// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** // *** Do not edit by hand unless you're certain you know what you are doing! *** import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; import * as enums from "../types/enums"; import * as utilities from "../utilities"; import {RoutingRule} from "../s3"; export interface GetAvailabilityZoneFilter { /** * Name of the filter field. Valid values can be found in the [EC2 DescribeAvailabilityZones API Reference](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeAvailabilityZones.html). */ name: string; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: string[]; } export interface GetAvailabilityZoneFilterArgs { /** * Name of the filter field. Valid values can be found in the [EC2 DescribeAvailabilityZones API Reference](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeAvailabilityZones.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: pulumi.Input[]>; } export interface GetAvailabilityZonesFilter { /** * Name of the filter field. Valid values can be found in the [EC2 DescribeAvailabilityZones API Reference](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeAvailabilityZones.html). */ name: string; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: string[]; } export interface GetAvailabilityZonesFilterArgs { /** * Name of the filter field. Valid values can be found in the [EC2 DescribeAvailabilityZones API Reference](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeAvailabilityZones.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: pulumi.Input[]>; } export interface GetRegionsFilter { /** * Name of the filter field. Valid values can be found in the [describe-regions AWS CLI Reference][1]. */ name: string; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: string[]; } export interface GetRegionsFilterArgs { /** * Name of the filter field. Valid values can be found in the [describe-regions AWS CLI Reference][1]. */ name: pulumi.Input; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: pulumi.Input[]>; } export interface ProviderAssumeRole { /** * The duration, between 15 minutes and 12 hours, of the role session. Valid time units are ns, us (or µs), ms, s, h, or m. */ duration?: pulumi.Input; /** * A unique identifier that might be required when you assume a role in another account. */ externalId?: pulumi.Input; /** * IAM Policy JSON describing further restricting permissions for the IAM Role being assumed. */ policy?: pulumi.Input; /** * Amazon Resource Names (ARNs) of IAM Policies describing further restricting permissions for the IAM Role being assumed. */ policyArns?: pulumi.Input[]>; /** * Amazon Resource Name (ARN) of an IAM Role to assume prior to making API calls. */ roleArn?: pulumi.Input; /** * An identifier for the assumed role session. */ sessionName?: pulumi.Input; /** * Source identity specified by the principal assuming the role. */ sourceIdentity?: pulumi.Input; /** * Assume role session tags. */ tags?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Assume role session tag keys to pass to any subsequent sessions. */ transitiveTagKeys?: pulumi.Input[]>; } export interface ProviderAssumeRoleWithWebIdentity { /** * The duration, between 15 minutes and 12 hours, of the role session. Valid time units are ns, us (or µs), ms, s, h, or m. */ duration?: pulumi.Input; /** * IAM Policy JSON describing further restricting permissions for the IAM Role being assumed. */ policy?: pulumi.Input; /** * Amazon Resource Names (ARNs) of IAM Policies describing further restricting permissions for the IAM Role being assumed. */ policyArns?: pulumi.Input[]>; /** * Amazon Resource Name (ARN) of an IAM Role to assume prior to making API calls. */ roleArn?: pulumi.Input; /** * An identifier for the assumed role session. */ sessionName?: pulumi.Input; webIdentityToken?: pulumi.Input; webIdentityTokenFile?: pulumi.Input; } export interface ProviderDefaultTags { /** * Resource tags to default across all resources */ tags?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface ProviderEndpoint { /** * Use this to override the default service endpoint URL */ accessanalyzer?: pulumi.Input; /** * Use this to override the default service endpoint URL */ account?: pulumi.Input; /** * Use this to override the default service endpoint URL */ acm?: pulumi.Input; /** * Use this to override the default service endpoint URL */ acmpca?: pulumi.Input; /** * Use this to override the default service endpoint URL */ amg?: pulumi.Input; /** * Use this to override the default service endpoint URL */ amp?: pulumi.Input; /** * Use this to override the default service endpoint URL */ amplify?: pulumi.Input; /** * Use this to override the default service endpoint URL */ apigateway?: pulumi.Input; /** * Use this to override the default service endpoint URL */ apigatewayv2?: pulumi.Input; /** * Use this to override the default service endpoint URL */ appautoscaling?: pulumi.Input; /** * Use this to override the default service endpoint URL */ appconfig?: pulumi.Input; /** * Use this to override the default service endpoint URL */ appfabric?: pulumi.Input; /** * Use this to override the default service endpoint URL */ appflow?: pulumi.Input; /** * Use this to override the default service endpoint URL */ appintegrations?: pulumi.Input; /** * Use this to override the default service endpoint URL */ appintegrationsservice?: pulumi.Input; /** * Use this to override the default service endpoint URL */ applicationautoscaling?: pulumi.Input; /** * Use this to override the default service endpoint URL */ applicationinsights?: pulumi.Input; /** * Use this to override the default service endpoint URL */ appmesh?: pulumi.Input; /** * Use this to override the default service endpoint URL */ appregistry?: pulumi.Input; /** * Use this to override the default service endpoint URL */ apprunner?: pulumi.Input; /** * Use this to override the default service endpoint URL */ appstream?: pulumi.Input; /** * Use this to override the default service endpoint URL */ appsync?: pulumi.Input; /** * Use this to override the default service endpoint URL */ athena?: pulumi.Input; /** * Use this to override the default service endpoint URL */ auditmanager?: pulumi.Input; /** * Use this to override the default service endpoint URL */ autoscaling?: pulumi.Input; /** * Use this to override the default service endpoint URL */ autoscalingplans?: pulumi.Input; /** * Use this to override the default service endpoint URL */ backup?: pulumi.Input; /** * Use this to override the default service endpoint URL */ batch?: pulumi.Input; /** * Use this to override the default service endpoint URL */ bcmdataexports?: pulumi.Input; /** * Use this to override the default service endpoint URL */ beanstalk?: pulumi.Input; /** * Use this to override the default service endpoint URL */ bedrock?: pulumi.Input; /** * Use this to override the default service endpoint URL */ bedrockagent?: pulumi.Input; /** * Use this to override the default service endpoint URL */ budgets?: pulumi.Input; /** * Use this to override the default service endpoint URL */ ce?: pulumi.Input; /** * Use this to override the default service endpoint URL */ chatbot?: pulumi.Input; /** * Use this to override the default service endpoint URL */ chime?: pulumi.Input; /** * Use this to override the default service endpoint URL */ chimesdkmediapipelines?: pulumi.Input; /** * Use this to override the default service endpoint URL */ chimesdkvoice?: pulumi.Input; /** * Use this to override the default service endpoint URL */ cleanrooms?: pulumi.Input; /** * Use this to override the default service endpoint URL */ cloud9?: pulumi.Input; /** * Use this to override the default service endpoint URL */ cloudcontrol?: pulumi.Input; /** * Use this to override the default service endpoint URL */ cloudcontrolapi?: pulumi.Input; /** * Use this to override the default service endpoint URL */ cloudformation?: pulumi.Input; /** * Use this to override the default service endpoint URL */ cloudfront?: pulumi.Input; /** * Use this to override the default service endpoint URL */ cloudfrontkeyvaluestore?: pulumi.Input; /** * Use this to override the default service endpoint URL */ cloudhsm?: pulumi.Input; /** * Use this to override the default service endpoint URL */ cloudhsmv2?: pulumi.Input; /** * Use this to override the default service endpoint URL */ cloudsearch?: pulumi.Input; /** * Use this to override the default service endpoint URL */ cloudtrail?: pulumi.Input; /** * Use this to override the default service endpoint URL */ cloudwatch?: pulumi.Input; /** * Use this to override the default service endpoint URL */ cloudwatchevents?: pulumi.Input; /** * Use this to override the default service endpoint URL */ cloudwatchevidently?: pulumi.Input; /** * Use this to override the default service endpoint URL */ cloudwatchlog?: pulumi.Input; /** * Use this to override the default service endpoint URL */ cloudwatchlogs?: pulumi.Input; /** * Use this to override the default service endpoint URL */ cloudwatchobservabilityaccessmanager?: pulumi.Input; /** * Use this to override the default service endpoint URL */ cloudwatchrum?: pulumi.Input; /** * Use this to override the default service endpoint URL */ codeartifact?: pulumi.Input; /** * Use this to override the default service endpoint URL */ codebuild?: pulumi.Input; /** * Use this to override the default service endpoint URL */ codecatalyst?: pulumi.Input; /** * Use this to override the default service endpoint URL */ codecommit?: pulumi.Input; /** * Use this to override the default service endpoint URL */ codedeploy?: pulumi.Input; /** * Use this to override the default service endpoint URL */ codeguruprofiler?: pulumi.Input; /** * Use this to override the default service endpoint URL */ codegurureviewer?: pulumi.Input; /** * Use this to override the default service endpoint URL */ codepipeline?: pulumi.Input; /** * Use this to override the default service endpoint URL */ codestarconnections?: pulumi.Input; /** * Use this to override the default service endpoint URL */ codestarnotifications?: pulumi.Input; /** * Use this to override the default service endpoint URL */ cognitoidentity?: pulumi.Input; /** * Use this to override the default service endpoint URL */ cognitoidentityprovider?: pulumi.Input; /** * Use this to override the default service endpoint URL */ cognitoidp?: pulumi.Input; /** * Use this to override the default service endpoint URL */ comprehend?: pulumi.Input; /** * Use this to override the default service endpoint URL */ computeoptimizer?: pulumi.Input; /** * Use this to override the default service endpoint URL */ config?: pulumi.Input; /** * Use this to override the default service endpoint URL */ configservice?: pulumi.Input; /** * Use this to override the default service endpoint URL */ connect?: pulumi.Input; /** * Use this to override the default service endpoint URL */ connectcases?: pulumi.Input; /** * Use this to override the default service endpoint URL */ controltower?: pulumi.Input; /** * Use this to override the default service endpoint URL */ costandusagereportservice?: pulumi.Input; /** * Use this to override the default service endpoint URL */ costexplorer?: pulumi.Input; /** * Use this to override the default service endpoint URL */ costoptimizationhub?: pulumi.Input; /** * Use this to override the default service endpoint URL */ cur?: pulumi.Input; /** * Use this to override the default service endpoint URL */ customerprofiles?: pulumi.Input; /** * Use this to override the default service endpoint URL */ databasemigration?: pulumi.Input; /** * Use this to override the default service endpoint URL */ databasemigrationservice?: pulumi.Input; /** * Use this to override the default service endpoint URL */ dataexchange?: pulumi.Input; /** * Use this to override the default service endpoint URL */ datapipeline?: pulumi.Input; /** * Use this to override the default service endpoint URL */ datasync?: pulumi.Input; /** * Use this to override the default service endpoint URL */ datazone?: pulumi.Input; /** * Use this to override the default service endpoint URL */ dax?: pulumi.Input; /** * Use this to override the default service endpoint URL */ deploy?: pulumi.Input; /** * Use this to override the default service endpoint URL */ detective?: pulumi.Input; /** * Use this to override the default service endpoint URL */ devicefarm?: pulumi.Input; /** * Use this to override the default service endpoint URL */ devopsguru?: pulumi.Input; /** * Use this to override the default service endpoint URL */ directconnect?: pulumi.Input; /** * Use this to override the default service endpoint URL */ directoryservice?: pulumi.Input; /** * Use this to override the default service endpoint URL */ dlm?: pulumi.Input; /** * Use this to override the default service endpoint URL */ dms?: pulumi.Input; /** * Use this to override the default service endpoint URL */ docdb?: pulumi.Input; /** * Use this to override the default service endpoint URL */ docdbelastic?: pulumi.Input; /** * Use this to override the default service endpoint URL */ ds?: pulumi.Input; /** * Use this to override the default service endpoint URL */ dynamodb?: pulumi.Input; /** * Use this to override the default service endpoint URL */ ec2?: pulumi.Input; /** * Use this to override the default service endpoint URL */ ecr?: pulumi.Input; /** * Use this to override the default service endpoint URL */ ecrpublic?: pulumi.Input; /** * Use this to override the default service endpoint URL */ ecs?: pulumi.Input; /** * Use this to override the default service endpoint URL */ efs?: pulumi.Input; /** * Use this to override the default service endpoint URL */ eks?: pulumi.Input; /** * Use this to override the default service endpoint URL */ elasticache?: pulumi.Input; /** * Use this to override the default service endpoint URL */ elasticbeanstalk?: pulumi.Input; /** * Use this to override the default service endpoint URL */ elasticloadbalancing?: pulumi.Input; /** * Use this to override the default service endpoint URL */ elasticloadbalancingv2?: pulumi.Input; /** * Use this to override the default service endpoint URL */ elasticsearch?: pulumi.Input; /** * Use this to override the default service endpoint URL */ elasticsearchservice?: pulumi.Input; /** * Use this to override the default service endpoint URL */ elastictranscoder?: pulumi.Input; /** * Use this to override the default service endpoint URL */ elb?: pulumi.Input; /** * Use this to override the default service endpoint URL */ elbv2?: pulumi.Input; /** * Use this to override the default service endpoint URL */ emr?: pulumi.Input; /** * Use this to override the default service endpoint URL */ emrcontainers?: pulumi.Input; /** * Use this to override the default service endpoint URL */ emrserverless?: pulumi.Input; /** * Use this to override the default service endpoint URL */ es?: pulumi.Input; /** * Use this to override the default service endpoint URL */ eventbridge?: pulumi.Input; /** * Use this to override the default service endpoint URL */ events?: pulumi.Input; /** * Use this to override the default service endpoint URL */ evidently?: pulumi.Input; /** * Use this to override the default service endpoint URL */ finspace?: pulumi.Input; /** * Use this to override the default service endpoint URL */ firehose?: pulumi.Input; /** * Use this to override the default service endpoint URL */ fis?: pulumi.Input; /** * Use this to override the default service endpoint URL */ fms?: pulumi.Input; /** * Use this to override the default service endpoint URL */ fsx?: pulumi.Input; /** * Use this to override the default service endpoint URL */ gamelift?: pulumi.Input; /** * Use this to override the default service endpoint URL */ glacier?: pulumi.Input; /** * Use this to override the default service endpoint URL */ globalaccelerator?: pulumi.Input; /** * Use this to override the default service endpoint URL */ glue?: pulumi.Input; /** * Use this to override the default service endpoint URL */ grafana?: pulumi.Input; /** * Use this to override the default service endpoint URL */ greengrass?: pulumi.Input; /** * Use this to override the default service endpoint URL */ groundstation?: pulumi.Input; /** * Use this to override the default service endpoint URL */ guardduty?: pulumi.Input; /** * Use this to override the default service endpoint URL */ healthlake?: pulumi.Input; /** * Use this to override the default service endpoint URL */ iam?: pulumi.Input; /** * Use this to override the default service endpoint URL */ identitystore?: pulumi.Input; /** * Use this to override the default service endpoint URL */ imagebuilder?: pulumi.Input; /** * Use this to override the default service endpoint URL */ inspector?: pulumi.Input; /** * Use this to override the default service endpoint URL */ inspector2?: pulumi.Input; /** * Use this to override the default service endpoint URL */ inspectorv2?: pulumi.Input; /** * Use this to override the default service endpoint URL */ internetmonitor?: pulumi.Input; /** * Use this to override the default service endpoint URL */ iot?: pulumi.Input; /** * Use this to override the default service endpoint URL */ iotanalytics?: pulumi.Input; /** * Use this to override the default service endpoint URL */ iotevents?: pulumi.Input; /** * Use this to override the default service endpoint URL */ ivs?: pulumi.Input; /** * Use this to override the default service endpoint URL */ ivschat?: pulumi.Input; /** * Use this to override the default service endpoint URL */ kafka?: pulumi.Input; /** * Use this to override the default service endpoint URL */ kafkaconnect?: pulumi.Input; /** * Use this to override the default service endpoint URL */ kendra?: pulumi.Input; /** * Use this to override the default service endpoint URL */ keyspaces?: pulumi.Input; /** * Use this to override the default service endpoint URL */ kinesis?: pulumi.Input; /** * Use this to override the default service endpoint URL */ kinesisanalytics?: pulumi.Input; /** * Use this to override the default service endpoint URL */ kinesisanalyticsv2?: pulumi.Input; /** * Use this to override the default service endpoint URL */ kinesisvideo?: pulumi.Input; /** * Use this to override the default service endpoint URL */ kms?: pulumi.Input; /** * Use this to override the default service endpoint URL */ lakeformation?: pulumi.Input; /** * Use this to override the default service endpoint URL */ lambda?: pulumi.Input; /** * Use this to override the default service endpoint URL */ launchwizard?: pulumi.Input; /** * Use this to override the default service endpoint URL */ lex?: pulumi.Input; /** * Use this to override the default service endpoint URL */ lexmodelbuilding?: pulumi.Input; /** * Use this to override the default service endpoint URL */ lexmodelbuildingservice?: pulumi.Input; /** * Use this to override the default service endpoint URL */ lexmodels?: pulumi.Input; /** * Use this to override the default service endpoint URL */ lexmodelsv2?: pulumi.Input; /** * Use this to override the default service endpoint URL */ lexv2models?: pulumi.Input; /** * Use this to override the default service endpoint URL */ licensemanager?: pulumi.Input; /** * Use this to override the default service endpoint URL */ lightsail?: pulumi.Input; /** * Use this to override the default service endpoint URL */ location?: pulumi.Input; /** * Use this to override the default service endpoint URL */ locationservice?: pulumi.Input; /** * Use this to override the default service endpoint URL */ logs?: pulumi.Input; /** * Use this to override the default service endpoint URL */ lookoutmetrics?: pulumi.Input; /** * Use this to override the default service endpoint URL */ m2?: pulumi.Input; /** * Use this to override the default service endpoint URL */ macie2?: pulumi.Input; /** * Use this to override the default service endpoint URL */ managedgrafana?: pulumi.Input; /** * Use this to override the default service endpoint URL */ mediaconnect?: pulumi.Input; /** * Use this to override the default service endpoint URL */ mediaconvert?: pulumi.Input; /** * Use this to override the default service endpoint URL */ medialive?: pulumi.Input; /** * Use this to override the default service endpoint URL */ mediapackage?: pulumi.Input; /** * Use this to override the default service endpoint URL */ mediapackagev2?: pulumi.Input; /** * Use this to override the default service endpoint URL */ mediastore?: pulumi.Input; /** * Use this to override the default service endpoint URL */ memorydb?: pulumi.Input; /** * Use this to override the default service endpoint URL */ mq?: pulumi.Input; /** * Use this to override the default service endpoint URL */ msk?: pulumi.Input; /** * Use this to override the default service endpoint URL */ mwaa?: pulumi.Input; /** * Use this to override the default service endpoint URL */ neptune?: pulumi.Input; /** * Use this to override the default service endpoint URL */ neptunegraph?: pulumi.Input; /** * Use this to override the default service endpoint URL */ networkfirewall?: pulumi.Input; /** * Use this to override the default service endpoint URL */ networkmanager?: pulumi.Input; /** * Use this to override the default service endpoint URL */ oam?: pulumi.Input; /** * Use this to override the default service endpoint URL */ opensearch?: pulumi.Input; /** * Use this to override the default service endpoint URL */ opensearchingestion?: pulumi.Input; /** * Use this to override the default service endpoint URL */ opensearchserverless?: pulumi.Input; /** * Use this to override the default service endpoint URL */ opensearchservice?: pulumi.Input; /** * Use this to override the default service endpoint URL */ opsworks?: pulumi.Input; /** * Use this to override the default service endpoint URL */ organizations?: pulumi.Input; /** * Use this to override the default service endpoint URL */ osis?: pulumi.Input; /** * Use this to override the default service endpoint URL */ outposts?: pulumi.Input; /** * Use this to override the default service endpoint URL */ paymentcryptography?: pulumi.Input; /** * Use this to override the default service endpoint URL */ pcaconnectorad?: pulumi.Input; /** * Use this to override the default service endpoint URL */ pinpoint?: pulumi.Input; /** * Use this to override the default service endpoint URL */ pipes?: pulumi.Input; /** * Use this to override the default service endpoint URL */ polly?: pulumi.Input; /** * Use this to override the default service endpoint URL */ pricing?: pulumi.Input; /** * Use this to override the default service endpoint URL */ prometheus?: pulumi.Input; /** * Use this to override the default service endpoint URL */ prometheusservice?: pulumi.Input; /** * Use this to override the default service endpoint URL */ qbusiness?: pulumi.Input; /** * Use this to override the default service endpoint URL */ qldb?: pulumi.Input; /** * Use this to override the default service endpoint URL */ quicksight?: pulumi.Input; /** * Use this to override the default service endpoint URL */ ram?: pulumi.Input; /** * Use this to override the default service endpoint URL */ rbin?: pulumi.Input; /** * Use this to override the default service endpoint URL */ rds?: pulumi.Input; /** * Use this to override the default service endpoint URL */ recyclebin?: pulumi.Input; /** * Use this to override the default service endpoint URL */ redshift?: pulumi.Input; /** * Use this to override the default service endpoint URL */ redshiftdata?: pulumi.Input; /** * Use this to override the default service endpoint URL */ redshiftdataapiservice?: pulumi.Input; /** * Use this to override the default service endpoint URL */ redshiftserverless?: pulumi.Input; /** * Use this to override the default service endpoint URL */ rekognition?: pulumi.Input; /** * Use this to override the default service endpoint URL */ resourceexplorer2?: pulumi.Input; /** * Use this to override the default service endpoint URL */ resourcegroups?: pulumi.Input; /** * Use this to override the default service endpoint URL */ resourcegroupstagging?: pulumi.Input; /** * Use this to override the default service endpoint URL */ resourcegroupstaggingapi?: pulumi.Input; /** * Use this to override the default service endpoint URL */ rolesanywhere?: pulumi.Input; /** * Use this to override the default service endpoint URL */ route53?: pulumi.Input; /** * Use this to override the default service endpoint URL */ route53domains?: pulumi.Input; /** * Use this to override the default service endpoint URL */ route53profiles?: pulumi.Input; /** * Use this to override the default service endpoint URL */ route53recoverycontrolconfig?: pulumi.Input; /** * Use this to override the default service endpoint URL */ route53recoveryreadiness?: pulumi.Input; /** * Use this to override the default service endpoint URL */ route53resolver?: pulumi.Input; /** * Use this to override the default service endpoint URL */ rum?: pulumi.Input; /** * Use this to override the default service endpoint URL */ s3?: pulumi.Input; /** * Use this to override the default service endpoint URL */ s3api?: pulumi.Input; /** * Use this to override the default service endpoint URL */ s3control?: pulumi.Input; /** * Use this to override the default service endpoint URL */ s3outposts?: pulumi.Input; /** * Use this to override the default service endpoint URL */ sagemaker?: pulumi.Input; /** * Use this to override the default service endpoint URL */ scheduler?: pulumi.Input; /** * Use this to override the default service endpoint URL */ schemas?: pulumi.Input; /** * Use this to override the default service endpoint URL */ sdb?: pulumi.Input; /** * Use this to override the default service endpoint URL */ secretsmanager?: pulumi.Input; /** * Use this to override the default service endpoint URL */ securityhub?: pulumi.Input; /** * Use this to override the default service endpoint URL */ securitylake?: pulumi.Input; /** * Use this to override the default service endpoint URL */ serverlessapplicationrepository?: pulumi.Input; /** * Use this to override the default service endpoint URL */ serverlessapprepo?: pulumi.Input; /** * Use this to override the default service endpoint URL */ serverlessrepo?: pulumi.Input; /** * Use this to override the default service endpoint URL */ servicecatalog?: pulumi.Input; /** * Use this to override the default service endpoint URL */ servicecatalogappregistry?: pulumi.Input; /** * Use this to override the default service endpoint URL */ servicediscovery?: pulumi.Input; /** * Use this to override the default service endpoint URL */ servicequotas?: pulumi.Input; /** * Use this to override the default service endpoint URL */ ses?: pulumi.Input; /** * Use this to override the default service endpoint URL */ sesv2?: pulumi.Input; /** * Use this to override the default service endpoint URL */ sfn?: pulumi.Input; /** * Use this to override the default service endpoint URL */ shield?: pulumi.Input; /** * Use this to override the default service endpoint URL */ signer?: pulumi.Input; /** * Use this to override the default service endpoint URL */ simpledb?: pulumi.Input; /** * Use this to override the default service endpoint URL */ sns?: pulumi.Input; /** * Use this to override the default service endpoint URL */ sqs?: pulumi.Input; /** * Use this to override the default service endpoint URL */ ssm?: pulumi.Input; /** * Use this to override the default service endpoint URL */ ssmcontacts?: pulumi.Input; /** * Use this to override the default service endpoint URL */ ssmincidents?: pulumi.Input; /** * Use this to override the default service endpoint URL */ ssmsap?: pulumi.Input; /** * Use this to override the default service endpoint URL */ sso?: pulumi.Input; /** * Use this to override the default service endpoint URL */ ssoadmin?: pulumi.Input; /** * Use this to override the default service endpoint URL */ stepfunctions?: pulumi.Input; /** * Use this to override the default service endpoint URL */ storagegateway?: pulumi.Input; /** * Use this to override the default service endpoint URL */ sts?: pulumi.Input; /** * Use this to override the default service endpoint URL */ swf?: pulumi.Input; /** * Use this to override the default service endpoint URL */ synthetics?: pulumi.Input; /** * Use this to override the default service endpoint URL */ timestreamwrite?: pulumi.Input; /** * Use this to override the default service endpoint URL */ transcribe?: pulumi.Input; /** * Use this to override the default service endpoint URL */ transcribeservice?: pulumi.Input; /** * Use this to override the default service endpoint URL */ transfer?: pulumi.Input; /** * Use this to override the default service endpoint URL */ verifiedpermissions?: pulumi.Input; /** * Use this to override the default service endpoint URL */ vpclattice?: pulumi.Input; /** * Use this to override the default service endpoint URL */ waf?: pulumi.Input; /** * Use this to override the default service endpoint URL */ wafregional?: pulumi.Input; /** * Use this to override the default service endpoint URL */ wafv2?: pulumi.Input; /** * Use this to override the default service endpoint URL */ wellarchitected?: pulumi.Input; /** * Use this to override the default service endpoint URL */ worklink?: pulumi.Input; /** * Use this to override the default service endpoint URL */ workspaces?: pulumi.Input; /** * Use this to override the default service endpoint URL */ xray?: pulumi.Input; } export interface ProviderIgnoreTags { /** * Resource tag key prefixes to ignore across all resources. */ keyPrefixes?: pulumi.Input[]>; /** * Resource tag keys to ignore across all resources. */ keys?: pulumi.Input[]>; } export namespace accessanalyzer { export interface AnalyzerConfiguration { /** * A block that specifies the configuration of an unused access analyzer for an AWS organization or account. Documented below */ unusedAccess?: pulumi.Input; } export interface AnalyzerConfigurationUnusedAccess { /** * The specified access age in days for which to generate findings for unused access. */ unusedAccessAge?: pulumi.Input; } export interface ArchiveRuleFilter { /** * Contains comparator. */ contains?: pulumi.Input[]>; /** * Filter criteria. */ criteria: pulumi.Input; /** * Equals comparator. */ eqs?: pulumi.Input[]>; /** * Boolean comparator. */ exists?: pulumi.Input; /** * Not Equals comparator. */ neqs?: pulumi.Input[]>; } } export namespace acm { export interface CertificateDomainValidationOption { /** * Fully qualified domain name (FQDN) in the certificate. */ domainName?: pulumi.Input; /** * The name of the DNS record to create to validate the certificate */ resourceRecordName?: pulumi.Input; /** * The type of DNS record to create */ resourceRecordType?: pulumi.Input; /** * The value the DNS record needs to have */ resourceRecordValue?: pulumi.Input; } export interface CertificateOptions { /** * Whether certificate details should be added to a certificate transparency log. Valid values are `ENABLED` or `DISABLED`. See https://docs.aws.amazon.com/acm/latest/userguide/acm-concepts.html#concept-transparency for more details. */ certificateTransparencyLoggingPreference?: pulumi.Input; } export interface CertificateRenewalSummary { /** * The status of ACM's managed renewal of the certificate */ renewalStatus?: pulumi.Input; /** * The reason that a renewal request was unsuccessful or is pending */ renewalStatusReason?: pulumi.Input; updatedAt?: pulumi.Input; } export interface CertificateValidationOption { /** * Fully qualified domain name (FQDN) in the certificate. */ domainName: pulumi.Input; /** * Domain name that you want ACM to use to send you validation emails. This domain name is the suffix of the email addresses that you want ACM to use. This must be the same as the `domainName` value or a superdomain of the `domainName` value. For example, if you request a certificate for `"testing.example.com"`, you can specify `"example.com"` for this value. */ validationDomain: pulumi.Input; } } export namespace acmpca { export interface CertificateAuthorityCertificateAuthorityConfiguration { /** * Type of the public key algorithm and size, in bits, of the key pair that your key pair creates when it issues a certificate. Valid values can be found in the [ACM PCA Documentation](https://docs.aws.amazon.com/privateca/latest/APIReference/API_CertificateAuthorityConfiguration.html). */ keyAlgorithm: pulumi.Input; /** * Name of the algorithm your private CA uses to sign certificate requests. Valid values can be found in the [ACM PCA Documentation](https://docs.aws.amazon.com/privateca/latest/APIReference/API_CertificateAuthorityConfiguration.html). */ signingAlgorithm: pulumi.Input; /** * Nested argument that contains X.500 distinguished name information. At least one nested attribute must be specified. */ subject: pulumi.Input; } export interface CertificateAuthorityCertificateAuthorityConfigurationSubject { /** * Fully qualified domain name (FQDN) associated with the certificate subject. Must be less than or equal to 64 characters in length. */ commonName?: pulumi.Input; /** * Two digit code that specifies the country in which the certificate subject located. Must be less than or equal to 2 characters in length. */ country?: pulumi.Input; /** * Disambiguating information for the certificate subject. Must be less than or equal to 64 characters in length. */ distinguishedNameQualifier?: pulumi.Input; /** * Typically a qualifier appended to the name of an individual. Examples include Jr. for junior, Sr. for senior, and III for third. Must be less than or equal to 3 characters in length. */ generationQualifier?: pulumi.Input; /** * First name. Must be less than or equal to 16 characters in length. */ givenName?: pulumi.Input; /** * Concatenation that typically contains the first letter of the `givenName`, the first letter of the middle name if one exists, and the first letter of the `surname`. Must be less than or equal to 5 characters in length. */ initials?: pulumi.Input; /** * Locality (such as a city or town) in which the certificate subject is located. Must be less than or equal to 128 characters in length. */ locality?: pulumi.Input; /** * Legal name of the organization with which the certificate subject is affiliated. Must be less than or equal to 64 characters in length. */ organization?: pulumi.Input; /** * Subdivision or unit of the organization (such as sales or finance) with which the certificate subject is affiliated. Must be less than or equal to 64 characters in length. */ organizationalUnit?: pulumi.Input; /** * Typically a shortened version of a longer `givenName`. For example, Jonathan is often shortened to John. Elizabeth is often shortened to Beth, Liz, or Eliza. Must be less than or equal to 128 characters in length. */ pseudonym?: pulumi.Input; /** * State in which the subject of the certificate is located. Must be less than or equal to 128 characters in length. */ state?: pulumi.Input; /** * Family name. In the US and the UK for example, the surname of an individual is ordered last. In Asian cultures the surname is typically ordered first. Must be less than or equal to 40 characters in length. */ surname?: pulumi.Input; /** * Title such as Mr. or Ms. which is pre-pended to the name to refer formally to the certificate subject. Must be less than or equal to 64 characters in length. */ title?: pulumi.Input; } export interface CertificateAuthorityRevocationConfiguration { /** * Nested argument containing configuration of the certificate revocation list (CRL), if any, maintained by the certificate authority. Defined below. */ crlConfiguration?: pulumi.Input; /** * Nested argument containing configuration of * the custom OCSP responder endpoint. Defined below. */ ocspConfiguration?: pulumi.Input; } export interface CertificateAuthorityRevocationConfigurationCrlConfiguration { /** * Name inserted into the certificate CRL Distribution Points extension that enables the use of an alias for the CRL distribution point. Use this value if you don't want the name of your S3 bucket to be public. Must be less than or equal to 253 characters in length. */ customCname?: pulumi.Input; /** * Boolean value that specifies whether certificate revocation lists (CRLs) are enabled. Defaults to `false`. */ enabled?: pulumi.Input; /** * Number of days until a certificate expires. Must be between 1 and 5000. */ expirationInDays?: pulumi.Input; /** * Name of the S3 bucket that contains the CRL. If you do not provide a value for the `customCname` argument, the name of your S3 bucket is placed into the CRL Distribution Points extension of the issued certificate. You must specify a bucket policy that allows ACM PCA to write the CRL to your bucket. Must be between 3 and 255 characters in length. */ s3BucketName?: pulumi.Input; /** * Determines whether the CRL will be publicly readable or privately held in the CRL Amazon S3 bucket. Defaults to `PUBLIC_READ`. */ s3ObjectAcl?: pulumi.Input; } export interface CertificateAuthorityRevocationConfigurationOcspConfiguration { /** * Boolean value that specifies whether a custom OCSP responder is enabled. */ enabled: pulumi.Input; /** * CNAME specifying a customized OCSP domain. Note: The value of the CNAME must not include a protocol prefix such as "http://" or "https://". */ ocspCustomCname?: pulumi.Input; } export interface CertificateValidity { /** * Determines how `value` is interpreted. Valid values: `DAYS`, `MONTHS`, `YEARS`, `ABSOLUTE`, `END_DATE`. */ type: pulumi.Input; /** * If `type` is `DAYS`, `MONTHS`, or `YEARS`, the relative time until the certificate expires. If `type` is `ABSOLUTE`, the date in seconds since the Unix epoch. If `type` is `END_DATE`, the date in RFC 3339 format. */ value: pulumi.Input; } } export namespace alb { export interface ListenerDefaultAction { /** * Configuration block for using Amazon Cognito to authenticate users. Specify only when `type` is `authenticate-cognito`. Detailed below. */ authenticateCognito?: pulumi.Input; /** * Configuration block for an identity provider that is compliant with OpenID Connect (OIDC). Specify only when `type` is `authenticate-oidc`. Detailed below. */ authenticateOidc?: pulumi.Input; /** * Information for creating an action that returns a custom HTTP response. Required if `type` is `fixed-response`. */ fixedResponse?: pulumi.Input; /** * Configuration block for creating an action that distributes requests among one or more target groups. Specify only if `type` is `forward`. If you specify both `forward` block and `targetGroupArn` attribute, you can specify only one target group using `forward` and it must be the same target group specified in `targetGroupArn`. Detailed below. */ forward?: pulumi.Input; /** * Order for the action. This value is required for rules with multiple actions. The action with the lowest value for order is performed first. Valid values are between `1` and `50000`. */ order?: pulumi.Input; /** * Configuration block for creating a redirect action. Required if `type` is `redirect`. Detailed below. */ redirect?: pulumi.Input; /** * ARN of the Target Group to which to route traffic. Specify only if `type` is `forward` and you want to route to a single target group. To route to one or more target groups, use a `forward` block instead. */ targetGroupArn?: pulumi.Input; /** * Type of routing action. Valid values are `forward`, `redirect`, `fixed-response`, `authenticate-cognito` and `authenticate-oidc`. * * The following arguments are optional: */ type: pulumi.Input; } export interface ListenerDefaultActionAuthenticateCognito { /** * Query parameters to include in the redirect request to the authorization endpoint. Max: 10. Detailed below. */ authenticationRequestExtraParams?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Behavior if the user is not authenticated. Valid values are `deny`, `allow` and `authenticate`. */ onUnauthenticatedRequest?: pulumi.Input; /** * Set of user claims to be requested from the IdP. */ scope?: pulumi.Input; /** * Name of the cookie used to maintain session information. */ sessionCookieName?: pulumi.Input; /** * Maximum duration of the authentication session, in seconds. */ sessionTimeout?: pulumi.Input; /** * ARN of the Cognito user pool. */ userPoolArn: pulumi.Input; /** * ID of the Cognito user pool client. */ userPoolClientId: pulumi.Input; /** * Domain prefix or fully-qualified domain name of the Cognito user pool. * * The following arguments are optional: */ userPoolDomain: pulumi.Input; } export interface ListenerDefaultActionAuthenticateOidc { /** * Query parameters to include in the redirect request to the authorization endpoint. Max: 10. */ authenticationRequestExtraParams?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Authorization endpoint of the IdP. */ authorizationEndpoint: pulumi.Input; /** * OAuth 2.0 client identifier. */ clientId: pulumi.Input; /** * OAuth 2.0 client secret. */ clientSecret: pulumi.Input; /** * OIDC issuer identifier of the IdP. */ issuer: pulumi.Input; /** * Behavior if the user is not authenticated. Valid values: `deny`, `allow` and `authenticate` */ onUnauthenticatedRequest?: pulumi.Input; /** * Set of user claims to be requested from the IdP. */ scope?: pulumi.Input; /** * Name of the cookie used to maintain session information. */ sessionCookieName?: pulumi.Input; /** * Maximum duration of the authentication session, in seconds. */ sessionTimeout?: pulumi.Input; /** * Token endpoint of the IdP. */ tokenEndpoint: pulumi.Input; /** * User info endpoint of the IdP. * * The following arguments are optional: */ userInfoEndpoint: pulumi.Input; } export interface ListenerDefaultActionFixedResponse { /** * Content type. Valid values are `text/plain`, `text/css`, `text/html`, `application/javascript` and `application/json`. * * The following arguments are optional: */ contentType: pulumi.Input; /** * Message body. */ messageBody?: pulumi.Input; /** * HTTP response code. Valid values are `2XX`, `4XX`, or `5XX`. */ statusCode?: pulumi.Input; } export interface ListenerDefaultActionForward { /** * Configuration block for target group stickiness for the rule. Detailed below. */ stickiness?: pulumi.Input; /** * Set of 1-5 target group blocks. Detailed below. * * The following arguments are optional: */ targetGroups: pulumi.Input[]>; } export interface ListenerDefaultActionForwardStickiness { /** * Time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days). * * The following arguments are optional: */ duration: pulumi.Input; /** * Whether target group stickiness is enabled. Default is `false`. */ enabled?: pulumi.Input; } export interface ListenerDefaultActionForwardTargetGroup { /** * ARN of the target group. * * The following arguments are optional: */ arn: pulumi.Input; /** * Weight. The range is 0 to 999. */ weight?: pulumi.Input; } export interface ListenerDefaultActionRedirect { /** * Hostname. This component is not percent-encoded. The hostname can contain `#{host}`. Defaults to `#{host}`. */ host?: pulumi.Input; /** * Absolute path, starting with the leading "/". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}. Defaults to `/#{path}`. */ path?: pulumi.Input; /** * Port. Specify a value from `1` to `65535` or `#{port}`. Defaults to `#{port}`. */ port?: pulumi.Input; /** * Protocol. Valid values are `HTTP`, `HTTPS`, or `#{protocol}`. Defaults to `#{protocol}`. */ protocol?: pulumi.Input; /** * Query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading "?". Defaults to `#{query}`. */ query?: pulumi.Input; /** * HTTP redirect code. The redirect is either permanent (`HTTP_301`) or temporary (`HTTP_302`). * * The following arguments are optional: */ statusCode: pulumi.Input; } export interface ListenerMutualAuthentication { /** * Whether client certificate expiry is ignored. Default is `false`. */ ignoreClientCertificateExpiry?: pulumi.Input; /** * Valid values are `off`, `verify` and `passthrough`. */ mode: pulumi.Input; /** * ARN of the elbv2 Trust Store. */ trustStoreArn?: pulumi.Input; } export interface ListenerRuleAction { /** * Information for creating an authenticate action using Cognito. Required if `type` is `authenticate-cognito`. */ authenticateCognito?: pulumi.Input; /** * Information for creating an authenticate action using OIDC. Required if `type` is `authenticate-oidc`. */ authenticateOidc?: pulumi.Input; /** * Information for creating an action that returns a custom HTTP response. Required if `type` is `fixed-response`. */ fixedResponse?: pulumi.Input; /** * Information for creating an action that distributes requests among one or more target groups. Specify only if `type` is `forward`. If you specify both `forward` block and `targetGroupArn` attribute, you can specify only one target group using `forward` and it must be the same target group specified in `targetGroupArn`. */ forward?: pulumi.Input; order?: pulumi.Input; /** * Information for creating a redirect action. Required if `type` is `redirect`. */ redirect?: pulumi.Input; /** * The ARN of the Target Group to which to route traffic. Specify only if `type` is `forward` and you want to route to a single target group. To route to one or more target groups, use a `forward` block instead. */ targetGroupArn?: pulumi.Input; /** * The type of routing action. Valid values are `forward`, `redirect`, `fixed-response`, `authenticate-cognito` and `authenticate-oidc`. */ type: pulumi.Input; } export interface ListenerRuleActionAuthenticateCognito { /** * The query parameters to include in the redirect request to the authorization endpoint. Max: 10. */ authenticationRequestExtraParams?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * The behavior if the user is not authenticated. Valid values: `deny`, `allow` and `authenticate` */ onUnauthenticatedRequest?: pulumi.Input; /** * The set of user claims to be requested from the IdP. */ scope?: pulumi.Input; /** * The name of the cookie used to maintain session information. */ sessionCookieName?: pulumi.Input; /** * The maximum duration of the authentication session, in seconds. */ sessionTimeout?: pulumi.Input; /** * The ARN of the Cognito user pool. */ userPoolArn: pulumi.Input; /** * The ID of the Cognito user pool client. */ userPoolClientId: pulumi.Input; /** * The domain prefix or fully-qualified domain name of the Cognito user pool. */ userPoolDomain: pulumi.Input; } export interface ListenerRuleActionAuthenticateOidc { /** * The query parameters to include in the redirect request to the authorization endpoint. Max: 10. */ authenticationRequestExtraParams?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * The authorization endpoint of the IdP. */ authorizationEndpoint: pulumi.Input; /** * The OAuth 2.0 client identifier. */ clientId: pulumi.Input; /** * The OAuth 2.0 client secret. */ clientSecret: pulumi.Input; /** * The OIDC issuer identifier of the IdP. */ issuer: pulumi.Input; /** * The behavior if the user is not authenticated. Valid values: `deny`, `allow` and `authenticate` */ onUnauthenticatedRequest?: pulumi.Input; /** * The set of user claims to be requested from the IdP. */ scope?: pulumi.Input; /** * The name of the cookie used to maintain session information. */ sessionCookieName?: pulumi.Input; /** * The maximum duration of the authentication session, in seconds. */ sessionTimeout?: pulumi.Input; /** * The token endpoint of the IdP. */ tokenEndpoint: pulumi.Input; /** * The user info endpoint of the IdP. */ userInfoEndpoint: pulumi.Input; } export interface ListenerRuleActionFixedResponse { /** * The content type. Valid values are `text/plain`, `text/css`, `text/html`, `application/javascript` and `application/json`. */ contentType: pulumi.Input; /** * The message body. */ messageBody?: pulumi.Input; /** * The HTTP response code. Valid values are `2XX`, `4XX`, or `5XX`. */ statusCode?: pulumi.Input; } export interface ListenerRuleActionForward { /** * The target group stickiness for the rule. */ stickiness?: pulumi.Input; /** * One or more target groups block. */ targetGroups: pulumi.Input[]>; } export interface ListenerRuleActionForwardStickiness { /** * The time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days). */ duration: pulumi.Input; /** * Indicates whether target group stickiness is enabled. */ enabled?: pulumi.Input; } export interface ListenerRuleActionForwardTargetGroup { /** * The Amazon Resource Name (ARN) of the target group. */ arn: pulumi.Input; /** * The weight. The range is 0 to 999. */ weight?: pulumi.Input; } export interface ListenerRuleActionRedirect { /** * The hostname. This component is not percent-encoded. The hostname can contain `#{host}`. Defaults to `#{host}`. */ host?: pulumi.Input; /** * The absolute path, starting with the leading "/". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}. Defaults to `/#{path}`. */ path?: pulumi.Input; /** * The port. Specify a value from `1` to `65535` or `#{port}`. Defaults to `#{port}`. */ port?: pulumi.Input; /** * The protocol. Valid values are `HTTP`, `HTTPS`, or `#{protocol}`. Defaults to `#{protocol}`. */ protocol?: pulumi.Input; /** * The query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading "?". Defaults to `#{query}`. */ query?: pulumi.Input; /** * The HTTP redirect code. The redirect is either permanent (`HTTP_301`) or temporary (`HTTP_302`). */ statusCode: pulumi.Input; } export interface ListenerRuleCondition { /** * Contains a single `values` item which is a list of host header patterns to match. The maximum size of each pattern is 128 characters. Comparison is case insensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). Only one pattern needs to match for the condition to be satisfied. */ hostHeader?: pulumi.Input; /** * HTTP headers to match. HTTP Header block fields documented below. */ httpHeader?: pulumi.Input; /** * Contains a single `values` item which is a list of HTTP request methods or verbs to match. Maximum size is 40 characters. Only allowed characters are A-Z, hyphen (-) and underscore (\_). Comparison is case sensitive. Wildcards are not supported. Only one needs to match for the condition to be satisfied. AWS recommends that GET and HEAD requests are routed in the same way because the response to a HEAD request may be cached. */ httpRequestMethod?: pulumi.Input; /** * Contains a single `values` item which is a list of path patterns to match against the request URL. Maximum size of each pattern is 128 characters. Comparison is case sensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). Only one pattern needs to match for the condition to be satisfied. Path pattern is compared only to the path of the URL, not to its query string. To compare against the query string, use a `queryString` condition. */ pathPattern?: pulumi.Input; /** * Query strings to match. Query String block fields documented below. */ queryStrings?: pulumi.Input[]>; /** * Contains a single `values` item which is a list of source IP CIDR notations to match. You can use both IPv4 and IPv6 addresses. Wildcards are not supported. Condition is satisfied if the source IP address of the request matches one of the CIDR blocks. Condition is not satisfied by the addresses in the `X-Forwarded-For` header, use `httpHeader` condition instead. * * > **NOTE::** Exactly one of `hostHeader`, `httpHeader`, `httpRequestMethod`, `pathPattern`, `queryString` or `sourceIp` must be set per condition. */ sourceIp?: pulumi.Input; } export interface ListenerRuleConditionHostHeader { values: pulumi.Input[]>; } export interface ListenerRuleConditionHttpHeader { /** * Name of HTTP header to search. The maximum size is 40 characters. Comparison is case insensitive. Only RFC7240 characters are supported. Wildcards are not supported. You cannot use HTTP header condition to specify the host header, use a `host-header` condition instead. */ httpHeaderName: pulumi.Input; /** * List of header value patterns to match. Maximum size of each pattern is 128 characters. Comparison is case insensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). If the same header appears multiple times in the request they will be searched in order until a match is found. Only one pattern needs to match for the condition to be satisfied. To require that all of the strings are a match, create one condition block per string. */ values: pulumi.Input[]>; } export interface ListenerRuleConditionHttpRequestMethod { values: pulumi.Input[]>; } export interface ListenerRuleConditionPathPattern { values: pulumi.Input[]>; } export interface ListenerRuleConditionQueryString { /** * Query string key pattern to match. */ key?: pulumi.Input; /** * Query string value pattern to match. */ value: pulumi.Input; } export interface ListenerRuleConditionSourceIp { values: pulumi.Input[]>; } export interface LoadBalancerAccessLogs { /** * S3 bucket name to store the logs in. */ bucket: pulumi.Input; /** * Boolean to enable / disable `accessLogs`. Defaults to `false`, even when `bucket` is specified. */ enabled?: pulumi.Input; /** * S3 bucket prefix. Logs are stored in the root if not configured. */ prefix?: pulumi.Input; } export interface LoadBalancerConnectionLogs { /** * S3 bucket name to store the logs in. */ bucket: pulumi.Input; /** * Boolean to enable / disable `connectionLogs`. Defaults to `false`, even when `bucket` is specified. */ enabled?: pulumi.Input; /** * S3 bucket prefix. Logs are stored in the root if not configured. */ prefix?: pulumi.Input; } export interface LoadBalancerSubnetMapping { /** * Allocation ID of the Elastic IP address for an internet-facing load balancer. */ allocationId?: pulumi.Input; /** * IPv6 address. You associate IPv6 CIDR blocks with your VPC and choose the subnets where you launch both internet-facing and internal Application Load Balancers or Network Load Balancers. */ ipv6Address?: pulumi.Input; outpostId?: pulumi.Input; /** * Private IPv4 address for an internal load balancer. */ privateIpv4Address?: pulumi.Input; /** * ID of the subnet of which to attach to the load balancer. You can specify only one subnet per Availability Zone. */ subnetId: pulumi.Input; } export interface TargetGroupHealthCheck { /** * Whether health checks are enabled. Defaults to `true`. */ enabled?: pulumi.Input; /** * Number of consecutive health check successes required before considering a target healthy. The range is 2-10. Defaults to 3. */ healthyThreshold?: pulumi.Input; /** * Approximate amount of time, in seconds, between health checks of an individual target. The range is 5-300. For `lambda` target groups, it needs to be greater than the timeout of the underlying `lambda`. Defaults to 30. */ interval?: pulumi.Input; /** * The HTTP or gRPC codes to use when checking for a successful response from a target. * The `health_check.protocol` must be one of `HTTP` or `HTTPS` or the `targetType` must be `lambda`. * Values can be comma-separated individual values (e.g., "200,202") or a range of values (e.g., "200-299"). * * For gRPC-based target groups (i.e., the `protocol` is one of `HTTP` or `HTTPS` and the `protocolVersion` is `GRPC`), values can be between `0` and `99`. The default is `12`. * * When used with an Application Load Balancer (i.e., the `protocol` is one of `HTTP` or `HTTPS` and the `protocolVersion` is not `GRPC`), values can be between `200` and `499`. The default is `200`. * * When used with a Network Load Balancer (i.e., the `protocol` is one of `TCP`, `TCP_UDP`, `UDP`, or `TLS`), values can be between `200` and `599`. The default is `200-399`. * * When the `targetType` is `lambda`, values can be between `200` and `499`. The default is `200`. */ matcher?: pulumi.Input; /** * Destination for the health check request. Required for HTTP/HTTPS ALB and HTTP NLB. Only applies to HTTP/HTTPS. * * For HTTP and HTTPS health checks, the default is `/`. * * For gRPC health checks, the default is `/Amazon Web Services.ALB/healthcheck`. */ path?: pulumi.Input; /** * The port the load balancer uses when performing health checks on targets. * Valid values are either `traffic-port`, to use the same port as the target group, or a valid port number between `1` and `65536`. * Default is `traffic-port`. */ port?: pulumi.Input; /** * Protocol the load balancer uses when performing health checks on targets. * Must be one of `TCP`, `HTTP`, or `HTTPS`. * The `TCP` protocol is not supported for health checks if the protocol of the target group is `HTTP` or `HTTPS`. * Default is `HTTP`. * Cannot be specified when the `targetType` is `lambda`. */ protocol?: pulumi.Input; /** * Amount of time, in seconds, during which no response from a target means a failed health check. The range is 2–120 seconds. For target groups with a protocol of HTTP, the default is 6 seconds. For target groups with a protocol of TCP, TLS or HTTPS, the default is 10 seconds. For target groups with a protocol of GENEVE, the default is 5 seconds. If the target type is lambda, the default is 30 seconds. */ timeout?: pulumi.Input; /** * Number of consecutive health check failures required before considering a target unhealthy. The range is 2-10. Defaults to 3. */ unhealthyThreshold?: pulumi.Input; } export interface TargetGroupStickiness { /** * Only used when the type is `lbCookie`. The time period, in seconds, during which requests from a client should be routed to the same target. After this time period expires, the load balancer-generated cookie is considered stale. The range is 1 second to 1 week (604800 seconds). The default value is 1 day (86400 seconds). */ cookieDuration?: pulumi.Input; /** * Name of the application based cookie. AWSALB, AWSALBAPP, and AWSALBTG prefixes are reserved and cannot be used. Only needed when type is `appCookie`. */ cookieName?: pulumi.Input; /** * Boolean to enable / disable `stickiness`. Default is `true`. */ enabled?: pulumi.Input; /** * The type of sticky sessions. The only current possible values are `lbCookie`, `appCookie` for ALBs, `sourceIp` for NLBs, and `sourceIpDestIp`, `sourceIpDestIpProto` for GWLBs. */ type: pulumi.Input; } export interface TargetGroupTargetFailover { /** * Indicates how the GWLB handles existing flows when a target is deregistered. Possible values are `rebalance` and `noRebalance`. Must match the attribute value set for `onUnhealthy`. Default: `noRebalance`. */ onDeregistration: pulumi.Input; /** * Indicates how the GWLB handles existing flows when a target is unhealthy. Possible values are `rebalance` and `noRebalance`. Must match the attribute value set for `onDeregistration`. Default: `noRebalance`. */ onUnhealthy: pulumi.Input; } export interface TargetGroupTargetHealthState { /** * Indicates whether the load balancer terminates connections to unhealthy targets. Possible values are `true` or `false`. Default: `true`. */ enableUnhealthyConnectionTermination: pulumi.Input; } } export namespace amp { export interface ScraperDestination { /** * Configuration block for an Amazon Managed Prometheus workspace destination. See `amp`. */ amp?: pulumi.Input; } export interface ScraperDestinationAmp { /** * The Amazon Resource Name (ARN) of the prometheus workspace. */ workspaceArn: pulumi.Input; } export interface ScraperSource { /** * Configuration block for an EKS cluster source. See `eks`. */ eks?: pulumi.Input; } export interface ScraperSourceEks { clusterArn: pulumi.Input; /** * List of the security group IDs for the Amazon EKS cluster VPC configuration. */ securityGroupIds?: pulumi.Input[]>; /** * List of subnet IDs. Must be in at least two different availability zones. */ subnetIds: pulumi.Input[]>; } export interface ScraperTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; } export interface WorkspaceLoggingConfiguration { /** * The ARN of the CloudWatch log group to which the vended log data will be published. This log group must exist. */ logGroupArn: pulumi.Input; } } export namespace amplify { export interface AppAutoBranchCreationConfig { /** * Basic authorization credentials for the autocreated branch. */ basicAuthCredentials?: pulumi.Input; /** * Build specification (build spec) for the autocreated branch. */ buildSpec?: pulumi.Input; /** * Enables auto building for the autocreated branch. */ enableAutoBuild?: pulumi.Input; /** * Enables basic authorization for the autocreated branch. */ enableBasicAuth?: pulumi.Input; /** * Enables performance mode for the branch. */ enablePerformanceMode?: pulumi.Input; /** * Enables pull request previews for the autocreated branch. */ enablePullRequestPreview?: pulumi.Input; /** * Environment variables for the autocreated branch. */ environmentVariables?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Framework for the autocreated branch. */ framework?: pulumi.Input; /** * Amplify environment name for the pull request. */ pullRequestEnvironmentName?: pulumi.Input; /** * Describes the current stage for the autocreated branch. Valid values: `PRODUCTION`, `BETA`, `DEVELOPMENT`, `EXPERIMENTAL`, `PULL_REQUEST`. */ stage?: pulumi.Input; } export interface AppCustomRule { /** * Condition for a URL rewrite or redirect rule, such as a country code. */ condition?: pulumi.Input; /** * Source pattern for a URL rewrite or redirect rule. */ source: pulumi.Input; /** * Status code for a URL rewrite or redirect rule. Valid values: `200`, `301`, `302`, `404`, `404-200`. */ status?: pulumi.Input; /** * Target pattern for a URL rewrite or redirect rule. */ target: pulumi.Input; } export interface AppProductionBranch { /** * Branch name for the production branch. */ branchName?: pulumi.Input; /** * Last deploy time of the production branch. */ lastDeployTime?: pulumi.Input; /** * Status of the production branch. */ status?: pulumi.Input; /** * Thumbnail URL for the production branch. */ thumbnailUrl?: pulumi.Input; } export interface DomainAssociationSubDomain { /** * Branch name setting for the subdomain. */ branchName: pulumi.Input; /** * DNS record for the subdomain. */ dnsRecord?: pulumi.Input; /** * Prefix setting for the subdomain. */ prefix: pulumi.Input; /** * Verified status of the subdomain. */ verified?: pulumi.Input; } } export namespace apigateway { export interface AccountThrottleSetting { /** * Absolute maximum number of times API Gateway allows the API to be called per second (RPS). */ burstLimit?: pulumi.Input; /** * Number of times API Gateway allows the API to be called per second on average (RPS). */ rateLimit?: pulumi.Input; } export interface DocumentationPartLocation { /** * HTTP verb of a method. The default value is `*` for any method. */ method?: pulumi.Input; /** * Name of the targeted API entity. */ name?: pulumi.Input; /** * URL path of the target. The default value is `/` for the root resource. */ path?: pulumi.Input; /** * HTTP status code of a response. The default value is `*` for any status code. */ statusCode?: pulumi.Input; /** * Type of API entity to which the documentation content appliesE.g., `API`, `METHOD` or `REQUEST_BODY` */ type: pulumi.Input; } export interface DomainNameEndpointConfiguration { /** * List of endpoint types. This resource currently only supports managing a single value. Valid values: `EDGE` or `REGIONAL`. If unspecified, defaults to `EDGE`. Must be declared as `REGIONAL` in non-Commercial partitions. Refer to the [documentation](https://docs.aws.amazon.com/apigateway/latest/developerguide/create-regional-api.html) for more information on the difference between edge-optimized and regional APIs. */ types: pulumi.Input; } export interface DomainNameMutualTlsAuthentication { /** * Amazon S3 URL that specifies the truststore for mutual TLS authentication, for example, `s3://bucket-name/key-name`. The truststore can contain certificates from public or private certificate authorities. To update the truststore, upload a new version to S3, and then update your custom domain name to use the new version. */ truststoreUri: pulumi.Input; /** * Version of the S3 object that contains the truststore. To specify a version, you must have versioning enabled for the S3 bucket. */ truststoreVersion?: pulumi.Input; } export interface IntegrationTlsConfig { /** * Whether or not API Gateway skips verification that the certificate for an integration endpoint is issued by a [supported certificate authority](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-supported-certificate-authorities-for-http-endpoints.html). This isn’t recommended, but it enables you to use certificates that are signed by private certificate authorities, or certificates that are self-signed. If enabled, API Gateway still performs basic certificate validation, which includes checking the certificate's expiration date, hostname, and presence of a root certificate authority. Supported only for `HTTP` and `HTTP_PROXY` integrations. */ insecureSkipVerification?: pulumi.Input; } export interface MethodSettingsSettings { /** * Whether the cached responses are encrypted. */ cacheDataEncrypted?: pulumi.Input; /** * Time to live (TTL), in seconds, for cached responses. The higher the TTL, the longer the response will be cached. */ cacheTtlInSeconds?: pulumi.Input; /** * Whether responses should be cached and returned for requests. A cache cluster must be enabled on the stage for responses to be cached. */ cachingEnabled?: pulumi.Input; /** * Whether data trace logging is enabled for this method, which effects the log entries pushed to Amazon CloudWatch Logs. */ dataTraceEnabled?: pulumi.Input; /** * Logging level for this method, which effects the log entries pushed to Amazon CloudWatch Logs. The available levels are `OFF`, `ERROR`, and `INFO`. */ loggingLevel?: pulumi.Input; /** * Whether Amazon CloudWatch metrics are enabled for this method. */ metricsEnabled?: pulumi.Input; /** * Whether authorization is required for a cache invalidation request. */ requireAuthorizationForCacheControl?: pulumi.Input; /** * Throttling burst limit. Default: `-1` (throttling disabled). */ throttlingBurstLimit?: pulumi.Input; /** * Throttling rate limit. Default: `-1` (throttling disabled). */ throttlingRateLimit?: pulumi.Input; /** * How to handle unauthorized requests for cache invalidation. The available values are `FAIL_WITH_403`, `SUCCEED_WITH_RESPONSE_HEADER`, `SUCCEED_WITHOUT_RESPONSE_HEADER`. */ unauthorizedCacheControlHeaderStrategy?: pulumi.Input; } export interface RestApiEndpointConfiguration { /** * List of endpoint types. This resource currently only supports managing a single value. Valid values: `EDGE`, `REGIONAL` or `PRIVATE`. If unspecified, defaults to `EDGE`. If set to `PRIVATE` recommend to set `putRestApiMode` = `merge` to not cause the endpoints and associated Route53 records to be deleted. Refer to the [documentation](https://docs.aws.amazon.com/apigateway/latest/developerguide/create-regional-api.html) for more information on the difference between edge-optimized and regional APIs. */ types: pulumi.Input; /** * Set of VPC Endpoint identifiers. It is only supported for `PRIVATE` endpoint type. If importing an OpenAPI specification via the `body` argument, this corresponds to the [`x-amazon-apigateway-endpoint-configuration` extension `vpcEndpointIds` property](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-swagger-extensions-endpoint-configuration.html). If the argument value is provided and is different than the OpenAPI value, **the argument value will override the OpenAPI value**. */ vpcEndpointIds?: pulumi.Input[]>; } export interface StageAccessLogSettings { /** * ARN of the CloudWatch Logs log group or Kinesis Data Firehose delivery stream to receive access logs. If you specify a Kinesis Data Firehose delivery stream, the stream name must begin with `amazon-apigateway-`. Automatically removes trailing `:*` if present. */ destinationArn: pulumi.Input; /** * Formatting and values recorded in the logs. * For more information on configuring the log format rules visit the AWS [documentation](https://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-logging.html) */ format: pulumi.Input; } export interface StageCanarySettings { /** * Percent `0.0` - `100.0` of traffic to divert to the canary deployment. */ percentTraffic?: pulumi.Input; /** * Map of overridden stage `variables` (including new variables) for the canary deployment. */ stageVariableOverrides?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Whether the canary deployment uses the stage cache. Defaults to false. */ useStageCache?: pulumi.Input; } export interface UsagePlanApiStage { apiId: pulumi.Input; stage: pulumi.Input; throttles?: pulumi.Input[]>; } export interface UsagePlanApiStageThrottle { /** * The API request burst limit, the maximum rate limit over a time ranging from one to a few seconds, depending upon whether the underlying token bucket is at its full capacity. */ burstLimit?: pulumi.Input; /** * Method to apply the throttle settings for. Specfiy the path and method, for example `/test/GET`. */ path: pulumi.Input; /** * The API request steady-state rate limit. */ rateLimit?: pulumi.Input; } export interface UsagePlanQuotaSettings { limit: pulumi.Input; offset?: pulumi.Input; period: pulumi.Input; } export interface UsagePlanThrottleSettings { burstLimit?: pulumi.Input; rateLimit?: pulumi.Input; } } export namespace apigatewayv2 { export interface ApiCorsConfiguration { /** * Whether credentials are included in the CORS request. */ allowCredentials?: pulumi.Input; /** * Set of allowed HTTP headers. */ allowHeaders?: pulumi.Input[]>; /** * Set of allowed HTTP methods. */ allowMethods?: pulumi.Input[]>; /** * Set of allowed origins. */ allowOrigins?: pulumi.Input[]>; /** * Set of exposed HTTP headers. */ exposeHeaders?: pulumi.Input[]>; /** * Number of seconds that the browser should cache preflight request results. */ maxAge?: pulumi.Input; } export interface AuthorizerJwtConfiguration { /** * List of the intended recipients of the JWT. A valid JWT must provide an aud that matches at least one entry in this list. */ audiences?: pulumi.Input[]>; /** * Base domain of the identity provider that issues JSON Web Tokens, such as the `endpoint` attribute of the `aws.cognito.UserPool` resource. */ issuer?: pulumi.Input; } export interface DomainNameDomainNameConfiguration { /** * ARN of an AWS-managed certificate that will be used by the endpoint for the domain name. AWS Certificate Manager is the only supported source. Use the `aws.acm.Certificate` resource to configure an ACM certificate. */ certificateArn: pulumi.Input; /** * Endpoint type. Valid values: `REGIONAL`. */ endpointType: pulumi.Input; /** * Amazon Route 53 Hosted Zone ID of the endpoint. */ hostedZoneId?: pulumi.Input; /** * ARN of the AWS-issued certificate used to validate custom domain ownership (when `certificateArn` is issued via an ACM Private CA or `mutualTlsAuthentication` is configured with an ACM-imported certificate.) */ ownershipVerificationCertificateArn?: pulumi.Input; /** * Transport Layer Security (TLS) version of the [security policy](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-custom-domain-tls-version.html) for the domain name. Valid values: `TLS_1_2`. */ securityPolicy: pulumi.Input; /** * Target domain name. */ targetDomainName?: pulumi.Input; } export interface DomainNameMutualTlsAuthentication { /** * Amazon S3 URL that specifies the truststore for mutual TLS authentication, for example, `s3://bucket-name/key-name`. The truststore can contain certificates from public or private certificate authorities. To update the truststore, upload a new version to S3, and then update your custom domain name to use the new version. */ truststoreUri: pulumi.Input; /** * Version of the S3 object that contains the truststore. To specify a version, you must have versioning enabled for the S3 bucket. */ truststoreVersion?: pulumi.Input; } export interface IntegrationResponseParameter { /** * Key-value map. The key of this map identifies the location of the request parameter to change, and how to change it. The corresponding value specifies the new data for the parameter. * See the [Amazon API Gateway Developer Guide](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-parameter-mapping.html) for details. */ mappings: pulumi.Input<{[key: string]: pulumi.Input}>; /** * HTTP status code in the range 200-599. */ statusCode: pulumi.Input; } export interface IntegrationTlsConfig { /** * If you specify a server name, API Gateway uses it to verify the hostname on the integration's certificate. The server name is also included in the TLS handshake to support Server Name Indication (SNI) or virtual hosting. */ serverNameToVerify?: pulumi.Input; } export interface RouteRequestParameter { /** * Request parameter key. This is a [request data mapping parameter](https://docs.aws.amazon.com/apigateway/latest/developerguide/websocket-api-data-mapping.html#websocket-mapping-request-parameters). */ requestParameterKey: pulumi.Input; /** * Boolean whether or not the parameter is required. */ required: pulumi.Input; } export interface StageAccessLogSettings { /** * ARN of the CloudWatch Logs log group to receive access logs. Any trailing `:*` is trimmed from the ARN. */ destinationArn: pulumi.Input; /** * Single line [format](https://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-logging.html#apigateway-cloudwatch-log-formats) of the access logs of data. Refer to log settings for [HTTP](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-logging-variables.html) or [Websocket](https://docs.aws.amazon.com/apigateway/latest/developerguide/websocket-api-logging.html). */ format: pulumi.Input; } export interface StageDefaultRouteSettings { /** * Whether data trace logging is enabled for the default route. Affects the log entries pushed to Amazon CloudWatch Logs. * Defaults to `false`. Supported only for WebSocket APIs. */ dataTraceEnabled?: pulumi.Input; /** * Whether detailed metrics are enabled for the default route. Defaults to `false`. */ detailedMetricsEnabled?: pulumi.Input; /** * Logging level for the default route. Affects the log entries pushed to Amazon CloudWatch Logs. * Valid values: `ERROR`, `INFO`, `OFF`. Defaults to `OFF`. Supported only for WebSocket APIs. This provider will only perform drift detection of its value when present in a configuration. */ loggingLevel?: pulumi.Input; /** * Throttling burst limit for the default route. */ throttlingBurstLimit?: pulumi.Input; /** * Throttling rate limit for the default route. */ throttlingRateLimit?: pulumi.Input; } export interface StageRouteSetting { /** * Whether data trace logging is enabled for the route. Affects the log entries pushed to Amazon CloudWatch Logs. * Defaults to `false`. Supported only for WebSocket APIs. */ dataTraceEnabled?: pulumi.Input; /** * Whether detailed metrics are enabled for the route. Defaults to `false`. */ detailedMetricsEnabled?: pulumi.Input; /** * Logging level for the route. Affects the log entries pushed to Amazon CloudWatch Logs. * Valid values: `ERROR`, `INFO`, `OFF`. Defaults to `OFF`. Supported only for WebSocket APIs. This provider will only perform drift detection of its value when present in a configuration. */ loggingLevel?: pulumi.Input; /** * Route key. */ routeKey: pulumi.Input; /** * Throttling burst limit for the route. */ throttlingBurstLimit?: pulumi.Input; /** * Throttling rate limit for the route. */ throttlingRateLimit?: pulumi.Input; } } export namespace appautoscaling { export interface PolicyStepScalingPolicyConfiguration { /** * Whether the adjustment is an absolute number or a percentage of the current capacity. Valid values are `ChangeInCapacity`, `ExactCapacity`, and `PercentChangeInCapacity`. */ adjustmentType?: pulumi.Input; /** * Amount of time, in seconds, after a scaling activity completes and before the next scaling activity can start. */ cooldown?: pulumi.Input; /** * Aggregation type for the policy's metrics. Valid values are "Minimum", "Maximum", and "Average". Without a value, AWS will treat the aggregation type as "Average". */ metricAggregationType?: pulumi.Input; /** * Minimum number to adjust your scalable dimension as a result of a scaling activity. If the adjustment type is PercentChangeInCapacity, the scaling policy changes the scalable dimension of the scalable target by this amount. */ minAdjustmentMagnitude?: pulumi.Input; /** * Set of adjustments that manage scaling. These have the following structure: * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * const ecsPolicy = new aws.appautoscaling.Policy("ecs_policy", {stepScalingPolicyConfiguration: { * stepAdjustments: [ * { * metricIntervalLowerBound: "1", * metricIntervalUpperBound: "2", * scalingAdjustment: -1, * }, * { * metricIntervalLowerBound: "2", * metricIntervalUpperBound: "3", * scalingAdjustment: 1, * }, * ], * }}); * ``` */ stepAdjustments?: pulumi.Input[]>; } export interface PolicyStepScalingPolicyConfigurationStepAdjustment { metricIntervalLowerBound?: pulumi.Input; metricIntervalUpperBound?: pulumi.Input; scalingAdjustment: pulumi.Input; } export interface PolicyTargetTrackingScalingPolicyConfiguration { /** * Custom CloudWatch metric. Documentation can be found at: [AWS Customized Metric Specification](https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_CustomizedMetricSpecification.html). See supported fields below. */ customizedMetricSpecification?: pulumi.Input; /** * Whether scale in by the target tracking policy is disabled. If the value is true, scale in is disabled and the target tracking policy won't remove capacity from the scalable resource. Otherwise, scale in is enabled and the target tracking policy can remove capacity from the scalable resource. The default value is `false`. */ disableScaleIn?: pulumi.Input; /** * Predefined metric. See supported fields below. */ predefinedMetricSpecification?: pulumi.Input; /** * Amount of time, in seconds, after a scale in activity completes before another scale in activity can start. */ scaleInCooldown?: pulumi.Input; /** * Amount of time, in seconds, after a scale out activity completes before another scale out activity can start. */ scaleOutCooldown?: pulumi.Input; /** * Target value for the metric. */ targetValue: pulumi.Input; } export interface PolicyTargetTrackingScalingPolicyConfigurationCustomizedMetricSpecification { /** * Dimensions of the metric. */ dimensions?: pulumi.Input[]>; /** * Name of the metric. */ metricName?: pulumi.Input; /** * Metrics to include, as a metric data query. */ metrics?: pulumi.Input[]>; /** * Namespace of the metric. */ namespace?: pulumi.Input; /** * Statistic of the metric. Valid values: `Average`, `Minimum`, `Maximum`, `SampleCount`, and `Sum`. */ statistic?: pulumi.Input; /** * Unit of the metrics to return. */ unit?: pulumi.Input; } export interface PolicyTargetTrackingScalingPolicyConfigurationCustomizedMetricSpecificationDimension { /** * Name of the dimension. */ name: pulumi.Input; /** * Value of the dimension. */ value: pulumi.Input; } export interface PolicyTargetTrackingScalingPolicyConfigurationCustomizedMetricSpecificationMetric { /** * Math expression used on the returned metric. You must specify either `expression` or `metricStat`, but not both. */ expression?: pulumi.Input; /** * Short name for the metric used in target tracking scaling policy. */ id: pulumi.Input; /** * Human-readable label for this metric or expression. */ label?: pulumi.Input; /** * Structure that defines CloudWatch metric to be used in target tracking scaling policy. You must specify either `expression` or `metricStat`, but not both. */ metricStat?: pulumi.Input; /** * Boolean that indicates whether to return the timestamps and raw data values of this metric, the default is true */ returnData?: pulumi.Input; } export interface PolicyTargetTrackingScalingPolicyConfigurationCustomizedMetricSpecificationMetricMetricStat { /** * Structure that defines the CloudWatch metric to return, including the metric name, namespace, and dimensions. */ metric: pulumi.Input; /** * Statistic of the metrics to return. */ stat: pulumi.Input; /** * Unit of the metrics to return. */ unit?: pulumi.Input; } export interface PolicyTargetTrackingScalingPolicyConfigurationCustomizedMetricSpecificationMetricMetricStatMetric { /** * Dimensions of the metric. */ dimensions?: pulumi.Input[]>; /** * Name of the metric. */ metricName: pulumi.Input; /** * Namespace of the metric. */ namespace: pulumi.Input; } export interface PolicyTargetTrackingScalingPolicyConfigurationCustomizedMetricSpecificationMetricMetricStatMetricDimension { /** * Name of the dimension. */ name: pulumi.Input; /** * Value of the dimension. */ value: pulumi.Input; } export interface PolicyTargetTrackingScalingPolicyConfigurationPredefinedMetricSpecification { /** * Metric type. */ predefinedMetricType: pulumi.Input; /** * Reserved for future use if the `predefinedMetricType` is not `ALBRequestCountPerTarget`. If the `predefinedMetricType` is `ALBRequestCountPerTarget`, you must specify this argument. Documentation can be found at: [AWS Predefined Scaling Metric Specification](https://docs.aws.amazon.com/autoscaling/plans/APIReference/API_PredefinedScalingMetricSpecification.html). Must be less than or equal to 1023 characters in length. */ resourceLabel?: pulumi.Input; } export interface ScheduledActionScalableTargetAction { maxCapacity?: pulumi.Input; minCapacity?: pulumi.Input; } } export namespace appconfig { export interface ConfigurationProfileValidator { /** * Either the JSON Schema content or the ARN of an AWS Lambda function. */ content?: pulumi.Input; /** * Type of validator. Valid values: `JSON_SCHEMA` and `LAMBDA`. */ type: pulumi.Input; } export interface EnvironmentMonitor { /** * ARN of the Amazon CloudWatch alarm. */ alarmArn: pulumi.Input; /** * ARN of an IAM role for AWS AppConfig to monitor `alarmArn`. */ alarmRoleArn?: pulumi.Input; } export interface EventIntegrationEventFilter { /** * Source of the events. */ source: pulumi.Input; } export interface ExtensionActionPoint { /** * An action defines the tasks the extension performs during the AppConfig workflow. Detailed below. */ actions: pulumi.Input[]>; /** * The point at which to perform the defined actions. Valid points are `PRE_CREATE_HOSTED_CONFIGURATION_VERSION`, `PRE_START_DEPLOYMENT`, `ON_DEPLOYMENT_START`, `ON_DEPLOYMENT_STEP`, `ON_DEPLOYMENT_BAKING`, `ON_DEPLOYMENT_COMPLETE`, `ON_DEPLOYMENT_ROLLED_BACK`. */ point: pulumi.Input; } export interface ExtensionActionPointAction { /** * Information about the action. */ description?: pulumi.Input; /** * The action name. */ name: pulumi.Input; /** * An Amazon Resource Name (ARN) for an Identity and Access Management assume role. */ roleArn: pulumi.Input; /** * The extension URI associated to the action point in the extension definition. The URI can be an Amazon Resource Name (ARN) for one of the following: an Lambda function, an Amazon Simple Queue Service queue, an Amazon Simple Notification Service topic, or the Amazon EventBridge default event bus. */ uri: pulumi.Input; } export interface ExtensionParameter { /** * Information about the parameter. */ description?: pulumi.Input; /** * The parameter name. */ name: pulumi.Input; /** * Determines if a parameter value must be specified in the extension association. */ required?: pulumi.Input; } } export namespace appflow { export interface ConnectorProfileConnectorProfileConfig { /** * The connector-specific credentials required by each connector. See Connector Profile Credentials for more details. */ connectorProfileCredentials: pulumi.Input; /** * The connector-specific properties of the profile configuration. See Connector Profile Properties for more details. */ connectorProfileProperties: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfileCredentials { /** * The connector-specific credentials required when using Amplitude. See Amplitude Connector Profile Credentials for more details. */ amplitude?: pulumi.Input; /** * The connector-specific profile credentials required when using the custom connector. See Custom Connector Profile Credentials for more details. */ customConnector?: pulumi.Input; /** * Connector-specific credentials required when using Datadog. See Datadog Connector Profile Credentials for more details. */ datadog?: pulumi.Input; /** * The connector-specific credentials required when using Dynatrace. See Dynatrace Connector Profile Credentials for more details. */ dynatrace?: pulumi.Input; /** * The connector-specific credentials required when using Google Analytics. See Google Analytics Connector Profile Credentials for more details. */ googleAnalytics?: pulumi.Input; /** * The connector-specific credentials required when using Amazon Honeycode. See Honeycode Connector Profile Credentials for more details. */ honeycode?: pulumi.Input; /** * The connector-specific credentials required when using Infor Nexus. See Infor Nexus Connector Profile Credentials for more details. */ inforNexus?: pulumi.Input; /** * Connector-specific credentials required when using Marketo. See Marketo Connector Profile Credentials for more details. */ marketo?: pulumi.Input; /** * Connector-specific credentials required when using Amazon Redshift. See Redshift Connector Profile Credentials for more details. */ redshift?: pulumi.Input; /** * The connector-specific credentials required when using Salesforce. See Salesforce Connector Profile Credentials for more details. */ salesforce?: pulumi.Input; /** * The connector-specific credentials required when using SAPOData. See SAPOData Connector Profile Credentials for more details. */ sapoData?: pulumi.Input; /** * The connector-specific credentials required when using ServiceNow. See ServiceNow Connector Profile Credentials for more details. */ serviceNow?: pulumi.Input; /** * Connector-specific credentials required when using Singular. See Singular Connector Profile Credentials for more details. */ singular?: pulumi.Input; /** * Connector-specific credentials required when using Slack. See Slack Connector Profile Credentials for more details. */ slack?: pulumi.Input; /** * The connector-specific credentials required when using Snowflake. See Snowflake Connector Profile Credentials for more details. */ snowflake?: pulumi.Input; /** * The connector-specific credentials required when using Trend Micro. See Trend Micro Connector Profile Credentials for more details. */ trendmicro?: pulumi.Input; /** * Connector-specific credentials required when using Veeva. See Veeva Connector Profile Credentials for more details. */ veeva?: pulumi.Input; /** * Connector-specific credentials required when using Zendesk. See Zendesk Connector Profile Credentials for more details. */ zendesk?: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfileCredentialsAmplitude { apiKey: pulumi.Input; secretKey: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfileCredentialsCustomConnector { apiKey?: pulumi.Input; authenticationType: pulumi.Input; basic?: pulumi.Input; custom?: pulumi.Input; oauth2?: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfileCredentialsCustomConnectorApiKey { apiKey: pulumi.Input; apiSecretKey?: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfileCredentialsCustomConnectorBasic { password: pulumi.Input; username: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfileCredentialsCustomConnectorCustom { credentialsMap?: pulumi.Input<{[key: string]: pulumi.Input}>; customAuthenticationType: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfileCredentialsCustomConnectorOauth2 { accessToken?: pulumi.Input; clientId?: pulumi.Input; clientSecret?: pulumi.Input; oauthRequest?: pulumi.Input; refreshToken?: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfileCredentialsCustomConnectorOauth2OauthRequest { /** * The code provided by the connector when it has been authenticated via the connected app. */ authCode?: pulumi.Input; /** * The URL to which the authentication server redirects the browser after authorization has been granted. */ redirectUri?: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfileCredentialsDatadog { apiKey: pulumi.Input; applicationKey: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfileCredentialsDynatrace { apiToken: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfileCredentialsGoogleAnalytics { accessToken?: pulumi.Input; clientId: pulumi.Input; clientSecret: pulumi.Input; oauthRequest?: pulumi.Input; refreshToken?: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfileCredentialsGoogleAnalyticsOauthRequest { /** * The code provided by the connector when it has been authenticated via the connected app. */ authCode?: pulumi.Input; /** * The URL to which the authentication server redirects the browser after authorization has been granted. */ redirectUri?: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfileCredentialsHoneycode { accessToken?: pulumi.Input; oauthRequest?: pulumi.Input; refreshToken?: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfileCredentialsHoneycodeOauthRequest { /** * The code provided by the connector when it has been authenticated via the connected app. */ authCode?: pulumi.Input; /** * The URL to which the authentication server redirects the browser after authorization has been granted. */ redirectUri?: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfileCredentialsInforNexus { accessKeyId: pulumi.Input; datakey: pulumi.Input; secretAccessKey: pulumi.Input; userId: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfileCredentialsMarketo { accessToken?: pulumi.Input; clientId: pulumi.Input; clientSecret: pulumi.Input; oauthRequest?: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfileCredentialsMarketoOauthRequest { /** * The code provided by the connector when it has been authenticated via the connected app. */ authCode?: pulumi.Input; /** * The URL to which the authentication server redirects the browser after authorization has been granted. */ redirectUri?: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfileCredentialsRedshift { password: pulumi.Input; username: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfileCredentialsSalesforce { accessToken?: pulumi.Input; clientCredentialsArn?: pulumi.Input; jwtToken?: pulumi.Input; oauth2GrantType?: pulumi.Input; oauthRequest?: pulumi.Input; refreshToken?: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfileCredentialsSalesforceOauthRequest { /** * The code provided by the connector when it has been authenticated via the connected app. */ authCode?: pulumi.Input; /** * The URL to which the authentication server redirects the browser after authorization has been granted. */ redirectUri?: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfileCredentialsSapoData { basicAuthCredentials?: pulumi.Input; oauthCredentials?: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfileCredentialsSapoDataBasicAuthCredentials { password: pulumi.Input; username: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfileCredentialsSapoDataOauthCredentials { accessToken?: pulumi.Input; clientId: pulumi.Input; clientSecret: pulumi.Input; oauthRequest?: pulumi.Input; refreshToken?: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfileCredentialsSapoDataOauthCredentialsOauthRequest { /** * The code provided by the connector when it has been authenticated via the connected app. */ authCode?: pulumi.Input; /** * The URL to which the authentication server redirects the browser after authorization has been granted. */ redirectUri?: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfileCredentialsServiceNow { password: pulumi.Input; username: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfileCredentialsSingular { apiKey: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfileCredentialsSlack { accessToken?: pulumi.Input; clientId: pulumi.Input; clientSecret: pulumi.Input; oauthRequest?: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfileCredentialsSlackOauthRequest { /** * The code provided by the connector when it has been authenticated via the connected app. */ authCode?: pulumi.Input; /** * The URL to which the authentication server redirects the browser after authorization has been granted. */ redirectUri?: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfileCredentialsSnowflake { password: pulumi.Input; username: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfileCredentialsTrendmicro { apiSecretKey: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfileCredentialsVeeva { password: pulumi.Input; username: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfileCredentialsZendesk { accessToken?: pulumi.Input; clientId: pulumi.Input; clientSecret: pulumi.Input; oauthRequest?: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfileCredentialsZendeskOauthRequest { /** * The code provided by the connector when it has been authenticated via the connected app. */ authCode?: pulumi.Input; /** * The URL to which the authentication server redirects the browser after authorization has been granted. */ redirectUri?: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfileProperties { amplitude?: pulumi.Input; /** * The connector-specific profile properties required when using the custom connector. See Custom Connector Profile Properties for more details. */ customConnector?: pulumi.Input; /** * Connector-specific properties required when using Datadog. See Generic Connector Profile Properties for more details. */ datadog?: pulumi.Input; /** * The connector-specific properties required when using Dynatrace. See Generic Connector Profile Properties for more details. */ dynatrace?: pulumi.Input; googleAnalytics?: pulumi.Input; honeycode?: pulumi.Input; /** * The connector-specific properties required when using Infor Nexus. See Generic Connector Profile Properties for more details. */ inforNexus?: pulumi.Input; /** * Connector-specific properties required when using Marketo. See Generic Connector Profile Properties for more details. */ marketo?: pulumi.Input; /** * Connector-specific properties required when using Amazon Redshift. See Redshift Connector Profile Properties for more details. */ redshift?: pulumi.Input; /** * The connector-specific properties required when using Salesforce. See Salesforce Connector Profile Properties for more details. */ salesforce?: pulumi.Input; /** * The connector-specific properties required when using SAPOData. See SAPOData Connector Profile Properties for more details. */ sapoData?: pulumi.Input; /** * The connector-specific properties required when using ServiceNow. See Generic Connector Profile Properties for more details. */ serviceNow?: pulumi.Input; singular?: pulumi.Input; /** * Connector-specific properties required when using Slack. See Generic Connector Profile Properties for more details. */ slack?: pulumi.Input; /** * The connector-specific properties required when using Snowflake. See Snowflake Connector Profile Properties for more details. */ snowflake?: pulumi.Input; trendmicro?: pulumi.Input; /** * Connector-specific properties required when using Veeva. See Generic Connector Profile Properties for more details. */ veeva?: pulumi.Input; /** * Connector-specific properties required when using Zendesk. See Generic Connector Profile Properties for more details. */ zendesk?: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfilePropertiesAmplitude { } export interface ConnectorProfileConnectorProfileConfigConnectorProfilePropertiesCustomConnector { oauth2Properties?: pulumi.Input; profileProperties?