singleHeader` below for details. */ singleHeader?: pulumi.Input; /** * Inspect a single query argument. See `singleQueryArgument` below for details. */ singleQueryArgument?: pulumi.Input; /** * Inspect the part of a URL that follows the "#" symbol, providing additional information about the resource. See `uriFragment` below for details. */ uriFragment?: pulumi.Input; /** * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`. */ uriPath?: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchAllQueryArguments { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchBody { /** * What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchCookies { /** * The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either `all`, `includedCookies` or `excludedCookies`. More details: [CookieMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_CookieMatchPattern.html) */ matchPatterns: pulumi.Input[]>; /** * The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: `ALL`, `KEY`, `VALUE` */ matchScope: pulumi.Input; /** * What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH`. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; excludedCookies?: pulumi.Input[]>; includedCookies?: pulumi.Input[]>; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesMatchPatternAll { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeader { /** * The filter to use to identify the subset of headers to inspect in a web request. The `matchPattern` block supports only one of the following arguments: */ matchPattern: pulumi.Input; /** * The parts of the headers to inspect with the rule inspection criteria. If you specify `All`, AWS WAF inspects both keys and values. Valid values include the following: `ALL`, `Key`, `Value`. */ matchScope: pulumi.Input; /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; /** * An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values. */ excludedHeaders?: pulumi.Input[]>; /** * An array of strings that will be used for inspecting headers that have a key that matches one of the provided values. */ includedHeaders?: pulumi.Input[]>; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPatternAll { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderOrder { /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJa3Fingerprint { /** * Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJa4Fingerprint { /** * Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA4 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBody { /** * What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are `EVALUATE_AS_STRING`, `MATCH` and `NO_MATCH`. */ invalidFallbackBehavior?: pulumi.Input; /** * The patterns to look for in the JSON body. You must specify exactly one setting: either `all` or `includedPaths`. See [JsonMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_JsonMatchPattern.html) for details. */ matchPattern: pulumi.Input; /** * The parts of the JSON to match against using the `matchPattern`. Valid values are `ALL`, `KEY` and `VALUE`. */ matchScope: pulumi.Input; /** * What to do if the body is larger than can be inspected. Valid values are `CONTINUE` (default), `MATCH` and `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBodyMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; includedPaths?: pulumi.Input[]>; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBodyMatchPatternAll { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchMethod { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchQueryString { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleHeader { /** * Name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleQueryArgument { /** * Name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchUriFragment { /** * What AWS WAF should do if it fails to completely parse the JSON body. Valid values are `MATCH` (default) and `NO_MATCH`. */ fallbackBehavior?: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchUriPath { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementTextTransformation { /** * Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * Transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatement { /** * Part of a web request that you want AWS WAF to inspect. See `fieldToMatch` below for details. */ fieldToMatch?: pulumi.Input; /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See `textTransformation` below for details. */ textTransformations: pulumi.Input[]>; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatch { /** * Inspect all query arguments. */ allQueryArguments?: pulumi.Input; /** * Inspect the request body, which immediately follows the request headers. See `body` below for details. */ body?: pulumi.Input; /** * Inspect the cookies in the web request. See `cookies` below for details. */ cookies?: pulumi.Input; /** * Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See `headerOrder` below for details. */ headerOrders?: pulumi.Input[]>; /** * Inspect the request headers. See `headers` below for details. */ headers?: pulumi.Input[]>; /** * Inspect the JA3 fingerprint. See `ja3Fingerprint` below for details. */ ja3Fingerprint?: pulumi.Input; /** * Inspect the JA3 fingerprint. See `ja4Fingerprint` below for details. */ ja4Fingerprint?: pulumi.Input; /** * Inspect the request body as JSON. See `jsonBody` for details. */ jsonBody?: pulumi.Input; /** * Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform. */ method?: pulumi.Input; /** * Inspect the query string. This is the part of a URL that appears after a `?` character, if any. */ queryString?: pulumi.Input; /** * Inspect a single header. See `singleHeader` below for details. */ singleHeader?: pulumi.Input; /** * Inspect a single query argument. See `singleQueryArgument` below for details. */ singleQueryArgument?: pulumi.Input; /** * Inspect the part of a URL that follows the "#" symbol, providing additional information about the resource. See `uriFragment` below for details. */ uriFragment?: pulumi.Input; /** * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`. */ uriPath?: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchAllQueryArguments { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchBody { /** * What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchCookies { /** * The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either `all`, `includedCookies` or `excludedCookies`. More details: [CookieMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_CookieMatchPattern.html) */ matchPatterns: pulumi.Input[]>; /** * The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: `ALL`, `KEY`, `VALUE` */ matchScope: pulumi.Input; /** * What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH`. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchCookiesMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; excludedCookies?: pulumi.Input[]>; includedCookies?: pulumi.Input[]>; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchCookiesMatchPatternAll { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeader { /** * The filter to use to identify the subset of headers to inspect in a web request. The `matchPattern` block supports only one of the following arguments: */ matchPattern: pulumi.Input; /** * The parts of the headers to inspect with the rule inspection criteria. If you specify `All`, AWS WAF inspects both keys and values. Valid values include the following: `ALL`, `Key`, `Value`. */ matchScope: pulumi.Input; /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; /** * An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values. */ excludedHeaders?: pulumi.Input[]>; /** * An array of strings that will be used for inspecting headers that have a key that matches one of the provided values. */ includedHeaders?: pulumi.Input[]>; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderMatchPatternAll { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderOrder { /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJa3Fingerprint { /** * Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJa4Fingerprint { /** * Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA4 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBody { /** * What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are `EVALUATE_AS_STRING`, `MATCH` and `NO_MATCH`. */ invalidFallbackBehavior?: pulumi.Input; /** * The patterns to look for in the JSON body. You must specify exactly one setting: either `all` or `includedPaths`. See [JsonMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_JsonMatchPattern.html) for details. */ matchPattern: pulumi.Input; /** * The parts of the JSON to match against using the `matchPattern`. Valid values are `ALL`, `KEY` and `VALUE`. */ matchScope: pulumi.Input; /** * What to do if the body is larger than can be inspected. Valid values are `CONTINUE` (default), `MATCH` and `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBodyMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; includedPaths?: pulumi.Input[]>; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBodyMatchPatternAll { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchMethod { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchQueryString { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchSingleHeader { /** * Name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchSingleQueryArgument { /** * Name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchUriFragment { /** * What AWS WAF should do if it fails to completely parse the JSON body. Valid values are `MATCH` (default) and `NO_MATCH`. */ fallbackBehavior?: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchUriPath { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementTextTransformation { /** * Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * Transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface WebAclRuleStatementRegexMatchStatement { /** * The part of a web request that you want AWS WAF to inspect. See `fieldToMatch` below for details. */ fieldToMatch?: pulumi.Input; /** * String representing the regular expression. Minimum of `1` and maximum of `512` characters. */ regexString: pulumi.Input; /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See `textTransformation` below for details. */ textTransformations: pulumi.Input[]>; } export interface WebAclRuleStatementRegexMatchStatementFieldToMatch { /** * Inspect all query arguments. */ allQueryArguments?: pulumi.Input; /** * Inspect the request body, which immediately follows the request headers. See `body` below for details. */ body?: pulumi.Input; /** * Inspect the cookies in the web request. See `cookies` below for details. */ cookies?: pulumi.Input; /** * Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See `headerOrder` below for details. */ headerOrders?: pulumi.Input[]>; /** * Inspect the request headers. See `headers` below for details. */ headers?: pulumi.Input[]>; /** * Inspect the JA3 fingerprint. See `ja3Fingerprint` below for details. */ ja3Fingerprint?: pulumi.Input; /** * Inspect the JA3 fingerprint. See `ja4Fingerprint` below for details. */ ja4Fingerprint?: pulumi.Input; /** * Inspect the request body as JSON. See `jsonBody` for details. */ jsonBody?: pulumi.Input; /** * Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform. */ method?: pulumi.Input; /** * Inspect the query string. This is the part of a URL that appears after a `?` character, if any. */ queryString?: pulumi.Input; /** * Inspect a single header. See `singleHeader` below for details. */ singleHeader?: pulumi.Input; /** * Inspect a single query argument. See `singleQueryArgument` below for details. */ singleQueryArgument?: pulumi.Input; /** * Inspect the part of a URL that follows the "#" symbol, providing additional information about the resource. See `uriFragment` below for details. */ uriFragment?: pulumi.Input; /** * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`. */ uriPath?: pulumi.Input; } export interface WebAclRuleStatementRegexMatchStatementFieldToMatchAllQueryArguments { } export interface WebAclRuleStatementRegexMatchStatementFieldToMatchBody { /** * What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface WebAclRuleStatementRegexMatchStatementFieldToMatchCookies { /** * The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either `all`, `includedCookies` or `excludedCookies`. More details: [CookieMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_CookieMatchPattern.html) */ matchPatterns: pulumi.Input[]>; /** * The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: `ALL`, `KEY`, `VALUE` */ matchScope: pulumi.Input; /** * What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH`. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementRegexMatchStatementFieldToMatchCookiesMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; excludedCookies?: pulumi.Input[]>; includedCookies?: pulumi.Input[]>; } export interface WebAclRuleStatementRegexMatchStatementFieldToMatchCookiesMatchPatternAll { } export interface WebAclRuleStatementRegexMatchStatementFieldToMatchHeader { /** * The filter to use to identify the subset of headers to inspect in a web request. The `matchPattern` block supports only one of the following arguments: */ matchPattern: pulumi.Input; /** * The parts of the headers to inspect with the rule inspection criteria. If you specify `All`, AWS WAF inspects both keys and values. Valid values include the following: `ALL`, `Key`, `Value`. */ matchScope: pulumi.Input; /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementRegexMatchStatementFieldToMatchHeaderMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; /** * An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values. */ excludedHeaders?: pulumi.Input[]>; /** * An array of strings that will be used for inspecting headers that have a key that matches one of the provided values. */ includedHeaders?: pulumi.Input[]>; } export interface WebAclRuleStatementRegexMatchStatementFieldToMatchHeaderMatchPatternAll { } export interface WebAclRuleStatementRegexMatchStatementFieldToMatchHeaderOrder { /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementRegexMatchStatementFieldToMatchJa3Fingerprint { /** * Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface WebAclRuleStatementRegexMatchStatementFieldToMatchJa4Fingerprint { /** * Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA4 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface WebAclRuleStatementRegexMatchStatementFieldToMatchJsonBody { /** * What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are `EVALUATE_AS_STRING`, `MATCH` and `NO_MATCH`. */ invalidFallbackBehavior?: pulumi.Input; /** * The patterns to look for in the JSON body. You must specify exactly one setting: either `all` or `includedPaths`. See [JsonMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_JsonMatchPattern.html) for details. */ matchPattern: pulumi.Input; /** * The parts of the JSON to match against using the `matchPattern`. Valid values are `ALL`, `KEY` and `VALUE`. */ matchScope: pulumi.Input; /** * What to do if the body is larger than can be inspected. Valid values are `CONTINUE` (default), `MATCH` and `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface WebAclRuleStatementRegexMatchStatementFieldToMatchJsonBodyMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; includedPaths?: pulumi.Input[]>; } export interface WebAclRuleStatementRegexMatchStatementFieldToMatchJsonBodyMatchPatternAll { } export interface WebAclRuleStatementRegexMatchStatementFieldToMatchMethod { } export interface WebAclRuleStatementRegexMatchStatementFieldToMatchQueryString { } export interface WebAclRuleStatementRegexMatchStatementFieldToMatchSingleHeader { /** * Name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface WebAclRuleStatementRegexMatchStatementFieldToMatchSingleQueryArgument { /** * Name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface WebAclRuleStatementRegexMatchStatementFieldToMatchUriFragment { /** * What AWS WAF should do if it fails to completely parse the JSON body. Valid values are `MATCH` (default) and `NO_MATCH`. */ fallbackBehavior?: pulumi.Input; } export interface WebAclRuleStatementRegexMatchStatementFieldToMatchUriPath { } export interface WebAclRuleStatementRegexMatchStatementTextTransformation { /** * Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * Transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface WebAclRuleStatementRegexPatternSetReferenceStatement { /** * The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references. */ arn: pulumi.Input; /** * Part of a web request that you want AWS WAF to inspect. See `fieldToMatch` below for details. */ fieldToMatch?: pulumi.Input; /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See `textTransformation` below for details. */ textTransformations: pulumi.Input[]>; } export interface WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatch { /** * Inspect all query arguments. */ allQueryArguments?: pulumi.Input; /** * Inspect the request body, which immediately follows the request headers. See `body` below for details. */ body?: pulumi.Input; /** * Inspect the cookies in the web request. See `cookies` below for details. */ cookies?: pulumi.Input; /** * Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See `headerOrder` below for details. */ headerOrders?: pulumi.Input[]>; /** * Inspect the request headers. See `headers` below for details. */ headers?: pulumi.Input[]>; /** * Inspect the JA3 fingerprint. See `ja3Fingerprint` below for details. */ ja3Fingerprint?: pulumi.Input; /** * Inspect the JA3 fingerprint. See `ja4Fingerprint` below for details. */ ja4Fingerprint?: pulumi.Input; /** * Inspect the request body as JSON. See `jsonBody` for details. */ jsonBody?: pulumi.Input; /** * Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform. */ method?: pulumi.Input; /** * Inspect the query string. This is the part of a URL that appears after a `?` character, if any. */ queryString?: pulumi.Input; /** * Inspect a single header. See `singleHeader` below for details. */ singleHeader?: pulumi.Input; /** * Inspect a single query argument. See `singleQueryArgument` below for details. */ singleQueryArgument?: pulumi.Input; /** * Inspect the part of a URL that follows the "#" symbol, providing additional information about the resource. See `uriFragment` below for details. */ uriFragment?: pulumi.Input; /** * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`. */ uriPath?: pulumi.Input; } export interface WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments { } export interface WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatchBody { /** * What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatchCookies { /** * The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either `all`, `includedCookies` or `excludedCookies`. More details: [CookieMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_CookieMatchPattern.html) */ matchPatterns: pulumi.Input[]>; /** * The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: `ALL`, `KEY`, `VALUE` */ matchScope: pulumi.Input; /** * What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH`. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; excludedCookies?: pulumi.Input[]>; includedCookies?: pulumi.Input[]>; } export interface WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPatternAll { } export interface WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeader { /** * The filter to use to identify the subset of headers to inspect in a web request. The `matchPattern` block supports only one of the following arguments: */ matchPattern: pulumi.Input; /** * The parts of the headers to inspect with the rule inspection criteria. If you specify `All`, AWS WAF inspects both keys and values. Valid values include the following: `ALL`, `Key`, `Value`. */ matchScope: pulumi.Input; /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; /** * An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values. */ excludedHeaders?: pulumi.Input[]>; /** * An array of strings that will be used for inspecting headers that have a key that matches one of the provided values. */ includedHeaders?: pulumi.Input[]>; } export interface WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPatternAll { } export interface WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeaderOrder { /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatchJa3Fingerprint { /** * Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatchJa4Fingerprint { /** * Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA4 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatchJsonBody { /** * What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are `EVALUATE_AS_STRING`, `MATCH` and `NO_MATCH`. */ invalidFallbackBehavior?: pulumi.Input; /** * The patterns to look for in the JSON body. You must specify exactly one setting: either `all` or `includedPaths`. See [JsonMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_JsonMatchPattern.html) for details. */ matchPattern: pulumi.Input; /** * The parts of the JSON to match against using the `matchPattern`. Valid values are `ALL`, `KEY` and `VALUE`. */ matchScope: pulumi.Input; /** * What to do if the body is larger than can be inspected. Valid values are `CONTINUE` (default), `MATCH` and `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; includedPaths?: pulumi.Input[]>; } export interface WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPatternAll { } export interface WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatchMethod { } export interface WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatchQueryString { } export interface WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader { /** * Name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument { /** * Name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatchUriFragment { /** * What AWS WAF should do if it fails to completely parse the JSON body. Valid values are `MATCH` (default) and `NO_MATCH`. */ fallbackBehavior?: pulumi.Input; } export interface WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatchUriPath { } export interface WebAclRuleStatementRegexPatternSetReferenceStatementTextTransformation { /** * Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * Transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface WebAclRuleStatementRuleGroupReferenceStatement { /** * The Amazon Resource Name (ARN) of the `aws.wafv2.RuleGroup` resource. */ arn: pulumi.Input; /** * Action settings to use in the place of the rule actions that are configured inside the rule group. You specify one override for each rule whose action you want to change. See `ruleActionOverride` below for details. */ ruleActionOverrides?: pulumi.Input[]>; } export interface WebAclRuleStatementRuleGroupReferenceStatementRuleActionOverride { /** * Override