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface ConnectorProfileConnectorProfileConfigConnectorProfilePropertiesCustomConnectorOauth2Properties { oauth2GrantType: pulumi.Input; tokenUrl: pulumi.Input; tokenUrlCustomProperties?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface ConnectorProfileConnectorProfileConfigConnectorProfilePropertiesDatadog { instanceUrl: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfilePropertiesDynatrace { instanceUrl: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfilePropertiesGoogleAnalytics { } export interface ConnectorProfileConnectorProfileConfigConnectorProfilePropertiesHoneycode { } export interface ConnectorProfileConnectorProfileConfigConnectorProfilePropertiesInforNexus { instanceUrl: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfilePropertiesMarketo { instanceUrl: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfilePropertiesRedshift { bucketName: pulumi.Input; bucketPrefix?: pulumi.Input; clusterIdentifier?: pulumi.Input; dataApiRoleArn?: pulumi.Input; databaseName?: pulumi.Input; databaseUrl?: pulumi.Input; roleArn: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfilePropertiesSalesforce { instanceUrl?: pulumi.Input; isSandboxEnvironment?: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfilePropertiesSapoData { applicationHostUrl: pulumi.Input; applicationServicePath: pulumi.Input; clientNumber: pulumi.Input; logonLanguage?: pulumi.Input; oauthProperties?: pulumi.Input; portNumber: pulumi.Input; privateLinkServiceName?: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfilePropertiesSapoDataOauthProperties { authCodeUrl: pulumi.Input; oauthScopes: pulumi.Input[]>; tokenUrl: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfilePropertiesServiceNow { instanceUrl: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfilePropertiesSingular { } export interface ConnectorProfileConnectorProfileConfigConnectorProfilePropertiesSlack { instanceUrl: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfilePropertiesSnowflake { accountName?: pulumi.Input; bucketName: pulumi.Input; bucketPrefix?: pulumi.Input; privateLinkServiceName?: pulumi.Input; region?: pulumi.Input; stage: pulumi.Input; warehouse: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfilePropertiesTrendmicro { } export interface ConnectorProfileConnectorProfileConfigConnectorProfilePropertiesVeeva { instanceUrl: pulumi.Input; } export interface ConnectorProfileConnectorProfileConfigConnectorProfilePropertiesZendesk { instanceUrl: pulumi.Input; } export interface FlowDestinationFlowConfig { /** * API version that the destination connector uses. */ apiVersion?: pulumi.Input; /** * Name of the connector profile. This name must be unique for each connector profile in the AWS account. */ connectorProfileName?: pulumi.Input; /** * Type of connector, such as Salesforce, Amplitude, and so on. Valid values are `Salesforce`, `Singular`, `Slack`, `Redshift`, `S3`, `Marketo`, `Googleanalytics`, `Zendesk`, `Servicenow`, `Datadog`, `Trendmicro`, `Snowflake`, `Dynatrace`, `Infornexus`, `Amplitude`, `Veeva`, `EventBridge`, `LookoutMetrics`, `Upsolver`, `Honeycode`, `CustomerProfiles`, `SAPOData`, and `CustomConnector`. */ connectorType: pulumi.Input; /** * This stores the information that is required to query a particular connector. See Destination Connector Properties for more information. */ destinationConnectorProperties: pulumi.Input; } export interface FlowDestinationFlowConfigDestinationConnectorProperties { /** * Properties that are required to query the custom Connector. See Custom Connector Destination Properties for more details. */ customConnector?: pulumi.Input; /** * Properties that are required to query Amazon Connect Customer Profiles. See Customer Profiles Destination Properties for more details. */ customerProfiles?: pulumi.Input; /** * Properties that are required to query Amazon EventBridge. See Generic Destination Properties for more details. */ eventBridge?: pulumi.Input; /** * Properties that are required to query Amazon Honeycode. See Generic Destination Properties for more details. */ honeycode?: pulumi.Input; lookoutMetrics?: pulumi.Input; /** * Properties that are required to query Marketo. See Generic Destination Properties for more details. */ marketo?: pulumi.Input; /** * Properties that are required to query Amazon Redshift. See Redshift Destination Properties for more details. */ redshift?: pulumi.Input; /** * Properties that are required to query Amazon S3. See S3 Destination Properties for more details. */ s3?: pulumi.Input; /** * Properties that are required to query Salesforce. See Salesforce Destination Properties for more details. */ salesforce?: pulumi.Input; /** * Properties that are required to query SAPOData. See SAPOData Destination Properties for more details. */ sapoData?: pulumi.Input; /** * Properties that are required to query Snowflake. See Snowflake Destination Properties for more details. */ snowflake?: pulumi.Input; /** * Properties that are required to query Upsolver. See Upsolver Destination Properties for more details. */ upsolver?: pulumi.Input; /** * Properties that are required to query Zendesk. See Zendesk Destination Properties for more details. */ zendesk?: pulumi.Input; } export interface FlowDestinationFlowConfigDestinationConnectorPropertiesCustomConnector { customProperties?: pulumi.Input<{[key: string]: pulumi.Input}>; entityName: pulumi.Input; errorHandlingConfig?: pulumi.Input; idFieldNames?: pulumi.Input[]>; writeOperationType?: pulumi.Input; } export interface FlowDestinationFlowConfigDestinationConnectorPropertiesCustomConnectorErrorHandlingConfig { /** * Name of the Amazon S3 bucket. */ bucketName?: pulumi.Input; /** * Amazon S3 bucket prefix. */ bucketPrefix?: pulumi.Input; /** * If the flow should fail after the first instance of a failure when attempting to place data in the destination. */ failOnFirstDestinationError?: pulumi.Input; } export interface FlowDestinationFlowConfigDestinationConnectorPropertiesCustomerProfiles { domainName: pulumi.Input; objectTypeName?: pulumi.Input; } export interface FlowDestinationFlowConfigDestinationConnectorPropertiesEventBridge { errorHandlingConfig?: pulumi.Input; object: pulumi.Input; } export interface FlowDestinationFlowConfigDestinationConnectorPropertiesEventBridgeErrorHandlingConfig { /** * Name of the Amazon S3 bucket. */ bucketName?: pulumi.Input; /** * Amazon S3 bucket prefix. */ bucketPrefix?: pulumi.Input; /** * If the flow should fail after the first instance of a failure when attempting to place data in the destination. */ failOnFirstDestinationError?: pulumi.Input; } export interface FlowDestinationFlowConfigDestinationConnectorPropertiesHoneycode { errorHandlingConfig?: pulumi.Input; object: pulumi.Input; } export interface FlowDestinationFlowConfigDestinationConnectorPropertiesHoneycodeErrorHandlingConfig { /** * Name of the Amazon S3 bucket. */ bucketName?: pulumi.Input; /** * Amazon S3 bucket prefix. */ bucketPrefix?: pulumi.Input; /** * If the flow should fail after the first instance of a failure when attempting to place data in the destination. */ failOnFirstDestinationError?: pulumi.Input; } export interface FlowDestinationFlowConfigDestinationConnectorPropertiesLookoutMetrics { } export interface FlowDestinationFlowConfigDestinationConnectorPropertiesMarketo { errorHandlingConfig?: pulumi.Input; object: pulumi.Input; } export interface FlowDestinationFlowConfigDestinationConnectorPropertiesMarketoErrorHandlingConfig { /** * Name of the Amazon S3 bucket. */ bucketName?: pulumi.Input; /** * Amazon S3 bucket prefix. */ bucketPrefix?: pulumi.Input; /** * If the flow should fail after the first instance of a failure when attempting to place data in the destination. */ failOnFirstDestinationError?: pulumi.Input; } export interface FlowDestinationFlowConfigDestinationConnectorPropertiesRedshift { bucketPrefix?: pulumi.Input; errorHandlingConfig?: pulumi.Input; intermediateBucketName: pulumi.Input; object: pulumi.Input; } export interface FlowDestinationFlowConfigDestinationConnectorPropertiesRedshiftErrorHandlingConfig { /** * Name of the Amazon S3 bucket. */ bucketName?: pulumi.Input; /** * Amazon S3 bucket prefix. */ bucketPrefix?: pulumi.Input; /** * If the flow should fail after the first instance of a failure when attempting to place data in the destination. */ failOnFirstDestinationError?: pulumi.Input; } export interface FlowDestinationFlowConfigDestinationConnectorPropertiesS3 { bucketName: pulumi.Input; bucketPrefix?: pulumi.Input; s3OutputFormatConfig?: pulumi.Input; } export interface FlowDestinationFlowConfigDestinationConnectorPropertiesS3S3OutputFormatConfig { /** * Aggregation settings that you can use to customize the output format of your flow data. See Aggregation Config for more details. */ aggregationConfig?: pulumi.Input; /** * File type that Amazon AppFlow places in the Amazon S3 bucket. Valid values are `CSV`, `JSON`, and `PARQUET`. */ fileType?: pulumi.Input; /** * Determines the prefix that Amazon AppFlow applies to the folder name in the Amazon S3 bucket. You can name folders according to the flow frequency and date. See Prefix Config for more details. */ prefixConfig?: pulumi.Input; /** * Whether the data types from the source system need to be preserved (Only valid for `Parquet` file type) */ preserveSourceDataTyping?: pulumi.Input; } export interface FlowDestinationFlowConfigDestinationConnectorPropertiesS3S3OutputFormatConfigAggregationConfig { /** * Whether Amazon AppFlow aggregates the flow records into a single file, or leave them unaggregated. Valid values are `None` and `SingleFile`. */ aggregationType?: pulumi.Input; /** * The desired file size, in MB, for each output file that Amazon AppFlow writes to the flow destination. Integer value. */ targetFileSize?: pulumi.Input; } export interface FlowDestinationFlowConfigDestinationConnectorPropertiesS3S3OutputFormatConfigPrefixConfig { /** * Determines the level of granularity that's included in the prefix. Valid values are `YEAR`, `MONTH`, `DAY`, `HOUR`, and `MINUTE`. */ prefixFormat?: pulumi.Input; /** * Determines the format of the prefix, and whether it applies to the file name, file path, or both. Valid values are `FILENAME`, `PATH`, and `PATH_AND_FILENAME`. */ prefixType?: pulumi.Input; } export interface FlowDestinationFlowConfigDestinationConnectorPropertiesSalesforce { errorHandlingConfig?: pulumi.Input; idFieldNames?: pulumi.Input[]>; object: pulumi.Input; writeOperationType?: pulumi.Input; } export interface FlowDestinationFlowConfigDestinationConnectorPropertiesSalesforceErrorHandlingConfig { /** * Name of the Amazon S3 bucket. */ bucketName?: pulumi.Input; /** * Amazon S3 bucket prefix. */ bucketPrefix?: pulumi.Input; /** * If the flow should fail after the first instance of a failure when attempting to place data in the destination. */ failOnFirstDestinationError?: pulumi.Input; } export interface FlowDestinationFlowConfigDestinationConnectorPropertiesSapoData { errorHandlingConfig?: pulumi.Input; idFieldNames?: pulumi.Input[]>; objectPath: pulumi.Input; successResponseHandlingConfig?: pulumi.Input; writeOperationType?: pulumi.Input; } export interface FlowDestinationFlowConfigDestinationConnectorPropertiesSapoDataErrorHandlingConfig { /** * Name of the Amazon S3 bucket. */ bucketName?: pulumi.Input; /** * Amazon S3 bucket prefix. */ bucketPrefix?: pulumi.Input; /** * If the flow should fail after the first instance of a failure when attempting to place data in the destination. */ failOnFirstDestinationError?: pulumi.Input; } export interface FlowDestinationFlowConfigDestinationConnectorPropertiesSapoDataSuccessResponseHandlingConfig { /** * Name of the Amazon S3 bucket. */ bucketName?: pulumi.Input; /** * Amazon S3 bucket prefix. */ bucketPrefix?: pulumi.Input; } export interface FlowDestinationFlowConfigDestinationConnectorPropertiesSnowflake { bucketPrefix?: pulumi.Input; errorHandlingConfig?: pulumi.Input; intermediateBucketName: pulumi.Input; object: pulumi.Input; } export interface FlowDestinationFlowConfigDestinationConnectorPropertiesSnowflakeErrorHandlingConfig { /** * Name of the Amazon S3 bucket. */ bucketName?: pulumi.Input; /** * Amazon S3 bucket prefix. */ bucketPrefix?: pulumi.Input; /** * If the flow should fail after the first instance of a failure when attempting to place data in the destination. */ failOnFirstDestinationError?: pulumi.Input; } export interface FlowDestinationFlowConfigDestinationConnectorPropertiesUpsolver { bucketName: pulumi.Input; bucketPrefix?: pulumi.Input; s3OutputFormatConfig: pulumi.Input; } export interface FlowDestinationFlowConfigDestinationConnectorPropertiesUpsolverS3OutputFormatConfig { /** * Aggregation settings that you can use to customize the output format of your flow data. See Aggregation Config for more details. */ aggregationConfig?: pulumi.Input; /** * File type that Amazon AppFlow places in the Amazon S3 bucket. Valid values are `CSV`, `JSON`, and `PARQUET`. */ fileType?: pulumi.Input; /** * Determines the prefix that Amazon AppFlow applies to the folder name in the Amazon S3 bucket. You can name folders according to the flow frequency and date. See Prefix Config for more details. */ prefixConfig: pulumi.Input; } export interface FlowDestinationFlowConfigDestinationConnectorPropertiesUpsolverS3OutputFormatConfigAggregationConfig { /** * Whether Amazon AppFlow aggregates the flow records into a single file, or leave them unaggregated. Valid values are `None` and `SingleFile`. */ aggregationType?: pulumi.Input; } export interface FlowDestinationFlowConfigDestinationConnectorPropertiesUpsolverS3OutputFormatConfigPrefixConfig { /** * Determines the level of granularity that's included in the prefix. Valid values are `YEAR`, `MONTH`, `DAY`, `HOUR`, and `MINUTE`. */ prefixFormat?: pulumi.Input; /** * Determines the format of the prefix, and whether it applies to the file name, file path, or both. Valid values are `FILENAME`, `PATH`, and `PATH_AND_FILENAME`. */ prefixType: pulumi.Input; } export interface FlowDestinationFlowConfigDestinationConnectorPropertiesZendesk { errorHandlingConfig?: pulumi.Input; idFieldNames?: pulumi.Input[]>; object: pulumi.Input; writeOperationType?: pulumi.Input; } export interface FlowDestinationFlowConfigDestinationConnectorPropertiesZendeskErrorHandlingConfig { /** * Name of the Amazon S3 bucket. */ bucketName?: pulumi.Input; /** * Amazon S3 bucket prefix. */ bucketPrefix?: pulumi.Input; /** * If the flow should fail after the first instance of a failure when attempting to place data in the destination. */ failOnFirstDestinationError?: pulumi.Input; } export interface FlowSourceFlowConfig { /** * API version that the destination connector uses. */ apiVersion?: pulumi.Input; /** * Name of the connector profile. This name must be unique for each connector profile in the AWS account. */ connectorProfileName?: pulumi.Input; /** * Type of connector, such as Salesforce, Amplitude, and so on. Valid values are `Salesforce`, `Singular`, `Slack`, `Redshift`, `S3`, `Marketo`, `Googleanalytics`, `Zendesk`, `Servicenow`, `Datadog`, `Trendmicro`, `Snowflake`, `Dynatrace`, `Infornexus`, `Amplitude`, `Veeva`, `EventBridge`, `LookoutMetrics`, `Upsolver`, `Honeycode`, `CustomerProfiles`, `SAPOData`, and `CustomConnector`. */ connectorType: pulumi.Input; /** * Defines the configuration for a scheduled incremental data pull. If a valid configuration is provided, the fields specified in the configuration are used when querying for the incremental data pull. See Incremental Pull Config for more details. */ incrementalPullConfig?: pulumi.Input; /** * Information that is required to query a particular source connector. See Source Connector Properties for details. */ sourceConnectorProperties: pulumi.Input; } export interface FlowSourceFlowConfigIncrementalPullConfig { /** * Field that specifies the date time or timestamp field as the criteria to use when importing incremental records from the source. */ datetimeTypeFieldName?: pulumi.Input; } export interface FlowSourceFlowConfigSourceConnectorProperties { /** * Information that is required for querying Amplitude. See Generic Source Properties for more details. */ amplitude?: pulumi.Input; /** * Properties that are applied when the custom connector is being used as a source. See Custom Connector Source Properties. */ customConnector?: pulumi.Input; /** * Information that is required for querying Datadog. See Generic Source Properties for more details. */ datadog?: pulumi.Input; dynatrace?: pulumi.Input; googleAnalytics?: pulumi.Input; /** * Information that is required for querying Infor Nexus. See Generic Source Properties for more details. */ inforNexus?: pulumi.Input; /** * Information that is required for querying Marketo. See Generic Source Properties for more details. */ marketo?: pulumi.Input; /** * Information that is required for querying Amazon S3. See S3 Source Properties for more details. */ s3?: pulumi.Input; /** * Information that is required for querying Salesforce. See Salesforce Source Properties for more details. */ salesforce?: pulumi.Input; /** * Information that is required for querying SAPOData as a flow source. See SAPO Source Properties for more details. */ sapoData?: pulumi.Input; /** * Information that is required for querying ServiceNow. See Generic Source Properties for more details. */ serviceNow?: pulumi.Input; /** * Information that is required for querying Singular. See Generic Source Properties for more details. */ singular?: pulumi.Input; /** * Information that is required for querying Slack. See Generic Source Properties for more details. */ slack?: pulumi.Input; trendmicro?: pulumi.Input; /** * Information that is required for querying Veeva. See Veeva Source Properties for more details. */ veeva?: pulumi.Input; /** * Information that is required for querying Zendesk. See Generic Source Properties for more details. */ zendesk?: pulumi.Input; } export interface FlowSourceFlowConfigSourceConnectorPropertiesAmplitude { object: pulumi.Input; } export interface FlowSourceFlowConfigSourceConnectorPropertiesCustomConnector { customProperties?: pulumi.Input<{[key: string]: pulumi.Input}>; entityName: pulumi.Input; } export interface FlowSourceFlowConfigSourceConnectorPropertiesDatadog { object: pulumi.Input; } export interface FlowSourceFlowConfigSourceConnectorPropertiesDynatrace { object: pulumi.Input; } export interface FlowSourceFlowConfigSourceConnectorPropertiesGoogleAnalytics { object: pulumi.Input; } export interface FlowSourceFlowConfigSourceConnectorPropertiesInforNexus { object: pulumi.Input; } export interface FlowSourceFlowConfigSourceConnectorPropertiesMarketo { object: pulumi.Input; } export interface FlowSourceFlowConfigSourceConnectorPropertiesS3 { bucketName: pulumi.Input; bucketPrefix: pulumi.Input; s3InputFormatConfig?: pulumi.Input; } export interface FlowSourceFlowConfigSourceConnectorPropertiesS3S3InputFormatConfig { /** * File type that Amazon AppFlow gets from your Amazon S3 bucket. Valid values are `CSV` and `JSON`. */ s3InputFileType?: pulumi.Input; } export interface FlowSourceFlowConfigSourceConnectorPropertiesSalesforce { enableDynamicFieldUpdate?: pulumi.Input; includeDeletedRecords?: pulumi.Input; object: pulumi.Input; } export interface FlowSourceFlowConfigSourceConnectorPropertiesSapoData { objectPath: pulumi.Input; } export interface FlowSourceFlowConfigSourceConnectorPropertiesServiceNow { object: pulumi.Input; } export interface FlowSourceFlowConfigSourceConnectorPropertiesSingular { object: pulumi.Input; } export interface FlowSourceFlowConfigSourceConnectorPropertiesSlack { object: pulumi.Input; } export interface FlowSourceFlowConfigSourceConnectorPropertiesTrendmicro { object: pulumi.Input; } export interface FlowSourceFlowConfigSourceConnectorPropertiesVeeva { documentType?: pulumi.Input; includeAllVersions?: pulumi.Input; includeRenditions?: pulumi.Input; includeSourceFiles?: pulumi.Input; object: pulumi.Input; } export interface FlowSourceFlowConfigSourceConnectorPropertiesZendesk { object: pulumi.Input; } export interface FlowTask { /** * Operation to be performed on the provided source fields. See Connector Operator for details. */ connectorOperators?: pulumi.Input[]>; /** * Field in a destination connector, or a field value against which Amazon AppFlow validates a source field. */ destinationField?: pulumi.Input; /** * Source fields to which a particular task is applied. */ sourceFields?: pulumi.Input[]>; /** * Map used to store task-related information. The execution service looks for particular information based on the `TaskType`. Valid keys are `VALUE`, `VALUES`, `DATA_TYPE`, `UPPER_BOUND`, `LOWER_BOUND`, `SOURCE_DATA_TYPE`, `DESTINATION_DATA_TYPE`, `VALIDATION_ACTION`, `MASK_VALUE`, `MASK_LENGTH`, `TRUNCATE_LENGTH`, `MATH_OPERATION_FIELDS_ORDER`, `CONCAT_FORMAT`, `SUBFIELD_CATEGORY_MAP`, and `EXCLUDE_SOURCE_FIELDS_LIST`. */ taskProperties?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Particular task implementation that Amazon AppFlow performs. Valid values are `Arithmetic`, `Filter`, `Map`, `Map_all`, `Mask`, `Merge`, `Passthrough`, `Truncate`, and `Validate`. */ taskType: pulumi.Input; } export interface FlowTaskConnectorOperator { /** * Operation to be performed on the provided Amplitude source fields. The only valid value is `BETWEEN`. */ amplitude?: pulumi.Input; /** * Operators supported by the custom connector. Valid values are `PROJECTION`, `LESS_THAN`, `GREATER_THAN`, `CONTAINS`, `BETWEEN`, `LESS_THAN_OR_EQUAL_TO`, `GREATER_THAN_OR_EQUAL_TO`, `EQUAL_TO`, `NOT_EQUAL_TO`, `ADDITION`, `MULTIPLICATION`, `DIVISION`, `SUBTRACTION`, `MASK_ALL`, `MASK_FIRST_N`, `MASK_LAST_N`, `VALIDATE_NON_NULL`, `VALIDATE_NON_ZERO`, `VALIDATE_NON_NEGATIVE`, `VALIDATE_NUMERIC`, and `NO_OP`. */ customConnector?: pulumi.Input; /** * Operation to be performed on the provided Datadog source fields. Valid values are `PROJECTION`, `BETWEEN`, `EQUAL_TO`, `ADDITION`, `MULTIPLICATION`, `DIVISION`, `SUBTRACTION`, `MASK_ALL`, `MASK_FIRST_N`, `MASK_LAST_N`, `VALIDATE_NON_NULL`, `VALIDATE_NON_ZERO`, `VALIDATE_NON_NEGATIVE`, `VALIDATE_NUMERIC`, and `NO_OP`. */ datadog?: pulumi.Input; /** * Operation to be performed on the provided Dynatrace source fields. Valid values are `PROJECTION`, `BETWEEN`, `EQUAL_TO`, `ADDITION`, `MULTIPLICATION`, `DIVISION`, `SUBTRACTION`, `MASK_ALL`, `MASK_FIRST_N`, `MASK_LAST_N`, `VALIDATE_NON_NULL`, `VALIDATE_NON_ZERO`, `VALIDATE_NON_NEGATIVE`, `VALIDATE_NUMERIC`, and `NO_OP`. */ dynatrace?: pulumi.Input; /** * Operation to be performed on the provided Google Analytics source fields. Valid values are `PROJECTION` and `BETWEEN`. */ googleAnalytics?: pulumi.Input; /** * Operation to be performed on the provided Infor Nexus source fields. Valid values are `PROJECTION`, `BETWEEN`, `EQUAL_TO`, `ADDITION`, `MULTIPLICATION`, `DIVISION`, `SUBTRACTION`, `MASK_ALL`, `MASK_FIRST_N`, `MASK_LAST_N`, `VALIDATE_NON_NULL`, `VALIDATE_NON_ZERO`, `VALIDATE_NON_NEGATIVE`, `VALIDATE_NUMERIC`, and `NO_OP`. */ inforNexus?: pulumi.Input; /** * Operation to be performed on the provided Marketo source fields. Valid values are `PROJECTION`, `BETWEEN`, `EQUAL_TO`, `ADDITION`, `MULTIPLICATION`, `DIVISION`, `SUBTRACTION`, `MASK_ALL`, `MASK_FIRST_N`, `MASK_LAST_N`, `VALIDATE_NON_NULL`, `VALIDATE_NON_ZERO`, `VALIDATE_NON_NEGATIVE`, `VALIDATE_NUMERIC`, and `NO_OP`. */ marketo?: pulumi.Input; /** * Operation to be performed on the provided Amazon S3 source fields. Valid values are `PROJECTION`, `LESS_THAN`, `GREATER_THAN`, `BETWEEN`, `LESS_THAN_OR_EQUAL_TO`, `GREATER_THAN_OR_EQUAL_TO`, `EQUAL_TO`, `NOT_EQUAL_TO`, `ADDITION`, `MULTIPLICATION`, `DIVISION`, `SUBTRACTION`, `MASK_ALL`, `MASK_FIRST_N`, `MASK_LAST_N`, `VALIDATE_NON_NULL`, `VALIDATE_NON_ZERO`, `VALIDATE_NON_NEGATIVE`, `VALIDATE_NUMERIC`, and `NO_OP`. */ s3?: pulumi.Input; /** * Operation to be performed on the provided Salesforce source fields. Valid values are `PROJECTION`, `LESS_THAN`, `GREATER_THAN`, `CONTAINS`, `BETWEEN`, `LESS_THAN_OR_EQUAL_TO`, `GREATER_THAN_OR_EQUAL_TO`, `EQUAL_TO`, `NOT_EQUAL_TO`, `ADDITION`, `MULTIPLICATION`, `DIVISION`, `SUBTRACTION`, `MASK_ALL`, `MASK_FIRST_N`, `MASK_LAST_N`, `VALIDATE_NON_NULL`, `VALIDATE_NON_ZERO`, `VALIDATE_NON_NEGATIVE`, `VALIDATE_NUMERIC`, and `NO_OP`. */ salesforce?: pulumi.Input; /** * Operation to be performed on the provided SAPOData source fields. Valid values are `PROJECTION`, `LESS_THAN`, `GREATER_THAN`, `CONTAINS`, `BETWEEN`, `LESS_THAN_OR_EQUAL_TO`, `GREATER_THAN_OR_EQUAL_TO`, `EQUAL_TO`, `NOT_EQUAL_TO`, `ADDITION`, `MULTIPLICATION`, `DIVISION`, `SUBTRACTION`, `MASK_ALL`, `MASK_FIRST_N`, `MASK_LAST_N`, `VALIDATE_NON_NULL`, `VALIDATE_NON_ZERO`, `VALIDATE_NON_NEGATIVE`, `VALIDATE_NUMERIC`, and `NO_OP`. */ sapoData?: pulumi.Input; /** * Operation to be performed on the provided ServiceNow source fields. Valid values are `PROJECTION`, `LESS_THAN`, `GREATER_THAN`, `CONTAINS`, `BETWEEN`, `LESS_THAN_OR_EQUAL_TO`, `GREATER_THAN_OR_EQUAL_TO`, `EQUAL_TO`, `NOT_EQUAL_TO`, `ADDITION`, `MULTIPLICATION`, `DIVISION`, `SUBTRACTION`, `MASK_ALL`, `MASK_FIRST_N`, `MASK_LAST_N`, `VALIDATE_NON_NULL`, `VALIDATE_NON_ZERO`, `VALIDATE_NON_NEGATIVE`, `VALIDATE_NUMERIC`, and `NO_OP`. */ serviceNow?: pulumi.Input; /** * Operation to be performed on the provided Singular source fields. Valid values are `PROJECTION`, `EQUAL_TO`, `ADDITION`, `MULTIPLICATION`, `DIVISION`, `SUBTRACTION`, `MASK_ALL`, `MASK_FIRST_N`, `MASK_LAST_N`, `VALIDATE_NON_NULL`, `VALIDATE_NON_ZERO`, `VALIDATE_NON_NEGATIVE`, `VALIDATE_NUMERIC`, and `NO_OP`. */ singular?: pulumi.Input; /** * Operation to be performed on the provided Slack source fields. Valid values are `PROJECTION`, `LESS_THAN`, `GREATER_THAN`, `BETWEEN`, `LESS_THAN_OR_EQUAL_TO`, `GREATER_THAN_OR_EQUAL_TO`, `EQUAL_TO`, `ADDITION`, `MULTIPLICATION`, `DIVISION`, `SUBTRACTION`, `MASK_ALL`, `MASK_FIRST_N`, `MASK_LAST_N`, `VALIDATE_NON_NULL`, `VALIDATE_NON_ZERO`, `VALIDATE_NON_NEGATIVE`, `VALIDATE_NUMERIC`, and `NO_OP`. */ slack?: pulumi.Input; /** * Operation to be performed on the provided Trend Micro source fields. Valid values are `PROJECTION`, `EQUAL_TO`, `ADDITION`, `MULTIPLICATION`, `DIVISION`, `SUBTRACTION`, `MASK_ALL`, `MASK_FIRST_N`, `MASK_LAST_N`, `VALIDATE_NON_NULL`, `VALIDATE_NON_ZERO`, `VALIDATE_NON_NEGATIVE`, `VALIDATE_NUMERIC`, and `NO_OP`. */ trendmicro?: pulumi.Input; /** * Operation to be performed on the provided Veeva source fields. Valid values are `PROJECTION`, `LESS_THAN`, `GREATER_THAN`, `CONTAINS`, `BETWEEN`, `LESS_THAN_OR_EQUAL_TO`, `GREATER_THAN_OR_EQUAL_TO`, `EQUAL_TO`, `NOT_EQUAL_TO`, `ADDITION`, `MULTIPLICATION`, `DIVISION`, `SUBTRACTION`, `MASK_ALL`, `MASK_FIRST_N`, `MASK_LAST_N`, `VALIDATE_NON_NULL`, `VALIDATE_NON_ZERO`, `VALIDATE_NON_NEGATIVE`, `VALIDATE_NUMERIC`, and `NO_OP`. */ veeva?: pulumi.Input; /** * Operation to be performed on the provided Zendesk source fields. Valid values are `PROJECTION`, `GREATER_THAN`, `ADDITION`, `MULTIPLICATION`, `DIVISION`, `SUBTRACTION`, `MASK_ALL`, `MASK_FIRST_N`, `MASK_LAST_N`, `VALIDATE_NON_NULL`, `VALIDATE_NON_ZERO`, `VALIDATE_NON_NEGATIVE`, `VALIDATE_NUMERIC`, and `NO_OP`. */ zendesk?: pulumi.Input; } export interface FlowTriggerConfig { /** * Configuration details of a schedule-triggered flow as defined by the user. Currently, these settings only apply to the `Scheduled` trigger type. See Scheduled Trigger Properties for details. */ triggerProperties?: pulumi.Input; /** * Type of flow trigger. Valid values are `Scheduled`, `Event`, and `OnDemand`. */ triggerType: pulumi.Input; } export interface FlowTriggerConfigTriggerProperties { scheduled?: pulumi.Input; } export interface FlowTriggerConfigTriggerPropertiesScheduled { /** * Whether a scheduled flow has an incremental data transfer or a complete data transfer for each flow run. Valid values are `Incremental` and `Complete`. */ dataPullMode?: pulumi.Input; /** * Date range for the records to import from the connector in the first flow run. Must be a valid RFC3339 timestamp. */ firstExecutionFrom?: pulumi.Input; /** * Scheduled end time for a schedule-triggered flow. Must be a valid RFC3339 timestamp. */ scheduleEndTime?: pulumi.Input; /** * Scheduling expression that determines the rate at which the schedule will run, for example `rate(5minutes)`. */ scheduleExpression: pulumi.Input; /** * Optional offset that is added to the time interval for a schedule-triggered flow. Maximum value of 36000. */ scheduleOffset?: pulumi.Input; /** * Scheduled start time for a schedule-triggered flow. Must be a valid RFC3339 timestamp. */ scheduleStartTime?: pulumi.Input; /** * Time zone used when referring to the date and time of a scheduled-triggered flow, such as `America/New_York`. */ timezone?: pulumi.Input; } } export namespace appintegrations { export interface DataIntegrationScheduleConfig { /** * The start date for objects to import in the first flow run as an Unix/epoch timestamp in milliseconds or in ISO-8601 format. This needs to be a time in the past, meaning that the data created or updated before this given date will not be downloaded. */ firstExecutionFrom: pulumi.Input; /** * The name of the object to pull from the data source. Examples of objects in Salesforce include `Case`, `Account`, or `Lead`. */ object: pulumi.Input; /** * How often the data should be pulled from data source. Examples include `rate(1 hour)`, `rate(3 hours)`, `rate(1 day)`. */ scheduleExpression: pulumi.Input; } } export namespace appmesh { export interface GatewayRouteSpec { /** * Specification of a gRPC gateway route. */ grpcRoute?: pulumi.Input; /** * Specification of an HTTP/2 gateway route. */ http2Route?: pulumi.Input; /** * Specification of an HTTP gateway route. */ httpRoute?: pulumi.Input; /** * Priority for the gateway route, between `0` and `1000`. */ priority?: pulumi.Input; } export interface GatewayRouteSpecGrpcRoute { /** * Action to take if a match is determined. */ action: pulumi.Input; /** * Criteria for determining a request match. */ match: pulumi.Input; } export interface GatewayRouteSpecGrpcRouteAction { /** * Target that traffic is routed to when a request matches the gateway route. */ target: pulumi.Input; } export interface GatewayRouteSpecGrpcRouteActionTarget { /** * The port number that corresponds to the target for Virtual Service provider port. This is required when the provider (router or node) of the Virtual Service has multiple listeners. */ port?: pulumi.Input; /** * Virtual service gateway route target. */ virtualService: pulumi.Input; } export interface GatewayRouteSpecGrpcRouteActionTargetVirtualService { /** * Name of the virtual service that traffic is routed to. Must be between 1 and 255 characters in length. */ virtualServiceName: pulumi.Input; } export interface GatewayRouteSpecGrpcRouteMatch { /** * The port number to match from the request. */ port?: pulumi.Input; /** * Fully qualified domain name for the service to match from the request. */ serviceName: pulumi.Input; } export interface GatewayRouteSpecHttp2Route { /** * Action to take if a match is determined. */ action: pulumi.Input; /** * Criteria for determining a request match. */ match: pulumi.Input; } export interface GatewayRouteSpecHttp2RouteAction { /** * Gateway route action to rewrite. */ rewrite?: pulumi.Input; /** * Target that traffic is routed to when a request matches the gateway route. */ target: pulumi.Input; } export interface GatewayRouteSpecHttp2RouteActionRewrite { /** * Host name to rewrite. */ hostname?: pulumi.Input; /** * Exact path to rewrite. */ path?: pulumi.Input; /** * Specified beginning characters to rewrite. */ prefix?: pulumi.Input; } export interface GatewayRouteSpecHttp2RouteActionRewriteHostname { /** * Default target host name to write to. Valid values: `ENABLED`, `DISABLED`. */ defaultTargetHostname: pulumi.Input; } export interface GatewayRouteSpecHttp2RouteActionRewritePath { /** * The exact path to match on. */ exact: pulumi.Input; } export interface GatewayRouteSpecHttp2RouteActionRewritePrefix { /** * Default prefix used to replace the incoming route prefix when rewritten. Valid values: `ENABLED`, `DISABLED`. */ defaultPrefix?: pulumi.Input; /** * Value used to replace the incoming route prefix when rewritten. */ value?: pulumi.Input; } export interface GatewayRouteSpecHttp2RouteActionTarget { /** * The port number that corresponds to the target for Virtual Service provider port. This is required when the provider (router or node) of the Virtual Service has multiple listeners. */ port?: pulumi.Input; /** * Virtual service gateway route target. */ virtualService: pulumi.Input; } export interface GatewayRouteSpecHttp2RouteActionTargetVirtualService { /** * Name of the virtual service that traffic is routed to. Must be between 1 and 255 characters in length. */ virtualServiceName: pulumi.Input; } export interface GatewayRouteSpecHttp2RouteMatch { /** * Client request headers to match on. */ headers?: pulumi.Input[]>; /** * Host name to match on. */ hostname?: pulumi.Input; /** * Client request path to match on. */ path?: pulumi.Input; /** * The port number to match from the request. */ port?: pulumi.Input; /** * Path to match requests with. This parameter must always start with `/`, which by itself matches all requests to the virtual service name. */ prefix?: pulumi.Input; /** * Client request query parameters to match on. */ queryParameters?: pulumi.Input[]>; } export interface GatewayRouteSpecHttp2RouteMatchHeader { /** * If `true`, the match is on the opposite of the `match` method and value. Default is `false`. */ invert?: pulumi.Input; /** * Method and value to match the header value sent with a request. Specify one match method. */ match?: pulumi.Input; /** * Name for the HTTP header in the client request that will be matched on. */ name: pulumi.Input; } export interface GatewayRouteSpecHttp2RouteMatchHeaderMatch { /** * Header value sent by the client must match the specified value exactly. */ exact?: pulumi.Input; /** * Header value sent by the client must begin with the specified characters. */ prefix?: pulumi.Input; /** * Object that specifies the range of numbers that the header value sent by the client must be included in. */ range?: pulumi.Input; /** * Header value sent by the client must include the specified characters. */ regex?: pulumi.Input; /** * Header value sent by the client must end with the specified characters. */ suffix?: pulumi.Input; } export interface GatewayRouteSpecHttp2RouteMatchHeaderMatchRange { /** * End of the range. */ end: pulumi.Input; /** * Start of the range. */ start: pulumi.Input; } export interface GatewayRouteSpecHttp2RouteMatchHostname { /** * Exact host name to match on. */ exact?: pulumi.Input; /** * Specified ending characters of the host name to match on. */ suffix?: pulumi.Input; } export interface GatewayRouteSpecHttp2RouteMatchPath { /** * The exact path to match on. */ exact?: pulumi.Input; /** * The regex used to match the path. */ regex?: pulumi.Input; } export interface GatewayRouteSpecHttp2RouteMatchQueryParameter { /** * The query parameter to match on. */ match?: pulumi.Input; /** * Name for the query parameter that will be matched on. */ name: pulumi.Input; } export interface GatewayRouteSpecHttp2RouteMatchQueryParameterMatch { /** * The exact query parameter to match on. */ exact?: pulumi.Input; } export interface GatewayRouteSpecHttpRoute { /** * Action to take if a match is determined. */ action: pulumi.Input; /** * Criteria for determining a request match. */ match: pulumi.Input; } export interface GatewayRouteSpecHttpRouteAction { /** * Gateway route action to rewrite. */ rewrite?: pulumi.Input; /** * Target that traffic is routed to when a request matches the gateway route. */ target: pulumi.Input; } export interface GatewayRouteSpecHttpRouteActionRewrite { /** * Host name to rewrite. */ hostname?: pulumi.Input; /** * Exact path to rewrite. */ path?: pulumi.Input; /** * Specified beginning characters to rewrite. */ prefix?: pulumi.Input; } export interface GatewayRouteSpecHttpRouteActionRewriteHostname { /** * Default target host name to write to. Valid values: `ENABLED`, `DISABLED`. */ defaultTargetHostname: pulumi.Input; } export interface GatewayRouteSpecHttpRouteActionRewritePath { /** * The exact path to match on. */ exact: pulumi.Input; } export interface GatewayRouteSpecHttpRouteActionRewritePrefix { /** * Default prefix used to replace the incoming route prefix when rewritten. Valid values: `ENABLED`, `DISABLED`. */ defaultPrefix?: pulumi.Input; /** * Value used to replace the incoming route prefix when rewritten. */ value?: pulumi.Input; } export interface GatewayRouteSpecHttpRouteActionTarget { /** * The port number that corresponds to the target for Virtual Service provider port. This is required when the provider (router or node) of the Virtual Service has multiple listeners. */ port?: pulumi.Input; /** * Virtual service gateway route target. */ virtualService: pulumi.Input; } export interface GatewayRouteSpecHttpRouteActionTargetVirtualService { /** * Name of the virtual service that traffic is routed to. Must be between 1 and 255 characters in length. */ virtualServiceName: pulumi.Input; } export interface GatewayRouteSpecHttpRouteMatch { /** * Client request headers to match on. */ headers?: pulumi.Input[]>; /** * Host name to match on. */ hostname?: pulumi.Input; /** * Client request path to match on. */ path?: pulumi.Input; /** * The port number to match from the request. */ port?: pulumi.Input; /** * Path to match requests with. This parameter must always start with `/`, which by itself matches all requests to the virtual service name. */ prefix?: pulumi.Input; /** * Client request query parameters to match on. */ queryParameters?: pulumi.Input[]>; } export interface GatewayRouteSpecHttpRouteMatchHeader { /** * If `true`, the match is on the opposite of the `match` method and value. Default is `false`. */ invert?: pulumi.Input; /** * Method and value to match the header value sent with a request. Specify one match method. */ match?: pulumi.Input; /** * Name for the HTTP header in the client request that will be matched on. */ name: pulumi.Input; } export interface GatewayRouteSpecHttpRouteMatchHeaderMatch { /** * Header value sent by the client must match the specified value exactly. */ exact?: pulumi.Input; /** * Header value sent by the client must begin with the specified characters. */ prefix?: pulumi.Input; /** * Object that specifies the range of numbers that the header value sent by the client must be included in. */ range?: pulumi.Input; /** * Header value sent by the client must include the specified characters. */ regex?: pulumi.Input; /** * Header value sent by the client must end with the specified characters. */ suffix?: pulumi.Input; } export interface GatewayRouteSpecHttpRouteMatchHeaderMatchRange { /** * End of the range. */ end: pulumi.Input; /** * Start of the range. */ start: pulumi.Input; } export interface GatewayRouteSpecHttpRouteMatchHostname { /** * Exact host name to match on. */ exact?: pulumi.Input; /** * Specified ending characters of the host name to match on. */ suffix?: pulumi.Input; } export interface GatewayRouteSpecHttpRouteMatchPath { /** * The exact path to match on. */ exact?: pulumi.Input; /** * The regex used to match the path. */ regex?: pulumi.Input; } export interface GatewayRouteSpecHttpRouteMatchQueryParameter { /** * The query parameter to match on. */ match?: pulumi.Input; /** * Name for the query parameter that will be matched on. */ name: pulumi.Input; } export interface GatewayRouteSpecHttpRouteMatchQueryParameterMatch { /** * The exact query parameter to match on. */ exact?: pulumi.Input; } export interface MeshSpec { /** * Egress filter rules for the service mesh. */ egressFilter?: pulumi.Input; /** * The service discovery information for the service mesh. */ serviceDiscovery?: pulumi.Input; } export interface MeshSpecEgressFilter { type?: pulumi.Input; } export interface MeshSpecServiceDiscovery { ipPreference?: pulumi.Input; } export interface RouteSpec { /** * GRPC routing information for the route. */ grpcRoute?: pulumi.Input; /** * HTTP/2 routing information for the route. */ http2Route?: pulumi.Input; /** * HTTP routing information for the route. */ httpRoute?: pulumi.Input; /** * Priority for the route, between `0` and `1000`. * Routes are matched based on the specified value, where `0` is the highest priority. */ priority?: pulumi.Input; /** * TCP routing information for the route. */ tcpRoute?: pulumi.Input; } export interface RouteSpecGrpcRoute { /** * Action to take if a match is determined. */ action: pulumi.Input; /** * Criteria for determining an gRPC request match. */ match?: pulumi.Input; /** * Retry policy. */ retryPolicy?: pulumi.Input; /** * Types of timeouts. */ timeout?: pulumi.Input; } export interface RouteSpecGrpcRouteAction { /** * Targets that traffic is routed to when a request matches the route. * You can specify one or more targets and their relative weights with which to distribute traffic. */ weightedTargets: pulumi.Input[]>; } export interface RouteSpecGrpcRouteActionWeightedTarget { /** * The targeted port of the weighted object. */ port?: pulumi.Input; /** * Virtual node to associate with the weighted target. Must be between 1 and 255 characters in length. */ virtualNode: pulumi.Input; /** * Relative weight of the weighted target. An integer between 0 and 100. */ weight: pulumi.Input; } export interface RouteSpecGrpcRouteMatch { /** * Data to match from the gRPC request. */ metadatas?: pulumi.Input[]>; /** * Method name to match from the request. If you specify a name, you must also specify a `serviceName`. */ methodName?: pulumi.Input; /** * The port number to match from the request. */ port?: pulumi.Input; prefix?: pulumi.Input; /** * Fully qualified domain name for the service to match from the request. */ serviceName?: pulumi.Input; } export interface RouteSpecGrpcRouteMatchMetadata { /** * If `true`, the match is on the opposite of the `match` criteria. Default is `false`. */ invert?: pulumi.Input; /** * Data to match from the request. */ match?: pulumi.Input; /** * Name of the route. Must be between 1 and 50 characters in length. */ name: pulumi.Input; } export interface RouteSpecGrpcRouteMatchMetadataMatch { /** * Value sent by the client must match the specified value exactly. Must be between 1 and 255 characters in length. */ exact?: pulumi.Input; /** * Value sent by the client must begin with the specified characters. Must be between 1 and 255 characters in length. */ prefix?: pulumi.Input; /** * Object that specifies the range of numbers that the value sent by the client must be included in. */ range?: pulumi.Input; /** * Value sent by the client must include the specified characters. Must be between 1 and 255 characters in length. */ regex?: pulumi.Input; /** * Value sent by the client must end with the specified characters. Must be between 1 and 255 characters in length. */ suffix?: pulumi.Input; } export interface RouteSpecGrpcRouteMatchMetadataMatchRange { /** * End of the range. */ end: pulumi.Input; /** * Start of the range. */ start: pulumi.Input; } export interface RouteSpecGrpcRouteRetryPolicy { /** * List of gRPC retry events. * Valid values: `cancelled`, `deadline-exceeded`, `internal`, `resource-exhausted`, `unavailable`. */ grpcRetryEvents?: pulumi.Input[]>; /** * List of HTTP retry events. * Valid values: `client-error` (HTTP status code 409), `gateway-error` (HTTP status codes 502, 503, and 504), `server-error` (HTTP status codes 500, 501, 502, 503, 504, 505, 506, 507, 508, 510, and 511), `stream-error` (retry on refused stream). */ httpRetryEvents?: pulumi.Input[]>; /** * Maximum number of retries. */ maxRetries: pulumi.Input; /** * Per-retry timeout. */ perRetryTimeout: pulumi.Input; /** * List of TCP retry events. The only valid value is `connection-error`. */ tcpRetryEvents?: pulumi.Input[]>; } export interface RouteSpecGrpcRouteRetryPolicyPerRetryTimeout { /** * Retry unit. Valid values: `ms`, `s`. */ unit: pulumi.Input; /** * Retry value. */ value: pulumi.Input; } export interface RouteSpecGrpcRouteTimeout { /** * Idle timeout. An idle timeout bounds the amount of time that a connection may be idle. */ idle?: pulumi.Input; /** * Per request timeout. */ perRequest?: pulumi.Input; } export interface RouteSpecGrpcRouteTimeoutIdle { /** * Unit of time. Valid values: `ms`, `s`. */ unit: pulumi.Input; /** * Number of time units. Minimum value of `0`. */ value: pulumi.Input; } export interface RouteSpecGrpcRouteTimeoutPerRequest { /** * Unit of time. Valid values: `ms`, `s`. */ unit: pulumi.Input; /** * Number of time units. Minimum value of `0`. */ value: pulumi.Input; } export interface RouteSpecHttp2Route { /** * Action to take if a match is determined. */ action: pulumi.Input; /** * Criteria for determining an HTTP request match. */ match: pulumi.Input; /** * Retry policy. */ retryPolicy?: pulumi.Input; /** * Types of timeouts. */ timeout?: pulumi.Input; } export interface RouteSpecHttp2RouteAction { /** * Targets that traffic is routed to when a request matches the route. * You can specify one or more targets and their relative weights with which to distribute traffic. */ weightedTargets: pulumi.Input[]>; } export interface RouteSpecHttp2RouteActionWeightedTarget { /** * The targeted port of the weighted object. */ port?: pulumi.Input; /** * Virtual node to associate with the weighted target. Must be between 1 and 255 characters in length. */ virtualNode: pulumi.Input; /** * Relative weight of the weighted target. An integer between 0 and 100. */ weight: pulumi.Input; } export interface RouteSpecHttp2RouteMatch { /** * Client request headers to match on. */ headers?: pulumi.Input[]>; /** * Client request header method to match on. Valid values: `GET`, `HEAD`, `POST`, `PUT`, `DELETE`, `CONNECT`, `OPTIONS`, `TRACE`, `PATCH`. */ method?: pulumi.Input; /** * Client request path to match on. */ path?: pulumi.Input; /** * The port number to match from the request. */ port?: pulumi.Input; /** * Path with which to match requests. * This parameter must always start with /, which by itself matches all requests to the virtual router service name. */ prefix?: pulumi.Input; /** * Client request query parameters to match on. */ queryParameters?: pulumi.Input[]>; /** * Client request header scheme to match on. Valid values: `http`, `https`. */ scheme?: pulumi.Input; } export interface RouteSpecHttp2RouteMatchHeader { /** * If `true`, the match is on the opposite of the `match` method and value. Default is `false`. */ invert?: pulumi.Input; /** * Method and value to match the header value sent with a request. Specify one match method. */ match?: pulumi.Input; /** * Name for the HTTP header in the client request that will be matched on. */ name: pulumi.Input; } export interface RouteSpecHttp2RouteMatchHeaderMatch { /** * Header value sent by the client must match the specified value exactly. */ exact?: pulumi.Input; /** * Header value sent by the client must begin with the specified characters. */ prefix?: pulumi.Input; /** * Object that specifies the range of numbers that the header value sent by the client must be included in. */ range?: pulumi.Input; /** * Header value sent by the client must include the specified characters. */ regex?: pulumi.Input; /** * Header value sent by the client must end with the specified characters. */ suffix?: pulumi.Input; } export interface RouteSpecHttp2RouteMatchHeaderMatchRange { /** * End of the range. */ end: pulumi.Input; /** * Start of the range. */ start: pulumi.Input; } export interface RouteSpecHttp2RouteMatchPath { /** * The exact path to match on. */ exact?: pulumi.Input; /** * The regex used to match the path. */ regex?: pulumi.Input; } export interface RouteSpecHttp2RouteMatchQueryParameter { /** * The query parameter to match on. */ match?: pulumi.Input; /** * Name for the query parameter that will be matched on. */ name: pulumi.Input; } export interface RouteSpecHttp2RouteMatchQueryParameterMatch { /** * The exact query parameter to match on. */ exact?: pulumi.Input; } export interface RouteSpecHttp2RouteRetryPolicy { /** * List of HTTP retry events. * Valid values: `client-error` (HTTP status code 409), `gateway-error` (HTTP status codes 502, 503, and 504), `server-error` (HTTP status codes 500, 501, 502, 503, 504, 505, 506, 507, 508, 510, and 511), `stream-error` (retry on refused stream). */ httpRetryEvents?: pulumi.Input[]>; /** * Maximum number of retries. */ maxRetries: pulumi.Input; /** * Per-retry timeout. */ perRetryTimeout: pulumi.Input; /** * List of TCP retry events. The only valid value is `connection-error`. * * You must specify at least one value for `httpRetryEvents`, or at least one value for `tcpRetryEvents`. */ tcpRetryEvents?: pulumi.Input[]>; } export interface RouteSpecHttp2RouteRetryPolicyPerRetryTimeout { /** * Retry unit. Valid values: `ms`, `s`. */ unit: pulumi.Input; /** * Retry value. */ value: pulumi.Input; } export interface RouteSpecHttp2RouteTimeout { /** * Idle timeout. An idle timeout bounds the amount of time that a connection may be idle. */ idle?: pulumi.Input; /** * Per request timeout. */ perRequest?: pulumi.Input; } export interface RouteSpecHttp2RouteTimeoutIdle { /** * Unit of time. Valid values: `ms`, `s`. */ unit: pulumi.Input; /** * Number of time units. Minimum value of `0`. */ value: pulumi.Input; } export interface RouteSpecHttp2RouteTimeoutPerRequest { /** * Unit of time. Valid values: `ms`, `s`. */ unit: pulumi.Input; /** * Number of time units. Minimum value of `0`. */ value: pulumi.Input; } export interface RouteSpecHttpRoute { /** * Action to take if a match is determined. */ action: pulumi.Input; /** * Criteria for determining an HTTP request match. */ match: pulumi.Input; /** * Retry policy. */ retryPolicy?: pulumi.Input; /** * Types of timeouts. */ timeout?: pulumi.Input; } export interface RouteSpecHttpRouteAction { /** * Targets that traffic is routed to when a request matches the route. * You can specify one or more targets and their relative weights with which to distribute traffic. */ weightedTargets: pulumi.Input[]>; } export interface RouteSpecHttpRouteActionWeightedTarget { /** * The targeted port of the weighted object. */ port?: pulumi.Input; /** * Virtual node to associate with the weighted target. Must be between 1 and 255 characters in length. */ virtualNode: pulumi.Input; /** * Relative weight of the weighted target. An integer between 0 and 100. */ weight: pulumi.Input; } export interface RouteSpecHttpRouteMatch { /** * Client request headers to match on. */ headers?: pulumi.Input[]>; /** * Client request header method to match on. Valid values: `GET`, `HEAD`, `POST`, `PUT`, `DELETE`, `CONNECT`, `OPTIONS`, `TRACE`, `PATCH`. */ method?: pulumi.Input; /** * Client request path to match on. */ path?: pulumi.Input; /** * The port number to match from the request. */ port?: pulumi.Input; /** * Path with which to match requests. * This parameter must always start with /, which by itself matches all requests to the virtual router service name. */ prefix?: pulumi.Input; /** * Client request query parameters to match on. */ queryParameters?: pulumi.Input[]>; /** * Client request header scheme to match on. Valid values: `http`, `https`. */ scheme?: pulumi.Input; } export interface RouteSpecHttpRouteMatchHeader { /** * If `true`, the match is on the opposite of the `match` method and value. Default is `false`. */ invert?: pulumi.Input; /** * Method and value to match the header value sent with a request. Specify one match method. */ match?: pulumi.Input; /** * Name for the HTTP header in the client request that will be matched on. */ name: pulumi.Input; } export interface RouteSpecHttpRouteMatchHeaderMatch { /** * Header value sent by the client must match the specified value exactly. */ exact?: pulumi.Input; /** * Header value sent by the client must begin with the specified characters. */ prefix?: pulumi.Input; /** * Object that specifies the range of numbers that the header value sent by the client must be included in. */ range?: pulumi.Input; /** * Header value sent by the client must include the specified characters. */ regex?: pulumi.Input; /** * Header value sent by the client must end with the specified characters. */ suffix?: pulumi.Input; } export interface RouteSpecHttpRouteMatchHeaderMatchRange { /** * End of the range. */ end: pulumi.Input; /** * Start of the range. */ start: pulumi.Input; } export interface RouteSpecHttpRouteMatchPath { /** * The exact path to match on. */ exact?: pulumi.Input; /** * The regex used to match the path. */ regex?: pulumi.Input; } export interface RouteSpecHttpRouteMatchQueryParameter { /** * The query parameter to match on. */ match?: pulumi.Input; /** * Name for the query parameter that will be matched on. */ name: pulumi.Input; } export interface RouteSpecHttpRouteMatchQueryParameterMatch { /** * The exact query parameter to match on. */ exact?: pulumi.Input; } export interface RouteSpecHttpRouteRetryPolicy { /** * List of HTTP retry events. * Valid values: `client-error` (HTTP status code 409), `gateway-error` (HTTP status codes 502, 503, and 504), `server-error` (HTTP status codes 500, 501, 502, 503, 504, 505, 506, 507, 508, 510, and 511), `stream-error` (retry on refused stream). */ httpRetryEvents?: pulumi.Input[]>; /** * Maximum number of retries. */ maxRetries: pulumi.Input; /** * Per-retry timeout. */ perRetryTimeout: pulumi.Input; /** * List of TCP retry events. The only valid value is `connection-error`. * * You must specify at least one value for `httpRetryEvents`, or at least one value for `tcpRetryEvents`. */ tcpRetryEvents?: pulumi.Input[]>; } export interface RouteSpecHttpRouteRetryPolicyPerRetryTimeout { /** * Retry unit. Valid values: `ms`, `s`. */ unit: pulumi.Input; /** * Retry value. */ value: pulumi.Input; } export interface RouteSpecHttpRouteTimeout { /** * Idle timeout. An idle timeout bounds the amount of time that a connection may be idle. */ idle?: pulumi.Input; /** * Per request timeout. */ perRequest?: pulumi.Input; } export interface RouteSpecHttpRouteTimeoutIdle { /** * Unit of time. Valid values: `ms`, `s`. */ unit: pulumi.Input; /** * Number of time units. Minimum value of `0`. */ value: pulumi.Input; } export interface RouteSpecHttpRouteTimeoutPerRequest { /** * Unit of time. Valid values: `ms`, `s`. */ unit: pulumi.Input; /** * Number of time units. Minimum value of `0`. */ value: pulumi.Input; } export interface RouteSpecTcpRoute { /** * Action to take if a match is determined. */ action: pulumi.Input; match?: pulumi.Input; /** * Types of timeouts. */ timeout?: pulumi.Input; } export interface RouteSpecTcpRouteAction { /** * Targets that traffic is routed to when a request matches the route. * You can specify one or more targets and their relative weights with which to distribute traffic. */ weightedTargets: pulumi.Input[]>; } export interface RouteSpecTcpRouteActionWeightedTarget { /** * The targeted port of the weighted object. */ port?: pulumi.Input; /** * Virtual node to associate with the weighted target. Must be between 1 and 255 characters in length. */ virtualNode: pulumi.Input; /** * Relative weight of the weighted target. An integer between 0 and 100. */ weight: pulumi.Input; } export interface RouteSpecTcpRouteMatch { port?: pulumi.Input; } export interface RouteSpecTcpRouteTimeout { /** * Idle timeout. An idle timeout bounds the amount of time that a connection may be idle. */ idle?: pulumi.Input; } export interface RouteSpecTcpRouteTimeoutIdle { /** * Unit of time. Valid values: `ms`, `s`. */ unit: pulumi.Input; /** * Number of time units. Minimum value of `0`. */ value: pulumi.Input; } export interface VirtualGatewaySpec { /** * Defaults for backends. */ backendDefaults?: pulumi.Input; /** * Listeners that the mesh endpoint is expected to receive inbound traffic from. You can specify one listener. */ listeners: pulumi.Input[]>; /** * Inbound and outbound access logging information for the virtual gateway. */ logging?: pulumi.Input; } export interface VirtualGatewaySpecBackendDefaults { /** * Default client policy for virtual gateway backends. */ clientPolicy?: pulumi.Input; } export interface VirtualGatewaySpecBackendDefaultsClientPolicy { /** * Transport Layer Security (TLS) client policy. */ tls?: pulumi.Input; } export interface VirtualGatewaySpecBackendDefaultsClientPolicyTls { /** * Listener's TLS certificate. */ certificate?: pulumi.Input; /** * Whether the policy is enforced. Default is `true`. */ enforce?: pulumi.Input; /** * One or more ports that the policy is enforced for. */ ports?: pulumi.Input[]>; /** * Listener's Transport Layer Security (TLS) validation context. */ validation: pulumi.Input; } export interface VirtualGatewaySpecBackendDefaultsClientPolicyTlsCertificate { /** * Local file certificate. */ file?: pulumi.Input; /** * A [Secret Discovery Service](https://www.envoyproxy.io/docs/envoy/latest/configuration/security/secret#secret-discovery-service-sds) certificate. */ sds?: pulumi.Input; } export interface VirtualGatewaySpecBackendDefaultsClientPolicyTlsCertificateFile { /** * Certificate trust chain for a certificate stored on the file system of the mesh endpoint that the proxy is running on. Must be between 1 and 255 characters in length. */ certificateChain: pulumi.Input; /** * Private key for a certificate stored on the file system of the mesh endpoint that the proxy is running on. Must be between 1 and 255 characters in length. */ privateKey: pulumi.Input; } export interface VirtualGatewaySpecBackendDefaultsClientPolicyTlsCertificateSds { /** * Name of the secret for a virtual gateway's Transport Layer Security (TLS) Secret Discovery Service validation context trust. */ secretName: pulumi.Input; } export interface VirtualGatewaySpecBackendDefaultsClientPolicyTlsValidation { /** * SANs for a virtual gateway's listener's Transport Layer Security (TLS) validation context. */ subjectAlternativeNames?: pulumi.Input; /** * TLS validation context trust. */ trust: pulumi.Input; } export interface VirtualGatewaySpecBackendDefaultsClientPolicyTlsValidationSubjectAlternativeNames { /** * Criteria for determining a SAN's match. */ match: pulumi.Input; } export interface VirtualGatewaySpecBackendDefaultsClientPolicyTlsValidationSubjectAlternativeNamesMatch { /** * Values sent must match the specified values exactly. */ exacts: pulumi.Input[]>; } export interface VirtualGatewaySpecBackendDefaultsClientPolicyTlsValidationTrust { /** * TLS validation context trust for an AWS Certificate Manager (ACM) certificate. */ acm?: pulumi.Input; /** * TLS validation context trust for a local file certificate. */ file?: pulumi.Input; /** * TLS validation context trust for a [Secret Discovery Service](https://www.envoyproxy.io/docs/envoy/latest/configuration/security/secret#secret-discovery-service-sds) certificate. */ sds?: pulumi.Input; } export interface VirtualGatewaySpecBackendDefaultsClientPolicyTlsValidationTrustAcm { /** * One or more ACM ARNs. */ certificateAuthorityArns: pulumi.Input[]>; } export interface VirtualGatewaySpecBackendDefaultsClientPolicyTlsValidationTrustFile { /** * Certificate trust chain for a certificate stored on the file system of the mesh endpoint that the proxy is running on. Must be between 1 and 255 characters in length. */ certificateChain: pulumi.Input; } export interface VirtualGatewaySpecBackendDefaultsClientPolicyTlsValidationTrustSds { /** * Name of the secret for a virtual gateway's Transport Layer Security (TLS) Secret Discovery Service validation context trust. */ secretName: pulumi.Input; } export interface VirtualGatewaySpecListener { /** * Connection pool information for the listener. */ connectionPool?: pulumi.Input; /** * Health check information for the listener. */ healthCheck?: pulumi.Input; /** * Port mapping information for the listener. */ portMapping: pulumi.Input; /** * Transport Layer Security (TLS) properties for the listener */ tls?: pulumi.Input; } export interface VirtualGatewaySpecListenerConnectionPool { /** * Connection pool information for gRPC listeners. */ grpc?: pulumi.Input; /** * Connection pool information for HTTP listeners. */ http?: pulumi.Input; /** * Connection pool information for HTTP2 listeners. */ http2?: pulumi.Input; } export interface VirtualGatewaySpecListenerConnectionPoolGrpc { /** * Maximum number of inflight requests Envoy can concurrently support across hosts in upstream cluster. Minimum value of `1`. */ maxRequests: pulumi.Input; } export interface VirtualGatewaySpecListenerConnectionPoolHttp { /** * Maximum number of outbound TCP connections Envoy can establish concurrently with all hosts in upstream cluster. Minimum value of `1`. */ maxConnections: pulumi.Input; /** * Number of overflowing requests after `maxConnections` Envoy will queue to upstream cluster. Minimum value of `1`. */ maxPendingRequests?: pulumi.Input; } export interface VirtualGatewaySpecListenerConnectionPoolHttp2 { /** * Maximum number of inflight requests Envoy can concurrently support across hosts in upstream cluster. Minimum value of `1`. */ maxRequests: pulumi.Input; } export interface VirtualGatewaySpecListenerHealthCheck { /** * Number of consecutive successful health checks that must occur before declaring listener healthy. */ healthyThreshold: pulumi.Input; /** * Time period in milliseconds between each health check execution. */ intervalMillis: pulumi.Input; /** * Destination path for the health check request. This is only required if the specified protocol is `http` or `http2`. */ path?: pulumi.Input; /** * Destination port for the health check request. This port must match the port defined in the `portMapping` for the listener. */ port?: pulumi.Input; /** * Protocol for the health check request. Valid values are `http`, `http2`, and `grpc`. */ protocol: pulumi.Input; /** * Amount of time to wait when receiving a response from the health check, in milliseconds. */ timeoutMillis: pulumi.Input; /** * Number of consecutive failed health checks that must occur before declaring a virtual gateway unhealthy. */ unhealthyThreshold: pulumi.Input; } export interface VirtualGatewaySpecListenerPortMapping { /** * Port used for the port mapping. */ port: pulumi.Input; /** * Protocol used for the port mapping. Valid values are `http`, `http2`, `tcp` and `grpc`. */ protocol: pulumi.Input; } export interface VirtualGatewaySpecListenerTls { /** * Listener's TLS certificate. */ certificate: pulumi.Input; /** * Listener's TLS mode. Valid values: `DISABLED`, `PERMISSIVE`, `STRICT`. */ mode: pulumi.Input; /** * Listener's Transport Layer Security (TLS) validation context. */ validation?: pulumi.Input; } export interface VirtualGatewaySpecListenerTlsCertificate { /** * An AWS Certificate Manager (ACM) certificate. */ acm?: pulumi.Input; /** * Local file certificate. */ file?: pulumi.Input; /** * A [Secret Discovery Service](https://www.envoyproxy.io/docs/envoy/latest/configuration/security/secret#secret-discovery-service-sds) certificate. */ sds?: pulumi.Input; } export interface VirtualGatewaySpecListenerTlsCertificateAcm { /** * ARN for the certificate. */ certificateArn: pulumi.Input; } export interface VirtualGatewaySpecListenerTlsCertificateFile { /** * Certificate trust chain for a certificate stored on the file system of the mesh endpoint that the proxy is running on. Must be between 1 and 255 characters in length. */ certificateChain: pulumi.Input; /** * Private key for a certificate stored on the file system of the mesh endpoint that the proxy is running on. Must be between 1 and 255 characters in length. */ privateKey: pulumi.Input; } export interface VirtualGatewaySpecListenerTlsCertificateSds { /** * Name of the secret for a virtual gateway's Transport Layer Security (TLS) Secret Discovery Service validation context trust. */ secretName: pulumi.Input; } export interface VirtualGatewaySpecListenerTlsValidation { /** * SANs for a virtual gateway's listener's Transport Layer Security (TLS) validation context. */ subjectAlternativeNames?: pulumi.Input; /** * TLS validation context trust. */ trust: pulumi.Input; } export interface VirtualGatewaySpecListenerTlsValidationSubjectAlternativeNames { /** * Criteria for determining a SAN's match. */ match: pulumi.Input; } export interface VirtualGatewaySpecListenerTlsValidationSubjectAlternativeNamesMatch { /** * Values sent must match the specified values exactly. */ exacts: pulumi.Input[]>; } export interface VirtualGatewaySpecListenerTlsValidationTrust { /** * TLS validation context trust for a local file certificate. */ file?: pulumi.Input; /** * TLS validation context trust for a [Secret Discovery Service](https://www.envoyproxy.io/docs/envoy/latest/configuration/security/secret#secret-discovery-service-sds) certificate. */ sds?: pulumi.Input; } export interface VirtualGatewaySpecListenerTlsValidationTrustFile { /** * Certificate trust chain for a certificate stored on the file system of the mesh endpoint that the proxy is running on. Must be between 1 and 255 characters in length. */ certificateChain: pulumi.Input; } export interface VirtualGatewaySpecListenerTlsValidationTrustSds { /** * Name of the secret for a virtual gateway's Transport Layer Security (TLS) Secret Discovery Service validation context trust. */ secretName: pulumi.Input; } export interface VirtualGatewaySpecLogging { /** * Access log configuration for a virtual gateway. */ accessLog?: pulumi.Input; } export interface VirtualGatewaySpecLoggingAccessLog { /** * File object to send virtual gateway access logs to. */ file?: pulumi.Input; } export interface VirtualGatewaySpecLoggingAccessLogFile { /** * The specified format for the logs. */ format?: pulumi.Input; /** * File path to write access logs to. You can use `/dev/stdout` to send access logs to standard out. Must be between 1 and 255 characters in length. */ path: pulumi.Input; } export interface VirtualGatewaySpecLoggingAccessLogFileFormat { /** * The logging format for JSON. */ jsons?: pulumi.Input[]>; /** * The logging format for text. Must be between 1 and 1000 characters in length. */ text?: pulumi.Input; } export interface VirtualGatewaySpecLoggingAccessLogFileFormatJson { /** * The specified key for the JSON. Must be between 1 and 100 characters in length. */ key: pulumi.Input; /** * The specified value for the JSON. Must be between 1 and 100 characters in length. */ value: pulumi.Input; } export interface VirtualNodeSpec { /** * Defaults for backends. */ backendDefaults?: pulumi.Input; /** * Backends to which the virtual node is expected to send outbound traffic. */ backends?: pulumi.Input[]>; /** * Listeners from which the virtual node is expected to receive inbound traffic. */ listeners?: pulumi.Input[]>; /** * Inbound and outbound access logging information for the virtual node. */ logging?: pulumi.Input; /** * Service discovery information for the virtual node. */ serviceDiscovery?: pulumi.Input; } export interface VirtualNodeSpecBackend { /** * Virtual service to use as a backend for a virtual node. */ virtualService: pulumi.Input; } export interface VirtualNodeSpecBackendDefaults { /** * Default client policy for virtual service backends. See above for details. */ clientPolicy?: pulumi.Input; } export interface VirtualNodeSpecBackendDefaultsClientPolicy { /** * Transport Layer Security (TLS) client policy. */ tls?: pulumi.Input; } export interface VirtualNodeSpecBackendDefaultsClientPolicyTls { /** * Listener's TLS certificate. */ certificate?: pulumi.Input; /** * Whether the policy is enforced. Default is `true`. */ enforce?: pulumi.Input; /** * One or more ports that the policy is enforced for. */ ports?: pulumi.Input[]>; /** * Listener's Transport Layer Security (TLS) validation context. */ validation: pulumi.Input; } export interface VirtualNodeSpecBackendDefaultsClientPolicyTlsCertificate { /** * Local file certificate. */ file?: pulumi.Input; /** * A [Secret Discovery Service](https://www.envoyproxy.io/docs/envoy/latest/configuration/security/secret#secret-discovery-service-sds) certificate. */ sds?: pulumi.Input; } export interface VirtualNodeSpecBackendDefaultsClientPolicyTlsCertificateFile { /** * Certificate trust chain for a certificate stored on the file system of the mesh endpoint that the proxy is running on. Must be between 1 and 255 characters in length. */ certificateChain: pulumi.Input; /** * Private key for a certificate stored on the file system of the virtual node that the proxy is running on. Must be between 1 and 255 characters in length. */ privateKey: pulumi.Input; } export interface VirtualNodeSpecBackendDefaultsClientPolicyTlsCertificateSds { /** * Name of the secret for a virtual node's Transport Layer Security (TLS) Secret Discovery Service validation context trust. */ secretName: pulumi.Input; } export interface VirtualNodeSpecBackendDefaultsClientPolicyTlsValidation { /** * SANs for a TLS validation context. */ subjectAlternativeNames?: pulumi.Input; /** * TLS validation context trust. */ trust: pulumi.Input; } export interface VirtualNodeSpecBackendDefaultsClientPolicyTlsValidationSubjectAlternativeNames { /** * Criteria for determining a SAN's match. */ match: pulumi.Input; } export interface VirtualNodeSpecBackendDefaultsClientPolicyTlsValidationSubjectAlternativeNamesMatch { /** * Values sent must match the specified values exactly. */ exacts: pulumi.Input[]>; } export interface VirtualNodeSpecBackendDefaultsClientPolicyTlsValidationTrust { /** * TLS validation context trust for an AWS Certificate Manager (ACM) certificate. */ acm?: pulumi.Input; /** * TLS validation context trust for a local file certificate. */ file?: pulumi.Input; /** * TLS validation context trust for a [Secret Discovery Service](https://www.envoyproxy.io/docs/envoy/latest/configuration/security/secret#secret-discovery-service-sds) certificate. */ sds?: pulumi.Input; } export interface VirtualNodeSpecBackendDefaultsClientPolicyTlsValidationTrustAcm { /** * One or more ACM ARNs. */ certificateAuthorityArns: pulumi.Input[]>; } export interface VirtualNodeSpecBackendDefaultsClientPolicyTlsValidationTrustFile { /** * Certificate trust chain for a certificate stored on the file system of the mesh endpoint that the proxy is running on. Must be between 1 and 255 characters in length. */ certificateChain: pulumi.Input; } export interface VirtualNodeSpecBackendDefaultsClientPolicyTlsValidationTrustSds { /** * Name of the secret for a virtual node's Transport Layer Security (TLS) Secret Discovery Service validation context trust. */ secretName: pulumi.Input; } export interface VirtualNodeSpecBackendVirtualService { /** * Client policy for the backend. */ clientPolicy?: pulumi.Input; /** * Name of the virtual service that is acting as a virtual node backend. Must be between 1 and 255 characters in length. */ virtualServiceName: pulumi.Input; } export interface VirtualNodeSpecBackendVirtualServiceClientPolicy { /** * Transport Layer Security (TLS) client policy. */ tls?: pulumi.Input; } export interface VirtualNodeSpecBackendVirtualServiceClientPolicyTls { /** * Listener's TLS certificate. */ certificate?: pulumi.Input; /** * Whether the policy is enforced. Default is `true`. */ enforce?: pulumi.Input; /** * One or more ports that the policy is enforced for. */ ports?: pulumi.Input[]>; /** * Listener's Transport Layer Security (TLS) validation context. */ validation: pulumi.Input; } export interface VirtualNodeSpecBackendVirtualServiceClientPolicyTlsCertificate { /** * Local file certificate. */ file?: pulumi.Input; /** * A [Secret Discovery Service](https://www.envoyproxy.io/docs/envoy/latest/configuration/security/secret#secret-discovery-service-sds) certificate. */ sds?: pulumi.Input; } export interface VirtualNodeSpecBackendVirtualServiceClientPolicyTlsCertificateFile { /** * Certificate trust chain for a certificate stored on the file system of the mesh endpoint that the proxy is running on. Must be between 1 and 255 characters in length. */ certificateChain: pulumi.Input; /** * Private key for a certificate stored on the file system of the virtual node that the proxy is running on. Must be between 1 and 255 characters in length. */ privateKey: pulumi.Input; } export interface VirtualNodeSpecBackendVirtualServiceClientPolicyTlsCertificateSds { /** * Name of the secret for a virtual node's Transport Layer Security (TLS) Secret Discovery Service validation context trust. */ secretName: pulumi.Input; } export interface VirtualNodeSpecBackendVirtualServiceClientPolicyTlsValidation { /** * SANs for a TLS validation context. */ subjectAlternativeNames?: pulumi.Input; /** * TLS validation context trust. */ trust: pulumi.Input; } export interface VirtualNodeSpecBackendVirtualServiceClientPolicyTlsValidationSubjectAlternativeNames { /** * Criteria for determining a SAN's match. */ match: pulumi.Input; } export interface VirtualNodeSpecBackendVirtualServiceClientPolicyTlsValidationSubjectAlternativeNamesMatch { /** * Values sent must match the specified values exactly. */ exacts: pulumi.Input[]>; } export interface VirtualNodeSpecBackendVirtualServiceClientPolicyTlsValidationTrust { /** * TLS validation context trust for an AWS Certificate Manager (ACM) certificate. */ acm?: pulumi.Input; /** * TLS validation context trust for a local file certificate. */ file?: pulumi.Input; /** * TLS validation context trust for a [Secret Discovery Service](https://www.envoyproxy.io/docs/envoy/latest/configuration/security/secret#secret-discovery-service-sds) certificate. */ sds?: pulumi.Input; } export interface VirtualNodeSpecBackendVirtualServiceClientPolicyTlsValidationTrustAcm { /** * One or more ACM ARNs. */ certificateAuthorityArns: pulumi.Input[]>; } export interface VirtualNodeSpecBackendVirtualServiceClientPolicyTlsValidationTrustFile { /** * Certificate trust chain for a certificate stored on the file system of the mesh endpoint that the proxy is running on. Must be between 1 and 255 characters in length. */ certificateChain: pulumi.Input; } export interface VirtualNodeSpecBackendVirtualServiceClientPolicyTlsValidationTrustSds { /** * Name of the secret for a virtual node's Transport Layer Security (TLS) Secret Discovery Service validation context trust. */ secretName: pulumi.Input; } export interface VirtualNodeSpecListener { /** * Connection pool information for the listener. */ connectionPool?: pulumi.Input; /** * Health check information for the listener. */ healthCheck?: pulumi.Input; /** * Outlier detection information for the listener. */ outlierDetection?: pulumi.Input; /** * Port mapping information for the listener. */ portMapping: pulumi.Input; /** * Timeouts for different protocols. */ timeout?: pulumi.Input; /** * Transport Layer Security (TLS) properties for the listener */ tls?: pulumi.Input; } export interface VirtualNodeSpecListenerConnectionPool { /** * Connection pool information for gRPC listeners. */ grpc?: pulumi.Input; /** * Connection pool information for HTTP2 listeners. */ http2s?: pulumi.Input[]>; /** * Connection pool information for HTTP listeners. */ https?: pulumi.Input[]>; /** * Connection pool information for TCP listeners. */ tcps?: pulumi.Input[]>; } export interface VirtualNodeSpecListenerConnectionPoolGrpc { /** * Maximum number of inflight requests Envoy can concurrently support across hosts in upstream cluster. Minimum value of `1`. */ maxRequests: pulumi.Input; } export interface VirtualNodeSpecListenerConnectionPoolHttp { /** * Maximum number of outbound TCP connections Envoy can establish concurrently with all hosts in upstream cluster. Minimum value of `1`. */ maxConnections: pulumi.Input; /** * Number of overflowing requests after `maxConnections` Envoy will queue to upstream cluster. Minimum value of `1`. */ maxPendingRequests?: pulumi.Input; } export interface VirtualNodeSpecListenerConnectionPoolHttp2 { /** * Maximum number of inflight requests Envoy can concurrently support across hosts in upstream cluster. Minimum value of `1`. */ maxRequests: pulumi.Input; } export interface VirtualNodeSpecListenerConnectionPoolTcp { /** * Maximum number of outbound TCP connections Envoy can establish concurrently with all hosts in upstream cluster. Minimum value of `1`. */ maxConnections: pulumi.Input; } export interface VirtualNodeSpecListenerHealthCheck { /** * Number of consecutive successful health checks that must occur before declaring listener healthy. */ healthyThreshold: pulumi.Input; /** * Time period in milliseconds between each health check execution. */ intervalMillis: pulumi.Input; /** * Destination path for the health check request. This is only required if the specified protocol is `http` or `http2`. */ path?: pulumi.Input; /** * Destination port for the health check request. This port must match the port defined in the `portMapping` for the listener. */ port?: pulumi.Input; /** * Protocol for the health check request. Valid values are `http`, `http2`, `tcp` and `grpc`. */ protocol: pulumi.Input; /** * Amount of time to wait when receiving a response from the health check, in milliseconds. */ timeoutMillis: pulumi.Input; /** * Number of consecutive failed health checks that must occur before declaring a virtual node unhealthy. */ unhealthyThreshold: pulumi.Input; } export interface VirtualNodeSpecListenerOutlierDetection { /** * Base amount of time for which a host is ejected. */ baseEjectionDuration: pulumi.Input; /** * Time interval between ejection sweep analysis. */ interval: pulumi.Input; /** * Maximum percentage of hosts in load balancing pool for upstream service that can be ejected. Will eject at least one host regardless of the value. * Minimum value of `0`. Maximum value of `100`. */ maxEjectionPercent: pulumi.Input; /** * Number of consecutive `5xx` errors required for ejection. Minimum value of `1`. */ maxServerErrors: pulumi.Input; } export interface VirtualNodeSpecListenerOutlierDetectionBaseEjectionDuration { /** * Unit of time. Valid values: `ms`, `s`. */ unit: pulumi.Input; /** * Number of time units. Minimum value of `0`. */ value: pulumi.Input; } export interface VirtualNodeSpecListenerOutlierDetectionInterval { /** * Unit of time. Valid values: `ms`, `s`. */ unit: pulumi.Input; /** * Number of time units. Minimum value of `0`. */ value: pulumi.Input; } export interface VirtualNodeSpecListenerPortMapping { /** * Port used for the port mapping. */ port: pulumi.Input; /** * Protocol used for the port mapping. Valid values are `http`, `http2`, `tcp` and `grpc`. */ protocol: pulumi.Input; } export interface VirtualNodeSpecListenerTimeout { /** * Timeouts for gRPC listeners. */ grpc?: pulumi.Input; /** * Timeouts for HTTP listeners. */ http?: pulumi.Input; /** * Timeouts for HTTP2 listeners. */ http2?: pulumi.Input; /** * Timeouts for TCP listeners. */ tcp?: pulumi.Input; } export interface VirtualNodeSpecListenerTimeoutGrpc { /** * Idle timeout. An idle timeout bounds the amount of time that a connection may be idle. */ idle?: pulumi.Input; /** * Per request timeout. */ perRequest?: pulumi.Input; } export interface VirtualNodeSpecListenerTimeoutGrpcIdle { /** * Unit of time. Valid values: `ms`, `s`. */ unit: pulumi.Input; /** * Number of time units. Minimum value of `0`. */ value: pulumi.Input; } export interface VirtualNodeSpecListenerTimeoutGrpcPerRequest { /** * Unit of time. Valid values: `ms`, `s`. */ unit: pulumi.Input; /** * Number of time units. Minimum value of `0`. */ value: pulumi.Input; } export interface VirtualNodeSpecListenerTimeoutHttp { /** * Idle timeout. An idle timeout bounds the amount of time that a connection may be idle. */ idle?: pulumi.Input; /** * Per request timeout. */ perRequest?: pulumi.Input; } export interface VirtualNodeSpecListenerTimeoutHttp2 { /** * Idle timeout. An idle timeout bounds the amount of time that a connection may be idle. */ idle?: pulumi.Input; /** * Per request timeout. */ perRequest?: pulumi.Input; } export interface VirtualNodeSpecListenerTimeoutHttp2Idle { /** * Unit of time. Valid values: `ms`, `s`. */ unit: pulumi.Input; /** * Number of time units. Minimum value of `0`. */ value: pulumi.Input; } export interface VirtualNodeSpecListenerTimeoutHttp2PerRequest { /** * Unit of time. Valid values: `ms`, `s`. */ unit: pulumi.Input; /** * Number of time units. Minimum value of `0`. */ value: pulumi.Input; } export interface VirtualNodeSpecListenerTimeoutHttpIdle { /** * Unit of time. Valid values: `ms`, `s`. */ unit: pulumi.Input; /** * Number of time units. Minimum value of `0`. */ value: pulumi.Input; } export interface VirtualNodeSpecListenerTimeoutHttpPerRequest { /** * Unit of time. Valid values: `ms`, `s`. */ unit: pulumi.Input; /** * Number of time units. Minimum value of `0`. */ value: pulumi.Input; } export interface VirtualNodeSpecListenerTimeoutTcp { /** * Idle timeout. An idle timeout bounds the amount of time that a connection may be idle. */ idle?: pulumi.Input; } export interface VirtualNodeSpecListenerTimeoutTcpIdle { /** * Unit of time. Valid values: `ms`, `s`. */ unit: pulumi.Input; /** * Number of time units. Minimum value of `0`. */ value: pulumi.Input; } export interface VirtualNodeSpecListenerTls { /** * Listener's TLS certificate. */ certificate: pulumi.Input; /** * Listener's TLS mode. Valid values: `DISABLED`, `PERMISSIVE`, `STRICT`. */ mode: pulumi.Input; /** * Listener's Transport Layer Security (TLS) validation context. */ validation?: pulumi.Input; } export interface VirtualNodeSpecListenerTlsCertificate { /** * An AWS Certificate Manager (ACM) certificate. */ acm?: pulumi.Input; /** * Local file certificate. */ file?: pulumi.Input; /** * A [Secret Discovery Service](https://www.envoyproxy.io/docs/envoy/latest/configuration/security/secret#secret-discovery-service-sds) certificate. */ sds?: pulumi.Input; } export interface VirtualNodeSpecListenerTlsCertificateAcm { /** * ARN for the certificate. */ certificateArn: pulumi.Input; } export interface VirtualNodeSpecListenerTlsCertificateFile { /** * Certificate trust chain for a certificate stored on the file system of the mesh endpoint that the proxy is running on. Must be between 1 and 255 characters in length. */ certificateChain: pulumi.Input; /** * Private key for a certificate stored on the file system of the virtual node that the proxy is running on. Must be between 1 and 255 characters in length. */ privateKey: pulumi.Input; } export interface VirtualNodeSpecListenerTlsCertificateSds { /** * Name of the secret for a virtual node's Transport Layer Security (TLS) Secret Discovery Service validation context trust. */ secretName: pulumi.Input; } export interface VirtualNodeSpecListenerTlsValidation { /** * SANs for a TLS validation context. */ subjectAlternativeNames?: pulumi.Input; /** * TLS validation context trust. */ trust: pulumi.Input; } export interface VirtualNodeSpecListenerTlsValidationSubjectAlternativeNames { /** * Criteria for determining a SAN's match. */ match: pulumi.Input; } export interface VirtualNodeSpecListenerTlsValidationSubjectAlternativeNamesMatch { /** * Values sent must match the specified values exactly. */ exacts: pulumi.Input[]>; } export interface VirtualNodeSpecListenerTlsValidationTrust { /** * TLS validation context trust for a local file certificate. */ file?: pulumi.Input; /** * TLS validation context trust for a [Secret Discovery Service](https://www.envoyproxy.io/docs/envoy/latest/configuration/security/secret#secret-discovery-service-sds) certificate. */ sds?: pulumi.Input; } export interface VirtualNodeSpecListenerTlsValidationTrustFile { /** * Certificate trust chain for a certificate stored on the file system of the mesh endpoint that the proxy is running on. Must be between 1 and 255 characters in length. */ certificateChain: pulumi.Input; } export interface VirtualNodeSpecListenerTlsValidationTrustSds { /** * Name of the secret for a virtual node's Transport Layer Security (TLS) Secret Discovery Service validation context trust. */ secretName: pulumi.Input; } export interface VirtualNodeSpecLogging { /** * Access log configuration for a virtual node. */ accessLog?: pulumi.Input; } export interface VirtualNodeSpecLoggingAccessLog { /** * File object to send virtual node access logs to. */ file?: pulumi.Input; } export interface VirtualNodeSpecLoggingAccessLogFile { /** * The specified format for the logs. */ format?: pulumi.Input; /** * File path to write access logs to. You can use `/dev/stdout` to send access logs to standard out. Must be between 1 and 255 characters in length. */ path: pulumi.Input; } export interface VirtualNodeSpecLoggingAccessLogFileFormat { /** * The logging format for JSON. */ jsons?: pulumi.Input[]>; /** * The logging format for text. Must be between 1 and 1000 characters in length. */ text?: pulumi.Input; } export interface VirtualNodeSpecLoggingAccessLogFileFormatJson { /** * The specified key for the JSON. Must be between 1 and 100 characters in length. */ key: pulumi.Input; /** * The specified value for the JSON. Must be between 1 and 100 characters in length. */ value: pulumi.Input; } export interface VirtualNodeSpecServiceDiscovery { /** * Any AWS Cloud Map information for the virtual node. */ awsCloudMap?: pulumi.Input; /** * DNS service name for the virtual node. */ dns?: pulumi.Input; } export interface VirtualNodeSpecServiceDiscoveryAwsCloudMap { /** * String map that contains attributes with values that you can use to filter instances by any custom attribute that you specified when you registered the instance. Only instances that match all of the specified key/value pairs will be returned. */ attributes?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Name of the AWS Cloud Map namespace to use. * Use the `aws.servicediscovery.HttpNamespace` resource to configure a Cloud Map namespace. Must be between 1 and 1024 characters in length. */ namespaceName: pulumi.Input; /** * Name of the AWS Cloud Map service to use. Use the `aws.servicediscovery.Service` resource to configure a Cloud Map service. Must be between 1 and 1024 characters in length. */ serviceName: pulumi.Input; } export interface VirtualNodeSpecServiceDiscoveryDns { /** * DNS host name for your virtual node. */ hostname: pulumi.Input; /** * The preferred IP version that this virtual node uses. Valid values: `IPv6_PREFERRED`, `IPv4_PREFERRED`, `IPv4_ONLY`, `IPv6_ONLY`. */ ipPreference?: pulumi.Input; /** * The DNS response type for the virtual node. Valid values: `LOADBALANCER`, `ENDPOINTS`. */ responseType?: pulumi.Input; } export interface VirtualRouterSpec { /** * Listeners that the virtual router is expected to receive inbound traffic from. * Currently only one listener is supported per virtual router. */ listeners?: pulumi.Input[]>; } export interface VirtualRouterSpecListener { /** * Port mapping information for the listener. */ portMapping: pulumi.Input; } export interface VirtualRouterSpecListenerPortMapping { /** * Port used for the port mapping. */ port: pulumi.Input; /** * Protocol used for the port mapping. Valid values are `http`,`http2`, `tcp` and `grpc`. */ protocol: pulumi.Input; } export interface VirtualServiceSpec { /** * App Mesh object that is acting as the provider for a virtual service. You can specify a single virtual node or virtual router. */ provider?: pulumi.Input; } export interface VirtualServiceSpecProvider { /** * Virtual node associated with a virtual service. */ virtualNode?: pulumi.Input; /** * Virtual router associated with a virtual service. */ virtualRouter?: pulumi.Input; } export interface VirtualServiceSpecProviderVirtualNode { /** * Name of the virtual node that is acting as a service provider. Must be between 1 and 255 characters in length. */ virtualNodeName: pulumi.Input; } export interface VirtualServiceSpecProviderVirtualRouter { /** * Name of the virtual router that is acting as a service provider. Must be between 1 and 255 characters in length. */ virtualRouterName: pulumi.Input; } } export namespace apprunner { export interface CustomDomainAssociationCertificateValidationRecord { /** * Certificate CNAME record name. */ name?: pulumi.Input; /** * Current state of the certificate CNAME record validation. It should change to `SUCCESS` after App Runner completes validation with your DNS. */ status?: pulumi.Input; /** * Record type, always `CNAME`. */ type?: pulumi.Input; /** * Certificate CNAME record value. */ value?: pulumi.Input; } export interface DeploymentTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; } export interface ObservabilityConfigurationTraceConfiguration { /** * Implementation provider chosen for tracing App Runner services. Valid values: `AWSXRAY`. */ vendor?: pulumi.Input; } export interface ServiceEncryptionConfiguration { /** * ARN of the KMS key used for encryption. */ kmsKey: pulumi.Input; } export interface ServiceHealthCheckConfiguration { /** * Number of consecutive checks that must succeed before App Runner decides that the service is healthy. Defaults to 1. Minimum value of 1. Maximum value of 20. */ healthyThreshold?: pulumi.Input; /** * Time interval, in seconds, between health checks. Defaults to 5. Minimum value of 1. Maximum value of 20. */ interval?: pulumi.Input; /** * URL to send requests to for health checks. Defaults to `/`. Minimum length of 0. Maximum length of 51200. */ path?: pulumi.Input; /** * IP protocol that App Runner uses to perform health checks for your service. Valid values: `TCP`, `HTTP`. Defaults to `TCP`. If you set protocol to `HTTP`, App Runner sends health check requests to the HTTP path specified by `path`. */ protocol?: pulumi.Input; /** * Time, in seconds, to wait for a health check response before deciding it failed. Defaults to 2. Minimum value of 1. Maximum value of 20. */ timeout?: pulumi.Input; /** * Number of consecutive checks that must fail before App Runner decides that the service is unhealthy. Defaults to 5. Minimum value of 1. Maximum value of 20. */ unhealthyThreshold?: pulumi.Input; } export interface ServiceInstanceConfiguration { /** * Number of CPU units reserved for each instance of your App Runner service represented as a String. Defaults to `1024`. Valid values: `256|512|1024|2048|4096|(0.25|0.5|1|2|4) vCPU`. */ cpu?: pulumi.Input; /** * ARN of an IAM role that provides permissions to your App Runner service. These are permissions that your code needs when it calls any AWS APIs. */ instanceRoleArn?: pulumi.Input; /** * Amount of memory, in MB or GB, reserved for each instance of your App Runner service. Defaults to `2048`. Valid values: `512|1024|2048|3072|4096|6144|8192|10240|12288|(0.5|1|2|3|4|6|8|10|12) GB`. */ memory?: pulumi.Input; } export interface ServiceNetworkConfiguration { /** * Network configuration settings for outbound message traffic. See Egress Configuration below for more details. */ egressConfiguration?: pulumi.Input; /** * Network configuration settings for inbound network traffic. See Ingress Configuration below for more details. */ ingressConfiguration?: pulumi.Input; /** * App Runner provides you with the option to choose between Internet Protocol version 4 (IPv4) and dual stack (IPv4 and IPv6) for your incoming public network configuration. Valid values: `IPV4`, `DUAL_STACK`. Default: `IPV4`. */ ipAddressType?: pulumi.Input; } export interface ServiceNetworkConfigurationEgressConfiguration { /** * The type of egress configuration. Valid values are: `DEFAULT` and `VPC`. */ egressType?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the App Runner VPC connector that you want to associate with your App Runner service. Only valid when `EgressType = VPC`. */ vpcConnectorArn?: pulumi.Input; } export interface ServiceNetworkConfigurationIngressConfiguration { /** * Specifies whether your App Runner service is publicly accessible. To make the service publicly accessible set it to True. To make the service privately accessible, from only within an Amazon VPC set it to False. */ isPubliclyAccessible?: pulumi.Input; } export interface ServiceObservabilityConfiguration { /** * ARN of the observability configuration that is associated with the service. Specified only when `observabilityEnabled` is `true`. */ observabilityConfigurationArn?: pulumi.Input; /** * When `true`, an observability configuration resource is associated with the service. */ observabilityEnabled: pulumi.Input; } export interface ServiceSourceConfiguration { /** * Describes resources needed to authenticate access to some source repositories. See Authentication Configuration below for more details. */ authenticationConfiguration?: pulumi.Input; /** * Whether continuous integration from the source repository is enabled for the App Runner service. If set to `true`, each repository change (source code commit or new image version) starts a deployment. Defaults to `true`. */ autoDeploymentsEnabled?: pulumi.Input; /** * Description of a source code repository. See Code Repository below for more details. */ codeRepository?: pulumi.Input; /** * Description of a source image repository. See Image Repository below for more details. */ imageRepository?: pulumi.Input; } export interface ServiceSourceConfigurationAuthenticationConfiguration { /** * ARN of the IAM role that grants the App Runner service access to a source repository. Required for ECR image repositories (but not for ECR Public) */ accessRoleArn?: pulumi.Input; /** * ARN of the App Runner connection that enables the App Runner service to connect to a source repository. Required for GitHub code repositories. */ connectionArn?: pulumi.Input; } export interface ServiceSourceConfigurationCodeRepository { /** * Configuration for building and running the service from a source code repository. See Code Configuration below for more details. */ codeConfiguration?: pulumi.Input; /** * Location of the repository that contains the source code. */ repositoryUrl: pulumi.Input; /** * Version that should be used within the source code repository. See Source Code Version below for more details. */ sourceCodeVersion: pulumi.Input; /** * The path of the directory that stores source code and configuration files. The build and start commands also execute from here. The path is absolute from root and, if not specified, defaults to the repository root. */ sourceDirectory?: pulumi.Input; } export interface ServiceSourceConfigurationCodeRepositoryCodeConfiguration { /** * Basic configuration for building and running the App Runner service. Use this parameter to quickly launch an App Runner service without providing an apprunner.yaml file in the source code repository (or ignoring the file if it exists). See Code Configuration Values below for more details. */ codeConfigurationValues?: pulumi.Input; /** * Source of the App Runner configuration. Valid values: `REPOSITORY`, `API`. Values are interpreted as follows: */ configurationSource: pulumi.Input; } export interface ServiceSourceConfigurationCodeRepositoryCodeConfigurationCodeConfigurationValues { /** * Command App Runner runs to build your application. */ buildCommand?: pulumi.Input; /** * Port that your application listens to in the container. Defaults to `"8080"`. */ port?: pulumi.Input; /** * Runtime environment type for building and running an App Runner service. Represents a programming language runtime. Valid values: `PYTHON_3`, `NODEJS_12`, `NODEJS_14`, `NODEJS_16`, `CORRETTO_8`, `CORRETTO_11`, `GO_1`, `DOTNET_6`, `PHP_81`, `RUBY_31`. */ runtime: pulumi.Input; /** * Secrets and parameters available to your service as environment variables. A map of key/value pairs, where the key is the desired name of the Secret in the environment (i.e. it does not have to match the name of the secret in Secrets Manager or SSM Parameter Store), and the value is the ARN of the secret from AWS Secrets Manager or the ARN of the parameter in AWS SSM Parameter Store. */ runtimeEnvironmentSecrets?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Environment variables available to your running App Runner service. A map of key/value pairs. Keys with a prefix of `AWSAPPRUNNER` are reserved for system use and aren't valid. */ runtimeEnvironmentVariables?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Command App Runner runs to start your application. */ startCommand?: pulumi.Input; } export interface ServiceSourceConfigurationCodeRepositorySourceCodeVersion { /** * Type of version identifier. For a git-based repository, branches represent versions. Valid values: `BRANCH`. */ type: pulumi.Input; /** * Source code version. For a git-based repository, a branch name maps to a specific version. App Runner uses the most recent commit to the branch. */ value: pulumi.Input; } export interface ServiceSourceConfigurationImageRepository { /** * Configuration for running the identified image. See Image Configuration below for more details. */ imageConfiguration?: pulumi.Input; /** * Identifier of an image. For an image in Amazon Elastic Container Registry (Amazon ECR), this is an image name. For the * image name format, see Pulling an image in the Amazon ECR User Guide. */ imageIdentifier: pulumi.Input; /** * Type of the image repository. This reflects the repository provider and whether the repository is private or public. Valid values: `ECR` , `ECR_PUBLIC`. */ imageRepositoryType: pulumi.Input; } export interface ServiceSourceConfigurationImageRepositoryImageConfiguration { /** * Port that your application listens to in the container. Defaults to `"8080"`. */ port?: pulumi.Input; /** * Secrets and parameters available to your service as environment variables. A map of key/value pairs, where the key is the desired name of the Secret in the environment (i.e. it does not have to match the name of the secret in Secrets Manager or SSM Parameter Store), and the value is the ARN of the secret from AWS Secrets Manager or the ARN of the parameter in AWS SSM Parameter Store. */ runtimeEnvironmentSecrets?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Environment variables available to your running App Runner service. A map of key/value pairs. Keys with a prefix of `AWSAPPRUNNER` are reserved for system use and aren't valid. */ runtimeEnvironmentVariables?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Command App Runner runs to start the application in the source image. If specified, this command overrides the Docker image’s default start command. */ startCommand?: pulumi.Input; } export interface VpcIngressConnectionIngressVpcConfiguration { /** * The ID of the VPC endpoint that your App Runner service connects to. */ vpcEndpointId?: pulumi.Input; /** * The ID of the VPC that is used for the VPC endpoint. */ vpcId?: pulumi.Input; } } export namespace appstream { export interface DirectoryConfigServiceAccountCredentials { /** * User name of the account. This account must have the following privileges: create computer objects, join computers to the domain, and change/reset the password on descendant computer objects for the organizational units specified. */ accountName: pulumi.Input; /** * Password for the account. */ accountPassword: pulumi.Input; } export interface FleetComputeCapacity { /** * Number of currently available instances that can be used to stream sessions. */ available?: pulumi.Input; /** * Desired number of streaming instances. */ desiredInstances?: pulumi.Input; /** * Desired number of user sessions for a multi-session fleet. This is not allowed for single-session fleets. */ desiredSessions?: pulumi.Input; /** * Number of instances in use for streaming. */ inUse?: pulumi.Input; /** * Total number of simultaneous streaming instances that are running. */ running?: pulumi.Input; } export interface FleetDomainJoinInfo { /** * Fully qualified name of the directory (for example, corp.example.com). */ directoryName?: pulumi.Input; /** * Distinguished name of the organizational unit for computer accounts. */ organizationalUnitDistinguishedName?: pulumi.Input; } export interface FleetVpcConfig { /** * Identifiers of the security groups for the fleet or image builder. */ securityGroupIds?: pulumi.Input[]>; /** * Identifiers of the subnets to which a network interface is attached from the fleet instance or image builder instance. */ subnetIds?: pulumi.Input[]>; } export interface ImageBuilderAccessEndpoint { /** * Type of interface endpoint. For valid values, refer to the [AWS documentation](https://docs.aws.amazon.com/appstream2/latest/APIReference/API_AccessEndpoint.html). */ endpointType: pulumi.Input; /** * Identifier (ID) of the interface VPC endpoint. */ vpceId?: pulumi.Input; } export interface ImageBuilderDomainJoinInfo { /** * Fully qualified name of the directory (for example, corp.example.com). */ directoryName?: pulumi.Input; /** * Distinguished name of the organizational unit for computer accounts. */ organizationalUnitDistinguishedName?: pulumi.Input; } export interface ImageBuilderVpcConfig { /** * Identifiers of the security groups for the image builder or image builder. */ securityGroupIds?: pulumi.Input[]>; /** * Identifier of the subnet to which a network interface is attached from the image builder instance. */ subnetIds?: pulumi.Input[]>; } export interface StackAccessEndpoint { /** * Type of the interface endpoint. * See the [`AccessEndpoint` AWS API documentation](https://docs.aws.amazon.com/appstream2/latest/APIReference/API_AccessEndpoint.html) for valid values. */ endpointType: pulumi.Input; /** * ID of the VPC in which the interface endpoint is used. */ vpceId?: pulumi.Input; } export interface StackApplicationSettings { /** * Whether application settings should be persisted. */ enabled: pulumi.Input; /** * Name of the settings group. * Required when `enabled` is `true`. * Can be up to 100 characters. */ settingsGroup?: pulumi.Input; } export interface StackStorageConnector { /** * Type of storage connector. * Valid values are `HOMEFOLDERS`, `GOOGLE_DRIVE`, or `ONE_DRIVE`. */ connectorType: pulumi.Input; /** * Names of the domains for the account. */ domains?: pulumi.Input[]>; /** * ARN of the storage connector. */ resourceIdentifier?: pulumi.Input; } export interface StackStreamingExperienceSettings { /** * The preferred protocol that you want to use while streaming your application. * Valid values are `TCP` and `UDP`. */ preferredProtocol?: pulumi.Input; } export interface StackUserSetting { /** * Action that is enabled or disabled. * Valid values are `CLIPBOARD_COPY_FROM_LOCAL_DEVICE`, `CLIPBOARD_COPY_TO_LOCAL_DEVICE`, `FILE_UPLOAD`, `FILE_DOWNLOAD`, `PRINTING_TO_LOCAL_DEVICE`, `DOMAIN_PASSWORD_SIGNIN`, or `DOMAIN_SMART_CARD_SIGNIN`. */ action: pulumi.Input; /** * Whether the action is enabled or disabled. * Valid values are `ENABLED` or `DISABLED`. */ permission: pulumi.Input; } } export namespace appsync { export interface DataSourceDynamodbConfig { /** * The DeltaSyncConfig for a versioned data source. See Delta Sync Config */ deltaSyncConfig?: pulumi.Input; /** * AWS region of the DynamoDB table. Defaults to current region. */ region?: pulumi.Input; /** * Name of the DynamoDB table. */ tableName: pulumi.Input; /** * Set to `true` to use Amazon Cognito credentials with this data source. */ useCallerCredentials?: pulumi.Input; /** * Detects Conflict Detection and Resolution with this data source. */ versioned?: pulumi.Input; } export interface DataSourceDynamodbConfigDeltaSyncConfig { /** * The number of minutes that an Item is stored in the data source. */ baseTableTtl?: pulumi.Input; /** * The table name. */ deltaSyncTableName: pulumi.Input; /** * The number of minutes that a Delta Sync log entry is stored in the Delta Sync table. */ deltaSyncTableTtl?: pulumi.Input; } export interface DataSourceElasticsearchConfig { /** * HTTP endpoint of the Elasticsearch domain. */ endpoint: pulumi.Input; /** * AWS region of Elasticsearch domain. Defaults to current region. */ region?: pulumi.Input; } export interface DataSourceEventBridgeConfig { /** * ARN for the EventBridge bus. */ eventBusArn: pulumi.Input; } export interface DataSourceHttpConfig { /** * Authorization configuration in case the HTTP endpoint requires authorization. See Authorization Config. */ authorizationConfig?: pulumi.Input; /** * HTTP URL. */ endpoint: pulumi.Input; } export interface DataSourceHttpConfigAuthorizationConfig { /** * Authorization type that the HTTP endpoint requires. Default values is `AWS_IAM`. */ authorizationType?: pulumi.Input; /** * Identity and Access Management (IAM) settings. See AWS IAM Config. */ awsIamConfig?: pulumi.Input; } export interface DataSourceHttpConfigAuthorizationConfigAwsIamConfig { /** * Signing Amazon Web Services Region for IAM authorization. */ signingRegion?: pulumi.Input; /** * Signing service name for IAM authorization. */ signingServiceName?: pulumi.Input; } export interface DataSourceLambdaConfig { /** * ARN for the Lambda function. */ functionArn: pulumi.Input; } export interface DataSourceOpensearchserviceConfig { endpoint: pulumi.Input; region?: pulumi.Input; } export interface DataSourceRelationalDatabaseConfig { /** * Amazon RDS HTTP endpoint configuration. See HTTP Endpoint Config. */ httpEndpointConfig?: pulumi.Input; /** * Source type for the relational database. Valid values: `RDS_HTTP_ENDPOINT`. */ sourceType?: pulumi.Input; } export interface DataSourceRelationalDatabaseConfigHttpEndpointConfig { /** * AWS secret store ARN for database credentials. */ awsSecretStoreArn: pulumi.Input; /** * Logical database name. */ databaseName?: pulumi.Input; /** * Amazon RDS cluster identifier. */ dbClusterIdentifier: pulumi.Input; /** * AWS Region for RDS HTTP endpoint. Defaults to current region. */ region?: pulumi.Input; /** * Logical schema name. */ schema?: pulumi.Input; } export interface FunctionRuntime { /** * The name of the runtime to use. Currently, the only allowed value is `APPSYNC_JS`. */ name: pulumi.Input; /** * The version of the runtime to use. Currently, the only allowed version is `1.0.0`. */ runtimeVersion: pulumi.Input; } export interface FunctionSyncConfig { /** * Conflict Detection strategy to use. Valid values are `NONE` and `VERSION`. */ conflictDetection?: pulumi.Input; /** * Conflict Resolution strategy to perform in the event of a conflict. Valid values are `NONE`, `OPTIMISTIC_CONCURRENCY`, `AUTOMERGE`, and `LAMBDA`. */ conflictHandler?: pulumi.Input; /** * Lambda Conflict Handler Config when configuring `LAMBDA` as the Conflict Handler. See Lambda Conflict Handler Config. */ lambdaConflictHandlerConfig?: pulumi.Input; } export interface FunctionSyncConfigLambdaConflictHandlerConfig { /** * ARN for the Lambda function to use as the Conflict Handler. */ lambdaConflictHandlerArn?: pulumi.Input; } export interface GraphQLApiAdditionalAuthenticationProvider { /** * Authentication type. Valid values: `API_KEY`, `AWS_IAM`, `AMAZON_COGNITO_USER_POOLS`, `OPENID_CONNECT`, `AWS_LAMBDA` */ authenticationType: pulumi.Input; /** * Nested argument containing Lambda authorizer configuration. Defined below. */ lambdaAuthorizerConfig?: pulumi.Input; /** * Nested argument containing OpenID Connect configuration. Defined below. */ openidConnectConfig?: pulumi.Input; /** * Amazon Cognito User Pool configuration. Defined below. */ userPoolConfig?: pulumi.Input; } export interface GraphQLApiAdditionalAuthenticationProviderLambdaAuthorizerConfig { /** * Number of seconds a response should be cached for. The default is 5 minutes (300 seconds). The Lambda function can override this by returning a `ttlOverride` key in its response. A value of 0 disables caching of responses. Minimum value of 0. Maximum value of 3600. */ authorizerResultTtlInSeconds?: pulumi.Input; /** * ARN of the Lambda function to be called for authorization. Note: This Lambda function must have a resource-based policy assigned to it, to allow `lambda:InvokeFunction` from service principal `appsync.amazonaws.com`. */ authorizerUri: pulumi.Input; /** * Regular expression for validation of tokens before the Lambda function is called. */ identityValidationExpression?: pulumi.Input; } export interface GraphQLApiAdditionalAuthenticationProviderOpenidConnectConfig { /** * Number of milliseconds a token is valid after being authenticated. */ authTtl?: pulumi.Input; /** * Client identifier of the Relying party at the OpenID identity provider. This identifier is typically obtained when the Relying party is registered with the OpenID identity provider. You can specify a regular expression so the AWS AppSync can validate against multiple client identifiers at a time. */ clientId?: pulumi.Input; /** * Number of milliseconds a token is valid after being issued to a user. */ iatTtl?: pulumi.Input; /** * Issuer for the OpenID Connect configuration. The issuer returned by discovery MUST exactly match the value of iss in the ID Token. */ issuer: pulumi.Input; } export interface GraphQLApiAdditionalAuthenticationProviderUserPoolConfig { /** * Regular expression for validating the incoming Amazon Cognito User Pool app client ID. */ appIdClientRegex?: pulumi.Input; /** * AWS region in which the user pool was created. */ awsRegion?: pulumi.Input; /** * User pool ID. */ userPoolId: pulumi.Input; } export interface GraphQLApiLambdaAuthorizerConfig { /** * Number of seconds a response should be cached for. The default is 5 minutes (300 seconds). The Lambda function can override this by returning a `ttlOverride` key in its response. A value of 0 disables caching of responses. Minimum value of 0. Maximum value of 3600. */ authorizerResultTtlInSeconds?: pulumi.Input; /** * ARN of the Lambda function to be called for authorization. Note: This Lambda function must have a resource-based policy assigned to it, to allow `lambda:InvokeFunction` from service principal `appsync.amazonaws.com`. */ authorizerUri: pulumi.Input; /** * Regular expression for validation of tokens before the Lambda function is called. */ identityValidationExpression?: pulumi.Input; } export interface GraphQLApiLogConfig { /** * Amazon Resource Name of the service role that AWS AppSync will assume to publish to Amazon CloudWatch logs in your account. */ cloudwatchLogsRoleArn: pulumi.Input; /** * Set to TRUE to exclude sections that contain information such as headers, context, and evaluated mapping templates, regardless of logging level. Valid values: `true`, `false`. Default value: `false` */ excludeVerboseContent?: pulumi.Input; /** * Field logging level. Valid values: `ALL`, `ERROR`, `NONE`. */ fieldLogLevel: pulumi.Input; } export interface GraphQLApiOpenidConnectConfig { /** * Number of milliseconds a token is valid after being authenticated. */ authTtl?: pulumi.Input; /** * Client identifier of the Relying party at the OpenID identity provider. This identifier is typically obtained when the Relying party is registered with the OpenID identity provider. You can specify a regular expression so the AWS AppSync can validate against multiple client identifiers at a time. */ clientId?: pulumi.Input; /** * Number of milliseconds a token is valid after being issued to a user. */ iatTtl?: pulumi.Input; /** * Issuer for the OpenID Connect configuration. The issuer returned by discovery MUST exactly match the value of iss in the ID Token. */ issuer: pulumi.Input; } export interface GraphQLApiUserPoolConfig { /** * Regular expression for validating the incoming Amazon Cognito User Pool app client ID. */ appIdClientRegex?: pulumi.Input; /** * AWS region in which the user pool was created. */ awsRegion?: pulumi.Input; /** * Action that you want your GraphQL API to take when a request that uses Amazon Cognito User Pool authentication doesn't match the Amazon Cognito User Pool configuration. Valid: `ALLOW` and `DENY` */ defaultAction: pulumi.Input; /** * User pool ID. */ userPoolId: pulumi.Input; } export interface ResolverCachingConfig { /** * The caching keys for a resolver that has caching activated. Valid values are entries from the $context.arguments, $context.source, and $context.identity maps. */ cachingKeys?: pulumi.Input[]>; /** * The TTL in seconds for a resolver that has caching activated. Valid values are between `1` and `3600` seconds. */ ttl?: pulumi.Input; } export interface ResolverPipelineConfig { /** * A list of Function objects. */ functions?: pulumi.Input[]>; } export interface ResolverRuntime { /** * The name of the runtime to use. Currently, the only allowed value is `APPSYNC_JS`. */ name: pulumi.Input; /** * The version of the runtime to use. Currently, the only allowed version is `1.0.0`. */ runtimeVersion: pulumi.Input; } export interface ResolverSyncConfig { /** * Conflict Detection strategy to use. Valid values are `NONE` and `VERSION`. */ conflictDetection?: pulumi.Input; /** * Conflict Resolution strategy to perform in the event of a conflict. Valid values are `NONE`, `OPTIMISTIC_CONCURRENCY`, `AUTOMERGE`, and `LAMBDA`. */ conflictHandler?: pulumi.Input; /** * Lambda Conflict Handler Config when configuring `LAMBDA` as the Conflict Handler. See Lambda Conflict Handler Config. */ lambdaConflictHandlerConfig?: pulumi.Input; } export interface ResolverSyncConfigLambdaConflictHandlerConfig { /** * ARN for the Lambda function to use as the Conflict Handler. */ lambdaConflictHandlerArn?: pulumi.Input; } } export namespace athena { export interface DatabaseAclConfiguration { /** * Amazon S3 canned ACL that Athena should specify when storing query results. Valid value is `BUCKET_OWNER_FULL_CONTROL`. * * > **NOTE:** When Athena queries are executed, result files may be created in the specified bucket. Consider using `forceDestroy` on the bucket too in order to avoid any problems when destroying the bucket. */ s3AclOption: pulumi.Input; } export interface DatabaseEncryptionConfiguration { /** * Type of key; one of `SSE_S3`, `SSE_KMS`, `CSE_KMS` */ encryptionOption: pulumi.Input; /** * KMS key ARN or ID; required for key types `SSE_KMS` and `CSE_KMS`. */ kmsKey?: pulumi.Input; } export interface WorkgroupConfiguration { /** * Integer for the upper data usage limit (cutoff) for the amount of bytes a single query in a workgroup is allowed to scan. Must be at least `10485760`. */ bytesScannedCutoffPerQuery?: pulumi.Input; /** * Boolean whether the settings for the workgroup override client-side settings. For more information, see [Workgroup Settings Override Client-Side Settings](https://docs.aws.amazon.com/athena/latest/ug/workgroups-settings-override.html). Defaults to `true`. */ enforceWorkgroupConfiguration?: pulumi.Input; /** * Configuration block for the Athena Engine Versioning. For more information, see [Athena Engine Versioning](https://docs.aws.amazon.com/athena/latest/ug/engine-versions.html). See Engine Version below. */ engineVersion?: pulumi.Input; /** * Role used in a notebook session for accessing the user's resources. */ executionRole?: pulumi.Input; /** * Boolean whether Amazon CloudWatch metrics are enabled for the workgroup. Defaults to `true`. */ publishCloudwatchMetricsEnabled?: pulumi.Input; /** * If set to true , allows members assigned to a workgroup to reference Amazon S3 Requester Pays buckets in queries. If set to false , workgroup members cannot query data from Requester Pays buckets, and queries that retrieve data from Requester Pays buckets cause an error. The default is false . For more information about Requester Pays buckets, see [Requester Pays Buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/RequesterPaysBuckets.html) in the Amazon Simple Storage Service Developer Guide. */ requesterPaysEnabled?: pulumi.Input; /** * Configuration block with result settings. See Result Configuration below. */ resultConfiguration?: pulumi.Input; } export interface WorkgroupConfigurationEngineVersion { /** * The engine version on which the query runs. If `selectedEngineVersion` is set to `AUTO`, the effective engine version is chosen by Athena. */ effectiveEngineVersion?: pulumi.Input; /** * Requested engine version. Defaults to `AUTO`. */ selectedEngineVersion?: pulumi.Input; } export interface WorkgroupConfigurationResultConfiguration { /** * That an Amazon S3 canned ACL should be set to control ownership of stored query results. See ACL Configuration below. */ aclConfiguration?: pulumi.Input; /** * Configuration block with encryption settings. See Encryption Configuration below. */ encryptionConfiguration?: pulumi.Input; /** * AWS account ID that you expect to be the owner of the Amazon S3 bucket. */ expectedBucketOwner?: pulumi.Input; /** * Location in Amazon S3 where your query results are stored, such as `s3://path/to/query/bucket/`. For more information, see [Queries and Query Result Files](https://docs.aws.amazon.com/athena/latest/ug/querying.html). */ outputLocation?: pulumi.Input; } export interface WorkgroupConfigurationResultConfigurationAclConfiguration { /** * Amazon S3 canned ACL that Athena should specify when storing query results. Valid value is `BUCKET_OWNER_FULL_CONTROL`. */ s3AclOption: pulumi.Input; } export interface WorkgroupConfigurationResultConfigurationEncryptionConfiguration { /** * Whether Amazon S3 server-side encryption with Amazon S3-managed keys (`SSE_S3`), server-side encryption with KMS-managed keys (`SSE_KMS`), or client-side encryption with KMS-managed keys (`CSE_KMS`) is used. If a query runs in a workgroup and the workgroup overrides client-side settings, then the workgroup's setting for encryption is used. It specifies whether query results must be encrypted, for all queries that run in this workgroup. */ encryptionOption?: pulumi.Input; /** * For `SSE_KMS` and `CSE_KMS`, this is the KMS key ARN. */ kmsKeyArn?: pulumi.Input; } } export namespace auditmanager { export interface AssessmentAssessmentReportsDestination { /** * Destination of the assessment report. This value be in the form `s3://{bucket_name}`. */ destination: pulumi.Input; /** * Destination type. Currently, `S3` is the only valid value. */ destinationType: pulumi.Input; } export interface AssessmentRole { /** * Amazon Resource Name (ARN) of the IAM role. */ roleArn: pulumi.Input; /** * Type of customer persona. For assessment creation, type must always be `PROCESS_OWNER`. */ roleType: pulumi.Input; } export interface AssessmentRolesAll { roleArn: pulumi.Input; roleType: pulumi.Input; } export interface AssessmentScope { /** * Amazon Web Services accounts that are in scope for the assessment. See `awsAccounts` below. */ awsAccounts?: pulumi.Input[]>; /** * Amazon Web Services services that are included in the scope of the assessment. See `awsServices` below. */ awsServices?: pulumi.Input[]>; } export interface AssessmentScopeAwsAccount { /** * Identifier for the Amazon Web Services account. */ id: pulumi.Input; } export interface AssessmentScopeAwsService { /** * Name of the Amazon Web Service. */ serviceName: pulumi.Input; } export interface ControlControlMappingSource { /** * Description of the source. */ sourceDescription?: pulumi.Input; /** * Frequency of evidence collection. Valid values are `DAILY`, `WEEKLY`, or `MONTHLY`. */ sourceFrequency?: pulumi.Input; sourceId?: pulumi.Input; /** * The keyword to search for in CloudTrail logs, Config rules, Security Hub checks, and Amazon Web Services API names. See `sourceKeyword` below. */ sourceKeyword?: pulumi.Input; /** * Name of the source. */ sourceName: pulumi.Input; /** * The setup option for the data source. This option reflects if the evidence collection is automated or manual. Valid values are `System_Controls_Mapping` (automated) and `Procedural_Controls_Mapping` (manual). */ sourceSetUpOption: pulumi.Input; /** * Type of data source for evidence collection. If `sourceSetUpOption` is manual, the only valid value is `MANUAL`. If `sourceSetUpOption` is automated, valid values are `AWS_Cloudtrail`, `AWS_Config`, `AWS_Security_Hub`, or `AWS_API_Call`. * * The following arguments are optional: */ sourceType: pulumi.Input; /** * Instructions for troubleshooting the control. */ troubleshootingText?: pulumi.Input; } export interface ControlControlMappingSourceSourceKeyword { /** * Input method for the keyword. Valid values are `SELECT_FROM_LIST`. */ keywordInputType: pulumi.Input; /** * The value of the keyword that's used when mapping a control data source. For example, this can be a CloudTrail event name, a rule name for Config, a Security Hub control, or the name of an Amazon Web Services API call. See the [Audit Manager supported control data sources documentation](https://docs.aws.amazon.com/audit-manager/latest/userguide/control-data-sources.html) for more information. */ keywordValue: pulumi.Input; } export interface FrameworkControlSet { /** * Configuration block(s) for the controls within the control set. See `controls` Block below for details. */ controls?: pulumi.Input[]>; /** * Unique identifier for the framework. */ id?: pulumi.Input; /** * Name of the control set. */ name: pulumi.Input; } export interface FrameworkControlSetControl { /** * Unique identifier of the control. */ id: pulumi.Input; } export interface GetControlControlMappingSource { sourceDescription?: string; sourceFrequency?: string; sourceId?: string; sourceKeyword?: inputs.auditmanager.GetControlControlMappingSourceSourceKeyword; sourceName?: string; sourceSetUpOption?: string; sourceType?: string; troubleshootingText?: string; } export interface GetControlControlMappingSourceArgs { sourceDescription?: pulumi.Input; sourceFrequency?: pulumi.Input; sourceId?: pulumi.Input; sourceKeyword?: pulumi.Input; sourceName?: pulumi.Input; sourceSetUpOption?: pulumi.Input; sourceType?: pulumi.Input; troubleshootingText?: pulumi.Input; } export interface GetControlControlMappingSourceSourceKeyword { keywordInputType?: string; keywordValue?: string; } export interface GetControlControlMappingSourceSourceKeywordArgs { keywordInputType?: pulumi.Input; keywordValue?: pulumi.Input; } export interface GetFrameworkControlSet { controls?: inputs.auditmanager.GetFrameworkControlSetControl[]; id?: string; /** * Name of the framework. */ name?: string; } export interface GetFrameworkControlSetArgs { controls?: pulumi.Input[]>; id?: pulumi.Input; /** * Name of the framework. */ name?: pulumi.Input; } export interface GetFrameworkControlSetControl { id?: string; } export interface GetFrameworkControlSetControlArgs { id?: pulumi.Input; } } export namespace autoscaling { export interface GetAmiIdsFilter { /** * Name of the DescribeAutoScalingGroup filter. The recommended values are: `tag-key`, `tag-value`, and `tag:` */ name: string; /** * Value of the filter. */ values: string[]; } export interface GetAmiIdsFilterArgs { /** * Name of the DescribeAutoScalingGroup filter. The recommended values are: `tag-key`, `tag-value`, and `tag:` */ name: pulumi.Input; /** * Value of the filter. */ values: pulumi.Input[]>; } export interface GroupInitialLifecycleHook { defaultResult?: pulumi.Input; heartbeatTimeout?: pulumi.Input; lifecycleTransition: pulumi.Input; /** * Name of the Auto Scaling Group. By default generated by Pulumi. Conflicts with `namePrefix`. */ name: pulumi.Input; notificationMetadata?: pulumi.Input; notificationTargetArn?: pulumi.Input; roleArn?: pulumi.Input; } export interface GroupInstanceMaintenancePolicy { /** * Specifies the upper limit on the number of instances that are in the InService or Pending state with a healthy status during an instance replacement activity. */ maxHealthyPercentage: pulumi.Input; /** * Specifies the lower limit on the number of instances that must be in the InService state with a healthy status during an instance replacement activity. */ minHealthyPercentage: pulumi.Input; } export interface GroupInstanceRefresh { /** * Override default parameters for Instance Refresh. */ preferences?: pulumi.Input; /** * Strategy to use for instance refresh. The only allowed value is `Rolling`. See [StartInstanceRefresh Action](https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_StartInstanceRefresh.html#API_StartInstanceRefresh_RequestParameters) for more information. */ strategy: pulumi.Input; /** * Set of additional property names that will trigger an Instance Refresh. A refresh will always be triggered by a change in any of `launchConfiguration`, `launchTemplate`, or `mixedInstancesPolicy`. * * > **NOTE:** A refresh is started when any of the following Auto Scaling Group properties change: `launchConfiguration`, `launchTemplate`, `mixedInstancesPolicy`. Additional properties can be specified in the `triggers` property of `instanceRefresh`. * * > **NOTE:** A refresh will not start when `version = "$Latest"` is configured in the `launchTemplate` block. To trigger the instance refresh when a launch template is changed, configure `version` to use the `latestVersion` attribute of the `aws.ec2.LaunchTemplate` resource. * * > **NOTE:** Auto Scaling Groups support up to one active instance refresh at a time. When this resource is updated, any existing refresh is cancelled. * * > **NOTE:** Depending on health check settings and group size, an instance refresh may take a long time or fail. This resource does not wait for the instance refresh to complete. */ triggers?: pulumi.Input[]>; } export interface GroupInstanceRefreshPreferences { /** * Alarm Specification for Instance Refresh. */ alarmSpecification?: pulumi.Input; /** * Automatically rollback if instance refresh fails. Defaults to `false`. This option may only be set to `true` when specifying a `launchTemplate` or `mixedInstancesPolicy`. */ autoRollback?: pulumi.Input; /** * Number of seconds to wait after a checkpoint. Defaults to `3600`. */ checkpointDelay?: pulumi.Input; /** * List of percentages for each checkpoint. Values must be unique and in ascending order. To replace all instances, the final number must be `100`. */ checkpointPercentages?: pulumi.Input[]>; /** * Number of seconds until a newly launched instance is configured and ready to use. Default behavior is to use the Auto Scaling Group's health check grace period. */ instanceWarmup?: pulumi.Input; /** * Amount of capacity in the Auto Scaling group that can be in service and healthy, or pending, to support your workload when an instance refresh is in place, as a percentage of the desired capacity of the Auto Scaling group. Values must be between `100` and `200`, defaults to `100`. */ maxHealthyPercentage?: pulumi.Input; /** * Amount of capacity in the Auto Scaling group that must remain healthy during an instance refresh to allow the operation to continue, as a percentage of the desired capacity of the Auto Scaling group. Defaults to `90`. */ minHealthyPercentage?: pulumi.Input; /** * Behavior when encountering instances protected from scale in are found. Available behaviors are `Refresh`, `Ignore`, and `Wait`. Default is `Ignore`. */ scaleInProtectedInstances?: pulumi.Input; /** * Replace instances that already have your desired configuration. Defaults to `false`. */ skipMatching?: pulumi.Input; /** * Behavior when encountering instances in the `Standby` state in are found. Available behaviors are `Terminate`, `Ignore`, and `Wait`. Default is `Ignore`. */ standbyInstances?: pulumi.Input; } export interface GroupInstanceRefreshPreferencesAlarmSpecification { alarms?: pulumi.Input[]>; } export interface GroupLaunchTemplate { /** * ID of the launch template. Conflicts with `name`. */ id?: pulumi.Input; /** * Name of the launch template. Conflicts with `id`. */ name?: pulumi.Input; /** * Template version. Can be version number, `$Latest`, or `$Default`. (Default: `$Default`). */ version?: pulumi.Input; } export interface GroupMixedInstancesPolicy { /** * Nested argument containing settings on how to mix on-demand and Spot instances in the Auto Scaling group. Defined below. */ instancesDistribution?: pulumi.Input; /** * Nested argument containing launch template settings along with the overrides to specify multiple instance types and weights. Defined below. */ launchTemplate: pulumi.Input; } export interface GroupMixedInstancesPolicyInstancesDistribution { onDemandAllocationStrategy?: pulumi.Input; onDemandBaseCapacity?: pulumi.Input; onDemandPercentageAboveBaseCapacity?: pulumi.Input; spotAllocationStrategy?: pulumi.Input; spotInstancePools?: pulumi.Input; spotMaxPrice?: pulumi.Input; } export interface GroupMixedInstancesPolicyLaunchTemplate { launchTemplateSpecification: pulumi.Input; overrides?: pulumi.Input[]>; } export interface GroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification { launchTemplateId?: pulumi.Input; launchTemplateName?: pulumi.Input; version?: pulumi.Input; } export interface GroupMixedInstancesPolicyLaunchTemplateOverride { instanceRequirements?: pulumi.Input; instanceType?: pulumi.Input; launchTemplateSpecification?: pulumi.Input; weightedCapacity?: pulumi.Input; } export interface GroupMixedInstancesPolicyLaunchTemplateOverrideInstanceRequirements { acceleratorCount?: pulumi.Input; acceleratorManufacturers?: pulumi.Input[]>; acceleratorNames?: pulumi.Input[]>; acceleratorTotalMemoryMib?: pulumi.Input; acceleratorTypes?: pulumi.Input[]>; allowedInstanceTypes?: pulumi.Input[]>; bareMetal?: pulumi.Input; baselineEbsBandwidthMbps?: pulumi.Input; burstablePerformance?: pulumi.Input; cpuManufacturers?: pulumi.Input[]>; excludedInstanceTypes?: pulumi.Input[]>; instanceGenerations?: pulumi.Input[]>; localStorage?: pulumi.Input; localStorageTypes?: pulumi.Input[]>; memoryGibPerVcpu?: pulumi.Input; memoryMib?: pulumi.Input; networkBandwidthGbps?: pulumi.Input; networkInterfaceCount?: pulumi.Input; onDemandMaxPricePercentageOverLowestPrice?: pulumi.Input; requireHibernateSupport?: pulumi.Input; spotMaxPricePercentageOverLowestPrice?: pulumi.Input; totalLocalStorageGb?: pulumi.Input; vcpuCount?: pulumi.Input; } export interface GroupMixedInstancesPolicyLaunchTemplateOverrideInstanceRequirementsAcceleratorCount { max?: pulumi.Input; min?: pulumi.Input; } export interface GroupMixedInstancesPolicyLaunchTemplateOverrideInstanceRequirementsAcceleratorTotalMemoryMib { max?: pulumi.Input; min?: pulumi.Input; } export interface GroupMixedInstancesPolicyLaunchTemplateOverrideInstanceRequirementsBaselineEbsBandwidthMbps { max?: pulumi.Input; min?: pulumi.Input; } export interface GroupMixedInstancesPolicyLaunchTemplateOverrideInstanceRequirementsMemoryGibPerVcpu { max?: pulumi.Input; min?: pulumi.Input; } export interface GroupMixedInstancesPolicyLaunchTemplateOverrideInstanceRequirementsMemoryMib { max?: pulumi.Input; min?: pulumi.Input; } export interface GroupMixedInstancesPolicyLaunchTemplateOverrideInstanceRequirementsNetworkBandwidthGbps { max?: pulumi.Input; min?: pulumi.Input; } export interface GroupMixedInstancesPolicyLaunchTemplateOverrideInstanceRequirementsNetworkInterfaceCount { max?: pulumi.Input; min?: pulumi.Input; } export interface GroupMixedInstancesPolicyLaunchTemplateOverrideInstanceRequirementsTotalLocalStorageGb { max?: pulumi.Input; min?: pulumi.Input; } export interface GroupMixedInstancesPolicyLaunchTemplateOverrideInstanceRequirementsVcpuCount { max?: pulumi.Input; min?: pulumi.Input; } export interface GroupMixedInstancesPolicyLaunchTemplateOverrideLaunchTemplateSpecification { launchTemplateId?: pulumi.Input; launchTemplateName?: pulumi.Input; version?: pulumi.Input; } export interface GroupTag { /** * Key */ key: pulumi.Input; /** * Enables propagation of the tag to * Amazon EC2 instances launched via this ASG * * To declare multiple tags, additional `tag` blocks can be specified. * * > **NOTE:** Other AWS APIs may automatically add special tags to their associated Auto Scaling Group for management purposes, such as ECS Capacity Providers adding the `AmazonECSManaged` tag. These generally should be included in the configuration so the provider does not attempt to remove them and so if the `minSize` was greater than zero on creation, that these tag(s) are applied to any initial EC2 Instances in the Auto Scaling Group. If these tag(s) were missing in the Auto Scaling Group configuration on creation, affected EC2 Instances missing the tags may require manual intervention of adding the tags to ensure they work properly with the other AWS service. */ propagateAtLaunch: pulumi.Input; /** * Value */ value: pulumi.Input; } export interface GroupTrafficSource { /** * Identifies the traffic source. For Application Load Balancers, Gateway Load Balancers, Network Load Balancers, and VPC Lattice, this will be the Amazon Resource Name (ARN) for a target group in this account and Region. For Classic Load Balancers, this will be the name of the Classic Load Balancer in this account and Region. */ identifier: pulumi.Input; /** * Provides additional context for the value of Identifier. * The following lists the valid values: * `elb` if `identifier` is the name of a Classic Load Balancer. * `elbv2` if `identifier` is the ARN of an Application Load Balancer, Gateway Load Balancer, or Network Load Balancer target group. * `vpc-lattice` if `identifier` is the ARN of a VPC Lattice target group. */ type?: pulumi.Input; } export interface GroupWarmPool { /** * Whether instances in the Auto Scaling group can be returned to the warm pool on scale in. The default is to terminate instances in the Auto Scaling group when the group scales in. */ instanceReusePolicy?: pulumi.Input; /** * Total maximum number of instances that are allowed to be in the warm pool or in any state except Terminated for the Auto Scaling group. */ maxGroupPreparedCapacity?: pulumi.Input; /** * Minimum number of instances to maintain in the warm pool. This helps you to ensure that there is always a certain number of warmed instances available to handle traffic spikes. Defaults to 0 if not specified. */ minSize?: pulumi.Input; /** * Sets the instance state to transition to after the lifecycle hooks finish. Valid values are: Stopped (default), Running or Hibernated. */ poolState?: pulumi.Input; } export interface GroupWarmPoolInstanceReusePolicy { /** * Whether instances in the Auto Scaling group can be returned to the warm pool on scale in. */ reuseOnScaleIn?: pulumi.Input; } export interface PolicyPredictiveScalingConfiguration { /** * Defines the behavior that should be applied if the forecast capacity approaches or exceeds the maximum capacity of the Auto Scaling group. Valid values are `HonorMaxCapacity` or `IncreaseMaxCapacity`. Default is `HonorMaxCapacity`. */ maxCapacityBreachBehavior?: pulumi.Input; /** * Size of the capacity buffer to use when the forecast capacity is close to or exceeds the maximum capacity. Valid range is `0` to `100`. If set to `0`, Amazon EC2 Auto Scaling may scale capacity higher than the maximum capacity to equal but not exceed forecast capacity. */ maxCapacityBuffer?: pulumi.Input; /** * This structure includes the metrics and target utilization to use for predictive scaling. */ metricSpecification: pulumi.Input; /** * Predictive scaling mode. Valid values are `ForecastAndScale` and `ForecastOnly`. Default is `ForecastOnly`. */ mode?: pulumi.Input; /** * Amount of time, in seconds, by which the instance launch time can be advanced. Minimum is `0`. */ schedulingBufferTime?: pulumi.Input; } export interface PolicyPredictiveScalingConfigurationMetricSpecification { /** * Customized capacity metric specification. The field is only valid when you use `customizedLoadMetricSpecification` */ customizedCapacityMetricSpecification?: pulumi.Input; /** * Customized load metric specification. */ customizedLoadMetricSpecification?: pulumi.Input; /** * Customized scaling metric specification. */ customizedScalingMetricSpecification?: pulumi.Input; /** * Predefined load metric specification. */ predefinedLoadMetricSpecification?: pulumi.Input; /** * Metric pair specification from which Amazon EC2 Auto Scaling determines the appropriate scaling metric and load metric to use. */ predefinedMetricPairSpecification?: pulumi.Input; /** * Predefined scaling metric specification. */ predefinedScalingMetricSpecification?: pulumi.Input; /** * Target value for the metric. */ targetValue: pulumi.Input; } export interface PolicyPredictiveScalingConfigurationMetricSpecificationCustomizedCapacityMetricSpecification { /** * List of up to 10 structures that defines custom capacity metric in predictive scaling policy */ metricDataQueries: pulumi.Input[]>; } export interface PolicyPredictiveScalingConfigurationMetricSpecificationCustomizedCapacityMetricSpecificationMetricDataQuery { /** * Math expression used on the returned metric. You must specify either `expression` or `metricStat`, but not both. */ expression?: pulumi.Input; /** * Short name for the metric used in predictive scaling policy. */ id: pulumi.Input; /** * Human-readable label for this metric or expression. */ label?: pulumi.Input; /** * Structure that defines CloudWatch metric to be used in predictive scaling policy. You must specify either `expression` or `metricStat`, but not both. */ metricStat?: pulumi.Input; /** * Boolean that indicates whether to return the timestamps and raw data values of this metric, the default is true */ returnData?: pulumi.Input; } export interface PolicyPredictiveScalingConfigurationMetricSpecificationCustomizedCapacityMetricSpecificationMetricDataQueryMetricStat { /** * Structure that defines the CloudWatch metric to return, including the metric name, namespace, and dimensions. */ metric: pulumi.Input; /** * Statistic of the metrics to return. */ stat: pulumi.Input; /** * Unit of the metrics to return. */ unit?: pulumi.Input; } export interface PolicyPredictiveScalingConfigurationMetricSpecificationCustomizedCapacityMetricSpecificationMetricDataQueryMetricStatMetric { /** * Dimensions of the metric. */ dimensions?: pulumi.Input[]>; /** * Name of the metric. */ metricName: pulumi.Input; /** * Namespace of the metric. */ namespace: pulumi.Input; } export interface PolicyPredictiveScalingConfigurationMetricSpecificationCustomizedCapacityMetricSpecificationMetricDataQueryMetricStatMetricDimension { /** * Name of the dimension. */ name: pulumi.Input; /** * Value of the dimension. */ value: pulumi.Input; } export interface PolicyPredictiveScalingConfigurationMetricSpecificationCustomizedLoadMetricSpecification { /** * List of up to 10 structures that defines custom load metric in predictive scaling policy */ metricDataQueries: pulumi.Input[]>; } export interface PolicyPredictiveScalingConfigurationMetricSpecificationCustomizedLoadMetricSpecificationMetricDataQuery { /** * Math expression used on the returned metric. You must specify either `expression` or `metricStat`, but not both. */ expression?: pulumi.Input; /** * Short name for the metric used in predictive scaling policy. */ id: pulumi.Input; /** * Human-readable label for this metric or expression. */ label?: pulumi.Input; /** * Structure that defines CloudWatch metric to be used in predictive scaling policy. You must specify either `expression` or `metricStat`, but not both. */ metricStat?: pulumi.Input; /** * Boolean that indicates whether to return the timestamps and raw data values of this metric, the default is true */ returnData?: pulumi.Input; } export interface PolicyPredictiveScalingConfigurationMetricSpecificationCustomizedLoadMetricSpecificationMetricDataQueryMetricStat { /** * Structure that defines the CloudWatch metric to return, including the metric name, namespace, and dimensions. */ metric: pulumi.Input; /** * Statistic of the metrics to return. */ stat: pulumi.Input; /** * Unit of the metrics to return. */ unit?: pulumi.Input; } export interface PolicyPredictiveScalingConfigurationMetricSpecificationCustomizedLoadMetricSpecificationMetricDataQueryMetricStatMetric { /** * Dimensions of the metric. */ dimensions?: pulumi.Input[]>; /** * Name of the metric. */ metricName: pulumi.Input; /** * Namespace of the metric. */ namespace: pulumi.Input; } export interface PolicyPredictiveScalingConfigurationMetricSpecificationCustomizedLoadMetricSpecificationMetricDataQueryMetricStatMetricDimension { /** * Name of the dimension. */ name: pulumi.Input; /** * Value of the dimension. */ value: pulumi.Input; } export interface PolicyPredictiveScalingConfigurationMetricSpecificationCustomizedScalingMetricSpecification { /** * List of up to 10 structures that defines custom scaling metric in predictive scaling policy */ metricDataQueries: pulumi.Input[]>; } export interface PolicyPredictiveScalingConfigurationMetricSpecificationCustomizedScalingMetricSpecificationMetricDataQuery { /** * Math expression used on the returned metric. You must specify either `expression` or `metricStat`, but not both. */ expression?: pulumi.Input; /** * Short name for the metric used in predictive scaling policy. */ id: pulumi.Input; /** * Human-readable label for this metric or expression. */ label?: pulumi.Input; /** * Structure that defines CloudWatch metric to be used in predictive scaling policy. You must specify either `expression` or `metricStat`, but not both. */ metricStat?: pulumi.Input; /** * Boolean that indicates whether to return the timestamps and raw data values of this metric, the default is true */ returnData?: pulumi.Input; } export interface PolicyPredictiveScalingConfigurationMetricSpecificationCustomizedScalingMetricSpecificationMetricDataQueryMetricStat { /** * Structure that defines the CloudWatch metric to return, including the metric name, namespace, and dimensions. */ metric: pulumi.Input; /** * Statistic of the metrics to return. */ stat: pulumi.Input; /** * Unit of the metrics to return. */ unit?: pulumi.Input; } export interface PolicyPredictiveScalingConfigurationMetricSpecificationCustomizedScalingMetricSpecificationMetricDataQueryMetricStatMetric { /** * Dimensions of the metric. */ dimensions?: pulumi.Input[]>; /** * Name of the metric. */ metricName: pulumi.Input; /** * Namespace of the metric. */ namespace: pulumi.Input; } export interface PolicyPredictiveScalingConfigurationMetricSpecificationCustomizedScalingMetricSpecificationMetricDataQueryMetricStatMetricDimension { /** * Name of the dimension. */ name: pulumi.Input; /** * Value of the dimension. */ value: pulumi.Input; } export interface PolicyPredictiveScalingConfigurationMetricSpecificationPredefinedLoadMetricSpecification { /** * Metric type. Valid values are `ASGTotalCPUUtilization`, `ASGTotalNetworkIn`, `ASGTotalNetworkOut`, or `ALBTargetGroupRequestCount`. */ predefinedMetricType: pulumi.Input; /** * Label that uniquely identifies a specific Application Load Balancer target group from which to determine the request count served by your Auto Scaling group. You create the resource label by appending the final portion of the load balancer ARN and the final portion of the target group ARN into a single value, separated by a forward slash (/). Refer to [PredefinedMetricSpecification](https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_PredefinedMetricSpecification.html) for more information. */ resourceLabel?: pulumi.Input; } export interface PolicyPredictiveScalingConfigurationMetricSpecificationPredefinedMetricPairSpecification { /** * Which metrics to use. There are two different types of metrics for each metric type: one is a load metric and one is a scaling metric. For example, if the metric type is `ASGCPUUtilization`, the Auto Scaling group's total CPU metric is used as the load metric, and the average CPU metric is used for the scaling metric. Valid values are `ASGCPUUtilization`, `ASGNetworkIn`, `ASGNetworkOut`, or `ALBRequestCount`. */ predefinedMetricType: pulumi.Input; /** * Label that uniquely identifies a specific Application Load Balancer target group from which to determine the request count served by your Auto Scaling group. You create the resource label by appending the final portion of the load balancer ARN and the final portion of the target group ARN into a single value, separated by a forward slash (/). Refer to [PredefinedMetricSpecification](https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_PredefinedMetricSpecification.html) for more information. */ resourceLabel?: pulumi.Input; } export interface PolicyPredictiveScalingConfigurationMetricSpecificationPredefinedScalingMetricSpecification { /** * Describes a scaling metric for a predictive scaling policy. Valid values are `ASGAverageCPUUtilization`, `ASGAverageNetworkIn`, `ASGAverageNetworkOut`, or `ALBRequestCountPerTarget`. */ predefinedMetricType: pulumi.Input; /** * Label that uniquely identifies a specific Application Load Balancer target group from which to determine the request count served by your Auto Scaling group. You create the resource label by appending the final portion of the load balancer ARN and the final portion of the target group ARN into a single value, separated by a forward slash (/). Refer to [PredefinedMetricSpecification](https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_PredefinedMetricSpecification.html) for more information. */ resourceLabel?: pulumi.Input; } export interface PolicyStepAdjustment { /** * Lower bound for the * difference between the alarm threshold and the CloudWatch metric. * Without a value, AWS will treat this bound as negative infinity. */ metricIntervalLowerBound?: pulumi.Input; /** * Upper bound for the * difference between the alarm threshold and the CloudWatch metric. * Without a value, AWS will treat this bound as positive infinity. The upper bound * must be greater than the lower bound. * * Notice the bounds are **relative** to the alarm threshold, meaning that the starting point is not 0%, but the alarm threshold. Check the official [docs](https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-scaling-simple-step.html#as-scaling-steps) for a detailed example. * * The following arguments are only available to "TargetTrackingScaling" type policies: */ metricIntervalUpperBound?: pulumi.Input; /** * Number of members by which to * scale, when the adjustment bounds are breached. A positive value scales * up. A negative value scales down. */ scalingAdjustment: pulumi.Input; } export interface PolicyTargetTrackingConfiguration { /** * Customized metric. Conflicts with `predefinedMetricSpecification`. */ customizedMetricSpecification?: pulumi.Input; /** * Whether scale in by the target tracking policy is disabled. */ disableScaleIn?: pulumi.Input; /** * Predefined metric. Conflicts with `customizedMetricSpecification`. */ predefinedMetricSpecification?: pulumi.Input; /** * Target value for the metric. */ targetValue: pulumi.Input; } export interface PolicyTargetTrackingConfigurationCustomizedMetricSpecification { /** * Dimensions of the metric. */ metricDimensions?: pulumi.Input[]>; /** * Name of the metric. */ metricName?: pulumi.Input; /** * Metrics to include, as a metric data query. */ metrics?: pulumi.Input[]>; /** * Namespace of the metric. */ namespace?: pulumi.Input; /** * Statistic of the metric. */ statistic?: pulumi.Input; /** * Unit of the metric. */ unit?: pulumi.Input; } export interface PolicyTargetTrackingConfigurationCustomizedMetricSpecificationMetric { /** * Math expression used on the returned metric. You must specify either `expression` or `metricStat`, but not both. */ expression?: pulumi.Input; /** * Short name for the metric used in target tracking scaling policy. */ id: pulumi.Input; /** * Human-readable label for this metric or expression. */ label?: pulumi.Input; /** * Structure that defines CloudWatch metric to be used in target tracking scaling policy. You must specify either `expression` or `metricStat`, but not both. */ metricStat?: pulumi.Input; /** * Boolean that indicates whether to return the timestamps and raw data values of this metric, the default is true */ returnData?: pulumi.Input; } export interface PolicyTargetTrackingConfigurationCustomizedMetricSpecificationMetricDimension { /** * Name of the dimension. */ name: pulumi.Input; /** * Value of the dimension. */ value: pulumi.Input; } export interface PolicyTargetTrackingConfigurationCustomizedMetricSpecificationMetricMetricStat { /** * Structure that defines the CloudWatch metric to return, including the metric name, namespace, and dimensions. */ metric: pulumi.Input; /** * Statistic of the metrics to return. */ stat: pulumi.Input; /** * Unit of the metrics to return. */ unit?: pulumi.Input; } export interface PolicyTargetTrackingConfigurationCustomizedMetricSpecificationMetricMetricStatMetric { /** * Dimensions of the metric. */ dimensions?: pulumi.Input[]>; /** * Name of the metric. */ metricName: pulumi.Input; /** * Namespace of the metric. */ namespace: pulumi.Input; } export interface PolicyTargetTrackingConfigurationCustomizedMetricSpecificationMetricMetricStatMetricDimension { /** * Name of the dimension. */ name: pulumi.Input; /** * Value of the dimension. */ value: pulumi.Input; } export interface PolicyTargetTrackingConfigurationPredefinedMetricSpecification { /** * Metric type. */ predefinedMetricType: pulumi.Input; /** * Identifies the resource associated with the metric type. */ resourceLabel?: pulumi.Input; } export interface TagTag { /** * Tag name. */ key: pulumi.Input; /** * Whether to propagate the tags to instances launched by the ASG. */ propagateAtLaunch: pulumi.Input; /** * Tag value. */ value: pulumi.Input; } export interface TrafficSourceAttachmentTrafficSource { /** * Identifies the traffic source. For Application Load Balancers, Gateway Load Balancers, Network Load Balancers, and VPC Lattice, this will be the Amazon Resource Name (ARN) for a target group in this account and Region. For Classic Load Balancers, this will be the name of the Classic Load Balancer in this account and Region. */ identifier: pulumi.Input; /** * Provides additional context for the value of `identifier`. * The following lists the valid values: * `elb` if `identifier` is the name of a Classic Load Balancer. * `elbv2` if `identifier` is the ARN of an Application Load Balancer, Gateway Load Balancer, or Network Load Balancer target group. * `vpc-lattice` if `identifier` is the ARN of a VPC Lattice target group. */ type: pulumi.Input; } } export namespace autoscalingplans { export interface ScalingPlanApplicationSource { /** * ARN of a AWS CloudFormation stack. */ cloudformationStackArn?: pulumi.Input; /** * Set of tags. */ tagFilters?: pulumi.Input[]>; } export interface ScalingPlanApplicationSourceTagFilter { /** * Tag key. */ key: pulumi.Input; /** * Tag values. */ values?: pulumi.Input[]>; } export interface ScalingPlanScalingInstruction { /** * Customized load metric to use for predictive scaling. You must specify either `customizedLoadMetricSpecification` or `predefinedLoadMetricSpecification` when configuring predictive scaling. * More details can be found in the [AWS Auto Scaling API Reference](https://docs.aws.amazon.com/autoscaling/plans/APIReference/API_CustomizedLoadMetricSpecification.html). */ customizedLoadMetricSpecification?: pulumi.Input; /** * Boolean controlling whether dynamic scaling by AWS Auto Scaling is disabled. Defaults to `false`. */ disableDynamicScaling?: pulumi.Input; /** * Maximum capacity of the resource. The exception to this upper limit is if you specify a non-default setting for `predictiveScalingMaxCapacityBehavior`. */ maxCapacity: pulumi.Input; /** * Minimum capacity of the resource. */ minCapacity: pulumi.Input; /** * Predefined load metric to use for predictive scaling. You must specify either `predefinedLoadMetricSpecification` or `customizedLoadMetricSpecification` when configuring predictive scaling. * More details can be found in the [AWS Auto Scaling API Reference](https://docs.aws.amazon.com/autoscaling/plans/APIReference/API_PredefinedLoadMetricSpecification.html). */ predefinedLoadMetricSpecification?: pulumi.Input; /** * Defines the behavior that should be applied if the forecast capacity approaches or exceeds the maximum capacity specified for the resource. * Valid values: `SetForecastCapacityToMaxCapacity`, `SetMaxCapacityAboveForecastCapacity`, `SetMaxCapacityToForecastCapacity`. */ predictiveScalingMaxCapacityBehavior?: pulumi.Input; /** * Size of the capacity buffer to use when the forecast capacity is close to or exceeds the maximum capacity. */ predictiveScalingMaxCapacityBuffer?: pulumi.Input; /** * Predictive scaling mode. Valid values: `ForecastAndScale`, `ForecastOnly`. */ predictiveScalingMode?: pulumi.Input; /** * ID of the resource. This string consists of the resource type and unique identifier. */ resourceId: pulumi.Input; /** * Scalable dimension associated with the resource. Valid values: `autoscaling:autoScalingGroup:DesiredCapacity`, `dynamodb:index:ReadCapacityUnits`, `dynamodb:index:WriteCapacityUnits`, `dynamodb:table:ReadCapacityUnits`, `dynamodb:table:WriteCapacityUnits`, `ecs:service:DesiredCount`, `ec2:spot-fleet-request:TargetCapacity`, `rds:cluster:ReadReplicaCount`. */ scalableDimension: pulumi.Input; /** * Controls whether a resource's externally created scaling policies are kept or replaced. Valid values: `KeepExternalPolicies`, `ReplaceExternalPolicies`. Defaults to `KeepExternalPolicies`. */ scalingPolicyUpdateBehavior?: pulumi.Input; /** * Amount of time, in seconds, to buffer the run time of scheduled scaling actions when scaling out. */ scheduledActionBufferTime?: pulumi.Input; /** * Namespace of the AWS service. Valid values: `autoscaling`, `dynamodb`, `ecs`, `ec2`, `rds`. */ serviceNamespace: pulumi.Input; /** * Structure that defines new target tracking configurations. Each of these structures includes a specific scaling metric and a target value for the metric, along with various parameters to use with dynamic scaling. * More details can be found in the [AWS Auto Scaling API Reference](https://docs.aws.amazon.com/autoscaling/plans/APIReference/API_TargetTrackingConfiguration.html). */ targetTrackingConfigurations: pulumi.Input[]>; } export interface ScalingPlanScalingInstructionCustomizedLoadMetricSpecification { /** * Dimensions of the metric. */ dimensions?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Name of the metric. */ metricName: pulumi.Input; /** * Namespace of the metric. */ namespace: pulumi.Input; /** * Statistic of the metric. Currently, the value must always be `Sum`. */ statistic: pulumi.Input; /** * Unit of the metric. */ unit?: pulumi.Input; } export interface ScalingPlanScalingInstructionPredefinedLoadMetricSpecification { /** * Metric type. Valid values: `ALBTargetGroupRequestCount`, `ASGTotalCPUUtilization`, `ASGTotalNetworkIn`, `ASGTotalNetworkOut`. */ predefinedLoadMetricType: pulumi.Input; /** * Identifies the resource associated with the metric type. */ resourceLabel?: pulumi.Input; } export interface ScalingPlanScalingInstructionTargetTrackingConfiguration { /** * Customized metric. You can specify either `customizedScalingMetricSpecification` or `predefinedScalingMetricSpecification`. * More details can be found in the [AWS Auto Scaling API Reference](https://docs.aws.amazon.com/autoscaling/plans/APIReference/API_CustomizedScalingMetricSpecification.html). */ customizedScalingMetricSpecification?: pulumi.Input; /** * Boolean indicating whether scale in by the target tracking scaling policy is disabled. Defaults to `false`. */ disableScaleIn?: pulumi.Input; /** * Estimated time, in seconds, until a newly launched instance can contribute to the CloudWatch metrics. * This value is used only if the resource is an Auto Scaling group. */ estimatedInstanceWarmup?: pulumi.Input; /** * Predefined metric. You can specify either `predefinedScalingMetricSpecification` or `customizedScalingMetricSpecification`. * More details can be found in the [AWS Auto Scaling API Reference](https://docs.aws.amazon.com/autoscaling/plans/APIReference/API_PredefinedScalingMetricSpecification.html). */ predefinedScalingMetricSpecification?: pulumi.Input; /** * Amount of time, in seconds, after a scale in activity completes before another scale in activity can start. * This value is not used if the scalable resource is an Auto Scaling group. */ scaleInCooldown?: pulumi.Input; /** * Amount of time, in seconds, after a scale-out activity completes before another scale-out activity can start. * This value is not used if the scalable resource is an Auto Scaling group. */ scaleOutCooldown?: pulumi.Input; /** * Target value for the metric. */ targetValue: pulumi.Input; } export interface ScalingPlanScalingInstructionTargetTrackingConfigurationCustomizedScalingMetricSpecification { /** * Dimensions of the metric. */ dimensions?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Name of the metric. */ metricName: pulumi.Input; /** * Namespace of the metric. */ namespace: pulumi.Input; /** * Statistic of the metric. Valid values: `Average`, `Maximum`, `Minimum`, `SampleCount`, `Sum`. */ statistic: pulumi.Input; /** * Unit of the metric. */ unit?: pulumi.Input; } export interface ScalingPlanScalingInstructionTargetTrackingConfigurationPredefinedScalingMetricSpecification { /** * Metric type. Valid values: `ALBRequestCountPerTarget`, `ASGAverageCPUUtilization`, `ASGAverageNetworkIn`, `ASGAverageNetworkOut`, `DynamoDBReadCapacityUtilization`, `DynamoDBWriteCapacityUtilization`, `ECSServiceAverageCPUUtilization`, `ECSServiceAverageMemoryUtilization`, `EC2SpotFleetRequestAverageCPUUtilization`, `EC2SpotFleetRequestAverageNetworkIn`, `EC2SpotFleetRequestAverageNetworkOut`, `RDSReaderAverageCPUUtilization`, `RDSReaderAverageDatabaseConnections`. */ predefinedScalingMetricType: pulumi.Input; /** * Identifies the resource associated with the metric type. */ resourceLabel?: pulumi.Input; } } export namespace backup { export interface FrameworkControl { /** * One or more input parameter blocks. An example of a control with two parameters is: "backup plan frequency is at least daily and the retention period is at least 1 year". The first parameter is daily. The second parameter is 1 year. Detailed below. */ inputParameters?: pulumi.Input[]>; /** * The name of a control. This name is between 1 and 256 characters. */ name: pulumi.Input; /** * The scope of a control. The control scope defines what the control will evaluate. Three examples of control scopes are: a specific backup plan, all backup plans with a specific tag, or all backup plans. Detailed below. */ scope?: pulumi.Input; } export interface FrameworkControlInputParameter { /** * The name of a parameter, for example, BackupPlanFrequency. */ name?: pulumi.Input; /** * The value of parameter, for example, hourly. */ value?: pulumi.Input; } export interface FrameworkControlScope { /** * The ID of the only AWS resource that you want your control scope to contain. Minimum number of 1 item. Maximum number of 100 items. */ complianceResourceIds?: pulumi.Input[]>; /** * Describes whether the control scope includes one or more types of resources, such as EFS or RDS. */ complianceResourceTypes?: pulumi.Input[]>; /** * The tag key-value pair applied to those AWS resources that you want to trigger an evaluation for a rule. A maximum of one key-value pair can be provided. */ tags?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface PlanAdvancedBackupSetting { /** * Specifies the backup option for a selected resource. This option is only available for Windows VSS backup jobs. Set to `{ WindowsVSS = "enabled" }` to enable Windows VSS backup option and create a VSS Windows backup. */ backupOptions: pulumi.Input<{[key: string]: pulumi.Input}>; /** * The type of AWS resource to be backed up. For VSS Windows backups, the only supported resource type is Amazon EC2. Valid values: `EC2`. */ resourceType: pulumi.Input; } export interface PlanRule { /** * The amount of time in minutes AWS Backup attempts a backup before canceling the job and returning an error. */ completionWindow?: pulumi.Input; /** * Configuration block(s) with copy operation settings. Detailed below. */ copyActions?: pulumi.Input[]>; /** * Enable continuous backups for supported resources. */ enableContinuousBackup?: pulumi.Input; /** * The lifecycle defines when a protected resource is transitioned to cold storage and when it expires. Fields documented below. */ lifecycle?: pulumi.Input; /** * Metadata that you can assign to help organize the resources that you create. */ recoveryPointTags?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * An display name for a backup rule. */ ruleName: pulumi.Input; /** * A CRON expression specifying when AWS Backup initiates a backup job. */ schedule?: pulumi.Input; /** * The amount of time in minutes before beginning a backup. */ startWindow?: pulumi.Input; /** * The name of a logical container where backups are stored. */ targetVaultName: pulumi.Input; } export interface PlanRuleCopyAction { /** * An Amazon Resource Name (ARN) that uniquely identifies the destination backup vault for the copied backup. */ destinationVaultArn: pulumi.Input; /** * The lifecycle defines when a protected resource is copied over to a backup vault and when it expires. Fields documented above. */ lifecycle?: pulumi.Input; } export interface PlanRuleCopyActionLifecycle { /** * Specifies the number of days after creation that a recovery point is moved to cold storage. */ coldStorageAfter?: pulumi.Input; /** * Specifies the number of days after creation that a recovery point is deleted. Must be 90 days greater than `coldStorageAfter`. */ deleteAfter?: pulumi.Input; /** * This setting will instruct your backup plan to transition supported resources to archive (cold) storage tier in accordance with your lifecycle settings. */ optInToArchiveForSupportedResources?: pulumi.Input; } export interface PlanRuleLifecycle { /** * Specifies the number of days after creation that a recovery point is moved to cold storage. */ coldStorageAfter?: pulumi.Input; /** * Specifies the number of days after creation that a recovery point is deleted. Must be 90 days greater than `coldStorageAfter`. */ deleteAfter?: pulumi.Input; /** * This setting will instruct your backup plan to transition supported resources to archive (cold) storage tier in accordance with your lifecycle settings. */ optInToArchiveForSupportedResources?: pulumi.Input; } export interface ReportPlanReportDeliveryChannel { /** * A list of the format of your reports: CSV, JSON, or both. If not specified, the default format is CSV. */ formats?: pulumi.Input[]>; /** * The unique name of the S3 bucket that receives your reports. */ s3BucketName: pulumi.Input; /** * The prefix for where Backup Audit Manager delivers your reports to Amazon S3. The prefix is this part of the following path: s3://your-bucket-name/prefix/Backup/us-west-2/year/month/day/report-name. If not specified, there is no prefix. */ s3KeyPrefix?: pulumi.Input; } export interface ReportPlanReportSetting { /** * Specifies the list of accounts a report covers. */ accounts?: pulumi.Input[]>; /** * Specifies the Amazon Resource Names (ARNs) of the frameworks a report covers. */ frameworkArns?: pulumi.Input[]>; /** * Specifies the number of frameworks a report covers. */ numberOfFrameworks?: pulumi.Input; /** * Specifies the list of Organizational Units a report covers. */ organizationUnits?: pulumi.Input[]>; /** * Specifies the list of regions a report covers. */ regions?: pulumi.Input[]>; /** * Identifies the report template for the report. Reports are built using a report template. The report templates are: `RESOURCE_COMPLIANCE_REPORT` | `CONTROL_COMPLIANCE_REPORT` | `BACKUP_JOB_REPORT` | `COPY_JOB_REPORT` | `RESTORE_JOB_REPORT`. */ reportTemplate: pulumi.Input; } export interface SelectionCondition { stringEquals?: pulumi.Input[]>; stringLikes?: pulumi.Input[]>; stringNotEquals?: pulumi.Input[]>; stringNotLikes?: pulumi.Input[]>; } export interface SelectionConditionStringEqual { key: pulumi.Input; value: pulumi.Input; } export interface SelectionConditionStringLike { key: pulumi.Input; value: pulumi.Input; } export interface SelectionConditionStringNotEqual { key: pulumi.Input; value: pulumi.Input; } export interface SelectionConditionStringNotLike { key: pulumi.Input; value: pulumi.Input; } export interface SelectionSelectionTag { /** * The key in a key-value pair. */ key: pulumi.Input; /** * An operation, such as `StringEquals`, that is applied to a key-value pair used to filter resources in a selection. */ type: pulumi.Input; /** * The value in a key-value pair. */ value: pulumi.Input; } } export namespace batch { export interface ComputeEnvironmentComputeResources { /** * The allocation strategy to use for the compute resource in case not enough instances of the best fitting instance type can be allocated. For valid values, refer to the [AWS documentation](https://docs.aws.amazon.com/batch/latest/APIReference/API_ComputeResource.html#Batch-Type-ComputeResource-allocationStrategy). Defaults to `BEST_FIT`. This parameter isn't applicable to jobs running on Fargate resources, and shouldn't be specified. */ allocationStrategy?: pulumi.Input; /** * Integer of maximum percentage that a Spot Instance price can be when compared with the On-Demand price for that instance type before instances are launched. For example, if your bid percentage is 20% (`20`), then the Spot price must be below 20% of the current On-Demand price for that EC2 instance. If you leave this field empty, the default value is 100% of the On-Demand price. This parameter isn't applicable to jobs running on Fargate resources, and shouldn't be specified. */ bidPercentage?: pulumi.Input; /** * The desired number of EC2 vCPUS in the compute environment. This parameter isn't applicable to jobs running on Fargate resources, and shouldn't be specified. */ desiredVcpus?: pulumi.Input; /** * Provides information used to select Amazon Machine Images (AMIs) for EC2 instances in the compute environment. If Ec2Configuration isn't specified, the default is ECS_AL2. This parameter isn't applicable to jobs that are running on Fargate resources, and shouldn't be specified. */ ec2Configurations?: pulumi.Input[]>; /** * The EC2 key pair that is used for instances launched in the compute environment. This parameter isn't applicable to jobs running on Fargate resources, and shouldn't be specified. */ ec2KeyPair?: pulumi.Input; /** * The Amazon Machine Image (AMI) ID used for instances launched in the compute environment. This parameter isn't applicable to jobs running on Fargate resources, and shouldn't be specified. (Deprecated, use `ec2Configuration` `imageIdOverride` instead) */ imageId?: pulumi.Input; /** * The Amazon ECS instance role applied to Amazon EC2 instances in a compute environment. This parameter isn't applicable to jobs running on Fargate resources, and shouldn't be specified. */ instanceRole?: pulumi.Input; /** * A list of instance types that may be launched. This parameter isn't applicable to jobs running on Fargate resources, and shouldn't be specified. */ instanceTypes?: pulumi.Input[]>; /** * The launch template to use for your compute resources. See details below. This parameter isn't applicable to jobs running on Fargate resources, and shouldn't be specified. */ launchTemplate?: pulumi.Input; /** * The maximum number of EC2 vCPUs that an environment can reach. */ maxVcpus: pulumi.Input; /** * The minimum number of EC2 vCPUs that an environment should maintain. For `EC2` or `SPOT` compute environments, if the parameter is not explicitly defined, a `0` default value will be set. This parameter isn't applicable to jobs running on Fargate resources, and shouldn't be specified. */ minVcpus?: pulumi.Input; /** * The Amazon EC2 placement group to associate with your compute resources. */ placementGroup?: pulumi.Input; /** * A list of EC2 security group that are associated with instances launched in the compute environment. This parameter is required for Fargate compute environments. */ securityGroupIds?: pulumi.Input[]>; /** * The Amazon Resource Name (ARN) of the Amazon EC2 Spot Fleet IAM role applied to a SPOT compute environment. This parameter is required for SPOT compute environments. This parameter isn't applicable to jobs running on Fargate resources, and shouldn't be specified. */ spotIamFleetRole?: pulumi.Input; /** * A list of VPC subnets into which the compute resources are launched. */ subnets: pulumi.Input[]>; /** * Key-value pair tags to be applied to resources that are launched in the compute environment. This parameter isn't applicable to jobs running on Fargate resources, and shouldn't be specified. */ tags?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * The type of compute environment. Valid items are `EC2`, `SPOT`, `FARGATE` or `FARGATE_SPOT`. */ type: pulumi.Input; } export interface ComputeEnvironmentComputeResourcesEc2Configuration { /** * The AMI ID used for instances launched in the compute environment that match the image type. This setting overrides the `imageId` argument in the `computeResources` block. */ imageIdOverride?: pulumi.Input; /** * The image type to match with the instance type to select an AMI. If the `imageIdOverride` parameter isn't specified, then a recent [Amazon ECS-optimized Amazon Linux 2 AMI](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html#al2ami) (`ECS_AL2`) is used. */ imageType?: pulumi.Input; } export interface ComputeEnvironmentComputeResourcesLaunchTemplate { /** * ID of the launch template. You must specify either the launch template ID or launch template name in the request, but not both. */ launchTemplateId?: pulumi.Input; /** * Name of the launch template. */ launchTemplateName?: pulumi.Input; /** * The version number of the launch template. Default: The default version of the launch template. */ version?: pulumi.Input; } export interface ComputeEnvironmentEksConfiguration { /** * The Amazon Resource Name (ARN) of the Amazon EKS cluster. */ eksClusterArn: pulumi.Input; /** * The namespace of the Amazon EKS cluster. AWS Batch manages pods in this namespace. */ kubernetesNamespace: pulumi.Input; } export interface ComputeEnvironmentUpdatePolicy { /** * Specifies the job timeout (in minutes) when the compute environment infrastructure is updated. */ jobExecutionTimeoutMinutes: pulumi.Input; /** * Specifies whether jobs are automatically terminated when the computer environment infrastructure is updated. */ terminateJobsOnUpdate: pulumi.Input; } export interface JobDefinitionEksProperties { /** * The properties for the Kubernetes pod resources of a job. See `podProperties` below. */ podProperties: pulumi.Input; } export interface JobDefinitionEksPropertiesPodProperties { /** * The properties of the container that's used on the Amazon EKS pod. See containers below. */ containers: pulumi.Input; /** * The DNS policy for the pod. The default value is `ClusterFirst`. If the `hostNetwork` argument is not specified, the default is `ClusterFirstWithHostNet`. `ClusterFirst` indicates that any DNS query that does not match the configured cluster domain suffix is forwarded to the upstream nameserver inherited from the node. For more information, see Pod's DNS policy in the Kubernetes documentation. */ dnsPolicy?: pulumi.Input; /** * Indicates if the pod uses the hosts' network IP address. The default value is `true`. Setting this to `false` enables the Kubernetes pod networking model. Most AWS Batch workloads are egress-only and don't require the overhead of IP allocation for each pod for incoming connections. */ hostNetwork?: pulumi.Input; /** * Metadata about the Kubernetes pod. */ metadata?: pulumi.Input; /** * The name of the service account that's used to run the pod. */ serviceAccountName?: pulumi.Input; /** * Specifies the volumes for a job definition that uses Amazon EKS resources. AWS Batch supports emptyDir, hostPath, and secret volume types. */ volumes?: pulumi.Input[]>; } export interface JobDefinitionEksPropertiesPodPropertiesContainers { /** * An array of arguments to the entrypoint. If this isn't specified, the CMD of the container image is used. This corresponds to the args member in the Entrypoint portion of the Pod in Kubernetes. Environment variable references are expanded using the container's environment. */ args?: pulumi.Input[]>; /** * The entrypoint for the container. This isn't run within a shell. If this isn't specified, the ENTRYPOINT of the container image is used. Environment variable references are expanded using the container's environment. */ commands?: pulumi.Input[]>; /** * The environment variables to pass to a container. See EKS Environment below. */ envs?: pulumi.Input[]>; /** * The Docker image used to start the container. */ image: pulumi.Input; /** * The image pull policy for the container. Supported values are `Always`, `IfNotPresent`, and `Never`. */ imagePullPolicy?: pulumi.Input; /** * The name of the container. If the name isn't specified, the default name "Default" is used. Each container in a pod must have a unique name. */ name?: pulumi.Input; /** * The type and amount of resources to assign to a container. The supported resources include `memory`, `cpu`, and `nvidia.com/gpu`. */ resources?: pulumi.Input; /** * The security context for a job. */ securityContext?: pulumi.Input; /** * The volume mounts for the container. */ volumeMounts?: pulumi.Input[]>; } export interface JobDefinitionEksPropertiesPodPropertiesContainersEnv { /** * Specifies the name of the job definition. */ name: pulumi.Input; value: pulumi.Input; } export interface JobDefinitionEksPropertiesPodPropertiesContainersResources { limits?: pulumi.Input<{[key: string]: pulumi.Input}>; requests?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface JobDefinitionEksPropertiesPodPropertiesContainersSecurityContext { privileged?: pulumi.Input; readOnlyRootFileSystem?: pulumi.Input; runAsGroup?: pulumi.Input; runAsNonRoot?: pulumi.Input; runAsUser?: pulumi.Input; } export interface JobDefinitionEksPropertiesPodPropertiesContainersVolumeMount { mountPath: pulumi.Input; /** * Specifies the name of the job definition. */ name: pulumi.Input; readOnly?: pulumi.Input; } export interface JobDefinitionEksPropertiesPodPropertiesMetadata { labels?