action to use, in place of the configured action of the rule in the rule group. See `action` for details. */ actionToUse: pulumi.Input; /** * Name of the rule to override. See the [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-list.html) for a list of names in the appropriate rule group in use. */ name: pulumi.Input; } export interface WebAclRuleStatementRuleGroupReferenceStatementRuleActionOverrideActionToUse { allow?: pulumi.Input; block?: pulumi.Input; /** * Instructs AWS WAF to run a Captcha check against the web request. See `captcha` below for details. */ captcha?: pulumi.Input; challenge?: pulumi.Input; count?: pulumi.Input; } export interface WebAclRuleStatementRuleGroupReferenceStatementRuleActionOverrideActionToUseAllow { /** * Defines custom handling for the web request. See `customRequestHandling` below for details. */ customRequestHandling?: pulumi.Input; } export interface WebAclRuleStatementRuleGroupReferenceStatementRuleActionOverrideActionToUseAllowCustomRequestHandling { /** * The `insertHeader` blocks used to define HTTP headers added to the request. See `insertHeader` below for details. */ insertHeaders: pulumi.Input[]>; } export interface WebAclRuleStatementRuleGroupReferenceStatementRuleActionOverrideActionToUseAllowCustomRequestHandlingInsertHeader { /** * Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name `x-amzn-waf-`, to avoid confusion with the headers that are already in the request. For example, for the header name `sample`, AWS WAF inserts the header `x-amzn-waf-sample`. */ name: pulumi.Input; /** * Value of the custom header. */ value: pulumi.Input; } export interface WebAclRuleStatementRuleGroupReferenceStatementRuleActionOverrideActionToUseBlock { /** * Defines a custom response for the web request. See `customResponse` below for details. */ customResponse?: pulumi.Input; } export interface WebAclRuleStatementRuleGroupReferenceStatementRuleActionOverrideActionToUseBlockCustomResponse { /** * References the response body that you want AWS WAF to return to the web request client. This must reference a `key` defined in a `customResponseBody` block of this resource. */ customResponseBodyKey?: pulumi.Input; /** * The HTTP status code to return to the client. */ responseCode: pulumi.Input; /** * The `responseHeader` blocks used to define the HTTP response headers added to the response. See `responseHeader` below for details. */ responseHeaders?: pulumi.Input[]>; } export interface WebAclRuleStatementRuleGroupReferenceStatementRuleActionOverrideActionToUseBlockCustomResponseResponseHeader { /** * Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name `x-amzn-waf-`, to avoid confusion with the headers that are already in the request. For example, for the header name `sample`, AWS WAF inserts the header `x-amzn-waf-sample`. */ name: pulumi.Input; /** * Value of the custom header. */ value: pulumi.Input; } export interface WebAclRuleStatementRuleGroupReferenceStatementRuleActionOverrideActionToUseCaptcha { /** * Defines custom handling for the web request. See `customRequestHandling` below for details. */ customRequestHandling?: pulumi.Input; } export interface WebAclRuleStatementRuleGroupReferenceStatementRuleActionOverrideActionToUseCaptchaCustomRequestHandling { /** * The `insertHeader` blocks used to define HTTP headers added to the request. See `insertHeader` below for details. */ insertHeaders: pulumi.Input[]>; } export interface WebAclRuleStatementRuleGroupReferenceStatementRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeader { /** * Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name `x-amzn-waf-`, to avoid confusion with the headers that are already in the request. For example, for the header name `sample`, AWS WAF inserts the header `x-amzn-waf-sample`. */ name: pulumi.Input; /** * Value of the custom header. */ value: pulumi.Input; } export interface WebAclRuleStatementRuleGroupReferenceStatementRuleActionOverrideActionToUseChallenge { /** * Defines custom handling for the web request. See `customRequestHandling` below for details. */ customRequestHandling?: pulumi.Input; } export interface WebAclRuleStatementRuleGroupReferenceStatementRuleActionOverrideActionToUseChallengeCustomRequestHandling { /** * The `insertHeader` blocks used to define HTTP headers added to the request. See `insertHeader` below for details. */ insertHeaders: pulumi.Input[]>; } export interface WebAclRuleStatementRuleGroupReferenceStatementRuleActionOverrideActionToUseChallengeCustomRequestHandlingInsertHeader { /** * Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name `x-amzn-waf-`, to avoid confusion with the headers that are already in the request. For example, for the header name `sample`, AWS WAF inserts the header `x-amzn-waf-sample`. */ name: pulumi.Input; /** * Value of the custom header. */ value: pulumi.Input; } export interface WebAclRuleStatementRuleGroupReferenceStatementRuleActionOverrideActionToUseCount { /** * Defines custom handling for the web request. See `customRequestHandling` below for details. */ customRequestHandling?: pulumi.Input; } export interface WebAclRuleStatementRuleGroupReferenceStatementRuleActionOverrideActionToUseCountCustomRequestHandling { /** * The `insertHeader` blocks used to define HTTP headers added to the request. See `insertHeader` below for details. */ insertHeaders: pulumi.Input[]>; } export interface WebAclRuleStatementRuleGroupReferenceStatementRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeader { /** * Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name `x-amzn-waf-`, to avoid confusion with the headers that are already in the request. For example, for the header name `sample`, AWS WAF inserts the header `x-amzn-waf-sample`. */ name: pulumi.Input; /** * Value of the custom header. */ value: pulumi.Input; } export interface WebAclRuleStatementSizeConstraintStatement { /** * Operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`. */ comparisonOperator: pulumi.Input; /** * Part of a web request that you want AWS WAF to inspect. See `fieldToMatch` below for details. */ fieldToMatch?: pulumi.Input; /** * Size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive. */ size: pulumi.Input; /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See `textTransformation` below for details. */ textTransformations: pulumi.Input[]>; } export interface WebAclRuleStatementSizeConstraintStatementFieldToMatch { /** * Inspect all query arguments. */ allQueryArguments?: pulumi.Input; /** * Inspect the request body, which immediately follows the request headers. See `body` below for details. */ body?: pulumi.Input; /** * Inspect the cookies in the web request. See `cookies` below for details. */ cookies?: pulumi.Input; /** * Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See `headerOrder` below for details. */ headerOrders?: pulumi.Input[]>; /** * Inspect the request headers. See `headers` below for details. */ headers?: pulumi.Input[]>; /** * Inspect the JA3 fingerprint. See `ja3Fingerprint` below for details. */ ja3Fingerprint?: pulumi.Input; /** * Inspect the JA3 fingerprint. See `ja4Fingerprint` below for details. */ ja4Fingerprint?: pulumi.Input; /** * Inspect the request body as JSON. See `jsonBody` for details. */ jsonBody?: pulumi.Input; /** * Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform. */ method?: pulumi.Input; /** * Inspect the query string. This is the part of a URL that appears after a `?