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface JobDefinitionEksPropertiesPodPropertiesVolume { emptyDir?: pulumi.Input; hostPath?: pulumi.Input; /** * Specifies the name of the job definition. */ name?: pulumi.Input; secret?: pulumi.Input; } export interface JobDefinitionEksPropertiesPodPropertiesVolumeEmptyDir { medium?: pulumi.Input; sizeLimit: pulumi.Input; } export interface JobDefinitionEksPropertiesPodPropertiesVolumeHostPath { path: pulumi.Input; } export interface JobDefinitionEksPropertiesPodPropertiesVolumeSecret { optional?: pulumi.Input; secretName: pulumi.Input; } export interface JobDefinitionRetryStrategy { /** * The number of times to move a job to the `RUNNABLE` status. You may specify between `1` and `10` attempts. */ attempts?: pulumi.Input; /** * The evaluate on exit conditions under which the job should be retried or failed. If this parameter is specified, then the `attempts` parameter must also be specified. You may specify up to 5 configuration blocks. */ evaluateOnExits?: pulumi.Input[]>; } export interface JobDefinitionRetryStrategyEvaluateOnExit { /** * Specifies the action to take if all of the specified conditions are met. The values are not case sensitive. Valid values: `retry`, `exit`. */ action: pulumi.Input; /** * A glob pattern to match against the decimal representation of the exit code returned for a job. */ onExitCode?: pulumi.Input; /** * A glob pattern to match against the reason returned for a job. */ onReason?: pulumi.Input; /** * A glob pattern to match against the status reason returned for a job. */ onStatusReason?: pulumi.Input; } export interface JobDefinitionTimeout { /** * The time duration in seconds after which AWS Batch terminates your jobs if they have not finished. The minimum value for the timeout is `60` seconds. */ attemptDurationSeconds?: pulumi.Input; } export interface JobQueueComputeEnvironmentOrder { /** * The Amazon Resource Name (ARN) of the compute environment. */ computeEnvironment: pulumi.Input; /** * The order of the compute environment. Compute environments are tried in ascending order. For example, if two compute environments are associated with a job queue, the compute environment with a lower order integer value is tried for job placement first. */ order: pulumi.Input; } export interface JobQueueTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface SchedulingPolicyFairSharePolicy { computeReservation?: pulumi.Input; shareDecaySeconds?: pulumi.Input; shareDistributions?: pulumi.Input[]>; } export interface SchedulingPolicyFairSharePolicyShareDistribution { /** * A fair share identifier or fair share identifier prefix. For more information, see [ShareAttributes](https://docs.aws.amazon.com/batch/latest/APIReference/API_ShareAttributes.html). */ shareIdentifier: pulumi.Input; /** * The weight factor for the fair share identifier. For more information, see [ShareAttributes](https://docs.aws.amazon.com/batch/latest/APIReference/API_ShareAttributes.html). */ weightFactor?: pulumi.Input; } } export namespace bcmdata { export interface ExportExport { /** * Data query for this specific data export. See the `dataQuery` argument reference below. */ dataQueries?: pulumi.Input[]>; /** * Description for this specific data export. */ description?: pulumi.Input; /** * Destination configuration for this specific data export. See the `destinationConfigurations` argument reference below. */ destinationConfigurations?: pulumi.Input[]>; /** * Amazon Resource Name (ARN) for this export. */ exportArn?: pulumi.Input; /** * Name of this specific data export. */ name: pulumi.Input; /** * Cadence for Amazon Web Services to update the export in your S3 bucket. See the `refreshCadence` argument reference below. */ refreshCadences?: pulumi.Input[]>; } export interface ExportExportDataQuery { /** * Query statement. */ queryStatement: pulumi.Input; /** * Table configuration. */ tableConfigurations?: pulumi.Input<{[key: string]: pulumi.Input<{[key: string]: any}>}>; } export interface ExportExportDestinationConfiguration { /** * Object that describes the destination of the data exports file. See the `s3Destination` argument reference below. */ s3Destinations?: pulumi.Input[]>; } export interface ExportExportDestinationConfigurationS3Destination { /** * Name of the Amazon S3 bucket used as the destination of a data export file. */ s3Bucket: pulumi.Input; /** * Output configuration for the data export. See the `s3OutputConfigurations` argument reference below. */ s3OutputConfigurations?: pulumi.Input[]>; /** * S3 path prefix you want prepended to the name of your data export. */ s3Prefix: pulumi.Input; /** * S3 bucket region. */ s3Region: pulumi.Input; } export interface ExportExportDestinationConfigurationS3DestinationS3OutputConfiguration { /** * Compression type for the data export. Valid values `GZIP`, `PARQUET`. */ compression: pulumi.Input; /** * File format for the data export. Valid values `TEXT_OR_CSV` or `PARQUET`. */ format: pulumi.Input; /** * Output type for the data export. Valid value `CUSTOM`. */ outputType: pulumi.Input; /** * The rule to follow when generating a version of the data export file. You have the choice to overwrite the previous version or to be delivered in addition to the previous versions. Overwriting exports can save on Amazon S3 storage costs. Creating new export versions allows you to track the changes in cost and usage data over time. Valid values `CREATE_NEW_REPORT` or `OVERWRITE_REPORT`. */ overwrite: pulumi.Input; } export interface ExportExportRefreshCadence { /** * Frequency that data exports are updated. The export refreshes each time the source data updates, up to three times daily. Valid values `SYNCHRONOUS`. */ frequency: pulumi.Input; } export interface ExportTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } } export namespace bedrock { export interface AgentAgentActionGroupActionGroupExecutor { /** * ARN of the Lambda that defines the business logic for the action group. */ lambda?: pulumi.Input; } export interface AgentAgentActionGroupApiSchema { /** * YAML or JSON OpenAPI Schema. */ payload?: pulumi.Input; /** * Configuration of S3 schema location */ s3?: pulumi.Input; } export interface AgentAgentActionGroupApiSchemaS3 { /** * The S3 bucket name that contains the OpenAPI Schema. */ s3BucketName?: pulumi.Input; /** * The S3 Object Key for the OpenAPI Schema in the S3 Bucket. * * The following arguments are optional: */ s3ObjectKey?: pulumi.Input; } export interface AgentAgentAliasRoutingConfiguration { /** * Version of the agent the alias routes to. */ agentVersion: pulumi.Input; } export interface AgentAgentAliasTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface AgentAgentPromptOverrideConfiguration { /** * ARN of Lambda to use when parsing the raw foundation model output. */ overrideLambda: pulumi.Input; /** * List of prompt configurations. * * The following arguments are optional: */ promptConfigurations: pulumi.Input; } export interface AgentAgentTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface AgentKnowledgeBaseKnowledgeBaseConfiguration { /** * The vector store service in which the knowledge base is stored.Valid Values: OPENSEARCH_SERVERLESS | PINECONE | REDIS_ENTERPRISE_CLOUD | RDS */ type: pulumi.Input; /** * Contains details about the embeddings model that'sused to convert the data source. */ vectorKnowledgeBaseConfiguration?: pulumi.Input; } export interface AgentKnowledgeBaseKnowledgeBaseConfigurationVectorKnowledgeBaseConfiguration { /** * The ARN of the model used to create vector embeddings for the knowledge base. */ embeddingModelArn: pulumi.Input; } export interface AgentKnowledgeBaseStorageConfiguration { /** * Contains the storage configuration of the knowledge base in Amazon OpenSearch Service. */ opensearchServerlessConfiguration?: pulumi.Input; /** * Contains the storage configuration of the knowledge base in Pinecone. */ pineconeConfiguration?: pulumi.Input; /** * Contains details about the storage configuration of the knowledge base in Amazon RDS. For more information, see Create a vector index in Amazon RDS. */ rdsConfiguration?: pulumi.Input; /** * Contains the storage configuration of the knowledge base in Redis Enterprise Cloud. */ redisEnterpriseCloudConfiguration?: pulumi.Input; /** * The vector store service in which the knowledge base is stored.Valid Values: OPENSEARCH_SERVERLESS | PINECONE | REDIS_ENTERPRISE_CLOUD | RDS */ type: pulumi.Input; } export interface AgentKnowledgeBaseStorageConfigurationOpensearchServerlessConfiguration { /** * The ARN of the OpenSearch Service vector store. */ collectionArn: pulumi.Input; /** * Contains the names of the fields to which to map information about the vector store. */ fieldMapping?: pulumi.Input; /** * The name of the vector store. */ vectorIndexName: pulumi.Input; } export interface AgentKnowledgeBaseStorageConfigurationOpensearchServerlessConfigurationFieldMapping { /** * The name of the field in which Amazon Bedrock stores metadata about the vector store. */ metadataField?: pulumi.Input; /** * The name of the field in which Amazon Bedrock stores the raw text from your data. The text is split according to the chunking strategy you choose. */ textField?: pulumi.Input; /** * The name of the field in which Amazon Bedrock stores the vector embeddings for your data sources. */ vectorField?: pulumi.Input; } export interface AgentKnowledgeBaseStorageConfigurationPineconeConfiguration { /** * The endpoint URL for your index management page. */ connectionString: pulumi.Input; /** * The ARN of the secret that you created in AWS Secrets Manager that is linked to your Redis Enterprise Cloud database. */ credentialsSecretArn: pulumi.Input; /** * Contains the names of the fields to which to map information about the vector store. */ fieldMapping?: pulumi.Input; /** * The namespace to be used to write new data to your database. */ namespace?: pulumi.Input; } export interface AgentKnowledgeBaseStorageConfigurationPineconeConfigurationFieldMapping { /** * The name of the field in which Amazon Bedrock stores metadata about the vector store. */ metadataField?: pulumi.Input; /** * The name of the field in which Amazon Bedrock stores the raw text from your data. The text is split according to the chunking strategy you choose. */ textField?: pulumi.Input; } export interface AgentKnowledgeBaseStorageConfigurationRdsConfiguration { /** * The ARN of the secret that you created in AWS Secrets Manager that is linked to your Redis Enterprise Cloud database. */ credentialsSecretArn: pulumi.Input; /** * The name of your Amazon RDS database. */ databaseName: pulumi.Input; /** * Contains the names of the fields to which to map information about the vector store. */ fieldMapping?: pulumi.Input; /** * The namespace to be used to write new data to your database. */ resourceArn: pulumi.Input; /** * The name of the table in the database. */ tableName: pulumi.Input; } export interface AgentKnowledgeBaseStorageConfigurationRdsConfigurationFieldMapping { /** * The name of the field in which Amazon Bedrock stores metadata about the vector store. */ metadataField: pulumi.Input; /** * The name of the field in which Amazon Bedrock stores the ID for each entry. */ primaryKeyField: pulumi.Input; /** * The name of the field in which Amazon Bedrock stores the raw text from your data. The text is split according to the chunking strategy you choose. */ textField: pulumi.Input; /** * The name of the field in which Amazon Bedrock stores the vector embeddings for your data sources. */ vectorField: pulumi.Input; } export interface AgentKnowledgeBaseStorageConfigurationRedisEnterpriseCloudConfiguration { /** * The ARN of the secret that you created in AWS Secrets Manager that is linked to your Redis Enterprise Cloud database. */ credentialsSecretArn: pulumi.Input; /** * The endpoint URL of the Redis Enterprise Cloud database. */ endpoint: pulumi.Input; /** * Contains the names of the fields to which to map information about the vector store. */ fieldMapping?: pulumi.Input; /** * The name of the vector store. */ vectorIndexName: pulumi.Input; } export interface AgentKnowledgeBaseStorageConfigurationRedisEnterpriseCloudConfigurationFieldMapping { /** * The name of the field in which Amazon Bedrock stores metadata about the vector store. */ metadataField?: pulumi.Input; /** * The name of the field in which Amazon Bedrock stores the raw text from your data. The text is split according to the chunking strategy you choose. */ textField?: pulumi.Input; /** * The name of the field in which Amazon Bedrock stores the vector embeddings for your data sources. */ vectorField?: pulumi.Input; } export interface AgentKnowledgeBaseTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface CustomModelOutputDataConfig { /** * The S3 URI where the output data is stored. */ s3Uri: pulumi.Input; } export interface CustomModelTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; } export interface CustomModelTrainingDataConfig { /** * The S3 URI where the training data is stored. */ s3Uri: pulumi.Input; } export interface CustomModelTrainingMetric { /** * Loss metric associated with the customization job. */ trainingLoss: pulumi.Input; } export interface CustomModelValidationDataConfig { /** * Information about the validators. */ validators?: pulumi.Input[]>; } export interface CustomModelValidationDataConfigValidator { s3Uri: pulumi.Input; } export interface CustomModelValidationMetric { /** * The validation loss associated with the validator. */ validationLoss: pulumi.Input; } export interface CustomModelVpcConfig { /** * VPC configuration security group IDs. */ securityGroupIds: pulumi.Input[]>; /** * VPC configuration subnets. */ subnetIds: pulumi.Input[]>; } export interface ProvisionedModelThroughputTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; } } export namespace bedrockfoundation { } export namespace bedrockmodel { export interface InvocationLoggingConfigurationLoggingConfig { /** * CloudWatch logging configuration. */ cloudwatchConfig?: pulumi.Input; /** * Set to include embeddings data in the log delivery. */ embeddingDataDeliveryEnabled: pulumi.Input; /** * Set to include image data in the log delivery. */ imageDataDeliveryEnabled: pulumi.Input; /** * S3 configuration for storing log data. */ s3Config?: pulumi.Input; /** * Set to include text data in the log delivery. */ textDataDeliveryEnabled: pulumi.Input; } export interface InvocationLoggingConfigurationLoggingConfigCloudwatchConfig { largeDataDeliveryS3Config?: pulumi.Input; logGroupName?: pulumi.Input; roleArn?: pulumi.Input; } export interface InvocationLoggingConfigurationLoggingConfigCloudwatchConfigLargeDataDeliveryS3Config { bucketName?: pulumi.Input; keyPrefix?: pulumi.Input; } export interface InvocationLoggingConfigurationLoggingConfigS3Config { bucketName?: pulumi.Input; keyPrefix?: pulumi.Input; } } export namespace budgets { export interface BudgetActionActionThreshold { /** * The type of threshold for a notification. Valid values are `PERCENTAGE` or `ABSOLUTE_VALUE`. */ actionThresholdType: pulumi.Input; /** * The threshold of a notification. */ actionThresholdValue: pulumi.Input; } export interface BudgetActionDefinition { /** * The AWS Identity and Access Management (IAM) action definition details. See IAM Action Definition. */ iamActionDefinition?: pulumi.Input; /** * The service control policies (SCPs) action definition details. See SCP Action Definition. */ scpActionDefinition?: pulumi.Input; /** * The AWS Systems Manager (SSM) action definition details. See SSM Action Definition. */ ssmActionDefinition?: pulumi.Input; } export interface BudgetActionDefinitionIamActionDefinition { /** * A list of groups to be attached. There must be at least one group. */ groups?: pulumi.Input[]>; /** * The Amazon Resource Name (ARN) of the policy to be attached. */ policyArn: pulumi.Input; /** * A list of roles to be attached. There must be at least one role. */ roles?: pulumi.Input[]>; /** * A list of users to be attached. There must be at least one user. */ users?: pulumi.Input[]>; } export interface BudgetActionDefinitionScpActionDefinition { /** * The policy ID attached. */ policyId: pulumi.Input; /** * A list of target IDs. */ targetIds: pulumi.Input[]>; } export interface BudgetActionDefinitionSsmActionDefinition { /** * The action subType. Valid values are `STOP_EC2_INSTANCES` or `STOP_RDS_INSTANCES`. */ actionSubType: pulumi.Input; /** * The EC2 and RDS instance IDs. */ instanceIds: pulumi.Input[]>; /** * The Region to run the SSM document. */ region: pulumi.Input; } export interface BudgetActionSubscriber { /** * The address that AWS sends budget notifications to, either an SNS topic or an email. */ address: pulumi.Input; /** * The type of notification that AWS sends to a subscriber. Valid values are `SNS` or `EMAIL`. */ subscriptionType: pulumi.Input; } export interface BudgetAutoAdjustData { autoAdjustType: pulumi.Input; historicalOptions?: pulumi.Input; lastAutoAdjustTime?: pulumi.Input; } export interface BudgetAutoAdjustDataHistoricalOptions { budgetAdjustmentPeriod: pulumi.Input; lookbackAvailablePeriods?: pulumi.Input; } export interface BudgetCostFilter { /** * The name of a budget. Unique within accounts. */ name: pulumi.Input; values: pulumi.Input[]>; } export interface BudgetCostTypes { /** * A boolean value whether to include credits in the cost budget. Defaults to `true` */ includeCredit?: pulumi.Input; /** * Whether a budget includes discounts. Defaults to `true` */ includeDiscount?: pulumi.Input; /** * A boolean value whether to include other subscription costs in the cost budget. Defaults to `true` */ includeOtherSubscription?: pulumi.Input; /** * A boolean value whether to include recurring costs in the cost budget. Defaults to `true` */ includeRecurring?: pulumi.Input; /** * A boolean value whether to include refunds in the cost budget. Defaults to `true` */ includeRefund?: pulumi.Input; /** * A boolean value whether to include subscriptions in the cost budget. Defaults to `true` */ includeSubscription?: pulumi.Input; /** * A boolean value whether to include support costs in the cost budget. Defaults to `true` */ includeSupport?: pulumi.Input; /** * A boolean value whether to include tax in the cost budget. Defaults to `true` */ includeTax?: pulumi.Input; /** * A boolean value whether to include upfront costs in the cost budget. Defaults to `true` */ includeUpfront?: pulumi.Input; /** * Whether a budget uses the amortized rate. Defaults to `false` */ useAmortized?: pulumi.Input; /** * A boolean value whether to use blended costs in the cost budget. Defaults to `false` */ useBlended?: pulumi.Input; } export interface BudgetNotification { /** * (Required) Comparison operator to use to evaluate the condition. Can be `LESS_THAN`, `EQUAL_TO` or `GREATER_THAN`. */ comparisonOperator: pulumi.Input; /** * (Required) What kind of budget value to notify on. Can be `ACTUAL` or `FORECASTED` */ notificationType: pulumi.Input; /** * (Optional) E-Mail addresses to notify. Either this or `subscriberSnsTopicArns` is required. */ subscriberEmailAddresses?: pulumi.Input[]>; /** * (Optional) SNS topics to notify. Either this or `subscriberEmailAddresses` is required. */ subscriberSnsTopicArns?: pulumi.Input[]>; /** * (Required) Threshold when the notification should be sent. */ threshold: pulumi.Input; /** * (Required) What kind of threshold is defined. Can be `PERCENTAGE` OR `ABSOLUTE_VALUE`. */ thresholdType: pulumi.Input; } export interface BudgetPlannedLimit { /** * (Required) The amount of cost or usage being measured for a budget. */ amount: pulumi.Input; /** * (Required) The start time of the budget limit. Format: `2017-01-01_12:00`. See [PlannedBudgetLimits](https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_budgets_Budget.html#awscostmanagement-Type-budgets_Budget-PlannedBudgetLimits) documentation. */ startTime: pulumi.Input; /** * (Required) The unit of measurement used for the budget forecast, actual spend, or budget threshold, such as dollars or GB. See [Spend](http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/data-type-spend.html) documentation. */ unit: pulumi.Input; } } export namespace cfg { export interface ConfigurationAggregatorAccountAggregationSource { /** * List of 12-digit account IDs of the account(s) being aggregated. */ accountIds: pulumi.Input[]>; /** * If true, aggregate existing AWS Config regions and future regions. */ allRegions?: pulumi.Input; /** * List of source regions being aggregated. * * Either `regions` or `allRegions` (as true) must be specified. */ regions?: pulumi.Input[]>; } export interface ConfigurationAggregatorOrganizationAggregationSource { /** * If true, aggregate existing AWS Config regions and future regions. */ allRegions?: pulumi.Input; /** * List of source regions being aggregated. */ regions?: pulumi.Input[]>; /** * ARN of the IAM role used to retrieve AWS Organization details associated with the aggregator account. * * Either `regions` or `allRegions` (as true) must be specified. */ roleArn: pulumi.Input; } export interface ConformancePackInputParameter { /** * The input key. */ parameterName: pulumi.Input; /** * The input value. */ parameterValue: pulumi.Input; } export interface DeliveryChannelSnapshotDeliveryProperties { /** * The frequency with which AWS Config recurringly delivers configuration snapshotsE.g., `One_Hour` or `Three_Hours`. Valid values are listed [here](https://docs.aws.amazon.com/config/latest/APIReference/API_ConfigSnapshotDeliveryProperties.html#API_ConfigSnapshotDeliveryProperties_Contents). */ deliveryFrequency?: pulumi.Input; } export interface OrganizationConformancePackInputParameter { /** * The input key. */ parameterName: pulumi.Input; /** * The input value. */ parameterValue: pulumi.Input; } export interface RecorderRecordingGroup { /** * Specifies whether AWS Config records configuration changes for every supported type of regional resource (which includes any new type that will become supported in the future). Conflicts with `resourceTypes`. Defaults to `true`. */ allSupported?: pulumi.Input; /** * An object that specifies how AWS Config excludes resource types from being recorded by the configuration recorder.To use this option, you must set the useOnly field of RecordingStrategy to `EXCLUSION_BY_RESOURCE_TYPES` Requires `allSupported = false`. Conflicts with `resourceTypes`. */ exclusionByResourceTypes?: pulumi.Input[]>; /** * Specifies whether AWS Config includes all supported types of _global resources_ with the resources that it records. Requires `allSupported = true`. Conflicts with `resourceTypes`. */ includeGlobalResourceTypes?: pulumi.Input; /** * Recording Strategy. Detailed below. */ recordingStrategies?: pulumi.Input[]>; /** * A list that specifies the types of AWS resources for which AWS Config records configuration changes (for example, `AWS::EC2::Instance` or `AWS::CloudTrail::Trail`). See [relevant part of AWS Docs](http://docs.aws.amazon.com/config/latest/APIReference/API_ResourceIdentifier.html#config-Type-ResourceIdentifier-resourceType) for available types. In order to use this attribute, `allSupported` must be set to false. */ resourceTypes?: pulumi.Input[]>; } export interface RecorderRecordingGroupExclusionByResourceType { /** * A list that specifies the types of AWS resources for which AWS Config excludes records configuration changes. See [relevant part of AWS Docs](http://docs.aws.amazon.com/config/latest/APIReference/API_ResourceIdentifier.html#config-Type-ResourceIdentifier-resourceType) for available types. */ resourceTypes?: pulumi.Input[]>; } export interface RecorderRecordingGroupRecordingStrategy { useOnly?: pulumi.Input; } export interface RecorderRecordingMode { /** * Default reecording frequency. `CONTINUOUS` or `DAILY`. */ recordingFrequency?: pulumi.Input; /** * Recording mode overrides. Detailed below. */ recordingModeOverride?: pulumi.Input; } export interface RecorderRecordingModeRecordingModeOverride { /** * A description you provide of the override. */ description?: pulumi.Input; /** * The recording frequency for the resources in the override block. `CONTINUOUS` or `DAILY`. */ recordingFrequency: pulumi.Input; /** * A list that specifies the types of AWS resources for which the override applies to. See [restrictions in the AWS Docs](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingModeOverride.html) */ resourceTypes: pulumi.Input[]>; } export interface RemediationConfigurationExecutionControls { /** * Configuration block for SSM controls. See below. */ ssmControls?: pulumi.Input; } export interface RemediationConfigurationExecutionControlsSsmControls { /** * Maximum percentage of remediation actions allowed to run in parallel on the non-compliant resources for that specific rule. The default value is 10%. */ concurrentExecutionRatePercentage?: pulumi.Input; /** * Percentage of errors that are allowed before SSM stops running automations on non-compliant resources for that specific rule. The default is 50%. */ errorPercentage?: pulumi.Input; } export interface RemediationConfigurationParameter { /** * Name of the attribute. */ name: pulumi.Input; /** * Value is dynamic and changes at run-time. */ resourceValue?: pulumi.Input; /** * Value is static and does not change at run-time. */ staticValue?: pulumi.Input; /** * List of static values. */ staticValues?: pulumi.Input[]>; } export interface RuleEvaluationMode { /** * The mode of an evaluation. */ mode?: pulumi.Input; } export interface RuleScope { /** * The IDs of the only AWS resource that you want to trigger an evaluation for the rule. If you specify a resource ID, you must specify one resource type for `complianceResourceTypes`. */ complianceResourceId?: pulumi.Input; /** * A list of resource types of only those AWS resources that you want to trigger an evaluation for the ruleE.g., `AWS::EC2::Instance`. You can only specify one type if you also specify a resource ID for `complianceResourceId`. See [relevant part of AWS Docs](http://docs.aws.amazon.com/config/latest/APIReference/API_ResourceIdentifier.html#config-Type-ResourceIdentifier-resourceType) for available types. */ complianceResourceTypes?: pulumi.Input[]>; /** * The tag key that is applied to only those AWS resources that you want you want to trigger an evaluation for the rule. */ tagKey?: pulumi.Input; /** * The tag value applied to only those AWS resources that you want to trigger an evaluation for the rule. */ tagValue?: pulumi.Input; } export interface RuleSource { /** * Provides the runtime system, policy definition, and whether debug logging is enabled. Required when owner is set to `CUSTOM_POLICY`. See Custom Policy Details Below. */ customPolicyDetails?: pulumi.Input; /** * Indicates whether AWS or the customer owns and manages the AWS Config rule. Valid values are `AWS`, `CUSTOM_LAMBDA` or `CUSTOM_POLICY`. For more information about managed rules, see the [AWS Config Managed Rules documentation](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_use-managed-rules.html). For more information about custom rules, see the [AWS Config Custom Rules documentation](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_develop-rules.html). Custom Lambda Functions require permissions to allow the AWS Config service to invoke them, e.g., via the `aws.lambda.Permission` resource. */ owner: pulumi.Input; /** * Provides the source and type of the event that causes AWS Config to evaluate your AWS resources. Only valid if `owner` is `CUSTOM_LAMBDA` or `CUSTOM_POLICY`. See Source Detail Below. */ sourceDetails?: pulumi.Input[]>; /** * For AWS Config managed rules, a predefined identifier, e.g `IAM_PASSWORD_POLICY`. For custom Lambda rules, the identifier is the ARN of the Lambda Function, such as `arn:aws:lambda:us-east-1:123456789012:function:custom_rule_name` or the `arn` attribute of the `aws.lambda.Function` resource. */ sourceIdentifier?: pulumi.Input; } export interface RuleSourceCustomPolicyDetails { /** * The boolean expression for enabling debug logging for your Config Custom Policy rule. The default value is `false`. */ enableDebugLogDelivery?: pulumi.Input; /** * The runtime system for your Config Custom Policy rule. Guard is a policy-as-code language that allows you to write policies that are enforced by Config Custom Policy rules. For more information about Guard, see the [Guard GitHub Repository](https://github.com/aws-cloudformation/cloudformation-guard). */ policyRuntime: pulumi.Input; /** * The policy definition containing the logic for your Config Custom Policy rule. */ policyText: pulumi.Input; } export interface RuleSourceSourceDetail { /** * The source of the event, such as an AWS service, that triggers AWS Config to evaluate your AWSresources. This defaults to `aws.config` and is the only valid value. */ eventSource?: pulumi.Input; /** * The frequency that you want AWS Config to run evaluations for a rule that istriggered periodically. If specified, requires `messageType` to be `ScheduledNotification`. */ maximumExecutionFrequency?: pulumi.Input; /** * The type of notification that triggers AWS Config to run an evaluation for a rule. You canspecify the following notification types: */ messageType?: pulumi.Input; } } export namespace chime { export interface SdkvoiceGlobalSettingsVoiceConnector { /** * The S3 bucket that stores the Voice Connector's call detail records. */ cdrBucket?: pulumi.Input; } export interface SdkvoiceSipMediaApplicationEndpoints { /** * Valid Amazon Resource Name (ARN) of the Lambda function, version, or alias. The function must be created in the same AWS Region as the SIP media application. */ lambdaArn: pulumi.Input; } export interface SdkvoiceSipRuleTargetApplication { /** * The AWS Region of the target application. */ awsRegion: pulumi.Input; /** * Priority of the SIP media application in the target list. */ priority: pulumi.Input; /** * The SIP media application ID. */ sipMediaApplicationId: pulumi.Input; } export interface SdkvoiceVoiceProfileDomainServerSideEncryptionConfiguration { /** * ARN for KMS Key. * * The following arguments are optional: */ kmsKeyArn: pulumi.Input; } export interface VoiceConnectorGroupConnector { /** * The priority associated with the Amazon Chime Voice Connector, with 1 being the highest priority. Higher priority Amazon Chime Voice Connectors are attempted first. */ priority: pulumi.Input; /** * The Amazon Chime Voice Connector ID. */ voiceConnectorId: pulumi.Input; } export interface VoiceConnectorOrganizationRoute { /** * The FQDN or IP address to contact for origination traffic. */ host: pulumi.Input; /** * The designated origination route port. Defaults to `5060`. */ port?: pulumi.Input; /** * The priority associated with the host, with 1 being the highest priority. Higher priority hosts are attempted first. */ priority: pulumi.Input; /** * The protocol to use for the origination route. Encryption-enabled Amazon Chime Voice Connectors use TCP protocol by default. */ protocol: pulumi.Input; /** * The weight associated with the host. If hosts are equal in priority, calls are redistributed among them based on their relative weight. */ weight: pulumi.Input; } export interface VoiceConnectorStreamingMediaInsightsConfiguration { /** * The media insights configuration that will be invoked by the Voice Connector. */ configurationArn?: pulumi.Input; /** * When `true`, the media insights configuration is not enabled. Defaults to `false`. */ disabled?: pulumi.Input; } export interface VoiceConnectorTerminationCredentialsCredential { /** * RFC2617 compliant password associated with the SIP credentials. */ password: pulumi.Input; /** * RFC2617 compliant username associated with the SIP credentials. */ username: pulumi.Input; } } export namespace chimesdkmediapipelines { export interface MediaInsightsPipelineConfigurationElement { /** * Configuration for Amazon Transcribe Call Analytics processor. */ amazonTranscribeCallAnalyticsProcessorConfiguration?: pulumi.Input; /** * Configuration for Amazon Transcribe processor. */ amazonTranscribeProcessorConfiguration?: pulumi.Input; /** * Configuration for Kinesis Data Stream sink. */ kinesisDataStreamSinkConfiguration?: pulumi.Input; /** * Configuration for Lambda Function sink. */ lambdaFunctionSinkConfiguration?: pulumi.Input; /** * Configuration for S3 recording sink. */ s3RecordingSinkConfiguration?: pulumi.Input; /** * Configuration for SNS Topic sink. */ snsTopicSinkConfiguration?: pulumi.Input; /** * Configuration for SQS Queue sink. */ sqsQueueSinkConfiguration?: pulumi.Input; /** * Element type. */ type: pulumi.Input; /** * Configuration for Voice analytics processor. */ voiceAnalyticsProcessorConfiguration?: pulumi.Input; } export interface MediaInsightsPipelineConfigurationElementAmazonTranscribeCallAnalyticsProcessorConfiguration { /** * Filter for category events to be delivered to insights target. */ callAnalyticsStreamCategories?: pulumi.Input[]>; /** * Labels all personally identifiable information (PII) identified in Utterance events. */ contentIdentificationType?: pulumi.Input; /** * Redacts all personally identifiable information (PII) identified in Utterance events. */ contentRedactionType?: pulumi.Input; /** * Enables partial result stabilization in Utterance events. */ enablePartialResultsStabilization?: pulumi.Input; /** * Filters partial Utterance events from delivery to the insights target. */ filterPartialResults?: pulumi.Input; /** * Language code for the transcription model. */ languageCode: pulumi.Input; /** * Name of custom language model for transcription. */ languageModelName?: pulumi.Input; /** * Level of stability to use when partial results stabilization is enabled. */ partialResultsStability?: pulumi.Input; /** * Types of personally identifiable information (PII) to redact from an Utterance event. */ piiEntityTypes?: pulumi.Input; /** * Settings for post call analytics. */ postCallAnalyticsSettings?: pulumi.Input; /** * Method for applying a vocabulary filter to Utterance events. */ vocabularyFilterMethod?: pulumi.Input; /** * Name of the custom vocabulary filter to use when processing Utterance events. */ vocabularyFilterName?: pulumi.Input; /** * Name of the custom vocabulary to use when processing Utterance events. */ vocabularyName?: pulumi.Input; } export interface MediaInsightsPipelineConfigurationElementAmazonTranscribeCallAnalyticsProcessorConfigurationPostCallAnalyticsSettings { contentRedactionOutput?: pulumi.Input; dataAccessRoleArn: pulumi.Input; outputEncryptionKmsKeyId?: pulumi.Input; outputLocation: pulumi.Input; } export interface MediaInsightsPipelineConfigurationElementAmazonTranscribeProcessorConfiguration { /** * Labels all personally identifiable information (PII) identified in Transcript events. */ contentIdentificationType?: pulumi.Input; /** * Redacts all personally identifiable information (PII) identified in Transcript events. */ contentRedactionType?: pulumi.Input; /** * Enables partial result stabilization in Transcript events. */ enablePartialResultsStabilization?: pulumi.Input; /** * Filters partial Utterance events from delivery to the insights target. */ filterPartialResults?: pulumi.Input; /** * Language code for the transcription model. */ languageCode: pulumi.Input; /** * Name of custom language model for transcription. */ languageModelName?: pulumi.Input; /** * Level of stability to use when partial results stabilization is enabled. */ partialResultsStability?: pulumi.Input; /** * Types of personally identifiable information (PII) to redact from a Transcript event. */ piiEntityTypes?: pulumi.Input; /** * Enables speaker partitioning (diarization) in your Transcript events. */ showSpeakerLabel?: pulumi.Input; /** * Method for applying a vocabulary filter to Transcript events. */ vocabularyFilterMethod?: pulumi.Input; /** * Name of the custom vocabulary filter to use when processing Transcript events. */ vocabularyFilterName?: pulumi.Input; /** * Name of the custom vocabulary to use when processing Transcript events. */ vocabularyName?: pulumi.Input; } export interface MediaInsightsPipelineConfigurationElementKinesisDataStreamSinkConfiguration { /** * Kinesis Data Stream to deliver results. */ insightsTarget: pulumi.Input; } export interface MediaInsightsPipelineConfigurationElementLambdaFunctionSinkConfiguration { /** * Lambda Function to deliver results. */ insightsTarget: pulumi.Input; } export interface MediaInsightsPipelineConfigurationElementS3RecordingSinkConfiguration { /** * S3 URI to deliver recordings. */ destination?: pulumi.Input; } export interface MediaInsightsPipelineConfigurationElementSnsTopicSinkConfiguration { /** * SNS topic to deliver results. */ insightsTarget: pulumi.Input; } export interface MediaInsightsPipelineConfigurationElementSqsQueueSinkConfiguration { /** * SQS queue to deliver results. */ insightsTarget: pulumi.Input; } export interface MediaInsightsPipelineConfigurationElementVoiceAnalyticsProcessorConfiguration { /** * Enable speaker search. */ speakerSearchStatus: pulumi.Input; /** * Enable voice tone analysis. */ voiceToneAnalysisStatus: pulumi.Input; } export interface MediaInsightsPipelineConfigurationRealTimeAlertConfiguration { /** * Disables real time alert rules. */ disabled?: pulumi.Input; /** * Collection of real time alert rules */ rules: pulumi.Input[]>; } export interface MediaInsightsPipelineConfigurationRealTimeAlertConfigurationRule { /** * Configuration for an issue detection rule. */ issueDetectionConfiguration?: pulumi.Input; /** * Configuration for a keyword match rule. */ keywordMatchConfiguration?: pulumi.Input; /** * Configuration for a sentiment rule. */ sentimentConfiguration?: pulumi.Input; /** * Rule type. */ type: pulumi.Input; } export interface MediaInsightsPipelineConfigurationRealTimeAlertConfigurationRuleIssueDetectionConfiguration { ruleName: pulumi.Input; } export interface MediaInsightsPipelineConfigurationRealTimeAlertConfigurationRuleKeywordMatchConfiguration { keywords: pulumi.Input[]>; negate?: pulumi.Input; ruleName: pulumi.Input; } export interface MediaInsightsPipelineConfigurationRealTimeAlertConfigurationRuleSentimentConfiguration { ruleName: pulumi.Input; sentimentType: pulumi.Input; timePeriod: pulumi.Input; } } export namespace cleanrooms { export interface CollaborationDataEncryptionMetadata { allowClearText: pulumi.Input; allowDuplicates: pulumi.Input; allowJoinsOnColumnsWithDifferentNames: pulumi.Input; preserveNulls: pulumi.Input; } export interface CollaborationMember { accountId: pulumi.Input; displayName: pulumi.Input; memberAbilities: pulumi.Input[]>; status?: pulumi.Input; } export interface ConfiguredTableTableReference { databaseName: pulumi.Input; tableName: pulumi.Input; } } export namespace cloudformation { export interface CloudFormationTypeLoggingConfig { /** * Name of the CloudWatch Log Group where CloudFormation sends error logging information when invoking the type's handlers. */ logGroupName: pulumi.Input; /** * Amazon Resource Name (ARN) of the IAM Role CloudFormation assumes when sending error logging information to CloudWatch Logs. */ logRoleArn: pulumi.Input; } export interface StackSetAutoDeployment { /** * Whether or not auto-deployment is enabled. */ enabled?: pulumi.Input; /** * Whether or not to retain stacks when the account is removed. */ retainStacksOnAccountRemoval?: pulumi.Input; } export interface StackSetInstanceDeploymentTargets { /** * The organization root ID or organizational unit (OU) IDs to which StackSets deploys. */ organizationalUnitIds?: pulumi.Input[]>; } export interface StackSetInstanceOperationPreferences { /** * The number of accounts, per Region, for which this operation can fail before AWS CloudFormation stops the operation in that Region. */ failureToleranceCount?: pulumi.Input; /** * The percentage of accounts, per Region, for which this stack operation can fail before AWS CloudFormation stops the operation in that Region. */ failureTolerancePercentage?: pulumi.Input; /** * The maximum number of accounts in which to perform this operation at one time. */ maxConcurrentCount?: pulumi.Input; /** * The maximum percentage of accounts in which to perform this operation at one time. */ maxConcurrentPercentage?: pulumi.Input; /** * The concurrency type of deploying StackSets operations in Regions, could be in parallel or one Region at a time. Valid values are `SEQUENTIAL` and `PARALLEL`. */ regionConcurrencyType?: pulumi.Input; /** * The order of the Regions in where you want to perform the stack operation. */ regionOrders?: pulumi.Input[]>; } export interface StackSetInstanceStackInstanceSummary { /** * Target AWS Account ID to create a Stack based on the StackSet. Defaults to current account. */ accountId?: pulumi.Input; /** * Organizational unit ID in which the stack is deployed. */ organizationalUnitId?: pulumi.Input; /** * Stack identifier. */ stackId?: pulumi.Input; } export interface StackSetManagedExecution { /** * When set to true, StackSets performs non-conflicting operations concurrently and queues conflicting operations. After conflicting operations finish, StackSets starts queued operations in request order. Default is false. */ active?: pulumi.Input; } export interface StackSetOperationPreferences { /** * The number of accounts, per Region, for which this operation can fail before AWS CloudFormation stops the operation in that Region. */ failureToleranceCount?: pulumi.Input; /** * The percentage of accounts, per Region, for which this stack operation can fail before AWS CloudFormation stops the operation in that Region. */ failureTolerancePercentage?: pulumi.Input; /** * The maximum number of accounts in which to perform this operation at one time. */ maxConcurrentCount?: pulumi.Input; /** * The maximum percentage of accounts in which to perform this operation at one time. */ maxConcurrentPercentage?: pulumi.Input; /** * The concurrency type of deploying StackSets operations in Regions, could be in parallel or one Region at a time. */ regionConcurrencyType?: pulumi.Input; /** * The order of the Regions in where you want to perform the stack operation. */ regionOrders?: pulumi.Input[]>; } } export namespace cloudfront { export interface CachePolicyParametersInCacheKeyAndForwardedToOrigin { /** * Whether any cookies in viewer requests are included in the cache key and automatically included in requests that CloudFront sends to the origin. See Cookies Config for more information. */ cookiesConfig: pulumi.Input; /** * Flag determines whether the Accept-Encoding HTTP header is included in the cache key and in requests that CloudFront sends to the origin. */ enableAcceptEncodingBrotli?: pulumi.Input; /** * Whether the Accept-Encoding HTTP header is included in the cache key and in requests sent to the origin by CloudFront. */ enableAcceptEncodingGzip?: pulumi.Input; /** * Whether any HTTP headers are included in the cache key and automatically included in requests that CloudFront sends to the origin. See Headers Config for more information. */ headersConfig: pulumi.Input; /** * Whether any URL query strings in viewer requests are included in the cache key. It also automatically includes these query strings in requests that CloudFront sends to the origin. Please refer to the Query String Config for more information. */ queryStringsConfig: pulumi.Input; } export interface CachePolicyParametersInCacheKeyAndForwardedToOriginCookiesConfig { /** * Whether any cookies in viewer requests are included in the cache key and automatically included in requests that CloudFront sends to the origin. Valid values for `cookieBehavior` are `none`, `whitelist`, `allExcept`, and `all`. */ cookieBehavior: pulumi.Input; /** * Object that contains a list of cookie names. See Items for more information. */ cookies?: pulumi.Input; } export interface CachePolicyParametersInCacheKeyAndForwardedToOriginCookiesConfigCookies { items?: pulumi.Input[]>; } export interface CachePolicyParametersInCacheKeyAndForwardedToOriginHeadersConfig { /** * Whether any HTTP headers are included in the cache key and automatically included in requests that CloudFront sends to the origin. Valid values for `headerBehavior` are `none` and `whitelist`. */ headerBehavior?: pulumi.Input; /** * Object contains a list of header names. See Items for more information. */ headers?: pulumi.Input; } export interface CachePolicyParametersInCacheKeyAndForwardedToOriginHeadersConfigHeaders { items?: pulumi.Input[]>; } export interface CachePolicyParametersInCacheKeyAndForwardedToOriginQueryStringsConfig { queryStringBehavior: pulumi.Input; queryStrings?: pulumi.Input; } export interface CachePolicyParametersInCacheKeyAndForwardedToOriginQueryStringsConfigQueryStrings { items?: pulumi.Input[]>; } export interface ContinuousDeploymentPolicyStagingDistributionDnsNames { /** * A list of CloudFront domain names for the staging distribution. */ items?: pulumi.Input[]>; /** * Number of CloudFront domain names in the staging distribution. */ quantity: pulumi.Input; } export interface ContinuousDeploymentPolicyTrafficConfig { /** * Determines which HTTP requests are sent to the staging distribution. See `singleHeaderConfig`. */ singleHeaderConfig?: pulumi.Input; /** * Contains the percentage of traffic to send to the staging distribution. See `singleWeightConfig`. */ singleWeightConfig?: pulumi.Input; /** * Type of traffic configuration. Valid values are `SingleWeight` and `SingleHeader`. */ type: pulumi.Input; } export interface ContinuousDeploymentPolicyTrafficConfigSingleHeaderConfig { /** * Request header name to send to the staging distribution. The header must contain the prefix `aws-cf-cd-`. */ header: pulumi.Input; /** * Request header value. */ value: pulumi.Input; } export interface ContinuousDeploymentPolicyTrafficConfigSingleWeightConfig { /** * Session stickiness provides the ability to define multiple requests from a single viewer as a single session. This prevents the potentially inconsistent experience of sending some of a given user's requests to the staging distribution, while others are sent to the primary distribution. Define the session duration using TTL values. See `sessionStickinessConfig`. */ sessionStickinessConfig?: pulumi.Input; /** * The percentage of traffic to send to a staging distribution, expressed as a decimal number between `0` and `.15`. */ weight: pulumi.Input; } export interface ContinuousDeploymentPolicyTrafficConfigSingleWeightConfigSessionStickinessConfig { /** * The amount of time in seconds after which sessions will cease if no requests are received. Valid values are `300` – `3600` (5–60 minutes). The value must be less than or equal to `maximumTtl`. */ idleTtl: pulumi.Input; /** * The maximum amount of time in seconds to consider requests from the viewer as being part of the same session. Valid values are `300` – `3600` (5–60 minutes). The value must be greater than or equal to `idleTtl`. */ maximumTtl: pulumi.Input; } export interface DistributionCustomErrorResponse { errorCachingMinTtl?: pulumi.Input; errorCode: pulumi.Input; responseCode?: pulumi.Input; responsePagePath?: pulumi.Input; } export interface DistributionDefaultCacheBehavior { allowedMethods: pulumi.Input[]>; cachePolicyId?: pulumi.Input; cachedMethods: pulumi.Input[]>; compress?: pulumi.Input; defaultTtl?: pulumi.Input; fieldLevelEncryptionId?: pulumi.Input; forwardedValues?: pulumi.Input; functionAssociations?: pulumi.Input[]>; lambdaFunctionAssociations?: pulumi.Input[]>; maxTtl?: pulumi.Input; minTtl?: pulumi.Input; originRequestPolicyId?: pulumi.Input; realtimeLogConfigArn?: pulumi.Input; responseHeadersPolicyId?: pulumi.Input; smoothStreaming?: pulumi.Input; targetOriginId: pulumi.Input; /** * List of nested attributes for active trusted key groups, if the distribution is set up to serve private content with signed URLs. */ trustedKeyGroups?: pulumi.Input[]>; /** * List of nested attributes for active trusted signers, if the distribution is set up to serve private content with signed URLs. */ trustedSigners?: pulumi.Input[]>; viewerProtocolPolicy: pulumi.Input; } export interface DistributionDefaultCacheBehaviorForwardedValues { cookies: pulumi.Input; headers?: pulumi.Input[]>; queryString: pulumi.Input; queryStringCacheKeys?: pulumi.Input[]>; } export interface DistributionDefaultCacheBehaviorForwardedValuesCookies { forward: pulumi.Input; whitelistedNames?: pulumi.Input[]>; } export interface DistributionDefaultCacheBehaviorFunctionAssociation { /** * Specific event to trigger this function. Valid values: `viewer-request` or `viewer-response`. */ eventType: pulumi.Input; /** * ARN of the CloudFront function. */ functionArn: pulumi.Input; } export interface DistributionDefaultCacheBehaviorLambdaFunctionAssociation { /** * Specific event to trigger this function. Valid values: `viewer-request`, `origin-request`, `viewer-response`, `origin-response`. */ eventType: pulumi.Input; /** * When set to true it exposes the request body to the lambda function. Defaults to false. Valid values: `true`, `false`. */ includeBody?: pulumi.Input; /** * ARN of the Lambda function. */ lambdaArn: pulumi.Input; } export interface DistributionLoggingConfig { bucket: pulumi.Input; includeCookies?: pulumi.Input; prefix?: pulumi.Input; } export interface DistributionOrderedCacheBehavior { allowedMethods: pulumi.Input[]>; cachePolicyId?: pulumi.Input; cachedMethods: pulumi.Input[]>; compress?: pulumi.Input; defaultTtl?: pulumi.Input; fieldLevelEncryptionId?: pulumi.Input; forwardedValues?: pulumi.Input; functionAssociations?: pulumi.Input[]>; lambdaFunctionAssociations?: pulumi.Input[]>; maxTtl?: pulumi.Input; minTtl?: pulumi.Input; originRequestPolicyId?: pulumi.Input; pathPattern: pulumi.Input; realtimeLogConfigArn?: pulumi.Input; responseHeadersPolicyId?: pulumi.Input; smoothStreaming?: pulumi.Input; targetOriginId: pulumi.Input; /** * List of nested attributes for active trusted key groups, if the distribution is set up to serve private content with signed URLs. */ trustedKeyGroups?: pulumi.Input[]>; /** * List of nested attributes for active trusted signers, if the distribution is set up to serve private content with signed URLs. */ trustedSigners?: pulumi.Input[]>; viewerProtocolPolicy: pulumi.Input; } export interface DistributionOrderedCacheBehaviorForwardedValues { cookies: pulumi.Input; headers?: pulumi.Input[]>; queryString: pulumi.Input; queryStringCacheKeys?: pulumi.Input[]>; } export interface DistributionOrderedCacheBehaviorForwardedValuesCookies { forward: pulumi.Input; whitelistedNames?: pulumi.Input[]>; } export interface DistributionOrderedCacheBehaviorFunctionAssociation { /** * Specific event to trigger this function. Valid values: `viewer-request` or `viewer-response`. */ eventType: pulumi.Input; /** * ARN of the CloudFront function. */ functionArn: pulumi.Input; } export interface DistributionOrderedCacheBehaviorLambdaFunctionAssociation { /** * Specific event to trigger this function. Valid values: `viewer-request`, `origin-request`, `viewer-response`, `origin-response`. */ eventType: pulumi.Input; /** * When set to true it exposes the request body to the lambda function. Defaults to false. Valid values: `true`, `false`. */ includeBody?: pulumi.Input; /** * ARN of the Lambda function. */ lambdaArn: pulumi.Input; } export interface DistributionOrigin { connectionAttempts?: pulumi.Input; connectionTimeout?: pulumi.Input; customHeaders?: pulumi.Input[]>; customOriginConfig?: pulumi.Input; /** * Domain name corresponding to the distribution. For example: `d604721fxaaqy9.cloudfront.net`. */ domainName: pulumi.Input; originAccessControlId?: pulumi.Input; originId: pulumi.Input; originPath?: pulumi.Input; originShield?: pulumi.Input; s3OriginConfig?: pulumi.Input; } export interface DistributionOriginCustomHeader { name: pulumi.Input; value: pulumi.Input; } export interface DistributionOriginCustomOriginConfig { httpPort: pulumi.Input; httpsPort: pulumi.Input; originKeepaliveTimeout?: pulumi.Input; originProtocolPolicy: pulumi.Input; originReadTimeout?: pulumi.Input; originSslProtocols: pulumi.Input[]>; } export interface DistributionOriginGroup { failoverCriteria: pulumi.Input; members: pulumi.Input[]>; originId: pulumi.Input; } export interface DistributionOriginGroupFailoverCriteria { statusCodes: pulumi.Input[]>; } export interface DistributionOriginGroupMember { originId: pulumi.Input; } export interface DistributionOriginOriginShield { /** * `true` if any of the AWS accounts listed as trusted signers have active CloudFront key pairs */ enabled: pulumi.Input; originShieldRegion?: pulumi.Input; } export interface DistributionOriginS3OriginConfig { originAccessIdentity: pulumi.Input; } export interface DistributionRestrictions { geoRestriction: pulumi.Input; } export interface DistributionRestrictionsGeoRestriction { locations?: pulumi.Input[]>; restrictionType: pulumi.Input; } export interface DistributionTrustedKeyGroup { /** * `true` if any of the AWS accounts listed as trusted signers have active CloudFront key pairs */ enabled?: pulumi.Input; /** * List of nested attributes for each trusted signer */ items?: pulumi.Input[]>; } export interface DistributionTrustedKeyGroupItem { /** * ID of the key group that contains the public keys. */ keyGroupId?: pulumi.Input; /** * Set of active CloudFront key pairs associated with the signer account */ keyPairIds?: pulumi.Input[]>; } export interface DistributionTrustedSigner { /** * `true` if any of the AWS accounts listed as trusted signers have active CloudFront key pairs */ enabled?: pulumi.Input; /** * List of nested attributes for each trusted signer */ items?: pulumi.Input[]>; } export interface DistributionTrustedSignerItem { /** * AWS account ID or `self` */ awsAccountNumber?: pulumi.Input; /** * Set of active CloudFront key pairs associated with the signer account */ keyPairIds?: pulumi.Input[]>; } export interface DistributionViewerCertificate { acmCertificateArn?: pulumi.Input; cloudfrontDefaultCertificate?: pulumi.Input; iamCertificateId?: pulumi.Input; minimumProtocolVersion?: pulumi.Input; sslSupportMethod?: pulumi.Input; } export interface FieldLevelEncryptionConfigContentTypeProfileConfig { /** * Object that contains an attribute `items` that contains the list of configurations for a field-level encryption content type-profile. See Content Type Profile. */ contentTypeProfiles: pulumi.Input; /** * specifies what to do when an unknown content type is provided for the profile. If true, content is forwarded without being encrypted when the content type is unknown. If false (the default), an error is returned when the content type is unknown. */ forwardWhenContentTypeIsUnknown: pulumi.Input; } export interface FieldLevelEncryptionConfigContentTypeProfileConfigContentTypeProfiles { items: pulumi.Input[]>; } export interface FieldLevelEncryptionConfigContentTypeProfileConfigContentTypeProfilesItem { contentType: pulumi.Input; format: pulumi.Input; profileId?: pulumi.Input; } export interface FieldLevelEncryptionConfigQueryArgProfileConfig { /** * Flag to set if you want a request to be forwarded to the origin even if the profile specified by the field-level encryption query argument, fle-profile, is unknown. */ forwardWhenQueryArgProfileIsUnknown: pulumi.Input; /** * Object that contains an attribute `items` that contains the list ofrofiles specified for query argument-profile mapping for field-level encryption. see Query Arg Profile. */ queryArgProfiles?: pulumi.Input; } export interface FieldLevelEncryptionConfigQueryArgProfileConfigQueryArgProfiles { items?: pulumi.Input[]>; } export interface FieldLevelEncryptionConfigQueryArgProfileConfigQueryArgProfilesItem { profileId: pulumi.Input; queryArg: pulumi.Input; } export interface FieldLevelEncryptionProfileEncryptionEntities { items?: pulumi.Input[]>; } export interface FieldLevelEncryptionProfileEncryptionEntitiesItem { fieldPatterns: pulumi.Input; providerId: pulumi.Input; publicKeyId: pulumi.Input; } export interface FieldLevelEncryptionProfileEncryptionEntitiesItemFieldPatterns { items?: pulumi.Input[]>; } export interface KeyValueStoreTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; } export interface MonitoringSubscriptionMonitoringSubscription { /** * A subscription configuration for additional CloudWatch metrics. See below. */ realtimeMetricsSubscriptionConfig: pulumi.Input; } export interface MonitoringSubscriptionMonitoringSubscriptionRealtimeMetricsSubscriptionConfig { /** * A flag that indicates whether additional CloudWatch metrics are enabled for a given CloudFront distribution. Valid values are `Enabled` and `Disabled`. See below. */ realtimeMetricsSubscriptionStatus: pulumi.Input; } export interface OriginRequestPolicyCookiesConfig { cookieBehavior: pulumi.Input; cookies?: pulumi.Input; } export interface OriginRequestPolicyCookiesConfigCookies { items?: pulumi.Input[]>; } export interface OriginRequestPolicyHeadersConfig { headerBehavior?: pulumi.Input; headers?: pulumi.Input; } export interface OriginRequestPolicyHeadersConfigHeaders { items?: pulumi.Input[]>; } export interface OriginRequestPolicyQueryStringsConfig { queryStringBehavior: pulumi.Input; queryStrings?: pulumi.Input; } export interface OriginRequestPolicyQueryStringsConfigQueryStrings { items?: pulumi.Input[]>; } export interface RealtimeLogConfigEndpoint { /** * The Amazon Kinesis data stream configuration. */ kinesisStreamConfig: pulumi.Input; /** * The type of data stream where real-time log data is sent. The only valid value is `Kinesis`. */ streamType: pulumi.Input; } export interface RealtimeLogConfigEndpointKinesisStreamConfig { /** * The ARN of an IAM role that CloudFront can use to send real-time log data to the Kinesis data stream. * See the [AWS documentation](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/real-time-logs.html#understand-real-time-log-config-iam-role) for more information. */ roleArn: pulumi.Input; /** * The ARN of the Kinesis data stream. */ streamArn: pulumi.Input; } export interface ResponseHeadersPolicyCorsConfig { /** * A Boolean value that CloudFront uses as the value for the `Access-Control-Allow-Credentials` HTTP response header. */ accessControlAllowCredentials: pulumi.Input; /** * Object that contains an attribute `items` that contains a list of HTTP header names that CloudFront includes as values for the `Access-Control-Allow-Headers` HTTP response header. */ accessControlAllowHeaders: pulumi.Input; /** * Object that contains an attribute `items` that contains a list of HTTP methods that CloudFront includes as values for the `Access-Control-Allow-Methods` HTTP response header. Valid values: `GET` | `POST` | `OPTIONS` | `PUT` | `DELETE` | `HEAD` | `ALL` */ accessControlAllowMethods: pulumi.Input; /** * Object that contains an attribute `items` that contains a list of origins that CloudFront can use as the value for the `Access-Control-Allow-Origin` HTTP response header. */ accessControlAllowOrigins: pulumi.Input; /** * Object that contains an attribute `items` that contains a list of HTTP headers that CloudFront includes as values for the `Access-Control-Expose-Headers` HTTP response header. */ accessControlExposeHeaders?: pulumi.Input; /** * A number that CloudFront uses as the value for the `Access-Control-Max-Age` HTTP response header. */ accessControlMaxAgeSec?: pulumi.Input; /** * A Boolean value that determines how CloudFront behaves for the HTTP response header. */ originOverride: pulumi.Input; } export interface ResponseHeadersPolicyCorsConfigAccessControlAllowHeaders { items?: pulumi.Input[]>; } export interface ResponseHeadersPolicyCorsConfigAccessControlAllowMethods { items?: pulumi.Input[]>; } export interface ResponseHeadersPolicyCorsConfigAccessControlAllowOrigins { items?: pulumi.Input[]>; } export interface ResponseHeadersPolicyCorsConfigAccessControlExposeHeaders { items?: pulumi.Input[]>; } export interface ResponseHeadersPolicyCustomHeadersConfig { items?: pulumi.Input[]>; } export interface ResponseHeadersPolicyCustomHeadersConfigItem { header: pulumi.Input; override: pulumi.Input; value: pulumi.Input; } export interface ResponseHeadersPolicyRemoveHeadersConfig { items?: pulumi.Input[]>; } export interface ResponseHeadersPolicyRemoveHeadersConfigItem { header: pulumi.Input; } export interface ResponseHeadersPolicySecurityHeadersConfig { /** * The policy directives and their values that CloudFront includes as values for the `Content-Security-Policy` HTTP response header. See Content Security Policy for more information. */ contentSecurityPolicy?: pulumi.Input; /** * Determines whether CloudFront includes the `X-Content-Type-Options` HTTP response header with its value set to `nosniff`. See Content Type Options for more information. */ contentTypeOptions?: pulumi.Input; /** * Determines whether CloudFront includes the `X-Frame-Options` HTTP response header and the header’s value. See Frame Options for more information. */ frameOptions?: pulumi.Input; /** * Determines whether CloudFront includes the `Referrer-Policy` HTTP response header and the header’s value. See Referrer Policy for more information. */ referrerPolicy?: pulumi.Input; /** * Determines whether CloudFront includes the `Strict-Transport-Security` HTTP response header and the header’s value. See Strict Transport Security for more information. */ strictTransportSecurity?: pulumi.Input; /** * Determine whether CloudFront includes the `X-XSS-Protection` HTTP response header and the header’s value. See XSS Protection for more information. */ xssProtection?: pulumi.Input; } export interface ResponseHeadersPolicySecurityHeadersConfigContentSecurityPolicy { /** * The policy directives and their values that CloudFront includes as values for the `Content-Security-Policy` HTTP response header. */ contentSecurityPolicy: pulumi.Input; /** * Whether CloudFront overrides the `Content-Security-Policy` HTTP response header received from the origin with the one specified in this response headers policy. */ override: pulumi.Input; } export interface ResponseHeadersPolicySecurityHeadersConfigContentTypeOptions { /** * Whether CloudFront overrides the `X-Content-Type-Options` HTTP response header received from the origin with the one specified in this response headers policy. */ override: pulumi.Input; } export interface ResponseHeadersPolicySecurityHeadersConfigFrameOptions { /** * The value of the `X-Frame-Options` HTTP response header. Valid values: `DENY` | `SAMEORIGIN` */ frameOption: pulumi.Input; /** * Whether CloudFront overrides the `X-Frame-Options` HTTP response header received from the origin with the one specified in this response headers policy. */ override: pulumi.Input; } export interface ResponseHeadersPolicySecurityHeadersConfigReferrerPolicy { /** * Whether CloudFront overrides the `Referrer-Policy` HTTP response header received from the origin with the one specified in this response headers policy. */ override: pulumi.Input; /** * The value of the `Referrer-Policy` HTTP response header. Valid Values: `no-referrer` | `no-referrer-when-downgrade` | `origin` | `origin-when-cross-origin` | `same-origin` | `strict-origin` | `strict-origin-when-cross-origin` | `unsafe-url` */ referrerPolicy: pulumi.Input; } export interface ResponseHeadersPolicySecurityHeadersConfigStrictTransportSecurity { /** * A number that CloudFront uses as the value for the `max-age` directive in the `Strict-Transport-Security` HTTP response header. */ accessControlMaxAgeSec: pulumi.Input; /** * Whether CloudFront includes the `includeSubDomains` directive in the `Strict-Transport-Security` HTTP response header. */ includeSubdomains?: pulumi.Input; /** * Whether CloudFront overrides the `Strict-Transport-Security` HTTP response header received from the origin with the one specified in this response headers policy. */ override: pulumi.Input; /** * Whether CloudFront includes the `preload` directive in the `Strict-Transport-Security` HTTP response header. */ preload?: pulumi.Input; } export interface ResponseHeadersPolicySecurityHeadersConfigXssProtection { /** * Whether CloudFront includes the `mode=block` directive in the `X-XSS-Protection` header. */ modeBlock?: pulumi.Input; /** * Whether CloudFront overrides the `X-XSS-Protection` HTTP response header received from the origin with the one specified in this response headers policy. */ override: pulumi.Input; /** * A Boolean value that determines the value of the `X-XSS-Protection` HTTP response header. When this setting is `true`, the value of the `X-XSS-Protection` header is `1`. When this setting is `false`, the value of the `X-XSS-Protection` header is `0`. */ protection: pulumi.Input; /** * A reporting URI, which CloudFront uses as the value of the report directive in the `X-XSS-Protection` header. You cannot specify a `reportUri` when `modeBlock` is `true`. */ reportUri?: pulumi.Input; } export interface ResponseHeadersPolicyServerTimingHeadersConfig { /** * A Whether CloudFront adds the `Server-Timing` header to HTTP responses that it sends in response to requests that match a cache behavior that's associated with this response headers policy. */ enabled: pulumi.Input; /** * A number 0–100 (inclusive) that specifies the percentage of responses that you want CloudFront to add the Server-Timing header to. Valid range: Minimum value of 0.0. Maximum value of 100.0. */ samplingRate: pulumi.Input; } } export namespace cloudhsmv2 { export interface ClusterClusterCertificate { /** * The HSM hardware certificate issued (signed) by AWS CloudHSM. */ awsHardwareCertificate?: pulumi.Input; /** * The cluster certificate issued (signed) by the issuing certificate authority (CA) of the cluster's owner. */ clusterCertificate?: pulumi.Input; /** * The certificate signing request (CSR). Available only in `UNINITIALIZED` state after an HSM instance is added to the cluster. */ clusterCsr?: pulumi.Input; /** * The HSM certificate issued (signed) by the HSM hardware. */ hsmCertificate?: pulumi.Input; /** * The HSM hardware certificate issued (signed) by the hardware manufacturer. */ manufacturerHardwareCertificate?: pulumi.Input; } } export namespace cloudsearch { export interface DomainEndpointOptions { /** * Enables or disables the requirement that all requests to the domain arrive over HTTPS. */ enforceHttps?: pulumi.Input; /** * The minimum required TLS version. See the [AWS documentation](https://docs.aws.amazon.com/cloudsearch/latest/developerguide/API_DomainEndpointOptions.html) for valid values. */ tlsSecurityPolicy?: pulumi.Input; } export interface DomainIndexField { /** * The analysis scheme you want to use for a `text` field. The analysis scheme specifies the language-specific text processing options that are used during indexing. */ analysisScheme?: pulumi.Input; /** * The default value for the field. This value is used when no value is specified for the field in the document data. */ defaultValue?: pulumi.Input; /** * You can get facet information by enabling this. */ facet?: pulumi.Input; /** * You can highlight information. */ highlight?: pulumi.Input; /** * A unique name for the field. Field names must begin with a letter and be at least 3 and no more than 64 characters long. The allowed characters are: `a`-`z` (lower-case letters), `0`-`9`, and `_` (underscore). The name `score` is reserved and cannot be used as a field name. */ name: pulumi.Input; /** * You can enable returning the value of all searchable fields. */ return?: pulumi.Input; /** * You can set whether this index should be searchable or not. */ search?: pulumi.Input; /** * You can enable the property to be sortable. */ sort?: pulumi.Input; /** * A comma-separated list of source fields to map to the field. Specifying a source field copies data from one field to another, enabling you to use the same source data in different ways by configuring different options for the fields. */ sourceFields?: pulumi.Input; /** * The field type. Valid values: `date`, `date-array`, `double`, `double-array`, `int`, `int-array`, `literal`, `literal-array`, `text`, `text-array`. */ type: pulumi.Input; } export interface DomainScalingParameters { /** * The instance type that you want to preconfigure for your domain. See the [AWS documentation](https://docs.aws.amazon.com/cloudsearch/latest/developerguide/API_ScalingParameters.html) for valid values. */ desiredInstanceType?: pulumi.Input; /** * The number of partitions you want to preconfigure for your domain. Only valid when you select `search.2xlarge` as the instance type. */ desiredPartitionCount?: pulumi.Input; /** * The number of replicas you want to preconfigure for each index partition. */ desiredReplicationCount?: pulumi.Input; } } export namespace cloudtrail { export interface EventDataStoreAdvancedEventSelector { /** * Specifies the selector statements in an advanced event selector. Fields documented below. */ fieldSelectors?: pulumi.Input[]>; /** * Specifies the name of the advanced event selector. */ name?: pulumi.Input; } export interface EventDataStoreAdvancedEventSelectorFieldSelector { /** * A list of values that includes events that match the last few characters of the event record field specified as the value of `field`. */ endsWiths?: pulumi.Input[]>; /** * A list of values that includes events that match the exact value of the event record field specified as the value of `field`. This is the only valid operator that you can use with the `readOnly`, `eventCategory`, and `resources.type` fields. */ equals?: pulumi.Input[]>; /** * Specifies a field in an event record on which to filter events to be logged. You can specify only the following values: `readOnly`, `eventSource`, `eventName`, `eventCategory`, `resources.type`, `resources.ARN`. */ field?: pulumi.Input; /** * A list of values that excludes events that match the last few characters of the event record field specified as the value of `field`. */ notEndsWiths?: pulumi.Input[]>; /** * A list of values that excludes events that match the exact value of the event record field specified as the value of `field`. */ notEquals?: pulumi.Input[]>; /** * A list of values that excludes events that match the first few characters of the event record field specified as the value of `field`. */ notStartsWiths?: pulumi.Input[]>; /** * A list of values that includes events that match the first few characters of the event record field specified as the value of `field`. */ startsWiths?: pulumi.Input[]>; } export interface TrailAdvancedEventSelector { fieldSelectors: pulumi.Input[]>; /** * Name of the trail. */ name?: pulumi.Input; } export interface TrailAdvancedEventSelectorFieldSelector { endsWiths?: pulumi.Input[]>; equals?: pulumi.Input[]>; field: pulumi.Input; notEndsWiths?: pulumi.Input[]>; notEquals?: pulumi.Input[]>; notStartsWiths?: pulumi.Input[]>; startsWiths?: pulumi.Input[]>; } export interface TrailEventSelector { /** * Configuration block for data events. See details below. */ dataResources?: pulumi.Input[]>; /** * A set of event sources to exclude. Valid values include: `kms.amazonaws.com` and `rdsdata.amazonaws.com`. `includeManagementEvents` must be set to`true` to allow this. */ excludeManagementEventSources?: pulumi.Input[]>; /** * Whether to include management events for your trail. Defaults to `true`. */ includeManagementEvents?: pulumi.Input; /** * Type of events to log. Valid values are `ReadOnly`, `WriteOnly`, `All`. Default value is `All`. */ readWriteType?: pulumi.Input; } export interface TrailEventSelectorDataResource { /** * Resource type in which you want to log data events. You can specify only the following value: "AWS::S3::Object", "AWS::Lambda::Function" and "AWS::DynamoDB::Table". */ type: pulumi.Input; /** * List of ARN strings or partial ARN strings to specify selectors for data audit events over data resources. ARN list is specific to single-valued `type`. For example, `arn:aws:s3:::/` for all objects in a bucket, `arn:aws:s3:::/key` for specific objects, `arn:aws:lambda` for all lambda events within an account, `arn:aws:lambda:::function:` for a specific Lambda function, `arn:aws:dynamodb` for all DDB events for all tables within an account, or `arn:aws:dynamodb:::table/` for a specific DynamoDB table. */ values: pulumi.Input[]>; } export interface TrailInsightSelector { /** * Type of insights to log on a trail. Valid values are: `ApiCallRateInsight` and `ApiErrorRateInsight`. */ insightType: pulumi.Input; } } export namespace cloudwatch { export interface CompositeAlarmActionsSuppressor { /** * Can be an AlarmName or an Amazon Resource Name (ARN) from an existing alarm. */ alarm: pulumi.Input; /** * The maximum time in seconds that the composite alarm waits after suppressor alarm goes out of the `ALARM` state. After this time, the composite alarm performs its actions. */ extensionPeriod: pulumi.Input; /** * The maximum time in seconds that the composite alarm waits for the suppressor alarm to go into the `ALARM` state. After this time, the composite alarm performs its actions. */ waitPeriod: pulumi.Input; } export interface EventConnectionAuthParameters { /** * Parameters used for API_KEY authorization. An API key to include in the header for each authentication request. A maximum of 1 are allowed. Conflicts with `basic` and `oauth`. Documented below. */ apiKey?: pulumi.Input; /** * Parameters used for BASIC authorization. A maximum of 1 are allowed. Conflicts with `apiKey` and `oauth`. Documented below. */ basic?: pulumi.Input; /** * Invocation Http Parameters are additional credentials used to sign each Invocation of the ApiDestination created from this Connection. If the ApiDestination Rule Target has additional HttpParameters, the values will be merged together, with the Connection Invocation Http Parameters taking precedence. Secret values are stored and managed by AWS Secrets Manager. A maximum of 1 are allowed. Documented below. */ invocationHttpParameters?: pulumi.Input; /** * Parameters used for OAUTH_CLIENT_CREDENTIALS authorization. A maximum of 1 are allowed. Conflicts with `basic` and `apiKey`. Documented below. */ oauth?: pulumi.Input; } export interface EventConnectionAuthParametersApiKey { /** * Header Name. */ key: pulumi.Input; /** * Header Value. Created and stored in AWS Secrets Manager. */ value: pulumi.Input; } export interface EventConnectionAuthParametersBasic { /** * A password for the authorization. Created and stored in AWS Secrets Manager. */ password: pulumi.Input; /** * A username for the authorization. */ username: pulumi.Input; } export interface EventConnectionAuthParametersInvocationHttpParameters { /** * Contains additional body string parameters for the connection. You can include up to 100 additional body string parameters per request. Each additional parameter counts towards the event payload size, which cannot exceed 64 KB. Each parameter can contain the following: */ bodies?: pulumi.Input[]>; /** * Contains additional header parameters for the connection. You can include up to 100 additional body string parameters per request. Each additional parameter counts towards the event payload size, which cannot exceed 64 KB. Each parameter can contain the following: */ headers?: pulumi.Input[]>; /** * Contains additional query string parameters for the connection. You can include up to 100 additional body string parameters per request. Each additional parameter counts towards the event payload size, which cannot exceed 64 KB. Each parameter can contain the following: */ queryStrings?: pulumi.Input[]>; } export interface EventConnectionAuthParametersInvocationHttpParametersBody { /** * Specified whether the value is secret. */ isValueSecret?: pulumi.Input; /** * The key for the parameter. */ key?: pulumi.Input; /** * The value associated with the key. Created and stored in AWS Secrets Manager if is secret. */ value?: pulumi.Input; } export interface EventConnectionAuthParametersInvocationHttpParametersHeader { /** * Specified whether the value is secret. */ isValueSecret?: pulumi.Input; /** * The key for the parameter. */ key?: pulumi.Input; /** * The value associated with the key. Created and stored in AWS Secrets Manager if is secret. */ value?: pulumi.Input; } export interface EventConnectionAuthParametersInvocationHttpParametersQueryString { /** * Specified whether the value is secret. */ isValueSecret?: pulumi.Input; /** * The key for the parameter. */ key?: pulumi.Input; /** * The value associated with the key. Created and stored in AWS Secrets Manager if is secret. */ value?: pulumi.Input; } export interface EventConnectionAuthParametersOauth { /** * The URL to the authorization endpoint. */ authorizationEndpoint: pulumi.Input; /** * Contains the client parameters for OAuth authorization. Contains the following two parameters. */ clientParameters?: pulumi.Input; /** * A password for the authorization. Created and stored in AWS Secrets Manager. */ httpMethod: pulumi.Input; /** * OAuth Http Parameters are additional credentials used to sign the request to the authorization endpoint to exchange the OAuth Client information for an access token. Secret values are stored and managed by AWS Secrets Manager. A maximum of 1 are allowed. Documented below. */ oauthHttpParameters: pulumi.Input; } export interface EventConnectionAuthParametersOauthClientParameters { /** * The client ID for the credentials to use for authorization. Created and stored in AWS Secrets Manager. */ clientId: pulumi.Input; /** * The client secret for the credentials to use for authorization. Created and stored in AWS Secrets Manager. */ clientSecret: pulumi.Input; } export interface EventConnectionAuthParametersOauthOauthHttpParameters { /** * Contains additional body string parameters for the connection. You can include up to 100 additional body string parameters per request. Each additional parameter counts towards the event payload size, which cannot exceed 64 KB. Each parameter can contain the following: */ bodies?: pulumi.Input[]>; /** * Contains additional header parameters for the connection. You can include up to 100 additional body string parameters per request. Each additional parameter counts towards the event payload size, which cannot exceed 64 KB. Each parameter can contain the following: */ headers?: pulumi.Input[]>; /** * Contains additional query string parameters for the connection. You can include up to 100 additional body string parameters per request. Each additional parameter counts towards the event payload size, which cannot exceed 64 KB. Each parameter can contain the following: */ queryStrings?: pulumi.Input[]>; } export interface EventConnectionAuthParametersOauthOauthHttpParametersBody { /** * Specified whether the value is secret. */ isValueSecret?: pulumi.Input; /** * The key for the parameter. */ key?: pulumi.Input; /** * The value associated with the key. Created and stored in AWS Secrets Manager if is secret. */ value?: pulumi.Input; } export interface EventConnectionAuthParametersOauthOauthHttpParametersHeader { /** * Specified whether the value is secret. */ isValueSecret?: pulumi.Input; /** * The key for the parameter. */ key?: pulumi.Input; /** * The value associated with the key. Created and stored in AWS Secrets Manager if is secret. */ value?: pulumi.Input; } export interface EventConnectionAuthParametersOauthOauthHttpParametersQueryString { /** * Specified whether the value is secret. */ isValueSecret?: pulumi.Input; /** * The key for the parameter. */ key?: pulumi.Input; /** * The value associated with the key. Created and stored in AWS Secrets Manager if is secret. */ value?: pulumi.Input; } export interface EventEndpointEventBus { /** * The ARN of the event bus the endpoint is associated with. */ eventBusArn: pulumi.Input; } export interface EventEndpointReplicationConfig { /** * The state of event replication. Valid values: `ENABLED`, `DISABLED`. The default state is `ENABLED`, which means you must supply a `roleArn`. If you don't have a `roleArn` or you don't want event replication enabled, set `state` to `DISABLED`. */ state?: pulumi.Input; } export interface EventEndpointRoutingConfig { /** * Parameters used for failover. This includes what triggers failover and what happens when it's triggered. Documented below. */ failoverConfig: pulumi.Input; } export interface EventEndpointRoutingConfigFailoverConfig { /** * Parameters used for the primary Region. Documented below. */ primary: pulumi.Input; /** * Parameters used for the secondary Region, the Region that events are routed to when failover is triggered or event replication is enabled. Documented below. */ secondary: pulumi.Input; } export interface EventEndpointRoutingConfigFailoverConfigPrimary { /** * The ARN of the health check used by the endpoint to determine whether failover is triggered. */ healthCheck?: pulumi.Input; } export interface EventEndpointRoutingConfigFailoverConfigSecondary { /** * The name of the secondary Region. */ route?: pulumi.Input; } export interface EventPermissionCondition { /** * Key for the condition. Valid values: `aws:PrincipalOrgID`. */ key: pulumi.Input; /** * Type of condition. Value values: `StringEquals`. */ type: pulumi.Input; /** * Value for the key. */ value: pulumi.Input; } export interface EventTargetBatchTarget { /** * The size of the array, if this is an array batch job. Valid values are integers between 2 and 10,000. */ arraySize?: pulumi.Input; /** * The number of times to attempt to retry, if the job fails. Valid values are 1 to 10. */ jobAttempts?: pulumi.Input; /** * The ARN or name of the job definition to use if the event target is an AWS Batch job. This job definition must already exist. */ jobDefinition: pulumi.Input; /** * The name to use for this execution of the job, if the target is an AWS Batch job. */ jobName: pulumi.Input; } export interface EventTargetDeadLetterConfig { /** * ARN of the SQS queue specified as the target for the dead-letter queue. */ arn?: pulumi.Input; } export interface EventTargetEcsTarget { /** * The capacity provider strategy to use for the task. If a `capacityProviderStrategy` specified, the `launchType` parameter must be omitted. If no `capacityProviderStrategy` or `launchType` is specified, the default capacity provider strategy for the cluster is used. Can be one or more. See below. */ capacityProviderStrategies?: pulumi.Input[]>; /** * Specifies whether to enable Amazon ECS managed tags for the task. */ enableEcsManagedTags?: pulumi.Input; /** * Whether or not to enable the execute command functionality for the containers in this task. If true, this enables execute command functionality on all containers in the task. */ enableExecuteCommand?: pulumi.Input; /** * Specifies an ECS task group for the task. The maximum length is 255 characters. */ group?: pulumi.Input; /** * Specifies the launch type on which your task is running. The launch type that you specify here must match one of the launch type (compatibilities) of the target task. Valid values include: `EC2`, `EXTERNAL`, or `FARGATE`. */ launchType?: pulumi.Input; /** * Use this if the ECS task uses the awsvpc network mode. This specifies the VPC subnets and security groups associated with the task, and whether a public IP address is to be used. Required if `launchType` is `FARGATE` because the awsvpc mode is required for Fargate tasks. */ networkConfiguration?: pulumi.Input; /** * An array of placement strategy objects to use for the task. You can specify a maximum of five strategy rules per task. */ orderedPlacementStrategies?: pulumi.Input[]>; /** * An array of placement constraint objects to use for the task. You can specify up to 10 constraints per task (including constraints in the task definition and those specified at runtime). See Below. */ placementConstraints?: pulumi.Input[]>; /** * Specifies the platform version for the task. Specify only the numeric portion of the platform version, such as `1.1.0`. This is used only if LaunchType is FARGATE. For more information about valid platform versions, see [AWS Fargate Platform Versions](http://docs.aws.amazon.com/AmazonECS/latest/developerguide/platform_versions.html). */ platformVersion?: pulumi.Input; /** * Specifies whether to propagate the tags from the task definition to the task. If no value is specified, the tags are not propagated. Tags can only be propagated to the task during task creation. The only valid value is: `TASK_DEFINITION`. */ propagateTags?: pulumi.Input; /** * A map of tags to assign to ecs resources. */ tags?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * The number of tasks to create based on the TaskDefinition. Defaults to `1`. */ taskCount?: pulumi.Input; /** * The ARN of the task definition to use if the event target is an Amazon ECS cluster. */ taskDefinitionArn: pulumi.Input; } export interface EventTargetEcsTargetCapacityProviderStrategy { /** * The base value designates how many tasks, at a minimum, to run on the specified capacity provider. Only one capacity provider in a capacity provider strategy can have a base defined. Defaults to `0`. */ base?: pulumi.Input; /** * Short name of the capacity provider. */ capacityProvider: pulumi.Input; /** * The weight value designates the relative percentage of the total number of tasks launched that should use the specified capacity provider. The weight value is taken into consideration after the base value, if defined, is satisfied. */ weight?: pulumi.Input; } export interface EventTargetEcsTargetNetworkConfiguration { /** * Assign a public IP address to the ENI (Fargate launch type only). Valid values are `true` or `false`. Defaults to `false`. * * For more information, see [Task Networking](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html) */ assignPublicIp?: pulumi.Input; /** * The security groups associated with the task or service. If you do not specify a security group, the default security group for the VPC is used. */ securityGroups?: pulumi.Input[]>; /** * The subnets associated with the task or service. */ subnets: pulumi.Input[]>; } export interface EventTargetEcsTargetOrderedPlacementStrategy { /** * The field to apply the placement strategy against. For the `spread` placement strategy, valid values are `instanceId` (or `host`, which has the same effect), or any platform or custom attribute that is applied to a container instance, such as `attribute:ecs.availability-zone`. For the `binpack` placement strategy, valid values are `cpu` and `memory`. For the `random` placement strategy, this field is not used. For more information, see [Amazon ECS task placement strategies](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-placement-strategies.html). */ field?: pulumi.Input; /** * Type of placement strategy. The only valid values at this time are `binpack`, `random` and `spread`. */ type: pulumi.Input; } export interface EventTargetEcsTargetPlacementConstraint { /** * Cluster Query Language expression to apply to the constraint. Does not need to be specified for the `distinctInstance` type. For more information, see [Cluster Query Language in the Amazon EC2 Container Service Developer Guide](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/cluster-query-language.html). */ expression?: pulumi.Input; /** * Type of constraint. The only valid values at this time are `memberOf` and `distinctInstance`. */ type: pulumi.Input; } export interface EventTargetHttpTarget { /** * Enables you to specify HTTP headers to add to the request. */ headerParameters?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * The list of values that correspond sequentially to any path variables in your endpoint ARN (for example `arn:aws:execute-api:us-east-1:123456:myapi/*/POST/pets/*`). */ pathParameterValues?: pulumi.Input[]>; /** * Represents keys/values of query string parameters that are appended to the invoked endpoint. */ queryStringParameters?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface EventTargetInputTransformer { /** * Key value pairs specified in the form of JSONPath (for example, time = $.time) * * You can have as many as 100 key-value pairs. * * You must use JSON dot notation, not bracket notation. * * The keys can't start with "AWS". */ inputPaths?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Template to customize data sent to the target. Must be valid JSON. To send a string value, the string value must include double quotes. */ inputTemplate: pulumi.Input; } export interface EventTargetKinesisTarget { /** * The JSON path to be extracted from the event and used as the partition key. */ partitionKeyPath?: pulumi.Input; } export interface EventTargetRedshiftTarget { /** * The name of the database. */ database: pulumi.Input; /** * The database user name. */ dbUser?: pulumi.Input; /** * The name or ARN of the secret that enables access to the database. */ secretsManagerArn?: pulumi.Input; /** * The SQL statement text to run. */ sql?: pulumi.Input; /** * The name of the SQL statement. */ statementName?: pulumi.Input; /** * Indicates whether to send an event back to EventBridge after the SQL statement runs. */ withEvent?: pulumi.Input; } export interface EventTargetRetryPolicy { /** * The age in seconds to continue to make retry attempts. */ maximumEventAgeInSeconds?: pulumi.Input; /** * maximum number of retry attempts to make before the request fails */ maximumRetryAttempts?: pulumi.Input; } export interface EventTargetRunCommandTarget { /** * Can be either `tag:tag-key` or `InstanceIds`. */ key: pulumi.Input; /** * If Key is `tag:tag-key`, Values is a list of tag values. If Key is `InstanceIds`, Values is a list of Amazon EC2 instance IDs. */ values: pulumi.Input[]>; } export interface EventTargetSagemakerPipelineTarget { /** * List of Parameter names and values for SageMaker Model Building Pipeline execution. */ pipelineParameterLists?: pulumi.Input[]>; } export interface EventTargetSagemakerPipelineTargetPipelineParameterList { /** * Name of parameter to start execution of a SageMaker Model Building Pipeline. */ name: pulumi.Input; /** * Value of parameter to start execution of a SageMaker Model Building Pipeline. */ value: pulumi.Input; } export interface EventTargetSqsTarget { /** * The FIFO message group ID to use as the target. */ messageGroupId?: pulumi.Input; } export interface GetLogDataProtectionPolicyDocumentStatement { /** * Set of at least 1 sensitive data identifiers that you want to mask. Read more in [Types of data that you can protect](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/protect-sensitive-log-data-types.html). */ dataIdentifiers: string[]; /** * Configures the data protection operation applied by this statement. */ operation: inputs.cloudwatch.GetLogDataProtectionPolicyDocumentStatementOperation; /** * Name of this statement. */ sid?: string; } export interface GetLogDataProtectionPolicyDocumentStatementArgs { /** * Set of at least 1 sensitive data identifiers that you want to mask. Read more in [Types of data that you can protect](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/protect-sensitive-log-data-types.html). */ dataIdentifiers: pulumi.Input[]>; /** * Configures the data protection operation applied by this statement. */ operation: pulumi.Input; /** * Name of this statement. */ sid?: pulumi.Input; } export interface GetLogDataProtectionPolicyDocumentStatementOperation { /** * Configures the detection of sensitive data. */ audit?: inputs.cloudwatch.GetLogDataProtectionPolicyDocumentStatementOperationAudit; /** * Configures the masking of sensitive data. * * > Every policy statement must specify exactly one operation. */ deidentify?: inputs.cloudwatch.GetLogDataProtectionPolicyDocumentStatementOperationDeidentify; } export interface GetLogDataProtectionPolicyDocumentStatementOperationArgs { /** * Configures the detection of sensitive data. */ audit?: pulumi.Input; /** * Configures the masking of sensitive data. * * > Every policy statement must specify exactly one operation. */ deidentify?: pulumi.Input; } export interface GetLogDataProtectionPolicyDocumentStatementOperationAudit { /** * Configures destinations to send audit findings to. */ findingsDestination: inputs.cloudwatch.GetLogDataProtectionPolicyDocumentStatementOperationAuditFindingsDestination; } export interface GetLogDataProtectionPolicyDocumentStatementOperationAuditArgs { /** * Configures destinations to send audit findings to. */ findingsDestination: pulumi.Input; } export interface GetLogDataProtectionPolicyDocumentStatementOperationAuditFindingsDestination { /** * Configures CloudWatch Logs as a findings destination. */ cloudwatchLogs?: inputs.cloudwatch.GetLogDataProtectionPolicyDocumentStatementOperationAuditFindingsDestinationCloudwatchLogs; /** * Configures Kinesis Firehose as a findings destination. */ firehose?: inputs.cloudwatch.GetLogDataProtectionPolicyDocumentStatementOperationAuditFindingsDestinationFirehose; /** * Configures S3 as a findings destination. */ s3?: inputs.cloudwatch.GetLogDataProtectionPolicyDocumentStatementOperationAuditFindingsDestinationS3; } export interface GetLogDataProtectionPolicyDocumentStatementOperationAuditFindingsDestinationArgs { /** * Configures CloudWatch Logs as a findings destination. */ cloudwatchLogs?: pulumi.Input; /** * Configures Kinesis Firehose as a findings destination. */ firehose?: pulumi.Input; /** * Configures S3 as a findings destination. */ s3?: pulumi.Input; } export interface GetLogDataProtectionPolicyDocumentStatementOperationAuditFindingsDestinationCloudwatchLogs { /** * Name of the CloudWatch Log Group to send findings to. */ logGroup: string; } export interface GetLogDataProtectionPolicyDocumentStatementOperationAuditFindingsDestinationCloudwatchLogsArgs { /** * Name of the CloudWatch Log Group to send findings to. */ logGroup: pulumi.Input; } export interface GetLogDataProtectionPolicyDocumentStatementOperationAuditFindingsDestinationFirehose { /** * Name of the Kinesis Firehose Delivery Stream to send findings to. */ deliveryStream: string; } export interface GetLogDataProtectionPolicyDocumentStatementOperationAuditFindingsDestinationFirehoseArgs { /** * Name of the Kinesis Firehose Delivery Stream to send findings to. */ deliveryStream: pulumi.Input; } export interface GetLogDataProtectionPolicyDocumentStatementOperationAuditFindingsDestinationS3 { /** * Name of the S3 Bucket to send findings to. */ bucket: string; } export interface GetLogDataProtectionPolicyDocumentStatementOperationAuditFindingsDestinationS3Args { /** * Name of the S3 Bucket to send findings to. */ bucket: pulumi.Input; } export interface GetLogDataProtectionPolicyDocumentStatementOperationDeidentify { /** * An empty object that configures masking. */ maskConfig: inputs.cloudwatch.GetLogDataProtectionPolicyDocumentStatementOperationDeidentifyMaskConfig; } export interface GetLogDataProtectionPolicyDocumentStatementOperationDeidentifyArgs { /** * An empty object that configures masking. */ maskConfig: pulumi.Input; } export interface GetLogDataProtectionPolicyDocumentStatementOperationDeidentifyMaskConfig { } export interface GetLogDataProtectionPolicyDocumentStatementOperationDeidentifyMaskConfigArgs { } export interface InternetMonitorHealthEventsConfig { /** * The health event threshold percentage set for availability scores. */ availabilityScoreThreshold?: pulumi.Input; /** * The health event threshold percentage set for performance scores. */ performanceScoreThreshold?: pulumi.Input; } export interface InternetMonitorInternetMeasurementsLogDelivery { s3Config?: pulumi.Input; } export interface InternetMonitorInternetMeasurementsLogDeliveryS3Config { bucketName: pulumi.Input; bucketPrefix?: pulumi.Input; logDeliveryStatus?: pulumi.Input; } export interface LogMetricFilterMetricTransformation { /** * The value to emit when a filter pattern does not match a log event. Conflicts with `dimensions`. */ defaultValue?: pulumi.Input; /** * Map of fields to use as dimensions for the metric. Up to 3 dimensions are allowed. Conflicts with `defaultValue`. */ dimensions?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * The name of the CloudWatch metric to which the monitored log information should be published (e.g., `ErrorCount`) */ name: pulumi.Input; /** * The destination namespace of the CloudWatch metric. */ namespace: pulumi.Input; /** * The unit to assign to the metric. If you omit this, the unit is set as `None`. */ unit?: pulumi.Input; /** * What to publish to the metric. For example, if you're counting the occurrences of a particular term like "Error", the value will be "1" for each occurrence. If you're counting the bytes transferred the published value will be the value in the log event. */ value: pulumi.Input; } export interface MetricAlarmMetricQuery { /** * The ID of the account where the metrics are located, if this is a cross-account alarm. */ accountId?: pulumi.Input; /** * The math expression to be performed on the returned data, if this object is performing a math expression. This expression can use the id of the other metrics to refer to those metrics, and can also use the id of other expressions to use the result of those expressions. For more information about metric math expressions, see Metric Math Syntax and Functions in the [Amazon CloudWatch User Guide](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/using-metric-math.html#metric-math-syntax). */ expression?: pulumi.Input; /** * A short name used to tie this object to the results in the response. If you are performing math expressions on this set of data, this name represents that data and can serve as a variable in the mathematical expression. The valid characters are letters, numbers, and underscore. The first character must be a lowercase letter. */ id: pulumi.Input; /** * A human-readable label for this metric or expression. This is especially useful if this is an expression, so that you know what the value represents. */ label?: pulumi.Input; /** * The metric to be returned, along with statistics, period, and units. Use this parameter only if this object is retrieving a metric and not performing a math expression on returned data. */ metric?: pulumi.Input; /** * Granularity in seconds of returned data points. * For metrics with regular resolution, valid values are any multiple of `60`. * For high-resolution metrics, valid values are `1`, `5`, `10`, `30`, or any multiple of `60`. */ period?: pulumi.Input; /** * Specify exactly one `metricQuery` to be `true` to use that `metricQuery` result as the alarm. * * > **NOTE:** You must specify either `metric` or `expression`. Not both. */ returnData?: pulumi.Input; } export interface MetricAlarmMetricQueryMetric { /** * The dimensions for this metric. For the list of available dimensions see the AWS documentation [here](http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/CW_Support_For_AWS.html). */ dimensions?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * The name for this metric. * See docs for [supported metrics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/CW_Support_For_AWS.html). */ metricName: pulumi.Input; /** * The namespace for this metric. See docs for the [list of namespaces](https://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/aws-namespaces.html). * See docs for [supported metrics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/CW_Support_For_AWS.html). */ namespace?: pulumi.Input; /** * Granularity in seconds of returned data points. * For metrics with regular resolution, valid values are any multiple of `60`. * For high-resolution metrics, valid values are `1`, `5`, `10`, `30`, or any multiple of `60`. */ period: pulumi.Input; /** * The statistic to apply to this metric. * See docs for [supported statistics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Statistics-definitions.html). */ stat: pulumi.Input; /** * The unit for this metric. */ unit?: pulumi.Input; } export interface MetricStreamExcludeFilter { /** * An array that defines the metrics you want to exclude for this metric namespace */ metricNames?: pulumi.Input[]>; /** * Name of the metric namespace in the filter. */ namespace: pulumi.Input; } export interface MetricStreamIncludeFilter { /** * An array that defines the metrics you want to include for this metric namespace */ metricNames?: pulumi.Input[]>; /** * Name of the metric namespace in the filter. */ namespace: pulumi.Input; } export interface MetricStreamStatisticsConfiguration { additionalStatistics: pulumi.Input[]>; includeMetrics: pulumi.Input[]>; } export interface MetricStreamStatisticsConfigurationIncludeMetric { metricName: pulumi.Input; namespace: pulumi.Input; } } export namespace codeartifact { export interface RepositoryExternalConnections { /** * The name of the external connection associated with a repository. */ externalConnectionName: pulumi.Input; packageFormat?: pulumi.Input; status?: pulumi.Input; } export interface RepositoryUpstream { /** * The name of an upstream repository. */ repositoryName: pulumi.Input; } } export namespace codebuild { export interface ProjectArtifacts { /** * Artifact identifier. Must be the same specified inside the AWS CodeBuild build specification. */ artifactIdentifier?: pulumi.Input; /** * Specifies the bucket owner's access for objects that another account uploads to their Amazon S3 bucket. By default, only the account that uploads the objects to the bucket has access to these objects. This property allows you to give the bucket owner access to these objects. Valid values are `NONE`, `READ_ONLY`, and `FULL`. your CodeBuild service role must have the `s3:PutBucketAcl` permission. This permission allows CodeBuild to modify the access control list for the bucket. */ bucketOwnerAccess?: pulumi.Input; /** * Whether to disable encrypting output artifacts. If `type` is set to `NO_ARTIFACTS`, this value is ignored. Defaults to `false`. */ encryptionDisabled?: pulumi.Input; /** * Information about the build output artifact location. If `type` is set to `CODEPIPELINE` or `NO_ARTIFACTS`, this value is ignored. If `type` is set to `S3`, this is the name of the output bucket. */ location?: pulumi.Input; /** * Name of the project. If `type` is set to `S3`, this is the name of the output artifact object */ name?: pulumi.Input; /** * Namespace to use in storing build artifacts. If `type` is set to `S3`, then valid values are `BUILD_ID`, `NONE`. */ namespaceType?: pulumi.Input; /** * Whether a name specified in the build specification overrides the artifact name. */ overrideArtifactName?: pulumi.Input; /** * Type of build output artifact to create. If `type` is set to `S3`, valid values are `NONE`, `ZIP` */ packaging?: pulumi.Input; /** * If `type` is set to `S3`, this is the path to the output artifact. */ path?: pulumi.Input; /** * Build output artifact's type. Valid values: `CODEPIPELINE`, `NO_ARTIFACTS`, `S3`. */ type: pulumi.Input; } export interface ProjectBuildBatchConfig { /** * Specifies if the build artifacts for the batch build should be combined into a single artifact location. */ combineArtifacts?: pulumi.Input; /** * Configuration block specifying the restrictions for the batch build. Detailed below. */ restrictions?: pulumi.Input; /** * Specifies the service role ARN for the batch build project. */ serviceRole: pulumi.Input; /** * Specifies the maximum amount of time, in minutes, that the batch build must be completed in. */ timeoutInMins?: pulumi.Input; } export interface ProjectBuildBatchConfigRestrictions { /** * An array of strings that specify the compute types that are allowed for the batch build. See [Build environment compute types](https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-compute-types.html) in the AWS CodeBuild User Guide for these values. */ computeTypesAlloweds?: pulumi.Input[]>; /** * Specifies the maximum number of builds allowed. */ maximumBuildsAllowed?: pulumi.Input; } export interface ProjectCache { /** * Location where the AWS CodeBuild project stores cached resources. For type `S3`, the value must be a valid S3 bucket name/prefix. */ location?: pulumi.Input; /** * Specifies settings that AWS CodeBuild uses to store and reuse build dependencies. Valid values: `LOCAL_SOURCE_CACHE`, `LOCAL_DOCKER_LAYER_CACHE`, `LOCAL_CUSTOM_CACHE`. */ modes?: pulumi.Input[]>; /** * Type of storage that will be used for the AWS CodeBuild project cache. Valid values: `NO_CACHE`, `LOCAL`, `S3`. Defaults to `NO_CACHE`. */ type?: pulumi.Input; } export interface ProjectEnvironment { /** * ARN of the S3 bucket, path prefix and object key that contains the PEM-encoded certificate. */ certificate?: pulumi.Input; /** * Information about the compute resources the build project will use. Valid values: `BUILD_GENERAL1_SMALL`, `BUILD_GENERAL1_MEDIUM`, `BUILD_GENERAL1_LARGE`, `BUILD_GENERAL1_2XLARGE`, `BUILD_LAMBDA_1GB`, `BUILD_LAMBDA_2GB`, `BUILD_LAMBDA_4GB`, `BUILD_LAMBDA_8GB`, `BUILD_LAMBDA_10GB`. `BUILD_GENERAL1_SMALL` is only valid if `type` is set to `LINUX_CONTAINER`. When `type` is set to `LINUX_GPU_CONTAINER`, `computeType` must be `BUILD_GENERAL1_LARGE`. When `type` is set to `LINUX_LAMBDA_CONTAINER` or `ARM_LAMBDA_CONTAINER`, `computeType` must be `BUILD_LAMBDA_XGB`.` */ computeType: pulumi.Input; /** * Configuration block. Detailed below. */ environmentVariables?: pulumi.Input[]>; /** * Docker image to use for this build project. Valid values include Docker images provided by CodeBuild, and full Docker repository URIs such as those for ECR (e.g., `137112412989.dkr.ecr.us-west-2.amazonaws.com/amazonlinux:latest`). */ image: pulumi.Input; /** * Type of credentials AWS CodeBuild uses to pull images in your build. Valid values: `CODEBUILD`, `SERVICE_ROLE`. When you use a cross-account or private registry image, you must use SERVICE_ROLE credentials. When you use an AWS CodeBuild curated image, you must use CodeBuild credentials. Defaults to `CODEBUILD`. */ imagePullCredentialsType?: pulumi.Input; /** * Whether to enable running the Docker daemon inside a Docker container. Defaults to `false`. */ privilegedMode?: pulumi.Input; /** * Configuration block. Detailed below. */ registryCredential?: pulumi.Input; /** * Type of build environment to use for related builds. Valid values: `LINUX_CONTAINER`, `LINUX_GPU_CONTAINER`, `WINDOWS_CONTAINER` (deprecated), `WINDOWS_SERVER_2019_CONTAINER`, `ARM_CONTAINER`, `LINUX_LAMBDA_CONTAINER`, `ARM_LAMBDA_CONTAINER`. For additional information, see the [CodeBuild User Guide](https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-compute-types.html). */ type: pulumi.Input; } export interface ProjectEnvironmentEnvironmentVariable { /** * Environment variable's name or key. */ name: pulumi.Input; /** * Type of environment variable. Valid values: `PARAMETER_STORE`, `PLAINTEXT`, `SECRETS_MANAGER`. */ type?: pulumi.Input; /** * Environment variable's value. */ value: pulumi.Input; } export interface ProjectEnvironmentRegistryCredential { /** * ARN or name of credentials created using AWS Secrets Manager. */ credential: pulumi.Input; /** * Service that created the credentials to access a private Docker registry. Valid value: `SECRETS_MANAGER` (AWS Secrets Manager). */ credentialProvider: pulumi.Input; } export interface ProjectFileSystemLocation { /** * The name used to access a file system created by Amazon EFS. CodeBuild creates an environment variable by appending the identifier in all capital letters to CODEBUILD\_. For example, if you specify my-efs for identifier, a new environment variable is create named CODEBUILD_MY-EFS. */ identifier?: pulumi.Input; /** * A string that specifies the location of the file system created by Amazon EFS. Its format is `efs-dns-name:/directory-path`. */ location?: pulumi.Input; /** * The mount options for a file system created by AWS EFS. */ mountOptions?: pulumi.Input; /** * The location in the container where you mount the file system. */ mountPoint?: pulumi.Input; /** * The type of the file system. The one supported type is `EFS`. */ type?: pulumi.Input; } export interface ProjectLogsConfig { /** * Configuration block. Detailed below. */ cloudwatchLogs?: pulumi.Input; /** * Configuration block. Detailed below. */ s3Logs?: pulumi.Input; } export interface ProjectLogsConfigCloudwatchLogs { /** * Group name of the logs in CloudWatch Logs. */ groupName?: pulumi.Input; /** * Current status of logs in CloudWatch Logs for a build project. Valid values: `ENABLED`, `DISABLED`. Defaults to `ENABLED`. */ status?: pulumi.Input; /** * Prefix of the log stream name of the logs in CloudWatch Logs. */ streamName?: pulumi.Input; } export interface ProjectLogsConfigS3Logs { /** * Specifies the bucket owner's access for objects that another account uploads to their Amazon S3 bucket. By default, only the account that uploads the objects to the bucket has access to these objects. This property allows you to give the bucket owner access to these objects. Valid values are `NONE`, `READ_ONLY`, and `FULL`. your CodeBuild service role must have the `s3:PutBucketAcl` permission. This permission allows CodeBuild to modify the access control list for the bucket. */ bucketOwnerAccess?: pulumi.Input; /** * Whether to disable encrypting S3 logs. Defaults to `false`. */ encryptionDisabled?: pulumi.Input; /** * Name of the S3 bucket and the path prefix for S3 logs. Must be set if status is `ENABLED`, otherwise it must be empty. */ location?: pulumi.Input; /** * Current status of logs in S3 for a build project. Valid values: `ENABLED`, `DISABLED`. Defaults to `DISABLED`. */ status?: pulumi.Input; } export interface ProjectSecondaryArtifact { /** * Artifact identifier. Must be the same specified inside the AWS CodeBuild build specification. */ artifactIdentifier: pulumi.Input; /** * Specifies the bucket owner's access for objects that another account uploads to their Amazon S3 bucket. By default, only the account that uploads the objects to the bucket has access to these objects. This property allows you to give the bucket owner access to these objects. Valid values are `NONE`, `READ_ONLY`, and `FULL`. The CodeBuild service role must have the `s3:PutBucketAcl` permission. This permission allows CodeBuild to modify the access control list for the bucket. */ bucketOwnerAccess?: pulumi.Input; /** * Whether to disable encrypting output artifacts. If `type` is set to `NO_ARTIFACTS`, this value is ignored. Defaults to `false`. */ encryptionDisabled?: pulumi.Input; /** * Information about the build output artifact location. If `type` is set to `CODEPIPELINE` or `NO_ARTIFACTS`, this value is ignored if specified. If `type` is set to `S3`, this is the name of the output bucket. If `path` is not specified, `location` can specify the path of the output artifact in the output bucket. */ location?: pulumi.Input; /** * Name of the project. If `type` is set to `CODEPIPELINE` or `NO_ARTIFACTS`, this value is ignored if specified. If `type` is set to `S3`, this is the name of the output artifact object. */ name?: pulumi.Input; /** * Namespace to use in storing build artifacts. If `type` is set to `CODEPIPELINE` or `NO_ARTIFACTS`, this value is ignored if specified. If `type` is set to `S3`, valid values are `BUILD_ID` or `NONE`. */ namespaceType?: pulumi.Input; /** * Whether a name specified in the build specification overrides the artifact name. */ overrideArtifactName?: pulumi.Input; /** * Type of build output artifact to create. If `type` is set to `CODEPIPELINE` or `NO_ARTIFACTS`, this value is ignored if specified. If `type` is set to `S3`, valid values are `NONE` or `ZIP`. */ packaging?: pulumi.Input; /** * Along with `namespaceType` and `name`, the pattern that AWS CodeBuild uses to name and store the output artifact. If `type` is set to `CODEPIPELINE` or `NO_ARTIFACTS`, this value is ignored if specified. If `type` is set to `S3`, this is the path to the output artifact. */ path?: pulumi.Input; /** * Build output artifact's type. Valid values `CODEPIPELINE`, `NO_ARTIFACTS`, and `S3`. */ type: pulumi.Input; } export interface ProjectSecondarySource { /** * Configuration block that contains information that defines how the build project reports the build status to the source provider. This option is only used when the source provider is GitHub, GitHub Enterprise, GitLab, GitLab Self Managed, or Bitbucket. `buildStatusConfig` blocks are documented below. */ buildStatusConfig?: pulumi.Input; /** * The build spec declaration to use for this build project's related builds. This must be set when `type` is `NO_SOURCE`. It can either be a path to a file residing in the repository to be built or a local file path leveraging the `file()` built-in. */ buildspec?: pulumi.Input; /** * Truncate git history to this many commits. Use `0` for a `Full` checkout which you need to run commands like `git branch --show-current`. See [AWS CodePipeline User Guide: Tutorial: Use full clone with a GitHub pipeline source](https://docs.aws.amazon.com/codepipeline/latest/userguide/tutorials-github-gitclone.html) for details. */ gitCloneDepth?: pulumi.Input; /** * Configuration block. Detailed below. */ gitSubmodulesConfig?: pulumi.Input; /** * Ignore SSL warnings when connecting to source control. */ insecureSsl?: pulumi.Input; /** * Location of the source code from git or s3. */ location?: pulumi.Input; /** * Whether to report the status of a build's start and finish to your source provider. This option is valid only when your source provider is GitHub, GitHub Enterprise, GitLab, GitLab Self Managed, or Bitbucket. */ reportBuildStatus?: pulumi.Input; /** * An identifier for this project source. The identifier can only contain alphanumeric characters and underscores, and must be less than 128 characters in length. */ sourceIdentifier: pulumi.Input; /** * Type of repository that contains the source code to be built. Valid values: `BITBUCKET`, `CODECOMMIT`, `CODEPIPELINE`, `GITHUB`, `GITHUB_ENTERPRISE`, `GITLAB`, `GITLAB_SELF_MANAGED`, `NO_SOURCE`, `S3`. */ type: pulumi.Input; } export interface ProjectSecondarySourceBuildStatusConfig { /** * Specifies the context of the build status CodeBuild sends to the source provider. The usage of this parameter depends on the source provider. */ context?: pulumi.Input; /** * Specifies the target url of the build status CodeBuild sends to the source provider. The usage of this parameter depends on the source provider. */ targetUrl?: pulumi.Input; } export interface ProjectSecondarySourceGitSubmodulesConfig { /** * Whether to fetch Git submodules for the AWS CodeBuild build project. */ fetchSubmodules: pulumi.Input; } export interface ProjectSecondarySourceVersion { /** * An identifier for a source in the build project. */ sourceIdentifier: pulumi.Input; /** * The source version for the corresponding source identifier. See [AWS docs](https://docs.aws.amazon.com/codebuild/latest/APIReference/API_ProjectSourceVersion.html#CodeBuild-Type-ProjectSourceVersion-sourceVersion) for more details. */ sourceVersion: pulumi.Input; } export interface ProjectSource { /** * Configuration block that contains information that defines how the build project reports the build status to the source provider. This option is only used when the source provider is GitHub, GitHub Enterprise, GitLab, GitLab Self Managed, or Bitbucket. `buildStatusConfig` blocks are documented below. */ buildStatusConfig?: pulumi.Input; /** * Build specification to use for this build project's related builds. This must be set when `type` is `NO_SOURCE`. Also, if a non-default buildspec file name or file path aside from the root is used, it must be specified. */ buildspec?: pulumi.Input; /** * Truncate git history to this many commits. Use `0` for a `Full` checkout which you need to run commands like `git branch --show-current`. See [AWS CodePipeline User Guide: Tutorial: Use full clone with a GitHub pipeline source](https://docs.aws.amazon.com/codepipeline/latest/userguide/tutorials-github-gitclone.html) for details. */ gitCloneDepth?: pulumi.Input; /** * Configuration block. Detailed below. */ gitSubmodulesConfig?: pulumi.Input; /** * Ignore SSL warnings when connecting to source control. */ insecureSsl?: pulumi.Input; /** * Location of the source code from git or s3. */ location?: pulumi.Input; /** * Whether to report the status of a build's start and finish to your source provider. This option is valid only when your source provider is GitHub, GitHub Enterprise, GitLab, GitLab Self Managed, or Bitbucket. */ reportBuildStatus?: pulumi.Input; /** * Type of repository that contains the source code to be built. Valid values: `BITBUCKET`, `CODECOMMIT`, `CODEPIPELINE`, `GITHUB`, `GITHUB_ENTERPRISE`, `GITLAB`, `GITLAB_SELF_MANAGED`, `NO_SOURCE`, `S3`. */ type: pulumi.Input; } export interface ProjectSourceBuildStatusConfig { /** * Specifies the context of the build status CodeBuild sends to the source provider. The usage of this parameter depends on the source provider. */ context?: pulumi.Input; /** * Specifies the target url of the build status CodeBuild sends to the source provider. The usage of this parameter depends on the source provider. */ targetUrl?: pulumi.Input; } export interface ProjectSourceGitSubmodulesConfig { /** * Whether to fetch Git submodules for the AWS CodeBuild build project. */ fetchSubmodules: pulumi.Input; } export interface ProjectVpcConfig { /** * Security group IDs to assign to running builds. */ securityGroupIds: pulumi.Input[]>; /** * Subnet IDs within which to run builds. */ subnets: pulumi.Input[]>; /** * ID of the VPC within which to run builds. */ vpcId: pulumi.Input; } export interface ReportGroupExportConfig { /** * contains information about the S3 bucket where the run of a report is exported. see S3 Destination documented below. */ s3Destination?: pulumi.Input; /** * The export configuration type. Valid values are `S3` and `NO_EXPORT`. */ type: pulumi.Input; } export interface ReportGroupExportConfigS3Destination { /** * The name of the S3 bucket where the raw data of a report are exported. */ bucket: pulumi.Input; /** * A boolean value that specifies if the results of a report are encrypted. * **Note: the API does not currently allow setting encryption as disabled** */ encryptionDisabled?: pulumi.Input; /** * The encryption key for the report's encrypted raw data. The KMS key ARN. */ encryptionKey: pulumi.Input; /** * The type of build output artifact to create. Valid values are: `NONE` (default) and `ZIP`. */ packaging?: pulumi.Input; /** * The path to the exported report's raw data results. */ path?: pulumi.Input; } export interface WebhookFilterGroup { /** * A webhook filter for the group. Filter blocks are documented below. */ filters?: pulumi.Input[]>; } export interface WebhookFilterGroupFilter { /** * If set to `true`, the specified filter does *not* trigger a build. Defaults to `false`. */ excludeMatchedPattern?: pulumi.Input; /** * For a filter that uses `EVENT` type, a comma-separated string that specifies one event: `PUSH`, `PULL_REQUEST_CREATED`, `PULL_REQUEST_UPDATED`, `PULL_REQUEST_REOPENED`. `PULL_REQUEST_MERGED` works with GitHub & GitHub Enterprise only. For a filter that uses any of the other filter types, a regular expression. */ pattern: pulumi.Input; /** * The webhook filter group's type. Valid values for this parameter are: `EVENT`, `BASE_REF`, `HEAD_REF`, `ACTOR_ACCOUNT_ID`, `FILE_PATH`, `COMMIT_MESSAGE`, `WORKFLOW_NAME`, `TAG_NAME`, `RELEASE_NAME`. At least one filter group must specify `EVENT` as its type. */ type: pulumi.Input; } } export namespace codecatalyst { export interface DevEnvironmentIdes { /** * The name of the IDE. Valid values include Cloud9, IntelliJ, PyCharm, GoLand, and VSCode. */ name?: pulumi.Input; /** * A link to the IDE runtime image. This parameter is not required if the name is VSCode. Values of the runtime can be for example public.ecr.aws/jetbrains/py,public.ecr.aws/jetbrains/go */ runtime?: pulumi.Input; } export interface DevEnvironmentPersistentStorage { size: pulumi.Input; } export interface DevEnvironmentRepository { /** * The name of the branch in a source repository. * * persistent storage (` persistentStorage`) supports the following: */ branchName?: pulumi.Input; /** * The name of the source repository. */ repositoryName: pulumi.Input; } export interface GetDevEnvironmentRepository { branchName?: string; repositoryName?: string; } export interface GetDevEnvironmentRepositoryArgs { branchName?: pulumi.Input; repositoryName?: pulumi.Input; } } export namespace codecommit { export interface TriggerTrigger { /** * The branches that will be included in the trigger configuration. If no branches are specified, the trigger will apply to all branches. */ branches?: pulumi.Input[]>; /** * Any custom data associated with the trigger that will be included in the information sent to the target of the trigger. */ customData?: pulumi.Input; /** * The ARN of the resource that is the target for a trigger. For example, the ARN of a topic in Amazon Simple Notification Service (SNS). */ destinationArn: pulumi.Input; /** * The repository events that will cause the trigger to run actions in another service, such as sending a notification through Amazon Simple Notification Service (SNS). If no events are specified, the trigger will run for all repository events. Event types include: `all`, `updateReference`, `createReference`, `deleteReference`. */ events: pulumi.Input[]>; /** * The name of the trigger. */ name: pulumi.Input; } } export namespace codedeploy { export interface DeploymentConfigMinimumHealthyHosts { /** * The type can either be `FLEET_PERCENT` or `HOST_COUNT`. */ type?: pulumi.Input; /** * The value when the type is `FLEET_PERCENT` represents the minimum number of healthy instances as * a percentage of the total number of instances in the deployment. If you specify FLEET_PERCENT, at the start of the * deployment, AWS CodeDeploy converts the percentage to the equivalent number of instance and rounds up fractional instances. * When the type is `HOST_COUNT`, the value represents the minimum number of healthy instances as an absolute value. */ value?: pulumi.Input; } export interface DeploymentConfigTrafficRoutingConfig { /** * The time based canary configuration information. If `type` is `TimeBasedLinear`, use `timeBasedLinear` instead. */ timeBasedCanary?: pulumi.Input; /** * The time based linear configuration information. If `type` is `TimeBasedCanary`, use `timeBasedCanary` instead. */ timeBasedLinear?: pulumi.Input; /** * Type of traffic routing config. One of `TimeBasedCanary`, `TimeBasedLinear`, `AllAtOnce`. */ type?: pulumi.Input; } export interface DeploymentConfigTrafficRoutingConfigTimeBasedCanary { /** * The number of minutes between the first and second traffic shifts of a `TimeBasedCanary` deployment. */ interval?: pulumi.Input; /** * The percentage of traffic to shift in the first increment of a `TimeBasedCanary` deployment. */ percentage?: pulumi.Input; } export interface DeploymentConfigTrafficRoutingConfigTimeBasedLinear { /** * The number of minutes between each incremental traffic shift of a `TimeBasedLinear` deployment. */ interval?: pulumi.Input; /** * The percentage of traffic that is shifted at the start of each increment of a `TimeBasedLinear` deployment. */ percentage?: pulumi.Input; } export interface DeploymentGroupAlarmConfiguration { /** * A list of alarms configured for the deployment group. _A maximum of 10 alarms can be added to a deployment group_. */ alarms?: pulumi.Input[]>; /** * Indicates whether the alarm configuration is enabled. This option is useful when you want to temporarily deactivate alarm monitoring for a deployment group without having to add the same alarms again later. */ enabled?: pulumi.Input; /** * Indicates whether a deployment should continue if information about the current state of alarms cannot be retrieved from CloudWatch. The default value is `false`. */ ignorePollAlarmFailure?: pulumi.Input; } export interface DeploymentGroupAutoRollbackConfiguration { /** * Indicates whether a defined automatic rollback configuration is currently enabled for this Deployment Group. If you enable automatic rollback, you must specify at least one event type. */ enabled?: pulumi.Input; /** * The event type or types that trigger a rollback. Supported types are `DEPLOYMENT_FAILURE`, `DEPLOYMENT_STOP_ON_ALARM` and `DEPLOYMENT_STOP_ON_REQUEST`. * * _Only one `autoRollbackConfiguration` is allowed_. */ events?: pulumi.Input[]>; } export interface DeploymentGroupBlueGreenDeploymentConfig { /** * Information about the action to take when newly provisioned instances are ready to receive traffic in a blue/green deployment (documented below). */ deploymentReadyOption?: pulumi.Input; /** * Information about how instances are provisioned for a replacement environment in a blue/green deployment (documented below). */ greenFleetProvisioningOption?: pulumi.Input; /** * Information about whether to terminate instances in the original fleet during a blue/green deployment (documented below). * * _Only one `blueGreenDeploymentConfig` is allowed_. */ terminateBlueInstancesOnDeploymentSuccess?: pulumi.Input; } export interface DeploymentGroupBlueGreenDeploymentConfigDeploymentReadyOption { /** * When to reroute traffic from an original environment to a replacement environment in a blue/green deployment. */ actionOnTimeout?: pulumi.Input; /** * The number of minutes to wait before the status of a blue/green deployment changed to Stopped if rerouting is not started manually. Applies only to the `STOP_DEPLOYMENT` option for `actionOnTimeout`. */ waitTimeInMinutes?: pulumi.Input; } export interface DeploymentGroupBlueGreenDeploymentConfigGreenFleetProvisioningOption { /** * The method used to add instances to a replacement environment. */ action?: pulumi.Input; } export interface DeploymentGroupBlueGreenDeploymentConfigTerminateBlueInstancesOnDeploymentSuccess { /** * The action to take on instances in the original environment after a successful blue/green deployment. */ action?: pulumi.Input; /** * The number of minutes to wait after a successful blue/green deployment before terminating instances from the original environment. */ terminationWaitTimeInMinutes?: pulumi.Input; } export interface DeploymentGroupDeploymentStyle { /** * Indicates whether to route deployment traffic behind a load balancer. Valid Values are `WITH_TRAFFIC_CONTROL` or `WITHOUT_TRAFFIC_CONTROL`. Default is `WITHOUT_TRAFFIC_CONTROL`. */ deploymentOption?: pulumi.Input; /** * Indicates whether to run an in-place deployment or a blue/green deployment. Valid Values are `IN_PLACE` or `BLUE_GREEN`. Default is `IN_PLACE`. * * _Only one `deploymentStyle` is allowed_. */ deploymentType?: pulumi.Input; } export interface DeploymentGroupEc2TagFilter { /** * The key of the tag filter. */ key?: pulumi.Input; /** * The type of the tag filter, either `KEY_ONLY`, `VALUE_ONLY`, or `KEY_AND_VALUE`. */ type?: pulumi.Input; /** * The value of the tag filter. * * Multiple occurrences of `ec2TagFilter` are allowed, where any instance that matches to at least one of the tag filters is selected. */ value?: pulumi.Input; } export interface DeploymentGroupEc2TagSet { /** * Tag filters associated with the deployment group. See the AWS docs for details. */ ec2TagFilters?: pulumi.Input[]>; } export interface DeploymentGroupEc2TagSetEc2TagFilter { /** * The key of the tag filter. */ key?: pulumi.Input; /** * The type of the tag filter, either `KEY_ONLY`, `VALUE_ONLY`, or `KEY_AND_VALUE`. */ type?: pulumi.Input; /** * The value of the tag filter. * * Multiple occurrences of `ec2TagFilter` are allowed, where any instance that matches to at least one of the tag filters is selected. */ value?: pulumi.Input; } export interface DeploymentGroupEcsService { /** * The name of the ECS cluster. */ clusterName: pulumi.Input; /** * The name of the ECS service. */ serviceName: pulumi.Input; } export interface DeploymentGroupLoadBalancerInfo { /** * The Classic Elastic Load Balancer to use in a deployment. Conflicts with `targetGroupInfo` and `targetGroupPairInfo`. */ elbInfos?: pulumi.Input[]>; /** * The (Application/Network Load Balancer) target group to use in a deployment. Conflicts with `elbInfo` and `targetGroupPairInfo`. */ targetGroupInfos?: pulumi.Input[]>; /** * The (Application/Network Load Balancer) target group pair to use in a deployment. Conflicts with `elbInfo` and `targetGroupInfo`. */ targetGroupPairInfo?: pulumi.Input; } export interface DeploymentGroupLoadBalancerInfoElbInfo { /** * The name of the load balancer that will be used to route traffic from original instances to replacement instances in a blue/green deployment. For in-place deployments, the name of the load balancer that instances are deregistered from so they are not serving traffic during a deployment, and then re-registered with after the deployment completes. */ name?: pulumi.Input; } export interface DeploymentGroupLoadBalancerInfoTargetGroupInfo { /** * The name of the target group that instances in the original environment are deregistered from, and instances in the replacement environment registered with. For in-place deployments, the name of the target group that instances are deregistered from, so they are not serving traffic during a deployment, and then re-registered with after the deployment completes. */ name?: pulumi.Input; } export interface DeploymentGroupLoadBalancerInfoTargetGroupPairInfo { /** * Configuration block for the production traffic route (documented below). */ prodTrafficRoute: pulumi.Input; /** * Configuration blocks for a target group within a target group pair (documented below). */ targetGroups: pulumi.Input[]>; /** * Configuration block for the test traffic route (documented below). */ testTrafficRoute?: pulumi.Input; } export interface DeploymentGroupLoadBalancerInfoTargetGroupPairInfoProdTrafficRoute { /** * List of Amazon Resource Names (ARNs) of the load balancer listeners. Must contain exactly one listener ARN. */ listenerArns: pulumi.Input[]>; } export interface DeploymentGroupLoadBalancerInfoTargetGroupPairInfoTargetGroup { /** * Name of the target group. */ name: pulumi.Input; } export interface DeploymentGroupLoadBalancerInfoTargetGroupPairInfoTestTrafficRoute { /** * List of Amazon Resource Names (ARNs) of the load balancer listeners. */ listenerArns: pulumi.Input[]>; } export interface DeploymentGroupOnPremisesInstanceTagFilter { /** * The key of the tag filter. */ key?: pulumi.Input; /** * The type of the tag filter, either `KEY_ONLY`, `VALUE_ONLY`, or `KEY_AND_VALUE`. */ type?: pulumi.Input; /** * The value of the tag filter. */ value?: pulumi.Input; } export interface DeploymentGroupTriggerConfiguration { /** * The event type or types for which notifications are triggered. Some values that are supported: `DeploymentStart`, `DeploymentSuccess`, `DeploymentFailure`, `DeploymentStop`, `DeploymentRollback`, `InstanceStart`, `InstanceSuccess`, `InstanceFailure`. See [the CodeDeploy documentation](http://docs.aws.amazon.com/codedeploy/latest/userguide/monitoring-sns-event-notifications-create-trigger.html) for all possible values. */ triggerEvents: pulumi.Input[]>; /** * The name of the notification trigger. */ triggerName: pulumi.Input; /** * The ARN of the SNS topic through which notifications are sent. */ triggerTargetArn: pulumi.Input; } } export namespace codeguruprofiler { export interface ProfilingGroupAgentOrchestrationConfig { /** * (Required) Boolean that specifies whether the profiling agent collects profiling data or */ profilingEnabled: pulumi.Input; } } export namespace codegurureviewer { export interface RepositoryAssociationKmsKeyDetails { /** * The encryption option for a repository association. It is either owned by AWS Key Management Service (KMS) (`AWS_OWNED_CMK`) or customer managed (`CUSTOMER_MANAGED_CMK`). */ encryptionOption?: pulumi.Input; /** * The ID of the AWS KMS key that is associated with a repository association. */ kmsKeyId?: pulumi.Input; } export interface RepositoryAssociationRepository { bitbucket?: pulumi.Input; codecommit?: pulumi.Input; githubEnterpriseServer?: pulumi.Input; s3Bucket?: pulumi.Input; } export interface RepositoryAssociationRepositoryBitbucket { /** * The Amazon Resource Name (ARN) of an AWS CodeStar Connections connection. */ connectionArn: pulumi.Input; /** * The name of the third party source repository. */ name: pulumi.Input; /** * The username for the account that owns the repository. */ owner: pulumi.Input; } export interface RepositoryAssociationRepositoryCodecommit { /** * The name of the AWS CodeCommit repository. */ name: pulumi.Input; } export interface RepositoryAssociationRepositoryGithubEnterpriseServer { /** * The Amazon Resource Name (ARN) of an AWS CodeStar Connections connection. */ connectionArn: pulumi.Input; /** * The name of the third party source repository. */ name: pulumi.Input; /** * The username for the account that owns the repository. */ owner: pulumi.Input; } export interface RepositoryAssociationRepositoryS3Bucket { /** * The name of the S3 bucket used for associating a new S3 repository. Note: The name must begin with `codeguru-reviewer-`. */ bucketName: pulumi.Input; /** * The name of the repository in the S3 bucket. */ name: pulumi.Input; } export interface RepositoryAssociationS3RepositoryDetail { bucketName?: pulumi.Input; codeArtifacts?: pulumi.Input[]>; } export interface RepositoryAssociationS3RepositoryDetailCodeArtifact { buildArtifactsObjectKey?: pulumi.Input; sourceCodeArtifactsObjectKey?: pulumi.Input; } } export namespace codepipeline { export interface CustomActionTypeConfigurationProperty { /** * The description of the action configuration property. */ description?: pulumi.Input; /** * Whether the configuration property is a key. */ key: pulumi.Input; /** * The name of the action configuration property. */ name: pulumi.Input; /** * Indicates that the property will be used in conjunction with PollForJobs. */ queryable?: pulumi.Input; /** * Whether the configuration property is a required value. */ required: pulumi.Input; /** * Whether the configuration property is secret. */ secret: pulumi.Input; /** * The type of the configuration property. Valid values: `String`, `Number`, `Boolean` */ type?: pulumi.Input; } export interface CustomActionTypeInputArtifactDetails { /** * The maximum number of artifacts allowed for the action type. Min: 0, Max: 5 */ maximumCount: pulumi.Input; /** * The minimum number of artifacts allowed for the action type. Min: 0, Max: 5 */ minimumCount: pulumi.Input; } export interface CustomActionTypeOutputArtifactDetails { /** * The maximum number of artifacts allowed for the action type. Min: 0, Max: 5 */ maximumCount: pulumi.Input; /** * The minimum number of artifacts allowed for the action type. Min: 0, Max: 5 */ minimumCount: pulumi.Input; } export interface CustomActionTypeSettings { /** * The URL returned to the AWS CodePipeline console that provides a deep link to the resources of the external system. */ entityUrlTemplate?: pulumi.Input; /** * The URL returned to the AWS CodePipeline console that contains a link to the top-level landing page for the external system. */ executionUrlTemplate?: pulumi.Input; /** * The URL returned to the AWS CodePipeline console that contains a link to the page where customers can update or change the configuration of the external action. */ revisionUrlTemplate?: pulumi.Input; /** * The URL of a sign-up page where users can sign up for an external service and perform initial configuration of the action provided by that service. */ thirdPartyConfigurationUrl?: pulumi.Input; } export interface PipelineArtifactStore { /** * The encryption key block AWS CodePipeline uses to encrypt the data in the artifact store, such as an AWS Key Management Service (AWS KMS) key. If you don't specify a key, AWS CodePipeline uses the default key for Amazon Simple Storage Service (Amazon S3). An `encryptionKey` block is documented below. */ encryptionKey?: pulumi.Input; /** * The location where AWS CodePipeline stores artifacts for a pipeline; currently only `S3` is supported. */ location: pulumi.Input; /** * The region where the artifact store is located. Required for a cross-region CodePipeline, do not provide for a single-region CodePipeline. */ region?: pulumi.Input; /** * The type of the artifact store, such as Amazon S3 */ type: pulumi.Input; } export interface PipelineArtifactStoreEncryptionKey { /** * The KMS key ARN or ID */ id: pulumi.Input; /** * The type of key; currently only `KMS` is supported */ type: pulumi.Input; } export interface PipelineStage { /** * The action(s) to include in the stage. Defined as an `action` block below */ actions: pulumi.Input[]>; /** * The name of the stage. */ name: pulumi.Input; } export interface PipelineStageAction { /** * A category defines what kind of action can be taken in the stage, and constrains the provider type for the action. Possible values are `Approval`, `Build`, `Deploy`, `Invoke`, `Source` and `Test`. */ category: pulumi.Input; /** * A map of the action declaration's configuration. Configurations options for action types and providers can be found in the [Pipeline Structure Reference](http://docs.aws.amazon.com/codepipeline/latest/userguide/reference-pipeline-structure.html#action-requirements) and [Action Structure Reference](https://docs.aws.amazon.com/codepipeline/latest/userguide/action-reference.html) documentation. */ configuration?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * A list of artifact names to be worked on. */ inputArtifacts?: pulumi.Input[]>; /** * The action declaration's name. */ name: pulumi.Input; /** * The namespace all output variables will be accessed from. */ namespace?: pulumi.Input; /** * A list of artifact names to output. Output artifact names must be unique within a pipeline. */ outputArtifacts?: pulumi.Input[]>; /** * The creator of the action being called. Possible values are `AWS`, `Custom` and `ThirdParty`. */ owner: pulumi.Input; /** * The provider of the service being called by the action. Valid providers are determined by the action category. Provider names are listed in the [Action Structure Reference](https://docs.aws.amazon.com/codepipeline/latest/userguide/action-reference.html) documentation. */ provider: pulumi.Input; /** * The region in which to run the action. */ region?: pulumi.Input; /** * The ARN of the IAM service role that will perform the declared action. This is assumed through the roleArn for the pipeline. */ roleArn?: pulumi.Input; /** * The order in which actions are run. */ runOrder?: pulumi.Input; /** * A string that identifies the action type. */ version: pulumi.Input; } export interface PipelineTrigger { /** * Provides the filter criteria and the source stage for the repository event that starts the pipeline. For more information, refer to the [AWS documentation](https://docs.aws.amazon.com/codepipeline/latest/userguide/pipelines-filter.html). A `gitConfiguration` block is documented below. */ gitConfiguration: pulumi.Input; /** * The source provider for the event. Possible value is `CodeStarSourceConnection`. */ providerType: pulumi.Input; } export interface PipelineTriggerGitConfiguration { /** * The field where the repository event that will start the pipeline is specified as pull requests. A `pullRequest` block is documented below. */ pullRequests?: pulumi.Input[]>; /** * The field where the repository event that will start the pipeline, such as pushing Git tags, is specified with details. A `push` block is documented below. */ pushes?: pulumi.Input[]>; /** * The name of the pipeline source action where the trigger configuration. */ sourceActionName: pulumi.Input; } export interface PipelineTriggerGitConfigurationPullRequest { /** * The field that specifies to filter on branches for the pull request trigger configuration. A `branches` block is documented below. */ branches?: pulumi.Input; /** * A list that specifies which pull request events to filter on (opened, updated, closed) for the trigger configuration. Possible values are `OPEN`, `UPDATED ` and `CLOSED`. */ events?: pulumi.Input[]>; /** * The field that specifies to filter on file paths for the pull request trigger configuration. A `filePaths` block is documented below. */ filePaths?: pulumi.Input; } export interface PipelineTriggerGitConfigurationPullRequestBranches { /** * A list of patterns of Git branches that, when a commit is pushed, are to be excluded from starting the pipeline. */ excludes?: pulumi.Input[]>; /** * A list of patterns of Git branches that, when a commit is pushed, are to be included as criteria that starts the pipeline. */ includes?: pulumi.Input[]>; } export interface PipelineTriggerGitConfigurationPullRequestFilePaths { /** * A list of patterns of Git repository file paths that, when a commit is pushed, are to be excluded from starting the pipeline. */ excludes?: pulumi.Input[]>; /** * A list of patterns of Git repository file paths that, when a commit is pushed, are to be included as criteria that starts the pipeline. */ includes?: pulumi.Input[]>; } export interface PipelineTriggerGitConfigurationPush { /** * The field that specifies to filter on branches for the push trigger configuration. A `branches` block is documented below. */ branches?: pulumi.Input; /** * The field that specifies to filter on file paths for the push trigger configuration. A `filePaths` block is documented below. */ filePaths?: pulumi.Input; /** * The field that contains the details for the Git tags trigger configuration. A `tags` block is documented below. */ tags?: pulumi.Input; } export interface PipelineTriggerGitConfigurationPushBranches { /** * A list of patterns of Git branches that, when a commit is pushed, are to be excluded from starting the pipeline. */ excludes?: pulumi.Input[]>; /** * A list of patterns of Git branches that, when a commit is pushed, are to be included as criteria that starts the pipeline. */ includes?: pulumi.Input[]>; } export interface PipelineTriggerGitConfigurationPushFilePaths { /** * A list of patterns of Git repository file paths that, when a commit is pushed, are to be excluded from starting the pipeline. */ excludes?: pulumi.Input[]>; /** * A list of patterns of Git repository file paths that, when a commit is pushed, are to be included as criteria that starts the pipeline. */ includes?: pulumi.Input[]>; } export interface PipelineTriggerGitConfigurationPushTags { /** * A list of patterns of Git tags that, when pushed, are to be excluded from starting the pipeline. */ excludes?: pulumi.Input[]>; /** * A list of patterns of Git tags that, when pushed, are to be included as criteria that starts the pipeline. */ includes?: pulumi.Input[]>; } export interface PipelineVariable { /** * The default value of a pipeline-level variable. */ defaultValue?: pulumi.Input; /** * The description of a pipeline-level variable. * * > **Note:** The input artifact of an action must exactly match the output artifact declared in a preceding action, but the input artifact does not have to be the next action in strict sequence from the action that provided the output artifact. Actions in parallel can declare different output artifacts, which are in turn consumed by different following actions. */ description?: pulumi.Input; /** * The name of a pipeline-level variable. */ name: pulumi.Input; } export interface WebhookAuthenticationConfiguration { /** * A valid CIDR block for `IP` filtering. Required for `IP`. */ allowedIpRange?: pulumi.Input; /** * The shared secret for the GitHub repository webhook. Set this as `secret` in your `githubRepositoryWebhook`'s `configuration` block. Required for `GITHUB_HMAC`. */ secretToken?: pulumi.Input; } export interface WebhookFilter { /** * The [JSON path](https://github.com/json-path/JsonPath) to filter on. */ jsonPath: pulumi.Input; /** * The value to match on (e.g., `refs/heads/{Branch}`). See [AWS docs](https://docs.aws.amazon.com/codepipeline/latest/APIReference/API_WebhookFilterRule.html) for details. */ matchEquals: pulumi.Input; } } export namespace codestarconnections { export interface HostVpcConfiguration { /** * ID of the security group or security groups associated with the Amazon VPC connected to the infrastructure where your provider type is installed. */ securityGroupIds: pulumi.Input[]>; /** * The ID of the subnet or subnets associated with the Amazon VPC connected to the infrastructure where your provider type is installed. */ subnetIds: pulumi.Input[]>; /** * The value of the Transport Layer Security (TLS) certificate associated with the infrastructure where your provider type is installed. */ tlsCertificate?: pulumi.Input; /** * The ID of the Amazon VPC connected to the infrastructure where your provider type is installed. */ vpcId: pulumi.Input; } } export namespace codestarnotifications { export interface NotificationRuleTarget { /** * The ARN of notification rule target. For example, a SNS Topic ARN. */ address: pulumi.Input; /** * The status of the notification rule. Possible values are `ENABLED` and `DISABLED`, default is `ENABLED`. */ status?: pulumi.Input; /** * The type of the notification target. Default value is `SNS`. */ type?: pulumi.Input; } } export namespace cognito { export interface GetUserGroupsGroup { /** * Description of the user group. */ description?: string; /** * Name of the user group. */ groupName?: string; /** * Precedence of the user group. */ precedence?: number; /** * ARN of the IAM role to be associated with the user group. */ roleArn?: string; } export interface GetUserGroupsGroupArgs { /** * Description of the user group. */ description?: pulumi.Input; /** * Name of the user group. */ groupName?: pulumi.Input; /** * Precedence of the user group. */ precedence?: pulumi.Input; /** * ARN of the IAM role to be associated with the user group. */ roleArn?: pulumi.Input; } export interface IdentityPoolCognitoIdentityProvider { /** * The client ID for the Amazon Cognito Identity User Pool. */ clientId?: pulumi.Input; /** * The provider name for an Amazon Cognito Identity User Pool. */ providerName?: pulumi.Input; /** * Whether server-side token validation is enabled for the identity provider’s token or not. */ serverSideTokenCheck?: pulumi.Input; } export interface IdentityPoolRoleAttachmentRoleMapping { ambiguousRoleResolution?: pulumi.Input; identityProvider: pulumi.Input; mappingRules?: pulumi.Input[]>; type: pulumi.Input; } export interface IdentityPoolRoleAttachmentRoleMappingMappingRule { claim: pulumi.Input; matchType: pulumi.Input; roleArn: pulumi.Input; value: pulumi.Input; } export interface ManagedUserPoolClientAnalyticsConfiguration { /** * Application ARN for an Amazon Pinpoint application. It conflicts with `externalId` and `roleArn`. */ applicationArn?: pulumi.Input; /** * Unique identifier for an Amazon Pinpoint application. */ applicationId?: pulumi.Input; /** * ID for the Analytics Configuration and conflicts with `applicationArn`. */ externalId?: pulumi.Input; /** * ARN of an IAM role that authorizes Amazon Cognito to publish events to Amazon Pinpoint analytics. It conflicts with `applicationArn`. */ roleArn?: pulumi.Input; /** * If `userDataShared` is set to `true`, Amazon Cognito will include user data in the events it publishes to Amazon Pinpoint analytics. */ userDataShared?: pulumi.Input; } export interface ManagedUserPoolClientTokenValidityUnits { /** * Time unit for the value in `accessTokenValidity` and defaults to `hours`. */ accessToken?: pulumi.Input; /** * Time unit for the value in `idTokenValidity`, and it defaults to `hours`. */ idToken?: pulumi.Input; /** * Time unit for the value in `refreshTokenValidity` and defaults to `days`. */ refreshToken?: pulumi.Input; } export interface ResourceServerScope { scopeDescription: pulumi.Input; scopeName: pulumi.Input; } export interface RiskConfigurationAccountTakeoverRiskConfiguration { /** * Account takeover risk configuration actions. See details below. */ actions: pulumi.Input; /** * The notify configuration used to construct email notifications. See details below. */ notifyConfiguration: pulumi.Input; } export interface RiskConfigurationAccountTakeoverRiskConfigurationActions { /** * Action to take for a high risk. See action block below. */ highAction?: pulumi.Input; /** * Action to take for a low risk. See action block below. */ lowAction?: pulumi.Input; /** * Action to take for a medium risk. See action block below. */ mediumAction?: pulumi.Input; } export interface RiskConfigurationAccountTakeoverRiskConfigurationActionsHighAction { eventAction: pulumi.Input; notify: pulumi.Input; } export interface RiskConfigurationAccountTakeoverRiskConfigurationActionsLowAction { eventAction: pulumi.Input; notify: pulumi.Input; } export interface RiskConfigurationAccountTakeoverRiskConfigurationActionsMediumAction { eventAction: pulumi.Input; notify: pulumi.Input; } export interface RiskConfigurationAccountTakeoverRiskConfigurationNotifyConfiguration { /** * Email template used when a detected risk event is blocked. See notify email type below. */ blockEmail?: pulumi.Input; /** * The email address that is sending the email. The address must be either individually verified with Amazon Simple Email Service, or from a domain that has been verified with Amazon SES. */ from?: pulumi.Input; /** * The multi-factor authentication (MFA) email template used when MFA is challenged as part of a detected risk. See notify email type below. */ mfaEmail?: pulumi.Input; /** * The email template used when a detected risk event is allowed. See notify email type below. */ noActionEmail?: pulumi.Input; /** * The destination to which the receiver of an email should reply to. */ replyTo?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the identity that is associated with the sending authorization policy. This identity permits Amazon Cognito to send for the email address specified in the From parameter. */ sourceArn: pulumi.Input; } export interface RiskConfigurationAccountTakeoverRiskConfigurationNotifyConfigurationBlockEmail { htmlBody: pulumi.Input; subject: pulumi.Input; textBody: pulumi.Input; } export interface RiskConfigurationAccountTakeoverRiskConfigurationNotifyConfigurationMfaEmail { htmlBody: pulumi.Input; subject: pulumi.Input; textBody: pulumi.Input; } export interface RiskConfigurationAccountTakeoverRiskConfigurationNotifyConfigurationNoActionEmail { htmlBody: pulumi.Input; subject: pulumi.Input; textBody: pulumi.Input; } export interface RiskConfigurationCompromisedCredentialsRiskConfiguration { /** * The compromised credentials risk configuration actions. See details below. */ actions: pulumi.Input; /** * Perform the action for these events. The default is to perform all events if no event filter is specified. Valid values are `SIGN_IN`, `PASSWORD_CHANGE`, and `SIGN_UP`. */ eventFilters?: pulumi.Input[]>; } export interface RiskConfigurationCompromisedCredentialsRiskConfigurationActions { /** * The event action. Valid values are `BLOCK` or `NO_ACTION`. */ eventAction: pulumi.Input; } export interface RiskConfigurationRiskExceptionConfiguration { /** * Overrides the risk decision to always block the pre-authentication requests. * The IP range is in CIDR notation, a compact representation of an IP address and its routing prefix. * Can contain a maximum of 200 items. */ blockedIpRangeLists?: pulumi.Input[]>; /** * Risk detection isn't performed on the IP addresses in this range list. * The IP range is in CIDR notation. * Can contain a maximum of 200 items. */ skippedIpRangeLists?: pulumi.Input[]>; } export interface UserPoolAccountRecoverySetting { /** * List of Account Recovery Options of the following structure: */ recoveryMechanisms?: pulumi.Input[]>; } export interface UserPoolAccountRecoverySettingRecoveryMechanism { /** * Recovery method for a user. Can be of the following: `verifiedEmail`, `verifiedPhoneNumber`, and `adminOnly`. */ name: pulumi.Input; /** * Positive integer specifying priority of a method with 1 being the highest priority. */ priority: pulumi.Input; } export interface UserPoolAdminCreateUserConfig { /** * Set to True if only the administrator is allowed to create user profiles. Set to False if users can sign themselves up via an app. */ allowAdminCreateUserOnly?: pulumi.Input; /** * Invite message template structure. Detailed below. */ inviteMessageTemplate?: pulumi.Input; } export interface UserPoolAdminCreateUserConfigInviteMessageTemplate { /** * Message template for email messages. Must contain `{username}` and `{####}` placeholders, for username and temporary password, respectively. */ emailMessage?: pulumi.Input; /** * Subject line for email messages. */ emailSubject?: pulumi.Input; /** * Message template for SMS messages. Must contain `{username}` and `{####}` placeholders, for username and temporary password, respectively. */ smsMessage?: pulumi.Input; } export interface UserPoolClientAnalyticsConfiguration { /** * Application ARN for an Amazon Pinpoint application. Conflicts with `externalId` and `roleArn`. */ applicationArn?: pulumi.Input; /** * Application ID for an Amazon Pinpoint application. */ applicationId?: pulumi.Input; /** * ID for the Analytics Configuration. Conflicts with `applicationArn`. */ externalId?: pulumi.Input; /** * ARN of an IAM role that authorizes Amazon Cognito to publish events to Amazon Pinpoint analytics. Conflicts with `applicationArn`. */ roleArn?: pulumi.Input; /** * If set to `true`, Amazon Cognito will include user data in the events it publishes to Amazon Pinpoint analytics. */ userDataShared?: pulumi.Input; } export interface UserPoolClientTokenValidityUnits { /** * Time unit in for the value in `accessTokenValidity`, defaults to `hours`. */ accessToken?: pulumi.Input; /** * Time unit in for the value in `idTokenValidity`, defaults to `hours`. */ idToken?: pulumi.Input; /** * Time unit in for the value in `refreshTokenValidity`, defaults to `days`. */ refreshToken?: pulumi.Input; } export interface UserPoolDeviceConfiguration { /** * Whether a challenge is required on a new device. Only applicable to a new device. */ challengeRequiredOnNewDevice?: pulumi.Input; /** * Whether a device is only remembered on user prompt. `false` equates to "Always" remember, `true` is "User Opt In," and not using a `deviceConfiguration` block is "No." */ deviceOnlyRememberedOnUserPrompt?: pulumi.Input; } export interface UserPoolEmailConfiguration { /** * Email configuration set name from SES. */ configurationSet?: pulumi.Input; /** * Email delivery method to use. `COGNITO_DEFAULT` for the default email functionality built into Cognito or `DEVELOPER` to use your Amazon SES configuration. Required to be `DEVELOPER` if `fromEmailAddress` is set. */ emailSendingAccount?: pulumi.Input; /** * Sender’s email address or sender’s display name with their email address (e.g., `john@example.com`, `John Smith ` or `\"John Smith Ph.D.\" `). Escaped double quotes are required around display names that contain certain characters as specified in [RFC 5322](https://tools.ietf.org/html/rfc5322). */ fromEmailAddress?: pulumi.Input; /** * REPLY-TO email address. */ replyToEmailAddress?: pulumi.Input; /** * ARN of the SES verified email identity to use. Required if `emailSendingAccount` is set to `DEVELOPER`. */ sourceArn?: pulumi.Input; } export interface UserPoolLambdaConfig { /** * ARN of the lambda creating an authentication challenge. */ createAuthChallenge?: pulumi.Input; /** * A custom email sender AWS Lambda trigger. See customEmailSender Below. */ customEmailSender?: pulumi.Input; /** * Custom Message AWS Lambda trigger. */ customMessage?: pulumi.Input; /** * A custom SMS sender AWS Lambda trigger. See customSmsSender Below. */ customSmsSender?: pulumi.Input; /** * Defines the authentication challenge. */ defineAuthChallenge?: pulumi.Input; /** * The Amazon Resource Name of Key Management Service Customer master keys. Amazon Cognito uses the key to encrypt codes and temporary passwords sent to CustomEmailSender and CustomSMSSender. */ kmsKeyId?: pulumi.Input; /** * Post-authentication AWS Lambda trigger. */ postAuthentication?: pulumi.Input; /** * Post-confirmation AWS Lambda trigger. */ postConfirmation?: pulumi.Input; /** * Pre-authentication AWS Lambda trigger. */ preAuthentication?: pulumi.Input; /** * Pre-registration AWS Lambda trigger. */ preSignUp?: pulumi.Input; /** * Allow to customize identity token claims before token generation. Set this parameter for legacy purposes; for new instances of pre token generation triggers, set the lambdaArn of `preTokenGenerationConfig`. */ preTokenGeneration?: pulumi.Input; /** * Allow to customize access tokens. See pre_token_configuration_type */ preTokenGenerationConfig?: pulumi.Input; /** * User migration Lambda config type. */ userMigration?: pulumi.Input; /** * Verifies the authentication challenge response. */ verifyAuthChallengeResponse?: pulumi.Input; } export interface UserPoolLambdaConfigCustomEmailSender { /** * The Lambda Amazon Resource Name of the Lambda function that Amazon Cognito triggers to send email notifications to users. */ lambdaArn: pulumi.Input; /** * The Lambda version represents the signature of the "request" attribute in the "event" information Amazon Cognito passes to your custom email Lambda function. The only supported value is `V1_0`. */ lambdaVersion: pulumi.Input; } export interface UserPoolLambdaConfigCustomSmsSender { /** * The Lambda Amazon Resource Name of the Lambda function that Amazon Cognito triggers to send SMS notifications to users. */ lambdaArn: pulumi.Input; /** * The Lambda version represents the signature of the "request" attribute in the "event" information Amazon Cognito passes to your custom SMS Lambda function. The only supported value is `V1_0`. */ lambdaVersion: pulumi.Input; } export interface UserPoolLambdaConfigPreTokenGenerationConfig { lambdaArn: pulumi.Input; lambdaVersion: pulumi.Input; } export interface UserPoolPasswordPolicy { /** * Minimum length of the password policy that you have set. */ minimumLength?: pulumi.Input; /** * Whether you have required users to use at least one lowercase letter in their password. */ requireLowercase?: pulumi.Input; /** * Whether you have required users to use at least one number in their password. */ requireNumbers?: pulumi.Input; /** * Whether you have required users to use at least one symbol in their password. */ requireSymbols?: pulumi.Input; /** * Whether you have required users to use at least one uppercase letter in their password. */ requireUppercase?: pulumi.Input; /** * In the password policy you have set, refers to the number of days a temporary password is valid. If the user does not sign-in during this time, their password will need to be reset by an administrator. */ temporaryPasswordValidityDays?: pulumi.Input; } export interface UserPoolSchema { /** * Attribute data type. Must be one of `Boolean`, `Number`, `String`, `DateTime`. */ attributeDataType: pulumi.Input; /** * Whether the attribute type is developer only. */ developerOnlyAttribute?: pulumi.Input; /** * Whether the attribute can be changed once it has been created. */ mutable?: pulumi.Input; /** * Name of the attribute. */ name: pulumi.Input; /** * Configuration block for the constraints for an attribute of the number type. Detailed below. */ numberAttributeConstraints?: pulumi.Input; /** * Whether a user pool attribute is required. If the attribute is required and the user does not provide a value, registration or sign-in will fail. */ required?: pulumi.Input; /** * Constraints for an attribute of the string type. Detailed below. */ stringAttributeConstraints?: pulumi.Input; } export interface UserPoolSchemaNumberAttributeConstraints { /** * Maximum value of an attribute that is of the number data type. */ maxValue?: pulumi.Input; /** * Minimum value of an attribute that is of the number data type. */ minValue?: pulumi.Input; } export interface UserPoolSchemaStringAttributeConstraints { /** * Maximum length of an attribute value of the string type. */ maxLength?: pulumi.Input; /** * Minimum length of an attribute value of the string type. */ minLength?: pulumi.Input; } export interface UserPoolSmsConfiguration { /** * External ID used in IAM role trust relationships. For more information about using external IDs, see [How to Use an External ID When Granting Access to Your AWS Resources to a Third Party](http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html). */ externalId: pulumi.Input; /** * ARN of the Amazon SNS caller. This is usually the IAM role that you've given Cognito permission to assume. */ snsCallerArn: pulumi.Input; /** * The AWS Region to use with Amazon SNS integration. You can choose the same Region as your user pool, or a supported Legacy Amazon SNS alternate Region. Amazon Cognito resources in the Asia Pacific (Seoul) AWS Region must use your Amazon SNS configuration in the Asia Pacific (Tokyo) Region. For more information, see [SMS message settings for Amazon Cognito user pools](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html). */ snsRegion?: pulumi.Input; } export interface UserPoolSoftwareTokenMfaConfiguration { /** * Boolean whether to enable software token Multi-Factor (MFA) tokens, such as Time-based One-Time Password (TOTP). To disable software token MFA When `smsConfiguration` is not present, the `mfaConfiguration` argument must be set to `OFF` and the `softwareTokenMfaConfiguration` configuration block must be fully removed. */ enabled: pulumi.Input; } export interface UserPoolUserAttributeUpdateSettings { /** * A list of attributes requiring verification before update. If set, the provided value(s) must also be set in `autoVerifiedAttributes`. Valid values: `email`, `phoneNumber`. */ attributesRequireVerificationBeforeUpdates: pulumi.Input[]>; } export interface UserPoolUserPoolAddOns { /** * Mode for advanced security, must be one of `OFF`, `AUDIT` or `ENFORCED`. */ advancedSecurityMode: pulumi.Input; } export interface UserPoolUsernameConfiguration { /** * Whether username case sensitivity will be applied for all users in the user pool through Cognito APIs. */ caseSensitive: pulumi.Input; } export interface UserPoolVerificationMessageTemplate { /** * Default email option. Must be either `CONFIRM_WITH_CODE` or `CONFIRM_WITH_LINK`. Defaults to `CONFIRM_WITH_CODE`. */ defaultEmailOption?: pulumi.Input; /** * Email message template. Must contain the `{####}` placeholder. Conflicts with `emailVerificationMessage` argument. */ emailMessage?: pulumi.Input; /** * Email message template for sending a confirmation link to the user, it must contain the `{##Click Here##}` placeholder. */ emailMessageByLink?: pulumi.Input; /** * Subject line for the email message template. Conflicts with `emailVerificationSubject` argument. */ emailSubject?: pulumi.Input; /** * Subject line for the email message template for sending a confirmation link to the user. */ emailSubjectByLink?: pulumi.Input; /** * SMS message template. Must contain the `{####}` placeholder. Conflicts with `smsVerificationMessage` argument. */ smsMessage?: pulumi.Input; } } export namespace comprehend { export interface DocumentClassifierInputDataConfig { /** * List of training datasets produced by Amazon SageMaker Ground Truth. * Used if `dataFormat` is `AUGMENTED_MANIFEST`. * See the `augmentedManifests` Configuration Block section below. */ augmentedManifests?: pulumi.Input[]>; /** * The format for the training data. * One of `COMPREHEND_CSV` or `AUGMENTED_MANIFEST`. */ dataFormat?: pulumi.Input; /** * Delimiter between labels when training a multi-label classifier. * Valid values are `|`, `~`, `!`, `@`, `#`, `$`, `%`, `^`, `*`, `-`, `_`, `+`, `=`, `\`, `:`, `;`, `>`, `?`, `/`, ``, and ``. * Default is `|`. */ labelDelimiter?: pulumi.Input; /** * Location of training documents. * Used if `dataFormat` is `COMPREHEND_CSV`. */ s3Uri?: pulumi.Input; testS3Uri?: pulumi.Input; } export interface DocumentClassifierInputDataConfigAugmentedManifest { /** * Location of annotation files. */ annotationDataS3Uri?: pulumi.Input; /** * The JSON attribute that contains the annotations for the training documents. */ attributeNames: pulumi.Input[]>; /** * Type of augmented manifest. * One of `PLAIN_TEXT_DOCUMENT` or `SEMI_STRUCTURED_DOCUMENT`. */ documentType?: pulumi.Input; /** * Location of augmented manifest file. */ s3Uri: pulumi.Input; /** * Location of source PDF files. */ sourceDocumentsS3Uri?: pulumi.Input; /** * Purpose of data in augmented manifest. * One of `TRAIN` or `TEST`. */ split?: pulumi.Input; } export interface DocumentClassifierOutputDataConfig { /** * KMS Key used to encrypt the output documents. * Can be a KMS Key ID, a KMS Key ARN, a KMS Alias name, or a KMS Alias ARN. */ kmsKeyId?: pulumi.Input; /** * Full path for the output documents. */ outputS3Uri?: pulumi.Input; /** * Destination path for the output documents. * The full path to the output file will be returned in `outputS3Uri`. */ s3Uri: pulumi.Input; } export interface DocumentClassifierVpcConfig { /** * List of security group IDs. */ securityGroupIds: pulumi.Input[]>; /** * List of VPC subnets. */ subnets: pulumi.Input[]>; } export interface EntityRecognizerInputDataConfig { /** * Specifies location of the document annotation data. * See the `annotations` Configuration Block section below. * One of `annotations` or `entityList` is required. */ annotations?: pulumi.Input; /** * List of training datasets produced by Amazon SageMaker Ground Truth. * Used if `dataFormat` is `AUGMENTED_MANIFEST`. * See the `augmentedManifests` Configuration Block section below. */ augmentedManifests?: pulumi.Input[]>; /** * The format for the training data. * One of `COMPREHEND_CSV` or `AUGMENTED_MANIFEST`. */ dataFormat?: pulumi.Input; /** * Specifies a collection of training documents. * Used if `dataFormat` is `COMPREHEND_CSV`. * See the `documents` Configuration Block section below. */ documents?: pulumi.Input; /** * Specifies location of the entity list data. * See the `entityList` Configuration Block section below. * One of `entityList` or `annotations` is required. */ entityList?: pulumi.Input; /** * Set of entity types to be recognized. * Has a maximum of 25 items. * See the `entityTypes` Configuration Block section below. */ entityTypes: pulumi.Input[]>; } export interface EntityRecognizerInputDataConfigAnnotations { /** * Location of training annotations. */ s3Uri: pulumi.Input; testS3Uri?: pulumi.Input; } export interface EntityRecognizerInputDataConfigAugmentedManifest { /** * Location of annotation files. */ annotationDataS3Uri?: pulumi.Input; /** * The JSON attribute that contains the annotations for the training documents. */ attributeNames: pulumi.Input[]>; /** * Type of augmented manifest. * One of `PLAIN_TEXT_DOCUMENT` or `SEMI_STRUCTURED_DOCUMENT`. */ documentType?: pulumi.Input; /** * Location of augmented manifest file. */ s3Uri: pulumi.Input; /** * Location of source PDF files. */ sourceDocumentsS3Uri?: pulumi.Input; /** * Purpose of data in augmented manifest. * One of `TRAIN` or `TEST`. */ split?: pulumi.Input; } export interface EntityRecognizerInputDataConfigDocuments { /** * Specifies how the input files should be processed. * One of `ONE_DOC_PER_LINE` or `ONE_DOC_PER_FILE`. */ inputFormat?: pulumi.Input; /** * Location of training documents. */ s3Uri: pulumi.Input; testS3Uri?: pulumi.Input; } export interface EntityRecognizerInputDataConfigEntityList { /** * Location of entity list. */ s3Uri: pulumi.Input; } export interface EntityRecognizerInputDataConfigEntityType { /** * An entity type to be matched by the Entity Recognizer. * Cannot contain a newline (`\n`), carriage return (`\r`), or tab (`\t`). */ type: pulumi.Input; } export interface EntityRecognizerVpcConfig { /** * List of security group IDs. */ securityGroupIds: pulumi.Input[]>; /** * List of VPC subnets. */ subnets: pulumi.Input[]>; } } export namespace config { } export namespace connect { export interface BotAssociationLexBot { /** * The Region that the Amazon Lex (V1) bot was created in. Defaults to current region. */ lexRegion?: pulumi.Input; /** * The name of the Amazon Lex (V1) bot. */ name: pulumi.Input; } export interface GetBotAssociationLexBot { /** * Region that the Amazon Lex (V1) bot was created in. */ lexRegion?: string; /** * Name of the Amazon Lex (V1) bot. */ name: string; } export interface GetBotAssociationLexBotArgs { /** * Region that the Amazon Lex (V1) bot was created in. */ lexRegion?: pulumi.Input; /** * Name of the Amazon Lex (V1) bot. */ name: pulumi.Input; } export interface HoursOfOperationConfig { /** * Specifies the day that the hours of operation applies to. */ day: pulumi.Input; /** * A end time block specifies the time that your contact center closes. The `endTime` is documented below. */ endTime: pulumi.Input; /** * A start time block specifies the time that your contact center opens. The `startTime` is documented below. */ startTime: pulumi.Input; } export interface HoursOfOperationConfigEndTime { /** * Specifies the hour of closing. */ hours: pulumi.Input; /** * Specifies the minute of closing. */ minutes: pulumi.Input; } export interface HoursOfOperationConfigStartTime { /** * Specifies the hour of opening. */ hours: pulumi.Input; /** * Specifies the minute of opening. */ minutes: pulumi.Input; } export interface InstanceStorageConfigStorageConfig { /** * A block that specifies the configuration of the Kinesis Firehose delivery stream. Documented below. */ kinesisFirehoseConfig?: pulumi.Input; /** * A block that specifies the configuration of the Kinesis data stream. Documented below. */ kinesisStreamConfig?: pulumi.Input; /** * A block that specifies the configuration of the Kinesis video stream. Documented below. */ kinesisVideoStreamConfig?: pulumi.Input; /** * A block that specifies the configuration of S3 Bucket. Documented below. */ s3Config?: pulumi.Input; /** * A valid storage type. Valid Values: `S3` | `KINESIS_VIDEO_STREAM` | `KINESIS_STREAM` | `KINESIS_FIREHOSE`. */ storageType: pulumi.Input; } export interface InstanceStorageConfigStorageConfigKinesisFirehoseConfig { /** * The Amazon Resource Name (ARN) of the delivery stream. */ firehoseArn: pulumi.Input; } export interface InstanceStorageConfigStorageConfigKinesisStreamConfig { /** * The Amazon Resource Name (ARN) of the data stream. */ streamArn: pulumi.Input; } export interface InstanceStorageConfigStorageConfigKinesisVideoStreamConfig { /** * The encryption configuration. Documented below. */ encryptionConfig: pulumi.Input; /** * The prefix of the video stream. Minimum length of `1`. Maximum length of `128`. When read from the state, the value returned is `-connect--contact-` since the API appends additional details to the `prefix`. */ prefix: pulumi.Input; /** * The number of hours data is retained in the stream. Kinesis Video Streams retains the data in a data store that is associated with the stream. Minimum value of `0`. Maximum value of `87600`. A value of `0`, indicates that the stream does not persist data. */ retentionPeriodHours: pulumi.Input; } export interface InstanceStorageConfigStorageConfigKinesisVideoStreamConfigEncryptionConfig { /** * The type of encryption. Valid Values: `KMS`. */ encryptionType: pulumi.Input; /** * The full ARN of the encryption key. Be sure to provide the full ARN of the encryption key, not just the ID. */ keyId: pulumi.Input; } export interface InstanceStorageConfigStorageConfigS3Config { /** * The S3 bucket name. */ bucketName: pulumi.Input; /** * The S3 bucket prefix. */ bucketPrefix: pulumi.Input; /** * The encryption configuration. Documented below. */ encryptionConfig?: pulumi.Input; } export interface InstanceStorageConfigStorageConfigS3ConfigEncryptionConfig { /** * The type of encryption. Valid Values: `KMS`. */ encryptionType: pulumi.Input; /** * The full ARN of the encryption key. Be sure to provide the full ARN of the encryption key, not just the ID. */ keyId: pulumi.Input; } export interface PhoneNumberStatus { /** * The status message. */ message?: pulumi.Input; /** * The status of the phone number. Valid Values: `CLAIMED` | `IN_PROGRESS` | `FAILED`. */ status?: pulumi.Input; } export interface QueueOutboundCallerConfig { /** * Specifies the caller ID name. */ outboundCallerIdName?: pulumi.Input; /** * Specifies the caller ID number. */ outboundCallerIdNumberId?: pulumi.Input; /** * Specifies outbound whisper flow to be used during an outbound call. */ outboundFlowId?: pulumi.Input; } export interface QuickConnectQuickConnectConfig { /** * Specifies the phone configuration of the Quick Connect. This is required only if `quickConnectType` is `PHONE_NUMBER`. The `phoneConfig` block is documented below. */ phoneConfigs?: pulumi.Input[]>; /** * Specifies the queue configuration of the Quick Connect. This is required only if `quickConnectType` is `QUEUE`. The `queueConfig` block is documented below. */ queueConfigs?: pulumi.Input[]>; /** * Specifies the configuration type of the quick connect. valid values are `PHONE_NUMBER`, `QUEUE`, `USER`. */ quickConnectType: pulumi.Input; /** * Specifies the user configuration of the Quick Connect. This is required only if `quickConnectType` is `USER`. The `userConfig` block is documented below. */ userConfigs?: pulumi.Input[]>; } export interface QuickConnectQuickConnectConfigPhoneConfig { /** * Specifies the phone number in in E.164 format. */ phoneNumber: pulumi.Input; } export interface QuickConnectQuickConnectConfigQueueConfig { /** * Specifies the identifier of the contact flow. */ contactFlowId: pulumi.Input; /** * Specifies the identifier for the queue. */ queueId: pulumi.Input; } export interface QuickConnectQuickConnectConfigUserConfig { /** * Specifies the identifier of the contact flow. */ contactFlowId: pulumi.Input; /** * Specifies the identifier for the user. */ userId: pulumi.Input; } export interface RoutingProfileMediaConcurrency { /** * Specifies the channels that agents can handle in the Contact Control Panel (CCP). Valid values are `VOICE`, `CHAT`, `TASK`. */ channel: pulumi.Input; /** * Specifies the number of contacts an agent can have on a channel simultaneously. Valid Range for `VOICE`: Minimum value of 1. Maximum value of 1. Valid Range for `CHAT`: Minimum value of 1. Maximum value of 10. Valid Range for `TASK`: Minimum value of 1. Maximum value of 10. */ concurrency: pulumi.Input; } export interface RoutingProfileQueueConfig { /** * Specifies the channels agents can handle in the Contact Control Panel (CCP) for this routing profile. Valid values are `VOICE`, `CHAT`, `TASK`. */ channel: pulumi.Input; /** * Specifies the delay, in seconds, that a contact should be in the queue before they are routed to an available agent */ delay: pulumi.Input; /** * Specifies the order in which contacts are to be handled for the queue. */ priority: pulumi.Input; /** * ARN for the queue. */ queueArn?: pulumi.Input; /** * Specifies the identifier for the queue. */ queueId: pulumi.Input; /** * Name for the queue. */ queueName?: pulumi.Input; } export interface UserHierarchyGroupHierarchyPath { /** * A block that defines the details of level five. The level block is documented below. */ levelFives?: pulumi.Input[]>; /** * A block that defines the details of level four. The level block is documented below. */ levelFours?: pulumi.Input[]>; /** * A block that defines the details of level one. The level block is documented below. */ levelOnes?: pulumi.Input[]>; /** * A block that defines the details of level three. The level block is documented below. */ levelThrees?: pulumi.Input[]>; /** * A block that defines the details of level two. The level block is documented below. */ levelTwos?: pulumi.Input[]>; } export interface UserHierarchyGroupHierarchyPathLevelFife { /** * The Amazon Resource Name (ARN) of the hierarchy group. */ arn?: pulumi.Input; /** * The identifier of the hierarchy group. */ id?: pulumi.Input; /** * The name of the user hierarchy group. Must not be more than 100 characters. */ name?: pulumi.Input; } export interface UserHierarchyGroupHierarchyPathLevelFour { /** * The Amazon Resource Name (ARN) of the hierarchy group. */ arn?: pulumi.Input; /** * The identifier of the hierarchy group. */ id?: pulumi.Input; /** * The name of the user hierarchy group. Must not be more than 100 characters. */ name?: pulumi.Input; } export interface UserHierarchyGroupHierarchyPathLevelOne { /** * The Amazon Resource Name (ARN) of the hierarchy group. */ arn?: pulumi.Input; /** * The identifier of the hierarchy group. */ id?: pulumi.Input; /** * The name of the user hierarchy group. Must not be more than 100 characters. */ name?: pulumi.Input; } export interface UserHierarchyGroupHierarchyPathLevelThree { /** * The Amazon Resource Name (ARN) of the hierarchy group. */ arn?: pulumi.Input; /** * The identifier of the hierarchy group. */ id?: pulumi.Input; /** * The name of the user hierarchy group. Must not be more than 100 characters. */ name?: pulumi.Input; } export interface UserHierarchyGroupHierarchyPathLevelTwo { /** * The Amazon Resource Name (ARN) of the hierarchy group. */ arn?: pulumi.Input; /** * The identifier of the hierarchy group. */ id?: pulumi.Input; /** * The name of the user hierarchy group. Must not be more than 100 characters. */ name?: pulumi.Input; } export interface UserHierarchyStructureHierarchyStructure { /** * A block that defines the details of level five. The level block is documented below. * * Each level block supports the following arguments: */ levelFive?: pulumi.Input; /** * A block that defines the details of level four. The level block is documented below. */ levelFour?: pulumi.Input; /** * A block that defines the details of level one. The level block is documented below. */ levelOne?: pulumi.Input; /** * A block that defines the details of level three. The level block is documented below. */ levelThree?: pulumi.Input; /** * A block that defines the details of level two. The level block is documented below. */ levelTwo?: pulumi.Input; } export interface UserHierarchyStructureHierarchyStructureLevelFive { /** * The Amazon Resource Name (ARN) of the hierarchy level. */ arn?: pulumi.Input; /** * The identifier of the hierarchy level. */ id?: pulumi.Input; name: pulumi.Input; } export interface UserHierarchyStructureHierarchyStructureLevelFour { /** * The Amazon Resource Name (ARN) of the hierarchy level. */ arn?: pulumi.Input; /** * The identifier of the hierarchy level. */ id?: pulumi.Input; name: pulumi.Input; } export interface UserHierarchyStructureHierarchyStructureLevelOne { /** * The Amazon Resource Name (ARN) of the hierarchy level. */ arn?: pulumi.Input; /** * The identifier of the hierarchy level. */ id?: pulumi.Input; name: pulumi.Input; } export interface UserHierarchyStructureHierarchyStructureLevelThree { /** * The Amazon Resource Name (ARN) of the hierarchy level. */ arn?: pulumi.Input; /** * The identifier of the hierarchy level. */ id?: pulumi.Input; name: pulumi.Input; } export interface UserHierarchyStructureHierarchyStructureLevelTwo { /** * The Amazon Resource Name (ARN) of the hierarchy level. */ arn?: pulumi.Input; /** * The identifier of the hierarchy level. */ id?: pulumi.Input; name: pulumi.Input; } export interface UserIdentityInfo { /** * The email address. If you are using SAML for identity management and include this parameter, an error is returned. Note that updates to the `email` is supported. From the [UpdateUserIdentityInfo API documentation](https://docs.aws.amazon.com/connect/latest/APIReference/API_UpdateUserIdentityInfo.html) it is strongly recommended to limit who has the ability to invoke `UpdateUserIdentityInfo`. Someone with that ability can change the login credentials of other users by changing their email address. This poses a security risk to your organization. They can change the email address of a user to the attacker's email address, and then reset the password through email. For more information, see [Best Practices for Security Profiles](https://docs.aws.amazon.com/connect/latest/adminguide/security-profile-best-practices.html) in the Amazon Connect Administrator Guide. */ email?: pulumi.Input; /** * The first name. This is required if you are using Amazon Connect or SAML for identity management. Minimum length of 1. Maximum length of 100. */ firstName?: pulumi.Input; /** * The last name. This is required if you are using Amazon Connect or SAML for identity management. Minimum length of 1. Maximum length of 100. */ lastName?: pulumi.Input; } export interface UserPhoneConfig { /** * The After Call Work (ACW) timeout setting, in seconds. Minimum value of 0. */ afterContactWorkTimeLimit?: pulumi.Input; /** * When Auto-Accept Call is enabled for an available agent, the agent connects to contacts automatically. */ autoAccept?: pulumi.Input; /** * The phone number for the user's desk phone. Required if `phoneType` is set as `DESK_PHONE`. */ deskPhoneNumber?: pulumi.Input; /** * The phone type. Valid values are `DESK_PHONE` and `SOFT_PHONE`. */ phoneType: pulumi.Input; } } export namespace controltower { export interface LandingZoneDriftStatus { /** * The drift status of the landing zone. */ status?: pulumi.Input; } } export namespace costexplorer { export interface AnomalySubscriptionSubscriber { /** * The address of the subscriber. If type is `SNS`, this will be the arn of the sns topic. If type is `EMAIL`, this will be the destination email address. */ address: pulumi.Input; /** * The type of subscription. Valid Values: `SNS` | `EMAIL`. */ type: pulumi.Input; } export interface AnomalySubscriptionThresholdExpression { /** * Return results that match both Dimension objects. */ ands?: pulumi.Input[]>; /** * Configuration block for the filter that's based on values. See Cost Category below. */ costCategory?: pulumi.Input; /** * Configuration block for the specific Dimension to use for. */ dimension?: pulumi.Input; /** * Return results that match both Dimension object. */ not?: pulumi.Input; /** * Return results that match both Dimension object. */ ors?: pulumi.Input[]>; /** * Configuration block for the specific Tag to use for. See Tags below. */ tags?: pulumi.Input; } export interface AnomalySubscriptionThresholdExpressionAnd { costCategory?: pulumi.Input; dimension?: pulumi.Input; /** * A map of tags to assign to the resource. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. */ tags?: pulumi.Input; } export interface AnomalySubscriptionThresholdExpressionAndCostCategory { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface AnomalySubscriptionThresholdExpressionAndDimension { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface AnomalySubscriptionThresholdExpressionAndTags { /** * Key for the tag. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface AnomalySubscriptionThresholdExpressionCostCategory { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface AnomalySubscriptionThresholdExpressionDimension { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface AnomalySubscriptionThresholdExpressionNot { costCategory?: pulumi.Input; dimension?: pulumi.Input; /** * A map of tags to assign to the resource. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. */ tags?: pulumi.Input; } export interface AnomalySubscriptionThresholdExpressionNotCostCategory { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface AnomalySubscriptionThresholdExpressionNotDimension { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface AnomalySubscriptionThresholdExpressionNotTags { /** * Key for the tag. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface AnomalySubscriptionThresholdExpressionOr { costCategory?: pulumi.Input; dimension?: pulumi.Input; /** * A map of tags to assign to the resource. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. */ tags?: pulumi.Input; } export interface AnomalySubscriptionThresholdExpressionOrCostCategory { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface AnomalySubscriptionThresholdExpressionOrDimension { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface AnomalySubscriptionThresholdExpressionOrTags { /** * Key for the tag. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface AnomalySubscriptionThresholdExpressionTags { /** * Key for the tag. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRule { /** * Configuration block for the value the line item is categorized as if the line item contains the matched dimension. See below. */ inheritedValue?: pulumi.Input; /** * Configuration block for the `Expression` object used to categorize costs. See below. */ rule?: pulumi.Input; /** * You can define the CostCategoryRule rule type as either `REGULAR` or `INHERITED_VALUE`. */ type?: pulumi.Input; /** * Default value for the cost category. */ value?: pulumi.Input; } export interface CostCategoryRuleInheritedValue { /** * Key to extract cost category values. */ dimensionKey?: pulumi.Input; /** * Name of the dimension that's used to group costs. If you specify `LINKED_ACCOUNT_NAME`, the cost category value is based on account name. If you specify `TAG`, the cost category value will be based on the value of the specified tag key. Valid values are `LINKED_ACCOUNT_NAME`, `TAG` */ dimensionName?: pulumi.Input; } export interface CostCategoryRuleRule { /** * Return results that match both `Dimension` objects. */ ands?: pulumi.Input[]>; /** * Configuration block for the filter that's based on `CostCategory` values. See below. */ costCategory?: pulumi.Input; /** * Configuration block for the specific `Dimension` to use for `Expression`. See below. */ dimension?: pulumi.Input; /** * Return results that match both `Dimension` object. */ not?: pulumi.Input; /** * Return results that match both `Dimension` object. */ ors?: pulumi.Input[]>; /** * Configuration block for the specific `Tag` to use for `Expression`. See below. */ tags?: pulumi.Input; } export interface CostCategoryRuleRuleAnd { ands?: pulumi.Input[]>; costCategory?: pulumi.Input; dimension?: pulumi.Input; not?: pulumi.Input; ors?: pulumi.Input[]>; /** * Key-value mapping of resource tags. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. */ tags?: pulumi.Input; } export interface CostCategoryRuleRuleAndAnd { costCategory?: pulumi.Input; dimension?: pulumi.Input; /** * Key-value mapping of resource tags. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. */ tags?: pulumi.Input; } export interface CostCategoryRuleRuleAndAndCostCategory { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleAndAndDimension { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleAndAndTags { /** * Key for the tag. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleAndCostCategory { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleAndDimension { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleAndNot { costCategory?: pulumi.Input; dimension?: pulumi.Input; /** * Key-value mapping of resource tags. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. */ tags?: pulumi.Input; } export interface CostCategoryRuleRuleAndNotCostCategory { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleAndNotDimension { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleAndNotTags { /** * Key for the tag. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleAndOr { costCategory?: pulumi.Input; dimension?: pulumi.Input; /** * Key-value mapping of resource tags. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. */ tags?: pulumi.Input; } export interface CostCategoryRuleRuleAndOrCostCategory { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleAndOrDimension { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleAndOrTags { /** * Key for the tag. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleAndTags { /** * Key for the tag. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleCostCategory { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleDimension { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleNot { ands?: pulumi.Input[]>; costCategory?: pulumi.Input; dimension?: pulumi.Input; not?: pulumi.Input; ors?: pulumi.Input[]>; /** * Key-value mapping of resource tags. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. */ tags?: pulumi.Input; } export interface CostCategoryRuleRuleNotAnd { costCategory?: pulumi.Input; dimension?: pulumi.Input; /** * Key-value mapping of resource tags. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. */ tags?: pulumi.Input; } export interface CostCategoryRuleRuleNotAndCostCategory { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleNotAndDimension { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleNotAndTags { /** * Key for the tag. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleNotCostCategory { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleNotDimension { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleNotNot { costCategory?: pulumi.Input; dimension?: pulumi.Input; /** * Key-value mapping of resource tags. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. */ tags?: pulumi.Input; } export interface CostCategoryRuleRuleNotNotCostCategory { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleNotNotDimension { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleNotNotTags { /** * Key for the tag. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleNotOr { costCategory?: pulumi.Input; dimension?: pulumi.Input; /** * Key-value mapping of resource tags. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. */ tags?: pulumi.Input; } export interface CostCategoryRuleRuleNotOrCostCategory { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleNotOrDimension { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleNotOrTags { /** * Key for the tag. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleNotTags { /** * Key for the tag. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleOr { ands?: pulumi.Input[]>; costCategory?: pulumi.Input; dimension?: pulumi.Input; not?: pulumi.Input; ors?: pulumi.Input[]>; /** * Key-value mapping of resource tags. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. */ tags?: pulumi.Input; } export interface CostCategoryRuleRuleOrAnd { costCategory?: pulumi.Input; dimension?: pulumi.Input; /** * Key-value mapping of resource tags. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. */ tags?: pulumi.Input; } export interface CostCategoryRuleRuleOrAndCostCategory { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleOrAndDimension { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleOrAndTags { /** * Key for the tag. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleOrCostCategory { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleOrDimension { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleOrNot { costCategory?: pulumi.Input; dimension?: pulumi.Input; /** * Key-value mapping of resource tags. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. */ tags?: pulumi.Input; } export interface CostCategoryRuleRuleOrNotCostCategory { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleOrNotDimension { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleOrNotTags { /** * Key for the tag. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleOrOr { costCategory?: pulumi.Input; dimension?: pulumi.Input; /** * Key-value mapping of resource tags. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. */ tags?: pulumi.Input; } export interface CostCategoryRuleRuleOrOrCostCategory { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleOrOrDimension { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleOrOrTags { /** * Key for the tag. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleOrTags { /** * Key for the tag. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategoryRuleRuleTags { /** * Key for the tag. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface CostCategorySplitChargeRule { /** * Method that's used to define how to split your source costs across your targets. Valid values are `FIXED`, `PROPORTIONAL`, `EVEN` */ method: pulumi.Input; /** * Configuration block for the parameters for a split charge method. This is only required for the `FIXED` method. See below. */ parameters?: pulumi.Input[]>; /** * Cost Category value that you want to split. */ source: pulumi.Input; /** * Cost Category values that you want to split costs across. These values can't be used as a source in other split charge rules. */ targets: pulumi.Input[]>; } export interface CostCategorySplitChargeRuleParameter { /** * Parameter type. */ type?: pulumi.Input; /** * Parameter values. */ values?: pulumi.Input[]>; } export interface GetTagsFilter { /** * Return results that match both `Dimension` objects. */ ands?: inputs.costexplorer.GetTagsFilterAnd[]; /** * Configuration block for the filter that's based on `CostCategory` values. See `costCategory` block below for details. */ costCategory?: inputs.costexplorer.GetTagsFilterCostCategory; /** * Configuration block for the specific `Dimension` to use for `Expression`. See `dimension` block below for details. */ dimension?: inputs.costexplorer.GetTagsFilterDimension; /** * Return results that match both `Dimension` object. */ not?: inputs.costexplorer.GetTagsFilterNot; /** * Return results that match both `Dimension` object. */ ors?: inputs.costexplorer.GetTagsFilterOr[]; /** * Tags that match your request. */ tags?: inputs.costexplorer.GetTagsFilterTags; } export interface GetTagsFilterArgs { /** * Return results that match both `Dimension` objects. */ ands?: pulumi.Input[]>; /** * Configuration block for the filter that's based on `CostCategory` values. See `costCategory` block below for details. */ costCategory?: pulumi.Input; /** * Configuration block for the specific `Dimension` to use for `Expression`. See `dimension` block below for details. */ dimension?: pulumi.Input; /** * Return results that match both `Dimension` object. */ not?: pulumi.Input; /** * Return results that match both `Dimension` object. */ ors?: pulumi.Input[]>; /** * Tags that match your request. */ tags?: pulumi.Input; } export interface GetTagsFilterAnd { costCategory?: inputs.costexplorer.GetTagsFilterAndCostCategory; dimension?: inputs.costexplorer.GetTagsFilterAndDimension; /** * Tags that match your request. */ tags?: inputs.costexplorer.GetTagsFilterAndTags; } export interface GetTagsFilterAndArgs { costCategory?: pulumi.Input; dimension?: pulumi.Input; /** * Tags that match your request. */ tags?: pulumi.Input; } export interface GetTagsFilterAndCostCategory { /** * Unique name of the Cost Category. */ key?: string; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: string[]; /** * Specific value of the Cost Category. */ values?: string[]; } export interface GetTagsFilterAndCostCategoryArgs { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface GetTagsFilterAndDimension { /** * Unique name of the Cost Category. */ key?: string; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: string[]; /** * Specific value of the Cost Category. */ values?: string[]; } export interface GetTagsFilterAndDimensionArgs { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface GetTagsFilterAndTags { key?: string; matchOptions?: string[]; values?: string[]; } export interface GetTagsFilterAndTagsArgs { key?: pulumi.Input; matchOptions?: pulumi.Input[]>; values?: pulumi.Input[]>; } export interface GetTagsFilterCostCategory { /** * Unique name of the Cost Category. */ key?: string; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: string[]; /** * Specific value of the Cost Category. */ values?: string[]; } export interface GetTagsFilterCostCategoryArgs { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface GetTagsFilterDimension { /** * Unique name of the Cost Category. */ key?: string; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: string[]; /** * Specific value of the Cost Category. */ values?: string[]; } export interface GetTagsFilterDimensionArgs { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface GetTagsFilterNot { costCategory?: inputs.costexplorer.GetTagsFilterNotCostCategory; dimension?: inputs.costexplorer.GetTagsFilterNotDimension; /** * Tags that match your request. */ tags?: inputs.costexplorer.GetTagsFilterNotTags; } export interface GetTagsFilterNotArgs { costCategory?: pulumi.Input; dimension?: pulumi.Input; /** * Tags that match your request. */ tags?: pulumi.Input; } export interface GetTagsFilterNotCostCategory { /** * Unique name of the Cost Category. */ key?: string; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: string[]; /** * Specific value of the Cost Category. */ values?: string[]; } export interface GetTagsFilterNotCostCategoryArgs { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface GetTagsFilterNotDimension { /** * Unique name of the Cost Category. */ key?: string; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: string[]; /** * Specific value of the Cost Category. */ values?: string[]; } export interface GetTagsFilterNotDimensionArgs { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface GetTagsFilterNotTags { key?: string; matchOptions?: string[]; values?: string[]; } export interface GetTagsFilterNotTagsArgs { key?: pulumi.Input; matchOptions?: pulumi.Input[]>; values?: pulumi.Input[]>; } export interface GetTagsFilterOr { costCategory?: inputs.costexplorer.GetTagsFilterOrCostCategory; dimension?: inputs.costexplorer.GetTagsFilterOrDimension; /** * Tags that match your request. */ tags?: inputs.costexplorer.GetTagsFilterOrTags; } export interface GetTagsFilterOrArgs { costCategory?: pulumi.Input; dimension?: pulumi.Input; /** * Tags that match your request. */ tags?: pulumi.Input; } export interface GetTagsFilterOrCostCategory { /** * Unique name of the Cost Category. */ key?: string; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: string[]; /** * Specific value of the Cost Category. */ values?: string[]; } export interface GetTagsFilterOrCostCategoryArgs { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface GetTagsFilterOrDimension { /** * Unique name of the Cost Category. */ key?: string; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: string[]; /** * Specific value of the Cost Category. */ values?: string[]; } export interface GetTagsFilterOrDimensionArgs { /** * Unique name of the Cost Category. */ key?: pulumi.Input; /** * Match options that you can use to filter your results. MatchOptions is only applicable for actions related to cost category. The default values for MatchOptions is `EQUALS` and `CASE_SENSITIVE`. Valid values are: `EQUALS`, `ABSENT`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CASE_SENSITIVE`, `CASE_INSENSITIVE`. */ matchOptions?: pulumi.Input[]>; /** * Specific value of the Cost Category. */ values?: pulumi.Input[]>; } export interface GetTagsFilterOrTags { key?: string; matchOptions?: string[]; values?: string[]; } export interface GetTagsFilterOrTagsArgs { key?: pulumi.Input; matchOptions?: pulumi.Input[]>; values?: pulumi.Input[]>; } export interface GetTagsFilterTags { key?: string; matchOptions?: string[]; values?: string[]; } export interface GetTagsFilterTagsArgs { key?: pulumi.Input; matchOptions?: pulumi.Input[]>; values?: pulumi.Input[]>; } export interface GetTagsSortBy { /** * key that's used to sort the data. Valid values are: `BlendedCost`, `UnblendedCost`, `AmortizedCost`, `NetAmortizedCost`, `NetUnblendedCost`, `UsageQuantity`, `NormalizedUsageAmount`. */ key?: string; /** * order that's used to sort the data. Valid values are: `ASCENDING`, `DESCENDING`. */ sortOrder?: string; } export interface GetTagsSortByArgs { /** * key that's used to sort the data. Valid values are: `BlendedCost`, `UnblendedCost`, `AmortizedCost`, `NetAmortizedCost`, `NetUnblendedCost`, `UsageQuantity`, `NormalizedUsageAmount`. */ key?: pulumi.Input; /** * order that's used to sort the data. Valid values are: `ASCENDING`, `DESCENDING`. */ sortOrder?: pulumi.Input; } export interface GetTagsTimePeriod { /** * Beginning of the time period. */ end: string; /** * End of the time period. */ start: string; } export interface GetTagsTimePeriodArgs { /** * Beginning of the time period. */ end: pulumi.Input; /** * End of the time period. */ start: pulumi.Input; } } export namespace customerprofiles { export interface DomainMatching { /** * A block that specifies the configuration about the auto-merging process. Documented below. */ autoMerging?: pulumi.Input; /** * The flag that enables the matching process of duplicate profiles. */ enabled: pulumi.Input; /** * A block that specifies the configuration for exporting Identity Resolution results. Documented below. */ exportingConfig?: pulumi.Input; /** * A block that specifies the day and time when you want to start the Identity Resolution Job every week. Documented below. */ jobSchedule?: pulumi.Input; } export interface DomainMatchingAutoMerging { /** * A block that specifies how the auto-merging process should resolve conflicts between different profiles. Documented below. */ conflictResolution?: pulumi.Input; /** * A block that specifies a list of matching attributes that represent matching criteria. If two profiles meet at least one of the requirements in the matching attributes list, they will be merged. Documented below. * * `minAllowedConfidenceScoreForMerging ` - (Optional) A number between 0 and 1 that represents the minimum confidence score required for profiles within a matching group to be merged during the auto-merge process. A higher score means higher similarity required to merge profiles. */ consolidation?: pulumi.Input; /** * The flag that enables the auto-merging of duplicate profiles. */ enabled: pulumi.Input; minAllowedConfidenceScoreForMerging?: pulumi.Input; } export interface DomainMatchingAutoMergingConflictResolution { /** * How the auto-merging process should resolve conflicts between different profiles. Valid values are `RECENCY` and `SOURCE` */ conflictResolvingModel: pulumi.Input; /** * The `ObjectType` name that is used to resolve profile merging conflicts when choosing `SOURCE` as the `ConflictResolvingModel`. */ sourceName?: pulumi.Input; } export interface DomainMatchingAutoMergingConsolidation { /** * A list of matching criteria. */ matchingAttributesLists: pulumi.Input[]>[]>; } export interface DomainMatchingExportingConfig { s3Exporting?: pulumi.Input; } export interface DomainMatchingExportingConfigS3Exporting { s3BucketName: pulumi.Input; s3KeyName?: pulumi.Input; } export interface DomainMatchingJobSchedule { /** * The day when the Identity Resolution Job should run every week. */ dayOfTheWeek: pulumi.Input; /** * The time when the Identity Resolution Job should run every week. */ time: pulumi.Input; } export interface DomainRuleBasedMatching { /** * A block that configures information about the `AttributeTypesSelector` where the rule-based identity resolution uses to match profiles. Documented below. */ attributeTypesSelector?: pulumi.Input; /** * A block that specifies how the auto-merging process should resolve conflicts between different profiles. Documented below. */ conflictResolution?: pulumi.Input; /** * The flag that enables the rule-based matching process of duplicate profiles. */ enabled: pulumi.Input; /** * A block that specifies the configuration for exporting Identity Resolution results. Documented below. */ exportingConfig?: pulumi.Input; /** * A block that configures how the rule-based matching process should match profiles. You can have up to 15 `rule` in the `natchingRules`. Documented below. */ matchingRules?: pulumi.Input[]>; /** * Indicates the maximum allowed rule level for matching. */ maxAllowedRuleLevelForMatching?: pulumi.Input; /** * Indicates the maximum allowed rule level for merging. */ maxAllowedRuleLevelForMerging?: pulumi.Input; status?: pulumi.Input; } export interface DomainRuleBasedMatchingAttributeTypesSelector { /** * The `Address` type. You can choose from `Address`, `BusinessAddress`, `MaillingAddress`, and `ShippingAddress`. */ addresses?: pulumi.Input[]>; /** * Configures the `AttributeMatchingModel`, you can either choose `ONE_TO_ONE` or `MANY_TO_MANY`. */ attributeMatchingModel: pulumi.Input; /** * The `Email` type. You can choose from `EmailAddress`, `BusinessEmailAddress` and `PersonalEmailAddress`. */ emailAddresses?: pulumi.Input[]>; /** * The `PhoneNumber` type. You can choose from `PhoneNumber`, `HomePhoneNumber`, and `MobilePhoneNumber`. */ phoneNumbers?: pulumi.Input[]>; } export interface DomainRuleBasedMatchingConflictResolution { /** * How the auto-merging process should resolve conflicts between different profiles. Valid values are `RECENCY` and `SOURCE` */ conflictResolvingModel: pulumi.Input; /** * The `ObjectType` name that is used to resolve profile merging conflicts when choosing `SOURCE` as the `ConflictResolvingModel`. */ sourceName?: pulumi.Input; } export interface DomainRuleBasedMatchingExportingConfig { s3Exporting?: pulumi.Input; } export interface DomainRuleBasedMatchingExportingConfigS3Exporting { s3BucketName: pulumi.Input; s3KeyName?: pulumi.Input; } export interface DomainRuleBasedMatchingMatchingRule { /** * A single rule level of the `matchRules`. Configures how the rule-based matching process should match profiles. */ rules: pulumi.Input[]>; } export interface ProfileAddress { /** * The first line of a customer address. */ address1?: pulumi.Input; /** * The second line of a customer address. */ address2?: pulumi.Input; /** * The third line of a customer address. */ address3?: pulumi.Input; /** * The fourth line of a customer address. */ address4?: pulumi.Input; /** * The city in which a customer lives. */ city?: pulumi.Input; /** * The country in which a customer lives. */ country?: pulumi.Input; /** * The county in which a customer lives. */ county?: pulumi.Input; /** * The postal code of a customer address. */ postalCode?: pulumi.Input; /** * The province in which a customer lives. */ province?: pulumi.Input; /** * The state in which a customer lives. */ state?: pulumi.Input; } export interface ProfileBillingAddress { address1?: pulumi.Input; address2?: pulumi.Input; address3?: pulumi.Input; address4?: pulumi.Input; city?: pulumi.Input; country?: pulumi.Input; county?: pulumi.Input; postalCode?: pulumi.Input; province?: pulumi.Input; state?: pulumi.Input; } export interface ProfileMailingAddress { address1?: pulumi.Input; address2?: pulumi.Input; address3?: pulumi.Input; address4?: pulumi.Input; city?: pulumi.Input; country?: pulumi.Input; county?: pulumi.Input; postalCode?: pulumi.Input; province?: pulumi.Input; state?: pulumi.Input; } export interface ProfileShippingAddress { address1?: pulumi.Input; address2?: pulumi.Input; address3?: pulumi.Input; address4?: pulumi.Input; city?: pulumi.Input; country?: pulumi.Input; county?: pulumi.Input; postalCode?: pulumi.Input; province?: pulumi.Input; state?: pulumi.Input; } } export namespace datapipeline { export interface GetPipelineDefinitionParameterValue { /** * ID of the object. */ id?: string; /** * Field value, expressed as a String. */ stringValue?: string; } export interface GetPipelineDefinitionParameterValueArgs { /** * ID of the object. */ id?: pulumi.Input; /** * Field value, expressed as a String. */ stringValue?: pulumi.Input; } export interface PipelineDefinitionParameterObject { /** * Configuration block for attributes of the parameter object. See below */ attributes?: pulumi.Input[]>; /** * ID of the parameter object. */ id: pulumi.Input; } export interface PipelineDefinitionParameterObjectAttribute { /** * Field identifier. */ key: pulumi.Input; /** * Field value, expressed as a String. */ stringValue: pulumi.Input; } export interface PipelineDefinitionParameterValue { /** * ID of the parameter value. */ id: pulumi.Input; /** * Field value, expressed as a String. */ stringValue: pulumi.Input; } export interface PipelineDefinitionPipelineObject { /** * Configuration block for Key-value pairs that define the properties of the object. See below */ fields?: pulumi.Input[]>; /** * ID of the object. */ id: pulumi.Input; /** * ARN of the storage connector. */ name: pulumi.Input; } export interface PipelineDefinitionPipelineObjectField { /** * Field identifier. */ key: pulumi.Input; /** * Field value, expressed as the identifier of another object */ refValue?: pulumi.Input; /** * Field value, expressed as a String. */ stringValue?: pulumi.Input; } } export namespace datasync { export interface EfsLocationEc2Config { /** * List of Amazon Resource Names (ARNs) of the EC2 Security Groups that are associated with the EFS Mount Target. */ securityGroupArns: pulumi.Input[]>; /** * Amazon Resource Name (ARN) of the EC2 Subnet that is associated with the EFS Mount Target. */ subnetArn: pulumi.Input; } export interface FsxOpenZfsFileSystemProtocol { /** * Represents the Network File System (NFS) protocol that DataSync uses to access your FSx for OpenZFS file system. See below. */ nfs: pulumi.Input; } export interface FsxOpenZfsFileSystemProtocolNfs { /** * Represents the mount options that are available for DataSync to access an NFS location. See below. */ mountOptions: pulumi.Input; } export interface FsxOpenZfsFileSystemProtocolNfsMountOptions { /** * The specific NFS version that you want DataSync to use for mounting your NFS share. Valid values: `AUTOMATIC`, `NFS3`, `NFS4_0` and `NFS4_1`. Default: `AUTOMATIC` */ version?: pulumi.Input; } export interface LocationAzureBlobSasConfiguration { /** * A SAS token that provides permissions to access your Azure Blob Storage. */ token: pulumi.Input; } export interface LocationFsxOntapFileSystemProtocol { /** * Network File System (NFS) protocol that DataSync uses to access your FSx ONTAP file system. See NFS below. */ nfs?: pulumi.Input; /** * Server Message Block (SMB) protocol that DataSync uses to access your FSx ONTAP file system. See [SMB] (#smb) below. */ smb?: pulumi.Input; } export interface LocationFsxOntapFileSystemProtocolNfs { /** * Mount options that are available for DataSync to access an NFS location. See NFS Mount Options below. */ mountOptions: pulumi.Input; } export interface LocationFsxOntapFileSystemProtocolNfsMountOptions { version?: pulumi.Input; } export interface LocationFsxOntapFileSystemProtocolSmb { /** * Fully qualified domain name of the Microsoft Active Directory (AD) that your storage virtual machine belongs to. */ domain?: pulumi.Input; /** * Mount options that are available for DataSync to access an SMB location. See SMB Mount Options below. */ mountOptions: pulumi.Input; /** * Password of a user who has permission to access your SVM. */ password: pulumi.Input; /** * Username that can mount the location and access the files, folders, and metadata that you need in the SVM. */ user: pulumi.Input; } export interface LocationFsxOntapFileSystemProtocolSmbMountOptions { version?: pulumi.Input; } export interface LocationHdfsNameNode { /** * The hostname of the NameNode in the HDFS cluster. This value is the IP address or Domain Name Service (DNS) name of the NameNode. An agent that's installed on-premises uses this hostname to communicate with the NameNode in the network. */ hostname: pulumi.Input; /** * The port that the NameNode uses to listen to client requests. */ port: pulumi.Input; } export interface LocationHdfsQopConfiguration { /** * The data transfer protection setting configured on the HDFS cluster. This setting corresponds to your dfs.data.transfer.protection setting in the hdfs-site.xml file on your Hadoop cluster. Valid values are `DISABLED`, `AUTHENTICATION`, `INTEGRITY` and `PRIVACY`. */ dataTransferProtection?: pulumi.Input; /** * The RPC protection setting configured on the HDFS cluster. This setting corresponds to your hadoop.rpc.protection setting in your core-site.xml file on your Hadoop cluster. Valid values are `DISABLED`, `AUTHENTICATION`, `INTEGRITY` and `PRIVACY`. */ rpcProtection?: pulumi.Input; } export interface LocationSmbMountOptions { /** * The specific SMB version that you want DataSync to use for mounting your SMB share. Valid values: `AUTOMATIC`, `SMB2`, and `SMB3`. Default: `AUTOMATIC` */ version?: pulumi.Input; } export interface NfsLocationMountOptions { /** * The specific NFS version that you want DataSync to use for mounting your NFS share. Valid values: `AUTOMATIC`, `NFS3`, `NFS4_0` and `NFS4_1`. Default: `AUTOMATIC` */ version?: pulumi.Input; } export interface NfsLocationOnPremConfig { /** * List of Amazon Resource Names (ARNs) of the DataSync Agents used to connect to the NFS server. */ agentArns: pulumi.Input[]>; } export interface S3LocationS3Config { /** * ARN of the IAM Role used to connect to the S3 Bucket. */ bucketAccessRoleArn: pulumi.Input; } export interface TaskExcludes { /** * The type of filter rule to apply. Valid values: `SIMPLE_PATTERN`. */ filterType?: pulumi.Input; /** * A single filter string that consists of the patterns to exclude. The patterns are delimited by "|" (that is, a pipe), for example: `/folder1|/folder2` */ value?: pulumi.Input; } export interface TaskIncludes { /** * The type of filter rule to apply. Valid values: `SIMPLE_PATTERN`. */ filterType?: pulumi.Input; /** * A single filter string that consists of the patterns to include. The patterns are delimited by "|" (that is, a pipe), for example: `/folder1|/folder2` */ value?: pulumi.Input; } export interface TaskOptions { /** * A file metadata that shows the last time a file was accessed (that is when the file was read or written to). If set to `BEST_EFFORT`, the DataSync Task attempts to preserve the original (that is, the version before sync `PREPARING` phase) `atime` attribute on all source files. Valid values: `BEST_EFFORT`, `NONE`. Default: `BEST_EFFORT`. */ atime?: pulumi.Input; /** * Limits the bandwidth utilized. For example, to set a maximum of 1 MB, set this value to `1048576`. Value values: `-1` or greater. Default: `-1` (unlimited). */ bytesPerSecond?: pulumi.Input; /** * Group identifier of the file's owners. Valid values: `BOTH`, `INT_VALUE`, `NAME`, `NONE`. Default: `INT_VALUE` (preserve integer value of the ID). */ gid?: pulumi.Input; /** * Determines the type of logs that DataSync publishes to a log stream in the Amazon CloudWatch log group that you provide. Valid values: `OFF`, `BASIC`, `TRANSFER`. Default: `OFF`. */ logLevel?: pulumi.Input; /** * A file metadata that indicates the last time a file was modified (written to) before the sync `PREPARING` phase. Value values: `NONE`, `PRESERVE`. Default: `PRESERVE`. */ mtime?: pulumi.Input; /** * Specifies whether object tags are maintained when transferring between object storage systems. If you want your DataSync task to ignore object tags, specify the NONE value. Valid values: `PRESERVE`, `NONE`. Default value: `PRESERVE`. */ objectTags?: pulumi.Input; /** * Determines whether files at the destination should be overwritten or preserved when copying files. Valid values: `ALWAYS`, `NEVER`. Default: `ALWAYS`. */ overwriteMode?: pulumi.Input; /** * Determines which users or groups can access a file for a specific purpose such as reading, writing, or execution of the file. Valid values: `NONE`, `PRESERVE`. Default: `PRESERVE`. */ posixPermissions?: pulumi.Input; /** * Whether files deleted in the source should be removed or preserved in the destination file system. Valid values: `PRESERVE`, `REMOVE`. Default: `PRESERVE`. */ preserveDeletedFiles?: pulumi.Input; /** * Whether the DataSync Task should preserve the metadata of block and character devices in the source files system, and recreate the files with that device name and metadata on the destination. The DataSync Task can’t sync the actual contents of such devices, because many of the devices are non-terminal and don’t return an end of file (EOF) marker. Valid values: `NONE`, `PRESERVE`. Default: `NONE` (ignore special devices). */ preserveDevices?: pulumi.Input; /** * Determines which components of the SMB security descriptor are copied from source to destination objects. This value is only used for transfers between SMB and Amazon FSx for Windows File Server locations, or between two Amazon FSx for Windows File Server locations. Valid values: `NONE`, `OWNER_DACL`, `OWNER_DACL_SACL`. Default: `OWNER_DACL`. */ securityDescriptorCopyFlags?: pulumi.Input; /** * Determines whether tasks should be queued before executing the tasks. Valid values: `ENABLED`, `DISABLED`. Default `ENABLED`. */ taskQueueing?: pulumi.Input; /** * Determines whether DataSync transfers only the data and metadata that differ between the source and the destination location, or whether DataSync transfers all the content from the source, without comparing to the destination location. Valid values: `CHANGED`, `ALL`. Default: `CHANGED` */ transferMode?: pulumi.Input; /** * User identifier of the file's owners. Valid values: `BOTH`, `INT_VALUE`, `NAME`, `NONE`. Default: `INT_VALUE` (preserve integer value of the ID). */ uid?: pulumi.Input; /** * Whether a data integrity verification should be performed at the end of a task execution after all data and metadata have been transferred. Valid values: `NONE`, `POINT_IN_TIME_CONSISTENT`, `ONLY_FILES_TRANSFERRED`. Default: `POINT_IN_TIME_CONSISTENT`. */ verifyMode?: pulumi.Input; } export interface TaskSchedule { /** * Specifies the schedule you want your task to use for repeated executions. For more information, see [Schedule Expressions for Rules](https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/ScheduledEvents.html). */ scheduleExpression: pulumi.Input; } export interface TaskTaskReportConfig { /** * Specifies the type of task report you'd like. Valid values: `SUMMARY_ONLY` and `STANDARD`. */ outputType?: pulumi.Input; /** * Specifies whether you want your task report to include only what went wrong with your transfer or a list of what succeeded and didn't. Valid values: `ERRORS_ONLY` and `SUCCESSES_AND_ERRORS`. */ reportLevel?: pulumi.Input; /** * Configuration block containing the configuration of the reporting level for aspects of your task report. See `reportOverrides` below. */ reportOverrides?: pulumi.Input; /** * Configuration block containing the configuration for the Amazon S3 bucket where DataSync uploads your task report. See `s3Destination` below. */ s3Destination: pulumi.Input; /** * Specifies whether your task report includes the new version of each object transferred into an S3 bucket. This only applies if you enable versioning on your bucket. Keep in mind that setting this to INCLUDE can increase the duration of your task execution. Valid values: `INCLUDE` and `NONE`. */ s3ObjectVersioning?: pulumi.Input; } export interface TaskTaskReportConfigReportOverrides { /** * Specifies the level of reporting for the files, objects, and directories that DataSync attempted to delete in your destination location. This only applies if you configure your task to delete data in the destination that isn't in the source. Valid values: `ERRORS_ONLY` and `SUCCESSES_AND_ERRORS`. */ deletedOverride?: pulumi.Input; /** * Specifies the level of reporting for the files, objects, and directories that DataSync attempted to skip during your transfer. Valid values: `ERRORS_ONLY` and `SUCCESSES_AND_ERRORS`. */ skippedOverride?: pulumi.Input; /** * Specifies the level of reporting for the files, objects, and directories that DataSync attempted to transfer. Valid values: `ERRORS_ONLY` and `SUCCESSES_AND_ERRORS`. */ transferredOverride?: pulumi.Input; /** * Specifies the level of reporting for the files, objects, and directories that DataSync attempted to verify at the end of your transfer. Valid values: `ERRORS_ONLY` and `SUCCESSES_AND_ERRORS`. * * > **NOTE:** If any `reportOverrides` are set to the same value as `task_report_config.report_level`, they will always be flagged as changed. Only set overrides to a value that differs from `task_report_config.report_level`. */ verifiedOverride?: pulumi.Input; } export interface TaskTaskReportConfigS3Destination { /** * Specifies the Amazon Resource Name (ARN) of the IAM policy that allows DataSync to upload a task report to your S3 bucket. */ bucketAccessRoleArn: pulumi.Input; /** * Specifies the ARN of the S3 bucket where DataSync uploads your report. */ s3BucketArn: pulumi.Input; /** * Specifies a bucket prefix for your report. */ subdirectory?: pulumi.Input; } } export namespace dax { export interface ClusterNode { address?: pulumi.Input; availabilityZone?: pulumi.Input; id?: pulumi.Input; /** * The port used by the configuration endpoint */ port?: pulumi.Input; } export interface ClusterServerSideEncryption { /** * Whether to enable encryption at rest. Defaults to `false`. */ enabled?: pulumi.Input; } export interface ParameterGroupParameter { /** * The name of the parameter. */ name: pulumi.Input; /** * The value for the parameter. */ value: pulumi.Input; } } export namespace devicefarm { export interface DevicePoolRule { /** * The rule's stringified attribute. Valid values are: `APPIUM_VERSION`, `ARN`, `AVAILABILITY`, `FLEET_TYPE`, `FORM_FACTOR`, `INSTANCE_ARN`, `INSTANCE_LABELS`, `MANUFACTURER`, `MODEL`, `OS_VERSION`, `PLATFORM`, `REMOTE_ACCESS_ENABLED`, `REMOTE_DEBUG_ENABLED`. */ attribute?: pulumi.Input; /** * Specifies how Device Farm compares the rule's attribute to the value. For the operators that are supported by each attribute. Valid values are: `EQUALS`, `NOT_IN`, `IN`, `GREATER_THAN`, `GREATER_THAN_OR_EQUALS`, `LESS_THAN`, `LESS_THAN_OR_EQUALS`, `CONTAINS`. */ operator?: pulumi.Input; /** * The rule's value. */ value?: pulumi.Input; } export interface TestGridProjectVpcConfig { /** * A list of VPC security group IDs in your Amazon VPC. */ securityGroupIds: pulumi.Input[]>; /** * A list of VPC subnet IDs in your Amazon VPC. */ subnetIds: pulumi.Input[]>; /** * The ID of the Amazon VPC. */ vpcId: pulumi.Input; } } export namespace devopsguru { export interface EventSourcesConfigEventSource { /** * Stores whether DevOps Guru is configured to consume recommendations which are generated from AWS CodeGuru Profiler. See `amazonCodeGuruProfiler` below. */ amazonCodeGuruProfilers?: pulumi.Input[]>; } export interface EventSourcesConfigEventSourceAmazonCodeGuruProfiler { /** * Status of the CodeGuru Profiler integration. Valid values are `ENABLED` and `DISABLED`. */ status: pulumi.Input; } export interface GetNotificationChannelFilter { /** * Events to receive notifications for. */ messageTypes?: string[]; /** * Severity levels to receive notifications for. */ severities?: string[]; } export interface GetNotificationChannelFilterArgs { /** * Events to receive notifications for. */ messageTypes?: pulumi.Input[]>; /** * Severity levels to receive notifications for. */ severities?: pulumi.Input[]>; } export interface GetNotificationChannelSn { /** * Amazon Resource Name (ARN) of an Amazon Simple Notification Service topic. */ topicArn?: string; } export interface GetNotificationChannelSnArgs { /** * Amazon Resource Name (ARN) of an Amazon Simple Notification Service topic. */ topicArn?: pulumi.Input; } export interface GetResourceCollectionCloudformation { /** * Array of the names of the AWS CloudFormation stacks. */ stackNames?: string[]; } export interface GetResourceCollectionCloudformationArgs { /** * Array of the names of the AWS CloudFormation stacks. */ stackNames?: pulumi.Input[]>; } export interface GetResourceCollectionTag { /** * An AWS tag key that is used to identify the AWS resources that DevOps Guru analyzes. */ appBoundaryKey?: string; /** * Array of tag values. */ tagValues?: string[]; } export interface GetResourceCollectionTagArgs { /** * An AWS tag key that is used to identify the AWS resources that DevOps Guru analyzes. */ appBoundaryKey?: pulumi.Input; /** * Array of tag values. */ tagValues?: pulumi.Input[]>; } export interface NotificationChannelFilters { /** * Events to receive notifications for. Valid values are `NEW_INSIGHT`, `CLOSED_INSIGHT`, `NEW_ASSOCIATION`, `SEVERITY_UPGRADED`, and `NEW_RECOMMENDATION`. */ messageTypes?: pulumi.Input[]>; /** * Severity levels to receive notifications for. Valid values are `LOW`, `MEDIUM`, and `HIGH`. */ severities?: pulumi.Input[]>; } export interface NotificationChannelSns { /** * Amazon Resource Name (ARN) of an Amazon Simple Notification Service topic. */ topicArn: pulumi.Input; } export interface ResourceCollectionCloudformation { /** * Array of the names of the AWS CloudFormation stacks. If `type` is `AWS_SERVICE` (all acccount resources) this array should be a single item containing a wildcard (`"*"`). */ stackNames: pulumi.Input[]>; } export interface ResourceCollectionTags { /** * An AWS tag key that is used to identify the AWS resources that DevOps Guru analyzes. All AWS resources in your account and Region tagged with this key make up your DevOps Guru application and analysis boundary. The key must begin with the prefix `DevOps-Guru-`. Any casing can be used for the prefix, but the associated tags __must use the same casing__ in their tag key. */ appBoundaryKey: pulumi.Input; /** * Array of tag values. These can be used to further filter for specific resources within the application boundary. To analyze all resources tagged with the `appBoundaryKey` regardless of the corresponding tag value, this array should be a single item containing a wildcard (`"*"`). */ tagValues: pulumi.Input[]>; } export interface ServiceIntegrationKmsServerSideEncryption { /** * KMS key ID. This value can be a key ID, key ARN, alias name, or alias ARN. */ kmsKeyId?: pulumi.Input; /** * Specifies whether KMS integration is enabled. Valid values are `DISABLED` and `ENABLED`. */ optInStatus?: pulumi.Input; /** * Type of KMS key used. Valid values are `CUSTOMER_MANAGED_KEY` and `AWS_OWNED_KMS_KEY`. */ type?: pulumi.Input; } export interface ServiceIntegrationLogsAnomalyDetection { /** * Specifies if DevOps Guru is configured to perform log anomaly detection on CloudWatch log groups. Valid values are `DISABLED` and `ENABLED`. */ optInStatus?: pulumi.Input; } export interface ServiceIntegrationOpsCenter { /** * Specifies if DevOps Guru is enabled to create an AWS Systems Manager OpsItem for each created insight. Valid values are `DISABLED` and `ENABLED`. */ optInStatus?: pulumi.Input; } } export namespace directconnect { } export namespace directoryservice { export interface DirectoryConnectSettings { availabilityZones?: pulumi.Input[]>; /** * The IP addresses of the AD Connector servers. */ connectIps?: pulumi.Input[]>; /** * The DNS IP addresses of the domain to connect to. */ customerDnsIps: pulumi.Input[]>; /** * The username corresponding to the password provided. */ customerUsername: pulumi.Input; /** * The identifiers of the subnets for the directory servers (2 subnets in 2 different AZs). */ subnetIds: pulumi.Input[]>; /** * The identifier of the VPC that the directory is in. */ vpcId: pulumi.Input; } export interface DirectoryVpcSettings { availabilityZones?: pulumi.Input[]>; /** * The identifiers of the subnets for the directory servers (2 subnets in 2 different AZs). */ subnetIds: pulumi.Input[]>; /** * The identifier of the VPC that the directory is in. */ vpcId: pulumi.Input; } export interface ServiceRegionVpcSettings { /** * The identifiers of the subnets for the directory servers. */ subnetIds: pulumi.Input[]>; /** * The identifier of the VPC in which to create the directory. */ vpcId: pulumi.Input; } export interface SharedDirectoryTarget { /** * Identifier of the directory consumer account. */ id: pulumi.Input; /** * Type of identifier to be used in the `id` field. Valid value is `ACCOUNT`. Default is `ACCOUNT`. */ type?: pulumi.Input; } } export namespace dlm { export interface LifecyclePolicyPolicyDetails { action?: pulumi.Input; eventSource?: pulumi.Input; parameters?: pulumi.Input; policyType?: pulumi.Input; resourceLocations?: pulumi.Input; resourceTypes?: pulumi.Input[]>; schedules?: pulumi.Input[]>; targetTags?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface LifecyclePolicyPolicyDetailsAction { crossRegionCopies: pulumi.Input[]>; name: pulumi.Input; } export interface LifecyclePolicyPolicyDetailsActionCrossRegionCopy { encryptionConfiguration: pulumi.Input; retainRule?: pulumi.Input; target: pulumi.Input; } export interface LifecyclePolicyPolicyDetailsActionCrossRegionCopyEncryptionConfiguration { cmkArn?: pulumi.Input; encrypted?: pulumi.Input; } export interface LifecyclePolicyPolicyDetailsActionCrossRegionCopyRetainRule { interval: pulumi.Input; intervalUnit: pulumi.Input; } export interface LifecyclePolicyPolicyDetailsEventSource { parameters: pulumi.Input; type: pulumi.Input; } export interface LifecyclePolicyPolicyDetailsEventSourceParameters { descriptionRegex: pulumi.Input; eventType: pulumi.Input; snapshotOwners: pulumi.Input[]>; } export interface LifecyclePolicyPolicyDetailsParameters { excludeBootVolume?: pulumi.Input; noReboot?: pulumi.Input; } export interface LifecyclePolicyPolicyDetailsSchedule { copyTags?: pulumi.Input; createRule: pulumi.Input; crossRegionCopyRules?: pulumi.Input[]>; deprecateRule?: pulumi.Input; fastRestoreRule?: pulumi.Input; name: pulumi.Input; retainRule: pulumi.Input; shareRule?: pulumi.Input; tagsToAdd?: pulumi.Input<{[key: string]: pulumi.Input}>; variableTags?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface LifecyclePolicyPolicyDetailsScheduleCreateRule { cronExpression?: pulumi.Input; interval?: pulumi.Input; intervalUnit?: pulumi.Input; location?: pulumi.Input; times?: pulumi.Input; } export interface LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRule { cmkArn?: pulumi.Input; copyTags?: pulumi.Input; deprecateRule?: pulumi.Input; encrypted: pulumi.Input; retainRule?: pulumi.Input; target: pulumi.Input; } export interface LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleDeprecateRule { interval: pulumi.Input; intervalUnit: pulumi.Input; } export interface LifecyclePolicyPolicyDetailsScheduleCrossRegionCopyRuleRetainRule { interval: pulumi.Input; intervalUnit: pulumi.Input; } export interface LifecyclePolicyPolicyDetailsScheduleDeprecateRule { count?: pulumi.Input; interval?: pulumi.Input; intervalUnit?: pulumi.Input; } export interface LifecyclePolicyPolicyDetailsScheduleFastRestoreRule { availabilityZones: pulumi.Input[]>; count?: pulumi.Input; interval?: pulumi.Input; intervalUnit?: pulumi.Input; } export interface LifecyclePolicyPolicyDetailsScheduleRetainRule { count?: pulumi.Input; interval?: pulumi.Input; intervalUnit?: pulumi.Input; } export interface LifecyclePolicyPolicyDetailsScheduleShareRule { targetAccounts: pulumi.Input[]>; unshareInterval?: pulumi.Input; unshareIntervalUnit?: pulumi.Input; } } export namespace dms { export interface EndpointElasticsearchSettings { /** * Endpoint for the OpenSearch cluster. */ endpointUri: pulumi.Input; /** * Maximum number of seconds for which DMS retries failed API requests to the OpenSearch cluster. Default is `300`. */ errorRetryDuration?: pulumi.Input; /** * Maximum percentage of records that can fail to be written before a full load operation stops. Default is `10`. */ fullLoadErrorPercentage?: pulumi.Input; /** * ARN of the IAM Role with permissions to write to the OpenSearch cluster. */ serviceAccessRoleArn: pulumi.Input; /** * Enable to migrate documentation using the documentation type `_doc`. OpenSearch and an Elasticsearch clusters only support the _doc documentation type in versions 7.x and later. The default value is `false`. */ useNewMappingType?: pulumi.Input; } export interface EndpointKafkaSettings { /** * Kafka broker location. Specify in the form broker-hostname-or-ip:port. */ broker: pulumi.Input; /** * Shows detailed control information for table definition, column definition, and table and column changes in the Kafka message output. Default is `false`. */ includeControlDetails?: pulumi.Input; /** * Include NULL and empty columns for records migrated to the endpoint. Default is `false`. */ includeNullAndEmpty?: pulumi.Input; /** * Shows the partition value within the Kafka message output unless the partition type is `schema-table-type`. Default is `false`. */ includePartitionValue?: pulumi.Input; /** * Includes any data definition language (DDL) operations that change the table in the control data, such as `rename-table`, `drop-table`, `add-column`, `drop-column`, and `rename-column`. Default is `false`. */ includeTableAlterOperations?: pulumi.Input; /** * Provides detailed transaction information from the source database. This information includes a commit timestamp, a log position, and values for `transactionId`, previous `transactionId`, and `transactionRecordId` (the record offset within a transaction). Default is `false`. */ includeTransactionDetails?: pulumi.Input; /** * Output format for the records created on the endpoint. Message format is `JSON` (default) or `JSON_UNFORMATTED` (a single line with no tab). */ messageFormat?: pulumi.Input; /** * Maximum size in bytes for records created on the endpoint Default is `1,000,000`. */ messageMaxBytes?: pulumi.Input; /** * Set this optional parameter to true to avoid adding a '0x' prefix to raw data in hexadecimal format. For example, by default, AWS DMS adds a '0x' prefix to the LOB column type in hexadecimal format moving from an Oracle source to a Kafka target. Use the `noHexPrefix` endpoint setting to enable migration of RAW data type columns without adding the `'0x'` prefix. */ noHexPrefix?: pulumi.Input; /** * Prefixes schema and table names to partition values, when the partition type is `primary-key-type`. Doing this increases data distribution among Kafka partitions. For example, suppose that a SysBench schema has thousands of tables and each table has only limited range for a primary key. In this case, the same primary key is sent from thousands of tables to the same partition, which causes throttling. Default is `false`. */ partitionIncludeSchemaTable?: pulumi.Input; /** * Secure password you created when you first set up your MSK cluster to validate a client identity and make an encrypted connection between server and client using SASL-SSL authentication. */ saslPassword?: pulumi.Input; /** * Secure user name you created when you first set up your MSK cluster to validate a client identity and make an encrypted connection between server and client using SASL-SSL authentication. */ saslUsername?: pulumi.Input; /** * Set secure connection to a Kafka target endpoint using Transport Layer Security (TLS). Options include `ssl-encryption`, `ssl-authentication`, and `sasl-ssl`. `sasl-ssl` requires `saslUsername` and `saslPassword`. */ securityProtocol?: pulumi.Input; /** * ARN for the private certificate authority (CA) cert that AWS DMS uses to securely connect to your Kafka target endpoint. */ sslCaCertificateArn?: pulumi.Input; /** * ARN of the client certificate used to securely connect to a Kafka target endpoint. */ sslClientCertificateArn?: pulumi.Input; /** * ARN for the client private key used to securely connect to a Kafka target endpoint. */ sslClientKeyArn?: pulumi.Input; /** * Password for the client private key used to securely connect to a Kafka target endpoint. */ sslClientKeyPassword?: pulumi.Input; /** * Kafka topic for migration. Default is `kafka-default-topic`. */ topic?: pulumi.Input; } export interface EndpointKinesisSettings { /** * Shows detailed control information for table definition, column definition, and table and column changes in the Kinesis message output. Default is `false`. */ includeControlDetails?: pulumi.Input; /** * Include NULL and empty columns in the target. Default is `false`. */ includeNullAndEmpty?: pulumi.Input; /** * Shows the partition value within the Kinesis message output, unless the partition type is schema-table-type. Default is `false`. */ includePartitionValue?: pulumi.Input; /** * Includes any data definition language (DDL) operations that change the table in the control data. Default is `false`. */ includeTableAlterOperations?: pulumi.Input; /** * Provides detailed transaction information from the source database. Default is `false`. */ includeTransactionDetails?: pulumi.Input; /** * Output format for the records created. Default is `json`. Valid values are `json` and `json-unformatted` (a single line with no tab). */ messageFormat?: pulumi.Input; /** * Prefixes schema and table names to partition values, when the partition type is primary-key-type. Default is `false`. */ partitionIncludeSchemaTable?: pulumi.Input; /** * ARN of the IAM Role with permissions to write to the Kinesis data stream. */ serviceAccessRoleArn?: pulumi.Input; /** * ARN of the Kinesis data stream. */ streamArn?: pulumi.Input; } export interface EndpointMongodbSettings { /** * Authentication mechanism to access the MongoDB source endpoint. Default is `default`. */ authMechanism?: pulumi.Input; /** * Authentication database name. Not used when `authType` is `no`. Default is `admin`. */ authSource?: pulumi.Input; /** * Authentication type to access the MongoDB source endpoint. Default is `password`. */ authType?: pulumi.Input; /** * Number of documents to preview to determine the document organization. Use this setting when `nestingLevel` is set to `one`. Default is `1000`. */ docsToInvestigate?: pulumi.Input; /** * Document ID. Use this setting when `nestingLevel` is set to `none`. Default is `false`. */ extractDocId?: pulumi.Input; /** * Specifies either document or table mode. Default is `none`. Valid values are `one` (table mode) and `none` (document mode). */ nestingLevel?: pulumi.Input; } export interface EndpointPostgresSettings { /** * For use with change data capture (CDC) only, this attribute has AWS DMS bypass foreign keys and user triggers to reduce the time it takes to bulk load data. */ afterConnectScript?: pulumi.Input; /** * The Babelfish for Aurora PostgreSQL database name for the endpoint. */ babelfishDatabaseName?: pulumi.Input; /** * To capture DDL events, AWS DMS creates various artifacts in the PostgreSQL database when the task starts. */ captureDdls?: pulumi.Input; /** * Specifies the default behavior of the replication's handling of PostgreSQL- compatible endpoints that require some additional configuration, such as Babelfish endpoints. */ databaseMode?: pulumi.Input; /** * Sets the schema in which the operational DDL database artifacts are created. Default is `public`. */ ddlArtifactsSchema?: pulumi.Input; /** * Sets the client statement timeout for the PostgreSQL instance, in seconds. Default value is `60`. */ executeTimeout?: pulumi.Input; /** * When set to `true`, this value causes a task to fail if the actual size of a LOB column is greater than the specified `LobMaxSize`. Default is `false`. */ failTasksOnLobTruncation?: pulumi.Input; /** * The write-ahead log (WAL) heartbeat feature mimics a dummy transaction. By doing this, it prevents idle logical replication slots from holding onto old WAL logs, which can result in storage full situations on the source. */ heartbeatEnable?: pulumi.Input; /** * Sets the WAL heartbeat frequency (in minutes). Default value is `5`. */ heartbeatFrequency?: pulumi.Input; /** * Sets the schema in which the heartbeat artifacts are created. Default value is `public`. */ heartbeatSchema?: pulumi.Input; /** * You can use PostgreSQL endpoint settings to map a boolean as a boolean from your PostgreSQL source to a Amazon Redshift target. Default value is `false`. */ mapBooleanAsBoolean?: pulumi.Input; /** * Optional When true, DMS migrates JSONB values as CLOB. */ mapJsonbAsClob?: pulumi.Input; /** * Optional When true, DMS migrates LONG values as VARCHAR. */ mapLongVarcharAs?: pulumi.Input; /** * Specifies the maximum size (in KB) of any .csv file used to transfer data to PostgreSQL. Default is `32,768 KB`. */ maxFileSize?: pulumi.Input; /** * Specifies the plugin to use to create a replication slot. Valid values: `pglogical`, `testDecoding`. */ pluginName?: pulumi.Input; /** * Sets the name of a previously created logical replication slot for a CDC load of the PostgreSQL source instance. */ slotName?: pulumi.Input; } export interface EndpointRedisSettings { /** * The password provided with the auth-role and auth-token options of the AuthType setting for a Redis target endpoint. */ authPassword?: pulumi.Input; /** * The type of authentication to perform when connecting to a Redis target. Options include `none`, `auth-token`, and `auth-role`. The `auth-token` option requires an `authPassword` value to be provided. The `auth-role` option requires `authUserName` and `authPassword` values to be provided. */ authType: pulumi.Input; /** * The username provided with the `auth-role` option of the AuthType setting for a Redis target endpoint. */ authUserName?: pulumi.Input; /** * Transmission Control Protocol (TCP) port for the endpoint. */ port: pulumi.Input; /** * Fully qualified domain name of the endpoint. */ serverName: pulumi.Input; /** * The Amazon Resource Name (ARN) for the certificate authority (CA) that DMS uses to connect to your Redis target endpoint. */ sslCaCertificateArn?: pulumi.Input; /** * The plaintext option doesn't provide Transport Layer Security (TLS) encryption for traffic between endpoint and database. Options include `plaintext`, `ssl-encryption`. The default is `ssl-encryption`. */ sslSecurityProtocol?: pulumi.Input; } export interface EndpointRedshiftSettings { /** * Custom S3 Bucket Object prefix for intermediate storage. */ bucketFolder?: pulumi.Input; /** * Custom S3 Bucket name for intermediate storage. */ bucketName?: pulumi.Input; /** * The server-side encryption mode that you want to encrypt your intermediate .csv object files copied to S3. Defaults to `SSE_S3`. Valid values are `SSE_S3` and `SSE_KMS`. */ encryptionMode?: pulumi.Input; /** * ARN or Id of KMS Key to use when `encryptionMode` is `SSE_KMS`. */ serverSideEncryptionKmsKeyId?: pulumi.Input; /** * Amazon Resource Name (ARN) of the IAM Role with permissions to read from or write to the S3 Bucket for intermediate storage. */ serviceAccessRoleArn?: pulumi.Input; } export interface EndpointS3Settings { /** * Whether to add column name information to the .csv output file. Default is `false`. */ addColumnName?: pulumi.Input; /** * S3 object prefix. */ bucketFolder?: pulumi.Input; /** * S3 bucket name. */ bucketName?: pulumi.Input; /** * Predefined (canned) access control list for objects created in an S3 bucket. Valid values include `none`, `private`, `public-read`, `public-read-write`, `authenticated-read`, `aws-exec-read`, `bucket-owner-read`, and `bucket-owner-full-control`. Default is `none`. */ cannedAclForObjects?: pulumi.Input; /** * Whether to write insert and update operations to .csv or .parquet output files. Default is `false`. */ cdcInsertsAndUpdates?: pulumi.Input; /** * Whether to write insert operations to .csv or .parquet output files. Default is `false`. */ cdcInsertsOnly?: pulumi.Input; /** * Maximum length of the interval, defined in seconds, after which to output a file to Amazon S3. Default is `60`. */ cdcMaxBatchInterval?: pulumi.Input; /** * Minimum file size condition as defined in kilobytes to output a file to Amazon S3. Default is `32000`. **NOTE:** Previously, this setting was measured in megabytes but now represents kilobytes. Update configurations accordingly. */ cdcMinFileSize?: pulumi.Input; /** * Folder path of CDC files. For an S3 source, this setting is required if a task captures change data; otherwise, it's optional. If `cdcPath` is set, AWS DMS reads CDC files from this path and replicates the data changes to the target endpoint. Supported in AWS DMS versions 3.4.2 and later. */ cdcPath?: pulumi.Input; /** * Set to compress target files. Default is `NONE`. Valid values are `GZIP` and `NONE`. */ compressionType?: pulumi.Input; /** * Delimiter used to separate columns in the source files. Default is `,`. */ csvDelimiter?: pulumi.Input; /** * String to use for all columns not included in the supplemental log. */ csvNoSupValue?: pulumi.Input; /** * String to as null when writing to the target. */ csvNullValue?: pulumi.Input; /** * Delimiter used to separate rows in the source files. Default is `\n`. */ csvRowDelimiter?: pulumi.Input; /** * Output format for the files that AWS DMS uses to create S3 objects. Valid values are `csv` and `parquet`. Default is `csv`. */ dataFormat?: pulumi.Input; /** * Size of one data page in bytes. Default is `1048576` (1 MiB). */ dataPageSize?: pulumi.Input; /** * Date separating delimiter to use during folder partitioning. Valid values are `SLASH`, `UNDERSCORE`, `DASH`, and `NONE`. Default is `SLASH`. */ datePartitionDelimiter?: pulumi.Input; /** * Partition S3 bucket folders based on transaction commit dates. Default is `false`. */ datePartitionEnabled?: pulumi.Input; /** * Date format to use during folder partitioning. Use this parameter when `datePartitionEnabled` is set to true. Valid values are `YYYYMMDD`, `YYYYMMDDHH`, `YYYYMM`, `MMYYYYDD`, and `DDMMYYYY`. Default is `YYYYMMDD`. */ datePartitionSequence?: pulumi.Input; /** * Maximum size in bytes of an encoded dictionary page of a column. Default is `1048576` (1 MiB). */ dictPageSizeLimit?: pulumi.Input; /** * Whether to enable statistics for Parquet pages and row groups. Default is `true`. */ enableStatistics?: pulumi.Input; /** * Type of encoding to use. Value values are `rleDictionary`, `plain`, and `plainDictionary`. Default is `rleDictionary`. */ encodingType?: pulumi.Input; /** * Server-side encryption mode that you want to encrypt your .csv or .parquet object files copied to S3. Valid values are `SSE_S3` and `SSE_KMS`. Default is `SSE_S3`. */ encryptionMode?: pulumi.Input; /** * JSON document that describes how AWS DMS should interpret the data. */ externalTableDefinition?: pulumi.Input; /** * Whether to integrate AWS Glue Data Catalog with an Amazon S3 target. See [Using AWS Glue Data Catalog with an Amazon S3 target for AWS DMS](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Target.S3.html#CHAP_Target.S3.GlueCatalog) for more information. Default is `false`. */ glueCatalogGeneration?: pulumi.Input; /** * When this value is set to `1`, DMS ignores the first row header in a .csv file. Default is `0`. */ ignoreHeaderRows?: pulumi.Input; /** * Whether to enable a full load to write INSERT operations to the .csv output files only to indicate how the rows were added to the source database. Default is `false`. */ includeOpForFullLoad?: pulumi.Input; /** * Maximum size (in KB) of any .csv file to be created while migrating to an S3 target during full load. Valid values are from `1` to `1048576`. Default is `1048576` (1 GB). */ maxFileSize?: pulumi.Input; /** * Specifies the precision of any TIMESTAMP column values written to an S3 object file in .parquet format. Default is `false`. */ parquetTimestampInMillisecond?: pulumi.Input; /** * Version of the .parquet file format. Default is `parquet-1-0`. Valid values are `parquet-1-0` and `parquet-2-0`. */ parquetVersion?: pulumi.Input; /** * Whether DMS saves the transaction order for a CDC load on the S3 target specified by `cdcPath`. Default is `false`. */ preserveTransactions?: pulumi.Input; /** * For an S3 source, whether each leading double quotation mark has to be followed by an ending double quotation mark. Default is `true`. */ rfc4180?: pulumi.Input; /** * Number of rows in a row group. Default is `10000`. */ rowGroupLength?: pulumi.Input; /** * ARN or Id of KMS Key to use when `encryptionMode` is `SSE_KMS`. */ serverSideEncryptionKmsKeyId?: pulumi.Input; /** * ARN of the IAM Role with permissions to read from or write to the S3 Bucket. */ serviceAccessRoleArn?: pulumi.Input; /** * Column to add with timestamp information to the endpoint data for an Amazon S3 target. */ timestampColumnName?: pulumi.Input; /** * Whether to use `csvNoSupValue` for columns not included in the supplemental log. */ useCsvNoSupValue?: pulumi.Input; /** * When set to true, uses the task start time as the timestamp column value instead of the time data is written to target. For full load, when set to true, each row of the timestamp column contains the task start time. For CDC loads, each row of the timestamp column contains the transaction commit time. When set to false, the full load timestamp in the timestamp column increments with the time data arrives at the target. Default is `false`. */ useTaskStartTimeForFullLoadTimestamp?: pulumi.Input; } export interface ReplicationConfigComputeConfig { /** * The Availability Zone where the DMS Serverless replication using this configuration will run. The default value is a random. */ availabilityZone?: pulumi.Input; /** * A list of custom DNS name servers supported for the DMS Serverless replication to access your source or target database. */ dnsNameServers?: pulumi.Input; /** * An Key Management Service (KMS) key Amazon Resource Name (ARN) that is used to encrypt the data during DMS Serverless replication. If you don't specify a value for the KmsKeyId parameter, DMS uses your default encryption key. */ kmsKeyId?: pulumi.Input; /** * Specifies the maximum value of the DMS capacity units (DCUs) for which a given DMS Serverless replication can be provisioned. A single DCU is 2GB of RAM, with 2 DCUs as the minimum value allowed. The list of valid DCU values includes 2, 4, 8, 16, 32, 64, 128, 192, 256, and 384. */ maxCapacityUnits?: pulumi.Input; /** * Specifies the minimum value of the DMS capacity units (DCUs) for which a given DMS Serverless replication can be provisioned. The list of valid DCU values includes 2, 4, 8, 16, 32, 64, 128, 192, 256, and 384. If this value isn't set DMS scans the current activity of available source tables to identify an optimum setting for this parameter. */ minCapacityUnits?: pulumi.Input; /** * Specifies if the replication instance is a multi-az deployment. You cannot set the `availabilityZone` parameter if the `multiAz` parameter is set to `true`. */ multiAz?: pulumi.Input; /** * The weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC). * * - Default: A 30-minute window selected at random from an 8-hour block of time per region, occurring on a random day of the week. * - Format: `ddd:hh24:mi-ddd:hh24:mi` * - Valid Days: `mon, tue, wed, thu, fri, sat, sun` * - Constraints: Minimum 30-minute window. */ preferredMaintenanceWindow?: pulumi.Input; /** * Specifies a subnet group identifier to associate with the DMS Serverless replication. */ replicationSubnetGroupId: pulumi.Input; /** * Specifies the virtual private cloud (VPC) security group to use with the DMS Serverless replication. The VPC security group must work with the VPC containing the replication. */ vpcSecurityGroupIds?: pulumi.Input[]>; } } export namespace docdb { export interface ClusterParameterGroupParameter { /** * Valid values are `immediate` and `pending-reboot`. Defaults to `pending-reboot`. */ applyMethod?: pulumi.Input; /** * The name of the DocumentDB parameter. */ name: pulumi.Input; /** * The value of the DocumentDB parameter. */ value: pulumi.Input; } export interface ElasticClusterTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface GlobalClusterGlobalClusterMember { /** * Amazon Resource Name (ARN) of member DB Cluster. */ dbClusterArn?: pulumi.Input; /** * Whether the member is the primary DB Cluster. */ isWriter?: pulumi.Input; } } export namespace dynamodb { export interface GetTableServerSideEncryption { enabled?: boolean; kmsKeyArn?: string; } export interface GetTableServerSideEncryptionArgs { enabled?: pulumi.Input; kmsKeyArn?: pulumi.Input; } export interface GlobalTableReplica { /** * AWS region name of replica DynamoDB TableE.g., `us-east-1` */ regionName: pulumi.Input; } export interface TableAttribute { /** * Name of the attribute */ name: pulumi.Input; /** * Attribute type. Valid values are `S` (string), `N` (number), `B` (binary). */ type: pulumi.Input; } export interface TableGlobalSecondaryIndex { /** * Name of the hash key in the index; must be defined as an attribute in the resource. */ hashKey: pulumi.Input; /** * Name of the index. */ name: pulumi.Input; /** * Only required with `INCLUDE` as a projection type; a list of attributes to project into the index. These do not need to be defined as attributes on the table. */ nonKeyAttributes?: pulumi.Input[]>; /** * One of `ALL`, `INCLUDE` or `KEYS_ONLY` where `ALL` projects every attribute into the index, `KEYS_ONLY` projects into the index only the table and index hashKey and sortKey attributes , `INCLUDE` projects into the index all of the attributes that are defined in `nonKeyAttributes` in addition to the attributes that that`KEYS_ONLY` project. */ projectionType: pulumi.Input; /** * Name of the range key; must be defined */ rangeKey?: pulumi.Input; /** * Number of read units for this index. Must be set if billingMode is set to PROVISIONED. */ readCapacity?: pulumi.Input; /** * Number of write units for this index. Must be set if billingMode is set to PROVISIONED. */ writeCapacity?: pulumi.Input; } export interface TableImportTable { /** * Type of compression to be used on the input coming from the imported table. * Valid values are `GZIP`, `ZSTD` and `NONE`. */ inputCompressionType?: pulumi.Input; /** * The format of the source data. * Valid values are `CSV`, `DYNAMODB_JSON`, and `ION`. */ inputFormat: pulumi.Input; /** * Describe the format options for the data that was imported into the target table. * There is one value, `csv`. * See below. */ inputFormatOptions?: pulumi.Input; /** * Values for the S3 bucket the source file is imported from. * See below. */ s3BucketSource: pulumi.Input; } export interface TableImportTableInputFormatOptions { /** * This block contains the processing options for the CSV file being imported: */ csv?: pulumi.Input; } export interface TableImportTableInputFormatOptionsCsv { /** * The delimiter used for separating items in the CSV file being imported. */ delimiter?: pulumi.Input; /** * List of the headers used to specify a common header for all source CSV files being imported. */ headerLists?: pulumi.Input[]>; } export interface TableImportTableS3BucketSource { /** * The S3 bucket that is being imported from. */ bucket: pulumi.Input; /** * The account number of the S3 bucket that is being imported from. */ bucketOwner?: pulumi.Input; /** * The key prefix shared by all S3 Objects that are being imported. */ keyPrefix?: pulumi.Input; } export interface TableLocalSecondaryIndex { /** * Name of the index */ name: pulumi.Input; /** * Only required with `INCLUDE` as a projection type; a list of attributes to project into the index. These do not need to be defined as attributes on the table. */ nonKeyAttributes?: pulumi.Input[]>; /** * One of `ALL`, `INCLUDE` or `KEYS_ONLY` where `ALL` projects every attribute into the index, `KEYS_ONLY` projects into the index only the table and index hashKey and sortKey attributes , `INCLUDE` projects into the index all of the attributes that are defined in `nonKeyAttributes` in addition to the attributes that that`KEYS_ONLY` project. */ projectionType: pulumi.Input; /** * Name of the range key. */ rangeKey: pulumi.Input; } export interface TablePointInTimeRecovery { /** * Whether to enable point-in-time recovery. It can take 10 minutes to enable for new tables. If the `pointInTimeRecovery` block is not provided, this defaults to `false`. */ enabled: pulumi.Input; } export interface TableReplica { /** * ARN of the table */ arn?: pulumi.Input; /** * ARN of the CMK that should be used for the AWS KMS encryption. This argument should only be used if the key is different from the default KMS-managed DynamoDB key, `alias/aws/dynamodb`. **Note:** This attribute will _not_ be populated with the ARN of _default_ keys. */ kmsKeyArn?: pulumi.Input; /** * Whether to enable Point In Time Recovery for the replica. Default is `false`. */ pointInTimeRecovery?: pulumi.Input; /** * Whether to propagate the global table's tags to a replica. Default is `false`. Changes to tags only move in one direction: from global (source) to replica. In other words, tag drift on a replica will not trigger an update. Tag or replica changes on the global table, whether from drift or configuration changes, are propagated to replicas. Changing from `true` to `false` on a subsequent `apply` means replica tags are left as they were, unmanaged, not deleted. */ propagateTags?: pulumi.Input; /** * Region name of the replica. */ regionName: pulumi.Input; /** * ARN of the Table Stream. Only available when `streamEnabled = true` */ streamArn?: pulumi.Input; /** * Timestamp, in ISO 8601 format, for this stream. Note that this timestamp is not a unique identifier for the stream on its own. However, the combination of AWS customer ID, table name and this field is guaranteed to be unique. It can be used for creating CloudWatch Alarms. Only available when `streamEnabled = true`. */ streamLabel?: pulumi.Input; } export interface TableServerSideEncryption { /** * Whether or not to enable encryption at rest using an AWS managed KMS customer master key (CMK). If `enabled` is `false` then server-side encryption is set to AWS-_owned_ key (shown as `DEFAULT` in the AWS console). Potentially confusingly, if `enabled` is `true` and no `kmsKeyArn` is specified then server-side encryption is set to the _default_ KMS-_managed_ key (shown as `KMS` in the AWS console). The [AWS KMS documentation](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html) explains the difference between AWS-_owned_ and KMS-_managed_ keys. */ enabled: pulumi.Input; /** * ARN of the CMK that should be used for the AWS KMS encryption. This argument should only be used if the key is different from the default KMS-managed DynamoDB key, `alias/aws/dynamodb`. **Note:** This attribute will _not_ be populated with the ARN of _default_ keys. */ kmsKeyArn?: pulumi.Input; } export interface TableTtl { /** * Name of the table attribute to store the TTL timestamp in. */ attributeName: pulumi.Input; /** * Whether TTL is enabled. */ enabled?: pulumi.Input; } } export namespace ebs { export interface FastSnapshotRestoreTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; } export interface GetEbsVolumesFilter { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeVolumes.html). * For example, if matching against the `size` filter, use: * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * const tenOrTwentyGbVolumes = aws.ebs.getEbsVolumes({ * filters: [{ * name: "size", * values: [ * "10", * "20", * ], * }], * }); * ``` */ name: string; /** * Set of values that are accepted for the given field. * EBS Volume IDs will be selected if any one of the given values match. */ values: string[]; } export interface GetEbsVolumesFilterArgs { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeVolumes.html). * For example, if matching against the `size` filter, use: * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * const tenOrTwentyGbVolumes = aws.ebs.getEbsVolumes({ * filters: [{ * name: "size", * values: [ * "10", * "20", * ], * }], * }); * ``` */ name: pulumi.Input; /** * Set of values that are accepted for the given field. * EBS Volume IDs will be selected if any one of the given values match. */ values: pulumi.Input[]>; } export interface GetSnapshotFilter { name: string; values: string[]; } export interface GetSnapshotFilterArgs { name: pulumi.Input; values: pulumi.Input[]>; } export interface GetSnapshotIdsFilter { name: string; values: string[]; } export interface GetSnapshotIdsFilterArgs { name: pulumi.Input; values: pulumi.Input[]>; } export interface GetVolumeFilter { name: string; values: string[]; } export interface GetVolumeFilterArgs { name: pulumi.Input; values: pulumi.Input[]>; } export interface SnapshotImportClientData { /** * A user-defined comment about the disk upload. */ comment?: pulumi.Input; /** * The time that the disk upload ends. */ uploadEnd?: pulumi.Input; /** * The size of the uploaded disk image, in GiB. */ uploadSize?: pulumi.Input; /** * The time that the disk upload starts. */ uploadStart?: pulumi.Input; } export interface SnapshotImportDiskContainer { /** * The description of the disk image being imported. */ description?: pulumi.Input; /** * The format of the disk image being imported. One of `VHD` or `VMDK`. */ format: pulumi.Input; /** * The URL to the Amazon S3-based disk image being imported. It can either be a https URL (https://..) or an Amazon S3 URL (s3://..). One of `url` or `userBucket` must be set. */ url?: pulumi.Input; /** * The Amazon S3 bucket for the disk image. One of `url` or `userBucket` must be set. Detailed below. */ userBucket?: pulumi.Input; } export interface SnapshotImportDiskContainerUserBucket { /** * The name of the Amazon S3 bucket where the disk image is located. */ s3Bucket: pulumi.Input; /** * The file name of the disk image. */ s3Key: pulumi.Input; } } export namespace ec2 { export interface AmiCopyEbsBlockDevice { /** * Boolean controlling whether the EBS volumes created to * support each created instance will be deleted once that instance is terminated. */ deleteOnTermination?: pulumi.Input; /** * Path at which the device is exposed to created instances. */ deviceName?: pulumi.Input; /** * Boolean controlling whether the created EBS volumes will be encrypted. Can't be used with `snapshotId`. */ encrypted?: pulumi.Input; /** * Number of I/O operations per second the * created volumes will support. */ iops?: pulumi.Input; /** * ARN of the Outpost on which the snapshot is stored. * * > **Note:** You can specify `encrypted` or `snapshotId` but not both. */ outpostArn?: pulumi.Input; /** * ID of an EBS snapshot that will be used to initialize the created * EBS volumes. If set, the `volumeSize` attribute must be at least as large as the referenced * snapshot. */ snapshotId?: pulumi.Input; /** * Throughput that the EBS volume supports, in MiB/s. Only valid for `volumeType` of `gp3`. */ throughput?: pulumi.Input; /** * Size of created volumes in GiB. * If `snapshotId` is set and `volumeSize` is omitted then the volume will have the same size * as the selected snapshot. */ volumeSize?: pulumi.Input; /** * Type of EBS volume to create. Can be `standard`, `gp2`, `gp3`, `io1`, `io2`, `sc1` or `st1` (Default: `standard`). */ volumeType?: pulumi.Input; } export interface AmiCopyEphemeralBlockDevice { /** * Path at which the device is exposed to created instances. */ deviceName?: pulumi.Input; /** * Name for the ephemeral device, of the form "ephemeralN" where * *N* is a volume number starting from zero. */ virtualName?: pulumi.Input; } export interface AmiEbsBlockDevice { /** * Boolean controlling whether the EBS volumes created to * support each created instance will be deleted once that instance is terminated. */ deleteOnTermination?: pulumi.Input; /** * Path at which the device is exposed to created instances. */ deviceName: pulumi.Input; /** * Boolean controlling whether the created EBS volumes will be encrypted. Can't be used with `snapshotId`. */ encrypted?: pulumi.Input; /** * Number of I/O operations per second the * created volumes will support. */ iops?: pulumi.Input; /** * ARN of the Outpost on which the snapshot is stored. * * > **Note:** You can specify `encrypted` or `snapshotId` but not both. */ outpostArn?: pulumi.Input; /** * ID of an EBS snapshot that will be used to initialize the created * EBS volumes. If set, the `volumeSize` attribute must be at least as large as the referenced * snapshot. */ snapshotId?: pulumi.Input; /** * Throughput that the EBS volume supports, in MiB/s. Only valid for `volumeType` of `gp3`. */ throughput?: pulumi.Input; /** * Size of created volumes in GiB. * If `snapshotId` is set and `volumeSize` is omitted then the volume will have the same size * as the selected snapshot. */ volumeSize?: pulumi.Input; /** * Type of EBS volume to create. Can be `standard`, `gp2`, `gp3`, `io1`, `io2`, `sc1` or `st1` (Default: `standard`). */ volumeType?: pulumi.Input; } export interface AmiEphemeralBlockDevice { /** * Path at which the device is exposed to created instances. */ deviceName: pulumi.Input; /** * Name for the ephemeral device, of the form "ephemeralN" where * *N* is a volume number starting from zero. */ virtualName: pulumi.Input; } export interface AmiFromInstanceEbsBlockDevice { /** * Boolean controlling whether the EBS volumes created to * support each created instance will be deleted once that instance is terminated. */ deleteOnTermination?: pulumi.Input; /** * Path at which the device is exposed to created instances. */ deviceName?: pulumi.Input; /** * Boolean controlling whether the created EBS volumes will be encrypted. Can't be used with `snapshotId`. */ encrypted?: pulumi.Input; /** * Number of I/O operations per second the * created volumes will support. */ iops?: pulumi.Input; /** * ARN of the Outpost on which the snapshot is stored. * * > **Note:** You can specify `encrypted` or `snapshotId` but not both. */ outpostArn?: pulumi.Input; /** * ID of an EBS snapshot that will be used to initialize the created * EBS volumes. If set, the `volumeSize` attribute must be at least as large as the referenced * snapshot. */ snapshotId?: pulumi.Input; /** * Throughput that the EBS volume supports, in MiB/s. Only valid for `volumeType` of `gp3`. */ throughput?: pulumi.Input; /** * Size of created volumes in GiB. * If `snapshotId` is set and `volumeSize` is omitted then the volume will have the same size * as the selected snapshot. */ volumeSize?: pulumi.Input; /** * Type of EBS volume to create. Can be `standard`, `gp2`, `gp3`, `io1`, `io2`, `sc1` or `st1` (Default: `standard`). */ volumeType?: pulumi.Input; } export interface AmiFromInstanceEphemeralBlockDevice { /** * Path at which the device is exposed to created instances. */ deviceName?: pulumi.Input; /** * Name for the ephemeral device, of the form "ephemeralN" where * *N* is a volume number starting from zero. */ virtualName?: pulumi.Input; } export interface DefaultNetworkAclEgress { /** * The action to take. */ action: pulumi.Input; /** * The CIDR block to match. This must be a valid network mask. */ cidrBlock?: pulumi.Input; /** * The from port to match. */ fromPort: pulumi.Input; /** * The ICMP type code to be used. Default 0. */ icmpCode?: pulumi.Input; /** * The ICMP type to be used. Default 0. */ icmpType?: pulumi.Input; /** * The IPv6 CIDR block. * * > For more information on ICMP types and codes, see [Internet Control Message Protocol (ICMP) Parameters](https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml). */ ipv6CidrBlock?: pulumi.Input; /** * The protocol to match. If using the -1 'all' protocol, you must specify a from and to port of 0. */ protocol: pulumi.Input; /** * The rule number. Used for ordering. */ ruleNo: pulumi.Input; /** * The to port to match. * * The following arguments are optional: */ toPort: pulumi.Input; } export interface DefaultNetworkAclIngress { action: pulumi.Input; cidrBlock?: pulumi.Input; fromPort: pulumi.Input; icmpCode?: pulumi.Input; icmpType?: pulumi.Input; ipv6CidrBlock?: pulumi.Input; protocol: pulumi.Input; ruleNo: pulumi.Input; toPort: pulumi.Input; } export interface DefaultRouteTableRoute { /** * The CIDR block of the route. */ cidrBlock?: pulumi.Input; /** * The Amazon Resource Name (ARN) of a core network. */ coreNetworkArn?: pulumi.Input; /** * The ID of a managed prefix list destination of the route. * * One of the following target arguments must be supplied: */ destinationPrefixListId?: pulumi.Input; /** * Identifier of a VPC Egress Only Internet Gateway. */ egressOnlyGatewayId?: pulumi.Input; /** * Identifier of a VPC internet gateway or a virtual private gateway. */ gatewayId?: pulumi.Input; /** * Identifier of an EC2 instance. */ instanceId?: pulumi.Input; /** * The Ipv6 CIDR block of the route */ ipv6CidrBlock?: pulumi.Input; /** * Identifier of a VPC NAT gateway. */ natGatewayId?: pulumi.Input; /** * Identifier of an EC2 network interface. */ networkInterfaceId?: pulumi.Input; /** * Identifier of an EC2 Transit Gateway. */ transitGatewayId?: pulumi.Input; /** * Identifier of a VPC Endpoint. This route must be removed prior to VPC Endpoint deletion. */ vpcEndpointId?: pulumi.Input; /** * Identifier of a VPC peering connection. * * Note that the default route, mapping the VPC's CIDR block to "local", is created implicitly and cannot be specified. */ vpcPeeringConnectionId?: pulumi.Input; } export interface DefaultSecurityGroupEgress { /** * List of CIDR blocks. */ cidrBlocks?: pulumi.Input[]>; /** * Description of this rule. */ description?: pulumi.Input; /** * Start port (or ICMP type number if protocol is `icmp`) */ fromPort: pulumi.Input; /** * List of IPv6 CIDR blocks. */ ipv6CidrBlocks?: pulumi.Input[]>; /** * List of prefix list IDs (for allowing access to VPC endpoints) */ prefixListIds?: pulumi.Input[]>; /** * Protocol. If you select a protocol of "-1" (semantically equivalent to `all`, which is not a valid value here), you must specify a `fromPort` and `toPort` equal to `0`. If not `icmp`, `tcp`, `udp`, or `-1` use the [protocol number](https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml). */ protocol: pulumi.Input; /** * List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID. */ securityGroups?: pulumi.Input[]>; /** * Whether the security group itself will be added as a source to this egress rule. */ self?: pulumi.Input; /** * End range port (or ICMP code if protocol is `icmp`). */ toPort: pulumi.Input; } export interface DefaultSecurityGroupIngress { cidrBlocks?: pulumi.Input[]>; /** * Description of the security group. */ description?: pulumi.Input; fromPort: pulumi.Input; ipv6CidrBlocks?: pulumi.Input[]>; prefixListIds?: pulumi.Input[]>; protocol: pulumi.Input; securityGroups?: pulumi.Input[]>; self?: pulumi.Input; toPort: pulumi.Input; } export interface EipDomainNameTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface FleetFleetInstanceSet { /** * The IDs of the instances. */ instanceIds?: pulumi.Input[]>; /** * The instance type. */ instanceType?: pulumi.Input; /** * Indicates if the instance that was launched is a Spot Instance or On-Demand Instance. */ lifecycle?: pulumi.Input; /** * The value is `Windows` for Windows instances. Otherwise, the value is blank. */ platform?: pulumi.Input; } export interface FleetLaunchTemplateConfig { /** * Nested argument containing EC2 Launch Template to use. Defined below. */ launchTemplateSpecification?: pulumi.Input; /** * Nested argument(s) containing parameters to override the same parameters in the Launch Template. Defined below. */ overrides?: pulumi.Input[]>; } export interface FleetLaunchTemplateConfigLaunchTemplateSpecification { /** * The ID of the launch template. */ launchTemplateId?: pulumi.Input; /** * The name of the launch template. */ launchTemplateName?: pulumi.Input; /** * The launch template version number, `$Latest`, or `$Default.` */ version: pulumi.Input; } export interface FleetLaunchTemplateConfigOverride { /** * Availability Zone in which to launch the instances. */ availabilityZone?: pulumi.Input; /** * Override the instance type in the Launch Template with instance types that satisfy the requirements. */ instanceRequirements?: pulumi.Input; /** * Instance type. */ instanceType?: pulumi.Input; /** * Maximum price per unit hour that you are willing to pay for a Spot Instance. */ maxPrice?: pulumi.Input; /** * Priority for the launch template override. If `onDemandOptions` `allocationStrategy` is set to `prioritized`, EC2 Fleet uses priority to determine which launch template override to use first in fulfilling On-Demand capacity. The highest priority is launched first. The lower the number, the higher the priority. If no number is set, the launch template override has the lowest priority. Valid values are whole numbers starting at 0. */ priority?: pulumi.Input; /** * ID of the subnet in which to launch the instances. */ subnetId?: pulumi.Input; /** * Number of units provided by the specified instance type. */ weightedCapacity?: pulumi.Input; } export interface FleetLaunchTemplateConfigOverrideInstanceRequirements { /** * Block describing the minimum and maximum number of accelerators (GPUs, FPGAs, or AWS Inferentia chips). Default is no minimum or maximum limits. */ acceleratorCount?: pulumi.Input; /** * List of accelerator manufacturer names. Default is any manufacturer. */ acceleratorManufacturers?: pulumi.Input[]>; /** * List of accelerator names. Default is any acclerator. */ acceleratorNames?: pulumi.Input[]>; /** * Block describing the minimum and maximum total memory of the accelerators. Default is no minimum or maximum. */ acceleratorTotalMemoryMib?: pulumi.Input; /** * The accelerator types that must be on the instance type. Default is any accelerator type. */ acceleratorTypes?: pulumi.Input[]>; /** * The instance types to apply your specified attributes against. All other instance types are ignored, even if they match your specified attributes. You can use strings with one or more wild cards,represented by an asterisk (\*). The following are examples: `c5*`, `m5a.*`, `r*`, `*3*`. For example, if you specify `c5*`, you are excluding the entire C5 instance family, which includes all C5a and C5n instance types. If you specify `m5a.*`, you are excluding all the M5a instance types, but not the M5n instance types. Maximum of 400 entries in the list; each entry is limited to 30 characters. Default is no excluded instance types. Default is any instance type. * * If you specify `AllowedInstanceTypes`, you can't specify `ExcludedInstanceTypes`. */ allowedInstanceTypes?: pulumi.Input[]>; /** * Indicate whether bare metal instace types should be `included`, `excluded`, or `required`. Default is `excluded`. */ bareMetal?: pulumi.Input; /** * Block describing the minimum and maximum baseline EBS bandwidth, in Mbps. Default is no minimum or maximum. */ baselineEbsBandwidthMbps?: pulumi.Input; /** * Indicates whether burstable performance T instance types are `included`, `excluded`, or `required`. Default is `excluded`. */ burstablePerformance?: pulumi.Input; /** * The CPU manufacturers to include. Default is any manufacturer. * > **NOTE:** Don't confuse the CPU hardware manufacturer with the CPU hardware architecture. Instances will be launched with a compatible CPU architecture based on the Amazon Machine Image (AMI) that you specify in your launch template. */ cpuManufacturers?: pulumi.Input[]>; /** * The instance types to exclude. You can use strings with one or more wild cards, represented by an asterisk (\*). The following are examples: `c5*`, `m5a.*`, `r*`, `*3*`. For example, if you specify `c5*`, you are excluding the entire C5 instance family, which includes all C5a and C5n instance types. If you specify `m5a.*`, you are excluding all the M5a instance types, but not the M5n instance types. Maximum of 400 entries in the list; each entry is limited to 30 characters. Default is no excluded instance types. * * If you specify `AllowedInstanceTypes`, you can't specify `ExcludedInstanceTypes`. */ excludedInstanceTypes?: pulumi.Input[]>; /** * Indicates whether current or previous generation instance types are included. The current generation instance types are recommended for use. Valid values are `current` and `previous`. Default is `current` and `previous` generation instance types. */ instanceGenerations?: pulumi.Input[]>; /** * Indicate whether instance types with local storage volumes are `included`, `excluded`, or `required`. Default is `included`. */ localStorage?: pulumi.Input; /** * List of local storage type names. Valid values are `hdd` and `ssd`. Default any storage type. */ localStorageTypes?: pulumi.Input[]>; /** * Block describing the minimum and maximum amount of memory (GiB) per vCPU. Default is no minimum or maximum. */ memoryGibPerVcpu?: pulumi.Input; /** * The minimum and maximum amount of memory per vCPU, in GiB. Default is no minimum or maximum limits. */ memoryMib: pulumi.Input; /** * The minimum and maximum amount of network bandwidth, in gigabits per second (Gbps). Default is No minimum or maximum. */ networkBandwidthGbps?: pulumi.Input; /** * Block describing the minimum and maximum number of network interfaces. Default is no minimum or maximum. */ networkInterfaceCount?: pulumi.Input; /** * The price protection threshold for On-Demand Instances. This is the maximum you’ll pay for an On-Demand Instance, expressed as a percentage higher than the cheapest M, C, or R instance type with your specified attributes. When Amazon EC2 Auto Scaling selects instance types with your attributes, we will exclude instance types whose price is higher than your threshold. The parameter accepts an integer, which Amazon EC2 Auto Scaling interprets as a percentage. To turn off price protection, specify a high value, such as 999999. Default is 20. * * If you set `targetCapacityUnitType` to `vcpu` or `memory-mib`, the price protection threshold is applied based on the per-vCPU or per-memory price instead of the per-instance price. */ onDemandMaxPricePercentageOverLowestPrice?: pulumi.Input; /** * Indicate whether instance types must support On-Demand Instance Hibernation, either `true` or `false`. Default is `false`. */ requireHibernateSupport?: pulumi.Input; /** * The price protection threshold for Spot Instances. This is the maximum you’ll pay for a Spot Instance, expressed as a percentage higher than the cheapest M, C, or R instance type with your specified attributes. When Amazon EC2 Auto Scaling selects instance types with your attributes, we will exclude instance types whose price is higher than your threshold. The parameter accepts an integer, which Amazon EC2 Auto Scaling interprets as a percentage. To turn off price protection, specify a high value, such as 999999. Default is 100. * * If you set DesiredCapacityType to vcpu or memory-mib, the price protection threshold is applied based on the per vCPU or per memory price instead of the per instance price. */ spotMaxPricePercentageOverLowestPrice?: pulumi.Input; /** * Block describing the minimum and maximum total local storage (GB). Default is no minimum or maximum. */ totalLocalStorageGb?: pulumi.Input; /** * Block describing the minimum and maximum number of vCPUs. Default is no maximum. */ vcpuCount: pulumi.Input; } export interface FleetLaunchTemplateConfigOverrideInstanceRequirementsAcceleratorCount { /** * Maximum. Set to `0` to exclude instance types with accelerators. */ max?: pulumi.Input; /** * Minimum. */ min?: pulumi.Input; } export interface FleetLaunchTemplateConfigOverrideInstanceRequirementsAcceleratorTotalMemoryMib { /** * The maximum amount of accelerator memory, in MiB. To specify no maximum limit, omit this parameter. */ max?: pulumi.Input; /** * The minimum amount of accelerator memory, in MiB. To specify no minimum limit, omit this parameter. */ min?: pulumi.Input; } export interface FleetLaunchTemplateConfigOverrideInstanceRequirementsBaselineEbsBandwidthMbps { /** * The maximum baseline bandwidth, in Mbps. To specify no maximum limit, omit this parameter.. */ max?: pulumi.Input; /** * The minimum baseline bandwidth, in Mbps. To specify no minimum limit, omit this parameter.. */ min?: pulumi.Input; } export interface FleetLaunchTemplateConfigOverrideInstanceRequirementsMemoryGibPerVcpu { /** * The maximum amount of memory per vCPU, in GiB. To specify no maximum limit, omit this parameter. */ max?: pulumi.Input; /** * The minimum amount of memory per vCPU, in GiB. To specify no minimum limit, omit this parameter. */ min?: pulumi.Input; } export interface FleetLaunchTemplateConfigOverrideInstanceRequirementsMemoryMib { /** * The maximum amount of memory, in MiB. To specify no maximum limit, omit this parameter. */ max?: pulumi.Input; /** * The minimum amount of memory, in MiB. To specify no minimum limit, specify `0`. */ min: pulumi.Input; } export interface FleetLaunchTemplateConfigOverrideInstanceRequirementsNetworkBandwidthGbps { /** * The maximum amount of network bandwidth, in Gbps. To specify no maximum limit, omit this parameter. */ max?: pulumi.Input; /** * The minimum amount of network bandwidth, in Gbps. To specify no minimum limit, omit this parameter. */ min?: pulumi.Input; } export interface FleetLaunchTemplateConfigOverrideInstanceRequirementsNetworkInterfaceCount { /** * The maximum number of network interfaces. To specify no maximum limit, omit this parameter. */ max?: pulumi.Input; /** * The minimum number of network interfaces. To specify no minimum limit, omit this parameter. */ min?: pulumi.Input; } export interface FleetLaunchTemplateConfigOverrideInstanceRequirementsTotalLocalStorageGb { /** * The maximum amount of total local storage, in GB. To specify no maximum limit, omit this parameter. */ max?: pulumi.Input; /** * The minimum amount of total local storage, in GB. To specify no minimum limit, omit this parameter. */ min?: pulumi.Input; } export interface FleetLaunchTemplateConfigOverrideInstanceRequirementsVcpuCount { /** * The maximum number of vCPUs. To specify no maximum limit, omit this parameter. */ max?: pulumi.Input; /** * The minimum number of vCPUs. To specify no minimum limit, specify `0`. */ min: pulumi.Input; } export interface FleetOnDemandOptions { /** * The order of the launch template overrides to use in fulfilling On-Demand capacity. Valid values: `lowestPrice`, `prioritized`. Default: `lowestPrice`. */ allocationStrategy?: pulumi.Input; /** * The maximum amount per hour for On-Demand Instances that you're willing to pay. */ maxTotalPrice?: pulumi.Input; /** * The minimum target capacity for On-Demand Instances in the fleet. If the minimum target capacity is not reached, the fleet launches no instances. Supported only for fleets of type `instant`. * If you specify `minTargetCapacity`, at least one of the following must be specified: `singleAvailabilityZone` or `singleInstanceType`. */ minTargetCapacity?: pulumi.Input; /** * Indicates that the fleet launches all On-Demand Instances into a single Availability Zone. Supported only for fleets of type `instant`. */ singleAvailabilityZone?: pulumi.Input; /** * Indicates that the fleet uses a single instance type to launch all On-Demand Instances in the fleet. Supported only for fleets of type `instant`. */ singleInstanceType?: pulumi.Input; } export interface FleetSpotOptions { /** * How to allocate the target capacity across the Spot pools. Valid values: `diversified`, `lowestPrice`, `capacity-optimized`, `capacity-optimized-prioritized` and `price-capacity-optimized`. Default: `lowestPrice`. */ allocationStrategy?: pulumi.Input; /** * Behavior when a Spot Instance is interrupted. Valid values: `hibernate`, `stop`, `terminate`. Default: `terminate`. */ instanceInterruptionBehavior?: pulumi.Input; /** * Number of Spot pools across which to allocate your target Spot capacity. Valid only when Spot `allocationStrategy` is set to `lowestPrice`. Default: `1`. */ instancePoolsToUseCount?: pulumi.Input; /** * Nested argument containing maintenance strategies for managing your Spot Instances that are at an elevated risk of being interrupted. Defined below. */ maintenanceStrategies?: pulumi.Input; } export interface FleetSpotOptionsMaintenanceStrategies { /** * Nested argument containing the capacity rebalance for your fleet request. Defined below. */ capacityRebalance?: pulumi.Input; } export interface FleetSpotOptionsMaintenanceStrategiesCapacityRebalance { /** * The replacement strategy to use. Only available for fleets of `type` set to `maintain`. Valid values: `launch`. */ replacementStrategy?: pulumi.Input; terminationDelay?: pulumi.Input; } export interface FleetTargetCapacitySpecification { /** * Default target capacity type. Valid values: `on-demand`, `spot`. */ defaultTargetCapacityType: pulumi.Input; /** * The number of On-Demand units to request. */ onDemandTargetCapacity?: pulumi.Input; /** * The number of Spot units to request. */ spotTargetCapacity?: pulumi.Input; /** * The unit for the target capacity. * If you specify `targetCapacityUnitType`, `instanceRequirements` must be specified. */ targetCapacityUnitType?: pulumi.Input; /** * The number of units to request, filled using `defaultTargetCapacityType`. */ totalTargetCapacity: pulumi.Input; } export interface FlowLogDestinationOptions { /** * The format for the flow log. Default value: `plain-text`. Valid values: `plain-text`, `parquet`. */ fileFormat?: pulumi.Input; /** * Indicates whether to use Hive-compatible prefixes for flow logs stored in Amazon S3. Default value: `false`. */ hiveCompatiblePartitions?: pulumi.Input; /** * Indicates whether to partition the flow log per hour. This reduces the cost and response time for queries. Default value: `false`. */ perHourPartition?: pulumi.Input; } export interface GetAmiFilter { /** * Name of the AMI that was provided during image creation. */ name: string; values: string[]; } export interface GetAmiFilterArgs { /** * Name of the AMI that was provided during image creation. */ name: pulumi.Input; values: pulumi.Input[]>; } export interface GetAmiIdsFilter { name: string; values: string[]; } export interface GetAmiIdsFilterArgs { name: pulumi.Input; values: pulumi.Input[]>; } export interface GetCoipPoolFilter { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeCoipPools.html). */ name: string; /** * Set of values that are accepted for the given field. * A COIP Pool will be selected if any one of the given values matches. */ values: string[]; } export interface GetCoipPoolFilterArgs { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeCoipPools.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given field. * A COIP Pool will be selected if any one of the given values matches. */ values: pulumi.Input[]>; } export interface GetCoipPoolsFilter { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeCoipPools.html). */ name: string; /** * Set of values that are accepted for the given field. * A COIP Pool will be selected if any one of the given values matches. */ values: string[]; } export interface GetCoipPoolsFilterArgs { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeCoipPools.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given field. * A COIP Pool will be selected if any one of the given values matches. */ values: pulumi.Input[]>; } export interface GetCustomerGatewayFilter { name: string; values: string[]; } export interface GetCustomerGatewayFilterArgs { name: pulumi.Input; values: pulumi.Input[]>; } export interface GetDedicatedHostFilter { /** * Name of the field to filter by, as defined by [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeHosts.html). */ name: string; /** * Set of values that are accepted for the given field. A host will be selected if any one of the given values matches. */ values: string[]; } export interface GetDedicatedHostFilterArgs { /** * Name of the field to filter by, as defined by [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeHosts.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given field. A host will be selected if any one of the given values matches. */ values: pulumi.Input[]>; } export interface GetEipsFilter { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeAddresses.html). */ name: string; /** * Set of values that are accepted for the given field. An Elastic IP will be selected if any one of the given values matches. */ values: string[]; } export interface GetEipsFilterArgs { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeAddresses.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given field. An Elastic IP will be selected if any one of the given values matches. */ values: pulumi.Input[]>; } export interface GetElasticIpFilter { name: string; values: string[]; } export interface GetElasticIpFilterArgs { name: pulumi.Input; values: pulumi.Input[]>; } export interface GetInstanceFilter { name: string; values: string[]; } export interface GetInstanceFilterArgs { name: pulumi.Input; values: pulumi.Input[]>; } export interface GetInstanceTypeOfferingFilter { /** * Name of the filter. The `location` filter depends on the top-level `locationType` argument and if not specified, defaults to the current region. */ name: string; /** * List of one or more values for the filter. */ values: string[]; } export interface GetInstanceTypeOfferingFilterArgs { /** * Name of the filter. The `location` filter depends on the top-level `locationType` argument and if not specified, defaults to the current region. */ name: pulumi.Input; /** * List of one or more values for the filter. */ values: pulumi.Input[]>; } export interface GetInstanceTypeOfferingsFilter { /** * Name of the filter. The `location` filter depends on the top-level `locationType` argument and if not specified, defaults to the current region. */ name: string; /** * List of one or more values for the filter. */ values: string[]; } export interface GetInstanceTypeOfferingsFilterArgs { /** * Name of the filter. The `location` filter depends on the top-level `locationType` argument and if not specified, defaults to the current region. */ name: pulumi.Input; /** * List of one or more values for the filter. */ values: pulumi.Input[]>; } export interface GetInstanceTypesFilter { /** * Name of the filter. */ name: string; /** * List of one or more values for the filter. */ values: string[]; } export interface GetInstanceTypesFilterArgs { /** * Name of the filter. */ name: pulumi.Input; /** * List of one or more values for the filter. */ values: pulumi.Input[]>; } export interface GetInstancesFilter { name: string; values: string[]; } export interface GetInstancesFilterArgs { name: pulumi.Input; values: pulumi.Input[]>; } export interface GetInternetGatewayFilter { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInternetGateways.html). */ name: string; /** * Set of values that are accepted for the given field. * An Internet Gateway will be selected if any one of the given values matches. */ values: string[]; } export interface GetInternetGatewayFilterArgs { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInternetGateways.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given field. * An Internet Gateway will be selected if any one of the given values matches. */ values: pulumi.Input[]>; } export interface GetKeyPairFilter { /** * Name of the filter field. Valid values can be found in the [EC2 DescribeKeyPairs API Reference](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeKeyPairs.html). */ name: string; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: string[]; } export interface GetKeyPairFilterArgs { /** * Name of the filter field. Valid values can be found in the [EC2 DescribeKeyPairs API Reference](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeKeyPairs.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: pulumi.Input[]>; } export interface GetLaunchTemplateFilter { /** * Name of the filter field. Valid values can be found in the [EC2 DescribeLaunchTemplates API Reference](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeLaunchTemplates.html). */ name: string; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: string[]; } export interface GetLaunchTemplateFilterArgs { /** * Name of the filter field. Valid values can be found in the [EC2 DescribeLaunchTemplates API Reference](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeLaunchTemplates.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: pulumi.Input[]>; } export interface GetLocalGatewayFilter { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeLocalGateways.html). */ name: string; /** * Set of values that are accepted for the given field. * A Local Gateway will be selected if any one of the given values matches. */ values: string[]; } export interface GetLocalGatewayFilterArgs { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeLocalGateways.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given field. * A Local Gateway will be selected if any one of the given values matches. */ values: pulumi.Input[]>; } export interface GetLocalGatewayRouteTableFilter { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeLocalGatewayRouteTables.html). */ name: string; /** * Set of values that are accepted for the given field. * A local gateway route table will be selected if any one of the given values matches. */ values: string[]; } export interface GetLocalGatewayRouteTableFilterArgs { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeLocalGatewayRouteTables.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given field. * A local gateway route table will be selected if any one of the given values matches. */ values: pulumi.Input[]>; } export interface GetLocalGatewayRouteTablesFilter { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeLocalGatewayRouteTables.html). */ name: string; /** * Set of values that are accepted for the given field. * A Local Gateway Route Table will be selected if any one of the given values matches. */ values: string[]; } export interface GetLocalGatewayRouteTablesFilterArgs { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeLocalGatewayRouteTables.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given field. * A Local Gateway Route Table will be selected if any one of the given values matches. */ values: pulumi.Input[]>; } export interface GetLocalGatewayVirtualInterfaceFilter { /** * Name of the filter. */ name: string; /** * List of one or more values for the filter. */ values: string[]; } export interface GetLocalGatewayVirtualInterfaceFilterArgs { /** * Name of the filter. */ name: pulumi.Input; /** * List of one or more values for the filter. */ values: pulumi.Input[]>; } export interface GetLocalGatewayVirtualInterfaceGroupFilter { /** * Name of the filter. */ name: string; /** * List of one or more values for the filter. */ values: string[]; } export interface GetLocalGatewayVirtualInterfaceGroupFilterArgs { /** * Name of the filter. */ name: pulumi.Input; /** * List of one or more values for the filter. */ values: pulumi.Input[]>; } export interface GetLocalGatewayVirtualInterfaceGroupsFilter { /** * Name of the filter. */ name: string; /** * List of one or more values for the filter. */ values: string[]; } export interface GetLocalGatewayVirtualInterfaceGroupsFilterArgs { /** * Name of the filter. */ name: pulumi.Input; /** * List of one or more values for the filter. */ values: pulumi.Input[]>; } export interface GetLocalGatewaysFilter { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeLocalGateways.html). */ name: string; /** * Set of values that are accepted for the given field. * A Local Gateway will be selected if any one of the given values matches. */ values: string[]; } export interface GetLocalGatewaysFilterArgs { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeLocalGateways.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given field. * A Local Gateway will be selected if any one of the given values matches. */ values: pulumi.Input[]>; } export interface GetManagedPrefixListFilter { /** * Name of the filter field. Valid values can be found in the EC2 [DescribeManagedPrefixLists](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeManagedPrefixLists.html) API Reference. */ name: string; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: string[]; } export interface GetManagedPrefixListFilterArgs { /** * Name of the filter field. Valid values can be found in the EC2 [DescribeManagedPrefixLists](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeManagedPrefixLists.html) API Reference. */ name: pulumi.Input; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: pulumi.Input[]>; } export interface GetManagedPrefixListsFilter { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeManagedPrefixLists.html). */ name: string; /** * Set of values that are accepted for the given field. * A managed prefix list will be selected if any one of the given values matches. */ values: string[]; } export interface GetManagedPrefixListsFilterArgs { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeManagedPrefixLists.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given field. * A managed prefix list will be selected if any one of the given values matches. */ values: pulumi.Input[]>; } export interface GetNatGatewayFilter { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeNatGateways.html). */ name: string; /** * Set of values that are accepted for the given field. * An Nat Gateway will be selected if any one of the given values matches. */ values: string[]; } export interface GetNatGatewayFilterArgs { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeNatGateways.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given field. * An Nat Gateway will be selected if any one of the given values matches. */ values: pulumi.Input[]>; } export interface GetNatGatewaysFilter { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeNatGateways.html). */ name: string; /** * Set of values that are accepted for the given field. * A Nat Gateway will be selected if any one of the given values matches. */ values: string[]; } export interface GetNatGatewaysFilterArgs { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeNatGateways.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given field. * A Nat Gateway will be selected if any one of the given values matches. */ values: pulumi.Input[]>; } export interface GetNetworkAclsFilter { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeNetworkAcls.html). */ name: string; /** * Set of values that are accepted for the given field. * A VPC will be selected if any one of the given values matches. */ values: string[]; } export interface GetNetworkAclsFilterArgs { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeNetworkAcls.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given field. * A VPC will be selected if any one of the given values matches. */ values: pulumi.Input[]>; } export interface GetNetworkInsightsAnalysisFilter { /** * Name of the filter field. Valid values can be found in the EC2 [`DescribeNetworkInsightsAnalyses`](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeNetworkInsightsAnalyses.html) API Reference. */ name: string; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: string[]; } export interface GetNetworkInsightsAnalysisFilterArgs { /** * Name of the filter field. Valid values can be found in the EC2 [`DescribeNetworkInsightsAnalyses`](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeNetworkInsightsAnalyses.html) API Reference. */ name: pulumi.Input; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: pulumi.Input[]>; } export interface GetNetworkInsightsPathFilter { /** * Name of the filter field. Valid values can be found in the EC2 [`DescribeNetworkInsightsPaths`](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeNetworkInsightsPaths.html) API Reference. */ name: string; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: string[]; } export interface GetNetworkInsightsPathFilterArgs { /** * Name of the filter field. Valid values can be found in the EC2 [`DescribeNetworkInsightsPaths`](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeNetworkInsightsPaths.html) API Reference. */ name: pulumi.Input; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: pulumi.Input[]>; } export interface GetNetworkInterfaceFilter { name: string; values: string[]; } export interface GetNetworkInterfaceFilterArgs { name: pulumi.Input; values: pulumi.Input[]>; } export interface GetNetworkInterfacesFilter { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeNetworkInterfaces.html). */ name: string; /** * Set of values that are accepted for the given field. */ values: string[]; } export interface GetNetworkInterfacesFilterArgs { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeNetworkInterfaces.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given field. */ values: pulumi.Input[]>; } export interface GetPrefixListFilter { /** * Name of the filter field. Valid values can be found in the [EC2 DescribePrefixLists API Reference](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribePrefixLists.html). */ name: string; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: string[]; } export interface GetPrefixListFilterArgs { /** * Name of the filter field. Valid values can be found in the [EC2 DescribePrefixLists API Reference](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribePrefixLists.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: pulumi.Input[]>; } export interface GetPublicIpv4PoolsFilter { /** * Name of the field to filter by, as defined by [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribePublicIpv4Pools.html). */ name: string; /** * Set of values that are accepted for the given field. Pool IDs will be selected if any one of the given values match. */ values: string[]; } export interface GetPublicIpv4PoolsFilterArgs { /** * Name of the field to filter by, as defined by [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribePublicIpv4Pools.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given field. Pool IDs will be selected if any one of the given values match. */ values: pulumi.Input[]>; } export interface GetRouteTableFilter { /** * Name of the field to filter by, as defined by [the underlying AWS API](http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeRouteTables.html). */ name: string; /** * Set of values that are accepted for the given field. A Route Table will be selected if any one of the given values matches. */ values: string[]; } export interface GetRouteTableFilterArgs { /** * Name of the field to filter by, as defined by [the underlying AWS API](http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeRouteTables.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given field. A Route Table will be selected if any one of the given values matches. */ values: pulumi.Input[]>; } export interface GetRouteTablesFilter { /** * Name of the field to filter by, as defined by * [the underlying AWS API](http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeRouteTables.html). */ name: string; /** * Set of values that are accepted for the given field. * A Route Table will be selected if any one of the given values matches. */ values: string[]; } export interface GetRouteTablesFilterArgs { /** * Name of the field to filter by, as defined by * [the underlying AWS API](http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeRouteTables.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given field. * A Route Table will be selected if any one of the given values matches. */ values: pulumi.Input[]>; } export interface GetSecurityGroupFilter { /** * Name of the field to filter by, as defined by * [the underlying AWS API](http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html). */ name: string; /** * Set of values that are accepted for the given field. * A Security Group will be selected if any one of the given values matches. */ values: string[]; } export interface GetSecurityGroupFilterArgs { /** * Name of the field to filter by, as defined by * [the underlying AWS API](http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given field. * A Security Group will be selected if any one of the given values matches. */ values: pulumi.Input[]>; } export interface GetSecurityGroupsFilter { name: string; values: string[]; } export interface GetSecurityGroupsFilterArgs { name: pulumi.Input; values: pulumi.Input[]>; } export interface GetSpotPriceFilter { /** * Name of the filter. */ name: string; /** * List of one or more values for the filter. */ values: string[]; } export interface GetSpotPriceFilterArgs { /** * Name of the filter. */ name: pulumi.Input; /** * List of one or more values for the filter. */ values: pulumi.Input[]>; } export interface GetSubnetFilter { /** * Name of the field to filter by, as defined by [the underlying AWS API](http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSubnets.html). */ name: string; /** * Set of values that are accepted for the given field. A subnet will be selected if any one of the given values matches. */ values: string[]; } export interface GetSubnetFilterArgs { /** * Name of the field to filter by, as defined by [the underlying AWS API](http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSubnets.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given field. A subnet will be selected if any one of the given values matches. */ values: pulumi.Input[]>; } export interface GetSubnetsFilter { /** * Name of the field to filter by, as defined by * [the underlying AWS API](http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSubnets.html). * For example, if matching against tag `Name`, use: * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * const selected = aws.ec2.getSubnets({ * filters: [{ * name: "tag:Name", * values: [""], * }], * }); * ``` */ name: string; /** * Set of values that are accepted for the given field. * Subnet IDs will be selected if any one of the given values match. */ values: string[]; } export interface GetSubnetsFilterArgs { /** * Name of the field to filter by, as defined by * [the underlying AWS API](http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSubnets.html). * For example, if matching against tag `Name`, use: * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * const selected = aws.ec2.getSubnets({ * filters: [{ * name: "tag:Name", * values: [""], * }], * }); * ``` */ name: pulumi.Input; /** * Set of values that are accepted for the given field. * Subnet IDs will be selected if any one of the given values match. */ values: pulumi.Input[]>; } export interface GetTransitGatewayRouteTablesFilter { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeTransitGatewayRouteTables.html). */ name: string; /** * Set of values that are accepted for the given field. * A Transit Gateway Route Table will be selected if any one of the given values matches. */ values: string[]; } export interface GetTransitGatewayRouteTablesFilterArgs { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeTransitGatewayRouteTables.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given field. * A Transit Gateway Route Table will be selected if any one of the given values matches. */ values: pulumi.Input[]>; } export interface GetVpcDhcpOptionsFilter { /** * Name of the field to filter. */ name: string; /** * Set of values for filtering. */ values: string[]; } export interface GetVpcDhcpOptionsFilterArgs { /** * Name of the field to filter. */ name: pulumi.Input; /** * Set of values for filtering. */ values: pulumi.Input[]>; } export interface GetVpcEndpointFilter { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeVpcEndpoints.html). */ name: string; /** * Set of values that are accepted for the given field. * A VPC Endpoint will be selected if any one of the given values matches. */ values: string[]; } export interface GetVpcEndpointFilterArgs { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeVpcEndpoints.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given field. * A VPC Endpoint will be selected if any one of the given values matches. */ values: pulumi.Input[]>; } export interface GetVpcEndpointServiceFilter { /** * Name of the filter field. Valid values can be found in the [EC2 DescribeVpcEndpointServices API Reference](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeVpcEndpointServices.html). */ name: string; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: string[]; } export interface GetVpcEndpointServiceFilterArgs { /** * Name of the filter field. Valid values can be found in the [EC2 DescribeVpcEndpointServices API Reference](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeVpcEndpointServices.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: pulumi.Input[]>; } export interface GetVpcFilter { /** * Name of the field to filter by, as defined by * [the underlying AWS API](http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeVpcs.html). */ name: string; /** * Set of values that are accepted for the given field. * A VPC will be selected if any one of the given values matches. */ values: string[]; } export interface GetVpcFilterArgs { /** * Name of the field to filter by, as defined by * [the underlying AWS API](http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeVpcs.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given field. * A VPC will be selected if any one of the given values matches. */ values: pulumi.Input[]>; } export interface GetVpcIamPoolCidrsFilter { name: string; values: string[]; } export interface GetVpcIamPoolCidrsFilterArgs { name: pulumi.Input; values: pulumi.Input[]>; } export interface GetVpcIamPoolFilter { /** * The name of the filter. Filter names are case-sensitive. */ name: string; /** * The filter values. Filter values are case-sensitive. */ values: string[]; } export interface GetVpcIamPoolFilterArgs { /** * The name of the filter. Filter names are case-sensitive. */ name: pulumi.Input; /** * The filter values. Filter values are case-sensitive. */ values: pulumi.Input[]>; } export interface GetVpcIamPoolsFilter { /** * The name of the filter. Filter names are case-sensitive. */ name: string; /** * The filter values. Filter values are case-sensitive. */ values: string[]; } export interface GetVpcIamPoolsFilterArgs { /** * The name of the filter. Filter names are case-sensitive. */ name: pulumi.Input; /** * The filter values. Filter values are case-sensitive. */ values: pulumi.Input[]>; } export interface GetVpcIpamPoolCidrsFilter { name: string; values: string[]; } export interface GetVpcIpamPoolCidrsFilterArgs { name: pulumi.Input; values: pulumi.Input[]>; } export interface GetVpcIpamPoolFilter { /** * The name of the filter. Filter names are case-sensitive. */ name: string; /** * The filter values. Filter values are case-sensitive. */ values: string[]; } export interface GetVpcIpamPoolFilterArgs { /** * The name of the filter. Filter names are case-sensitive. */ name: pulumi.Input; /** * The filter values. Filter values are case-sensitive. */ values: pulumi.Input[]>; } export interface GetVpcIpamPoolsFilter { /** * The name of the filter. Filter names are case-sensitive. */ name: string; /** * The filter values. Filter values are case-sensitive. */ values: string[]; } export interface GetVpcIpamPoolsFilterArgs { /** * The name of the filter. Filter names are case-sensitive. */ name: pulumi.Input; /** * The filter values. Filter values are case-sensitive. */ values: pulumi.Input[]>; } export interface GetVpcPeeringConnectionFilter { /** * Name of the field to filter by, as defined by * [the underlying AWS API](http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeVpcPeeringConnections.html). */ name: string; /** * Set of values that are accepted for the given field. * A VPC Peering Connection will be selected if any one of the given values matches. */ values: string[]; } export interface GetVpcPeeringConnectionFilterArgs { /** * Name of the field to filter by, as defined by * [the underlying AWS API](http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeVpcPeeringConnections.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given field. * A VPC Peering Connection will be selected if any one of the given values matches. */ values: pulumi.Input[]>; } export interface GetVpcPeeringConnectionsFilter { /** * Name of the field to filter by, as defined by * [the underlying AWS API](http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeVpcPeeringConnections.html). */ name: string; /** * Set of values that are accepted for the given field. * A VPC Peering Connection will be selected if any one of the given values matches. */ values: string[]; } export interface GetVpcPeeringConnectionsFilterArgs { /** * Name of the field to filter by, as defined by * [the underlying AWS API](http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeVpcPeeringConnections.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given field. * A VPC Peering Connection will be selected if any one of the given values matches. */ values: pulumi.Input[]>; } export interface GetVpcsFilter { /** * Name of the field to filter by, as defined by * [the underlying AWS API](http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeVpcs.html). */ name: string; /** * Set of values that are accepted for the given field. * A VPC will be selected if any one of the given values matches. */ values: string[]; } export interface GetVpcsFilterArgs { /** * Name of the field to filter by, as defined by * [the underlying AWS API](http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeVpcs.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given field. * A VPC will be selected if any one of the given values matches. */ values: pulumi.Input[]>; } export interface GetVpnGatewayFilter { /** * Name of the field to filter by, as defined by * [the underlying AWS API](http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeVpnGateways.html). */ name: string; /** * Set of values that are accepted for the given field. * A VPN Gateway will be selected if any one of the given values matches. */ values: string[]; } export interface GetVpnGatewayFilterArgs { /** * Name of the field to filter by, as defined by * [the underlying AWS API](http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeVpnGateways.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given field. * A VPN Gateway will be selected if any one of the given values matches. */ values: pulumi.Input[]>; } export interface InstanceCapacityReservationSpecification { /** * Indicates the instance's Capacity Reservation preferences. Can be `"open"` or `"none"`. (Default: `"open"`). */ capacityReservationPreference?: pulumi.Input; /** * Information about the target Capacity Reservation. See Capacity Reservation Target below for more details. * * For more information, see the documentation on [Capacity Reservations](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/capacity-reservations-using.html). */ capacityReservationTarget?: pulumi.Input; } export interface InstanceCapacityReservationSpecificationCapacityReservationTarget { /** * ID of the Capacity Reservation in which to run the instance. */ capacityReservationId?: pulumi.Input; /** * ARN of the Capacity Reservation resource group in which to run the instance. */ capacityReservationResourceGroupArn?: pulumi.Input; } export interface InstanceCpuOptions { /** * Indicates whether to enable the instance for AMD SEV-SNP. AMD SEV-SNP is supported with M6a, R6a, and C6a instance types only. Valid values are `enabled` and `disabled`. */ amdSevSnp?: pulumi.Input; /** * Sets the number of CPU cores for an instance. This option is only supported on creation of instance type that support CPU Options [CPU Cores and Threads Per CPU Core Per Instance Type](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-optimize-cpu.html#cpu-options-supported-instances-values) - specifying this option for unsupported instance types will return an error from the EC2 API. */ coreCount?: pulumi.Input; /** * If set to 1, hyperthreading is disabled on the launched instance. Defaults to 2 if not set. See [Optimizing CPU Options](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-optimize-cpu.html) for more information. * * For more information, see the documentation on [Optimizing CPU options](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-optimize-cpu.html). */ threadsPerCore?: pulumi.Input; } export interface InstanceCreditSpecification { /** * Credit option for CPU usage. Valid values include `standard` or `unlimited`. T3 instances are launched as unlimited by default. T2 instances are launched as standard by default. */ cpuCredits?: pulumi.Input; } export interface InstanceEbsBlockDevice { /** * Whether the volume should be destroyed on instance termination. Defaults to `true`. */ deleteOnTermination?: pulumi.Input; /** * Name of the device to mount. */ deviceName: pulumi.Input; /** * Enables [EBS encryption](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) on the volume. Defaults to `false`. Cannot be used with `snapshotId`. Must be configured to perform drift detection. */ encrypted?: pulumi.Input; /** * Amount of provisioned [IOPS](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-io-characteristics.html). Only valid for volumeType of `io1`, `io2` or `gp3`. */ iops?: pulumi.Input; /** * Amazon Resource Name (ARN) of the KMS Key to use when encrypting the volume. Must be configured to perform drift detection. */ kmsKeyId?: pulumi.Input; /** * Snapshot ID to mount. */ snapshotId?: pulumi.Input; /** * Map of tags to assign to the device. */ tags?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block. */ tagsAll?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Throughput to provision for a volume in mebibytes per second (MiB/s). This is only valid for `volumeType` of `gp3`. */ throughput?: pulumi.Input; /** * ID of the volume. For example, the ID can be accessed like this, `aws_instance.web.root_block_device.0.volume_id`. */ volumeId?: pulumi.Input; /** * Size of the volume in gibibytes (GiB). */ volumeSize?: pulumi.Input; /** * Type of volume. Valid values include `standard`, `gp2`, `gp3`, `io1`, `io2`, `sc1`, or `st1`. Defaults to `gp2`. * * > **NOTE:** Currently, changes to the `ebsBlockDevice` configuration of _existing_ resources cannot be automatically detected by this provider. To manage changes and attachments of an EBS block to an instance, use the `aws.ebs.Volume` and `aws.ec2.VolumeAttachment` resources instead. If you use `ebsBlockDevice` on an `aws.ec2.Instance`, this provider will assume management over the full set of non-root EBS block devices for the instance, treating additional block devices as drift. For this reason, `ebsBlockDevice` cannot be mixed with external `aws.ebs.Volume` and `aws.ec2.VolumeAttachment` resources for a given instance. */ volumeType?: pulumi.Input; } export interface InstanceEnclaveOptions { /** * Whether Nitro Enclaves will be enabled on the instance. Defaults to `false`. * * For more information, see the documentation on [Nitro Enclaves](https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave.html). */ enabled?: pulumi.Input; } export interface InstanceEphemeralBlockDevice { /** * Name of the block device to mount on the instance. */ deviceName: pulumi.Input; /** * Suppresses the specified device included in the AMI's block device mapping. */ noDevice?: pulumi.Input; /** * [Instance Store Device Name](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html#InstanceStoreDeviceNames) (e.g., `ephemeral0`). * * Each AWS Instance type has a different set of Instance Store block devices available for attachment. AWS [publishes a list](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html#StorageOnInstanceTypes) of which ephemeral devices are available on each type. The devices are always identified by the `virtualName` in the format `ephemeral{0..N}`. */ virtualName?: pulumi.Input; } export interface InstanceInstanceMarketOptions { /** * Type of market for the instance. Valid value is `spot`. Defaults to `spot`. Required if `spotOptions` is specified. */ marketType?: pulumi.Input; /** * Block to configure the options for Spot Instances. See Spot Options below for details on attributes. */ spotOptions?: pulumi.Input; } export interface InstanceInstanceMarketOptionsSpotOptions { /** * The behavior when a Spot Instance is interrupted. Valid values include `hibernate`, `stop`, `terminate` . The default is `terminate`. */ instanceInterruptionBehavior?: pulumi.Input; /** * The maximum hourly price that you're willing to pay for a Spot Instance. */ maxPrice?: pulumi.Input; /** * The Spot Instance request type. Valid values include `one-time`, `persistent`. Persistent Spot Instance requests are only supported when the instance interruption behavior is either hibernate or stop. The default is `one-time`. */ spotInstanceType?: pulumi.Input; /** * The end date of the request, in UTC format (YYYY-MM-DDTHH:MM:SSZ). Supported only for persistent requests. */ validUntil?: pulumi.Input; } export interface InstanceLaunchTemplate { /** * ID of the launch template. Conflicts with `name`. */ id?: pulumi.Input; /** * Name of the launch template. Conflicts with `id`. */ name?: pulumi.Input; /** * Template version. Can be a specific version number, `$Latest` or `$Default`. The default value is `$Default`. */ version?: pulumi.Input; } export interface InstanceMaintenanceOptions { /** * Automatic recovery behavior of the Instance. Can be `"default"` or `"disabled"`. See [Recover your instance](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-recover.html) for more details. */ autoRecovery?: pulumi.Input; } export interface InstanceMetadataOptions { /** * Whether the metadata service is available. Valid values include `enabled` or `disabled`. Defaults to `enabled`. */ httpEndpoint?: pulumi.Input; /** * Whether the IPv6 endpoint for the instance metadata service is enabled. Defaults to `disabled`. */ httpProtocolIpv6?: pulumi.Input; /** * Desired HTTP PUT response hop limit for instance metadata requests. The larger the number, the further instance metadata requests can travel. Valid values are integer from `1` to `64`. Defaults to `1`. */ httpPutResponseHopLimit?: pulumi.Input; /** * Whether or not the metadata service requires session tokens, also referred to as _Instance Metadata Service Version 2 (IMDSv2)_. Valid values include `optional` or `required`. Defaults to `optional`. */ httpTokens?: pulumi.Input; /** * Enables or disables access to instance tags from the instance metadata service. Valid values include `enabled` or `disabled`. Defaults to `disabled`. * * For more information, see the documentation on the [Instance Metadata Service](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html). */ instanceMetadataTags?: pulumi.Input; } export interface InstanceNetworkInterface { /** * Whether or not to delete the network interface on instance termination. Defaults to `false`. Currently, the only valid value is `false`, as this is only supported when creating new network interfaces when launching an instance. */ deleteOnTermination?: pulumi.Input; /** * Integer index of the network interface attachment. Limited by instance type. */ deviceIndex: pulumi.Input; /** * Integer index of the network card. Limited by instance type. The default index is `0`. */ networkCardIndex?: pulumi.Input; /** * ID of the network interface to attach. */ networkInterfaceId: pulumi.Input; } export interface InstancePrivateDnsNameOptions { /** * Indicates whether to respond to DNS queries for instance hostnames with DNS A records. */ enableResourceNameDnsARecord?: pulumi.Input; /** * Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. */ enableResourceNameDnsAaaaRecord?: pulumi.Input; /** * Type of hostname for Amazon EC2 instances. For IPv4 only subnets, an instance DNS name must be based on the instance IPv4 address. For IPv6 native subnets, an instance DNS name must be based on the instance ID. For dual-stack subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: `ip-name` and `resource-name`. */ hostnameType?: pulumi.Input; } export interface InstanceRootBlockDevice { /** * Whether the volume should be destroyed on instance termination. Defaults to `true`. */ deleteOnTermination?: pulumi.Input; /** * Device name, e.g., `/dev/sdh` or `xvdh`. */ deviceName?: pulumi.Input; /** * Whether to enable volume encryption. Defaults to `false`. Must be configured to perform drift detection. */ encrypted?: pulumi.Input; /** * Amount of provisioned [IOPS](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-io-characteristics.html). Only valid for volumeType of `io1`, `io2` or `gp3`. */ iops?: pulumi.Input; /** * Amazon Resource Name (ARN) of the KMS Key to use when encrypting the volume. Must be configured to perform drift detection. */ kmsKeyId?: pulumi.Input; /** * Map of tags to assign to the device. */ tags?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block. */ tagsAll?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Throughput to provision for a volume in mebibytes per second (MiB/s). This is only valid for `volumeType` of `gp3`. */ throughput?: pulumi.Input; /** * ID of the volume. For example, the ID can be accessed like this, `aws_instance.web.root_block_device.0.volume_id`. */ volumeId?: pulumi.Input; /** * Size of the volume in gibibytes (GiB). */ volumeSize?: pulumi.Input; /** * Type of volume. Valid values include `standard`, `gp2`, `gp3`, `io1`, `io2`, `sc1`, or `st1`. Defaults to the volume type that the AMI uses. * * Modifying the `encrypted` or `kmsKeyId` settings of the `rootBlockDevice` requires resource replacement. */ volumeType?: pulumi.Input; } export interface LaunchConfigurationEbsBlockDevice { deleteOnTermination?: pulumi.Input; deviceName: pulumi.Input; encrypted?: pulumi.Input; iops?: pulumi.Input; noDevice?: pulumi.Input; snapshotId?: pulumi.Input; throughput?: pulumi.Input; volumeSize?: pulumi.Input; volumeType?: pulumi.Input; } export interface LaunchConfigurationEphemeralBlockDevice { deviceName: pulumi.Input; noDevice?: pulumi.Input; virtualName?: pulumi.Input; } export interface LaunchConfigurationMetadataOptions { /** * The state of the metadata service: `enabled`, `disabled`. */ httpEndpoint?: pulumi.Input; /** * The desired HTTP PUT response hop limit for instance metadata requests. */ httpPutResponseHopLimit?: pulumi.Input; /** * If session tokens are required: `optional`, `required`. */ httpTokens?: pulumi.Input; } export interface LaunchConfigurationRootBlockDevice { deleteOnTermination?: pulumi.Input; encrypted?: pulumi.Input; iops?: pulumi.Input; throughput?: pulumi.Input; volumeSize?: pulumi.Input; volumeType?: pulumi.Input; } export interface LaunchTemplateBlockDeviceMapping { /** * The name of the device to mount. */ deviceName?: pulumi.Input; /** * Configure EBS volume properties. */ ebs?: pulumi.Input; /** * Suppresses the specified device included in the AMI's block device mapping. */ noDevice?: pulumi.Input; /** * The [Instance Store Device * Name](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html#InstanceStoreDeviceNames) * (e.g., `"ephemeral0"`). */ virtualName?: pulumi.Input; } export interface LaunchTemplateBlockDeviceMappingEbs { /** * Whether the volume should be destroyed on instance termination. * See [Preserving Amazon EBS Volumes on Instance Termination](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/preserving-volumes-on-termination.html) for more information. */ deleteOnTermination?: pulumi.Input; /** * Enables [EBS encryption](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) on the volume. * Cannot be used with `snapshotId`. */ encrypted?: pulumi.Input; /** * The amount of provisioned [IOPS](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-io-characteristics.html). * This must be set with a `volumeType` of `"io1/io2/gp3"`. */ iops?: pulumi.Input; /** * The ARN of the AWS Key Management Service (AWS KMS) customer master key (CMK) to use when creating the encrypted volume. * `encrypted` must be set to `true` when this is set. */ kmsKeyId?: pulumi.Input; /** * The Snapshot ID to mount. */ snapshotId?: pulumi.Input; /** * The throughput to provision for a `gp3` volume in MiB/s (specified as an integer, e.g., 500), with a maximum of 1,000 MiB/s. */ throughput?: pulumi.Input; /** * The size of the volume in gigabytes. */ volumeSize?: pulumi.Input; /** * The volume type. * Can be one of `standard`, `gp2`, `gp3`, `io1`, `io2`, `sc1` or `st1`. */ volumeType?: pulumi.Input; } export interface LaunchTemplateCapacityReservationSpecification { /** * Indicates the instance's Capacity Reservation preferences. Can be `open` or `none`. (Default `none`). */ capacityReservationPreference?: pulumi.Input; /** * Used to target a specific Capacity Reservation: */ capacityReservationTarget?: pulumi.Input; } export interface LaunchTemplateCapacityReservationSpecificationCapacityReservationTarget { /** * The ID of the Capacity Reservation in which to run the instance. */ capacityReservationId?: pulumi.Input; /** * The ARN of the Capacity Reservation resource group in which to run the instance. */ capacityReservationResourceGroupArn?: pulumi.Input; } export interface LaunchTemplateCpuOptions { /** * Indicates whether to enable the instance for AMD SEV-SNP. AMD SEV-SNP is supported with M6a, R6a, and C6a instance types only. Valid values are `enabled` and `disabled`. */ amdSevSnp?: pulumi.Input; /** * The number of CPU cores for the instance. */ coreCount?: pulumi.Input; /** * The number of threads per CPU core. * To disable Intel Hyper-Threading Technology for the instance, specify a value of 1. * Otherwise, specify the default value of 2. * * Both number of CPU cores and threads per core must be specified. Valid number of CPU cores and threads per core for the instance type can be found in the [CPU Options Documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-optimize-cpu.html?shortFooter=true#cpu-options-supported-instances-values) */ threadsPerCore?: pulumi.Input; } export interface LaunchTemplateCreditSpecification { /** * The credit option for CPU usage. * Can be `standard` or `unlimited`. * T3 instances are launched as `unlimited` by default. * T2 instances are launched as `standard` by default. */ cpuCredits?: pulumi.Input; } export interface LaunchTemplateElasticGpuSpecification { /** * The [Elastic GPU Type](https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/elastic-gpus.html#elastic-gpus-basics) */ type: pulumi.Input; } export interface LaunchTemplateElasticInferenceAccelerator { /** * Accelerator type. */ type: pulumi.Input; } export interface LaunchTemplateEnclaveOptions { /** * If set to `true`, Nitro Enclaves will be enabled on the instance. * * For more information, see the documentation on [Nitro Enclaves](https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave.html). */ enabled?: pulumi.Input; } export interface LaunchTemplateHibernationOptions { /** * If set to `true`, the launched EC2 instance will hibernation enabled. */ configured: pulumi.Input; } export interface LaunchTemplateIamInstanceProfile { /** * The Amazon Resource Name (ARN) of the instance profile. Conflicts with `name`. */ arn?: pulumi.Input; /** * The name of the instance profile. */ name?: pulumi.Input; } export interface LaunchTemplateInstanceMarketOptions { /** * The market type. Can be `spot`. */ marketType?: pulumi.Input; /** * The options for [Spot Instance](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-spot-instances.html) */ spotOptions?: pulumi.Input; } export interface LaunchTemplateInstanceMarketOptionsSpotOptions { /** * The required duration in minutes. This value must be a multiple of 60. */ blockDurationMinutes?: pulumi.Input; /** * The behavior when a Spot Instance is interrupted. Can be `hibernate`, * `stop`, or `terminate`. (Default: `terminate`). */ instanceInterruptionBehavior?: pulumi.Input; /** * The maximum hourly price you're willing to pay for the Spot Instances. */ maxPrice?: pulumi.Input; /** * The Spot Instance request type. Can be `one-time`, or `persistent`. */ spotInstanceType?: pulumi.Input; /** * The end date of the request. */ validUntil?: pulumi.Input; } export interface LaunchTemplateInstanceRequirements { /** * Block describing the minimum and maximum number of accelerators (GPUs, FPGAs, or AWS Inferentia chips). Default is no minimum or maximum. */ acceleratorCount?: pulumi.Input; /** * List of accelerator manufacturer names. Default is any manufacturer. * * ``` * Valid names: * * amazon-web-services * * amd * * nvidia * * xilinx * ``` */ acceleratorManufacturers?: pulumi.Input[]>; /** * List of accelerator names. Default is any acclerator. * * ``` * Valid names: * * a100 - NVIDIA A100 GPUs * * v100 - NVIDIA V100 GPUs * * k80 - NVIDIA K80 GPUs * * t4 - NVIDIA T4 GPUs * * m60 - NVIDIA M60 GPUs * * radeon-pro-v520 - AMD Radeon Pro V520 GPUs * * vu9p - Xilinx VU9P FPGAs * ``` */ acceleratorNames?: pulumi.Input[]>; /** * Block describing the minimum and maximum total memory of the accelerators. Default is no minimum or maximum. */ acceleratorTotalMemoryMib?: pulumi.Input; /** * List of accelerator types. Default is any accelerator type. * * ``` * Valid types: * * fpga * * gpu * * inference * ``` */ acceleratorTypes?: pulumi.Input[]>; /** * List of instance types to apply your specified attributes against. All other instance types are ignored, even if they match your specified attributes. You can use strings with one or more wild cards, represented by an asterisk (\*), to allow an instance type, size, or generation. The following are examples: `m5.8xlarge`, `c5*.*`, `m5a.*`, `r*`, `*3*`. For example, if you specify `c5*`, you are allowing the entire C5 instance family, which includes all C5a and C5n instance types. If you specify `m5a.*`, you are allowing all the M5a instance types, but not the M5n instance types. Maximum of 400 entries in the list; each entry is limited to 30 characters. Default is all instance types. * * > **NOTE:** If you specify `allowedInstanceTypes`, you can't specify `excludedInstanceTypes`. */ allowedInstanceTypes?: pulumi.Input[]>; /** * Indicate whether bare metal instace types should be `included`, `excluded`, or `required`. Default is `excluded`. */ bareMetal?: pulumi.Input; /** * Block describing the minimum and maximum baseline EBS bandwidth, in Mbps. Default is no minimum or maximum. */ baselineEbsBandwidthMbps?: pulumi.Input; /** * Indicate whether burstable performance instance types should be `included`, `excluded`, or `required`. Default is `excluded`. */ burstablePerformance?: pulumi.Input; /** * List of CPU manufacturer names. Default is any manufacturer. * * > **NOTE:** Don't confuse the CPU hardware manufacturer with the CPU hardware architecture. Instances will be launched with a compatible CPU architecture based on the Amazon Machine Image (AMI) that you specify in your launch template. * * ``` * Valid names: * * amazon-web-services * * amd * * intel * ``` */ cpuManufacturers?: pulumi.Input[]>; /** * List of instance types to exclude. You can use strings with one or more wild cards, represented by an asterisk (\*), to exclude an instance type, size, or generation. The following are examples: `m5.8xlarge`, `c5*.*`, `m5a.*`, `r*`, `*3*`. For example, if you specify `c5*`, you are excluding the entire C5 instance family, which includes all C5a and C5n instance types. If you specify `m5a.*`, you are excluding all the M5a instance types, but not the M5n instance types. Maximum of 400 entries in the list; each entry is limited to 30 characters. Default is no excluded instance types. * * > **NOTE:** If you specify `excludedInstanceTypes`, you can't specify `allowedInstanceTypes`. */ excludedInstanceTypes?: pulumi.Input[]>; /** * List of instance generation names. Default is any generation. * * ``` * Valid names: * * current - Recommended for best performance. * * previous - For existing applications optimized for older instance types. * ``` */ instanceGenerations?: pulumi.Input[]>; /** * Indicate whether instance types with local storage volumes are `included`, `excluded`, or `required`. Default is `included`. */ localStorage?: pulumi.Input; /** * List of local storage type names. Default any storage type. * * ``` * Value names: * * hdd - hard disk drive * * ssd - solid state drive * ``` */ localStorageTypes?: pulumi.Input[]>; /** * Block describing the minimum and maximum amount of memory (GiB) per vCPU. Default is no minimum or maximum. */ memoryGibPerVcpu?: pulumi.Input; /** * Block describing the minimum and maximum amount of memory (MiB). Default is no maximum. */ memoryMib: pulumi.Input; /** * Block describing the minimum and maximum amount of network bandwidth, in gigabits per second (Gbps). Default is no minimum or maximum. */ networkBandwidthGbps?: pulumi.Input; /** * Block describing the minimum and maximum number of network interfaces. Default is no minimum or maximum. */ networkInterfaceCount?: pulumi.Input; /** * The price protection threshold for On-Demand Instances. This is the maximum you’ll pay for an On-Demand Instance, expressed as a percentage higher than the cheapest M, C, or R instance type with your specified attributes. When Amazon EC2 Auto Scaling selects instance types with your attributes, we will exclude instance types whose price is higher than your threshold. The parameter accepts an integer, which Amazon EC2 Auto Scaling interprets as a percentage. To turn off price protection, specify a high value, such as 999999. Default is 20. * * If you set DesiredCapacityType to vcpu or memory-mib, the price protection threshold is applied based on the per vCPU or per memory price instead of the per instance price. */ onDemandMaxPricePercentageOverLowestPrice?: pulumi.Input; /** * Indicate whether instance types must support On-Demand Instance Hibernation, either `true` or `false`. Default is `false`. */ requireHibernateSupport?: pulumi.Input; /** * The price protection threshold for Spot Instances. This is the maximum you’ll pay for a Spot Instance, expressed as a percentage higher than the cheapest M, C, or R instance type with your specified attributes. When Amazon EC2 Auto Scaling selects instance types with your attributes, we will exclude instance types whose price is higher than your threshold. The parameter accepts an integer, which Amazon EC2 Auto Scaling interprets as a percentage. To turn off price protection, specify a high value, such as 999999. Default is 100. * * If you set DesiredCapacityType to vcpu or memory-mib, the price protection threshold is applied based on the per vCPU or per memory price instead of the per instance price. */ spotMaxPricePercentageOverLowestPrice?: pulumi.Input; /** * Block describing the minimum and maximum total local storage (GB). Default is no minimum or maximum. */ totalLocalStorageGb?: pulumi.Input; /** * Block describing the minimum and maximum number of vCPUs. Default is no maximum. */ vcpuCount: pulumi.Input; } export interface LaunchTemplateInstanceRequirementsAcceleratorCount { /** * Maximum. Set to `0` to exclude instance types with accelerators. */ max?: pulumi.Input; /** * Minimum. */ min?: pulumi.Input; } export interface LaunchTemplateInstanceRequirementsAcceleratorTotalMemoryMib { /** * Maximum. */ max?: pulumi.Input; /** * Minimum. */ min?: pulumi.Input; } export interface LaunchTemplateInstanceRequirementsBaselineEbsBandwidthMbps { /** * Maximum. */ max?: pulumi.Input; /** * Minimum. */ min?: pulumi.Input; } export interface LaunchTemplateInstanceRequirementsMemoryGibPerVcpu { /** * Maximum. May be a decimal number, e.g. `0.5`. */ max?: pulumi.Input; /** * Minimum. May be a decimal number, e.g. `0.5`. */ min?: pulumi.Input; } export interface LaunchTemplateInstanceRequirementsMemoryMib { /** * Maximum. */ max?: pulumi.Input; /** * Minimum. */ min: pulumi.Input; } export interface LaunchTemplateInstanceRequirementsNetworkBandwidthGbps { /** * Maximum. */ max?: pulumi.Input; /** * Minimum. */ min?: pulumi.Input; } export interface LaunchTemplateInstanceRequirementsNetworkInterfaceCount { /** * Maximum. */ max?: pulumi.Input; /** * Minimum. */ min?: pulumi.Input; } export interface LaunchTemplateInstanceRequirementsTotalLocalStorageGb { /** * Maximum. May be a decimal number, e.g. `0.5`. */ max?: pulumi.Input; /** * Minimum. May be a decimal number, e.g. `0.5`. */ min?: pulumi.Input; } export interface LaunchTemplateInstanceRequirementsVcpuCount { /** * Maximum. */ max?: pulumi.Input; /** * Minimum. */ min: pulumi.Input; } export interface LaunchTemplateLicenseSpecification { /** * ARN of the license configuration. */ licenseConfigurationArn: pulumi.Input; } export interface LaunchTemplateMaintenanceOptions { /** * Disables the automatic recovery behavior of your instance or sets it to default. Can be `"default"` or `"disabled"`. See [Recover your instance](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-recover.html) for more details. */ autoRecovery?: pulumi.Input; } export interface LaunchTemplateMetadataOptions { /** * Whether the metadata service is available. Can be `"enabled"` or `"disabled"`. (Default: `"enabled"`). */ httpEndpoint?: pulumi.Input; /** * Enables or disables the IPv6 endpoint for the instance metadata service. Can be `"enabled"` or `"disabled"`. */ httpProtocolIpv6?: pulumi.Input; /** * The desired HTTP PUT response hop limit for instance metadata requests. The larger the number, the further instance metadata requests can travel. Can be an integer from `1` to `64`. (Default: `1`). */ httpPutResponseHopLimit?: pulumi.Input; /** * Whether or not the metadata service requires session tokens, also referred to as _Instance Metadata Service Version 2 (IMDSv2)_. Can be `"optional"` or `"required"`. (Default: `"optional"`). */ httpTokens?: pulumi.Input; /** * Enables or disables access to instance tags from the instance metadata service. Can be `"enabled"` or `"disabled"`. * * For more information, see the documentation on the [Instance Metadata Service](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html). */ instanceMetadataTags?: pulumi.Input; } export interface LaunchTemplateMonitoring { /** * If `true`, the launched EC2 instance will have detailed monitoring enabled. */ enabled?: pulumi.Input; } export interface LaunchTemplateNetworkInterface { /** * Associate a Carrier IP address with `eth0` for a new network interface. * Use this option when you launch an instance in a Wavelength Zone and want to associate a Carrier IP address with the network interface. * Boolean value, can be left unset. */ associateCarrierIpAddress?: pulumi.Input; /** * Associate a public ip address with the network interface. * Boolean value, can be left unset. */ associatePublicIpAddress?: pulumi.Input; /** * Whether the network interface should be destroyed on instance termination. */ deleteOnTermination?: pulumi.Input; /** * Description of the network interface. */ description?: pulumi.Input; /** * The integer index of the network interface attachment. */ deviceIndex?: pulumi.Input; /** * The type of network interface. To create an Elastic Fabric Adapter (EFA), specify `efa`. */ interfaceType?: pulumi.Input; /** * The number of secondary private IPv4 addresses to assign to a network interface. Conflicts with `ipv4Addresses` */ ipv4AddressCount?: pulumi.Input; /** * One or more private IPv4 addresses to associate. Conflicts with `ipv4AddressCount` */ ipv4Addresses?: pulumi.Input[]>; /** * The number of IPv4 prefixes to be automatically assigned to the network interface. Conflicts with `ipv4Prefixes` */ ipv4PrefixCount?: pulumi.Input; /** * One or more IPv4 prefixes to be assigned to the network interface. Conflicts with `ipv4PrefixCount` */ ipv4Prefixes?: pulumi.Input[]>; /** * The number of IPv6 addresses to assign to a network interface. Conflicts with `ipv6Addresses` */ ipv6AddressCount?: pulumi.Input; /** * One or more specific IPv6 addresses from the IPv6 CIDR block range of your subnet. Conflicts with `ipv6AddressCount` */ ipv6Addresses?: pulumi.Input[]>; /** * The number of IPv6 prefixes to be automatically assigned to the network interface. Conflicts with `ipv6Prefixes` */ ipv6PrefixCount?: pulumi.Input; /** * One or more IPv6 prefixes to be assigned to the network interface. Conflicts with `ipv6PrefixCount` */ ipv6Prefixes?: pulumi.Input[]>; /** * The index of the network card. Some instance types support multiple network cards. The primary network interface must be assigned to network card index 0. The default is network card index 0. */ networkCardIndex?: pulumi.Input; /** * The ID of the network interface to attach. */ networkInterfaceId?: pulumi.Input; /** * The primary private IPv4 address. */ privateIpAddress?: pulumi.Input; /** * A list of security group IDs to associate. */ securityGroups?: pulumi.Input[]>; /** * The VPC Subnet ID to associate. */ subnetId?: pulumi.Input; } export interface LaunchTemplatePlacement { /** * The affinity setting for an instance on a Dedicated Host. */ affinity?: pulumi.Input; /** * The Availability Zone for the instance. */ availabilityZone?: pulumi.Input; /** * The name of the placement group for the instance. */ groupName?: pulumi.Input; /** * The ID of the Dedicated Host for the instance. */ hostId?: pulumi.Input; /** * The ARN of the Host Resource Group in which to launch instances. */ hostResourceGroupArn?: pulumi.Input; /** * The number of the partition the instance should launch in. Valid only if the placement group strategy is set to partition. */ partitionNumber?: pulumi.Input; /** * Reserved for future use. */ spreadDomain?: pulumi.Input; /** * The tenancy of the instance (if the instance is running in a VPC). Can be `default`, `dedicated`, or `host`. */ tenancy?: pulumi.Input; } export interface LaunchTemplatePrivateDnsNameOptions { /** * Indicates whether to respond to DNS queries for instance hostnames with DNS A records. */ enableResourceNameDnsARecord?: pulumi.Input; /** * Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. */ enableResourceNameDnsAaaaRecord?: pulumi.Input; /** * The type of hostname for Amazon EC2 instances. For IPv4 only subnets, an instance DNS name must be based on the instance IPv4 address. For IPv6 native subnets, an instance DNS name must be based on the instance ID. For dual-stack subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: `ip-name` and `resource-name`. */ hostnameType?: pulumi.Input; } export interface LaunchTemplateTagSpecification { /** * The type of resource to tag. */ resourceType?: pulumi.Input; /** * A map of tags to assign to the resource. */ tags?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface ManagedPrefixListEntry { /** * CIDR block of this entry. */ cidr: pulumi.Input; /** * Description of this entry. Due to API limitations, updating only the description of an existing entry requires temporarily removing and re-adding the entry. */ description?: pulumi.Input; } export interface NetworkAclEgress { /** * The action to take. */ action: pulumi.Input; /** * The CIDR block to match. This must be a * valid network mask. */ cidrBlock?: pulumi.Input; /** * The from port to match. */ fromPort: pulumi.Input; /** * The ICMP type code to be used. Default 0. * * > Note: For more information on ICMP types and codes, see here: https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml */ icmpCode?: pulumi.Input; /** * The ICMP type to be used. Default 0. */ icmpType?: pulumi.Input; /** * The IPv6 CIDR block. */ ipv6CidrBlock?: pulumi.Input; /** * The protocol to match. If using the -1 'all' * protocol, you must specify a from and to port of 0. */ protocol: pulumi.Input; /** * The rule number. Used for ordering. */ ruleNo: pulumi.Input; /** * The to port to match. */ toPort: pulumi.Input; } export interface NetworkAclIngress { /** * The action to take. */ action: pulumi.Input; /** * The CIDR block to match. This must be a * valid network mask. */ cidrBlock?: pulumi.Input; /** * The from port to match. */ fromPort: pulumi.Input; /** * The ICMP type code to be used. Default 0. * * > Note: For more information on ICMP types and codes, see here: https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml */ icmpCode?: pulumi.Input; /** * The ICMP type to be used. Default 0. */ icmpType?: pulumi.Input; /** * The IPv6 CIDR block. */ ipv6CidrBlock?: pulumi.Input; /** * The protocol to match. If using the -1 'all' * protocol, you must specify a from and to port of 0. */ protocol: pulumi.Input; /** * The rule number. Used for ordering. */ ruleNo: pulumi.Input; /** * The to port to match. */ toPort: pulumi.Input; } export interface NetworkInsightsAnalysisAlternatePathHint { /** * The Amazon Resource Name (ARN) of the component. */ componentArn?: pulumi.Input; /** * The ID of the component. */ componentId?: pulumi.Input; } export interface NetworkInsightsAnalysisExplanation { aclRules?: pulumi.Input[]>; acls?: pulumi.Input[]>; address?: pulumi.Input; addresses?: pulumi.Input[]>; attachedTos?: pulumi.Input[]>; availabilityZones?: pulumi.Input[]>; cidrs?: pulumi.Input[]>; classicLoadBalancerListeners?: pulumi.Input[]>; components?: pulumi.Input[]>; customerGateways?: pulumi.Input[]>; destinationVpcs?: pulumi.Input[]>; destinations?: pulumi.Input[]>; direction?: pulumi.Input; elasticLoadBalancerListeners?: pulumi.Input[]>; explanationCode?: pulumi.Input; ingressRouteTables?: pulumi.Input[]>; internetGateways?: pulumi.Input[]>; loadBalancerArn?: pulumi.Input; loadBalancerListenerPort?: pulumi.Input; loadBalancerTargetGroup?: pulumi.Input[]>; loadBalancerTargetGroups?: pulumi.Input[]>; loadBalancerTargetPort?: pulumi.Input; missingComponent?: pulumi.Input; natGateways?: pulumi.Input[]>; networkInterfaces?: pulumi.Input[]>; packetField?: pulumi.Input; port?: pulumi.Input; portRanges?: pulumi.Input[]>; prefixLists?: pulumi.Input[]>; protocols?: pulumi.Input[]>; routeTableRoutes?: pulumi.Input[]>; routeTables?: pulumi.Input[]>; securityGroup?: pulumi.Input[]>; securityGroupRules?: pulumi.Input[]>; securityGroups?: pulumi.Input[]>; sourceVpcs?: pulumi.Input[]>; state?: pulumi.Input; subnetRouteTables?: pulumi.Input[]>; subnets?: pulumi.Input[]>; transitGatewayAttachments?: pulumi.Input[]>; transitGatewayRouteTableRoutes?: pulumi.Input[]>; transitGatewayRouteTables?: pulumi.Input[]>; transitGateways?: pulumi.Input[]>; vpcEndpoints?: pulumi.Input[]>; vpcPeeringConnections?: pulumi.Input[]>; vpcs?: pulumi.Input[]>; vpnConnections?: pulumi.Input[]>; vpnGateways?: pulumi.Input[]>; } export interface NetworkInsightsAnalysisExplanationAcl { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisExplanationAclRule { cidr?: pulumi.Input; egress?: pulumi.Input; portRanges?: pulumi.Input[]>; protocol?: pulumi.Input; ruleAction?: pulumi.Input; ruleNumber?: pulumi.Input; } export interface NetworkInsightsAnalysisExplanationAclRulePortRange { from?: pulumi.Input; to?: pulumi.Input; } export interface NetworkInsightsAnalysisExplanationAttachedTo { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisExplanationClassicLoadBalancerListener { instancePort?: pulumi.Input; loadBalancerPort?: pulumi.Input; } export interface NetworkInsightsAnalysisExplanationComponent { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisExplanationCustomerGateway { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisExplanationDestination { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisExplanationDestinationVpc { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisExplanationElasticLoadBalancerListener { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisExplanationIngressRouteTable { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisExplanationInternetGateway { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisExplanationLoadBalancerTargetGroup { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisExplanationNatGateway { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisExplanationNetworkInterface { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisExplanationPortRange { from?: pulumi.Input; to?: pulumi.Input; } export interface NetworkInsightsAnalysisExplanationPrefixList { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisExplanationRouteTable { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisExplanationRouteTableRoute { destinationCidr?: pulumi.Input; destinationPrefixListId?: pulumi.Input; egressOnlyInternetGatewayId?: pulumi.Input; gatewayId?: pulumi.Input; instanceId?: pulumi.Input; natGatewayId?: pulumi.Input; networkInterfaceId?: pulumi.Input; origin?: pulumi.Input; transitGatewayId?: pulumi.Input; vpcPeeringConnectionId?: pulumi.Input; } export interface NetworkInsightsAnalysisExplanationSecurityGroup { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisExplanationSecurityGroupRule { cidr?: pulumi.Input; direction?: pulumi.Input; portRanges?: pulumi.Input[]>; prefixListId?: pulumi.Input; protocol?: pulumi.Input; securityGroupId?: pulumi.Input; } export interface NetworkInsightsAnalysisExplanationSecurityGroupRulePortRange { from?: pulumi.Input; to?: pulumi.Input; } export interface NetworkInsightsAnalysisExplanationSourceVpc { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisExplanationSubnet { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisExplanationSubnetRouteTable { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisExplanationTransitGateway { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisExplanationTransitGatewayAttachment { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisExplanationTransitGatewayRouteTable { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisExplanationTransitGatewayRouteTableRoute { attachmentId?: pulumi.Input; destinationCidr?: pulumi.Input; prefixListId?: pulumi.Input; resourceId?: pulumi.Input; resourceType?: pulumi.Input; routeOrigin?: pulumi.Input; state?: pulumi.Input; } export interface NetworkInsightsAnalysisExplanationVpc { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisExplanationVpcEndpoint { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisExplanationVpcPeeringConnection { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisExplanationVpnConnection { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisExplanationVpnGateway { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisForwardPathComponent { aclRules?: pulumi.Input[]>; additionalDetails?: pulumi.Input[]>; attachedTos?: pulumi.Input[]>; components?: pulumi.Input[]>; destinationVpcs?: pulumi.Input[]>; inboundHeaders?: pulumi.Input[]>; outboundHeaders?: pulumi.Input[]>; routeTableRoutes?: pulumi.Input[]>; securityGroupRules?: pulumi.Input[]>; sequenceNumber?: pulumi.Input; sourceVpcs?: pulumi.Input[]>; subnets?: pulumi.Input[]>; transitGatewayRouteTableRoutes?: pulumi.Input[]>; transitGateways?: pulumi.Input[]>; vpcs?: pulumi.Input[]>; } export interface NetworkInsightsAnalysisForwardPathComponentAclRule { cidr?: pulumi.Input; egress?: pulumi.Input; portRanges?: pulumi.Input[]>; protocol?: pulumi.Input; ruleAction?: pulumi.Input; ruleNumber?: pulumi.Input; } export interface NetworkInsightsAnalysisForwardPathComponentAclRulePortRange { from?: pulumi.Input; to?: pulumi.Input; } export interface NetworkInsightsAnalysisForwardPathComponentAdditionalDetail { additionalDetailType?: pulumi.Input; components?: pulumi.Input[]>; } export interface NetworkInsightsAnalysisForwardPathComponentAdditionalDetailComponent { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisForwardPathComponentAttachedTo { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisForwardPathComponentComponent { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisForwardPathComponentDestinationVpc { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisForwardPathComponentInboundHeader { destinationAddresses?: pulumi.Input[]>; destinationPortRanges?: pulumi.Input[]>; protocol?: pulumi.Input; sourceAddresses?: pulumi.Input[]>; sourcePortRanges?: pulumi.Input[]>; } export interface NetworkInsightsAnalysisForwardPathComponentInboundHeaderDestinationPortRange { from?: pulumi.Input; to?: pulumi.Input; } export interface NetworkInsightsAnalysisForwardPathComponentInboundHeaderSourcePortRange { from?: pulumi.Input; to?: pulumi.Input; } export interface NetworkInsightsAnalysisForwardPathComponentOutboundHeader { destinationAddresses?: pulumi.Input[]>; destinationPortRanges?: pulumi.Input[]>; protocol?: pulumi.Input; sourceAddresses?: pulumi.Input[]>; sourcePortRanges?: pulumi.Input[]>; } export interface NetworkInsightsAnalysisForwardPathComponentOutboundHeaderDestinationPortRange { from?: pulumi.Input; to?: pulumi.Input; } export interface NetworkInsightsAnalysisForwardPathComponentOutboundHeaderSourcePortRange { from?: pulumi.Input; to?: pulumi.Input; } export interface NetworkInsightsAnalysisForwardPathComponentRouteTableRoute { destinationCidr?: pulumi.Input; destinationPrefixListId?: pulumi.Input; egressOnlyInternetGatewayId?: pulumi.Input; gatewayId?: pulumi.Input; instanceId?: pulumi.Input; natGatewayId?: pulumi.Input; networkInterfaceId?: pulumi.Input; origin?: pulumi.Input; transitGatewayId?: pulumi.Input; vpcPeeringConnectionId?: pulumi.Input; } export interface NetworkInsightsAnalysisForwardPathComponentSecurityGroupRule { cidr?: pulumi.Input; direction?: pulumi.Input; portRanges?: pulumi.Input[]>; prefixListId?: pulumi.Input; protocol?: pulumi.Input; securityGroupId?: pulumi.Input; } export interface NetworkInsightsAnalysisForwardPathComponentSecurityGroupRulePortRange { from?: pulumi.Input; to?: pulumi.Input; } export interface NetworkInsightsAnalysisForwardPathComponentSourceVpc { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisForwardPathComponentSubnet { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisForwardPathComponentTransitGateway { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisForwardPathComponentTransitGatewayRouteTableRoute { attachmentId?: pulumi.Input; destinationCidr?: pulumi.Input; prefixListId?: pulumi.Input; resourceId?: pulumi.Input; resourceType?: pulumi.Input; routeOrigin?: pulumi.Input; state?: pulumi.Input; } export interface NetworkInsightsAnalysisForwardPathComponentVpc { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisReturnPathComponent { aclRules?: pulumi.Input[]>; additionalDetails?: pulumi.Input[]>; attachedTos?: pulumi.Input[]>; components?: pulumi.Input[]>; destinationVpcs?: pulumi.Input[]>; inboundHeaders?: pulumi.Input[]>; outboundHeaders?: pulumi.Input[]>; routeTableRoutes?: pulumi.Input[]>; securityGroupRules?: pulumi.Input[]>; sequenceNumber?: pulumi.Input; sourceVpcs?: pulumi.Input[]>; subnets?: pulumi.Input[]>; transitGatewayRouteTableRoutes?: pulumi.Input[]>; transitGateways?: pulumi.Input[]>; vpcs?: pulumi.Input[]>; } export interface NetworkInsightsAnalysisReturnPathComponentAclRule { cidr?: pulumi.Input; egress?: pulumi.Input; portRanges?: pulumi.Input[]>; protocol?: pulumi.Input; ruleAction?: pulumi.Input; ruleNumber?: pulumi.Input; } export interface NetworkInsightsAnalysisReturnPathComponentAclRulePortRange { from?: pulumi.Input; to?: pulumi.Input; } export interface NetworkInsightsAnalysisReturnPathComponentAdditionalDetail { additionalDetailType?: pulumi.Input; components?: pulumi.Input[]>; } export interface NetworkInsightsAnalysisReturnPathComponentAdditionalDetailComponent { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisReturnPathComponentAttachedTo { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisReturnPathComponentComponent { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisReturnPathComponentDestinationVpc { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisReturnPathComponentInboundHeader { destinationAddresses?: pulumi.Input[]>; destinationPortRanges?: pulumi.Input[]>; protocol?: pulumi.Input; sourceAddresses?: pulumi.Input[]>; sourcePortRanges?: pulumi.Input[]>; } export interface NetworkInsightsAnalysisReturnPathComponentInboundHeaderDestinationPortRange { from?: pulumi.Input; to?: pulumi.Input; } export interface NetworkInsightsAnalysisReturnPathComponentInboundHeaderSourcePortRange { from?: pulumi.Input; to?: pulumi.Input; } export interface NetworkInsightsAnalysisReturnPathComponentOutboundHeader { destinationAddresses?: pulumi.Input[]>; destinationPortRanges?: pulumi.Input[]>; protocol?: pulumi.Input; sourceAddresses?: pulumi.Input[]>; sourcePortRanges?: pulumi.Input[]>; } export interface NetworkInsightsAnalysisReturnPathComponentOutboundHeaderDestinationPortRange { from?: pulumi.Input; to?: pulumi.Input; } export interface NetworkInsightsAnalysisReturnPathComponentOutboundHeaderSourcePortRange { from?: pulumi.Input; to?: pulumi.Input; } export interface NetworkInsightsAnalysisReturnPathComponentRouteTableRoute { destinationCidr?: pulumi.Input; destinationPrefixListId?: pulumi.Input; egressOnlyInternetGatewayId?: pulumi.Input; gatewayId?: pulumi.Input; instanceId?: pulumi.Input; natGatewayId?: pulumi.Input; networkInterfaceId?: pulumi.Input; origin?: pulumi.Input; transitGatewayId?: pulumi.Input; vpcPeeringConnectionId?: pulumi.Input; } export interface NetworkInsightsAnalysisReturnPathComponentSecurityGroupRule { cidr?: pulumi.Input; direction?: pulumi.Input; portRanges?: pulumi.Input[]>; prefixListId?: pulumi.Input; protocol?: pulumi.Input; securityGroupId?: pulumi.Input; } export interface NetworkInsightsAnalysisReturnPathComponentSecurityGroupRulePortRange { from?: pulumi.Input; to?: pulumi.Input; } export interface NetworkInsightsAnalysisReturnPathComponentSourceVpc { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisReturnPathComponentSubnet { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisReturnPathComponentTransitGateway { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInsightsAnalysisReturnPathComponentTransitGatewayRouteTableRoute { attachmentId?: pulumi.Input; destinationCidr?: pulumi.Input; prefixListId?: pulumi.Input; resourceId?: pulumi.Input; resourceType?: pulumi.Input; routeOrigin?: pulumi.Input; state?: pulumi.Input; } export interface NetworkInsightsAnalysisReturnPathComponentVpc { /** * ARN of the Network Insights Analysis. */ arn?: pulumi.Input; /** * ID of the Network Insights Analysis. */ id?: pulumi.Input; name?: pulumi.Input; } export interface NetworkInterfaceAttachment { attachmentId?: pulumi.Input; /** * Integer to define the devices index. */ deviceIndex: pulumi.Input; /** * ID of the instance to attach to. */ instance: pulumi.Input; } export interface PeeringConnectionOptionsAccepter { allowRemoteVpcDnsResolution?: pulumi.Input; } export interface PeeringConnectionOptionsRequester { allowRemoteVpcDnsResolution?: pulumi.Input; } export interface RouteTableRoute { /** * Identifier of a carrier gateway. This attribute can only be used when the VPC contains a subnet which is associated with a Wavelength Zone. */ carrierGatewayId?: pulumi.Input; /** * The CIDR block of the route. */ cidrBlock?: pulumi.Input; /** * The Amazon Resource Name (ARN) of a core network. */ coreNetworkArn?: pulumi.Input; /** * The ID of a managed prefix list destination of the route. * * One of the following target arguments must be supplied: */ destinationPrefixListId?: pulumi.Input; /** * Identifier of a VPC Egress Only Internet Gateway. */ egressOnlyGatewayId?: pulumi.Input; /** * Identifier of a VPC internet gateway, virtual private gateway, or `local`. `local` routes cannot be created but can be adopted or imported. See the example above. */ gatewayId?: pulumi.Input; /** * The Ipv6 CIDR block of the route. */ ipv6CidrBlock?: pulumi.Input; /** * Identifier of a Outpost local gateway. */ localGatewayId?: pulumi.Input; /** * Identifier of a VPC NAT gateway. */ natGatewayId?: pulumi.Input; /** * Identifier of an EC2 network interface. */ networkInterfaceId?: pulumi.Input; /** * Identifier of an EC2 Transit Gateway. */ transitGatewayId?: pulumi.Input; /** * Identifier of a VPC Endpoint. */ vpcEndpointId?: pulumi.Input; /** * Identifier of a VPC peering connection. * * Note that the default route, mapping the VPC's CIDR block to "local", is created implicitly and cannot be specified. */ vpcPeeringConnectionId?: pulumi.Input; } export interface SecurityGroupEgress { /** * List of CIDR blocks. */ cidrBlocks?: pulumi.Input[]>; /** * Description of this egress rule. */ description?: pulumi.Input; /** * Start port (or ICMP type number if protocol is `icmp`) */ fromPort: pulumi.Input; /** * List of IPv6 CIDR blocks. */ ipv6CidrBlocks?: pulumi.Input[]>; /** * List of Prefix List IDs. */ prefixListIds?: pulumi.Input[]>; /** * Protocol. If you select a protocol of `-1` (semantically equivalent to `all`, which is not a valid value here), you must specify a `fromPort` and `toPort` equal to 0. The supported values are defined in the `IpProtocol` argument in the [IpPermission](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_IpPermission.html) API reference. */ protocol: pulumi.Input; /** * List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID. */ securityGroups?: pulumi.Input[]>; /** * Whether the security group itself will be added as a source to this egress rule. */ self?: pulumi.Input; /** * End range port (or ICMP code if protocol is `icmp`). * * The following arguments are optional: * * > **Note** Although `cidrBlocks`, `ipv6CidrBlocks`, `prefixListIds`, and `securityGroups` are all marked as optional, you _must_ provide one of them in order to configure the destination of the traffic. */ toPort: pulumi.Input; } export interface SecurityGroupIngress { /** * List of CIDR blocks. */ cidrBlocks?: pulumi.Input[]>; /** * Description of this ingress rule. */ description?: pulumi.Input; /** * Start port (or ICMP type number if protocol is `icmp` or `icmpv6`). */ fromPort: pulumi.Input; /** * List of IPv6 CIDR blocks. */ ipv6CidrBlocks?: pulumi.Input[]>; /** * List of Prefix List IDs. */ prefixListIds?: pulumi.Input[]>; /** * Protocol. If you select a protocol of `-1` (semantically equivalent to `all`, which is not a valid value here), you must specify a `fromPort` and `toPort` equal to 0. The supported values are defined in the `IpProtocol` argument on the [IpPermission](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_IpPermission.html) API reference. * * The following arguments are optional: * * > **Note** Although `cidrBlocks`, `ipv6CidrBlocks`, `prefixListIds`, and `securityGroups` are all marked as optional, you _must_ provide one of them in order to configure the source of the traffic. */ protocol: pulumi.Input; /** * List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID. */ securityGroups?: pulumi.Input[]>; /** * Whether the security group itself will be added as a source to this ingress rule. */ self?: pulumi.Input; /** * End range port (or ICMP code if protocol is `icmp`). */ toPort: pulumi.Input; } export interface SpotFleetRequestLaunchSpecification { ami: pulumi.Input; associatePublicIpAddress?: pulumi.Input; availabilityZone?: pulumi.Input; ebsBlockDevices?: pulumi.Input[]>; ebsOptimized?: pulumi.Input; ephemeralBlockDevices?: pulumi.Input[]>; iamInstanceProfile?: pulumi.Input; iamInstanceProfileArn?: pulumi.Input; instanceType: pulumi.Input; keyName?: pulumi.Input; monitoring?: pulumi.Input; placementGroup?: pulumi.Input; placementTenancy?: pulumi.Input; rootBlockDevices?: pulumi.Input[]>; /** * The maximum bid price per unit hour. */ spotPrice?: pulumi.Input; subnetId?: pulumi.Input; /** * A map of tags to assign to the resource. .If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. */ tags?: pulumi.Input<{[key: string]: pulumi.Input}>; userData?: pulumi.Input; vpcSecurityGroupIds?: pulumi.Input[]>; weightedCapacity?: pulumi.Input; } export interface SpotFleetRequestLaunchSpecificationEbsBlockDevice { deleteOnTermination?: pulumi.Input; deviceName: pulumi.Input; encrypted?: pulumi.Input; iops?: pulumi.Input; kmsKeyId?: pulumi.Input; snapshotId?: pulumi.Input; throughput?: pulumi.Input; volumeSize?: pulumi.Input; volumeType?: pulumi.Input; } export interface SpotFleetRequestLaunchSpecificationEphemeralBlockDevice { deviceName: pulumi.Input; virtualName: pulumi.Input; } export interface SpotFleetRequestLaunchSpecificationRootBlockDevice { deleteOnTermination?: pulumi.Input; encrypted?: pulumi.Input; iops?: pulumi.Input; kmsKeyId?: pulumi.Input; throughput?: pulumi.Input; volumeSize?: pulumi.Input; volumeType?: pulumi.Input; } export interface SpotFleetRequestLaunchTemplateConfig { /** * Launch template specification. See Launch Template Specification below for more details. */ launchTemplateSpecification: pulumi.Input; /** * One or more override configurations. See Overrides below for more details. */ overrides?: pulumi.Input[]>; } export interface SpotFleetRequestLaunchTemplateConfigLaunchTemplateSpecification { /** * The ID of the launch template. Conflicts with `name`. */ id?: pulumi.Input; /** * The name of the launch template. Conflicts with `id`. */ name?: pulumi.Input; /** * Template version. Unlike the autoscaling equivalent, does not support `$Latest` or `$Default`, so use the launchTemplate resource's attribute, e.g., `"${aws_launch_template.foo.latest_version}"`. It will use the default version if omitted. * * **Note:** The specified launch template can specify only a subset of the * inputs of `aws.ec2.LaunchTemplate`. There are limitations on * what you can specify as spot fleet does not support all the attributes that are supported by autoscaling groups. [AWS documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-launch-templates.html#launch-templates-spot-fleet) is currently sparse, but at least `instanceInitiatedShutdownBehavior` is confirmed unsupported. */ version?: pulumi.Input; } export interface SpotFleetRequestLaunchTemplateConfigOverride { /** * The availability zone in which to place the request. */ availabilityZone?: pulumi.Input; /** * The instance requirements. See below. */ instanceRequirements?: pulumi.Input; /** * The type of instance to request. */ instanceType?: pulumi.Input; /** * The priority for the launch template override. The lower the number, the higher the priority. If no number is set, the launch template override has the lowest priority. */ priority?: pulumi.Input; /** * The maximum spot bid for this override request. */ spotPrice?: pulumi.Input; /** * The subnet in which to launch the requested instance. */ subnetId?: pulumi.Input; /** * The capacity added to the fleet by a fulfilled request. */ weightedCapacity?: pulumi.Input; } export interface SpotFleetRequestLaunchTemplateConfigOverrideInstanceRequirements { /** * Block describing the minimum and maximum number of accelerators (GPUs, FPGAs, or AWS Inferentia chips). Default is no minimum or maximum. */ acceleratorCount?: pulumi.Input; /** * List of accelerator manufacturer names. Default is any manufacturer. * * ``` * Valid names: * * amazon-web-services * * amd * * nvidia * * xilinx * ``` */ acceleratorManufacturers?: pulumi.Input[]>; /** * List of accelerator names. Default is any acclerator. * * ``` * Valid names: * * a100 - NVIDIA A100 GPUs * * v100 - NVIDIA V100 GPUs * * k80 - NVIDIA K80 GPUs * * t4 - NVIDIA T4 GPUs * * m60 - NVIDIA M60 GPUs * * radeon-pro-v520 - AMD Radeon Pro V520 GPUs * * vu9p - Xilinx VU9P FPGAs * ``` */ acceleratorNames?: pulumi.Input[]>; /** * Block describing the minimum and maximum total memory of the accelerators. Default is no minimum or maximum. */ acceleratorTotalMemoryMib?: pulumi.Input; /** * List of accelerator types. Default is any accelerator type. * * ``` * Valid types: * * fpga * * gpu * * inference * ``` */ acceleratorTypes?: pulumi.Input[]>; /** * List of instance types to apply your specified attributes against. All other instance types are ignored, even if they match your specified attributes. You can use strings with one or more wild cards, represented by an asterisk (\*), to allow an instance type, size, or generation. The following are examples: `m5.8xlarge`, `c5*.*`, `m5a.*`, `r*`, `*3*`. For example, if you specify `c5*`, you are allowing the entire C5 instance family, which includes all C5a and C5n instance types. If you specify `m5a.*`, you are allowing all the M5a instance types, but not the M5n instance types. Maximum of 400 entries in the list; each entry is limited to 30 characters. Default is all instance types. * * > **NOTE:** If you specify `allowedInstanceTypes`, you can't specify `excludedInstanceTypes`. */ allowedInstanceTypes?: pulumi.Input[]>; /** * Indicate whether bare metal instace types should be `included`, `excluded`, or `required`. Default is `excluded`. */ bareMetal?: pulumi.Input; /** * Block describing the minimum and maximum baseline EBS bandwidth, in Mbps. Default is no minimum or maximum. */ baselineEbsBandwidthMbps?: pulumi.Input; /** * Indicate whether burstable performance instance types should be `included`, `excluded`, or `required`. Default is `excluded`. */ burstablePerformance?: pulumi.Input; /** * List of CPU manufacturer names. Default is any manufacturer. * * > **NOTE:** Don't confuse the CPU hardware manufacturer with the CPU hardware architecture. Instances will be launched with a compatible CPU architecture based on the Amazon Machine Image (AMI) that you specify in your launch template. * * ``` * Valid names: * * amazon-web-services * * amd * * intel * ``` */ cpuManufacturers?: pulumi.Input[]>; /** * List of instance types to exclude. You can use strings with one or more wild cards, represented by an asterisk (\*), to exclude an instance type, size, or generation. The following are examples: `m5.8xlarge`, `c5*.*`, `m5a.*`, `r*`, `*3*`. For example, if you specify `c5*`, you are excluding the entire C5 instance family, which includes all C5a and C5n instance types. If you specify `m5a.*`, you are excluding all the M5a instance types, but not the M5n instance types. Maximum of 400 entries in the list; each entry is limited to 30 characters. Default is no excluded instance types. * * > **NOTE:** If you specify `excludedInstanceTypes`, you can't specify `allowedInstanceTypes`. */ excludedInstanceTypes?: pulumi.Input[]>; /** * List of instance generation names. Default is any generation. * * ``` * Valid names: * * current - Recommended for best performance. * * previous - For existing applications optimized for older instance types. * ``` */ instanceGenerations?: pulumi.Input[]>; /** * Indicate whether instance types with local storage volumes are `included`, `excluded`, or `required`. Default is `included`. */ localStorage?: pulumi.Input; /** * List of local storage type names. Default any storage type. * * ``` * Value names: * * hdd - hard disk drive * * ssd - solid state drive * ``` */ localStorageTypes?: pulumi.Input[]>; /** * Block describing the minimum and maximum amount of memory (GiB) per vCPU. Default is no minimum or maximum. */ memoryGibPerVcpu?: pulumi.Input; /** * Block describing the minimum and maximum amount of memory (MiB). Default is no maximum. */ memoryMib?: pulumi.Input; /** * Block describing the minimum and maximum amount of network bandwidth, in gigabits per second (Gbps). Default is no minimum or maximum. */ networkBandwidthGbps?: pulumi.Input; /** * Block describing the minimum and maximum number of network interfaces. Default is no minimum or maximum. */ networkInterfaceCount?: pulumi.Input; /** * The price protection threshold for On-Demand Instances. This is the maximum you’ll pay for an On-Demand Instance, expressed as a percentage higher than the cheapest M, C, or R instance type with your specified attributes. When Amazon EC2 Auto Scaling selects instance types with your attributes, we will exclude instance types whose price is higher than your threshold. The parameter accepts an integer, which Amazon EC2 Auto Scaling interprets as a percentage. To turn off price protection, specify a high value, such as 999999. Default is 20. * * If you set DesiredCapacityType to vcpu or memory-mib, the price protection threshold is applied based on the per vCPU or per memory price instead of the per instance price. */ onDemandMaxPricePercentageOverLowestPrice?: pulumi.Input; /** * Indicate whether instance types must support On-Demand Instance Hibernation, either `true` or `false`. Default is `false`. */ requireHibernateSupport?: pulumi.Input; /** * The price protection threshold for Spot Instances. This is the maximum you’ll pay for a Spot Instance, expressed as a percentage higher than the cheapest M, C, or R instance type with your specified attributes. When Amazon EC2 Auto Scaling selects instance types with your attributes, we will exclude instance types whose price is higher than your threshold. The parameter accepts an integer, which Amazon EC2 Auto Scaling interprets as a percentage. To turn off price protection, specify a high value, such as 999999. Default is 100. * * If you set DesiredCapacityType to vcpu or memory-mib, the price protection threshold is applied based on the per vCPU or per memory price instead of the per instance price. */ spotMaxPricePercentageOverLowestPrice?: pulumi.Input; /** * Block describing the minimum and maximum total local storage (GB). Default is no minimum or maximum. */ totalLocalStorageGb?: pulumi.Input; /** * Block describing the minimum and maximum number of vCPUs. Default is no maximum. */ vcpuCount?: pulumi.Input; } export interface SpotFleetRequestLaunchTemplateConfigOverrideInstanceRequirementsAcceleratorCount { /** * Maximum. Set to `0` to exclude instance types with accelerators. */ max?: pulumi.Input; /** * Minimum. */ min?: pulumi.Input; } export interface SpotFleetRequestLaunchTemplateConfigOverrideInstanceRequirementsAcceleratorTotalMemoryMib { /** * Maximum. */ max?: pulumi.Input; /** * Minimum. */ min?: pulumi.Input; } export interface SpotFleetRequestLaunchTemplateConfigOverrideInstanceRequirementsBaselineEbsBandwidthMbps { /** * Maximum. */ max?: pulumi.Input; /** * Minimum. */ min?: pulumi.Input; } export interface SpotFleetRequestLaunchTemplateConfigOverrideInstanceRequirementsMemoryGibPerVcpu { /** * Maximum. May be a decimal number, e.g. `0.5`. */ max?: pulumi.Input; /** * Minimum. May be a decimal number, e.g. `0.5`. */ min?: pulumi.Input; } export interface SpotFleetRequestLaunchTemplateConfigOverrideInstanceRequirementsMemoryMib { /** * Maximum. */ max?: pulumi.Input; /** * Minimum. */ min?: pulumi.Input; } export interface SpotFleetRequestLaunchTemplateConfigOverrideInstanceRequirementsNetworkBandwidthGbps { /** * Maximum. */ max?: pulumi.Input; /** * Minimum. */ min?: pulumi.Input; } export interface SpotFleetRequestLaunchTemplateConfigOverrideInstanceRequirementsNetworkInterfaceCount { /** * Maximum. */ max?: pulumi.Input; /** * Minimum. */ min?: pulumi.Input; } export interface SpotFleetRequestLaunchTemplateConfigOverrideInstanceRequirementsTotalLocalStorageGb { /** * Maximum. May be a decimal number, e.g. `0.5`. */ max?: pulumi.Input; /** * Minimum. May be a decimal number, e.g. `0.5`. */ min?: pulumi.Input; } export interface SpotFleetRequestLaunchTemplateConfigOverrideInstanceRequirementsVcpuCount { /** * Maximum. */ max?: pulumi.Input; /** * Minimum. */ min?: pulumi.Input; } export interface SpotFleetRequestSpotMaintenanceStrategies { /** * Nested argument containing the capacity rebalance for your fleet request. Defined below. */ capacityRebalance?: pulumi.Input; } export interface SpotFleetRequestSpotMaintenanceStrategiesCapacityRebalance { /** * The replacement strategy to use. Only available for spot fleets with `fleetType` set to `maintain`. Valid values: `launch`. */ replacementStrategy?: pulumi.Input; } export interface SpotInstanceRequestCapacityReservationSpecification { /** * Indicates the instance's Capacity Reservation preferences. Can be `"open"` or `"none"`. (Default: `"open"`). */ capacityReservationPreference?: pulumi.Input; /** * Information about the target Capacity Reservation. See Capacity Reservation Target below for more details. * * For more information, see the documentation on [Capacity Reservations](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/capacity-reservations-using.html). */ capacityReservationTarget?: pulumi.Input; } export interface SpotInstanceRequestCapacityReservationSpecificationCapacityReservationTarget { /** * ID of the Capacity Reservation in which to run the instance. */ capacityReservationId?: pulumi.Input; /** * ARN of the Capacity Reservation resource group in which to run the instance. */ capacityReservationResourceGroupArn?: pulumi.Input; } export interface SpotInstanceRequestCpuOptions { /** * Indicates whether to enable the instance for AMD SEV-SNP. AMD SEV-SNP is supported with M6a, R6a, and C6a instance types only. Valid values are `enabled` and `disabled`. */ amdSevSnp?: pulumi.Input; /** * Sets the number of CPU cores for an instance. This option is only supported on creation of instance type that support CPU Options [CPU Cores and Threads Per CPU Core Per Instance Type](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-optimize-cpu.html#cpu-options-supported-instances-values) - specifying this option for unsupported instance types will return an error from the EC2 API. */ coreCount?: pulumi.Input; /** * If set to 1, hyperthreading is disabled on the launched instance. Defaults to 2 if not set. See [Optimizing CPU Options](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-optimize-cpu.html) for more information. * * For more information, see the documentation on [Optimizing CPU options](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-optimize-cpu.html). */ threadsPerCore?: pulumi.Input; } export interface SpotInstanceRequestCreditSpecification { /** * Credit option for CPU usage. Valid values include `standard` or `unlimited`. T3 instances are launched as unlimited by default. T2 instances are launched as standard by default. */ cpuCredits?: pulumi.Input; } export interface SpotInstanceRequestEbsBlockDevice { /** * Whether the volume should be destroyed on instance termination. Defaults to `true`. */ deleteOnTermination?: pulumi.Input; /** * Name of the device to mount. */ deviceName: pulumi.Input; /** * Enables [EBS encryption](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) on the volume. Defaults to `false`. Cannot be used with `snapshotId`. Must be configured to perform drift detection. */ encrypted?: pulumi.Input; /** * Amount of provisioned [IOPS](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-io-characteristics.html). Only valid for volumeType of `io1`, `io2` or `gp3`. */ iops?: pulumi.Input; /** * Amazon Resource Name (ARN) of the KMS Key to use when encrypting the volume. Must be configured to perform drift detection. */ kmsKeyId?: pulumi.Input; /** * Snapshot ID to mount. */ snapshotId?: pulumi.Input; /** * Map of tags to assign to the device. */ tags?