` character, if any. */ queryString?: pulumi.Input; /** * Inspect a single header. See `singleHeader` below for details. */ singleHeader?: pulumi.Input; /** * Inspect a single query argument. See `singleQueryArgument` below for details. */ singleQueryArgument?: pulumi.Input; /** * Inspect the part of a URL that follows the "#" symbol, providing additional information about the resource. See `uriFragment` below for details. */ uriFragment?: pulumi.Input; /** * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`. */ uriPath?: pulumi.Input; } export interface WebAclRuleStatementSizeConstraintStatementFieldToMatchAllQueryArguments { } export interface WebAclRuleStatementSizeConstraintStatementFieldToMatchBody { /** * What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface WebAclRuleStatementSizeConstraintStatementFieldToMatchCookies { /** * The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either `all`, `includedCookies` or `excludedCookies`. More details: [CookieMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_CookieMatchPattern.html) */ matchPatterns: pulumi.Input[]>; /** * The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: `ALL`, `KEY`, `VALUE` */ matchScope: pulumi.Input; /** * What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH`. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementSizeConstraintStatementFieldToMatchCookiesMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; excludedCookies?: pulumi.Input[]>; includedCookies?: pulumi.Input[]>; } export interface WebAclRuleStatementSizeConstraintStatementFieldToMatchCookiesMatchPatternAll { } export interface WebAclRuleStatementSizeConstraintStatementFieldToMatchHeader { /** * The filter to use to identify the subset of headers to inspect in a web request. The `matchPattern` block supports only one of the following arguments: */ matchPattern: pulumi.Input; /** * The parts of the headers to inspect with the rule inspection criteria. If you specify `All`, AWS WAF inspects both keys and values. Valid values include the following: `ALL`, `Key`, `Value`. */ matchScope: pulumi.Input; /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementSizeConstraintStatementFieldToMatchHeaderMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; /** * An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values. */ excludedHeaders?: pulumi.Input[]>; /** * An array of strings that will be used for inspecting headers that have a key that matches one of the provided values. */ includedHeaders?: pulumi.Input[]>; } export interface WebAclRuleStatementSizeConstraintStatementFieldToMatchHeaderMatchPatternAll { } export interface WebAclRuleStatementSizeConstraintStatementFieldToMatchHeaderOrder { /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementSizeConstraintStatementFieldToMatchJa3Fingerprint { /** * Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface WebAclRuleStatementSizeConstraintStatementFieldToMatchJa4Fingerprint { /** * Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA4 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface WebAclRuleStatementSizeConstraintStatementFieldToMatchJsonBody { /** * What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are `EVALUATE_AS_STRING`, `MATCH` and `NO_MATCH`. */ invalidFallbackBehavior?: pulumi.Input; /** * The patterns to look for in the JSON body. You must specify exactly one setting: either `all` or `includedPaths`. See [JsonMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_JsonMatchPattern.html) for details. */ matchPattern: pulumi.Input; /** * The parts of the JSON to match against using the `matchPattern`. Valid values are `ALL`, `KEY` and `VALUE`. */ matchScope: pulumi.Input; /** * What to do if the body is larger than can be inspected. Valid values are `CONTINUE` (default), `MATCH` and `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface WebAclRuleStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; includedPaths?: pulumi.Input[]>; } export interface WebAclRuleStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPatternAll { } export interface WebAclRuleStatementSizeConstraintStatementFieldToMatchMethod { } export interface WebAclRuleStatementSizeConstraintStatementFieldToMatchQueryString { } export interface WebAclRuleStatementSizeConstraintStatementFieldToMatchSingleHeader { /** * Name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface WebAclRuleStatementSizeConstraintStatementFieldToMatchSingleQueryArgument { /** * Name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface WebAclRuleStatementSizeConstraintStatementFieldToMatchUriFragment { /** * What AWS WAF should do if it fails to completely parse the JSON body. Valid values are `MATCH` (default) and `NO_MATCH`. */ fallbackBehavior?: pulumi.Input; } export interface WebAclRuleStatementSizeConstraintStatementFieldToMatchUriPath { } export interface WebAclRuleStatementSizeConstraintStatementTextTransformation { /** * Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * Transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface WebAclRuleStatementSqliMatchStatement { /** * Part of a web request that you want AWS WAF to inspect. See `fieldToMatch` below for details. */ fieldToMatch?: pulumi.Input; /** * Sensitivity that you want AWS WAF to use to inspect for SQL injection attacks. Valid values include: `LOW`, `HIGH`. */ sensitivityLevel?: pulumi.Input; /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See `textTransformation` below for details. */ textTransformations: pulumi.Input[]>; } export interface WebAclRuleStatementSqliMatchStatementFieldToMatch { /** * Inspect all query arguments. */ allQueryArguments?: pulumi.Input; /** * Inspect the request body, which immediately follows the request headers. See `body` below for details. */ body?: pulumi.Input; /** * Inspect the cookies in the web request. See `cookies` below for details. */ cookies?: pulumi.Input; /** * Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See `headerOrder` below for details. */ headerOrders?: pulumi.Input[]>; /** * Inspect the request headers. See `headers` below for details. */ headers?: pulumi.Input[]>; /** * Inspect the JA3 fingerprint. See `ja3Fingerprint` below for details. */ ja3Fingerprint?: pulumi.Input; /** * Inspect the JA3 fingerprint. See `ja4Fingerprint` below for details. */ ja4Fingerprint?: pulumi.Input; /** * Inspect the request body as JSON. See `jsonBody` for details. */ jsonBody?: pulumi.Input; /** * Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform. */ method?: pulumi.Input; /** * Inspect the query string. This is the part of a URL that appears after a `?` character, if any. */ queryString?: pulumi.Input; /** * Inspect a single header. See `singleHeader` below for details. */ singleHeader?: pulumi.Input; /** * Inspect a single query argument. See `singleQueryArgument` below for details. */ singleQueryArgument?: pulumi.Input; /** * Inspect the part of a URL that follows the "#" symbol, providing additional information about the resource. See `uriFragment` below for details. */ uriFragment?: pulumi.Input; /** * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`. */ uriPath?: pulumi.Input; } export interface WebAclRuleStatementSqliMatchStatementFieldToMatchAllQueryArguments { } export interface WebAclRuleStatementSqliMatchStatementFieldToMatchBody { /** * What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface WebAclRuleStatementSqliMatchStatementFieldToMatchCookies { /** * The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either `all`, `includedCookies` or `excludedCookies`. More details: [CookieMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_CookieMatchPattern.html) */ matchPatterns: pulumi.Input[]>; /** * The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: `ALL`, `KEY`, `VALUE` */ matchScope: pulumi.Input; /** * What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH`. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementSqliMatchStatementFieldToMatchCookiesMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; excludedCookies?: pulumi.Input[]>; includedCookies?: pulumi.Input[]>; } export interface WebAclRuleStatementSqliMatchStatementFieldToMatchCookiesMatchPatternAll { } export interface WebAclRuleStatementSqliMatchStatementFieldToMatchHeader { /** * The filter to use to identify the subset of headers to inspect in a web request. The `matchPattern` block supports only one of the following arguments: */ matchPattern: pulumi.Input; /** * The parts of the headers to inspect with the rule inspection criteria. If you specify `All`, AWS WAF inspects both keys and values. Valid values include the following: `ALL`, `Key`, `Value`. */ matchScope: pulumi.Input; /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementSqliMatchStatementFieldToMatchHeaderMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; /** * An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values. */ excludedHeaders?: pulumi.Input[]>; /** * An array of strings that will be used for inspecting headers that have a key that matches one of the provided values. */ includedHeaders?: pulumi.Input[]>; } export interface WebAclRuleStatementSqliMatchStatementFieldToMatchHeaderMatchPatternAll { } export interface WebAclRuleStatementSqliMatchStatementFieldToMatchHeaderOrder { /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementSqliMatchStatementFieldToMatchJa3Fingerprint { /** * Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface WebAclRuleStatementSqliMatchStatementFieldToMatchJa4Fingerprint { /** * Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA4 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface WebAclRuleStatementSqliMatchStatementFieldToMatchJsonBody { /** * What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are `EVALUATE_AS_STRING`, `MATCH` and `NO_MATCH`. */ invalidFallbackBehavior?: pulumi.Input; /** * The patterns to look for in the JSON body. You must specify exactly one setting: either `all` or `includedPaths`. See [JsonMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_JsonMatchPattern.html) for details. */ matchPattern: pulumi.Input; /** * The parts of the JSON to match against using the `matchPattern`. Valid values are `ALL`, `KEY` and `VALUE`. */ matchScope: pulumi.Input; /** * What to do if the body is larger than can be inspected. Valid values are `CONTINUE` (default), `MATCH` and `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface WebAclRuleStatementSqliMatchStatementFieldToMatchJsonBodyMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; includedPaths?: pulumi.Input[]>; } export interface WebAclRuleStatementSqliMatchStatementFieldToMatchJsonBodyMatchPatternAll { } export interface WebAclRuleStatementSqliMatchStatementFieldToMatchMethod { } export interface WebAclRuleStatementSqliMatchStatementFieldToMatchQueryString { } export interface WebAclRuleStatementSqliMatchStatementFieldToMatchSingleHeader { /** * Name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface WebAclRuleStatementSqliMatchStatementFieldToMatchSingleQueryArgument { /** * Name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface WebAclRuleStatementSqliMatchStatementFieldToMatchUriFragment { /** * What AWS WAF should do if it fails to completely parse the JSON body. Valid values are `MATCH` (default) and `NO_MATCH`. */ fallbackBehavior?: pulumi.Input; } export interface WebAclRuleStatementSqliMatchStatementFieldToMatchUriPath { } export interface WebAclRuleStatementSqliMatchStatementTextTransformation { /** * Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * Transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface WebAclRuleStatementXssMatchStatement { /** * Part of a web request that you want AWS WAF to inspect. See `fieldToMatch` below for details. */ fieldToMatch?: pulumi.Input; /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See `textTransformation` below for details. */ textTransformations: pulumi.Input[]>; } export interface WebAclRuleStatementXssMatchStatementFieldToMatch { /** * Inspect all query arguments. */ allQueryArguments?: pulumi.Input; /** * Inspect the request body, which immediately follows the request headers. See `body` below for details. */ body?: pulumi.Input; /** * Inspect the cookies in the web request. See `cookies` below for details. */ cookies?: pulumi.Input; /** * Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See `headerOrder` below for details. */ headerOrders?: pulumi.Input[]>; /** * Inspect the request headers. See `headers` below for details. */ headers?: pulumi.Input[]>; /** * Inspect the JA3 fingerprint. See `ja3Fingerprint` below for details. */ ja3Fingerprint?: pulumi.Input; /** * Inspect the JA3 fingerprint. See `ja4Fingerprint` below for details. */ ja4Fingerprint?: pulumi.Input; /** * Inspect the request body as JSON. See `jsonBody` for details. */ jsonBody?: pulumi.Input; /** * Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform. */ method?: pulumi.Input; /** * Inspect the query string. This is the part of a URL that appears after a `?` character, if any. */ queryString?: pulumi.Input; /** * Inspect a single header. See `singleHeader` below for details. */ singleHeader?: pulumi.Input; /** * Inspect a single query argument. See `singleQueryArgument` below for details. */ singleQueryArgument?: pulumi.Input; /** * Inspect the part of a URL that follows the "#" symbol, providing additional information about the resource. See `uriFragment` below for details. */ uriFragment?: pulumi.Input; /** * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`. */ uriPath?: pulumi.Input; } export interface WebAclRuleStatementXssMatchStatementFieldToMatchAllQueryArguments { } export interface WebAclRuleStatementXssMatchStatementFieldToMatchBody { /** * What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface WebAclRuleStatementXssMatchStatementFieldToMatchCookies { /** * The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either `all`, `includedCookies` or `excludedCookies`. More details: [CookieMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_CookieMatchPattern.html) */ matchPatterns: pulumi.Input[]>; /** * The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: `ALL`, `KEY`, `VALUE` */ matchScope: pulumi.Input; /** * What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH`. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementXssMatchStatementFieldToMatchCookiesMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; excludedCookies?: pulumi.Input[]>; includedCookies?: pulumi.Input[]>; } export interface WebAclRuleStatementXssMatchStatementFieldToMatchCookiesMatchPatternAll { } export interface WebAclRuleStatementXssMatchStatementFieldToMatchHeader { /** * The filter to use to identify the subset of headers to inspect in a web request. The `matchPattern` block supports only one of the following arguments: */ matchPattern: pulumi.Input; /** * The parts of the headers to inspect with the rule inspection criteria. If you specify `All`, AWS WAF inspects both keys and values. Valid values include the following: `ALL`, `Key`, `Value`. */ matchScope: pulumi.Input; /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementXssMatchStatementFieldToMatchHeaderMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; /** * An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values. */ excludedHeaders?: pulumi.Input[]>; /** * An array of strings that will be used for inspecting headers that have a key that matches one of the provided values. */ includedHeaders?: pulumi.Input[]>; } export interface WebAclRuleStatementXssMatchStatementFieldToMatchHeaderMatchPatternAll { } export interface WebAclRuleStatementXssMatchStatementFieldToMatchHeaderOrder { /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementXssMatchStatementFieldToMatchJa3Fingerprint { /** * Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface WebAclRuleStatementXssMatchStatementFieldToMatchJa4Fingerprint { /** * Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA4 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface WebAclRuleStatementXssMatchStatementFieldToMatchJsonBody { /** * What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are `EVALUATE_AS_STRING`, `MATCH` and `NO_MATCH`. */ invalidFallbackBehavior?: pulumi.Input; /** * The patterns to look for in the JSON body. You must specify exactly one setting: either `all` or `includedPaths`. See [JsonMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_JsonMatchPattern.html) for details. */ matchPattern: pulumi.Input; /** * The parts of the JSON to match against using the `matchPattern`. Valid values are `ALL`, `KEY` and `VALUE`. */ matchScope: pulumi.Input; /** * What to do if the body is larger than can be inspected. Valid values are `CONTINUE` (default), `MATCH` and `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface WebAclRuleStatementXssMatchStatementFieldToMatchJsonBodyMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; includedPaths?: pulumi.Input[]>; } export interface WebAclRuleStatementXssMatchStatementFieldToMatchJsonBodyMatchPatternAll { } export interface WebAclRuleStatementXssMatchStatementFieldToMatchMethod { } export interface WebAclRuleStatementXssMatchStatementFieldToMatchQueryString { } export interface WebAclRuleStatementXssMatchStatementFieldToMatchSingleHeader { /** * Name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface WebAclRuleStatementXssMatchStatementFieldToMatchSingleQueryArgument { /** * Name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface WebAclRuleStatementXssMatchStatementFieldToMatchUriFragment { /** * What AWS WAF should do if it fails to completely parse the JSON body. Valid values are `MATCH` (default) and `NO_MATCH`. */ fallbackBehavior?: pulumi.Input; } export interface WebAclRuleStatementXssMatchStatementFieldToMatchUriPath { } export interface WebAclRuleStatementXssMatchStatementTextTransformation { /** * Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * Transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface WebAclRuleVisibilityConfig { /** * Whether the associated resource sends metrics to CloudWatch. For the list of available metrics, see [AWS WAF Metrics](https://docs.aws.amazon.com/waf/latest/developerguide/monitoring-cloudwatch.html#waf-metrics). */ cloudwatchMetricsEnabled: pulumi.Input; /** * A friendly name of the CloudWatch metric. The name can contain only alphanumeric characters (A-Z, a-z, 0-9) hyphen(-) and underscore (\_), with length from one to 128 characters. It can't contain whitespace or metric names reserved for AWS WAF, for example `All` and `Default_Action`. */ metricName: pulumi.Input; /** * Whether AWS WAF should store a sampling of the web requests that match the rules. You can view the sampled requests through the AWS WAF console. */ sampledRequestsEnabled: pulumi.Input; } export interface WebAclVisibilityConfig { /** * Whether the associated resource sends metrics to CloudWatch. For the list of available metrics, see [AWS WAF Metrics](https://docs.aws.amazon.com/waf/latest/developerguide/monitoring-cloudwatch.html#waf-metrics). */ cloudwatchMetricsEnabled: pulumi.Input; /** * A friendly name of the CloudWatch metric. The name can contain only alphanumeric characters (A-Z, a-z, 0-9) hyphen(-) and underscore (\_), with length from one to 128 characters. It can't contain whitespace or metric names reserved for AWS WAF, for example `All` and `Default_Action`. */ metricName: pulumi.Input; /** * Whether AWS WAF should store a sampling of the web requests that match the rules. You can view the sampled requests through the AWS WAF console. */ sampledRequestsEnabled: pulumi.Input; } } export namespace workspaces { export interface ConnectionAliasTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; } export interface DirectoryActiveDirectoryConfig { /** * Fully qualified domain name of the AWS Directory Service directory. */ domainName: pulumi.Input; /** * ARN of the Secrets Manager secret that contains the credentials for the service account. For more information, see [Service Account Details](https://docs.aws.amazon.com/workspaces/latest/adminguide/pools-service-account-details.html). */ serviceAccountSecretArn: pulumi.Input; } export interface DirectoryCertificateBasedAuthProperties { /** * The Amazon Resource Name (ARN) of the certificate manager private certificate authority (ACM-PCA) that is used for certificate-based authentication. */ certificateAuthorityArn?: pulumi.Input; /** * Status of certificate-based authentication. Default `DISABLED`. */ status?: pulumi.Input; } export interface DirectorySamlProperties { /** * The relay state parameter name supported by the SAML 2.0 identity provider (IdP). Default `RelayState`. */ relayStateParameterName?: pulumi.Input; /** * Status of SAML 2.0 authentication. Default `DISABLED`. */ status?: pulumi.Input; /** * The SAML 2.0 identity provider (IdP) user access URL. */ userAccessUrl?: pulumi.Input; } export interface DirectorySelfServicePermissions { /** * Whether WorkSpaces directory users can change the compute type (bundle) for their workspace. Default `false`. */ changeComputeType?: pulumi.Input; /** * Whether WorkSpaces directory users can increase the volume size of the drives on their workspace. Default `false`. */ increaseVolumeSize?: pulumi.Input; /** * Whether WorkSpaces directory users can rebuild the operating system of a workspace to its original state. Default `false`. */ rebuildWorkspace?: pulumi.Input; /** * Whether WorkSpaces directory users can restart their workspace. Default `true`. */ restartWorkspace?: pulumi.Input; /** * Whether WorkSpaces directory users can switch the running mode of their workspace. Default `false`. */ switchRunningMode?: pulumi.Input; } export interface DirectoryWorkspaceAccessProperties { /** * Indicates whether users can use Android devices to access their WorkSpaces. */ deviceTypeAndroid?: pulumi.Input; /** * Indicates whether users can use Chromebooks to access their WorkSpaces. */ deviceTypeChromeos?: pulumi.Input; /** * Indicates whether users can use iOS devices to access their WorkSpaces. */ deviceTypeIos?: pulumi.Input; /** * Indicates whether users can use Linux clients to access their WorkSpaces. */ deviceTypeLinux?: pulumi.Input; /** * Indicates whether users can use macOS clients to access their WorkSpaces. */ deviceTypeOsx?: pulumi.Input; /** * Indicates whether users can access their WorkSpaces through a web browser. */ deviceTypeWeb?: pulumi.Input; /** * Indicates whether users can use Windows clients to access their WorkSpaces. */ deviceTypeWindows?: pulumi.Input; /** * Indicates whether users can use zero client devices to access their WorkSpaces. */ deviceTypeZeroclient?: pulumi.Input; } export interface DirectoryWorkspaceCreationProperties { /** * The identifier of your custom security group. Should relate to the same VPC, where workspaces reside in. */ customSecurityGroupId?: pulumi.Input; /** * The default organizational unit (OU) for your WorkSpace directories. Should conform `"OU=,DC=,...,DC="` pattern. */ defaultOu?: pulumi.Input; /** * Indicates whether internet access is enabled for your WorkSpaces. */ enableInternetAccess?: pulumi.Input; /** * Indicates whether maintenance mode is enabled for your WorkSpaces. Valid only if `workspaceType` is set to `PERSONAL`. */ enableMaintenanceMode?: pulumi.Input; /** * Indicates whether users are local administrators of their WorkSpaces. Valid only if `workspaceType` is set to `PERSONAL`. */ userEnabledAsLocalAdministrator?: pulumi.Input; } export interface IpGroupRule { /** * The description of the IP group. */ description?: pulumi.Input; /** * The IP address range, in CIDR notation, e.g., `10.0.0.0/16` */ source: pulumi.Input; } export interface WorkspaceWorkspaceProperties { /** * The compute type. For more information, see [Amazon WorkSpaces Bundles](http://aws.amazon.com/workspaces/details/#Amazon_WorkSpaces_Bundles). Valid values are `VALUE`, `STANDARD`, `PERFORMANCE`, `POWER`, `GRAPHICS`, `POWERPRO`, `GRAPHICSPRO`, `GRAPHICS_G4DN`, and `GRAPHICSPRO_G4DN`. */ computeTypeName?: pulumi.Input; /** * The size of the root volume. */ rootVolumeSizeGib?: pulumi.Input; /** * The running mode. For more information, see [Manage the WorkSpace Running Mode](https://docs.aws.amazon.com/workspaces/latest/adminguide/running-mode.html). Valid values are `AUTO_STOP` and `ALWAYS_ON`. */ runningMode?: pulumi.Input; /** * The time after a user logs off when WorkSpaces are automatically stopped. Configured in 60-minute intervals. */ runningModeAutoStopTimeoutInMinutes?: pulumi.Input; /** * The size of the user storage. */ userVolumeSizeGib?: pulumi.Input; } } export namespace workspacesweb { export interface DataProtectionSettingsInlineRedactionConfiguration { /** * The global confidence level for the inline redaction configuration. This indicates the certainty of data type matches in the redaction process. Values range from 1 (low confidence) to 3 (high confidence). */ globalConfidenceLevel?: pulumi.Input; /** * The global enforced URL configuration for the inline redaction configuration. */ globalEnforcedUrls?: pulumi.Input[]>; /** * The global exempt URL configuration for the inline redaction configuration. */ globalExemptUrls?: pulumi.Input[]>; /** * The inline redaction patterns to be enabled for the inline redaction configuration. Detailed below. */ inlineRedactionPatterns: pulumi.Input[]>; } export interface DataProtectionSettingsInlineRedactionConfigurationInlineRedactionPattern { /** * The built-in pattern from the list of preconfigured patterns. Either a `customPattern` or `builtInPatternId` is required. */ builtInPatternId?: pulumi.Input; /** * The confidence level for inline redaction pattern. This indicates the certainty of data type matches in the redaction process. Values range from 1 (low confidence) to 3 (high confidence). */ confidenceLevel?: pulumi.Input; /** * The configuration for a custom pattern. Either a `customPattern` or `builtInPatternId` is required. Detailed below. */ customPattern?: pulumi.Input; /** * The enforced URL configuration for the inline redaction pattern. */ enforcedUrls?: pulumi.Input[]>; /** * The exempt URL configuration for the inline redaction pattern. */ exemptUrls?: pulumi.Input[]>; /** * The redaction placeholder that will replace the redacted text in session. Detailed below. */ redactionPlaceHolders?: pulumi.Input[]>; } export interface DataProtectionSettingsInlineRedactionConfigurationInlineRedactionPatternCustomPattern { /** * The keyword regex for the customer pattern. */ keywordRegex?: pulumi.Input; /** * The pattern description for the customer pattern. */ patternDescription?: pulumi.Input; /** * The pattern name for the custom pattern. */ patternName: pulumi.Input; /** * The pattern regex for the customer pattern. The format must follow JavaScript regex format. */ patternRegex: pulumi.Input; } export interface DataProtectionSettingsInlineRedactionConfigurationInlineRedactionPatternRedactionPlaceHolder { /** * The redaction placeholder text that will replace the redacted text in session for the custom text redaction placeholder type. */ redactionPlaceHolderText?: pulumi.Input; /** * The redaction placeholder type that will replace the redacted text in session. Currently, only `CustomText` is supported. */ redactionPlaceHolderType: pulumi.Input; } export interface IpAccessSettingsIpRule { /** * The description of the IP access settings. */ description?: pulumi.Input; /** * The IP range of the IP rule. */ ipRange: pulumi.Input; } export interface PortalTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface SessionLoggerEventFilter { /** * Block that specifies to monitor all events. Set to `{}` to monitor all events. */ all?: pulumi.Input; /** * List of specific events to monitor. Valid values include session events like `SessionStart`, `SessionEnd`, etc. */ includes?: pulumi.Input[]>; } export interface SessionLoggerEventFilterAll { } export interface SessionLoggerLogConfiguration { /** * Configuration block for S3 log delivery. See S3 Configuration below. */ s3?: pulumi.Input; } export interface SessionLoggerLogConfigurationS3 { /** * S3 bucket name where logs are delivered. */ bucket: pulumi.Input; /** * Expected bucket owner of the target S3 bucket. */ bucketOwner?: pulumi.Input; /** * Folder structure that defines the organizational structure for log files in S3. Valid values: `FlatStructure`, `DateBasedStructure`. */ folderStructure: pulumi.Input; /** * S3 path prefix that determines where log files are stored. */ keyPrefix?: pulumi.Input; /** * Format of the log file written to S3. Valid values: `Json`, `Parquet`. */ logFileFormat: pulumi.Input; } export interface TrustStoreCertificate { /** * Certificate body in PEM format. */ body: pulumi.Input; /** * Certificate issuer. */ issuer?: pulumi.Input; /** * Date and time when the certificate expires in RFC3339 format. */ notValidAfter?: pulumi.Input; /** * Date and time when the certificate becomes valid in RFC3339 format. */ notValidBefore?: pulumi.Input; /** * Certificate subject. */ subject?: pulumi.Input; /** * Certificate thumbprint. */ thumbprint?: pulumi.Input; } export interface UserSettingsCookieSynchronizationConfiguration { /** * List of cookie specifications that are allowed to be synchronized to the remote browser. */ allowlists?: pulumi.Input[]>; /** * List of cookie specifications that are blocked from being synchronized to the remote browser. */ blocklists?: pulumi.Input[]>; } export interface UserSettingsCookieSynchronizationConfigurationAllowlist { /** * Domain of the cookie. */ domain: pulumi.Input; /** * Name of the cookie. */ name?: pulumi.Input; /** * Path of the cookie. */ path?: pulumi.Input; } export interface UserSettingsCookieSynchronizationConfigurationBlocklist { /** * Domain of the cookie. */ domain: pulumi.Input; /** * Name of the cookie. */ name?: pulumi.Input; /** * Path of the cookie. */ path?: pulumi.Input; } export interface UserSettingsToolbarConfiguration { /** * List of toolbar items to be hidden. */ hiddenToolbarItems?: pulumi.Input[]>; /** * Maximum display resolution that is allowed for the session. */ maxDisplayResolution?: pulumi.Input; /** * Type of toolbar displayed during the session. */ toolbarType?: pulumi.Input; /** * Visual mode of the toolbar. */ visualMode?: pulumi.Input; } } export namespace xray { export interface GroupInsightsConfiguration { /** * Specifies whether insights are enabled. */ insightsEnabled: pulumi.Input; /** * Specifies whether insight notifications are enabled. */ notificationsEnabled?: pulumi.Input; } }