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * A map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block. */ tagsAll?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Throughput to provision for a volume in mebibytes per second (MiB/s). This is only valid for `volumeType` of `gp3`. */ throughput?: pulumi.Input; volumeId?: pulumi.Input; /** * Size of the volume in gibibytes (GiB). */ volumeSize?: pulumi.Input; /** * Type of volume. Valid values include `standard`, `gp2`, `gp3`, `io1`, `io2`, `sc1`, or `st1`. Defaults to `gp2`. * * > **NOTE:** Currently, changes to the `ebsBlockDevice` configuration of _existing_ resources cannot be automatically detected by this provider. To manage changes and attachments of an EBS block to an instance, use the `aws.ebs.Volume` and `aws.ec2.VolumeAttachment` resources instead. If you use `ebsBlockDevice` on an `aws.ec2.Instance`, this provider will assume management over the full set of non-root EBS block devices for the instance, treating additional block devices as drift. For this reason, `ebsBlockDevice` cannot be mixed with external `aws.ebs.Volume` and `aws.ec2.VolumeAttachment` resources for a given instance. */ volumeType?: pulumi.Input; } export interface SpotInstanceRequestEnclaveOptions { /** * Whether Nitro Enclaves will be enabled on the instance. Defaults to `false`. * * For more information, see the documentation on [Nitro Enclaves](https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave.html). */ enabled?: pulumi.Input; } export interface SpotInstanceRequestEphemeralBlockDevice { /** * Name of the block device to mount on the instance. */ deviceName: pulumi.Input; /** * Suppresses the specified device included in the AMI's block device mapping. */ noDevice?: pulumi.Input; /** * [Instance Store Device Name](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html#InstanceStoreDeviceNames) (e.g., `ephemeral0`). * * Each AWS Instance type has a different set of Instance Store block devices available for attachment. AWS [publishes a list](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html#StorageOnInstanceTypes) of which ephemeral devices are available on each type. The devices are always identified by the `virtualName` in the format `ephemeral{0..N}`. */ virtualName?: pulumi.Input; } export interface SpotInstanceRequestLaunchTemplate { /** * ID of the launch template. Conflicts with `name`. */ id?: pulumi.Input; /** * Name of the launch template. Conflicts with `id`. */ name?: pulumi.Input; /** * Template version. Can be a specific version number, `$Latest` or `$Default`. The default value is `$Default`. */ version?: pulumi.Input; } export interface SpotInstanceRequestMaintenanceOptions { /** * Automatic recovery behavior of the Instance. Can be `"default"` or `"disabled"`. See [Recover your instance](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-recover.html) for more details. */ autoRecovery?: pulumi.Input; } export interface SpotInstanceRequestMetadataOptions { /** * Whether the metadata service is available. Valid values include `enabled` or `disabled`. Defaults to `enabled`. */ httpEndpoint?: pulumi.Input; /** * Whether the IPv6 endpoint for the instance metadata service is enabled. Defaults to `disabled`. */ httpProtocolIpv6?: pulumi.Input; /** * Desired HTTP PUT response hop limit for instance metadata requests. The larger the number, the further instance metadata requests can travel. Valid values are integer from `1` to `64`. Defaults to `1`. */ httpPutResponseHopLimit?: pulumi.Input; /** * Whether or not the metadata service requires session tokens, also referred to as _Instance Metadata Service Version 2 (IMDSv2)_. Valid values include `optional` or `required`. Defaults to `optional`. */ httpTokens?: pulumi.Input; /** * Enables or disables access to instance tags from the instance metadata service. Valid values include `enabled` or `disabled`. Defaults to `disabled`. * * For more information, see the documentation on the [Instance Metadata Service](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html). */ instanceMetadataTags?: pulumi.Input; } export interface SpotInstanceRequestNetworkInterface { /** * Whether or not to delete the network interface on instance termination. Defaults to `false`. Currently, the only valid value is `false`, as this is only supported when creating new network interfaces when launching an instance. */ deleteOnTermination?: pulumi.Input; /** * Integer index of the network interface attachment. Limited by instance type. */ deviceIndex: pulumi.Input; /** * Integer index of the network card. Limited by instance type. The default index is `0`. */ networkCardIndex?: pulumi.Input; /** * ID of the network interface to attach. */ networkInterfaceId: pulumi.Input; } export interface SpotInstanceRequestPrivateDnsNameOptions { /** * Indicates whether to respond to DNS queries for instance hostnames with DNS A records. */ enableResourceNameDnsARecord?: pulumi.Input; /** * Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. */ enableResourceNameDnsAaaaRecord?: pulumi.Input; /** * Type of hostname for Amazon EC2 instances. For IPv4 only subnets, an instance DNS name must be based on the instance IPv4 address. For IPv6 native subnets, an instance DNS name must be based on the instance ID. For dual-stack subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: `ip-name` and `resource-name`. */ hostnameType?: pulumi.Input; } export interface SpotInstanceRequestRootBlockDevice { /** * Whether the volume should be destroyed on instance termination. Defaults to `true`. */ deleteOnTermination?: pulumi.Input; deviceName?: pulumi.Input; /** * Whether to enable volume encryption. Defaults to `false`. Must be configured to perform drift detection. */ encrypted?: pulumi.Input; /** * Amount of provisioned [IOPS](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-io-characteristics.html). Only valid for volumeType of `io1`, `io2` or `gp3`. */ iops?: pulumi.Input; /** * Amazon Resource Name (ARN) of the KMS Key to use when encrypting the volume. Must be configured to perform drift detection. */ kmsKeyId?: pulumi.Input; /** * Map of tags to assign to the device. */ tags?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * A map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block. */ tagsAll?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Throughput to provision for a volume in mebibytes per second (MiB/s). This is only valid for `volumeType` of `gp3`. */ throughput?: pulumi.Input; volumeId?: pulumi.Input; /** * Size of the volume in gibibytes (GiB). */ volumeSize?: pulumi.Input; /** * Type of volume. Valid values include `standard`, `gp2`, `gp3`, `io1`, `io2`, `sc1`, or `st1`. Defaults to the volume type that the AMI uses. * * Modifying the `encrypted` or `kmsKeyId` settings of the `rootBlockDevice` requires resource replacement. */ volumeType?: pulumi.Input; } export interface TrafficMirrorFilterRuleDestinationPortRange { /** * Starting port of the range */ fromPort?: pulumi.Input; /** * Ending port of the range */ toPort?: pulumi.Input; } export interface TrafficMirrorFilterRuleSourcePortRange { /** * Starting port of the range */ fromPort?: pulumi.Input; /** * Ending port of the range */ toPort?: pulumi.Input; } export interface VpcEndpointDnsEntry { /** * The DNS name. */ dnsName?: pulumi.Input; /** * The ID of the private hosted zone. */ hostedZoneId?: pulumi.Input; } export interface VpcEndpointDnsOptions { /** * The DNS records created for the endpoint. Valid values are `ipv4`, `dualstack`, `service-defined`, and `ipv6`. */ dnsRecordIpType?: pulumi.Input; /** * Indicates whether to enable private DNS only for inbound endpoints. This option is available only for services that support both gateway and interface endpoints. It routes traffic that originates from the VPC to the gateway endpoint and traffic that originates from on-premises to the interface endpoint. Default is `false`. Can only be specified if privateDnsEnabled is `true`. */ privateDnsOnlyForInboundResolverEndpoint?: pulumi.Input; } export interface VpcEndpointServicePrivateDnsNameConfiguration { /** * Name of the record subdomain the service provider needs to create. */ name?: pulumi.Input; /** * Verification state of the VPC endpoint service. Consumers of the endpoint service can use the private name only when the state is `verified`. */ state?: pulumi.Input; /** * Endpoint service verification type, for example `TXT`. */ type?: pulumi.Input; /** * Value the service provider adds to the private DNS name domain record before verification. */ value?: pulumi.Input; } export interface VpcIpamOperatingRegion { /** * The name of the Region you want to add to the IPAM. */ regionName: pulumi.Input; } export interface VpcIpamPoolCidrCidrAuthorizationContext { /** * The plain-text authorization message for the prefix and account. */ message?: pulumi.Input; /** * The signed authorization message for the prefix and account. */ signature?: pulumi.Input; } export interface VpcIpamResourceDiscoveryOperatingRegion { /** * The name of the Region you want to add to the IPAM. */ regionName: pulumi.Input; } export interface VpcPeeringConnectionAccepter { allowRemoteVpcDnsResolution?: pulumi.Input; } export interface VpcPeeringConnectionAccepterAccepter { /** * Indicates whether a local VPC can resolve public DNS hostnames to * private IP addresses when queried from instances in a peer VPC. */ allowRemoteVpcDnsResolution?: pulumi.Input; } export interface VpcPeeringConnectionAccepterRequester { /** * Indicates whether a local VPC can resolve public DNS hostnames to * private IP addresses when queried from instances in a peer VPC. */ allowRemoteVpcDnsResolution?: pulumi.Input; } export interface VpcPeeringConnectionRequester { allowRemoteVpcDnsResolution?: pulumi.Input; } export interface VpnConnectionRoute { /** * The CIDR block associated with the local subnet of the customer data center. */ destinationCidrBlock?: pulumi.Input; /** * Indicates how the routes were provided. */ source?: pulumi.Input; /** * The current state of the static route. */ state?: pulumi.Input; } export interface VpnConnectionTunnel1LogOptions { /** * Options for sending VPN tunnel logs to CloudWatch. See CloudWatch Log Options below for more details. */ cloudwatchLogOptions?: pulumi.Input; } export interface VpnConnectionTunnel1LogOptionsCloudwatchLogOptions { /** * Enable or disable VPN tunnel logging feature. The default is `false`. */ logEnabled?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the CloudWatch log group to send logs to. */ logGroupArn?: pulumi.Input; /** * Set log format. Default format is json. Possible values are: `json` and `text`. The default is `json`. */ logOutputFormat?: pulumi.Input; } export interface VpnConnectionTunnel2LogOptions { /** * Options for sending VPN tunnel logs to CloudWatch. See CloudWatch Log Options below for more details. */ cloudwatchLogOptions?: pulumi.Input; } export interface VpnConnectionTunnel2LogOptionsCloudwatchLogOptions { /** * Enable or disable VPN tunnel logging feature. The default is `false`. */ logEnabled?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the CloudWatch log group to send logs to. */ logGroupArn?: pulumi.Input; /** * Set log format. Default format is json. Possible values are: `json` and `text`. The default is `json`. */ logOutputFormat?: pulumi.Input; } export interface VpnConnectionVgwTelemetry { /** * The number of accepted routes. */ acceptedRouteCount?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the VPN tunnel endpoint certificate. */ certificateArn?: pulumi.Input; /** * The date and time of the last change in status. */ lastStatusChange?: pulumi.Input; /** * The Internet-routable IP address of the virtual private gateway's outside interface. */ outsideIpAddress?: pulumi.Input; /** * The status of the VPN tunnel. */ status?: pulumi.Input; /** * If an error occurs, a description of the error. */ statusMessage?: pulumi.Input; } } export namespace ec2clientvpn { export interface EndpointAuthenticationOption { /** * The ID of the Active Directory to be used for authentication if type is `directory-service-authentication`. */ activeDirectoryId?: pulumi.Input; /** * The ARN of the client certificate. The certificate must be signed by a certificate authority (CA) and it must be provisioned in AWS Certificate Manager (ACM). Only necessary when type is set to `certificate-authentication`. */ rootCertificateChainArn?: pulumi.Input; /** * The ARN of the IAM SAML identity provider if type is `federated-authentication`. */ samlProviderArn?: pulumi.Input; /** * The ARN of the IAM SAML identity provider for the self service portal if type is `federated-authentication`. */ selfServiceSamlProviderArn?: pulumi.Input; /** * The type of client authentication to be used. Specify `certificate-authentication` to use certificate-based authentication, `directory-service-authentication` to use Active Directory authentication, or `federated-authentication` to use Federated Authentication via SAML 2.0. */ type: pulumi.Input; } export interface EndpointClientConnectOptions { /** * Indicates whether client connect options are enabled. The default is `false` (not enabled). */ enabled?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Lambda function used for connection authorization. */ lambdaFunctionArn?: pulumi.Input; } export interface EndpointClientLoginBannerOptions { /** * Customizable text that will be displayed in a banner on AWS provided clients when a VPN session is established. UTF-8 encoded characters only. Maximum of 1400 characters. */ bannerText?: pulumi.Input; /** * Enable or disable a customizable text banner that will be displayed on AWS provided clients when a VPN session is established. The default is `false` (not enabled). */ enabled?: pulumi.Input; } export interface EndpointConnectionLogOptions { /** * The name of the CloudWatch Logs log group. */ cloudwatchLogGroup?: pulumi.Input; /** * The name of the CloudWatch Logs log stream to which the connection data is published. */ cloudwatchLogStream?: pulumi.Input; /** * Indicates whether connection logging is enabled. */ enabled: pulumi.Input; } export interface GetEndpointFilter { /** * Name of the field to filter by, as defined by [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeClientVpnEndpoints.html). */ name: string; /** * Set of values that are accepted for the given field. An endpoint will be selected if any one of the given values matches. */ values: string[]; } export interface GetEndpointFilterArgs { /** * Name of the field to filter by, as defined by [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeClientVpnEndpoints.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given field. An endpoint will be selected if any one of the given values matches. */ values: pulumi.Input[]>; } } export namespace ec2transitgateway { export interface GetAttachmentFilter { /** * Name of the field to filter by, as defined by the [underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeTransitGatewayAttachments.html). */ name: string; /** * List of one or more values for the filter. */ values: string[]; } export interface GetAttachmentFilterArgs { /** * Name of the field to filter by, as defined by the [underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeTransitGatewayAttachments.html). */ name: pulumi.Input; /** * List of one or more values for the filter. */ values: pulumi.Input[]>; } export interface GetAttachmentsFilter { /** * Name of the filter check available value on [official documentation](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeTransitGatewayAttachments.html) */ name: string; /** * List of one or more values for the filter. */ values: string[]; } export interface GetAttachmentsFilterArgs { /** * Name of the filter check available value on [official documentation](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeTransitGatewayAttachments.html) */ name: pulumi.Input; /** * List of one or more values for the filter. */ values: pulumi.Input[]>; } export interface GetConnectFilter { /** * Name of the filter. */ name: string; /** * List of one or more values for the filter. */ values: string[]; } export interface GetConnectFilterArgs { /** * Name of the filter. */ name: pulumi.Input; /** * List of one or more values for the filter. */ values: pulumi.Input[]>; } export interface GetConnectPeerFilter { /** * Name of the filter. */ name: string; /** * List of one or more values for the filter. */ values: string[]; } export interface GetConnectPeerFilterArgs { /** * Name of the filter. */ name: pulumi.Input; /** * List of one or more values for the filter. */ values: pulumi.Input[]>; } export interface GetDirectConnectGatewayAttachmentFilter { /** * Name of the filter field. Valid values can be found in the [EC2 DescribeTransitGatewayAttachments API Reference](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeTransitGatewayAttachments.html). */ name: string; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: string[]; } export interface GetDirectConnectGatewayAttachmentFilterArgs { /** * Name of the filter field. Valid values can be found in the [EC2 DescribeTransitGatewayAttachments API Reference](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeTransitGatewayAttachments.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: pulumi.Input[]>; } export interface GetMulticastDomainFilter { /** * Name of the field to filter by, as defined by [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeTransitGatewayMulticastDomains.html). */ name: string; /** * Set of values that are accepted for the given field. A multicast domain will be selected if any one of the given values matches. */ values: string[]; } export interface GetMulticastDomainFilterArgs { /** * Name of the field to filter by, as defined by [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeTransitGatewayMulticastDomains.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given field. A multicast domain will be selected if any one of the given values matches. */ values: pulumi.Input[]>; } export interface GetPeeringAttachmentFilter { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeTransitGatewayPeeringAttachments.html). */ name: string; /** * Set of values that are accepted for the given field. * An EC2 Transit Gateway Peering Attachment be selected if any one of the given values matches. */ values: string[]; } export interface GetPeeringAttachmentFilterArgs { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeTransitGatewayPeeringAttachments.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given field. * An EC2 Transit Gateway Peering Attachment be selected if any one of the given values matches. */ values: pulumi.Input[]>; } export interface GetRouteTableAssociationsFilter { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_GetTransitGatewayRouteTableAssociations.html). */ name: string; /** * Set of values that are accepted for the given field. * A Transit Gateway Route Table will be selected if any one of the given values matches. */ values: string[]; } export interface GetRouteTableAssociationsFilterArgs { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_GetTransitGatewayRouteTableAssociations.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given field. * A Transit Gateway Route Table will be selected if any one of the given values matches. */ values: pulumi.Input[]>; } export interface GetRouteTableFilter { /** * Name of the filter. */ name: string; /** * List of one or more values for the filter. */ values: string[]; } export interface GetRouteTableFilterArgs { /** * Name of the filter. */ name: pulumi.Input; /** * List of one or more values for the filter. */ values: pulumi.Input[]>; } export interface GetRouteTablePropagationsFilter { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_GetTransitGatewayRouteTablePropagations.html). */ name: string; /** * Set of values that are accepted for the given field. * A Transit Gateway Route Table will be selected if any one of the given values matches. */ values: string[]; } export interface GetRouteTablePropagationsFilterArgs { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_GetTransitGatewayRouteTablePropagations.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given field. * A Transit Gateway Route Table will be selected if any one of the given values matches. */ values: pulumi.Input[]>; } export interface GetRouteTableRoutesFilter { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_SearchTransitGatewayRoutes.html). */ name: string; /** * Set of values that are accepted for the given field. */ values: string[]; } export interface GetRouteTableRoutesFilterArgs { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_SearchTransitGatewayRoutes.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given field. */ values: pulumi.Input[]>; } export interface GetTransitGatewayFilter { /** * Name of the field to filter by, as defined by the [underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeTransitGateways.html). */ name: string; /** * List of one or more values for the filter. */ values: string[]; } export interface GetTransitGatewayFilterArgs { /** * Name of the field to filter by, as defined by the [underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeTransitGateways.html). */ name: pulumi.Input; /** * List of one or more values for the filter. */ values: pulumi.Input[]>; } export interface GetVpcAttachmentFilter { /** * Name of the filter. */ name: string; /** * List of one or more values for the filter. */ values: string[]; } export interface GetVpcAttachmentFilterArgs { /** * Name of the filter. */ name: pulumi.Input; /** * List of one or more values for the filter. */ values: pulumi.Input[]>; } export interface GetVpcAttachmentsFilter { /** * Name of the filter check available value on [official documentation](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeTransitGatewayVpcAttachments.html) */ name: string; /** * List of one or more values for the filter. */ values: string[]; } export interface GetVpcAttachmentsFilterArgs { /** * Name of the filter check available value on [official documentation](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeTransitGatewayVpcAttachments.html) */ name: pulumi.Input; /** * List of one or more values for the filter. */ values: pulumi.Input[]>; } export interface GetVpnAttachmentFilter { /** * Name of the filter field. Valid values can be found in the [EC2 DescribeTransitGatewayAttachments API Reference](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeTransitGatewayAttachments.html). */ name: string; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: string[]; } export interface GetVpnAttachmentFilterArgs { /** * Name of the filter field. Valid values can be found in the [EC2 DescribeTransitGatewayAttachments API Reference](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeTransitGatewayAttachments.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: pulumi.Input[]>; } export interface InstanceConnectEndpointTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; } } export namespace ecr { export interface GetLifecyclePolicyDocumentRule { /** * Specifies the action type. */ action?: inputs.ecr.GetLifecyclePolicyDocumentRuleAction; /** * Describes the purpose of a rule within a lifecycle policy. */ description?: string; /** * Sets the order in which rules are evaluated, lowest to highest. When you add rules to a lifecycle policy, you must give them each a unique value for `priority`. Values do not need to be sequential across rules in a policy. A rule with a `tagStatus` value of any must have the highest value for `priority` and be evaluated last. */ priority: number; /** * Collects parameters describing the selection criteria for the ECR lifecycle policy: */ selection?: inputs.ecr.GetLifecyclePolicyDocumentRuleSelection; } export interface GetLifecyclePolicyDocumentRuleArgs { /** * Specifies the action type. */ action?: pulumi.Input; /** * Describes the purpose of a rule within a lifecycle policy. */ description?: pulumi.Input; /** * Sets the order in which rules are evaluated, lowest to highest. When you add rules to a lifecycle policy, you must give them each a unique value for `priority`. Values do not need to be sequential across rules in a policy. A rule with a `tagStatus` value of any must have the highest value for `priority` and be evaluated last. */ priority: pulumi.Input; /** * Collects parameters describing the selection criteria for the ECR lifecycle policy: */ selection?: pulumi.Input; } export interface GetLifecyclePolicyDocumentRuleAction { /** * The supported value is `expire`. */ type: string; } export interface GetLifecyclePolicyDocumentRuleActionArgs { /** * The supported value is `expire`. */ type: pulumi.Input; } export interface GetLifecyclePolicyDocumentRuleSelection { /** * Specify a count number. If the `countType` used is imageCountMoreThan, then the value is the maximum number of images that you want to retain in your repository. If the `countType` used is sinceImagePushed, then the value is the maximum age limit for your images. */ countNumber: number; /** * Specify a count type to apply to the images. If `countType` is set to imageCountMoreThan, you also specify `countNumber` to create a rule that sets a limit on the number of images that exist in your repository. If `countType` is set to sinceImagePushed, you also specify `countUnit` and `countNumber` to specify a time limit on the images that exist in your repository. */ countType: string; /** * Specify a count unit of days to indicate that as the unit of time, in addition to `countNumber`, which is the number of days. */ countUnit?: string; /** * You must specify a comma-separated list of image tag patterns that may contain wildcards (*) on which to take action with your lifecycle policy. For example, if your images are tagged as prod, prod1, prod2, and so on, you would use the tag pattern list prod* to specify all of them. If you specify multiple tags, only the images with all specified tags are selected. There is a maximum limit of four wildcards (*) per string. For example, ["*test*1*2*3", "test*1*2*3*"] is valid but ["test*1*2*3*4*5*6"] is invalid. */ tagPatternLists?: string[]; /** * You must specify a comma-separated list of image tag prefixes on which to take action with your lifecycle policy. For example, if your images are tagged as prod, prod1, prod2, and so on, you would use the tag prefix prod to specify all of them. If you specify multiple tags, only images with all specified tags are selected. */ tagPrefixLists?: string[]; /** * Determines whether the lifecycle policy rule that you are adding specifies a tag for an image. Acceptable options are tagged, untagged, or any. If you specify any, then all images have the rule applied to them. If you specify tagged, then you must also specify a `tagPrefixList` value. If you specify untagged, then you must omit `tagPrefixList`. */ tagStatus: string; } export interface GetLifecyclePolicyDocumentRuleSelectionArgs { /** * Specify a count number. If the `countType` used is imageCountMoreThan, then the value is the maximum number of images that you want to retain in your repository. If the `countType` used is sinceImagePushed, then the value is the maximum age limit for your images. */ countNumber: pulumi.Input; /** * Specify a count type to apply to the images. If `countType` is set to imageCountMoreThan, you also specify `countNumber` to create a rule that sets a limit on the number of images that exist in your repository. If `countType` is set to sinceImagePushed, you also specify `countUnit` and `countNumber` to specify a time limit on the images that exist in your repository. */ countType: pulumi.Input; /** * Specify a count unit of days to indicate that as the unit of time, in addition to `countNumber`, which is the number of days. */ countUnit?: pulumi.Input; /** * You must specify a comma-separated list of image tag patterns that may contain wildcards (*) on which to take action with your lifecycle policy. For example, if your images are tagged as prod, prod1, prod2, and so on, you would use the tag pattern list prod* to specify all of them. If you specify multiple tags, only the images with all specified tags are selected. There is a maximum limit of four wildcards (*) per string. For example, ["*test*1*2*3", "test*1*2*3*"] is valid but ["test*1*2*3*4*5*6"] is invalid. */ tagPatternLists?: pulumi.Input[]>; /** * You must specify a comma-separated list of image tag prefixes on which to take action with your lifecycle policy. For example, if your images are tagged as prod, prod1, prod2, and so on, you would use the tag prefix prod to specify all of them. If you specify multiple tags, only images with all specified tags are selected. */ tagPrefixLists?: pulumi.Input[]>; /** * Determines whether the lifecycle policy rule that you are adding specifies a tag for an image. Acceptable options are tagged, untagged, or any. If you specify any, then all images have the rule applied to them. If you specify tagged, then you must also specify a `tagPrefixList` value. If you specify untagged, then you must omit `tagPrefixList`. */ tagStatus: pulumi.Input; } export interface RegistryScanningConfigurationRule { /** * One or more repository filter blocks, containing a `filter` (required string filtering repositories, see pattern regex [here](https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_ScanningRepositoryFilter.html)) and a `filterType` (required string, currently only `WILDCARD` is supported). */ repositoryFilters: pulumi.Input[]>; /** * The frequency that scans are performed at for a private registry. Can be `SCAN_ON_PUSH`, `CONTINUOUS_SCAN`, or `MANUAL`. */ scanFrequency: pulumi.Input; } export interface RegistryScanningConfigurationRuleRepositoryFilter { filter: pulumi.Input; filterType: pulumi.Input; } export interface ReplicationConfigurationReplicationConfiguration { /** * The replication rules for a replication configuration. A maximum of 10 are allowed per `replicationConfiguration`. See Rule */ rules: pulumi.Input[]>; } export interface ReplicationConfigurationReplicationConfigurationRule { /** * the details of a replication destination. A maximum of 25 are allowed per `rule`. See Destination. */ destinations: pulumi.Input[]>; /** * filters for a replication rule. See Repository Filter. */ repositoryFilters?: pulumi.Input[]>; } export interface ReplicationConfigurationReplicationConfigurationRuleDestination { /** * A Region to replicate to. */ region: pulumi.Input; /** * The account ID of the destination registry to replicate to. */ registryId: pulumi.Input; } export interface ReplicationConfigurationReplicationConfigurationRuleRepositoryFilter { /** * The repository filter details. */ filter: pulumi.Input; /** * The repository filter type. The only supported value is `PREFIX_MATCH`, which is a repository name prefix specified with the filter parameter. */ filterType: pulumi.Input; } export interface RepositoryEncryptionConfiguration { /** * The encryption type to use for the repository. Valid values are `AES256` or `KMS`. Defaults to `AES256`. */ encryptionType?: pulumi.Input; /** * The ARN of the KMS key to use when `encryptionType` is `KMS`. If not specified, uses the default AWS managed key for ECR. */ kmsKey?: pulumi.Input; } export interface RepositoryImageScanningConfiguration { /** * Indicates whether images are scanned after being pushed to the repository (true) or not scanned (false). */ scanOnPush: pulumi.Input; } } export namespace ecrpublic { export interface RepositoryCatalogData { /** * A detailed description of the contents of the repository. It is publicly visible in the Amazon ECR Public Gallery. The text must be in markdown format. */ aboutText?: pulumi.Input; /** * The system architecture that the images in the repository are compatible with. On the Amazon ECR Public Gallery, the following supported architectures will appear as badges on the repository and are used as search filters: `ARM`, `ARM 64`, `x86`, `x86-64` */ architectures?: pulumi.Input[]>; /** * A short description of the contents of the repository. This text appears in both the image details and also when searching for repositories on the Amazon ECR Public Gallery. */ description?: pulumi.Input; /** * The base64-encoded repository logo payload. (Only visible for verified accounts) Note that drift detection is disabled for this attribute. */ logoImageBlob?: pulumi.Input; /** * The operating systems that the images in the repository are compatible with. On the Amazon ECR Public Gallery, the following supported operating systems will appear as badges on the repository and are used as search filters: `Linux`, `Windows` */ operatingSystems?: pulumi.Input[]>; /** * Detailed information on how to use the contents of the repository. It is publicly visible in the Amazon ECR Public Gallery. The usage text provides context, support information, and additional usage details for users of the repository. The text must be in markdown format. */ usageText?: pulumi.Input; } } export namespace ecs { export interface CapacityProviderAutoScalingGroupProvider { /** * ARN of the associated auto scaling group. */ autoScalingGroupArn: pulumi.Input; /** * Enables or disables a graceful shutdown of instances without disturbing workloads. Valid values are `ENABLED` and `DISABLED`. The default value is `ENABLED` when a capacity provider is created. */ managedDraining?: pulumi.Input; /** * Configuration block defining the parameters of the auto scaling. Detailed below. */ managedScaling?: pulumi.Input; /** * Enables or disables container-aware termination of instances in the auto scaling group when scale-in happens. Valid values are `ENABLED` and `DISABLED`. */ managedTerminationProtection?: pulumi.Input; } export interface CapacityProviderAutoScalingGroupProviderManagedScaling { /** * Period of time, in seconds, after a newly launched Amazon EC2 instance can contribute to CloudWatch metrics for Auto Scaling group. If this parameter is omitted, the default value of 300 seconds is used. */ instanceWarmupPeriod?: pulumi.Input; /** * Maximum step adjustment size. A number between 1 and 10,000. */ maximumScalingStepSize?: pulumi.Input; /** * Minimum step adjustment size. A number between 1 and 10,000. */ minimumScalingStepSize?: pulumi.Input; /** * Whether auto scaling is managed by ECS. Valid values are `ENABLED` and `DISABLED`. */ status?: pulumi.Input; /** * Target utilization for the capacity provider. A number between 1 and 100. */ targetCapacity?: pulumi.Input; } export interface ClusterCapacityProvidersDefaultCapacityProviderStrategy { /** * The number of tasks, at a minimum, to run on the specified capacity provider. Only one capacity provider in a capacity provider strategy can have a base defined. Defaults to `0`. */ base?: pulumi.Input; /** * Name of the capacity provider. */ capacityProvider: pulumi.Input; /** * The relative percentage of the total number of launched tasks that should use the specified capacity provider. The `weight` value is taken into consideration after the `base` count of tasks has been satisfied. Defaults to `0`. */ weight?: pulumi.Input; } export interface ClusterConfiguration { /** * The details of the execute command configuration. Detailed below. */ executeCommandConfiguration?: pulumi.Input; } export interface ClusterConfigurationExecuteCommandConfiguration { /** * The AWS Key Management Service key ID to encrypt the data between the local client and the container. */ kmsKeyId?: pulumi.Input; /** * The log configuration for the results of the execute command actions Required when `logging` is `OVERRIDE`. Detailed below. */ logConfiguration?: pulumi.Input; /** * The log setting to use for redirecting logs for your execute command results. Valid values are `NONE`, `DEFAULT`, and `OVERRIDE`. */ logging?: pulumi.Input; } export interface ClusterConfigurationExecuteCommandConfigurationLogConfiguration { /** * Whether or not to enable encryption on the CloudWatch logs. If not specified, encryption will be disabled. */ cloudWatchEncryptionEnabled?: pulumi.Input; /** * The name of the CloudWatch log group to send logs to. */ cloudWatchLogGroupName?: pulumi.Input; /** * Whether or not to enable encryption on the logs sent to S3. If not specified, encryption will be disabled. */ s3BucketEncryptionEnabled?: pulumi.Input; /** * The name of the S3 bucket to send logs to. */ s3BucketName?: pulumi.Input; /** * An optional folder in the S3 bucket to place logs in. */ s3KeyPrefix?: pulumi.Input; } export interface ClusterServiceConnectDefaults { /** * The ARN of the `aws.servicediscovery.HttpNamespace` that's used when you create a service and don't specify a Service Connect configuration. */ namespace: pulumi.Input; } export interface ClusterSetting { /** * Name of the setting to manage. Valid values: `containerInsights`. */ name: pulumi.Input; /** * The value to assign to the setting. Valid values are `enabled` and `disabled`. */ value: pulumi.Input; } export interface GetTaskExecutionCapacityProviderStrategy { /** * The number of tasks, at a minimum, to run on the specified capacity provider. Only one capacity provider in a capacity provider strategy can have a base defined. Defaults to `0`. */ base?: number; /** * Name of the capacity provider. */ capacityProvider: string; /** * The relative percentage of the total number of launched tasks that should use the specified capacity provider. The `weight` value is taken into consideration after the `base` count of tasks has been satisfied. Defaults to `0`. */ weight?: number; } export interface GetTaskExecutionCapacityProviderStrategyArgs { /** * The number of tasks, at a minimum, to run on the specified capacity provider. Only one capacity provider in a capacity provider strategy can have a base defined. Defaults to `0`. */ base?: pulumi.Input; /** * Name of the capacity provider. */ capacityProvider: pulumi.Input; /** * The relative percentage of the total number of launched tasks that should use the specified capacity provider. The `weight` value is taken into consideration after the `base` count of tasks has been satisfied. Defaults to `0`. */ weight?: pulumi.Input; } export interface GetTaskExecutionNetworkConfiguration { /** * Assign a public IP address to the ENI (Fargate launch type only). Valid values are `true` or `false`. Default `false`. * * For more information, see the [Task Networking](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html) documentation. */ assignPublicIp?: boolean; /** * Security groups associated with the task or service. If you do not specify a security group, the default security group for the VPC is used. */ securityGroups?: string[]; /** * Subnets associated with the task or service. */ subnets: string[]; } export interface GetTaskExecutionNetworkConfigurationArgs { /** * Assign a public IP address to the ENI (Fargate launch type only). Valid values are `true` or `false`. Default `false`. * * For more information, see the [Task Networking](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html) documentation. */ assignPublicIp?: pulumi.Input; /** * Security groups associated with the task or service. If you do not specify a security group, the default security group for the VPC is used. */ securityGroups?: pulumi.Input[]>; /** * Subnets associated with the task or service. */ subnets: pulumi.Input[]>; } export interface GetTaskExecutionOverrides { /** * One or more container overrides that are sent to a task. See below. */ containerOverrides?: inputs.ecs.GetTaskExecutionOverridesContainerOverride[]; /** * The CPU override for the task. */ cpu?: string; /** * Amazon Resource Name (ARN) of the task execution role override for the task. */ executionRoleArn?: string; /** * Elastic Inference accelerator override for the task. See below. */ inferenceAcceleratorOverrides?: inputs.ecs.GetTaskExecutionOverridesInferenceAcceleratorOverride[]; /** * The memory override for the task. */ memory?: string; /** * Amazon Resource Name (ARN) of the role that containers in this task can assume. */ taskRoleArn?: string; } export interface GetTaskExecutionOverridesArgs { /** * One or more container overrides that are sent to a task. See below. */ containerOverrides?: pulumi.Input[]>; /** * The CPU override for the task. */ cpu?: pulumi.Input; /** * Amazon Resource Name (ARN) of the task execution role override for the task. */ executionRoleArn?: pulumi.Input; /** * Elastic Inference accelerator override for the task. See below. */ inferenceAcceleratorOverrides?: pulumi.Input[]>; /** * The memory override for the task. */ memory?: pulumi.Input; /** * Amazon Resource Name (ARN) of the role that containers in this task can assume. */ taskRoleArn?: pulumi.Input; } export interface GetTaskExecutionOverridesContainerOverride { /** * The command to send to the container that overrides the default command from the Docker image or the task definition. */ commands?: string[]; /** * The number of cpu units reserved for the container, instead of the default value from the task definition. */ cpu?: number; /** * The environment variables to send to the container. You can add new environment variables, which are added to the container at launch, or you can override the existing environment variables from the Docker image or the task definition. See below. */ environments?: inputs.ecs.GetTaskExecutionOverridesContainerOverrideEnvironment[]; /** * The hard limit (in MiB) of memory to present to the container, instead of the default value from the task definition. If your container attempts to exceed the memory specified here, the container is killed. */ memory?: number; /** * The soft limit (in MiB) of memory to reserve for the container, instead of the default value from the task definition. */ memoryReservation?: number; /** * The name of the container that receives the override. This parameter is required if any override is specified. */ name: string; /** * The type and amount of a resource to assign to a container, instead of the default value from the task definition. The only supported resource is a GPU. See below. */ resourceRequirements?: inputs.ecs.GetTaskExecutionOverridesContainerOverrideResourceRequirement[]; } export interface GetTaskExecutionOverridesContainerOverrideArgs { /** * The command to send to the container that overrides the default command from the Docker image or the task definition. */ commands?: pulumi.Input[]>; /** * The number of cpu units reserved for the container, instead of the default value from the task definition. */ cpu?: pulumi.Input; /** * The environment variables to send to the container. You can add new environment variables, which are added to the container at launch, or you can override the existing environment variables from the Docker image or the task definition. See below. */ environments?: pulumi.Input[]>; /** * The hard limit (in MiB) of memory to present to the container, instead of the default value from the task definition. If your container attempts to exceed the memory specified here, the container is killed. */ memory?: pulumi.Input; /** * The soft limit (in MiB) of memory to reserve for the container, instead of the default value from the task definition. */ memoryReservation?: pulumi.Input; /** * The name of the container that receives the override. This parameter is required if any override is specified. */ name: pulumi.Input; /** * The type and amount of a resource to assign to a container, instead of the default value from the task definition. The only supported resource is a GPU. See below. */ resourceRequirements?: pulumi.Input[]>; } export interface GetTaskExecutionOverridesContainerOverrideEnvironment { /** * The name of the key-value pair. For environment variables, this is the name of the environment variable. */ key: string; /** * The value of the key-value pair. For environment variables, this is the value of the environment variable. */ value: string; } export interface GetTaskExecutionOverridesContainerOverrideEnvironmentArgs { /** * The name of the key-value pair. For environment variables, this is the name of the environment variable. */ key: pulumi.Input; /** * The value of the key-value pair. For environment variables, this is the value of the environment variable. */ value: pulumi.Input; } export interface GetTaskExecutionOverridesContainerOverrideResourceRequirement { /** * The type of resource to assign to a container. Valid values are `GPU` or `InferenceAccelerator`. */ type: string; /** * The value for the specified resource type. If the `GPU` type is used, the value is the number of physical GPUs the Amazon ECS container agent reserves for the container. The number of GPUs that's reserved for all containers in a task can't exceed the number of available GPUs on the container instance that the task is launched on. If the `InferenceAccelerator` type is used, the value matches the `deviceName` for an InferenceAccelerator specified in a task definition. */ value: string; } export interface GetTaskExecutionOverridesContainerOverrideResourceRequirementArgs { /** * The type of resource to assign to a container. Valid values are `GPU` or `InferenceAccelerator`. */ type: pulumi.Input; /** * The value for the specified resource type. If the `GPU` type is used, the value is the number of physical GPUs the Amazon ECS container agent reserves for the container. The number of GPUs that's reserved for all containers in a task can't exceed the number of available GPUs on the container instance that the task is launched on. If the `InferenceAccelerator` type is used, the value matches the `deviceName` for an InferenceAccelerator specified in a task definition. */ value: pulumi.Input; } export interface GetTaskExecutionOverridesInferenceAcceleratorOverride { /** * The Elastic Inference accelerator device name to override for the task. This parameter must match a deviceName specified in the task definition. */ deviceName?: string; /** * The Elastic Inference accelerator type to use. */ deviceType?: string; } export interface GetTaskExecutionOverridesInferenceAcceleratorOverrideArgs { /** * The Elastic Inference accelerator device name to override for the task. This parameter must match a deviceName specified in the task definition. */ deviceName?: pulumi.Input; /** * The Elastic Inference accelerator type to use. */ deviceType?: pulumi.Input; } export interface GetTaskExecutionPlacementConstraint { /** * A cluster query language expression to apply to the constraint. The expression can have a maximum length of 2000 characters. You can't specify an expression if the constraint type is `distinctInstance`. */ expression?: string; /** * The type of constraint. Valid values are `distinctInstance` or `memberOf`. Use `distinctInstance` to ensure that each task in a particular group is running on a different container instance. Use `memberOf` to restrict the selection to a group of valid candidates. */ type: string; } export interface GetTaskExecutionPlacementConstraintArgs { /** * A cluster query language expression to apply to the constraint. The expression can have a maximum length of 2000 characters. You can't specify an expression if the constraint type is `distinctInstance`. */ expression?: pulumi.Input; /** * The type of constraint. Valid values are `distinctInstance` or `memberOf`. Use `distinctInstance` to ensure that each task in a particular group is running on a different container instance. Use `memberOf` to restrict the selection to a group of valid candidates. */ type: pulumi.Input; } export interface GetTaskExecutionPlacementStrategy { /** * The field to apply the placement strategy against. */ field?: string; /** * The type of placement strategy. Valid values are `random`, `spread`, and `binpack`. * * For more information, see the [Placement Strategy](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_PlacementStrategy.html) documentation. */ type: string; } export interface GetTaskExecutionPlacementStrategyArgs { /** * The field to apply the placement strategy against. */ field?: pulumi.Input; /** * The type of placement strategy. Valid values are `random`, `spread`, and `binpack`. * * For more information, see the [Placement Strategy](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_PlacementStrategy.html) documentation. */ type: pulumi.Input; } export interface ServiceAlarms { /** * One or more CloudWatch alarm names. */ alarmNames: pulumi.Input[]>; /** * Determines whether to use the CloudWatch alarm option in the service deployment process. */ enable: pulumi.Input; /** * Determines whether to configure Amazon ECS to roll back the service if a service deployment fails. If rollback is used, when a service deployment fails, the service is rolled back to the last deployment that completed successfully. */ rollback: pulumi.Input; } export interface ServiceCapacityProviderStrategy { /** * Number of tasks, at a minimum, to run on the specified capacity provider. Only one capacity provider in a capacity provider strategy can have a base defined. */ base?: pulumi.Input; /** * Short name of the capacity provider. */ capacityProvider: pulumi.Input; /** * Relative percentage of the total number of launched tasks that should use the specified capacity provider. */ weight?: pulumi.Input; } export interface ServiceDeploymentCircuitBreaker { /** * Whether to enable the deployment circuit breaker logic for the service. */ enable: pulumi.Input; /** * Whether to enable Amazon ECS to roll back the service if a service deployment fails. If rollback is enabled, when a service deployment fails, the service is rolled back to the last deployment that completed successfully. */ rollback: pulumi.Input; } export interface ServiceDeploymentController { /** * Type of deployment controller. Valid values: `CODE_DEPLOY`, `ECS`, `EXTERNAL`. Default: `ECS`. */ type?: pulumi.Input; } export interface ServiceLoadBalancer { /** * Name of the container to associate with the load balancer (as it appears in a container definition). */ containerName: pulumi.Input; /** * Port on the container to associate with the load balancer. * * > **Version note:** Multiple `loadBalancer` configuration block support was added in version 2.22.0 of the provider. This allows configuration of [ECS service support for multiple target groups](https://aws.amazon.com/about-aws/whats-new/2019/07/amazon-ecs-services-now-support-multiple-load-balancer-target-groups/). */ containerPort: pulumi.Input; /** * Name of the ELB (Classic) to associate with the service. */ elbName?: pulumi.Input; /** * ARN of the Load Balancer target group to associate with the service. */ targetGroupArn?: pulumi.Input; } export interface ServiceNetworkConfiguration { /** * Assign a public IP address to the ENI (Fargate launch type only). Valid values are `true` or `false`. Default `false`. * * For more information, see [Task Networking](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html) */ assignPublicIp?: pulumi.Input; /** * Security groups associated with the task or service. If you do not specify a security group, the default security group for the VPC is used. */ securityGroups?: pulumi.Input[]>; /** * Subnets associated with the task or service. */ subnets: pulumi.Input[]>; } export interface ServiceOrderedPlacementStrategy { /** * For the `spread` placement strategy, valid values are `instanceId` (or `host`, * which has the same effect), or any platform or custom attribute that is applied to a container instance. * For the `binpack` type, valid values are `memory` and `cpu`. For the `random` type, this attribute is not * needed. For more information, see [Placement Strategy](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_PlacementStrategy.html). * * > **Note:** for `spread`, `host` and `instanceId` will be normalized, by AWS, to be `instanceId`. This means the statefile will show `instanceId` but your config will differ if you use `host`. */ field?: pulumi.Input; /** * Type of placement strategy. Must be one of: `binpack`, `random`, or `spread` */ type: pulumi.Input; } export interface ServicePlacementConstraint { /** * Cluster Query Language expression to apply to the constraint. Does not need to be specified for the `distinctInstance` type. For more information, see [Cluster Query Language in the Amazon EC2 Container Service Developer Guide](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/cluster-query-language.html). */ expression?: pulumi.Input; /** * Type of constraint. The only valid values at this time are `memberOf` and `distinctInstance`. */ type: pulumi.Input; } export interface ServiceServiceConnectConfiguration { /** * Specifies whether to use Service Connect with this service. */ enabled: pulumi.Input; /** * The log configuration for the container. See below. */ logConfiguration?: pulumi.Input; /** * The namespace name or ARN of the `aws.servicediscovery.HttpNamespace` for use with Service Connect. */ namespace?: pulumi.Input; /** * The list of Service Connect service objects. See below. */ services?: pulumi.Input[]>; } export interface ServiceServiceConnectConfigurationLogConfiguration { /** * The log driver to use for the container. */ logDriver: pulumi.Input; /** * The configuration options to send to the log driver. */ options?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * The secrets to pass to the log configuration. See below. */ secretOptions?: pulumi.Input[]>; } export interface ServiceServiceConnectConfigurationLogConfigurationSecretOption { /** * The name of the secret. */ name: pulumi.Input; /** * The secret to expose to the container. The supported values are either the full ARN of the AWS Secrets Manager secret or the full ARN of the parameter in the SSM Parameter Store. */ valueFrom: pulumi.Input; } export interface ServiceServiceConnectConfigurationService { /** * The list of client aliases for this Service Connect service. You use these to assign names that can be used by client applications. The maximum number of client aliases that you can have in this list is 1. See below. */ clientAlias?: pulumi.Input[]>; /** * The name of the new AWS Cloud Map service that Amazon ECS creates for this Amazon ECS service. */ discoveryName?: pulumi.Input; /** * The port number for the Service Connect proxy to listen on. */ ingressPortOverride?: pulumi.Input; /** * The name of one of the `portMappings` from all the containers in the task definition of this Amazon ECS service. */ portName: pulumi.Input; /** * Configuration timeouts for Service Connect */ timeout?: pulumi.Input; /** * The configuration for enabling Transport Layer Security (TLS) */ tls?: pulumi.Input; } export interface ServiceServiceConnectConfigurationServiceClientAlias { /** * The name that you use in the applications of client tasks to connect to this service. */ dnsName?: pulumi.Input; /** * The listening port number for the Service Connect proxy. This port is available inside of all of the tasks within the same namespace. */ port: pulumi.Input; } export interface ServiceServiceConnectConfigurationServiceTimeout { /** * The amount of time in seconds a connection will stay active while idle. A value of 0 can be set to disable idleTimeout. */ idleTimeoutSeconds?: pulumi.Input; /** * The amount of time in seconds for the upstream to respond with a complete response per request. A value of 0 can be set to disable perRequestTimeout. Can only be set when appProtocol isn't TCP. */ perRequestTimeoutSeconds?: pulumi.Input; } export interface ServiceServiceConnectConfigurationServiceTls { /** * The details of the certificate authority which will issue the certificate. */ issuerCertAuthority: pulumi.Input; /** * The KMS key used to encrypt the private key in Secrets Manager. */ kmsKey?: pulumi.Input; /** * The ARN of the IAM Role that's associated with the Service Connect TLS. */ roleArn?: pulumi.Input; } export interface ServiceServiceConnectConfigurationServiceTlsIssuerCertAuthority { /** * The ARN of the `aws.acmpca.CertificateAuthority` used to create the TLS Certificates. */ awsPcaAuthorityArn: pulumi.Input; } export interface ServiceServiceRegistries { /** * Container name value, already specified in the task definition, to be used for your service discovery service. */ containerName?: pulumi.Input; /** * Port value, already specified in the task definition, to be used for your service discovery service. */ containerPort?: pulumi.Input; /** * Port value used if your Service Discovery service specified an SRV record. */ port?: pulumi.Input; /** * ARN of the Service Registry. The currently supported service registry is Amazon Route 53 Auto Naming Service(`aws.servicediscovery.Service`). For more information, see [Service](https://docs.aws.amazon.com/Route53/latest/APIReference/API_autonaming_Service.html) */ registryArn: pulumi.Input; } export interface TaskDefinitionEphemeralStorage { /** * The total amount, in GiB, of ephemeral storage to set for the task. The minimum supported value is `21` GiB and the maximum supported value is `200` GiB. */ sizeInGib: pulumi.Input; } export interface TaskDefinitionInferenceAccelerator { /** * Elastic Inference accelerator device name. The deviceName must also be referenced in a container definition as a ResourceRequirement. */ deviceName: pulumi.Input; /** * Elastic Inference accelerator type to use. */ deviceType: pulumi.Input; } export interface TaskDefinitionPlacementConstraint { /** * Cluster Query Language expression to apply to the constraint. For more information, see [Cluster Query Language in the Amazon EC2 Container Service Developer Guide](http://docs.aws.amazon.com/AmazonECS/latest/developerguide/cluster-query-language.html). */ expression?: pulumi.Input; /** * Type of constraint. Use `memberOf` to restrict selection to a group of valid candidates. Note that `distinctInstance` is not supported in task definitions. */ type: pulumi.Input; } export interface TaskDefinitionProxyConfiguration { /** * Name of the container that will serve as the App Mesh proxy. */ containerName: pulumi.Input; /** * Set of network configuration parameters to provide the Container Network Interface (CNI) plugin, specified a key-value mapping. */ properties?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Proxy type. The default value is `APPMESH`. The only supported value is `APPMESH`. */ type?: pulumi.Input; } export interface TaskDefinitionRuntimePlatform { /** * Must be set to either `X86_64` or `ARM64`; see [cpu architecture](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#runtime-platform) */ cpuArchitecture?: pulumi.Input; /** * If the `requiresCompatibilities` is `FARGATE` this field is required; must be set to a valid option from the [operating system family in the runtime platform](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#runtime-platform) setting */ operatingSystemFamily?: pulumi.Input; } export interface TaskDefinitionVolume { /** * Configuration block to configure a docker volume. Detailed below. */ dockerVolumeConfiguration?: pulumi.Input; /** * Configuration block for an EFS volume. Detailed below. */ efsVolumeConfiguration?: pulumi.Input; /** * Configuration block for an FSX Windows File Server volume. Detailed below. */ fsxWindowsFileServerVolumeConfiguration?: pulumi.Input; /** * Path on the host container instance that is presented to the container. If not set, ECS will create a nonpersistent data volume that starts empty and is deleted after the task has finished. */ hostPath?: pulumi.Input; /** * Name of the volume. This name is referenced in the `sourceVolume` * parameter of container definition in the `mountPoints` section. */ name: pulumi.Input; } export interface TaskDefinitionVolumeDockerVolumeConfiguration { /** * If this value is `true`, the Docker volume is created if it does not already exist. *Note*: This field is only used if the scope is `shared`. */ autoprovision?: pulumi.Input; /** * Docker volume driver to use. The driver value must match the driver name provided by Docker because it is used for task placement. */ driver?: pulumi.Input; /** * Map of Docker driver specific options. */ driverOpts?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Map of custom metadata to add to your Docker volume. */ labels?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Scope for the Docker volume, which determines its lifecycle, either `task` or `shared`. Docker volumes that are scoped to a `task` are automatically provisioned when the task starts and destroyed when the task stops. Docker volumes that are scoped as `shared` persist after the task stops. */ scope?: pulumi.Input; } export interface TaskDefinitionVolumeEfsVolumeConfiguration { /** * Configuration block for authorization for the Amazon EFS file system. Detailed below. */ authorizationConfig?: pulumi.Input; /** * ID of the EFS File System. */ fileSystemId: pulumi.Input; /** * Directory within the Amazon EFS file system to mount as the root directory inside the host. If this parameter is omitted, the root of the Amazon EFS volume will be used. Specifying / will have the same effect as omitting this parameter. This argument is ignored when using `authorizationConfig`. */ rootDirectory?: pulumi.Input; /** * Whether or not to enable encryption for Amazon EFS data in transit between the Amazon ECS host and the Amazon EFS server. Transit encryption must be enabled if Amazon EFS IAM authorization is used. Valid values: `ENABLED`, `DISABLED`. If this parameter is omitted, the default value of `DISABLED` is used. */ transitEncryption?: pulumi.Input; /** * Port to use for transit encryption. If you do not specify a transit encryption port, it will use the port selection strategy that the Amazon EFS mount helper uses. */ transitEncryptionPort?: pulumi.Input; } export interface TaskDefinitionVolumeEfsVolumeConfigurationAuthorizationConfig { /** * Access point ID to use. If an access point is specified, the root directory value will be relative to the directory set for the access point. If specified, transit encryption must be enabled in the EFSVolumeConfiguration. */ accessPointId?: pulumi.Input; /** * Whether or not to use the Amazon ECS task IAM role defined in a task definition when mounting the Amazon EFS file system. If enabled, transit encryption must be enabled in the EFSVolumeConfiguration. Valid values: `ENABLED`, `DISABLED`. If this parameter is omitted, the default value of `DISABLED` is used. */ iam?: pulumi.Input; } export interface TaskDefinitionVolumeFsxWindowsFileServerVolumeConfiguration { /** * Configuration block for authorization for the Amazon FSx for Windows File Server file system detailed below. */ authorizationConfig: pulumi.Input; /** * The Amazon FSx for Windows File Server file system ID to use. */ fileSystemId: pulumi.Input; /** * The directory within the Amazon FSx for Windows File Server file system to mount as the root directory inside the host. */ rootDirectory: pulumi.Input; } export interface TaskDefinitionVolumeFsxWindowsFileServerVolumeConfigurationAuthorizationConfig { /** * The authorization credential option to use. The authorization credential options can be provided using either the Amazon Resource Name (ARN) of an AWS Secrets Manager secret or AWS Systems Manager Parameter Store parameter. The ARNs refer to the stored credentials. */ credentialsParameter: pulumi.Input; /** * A fully qualified domain name hosted by an AWS Directory Service Managed Microsoft AD (Active Directory) or self-hosted AD on Amazon EC2. */ domain: pulumi.Input; } export interface TaskSetCapacityProviderStrategy { /** * The number of tasks, at a minimum, to run on the specified capacity provider. Only one capacity provider in a capacity provider strategy can have a base defined. */ base?: pulumi.Input; /** * The short name or full Amazon Resource Name (ARN) of the capacity provider. */ capacityProvider: pulumi.Input; /** * The relative percentage of the total number of launched tasks that should use the specified capacity provider. */ weight: pulumi.Input; } export interface TaskSetLoadBalancer { /** * The name of the container to associate with the load balancer (as it appears in a container definition). */ containerName: pulumi.Input; /** * The port on the container to associate with the load balancer. Defaults to `0` if not specified. * * > **Note:** Specifying multiple `loadBalancer` configurations is still not supported by AWS for ECS task set. */ containerPort?: pulumi.Input; /** * The name of the ELB (Classic) to associate with the service. */ loadBalancerName?: pulumi.Input; /** * The ARN of the Load Balancer target group to associate with the service. */ targetGroupArn?: pulumi.Input; } export interface TaskSetNetworkConfiguration { /** * Whether to assign a public IP address to the ENI (`FARGATE` launch type only). Valid values are `true` or `false`. Default `false`. * * For more information, see [Task Networking](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html). */ assignPublicIp?: pulumi.Input; /** * The security groups associated with the task or service. If you do not specify a security group, the default security group for the VPC is used. Maximum of 5. */ securityGroups?: pulumi.Input[]>; /** * The subnets associated with the task or service. Maximum of 16. */ subnets: pulumi.Input[]>; } export interface TaskSetScale { /** * The unit of measure for the scale value. Default: `PERCENT`. */ unit?: pulumi.Input; /** * The value, specified as a percent total of a service's `desiredCount`, to scale the task set. Defaults to `0` if not specified. Accepted values are numbers between 0.0 and 100.0. */ value?: pulumi.Input; } export interface TaskSetServiceRegistries { /** * The container name value, already specified in the task definition, to be used for your service discovery service. */ containerName?: pulumi.Input; /** * The port value, already specified in the task definition, to be used for your service discovery service. */ containerPort?: pulumi.Input; /** * The port value used if your Service Discovery service specified an SRV record. */ port?: pulumi.Input; /** * The ARN of the Service Registry. The currently supported service registry is Amazon Route 53 Auto Naming Service(`aws.servicediscovery.Service` resource). For more information, see [Service](https://docs.aws.amazon.com/Route53/latest/APIReference/API_autonaming_Service.html). */ registryArn: pulumi.Input; } } export namespace efs { export interface AccessPointPosixUser { /** * POSIX group ID used for all file system operations using this access point. */ gid: pulumi.Input; /** * Secondary POSIX group IDs used for all file system operations using this access point. */ secondaryGids?: pulumi.Input[]>; /** * POSIX user ID used for all file system operations using this access point. */ uid: pulumi.Input; } export interface AccessPointRootDirectory { /** * POSIX IDs and permissions to apply to the access point's Root Directory. See Creation Info below. */ creationInfo?: pulumi.Input; /** * Path on the EFS file system to expose as the root directory to NFS clients using the access point to access the EFS file system. A path can have up to four subdirectories. If the specified path does not exist, you are required to provide `creationInfo`. */ path?: pulumi.Input; } export interface AccessPointRootDirectoryCreationInfo { /** * POSIX group ID to apply to the `rootDirectory`. */ ownerGid: pulumi.Input; /** * POSIX user ID to apply to the `rootDirectory`. */ ownerUid: pulumi.Input; /** * POSIX permissions to apply to the RootDirectory, in the format of an octal number representing the file's mode bits. */ permissions: pulumi.Input; } export interface BackupPolicyBackupPolicy { /** * A status of the backup policy. Valid values: `ENABLED`, `DISABLED`. */ status: pulumi.Input; } export interface FileSystemLifecyclePolicy { /** * Indicates how long it takes to transition files to the archive storage class. Requires transition_to_ia, Elastic Throughput and General Purpose performance mode. Valid values: `AFTER_1_DAY`, `AFTER_7_DAYS`, `AFTER_14_DAYS`, `AFTER_30_DAYS`, `AFTER_60_DAYS`, `AFTER_90_DAYS`, `AFTER_180_DAYS`, `AFTER_270_DAYS`, or `AFTER_365_DAYS`. */ transitionToArchive?: pulumi.Input; /** * Indicates how long it takes to transition files to the IA storage class. Valid values: `AFTER_1_DAY`, `AFTER_7_DAYS`, `AFTER_14_DAYS`, `AFTER_30_DAYS`, `AFTER_60_DAYS`, `AFTER_90_DAYS`, `AFTER_180_DAYS`, `AFTER_270_DAYS`, or `AFTER_365_DAYS`. */ transitionToIa?: pulumi.Input; /** * Describes the policy used to transition a file from infequent access storage to primary storage. Valid values: `AFTER_1_ACCESS`. */ transitionToPrimaryStorageClass?: pulumi.Input; } export interface FileSystemProtection { /** * Indicates whether replication overwrite protection is enabled. Valid values: `ENABLED` or `DISABLED`. */ replicationOverwrite?: pulumi.Input; } export interface FileSystemSizeInByte { /** * The latest known metered size (in bytes) of data stored in the file system. */ value?: pulumi.Input; /** * The latest known metered size (in bytes) of data stored in the Infrequent Access storage class. */ valueInIa?: pulumi.Input; /** * The latest known metered size (in bytes) of data stored in the Standard storage class. */ valueInStandard?: pulumi.Input; } export interface ReplicationConfigurationDestination { /** * The availability zone in which the replica should be created. If specified, the replica will be created with One Zone storage. If omitted, regional storage will be used. */ availabilityZoneName?: pulumi.Input; /** * The ID of the destination file system for the replication. If no ID is provided, then EFS creates a new file system with the default settings. */ fileSystemId?: pulumi.Input; /** * The Key ID, ARN, alias, or alias ARN of the KMS key that should be used to encrypt the replica file system. If omitted, the default KMS key for EFS `/aws/elasticfilesystem` will be used. */ kmsKeyId?: pulumi.Input; /** * The region in which the replica should be created. */ region?: pulumi.Input; status?: pulumi.Input; } } export namespace eks { export interface AccessPolicyAssociationAccessScope { /** * The namespaces to which the access scope applies when type is namespace. */ namespaces?: pulumi.Input[]>; /** * Valid values are `namespace` or `cluster`. */ type: pulumi.Input; } export interface ClusterAccessConfig { /** * The authentication mode for the cluster. Valid values are `CONFIG_MAP`, `API` or `API_AND_CONFIG_MAP` */ authenticationMode?: pulumi.Input; /** * Whether or not to bootstrap the access config values to the cluster. Default is `true`. */ bootstrapClusterCreatorAdminPermissions?: pulumi.Input; } export interface ClusterCertificateAuthority { /** * Base64 encoded certificate data required to communicate with your cluster. Add this to the `certificate-authority-data` section of the `kubeconfig` file for your cluster. */ data?: pulumi.Input; } export interface ClusterEncryptionConfig { /** * Configuration block with provider for encryption. Detailed below. */ provider: pulumi.Input; /** * List of strings with resources to be encrypted. Valid values: `secrets`. */ resources: pulumi.Input[]>; } export interface ClusterEncryptionConfigProvider { /** * ARN of the Key Management Service (KMS) customer master key (CMK). The CMK must be symmetric, created in the same region as the cluster, and if the CMK was created in a different account, the user must have access to the CMK. For more information, see [Allowing Users in Other Accounts to Use a CMK in the AWS Key Management Service Developer Guide](https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-modifying-external-accounts.html). */ keyArn: pulumi.Input; } export interface ClusterIdentity { /** * Nested block containing [OpenID Connect](https://openid.net/connect/) identity provider information for the cluster. Detailed below. */ oidcs?: pulumi.Input[]>; } export interface ClusterIdentityOidc { /** * Issuer URL for the OpenID Connect identity provider. */ issuer?: pulumi.Input; } export interface ClusterKubernetesNetworkConfig { /** * The IP family used to assign Kubernetes pod and service addresses. Valid values are `ipv4` (default) and `ipv6`. You can only specify an IP family when you create a cluster, changing this value will force a new cluster to be created. */ ipFamily?: pulumi.Input; /** * The CIDR block to assign Kubernetes pod and service IP addresses from. If you don't specify a block, Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks. We recommend that you specify a block that does not overlap with resources in other networks that are peered or connected to your VPC. You can only specify a custom CIDR block when you create a cluster, changing this value will force a new cluster to be created. The block must meet the following requirements: * * * Within one of the following private IP address blocks: 10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16. * * * Doesn't overlap with any CIDR block assigned to the VPC that you selected for VPC. * * * Between /24 and /12. */ serviceIpv4Cidr?: pulumi.Input; /** * The CIDR block that Kubernetes pod and service IP addresses are assigned from if you specified `ipv6` for ipFamily when you created the cluster. Kubernetes assigns service addresses from the unique local address range (fc00::/7) because you can't specify a custom IPv6 CIDR block when you create the cluster. */ serviceIpv6Cidr?: pulumi.Input; } export interface ClusterOutpostConfig { /** * The Amazon EC2 instance type that you want to use for your local Amazon EKS cluster on Outposts. The instance type that you specify is used for all Kubernetes control plane instances. The instance type can't be changed after cluster creation. Choose an instance type based on the number of nodes that your cluster will have. If your cluster will have: * * * 1–20 nodes, then we recommend specifying a large instance type. * * * 21–100 nodes, then we recommend specifying an xlarge instance type. * * * 101–250 nodes, then we recommend specifying a 2xlarge instance type. * * For a list of the available Amazon EC2 instance types, see Compute and storage in AWS Outposts rack features The control plane is not automatically scaled by Amazon EKS. */ controlPlaneInstanceType: pulumi.Input; /** * An object representing the placement configuration for all the control plane instances of your local Amazon EKS cluster on AWS Outpost. * The `controlPlanePlacement` configuration block supports the following arguments: */ controlPlanePlacement?: pulumi.Input; /** * The ARN of the Outpost that you want to use for your local Amazon EKS cluster on Outposts. This argument is a list of arns, but only a single Outpost ARN is supported currently. */ outpostArns: pulumi.Input[]>; } export interface ClusterOutpostConfigControlPlanePlacement { /** * The name of the placement group for the Kubernetes control plane instances. This setting can't be changed after cluster creation. */ groupName: pulumi.Input; } export interface ClusterVpcConfig { /** * Cluster security group that was created by Amazon EKS for the cluster. Managed node groups use this security group for control-plane-to-data-plane communication. */ clusterSecurityGroupId?: pulumi.Input; /** * Whether the Amazon EKS private API server endpoint is enabled. Default is `false`. */ endpointPrivateAccess?: pulumi.Input; /** * Whether the Amazon EKS public API server endpoint is enabled. Default is `true`. */ endpointPublicAccess?: pulumi.Input; /** * List of CIDR blocks. Indicates which CIDR blocks can access the Amazon EKS public API server endpoint when enabled. EKS defaults this to a list with `0.0.0.0/0`. The provider will only perform drift detection of its value when present in a configuration. */ publicAccessCidrs?: pulumi.Input[]>; /** * List of security group IDs for the cross-account elastic network interfaces that Amazon EKS creates to use to allow communication between your worker nodes and the Kubernetes control plane. */ securityGroupIds?: pulumi.Input[]>; /** * List of subnet IDs. Must be in at least two different availability zones. Amazon EKS creates cross-account elastic network interfaces in these subnets to allow communication between your worker nodes and the Kubernetes control plane. */ subnetIds: pulumi.Input[]>; /** * ID of the VPC associated with your cluster. */ vpcId?: pulumi.Input; } export interface FargateProfileSelector { /** * Key-value map of Kubernetes labels for selection. */ labels?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Kubernetes namespace for selection. * * The following arguments are optional: */ namespace: pulumi.Input; } export interface IdentityProviderConfigOidc { /** * Client ID for the OpenID Connect identity provider. */ clientId: pulumi.Input; /** * The JWT claim that the provider will use to return groups. */ groupsClaim?: pulumi.Input; /** * A prefix that is prepended to group claims e.g., `oidc:`. */ groupsPrefix?: pulumi.Input; /** * The name of the identity provider config. */ identityProviderConfigName: pulumi.Input; /** * Issuer URL for the OpenID Connect identity provider. */ issuerUrl: pulumi.Input; /** * The key value pairs that describe required claims in the identity token. */ requiredClaims?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * The JWT claim that the provider will use as the username. */ usernameClaim?: pulumi.Input; /** * A prefix that is prepended to username claims. */ usernamePrefix?: pulumi.Input; } export interface NodeGroupLaunchTemplate { /** * Identifier of the EC2 Launch Template. Conflicts with `name`. */ id?: pulumi.Input; /** * Name of the EC2 Launch Template. Conflicts with `id`. */ name?: pulumi.Input; /** * EC2 Launch Template version number. While the API accepts values like `$Default` and `$Latest`, the API will convert the value to the associated version number (e.g., `1`) on read and the provider will show a difference on next plan. Using the `defaultVersion` or `latestVersion` attribute of the `aws.ec2.LaunchTemplate` resource or data source is recommended for this argument. */ version: pulumi.Input; } export interface NodeGroupRemoteAccess { /** * EC2 Key Pair name that provides access for remote communication with the worker nodes in the EKS Node Group. If you specify this configuration, but do not specify `sourceSecurityGroupIds` when you create an EKS Node Group, either port 3389 for Windows, or port 22 for all other operating systems is opened on the worker nodes to the Internet (0.0.0.0/0). For Windows nodes, this will allow you to use RDP, for all others this allows you to SSH into the worker nodes. */ ec2SshKey?: pulumi.Input; /** * Set of EC2 Security Group IDs to allow SSH access (port 22) from on the worker nodes. If you specify `ec2SshKey`, but do not specify this configuration when you create an EKS Node Group, port 22 on the worker nodes is opened to the Internet (0.0.0.0/0). */ sourceSecurityGroupIds?: pulumi.Input[]>; } export interface NodeGroupResource { /** * List of objects containing information about AutoScaling Groups. */ autoscalingGroups?: pulumi.Input[]>; /** * Identifier of the remote access EC2 Security Group. */ remoteAccessSecurityGroupId?: pulumi.Input; } export interface NodeGroupResourceAutoscalingGroup { /** * Name of the AutoScaling Group. */ name?: pulumi.Input; } export interface NodeGroupScalingConfig { /** * Desired number of worker nodes. */ desiredSize: pulumi.Input; /** * Maximum number of worker nodes. */ maxSize: pulumi.Input; /** * Minimum number of worker nodes. */ minSize: pulumi.Input; } export interface NodeGroupTaint { /** * The effect of the taint. Valid values: `NO_SCHEDULE`, `NO_EXECUTE`, `PREFER_NO_SCHEDULE`. */ effect: pulumi.Input; /** * The key of the taint. Maximum length of 63. */ key: pulumi.Input; /** * The value of the taint. Maximum length of 63. */ value?: pulumi.Input; } export interface NodeGroupUpdateConfig { /** * Desired max number of unavailable worker nodes during node group update. */ maxUnavailable?: pulumi.Input; /** * Desired max percentage of unavailable worker nodes during node group update. */ maxUnavailablePercentage?: pulumi.Input; } } export namespace elasticache { export interface ClusterCacheNode { address?: pulumi.Input; /** * Availability Zone for the cache cluster. If you want to create cache nodes in multi-az, use `preferredAvailabilityZones` instead. Default: System chosen Availability Zone. Changing this value will re-create the resource. */ availabilityZone?: pulumi.Input; id?: pulumi.Input; outpostArn?: pulumi.Input; /** * The port number on which each of the cache nodes will accept connections. For Memcached the default is 11211, and for Redis the default port is 6379. Cannot be provided with `replicationGroupId`. Changing this value will re-create the resource. */ port?: pulumi.Input; } export interface ClusterLogDeliveryConfiguration { /** * Name of either the CloudWatch Logs LogGroup or Kinesis Data Firehose resource. */ destination: pulumi.Input; /** * For CloudWatch Logs use `cloudwatch-logs` or for Kinesis Data Firehose use `kinesis-firehose`. */ destinationType: pulumi.Input; /** * Valid values are `json` or `text` */ logFormat: pulumi.Input; /** * Valid values are `slow-log` or `engine-log`. Max 1 of each. */ logType: pulumi.Input; } export interface GetUserAuthenticationMode { passwordCount?: number; type?: string; } export interface GetUserAuthenticationModeArgs { passwordCount?: pulumi.Input; type?: pulumi.Input; } export interface GlobalReplicationGroupGlobalNodeGroup { /** * The ID of the global node group. */ globalNodeGroupId?: pulumi.Input; /** * The keyspace for this node group. */ slots?: pulumi.Input; } export interface ParameterGroupParameter { /** * The name of the ElastiCache parameter. */ name: pulumi.Input; /** * The value of the ElastiCache parameter. */ value: pulumi.Input; } export interface ReplicationGroupLogDeliveryConfiguration { /** * Name of either the CloudWatch Logs LogGroup or Kinesis Data Firehose resource. */ destination: pulumi.Input; /** * For CloudWatch Logs use `cloudwatch-logs` or for Kinesis Data Firehose use `kinesis-firehose`. */ destinationType: pulumi.Input; /** * Valid values are `json` or `text` */ logFormat: pulumi.Input; /** * Valid values are `slow-log` or `engine-log`. Max 1 of each. */ logType: pulumi.Input; } export interface ServerlessCacheCacheUsageLimits { dataStorage?: pulumi.Input; ecpuPerSeconds?: pulumi.Input[]>; } export interface ServerlessCacheCacheUsageLimitsDataStorage { maximum?: pulumi.Input; minimum?: pulumi.Input; unit: pulumi.Input; } export interface ServerlessCacheCacheUsageLimitsEcpuPerSecond { maximum?: pulumi.Input; minimum?: pulumi.Input; } export interface ServerlessCacheEndpoint { /** * The DNS hostname of the cache node. */ address: pulumi.Input; /** * The port number that the cache engine is listening on. Set as integer. */ port: pulumi.Input; } export interface ServerlessCacheReaderEndpoint { /** * The DNS hostname of the cache node. */ address: pulumi.Input; /** * The port number that the cache engine is listening on. Set as integer. */ port: pulumi.Input; } export interface ServerlessCacheTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface UserAuthenticationMode { passwordCount?: pulumi.Input; /** * Specifies the passwords to use for authentication if `type` is set to `password`. */ passwords?: pulumi.Input[]>; /** * Specifies the authentication type. Possible options are: `password`, `no-password-required` or `iam`. */ type: pulumi.Input; } } export namespace elasticbeanstalk { export interface ApplicationAppversionLifecycle { /** * Set to `true` to delete a version's source bundle from S3 when the application version is deleted. */ deleteSourceFromS3?: pulumi.Input; /** * The number of days to retain an application version ('max_age_in_days' and 'max_count' cannot be enabled simultaneously.). */ maxAgeInDays?: pulumi.Input; /** * The maximum number of application versions to retain ('max_age_in_days' and 'max_count' cannot be enabled simultaneously.). */ maxCount?: pulumi.Input; /** * The ARN of an IAM service role under which the application version is deleted. Elastic Beanstalk must have permission to assume this role. */ serviceRole: pulumi.Input; } export interface ConfigurationTemplateSetting { /** * A unique name for this Template. */ name: pulumi.Input; namespace: pulumi.Input; resource?: pulumi.Input; value: pulumi.Input; } export interface EnvironmentAllSetting { /** * A unique name for this Environment. This name is used * in the application URL */ name: pulumi.Input; namespace: pulumi.Input; resource?: pulumi.Input; value: pulumi.Input; } export interface EnvironmentSetting { /** * A unique name for this Environment. This name is used * in the application URL */ name: pulumi.Input; namespace: pulumi.Input; resource?: pulumi.Input; value: pulumi.Input; } } export namespace elasticsearch { export interface DomainAdvancedSecurityOptions { /** * Whether advanced security is enabled. */ enabled: pulumi.Input; /** * Whether the internal user database is enabled. If not set, defaults to `false` by the AWS API. */ internalUserDatabaseEnabled?: pulumi.Input; /** * Configuration block for the main user. Detailed below. */ masterUserOptions?: pulumi.Input; } export interface DomainAdvancedSecurityOptionsMasterUserOptions { /** * ARN for the main user. Only specify if `internalUserDatabaseEnabled` is not set or set to `false`. */ masterUserArn?: pulumi.Input; /** * Main user's username, which is stored in the Amazon Elasticsearch Service domain's internal database. Only specify if `internalUserDatabaseEnabled` is set to `true`. */ masterUserName?: pulumi.Input; /** * Main user's password, which is stored in the Amazon Elasticsearch Service domain's internal database. Only specify if `internalUserDatabaseEnabled` is set to `true`. */ masterUserPassword?: pulumi.Input; } export interface DomainAutoTuneOptions { /** * The Auto-Tune desired state for the domain. Valid values: `ENABLED` or `DISABLED`. */ desiredState: pulumi.Input; /** * Configuration block for Auto-Tune maintenance windows. Can be specified multiple times for each maintenance window. Detailed below. */ maintenanceSchedules?: pulumi.Input[]>; /** * Whether to roll back to default Auto-Tune settings when disabling Auto-Tune. Valid values: `DEFAULT_ROLLBACK` or `NO_ROLLBACK`. */ rollbackOnDisable?: pulumi.Input; } export interface DomainAutoTuneOptionsMaintenanceSchedule { /** * A cron expression specifying the recurrence pattern for an Auto-Tune maintenance schedule. */ cronExpressionForRecurrence: pulumi.Input; /** * Configuration block for the duration of the Auto-Tune maintenance window. Detailed below. */ duration: pulumi.Input; /** * Date and time at which to start the Auto-Tune maintenance schedule in [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8). */ startAt: pulumi.Input; } export interface DomainAutoTuneOptionsMaintenanceScheduleDuration { /** * The unit of time specifying the duration of an Auto-Tune maintenance window. Valid values: `HOURS`. */ unit: pulumi.Input; /** * An integer specifying the value of the duration of an Auto-Tune maintenance window. */ value: pulumi.Input; } export interface DomainClusterConfig { /** * Configuration block containing cold storage configuration. Detailed below. */ coldStorageOptions?: pulumi.Input; /** * Number of dedicated main nodes in the cluster. */ dedicatedMasterCount?: pulumi.Input; /** * Whether dedicated main nodes are enabled for the cluster. */ dedicatedMasterEnabled?: pulumi.Input; /** * Instance type of the dedicated main nodes in the cluster. */ dedicatedMasterType?: pulumi.Input; /** * Number of instances in the cluster. */ instanceCount?: pulumi.Input; /** * Instance type of data nodes in the cluster. */ instanceType?: pulumi.Input; /** * Number of warm nodes in the cluster. Valid values are between `2` and `150`. `warmCount` can be only and must be set when `warmEnabled` is set to `true`. */ warmCount?: pulumi.Input; /** * Whether to enable warm storage. */ warmEnabled?: pulumi.Input; /** * Instance type for the Elasticsearch cluster's warm nodes. Valid values are `ultrawarm1.medium.elasticsearch`, `ultrawarm1.large.elasticsearch` and `ultrawarm1.xlarge.elasticsearch`. `warmType` can be only and must be set when `warmEnabled` is set to `true`. */ warmType?: pulumi.Input; /** * Configuration block containing zone awareness settings. Detailed below. */ zoneAwarenessConfig?: pulumi.Input; /** * Whether zone awareness is enabled, set to `true` for multi-az deployment. To enable awareness with three Availability Zones, the `availabilityZoneCount` within the `zoneAwarenessConfig` must be set to `3`. */ zoneAwarenessEnabled?: pulumi.Input; } export interface DomainClusterConfigColdStorageOptions { /** * Boolean to enable cold storage for an Elasticsearch domain. Defaults to `false`. Master and ultrawarm nodes must be enabled for cold storage. */ enabled?: pulumi.Input; } export interface DomainClusterConfigZoneAwarenessConfig { /** * Number of Availability Zones for the domain to use with `zoneAwarenessEnabled`. Defaults to `2`. Valid values: `2` or `3`. */ availabilityZoneCount?: pulumi.Input; } export interface DomainCognitoOptions { /** * Whether Amazon Cognito authentication with Kibana is enabled or not. */ enabled?: pulumi.Input; /** * ID of the Cognito Identity Pool to use. */ identityPoolId: pulumi.Input; /** * ARN of the IAM role that has the AmazonESCognitoAccess policy attached. */ roleArn: pulumi.Input; /** * ID of the Cognito User Pool to use. */ userPoolId: pulumi.Input; } export interface DomainDomainEndpointOptions { /** * Fully qualified domain for your custom endpoint. */ customEndpoint?: pulumi.Input; /** * ACM certificate ARN for your custom endpoint. */ customEndpointCertificateArn?: pulumi.Input; /** * Whether to enable custom endpoint for the Elasticsearch domain. */ customEndpointEnabled?: pulumi.Input; /** * Whether or not to require HTTPS. Defaults to `true`. */ enforceHttps?: pulumi.Input; /** * Name of the TLS security policy that needs to be applied to the HTTPS endpoint. Valid values: `Policy-Min-TLS-1-0-2019-07` and `Policy-Min-TLS-1-2-2019-07`. The provider will only perform drift detection if a configuration value is provided. */ tlsSecurityPolicy?: pulumi.Input; } export interface DomainEbsOptions { /** * Whether EBS volumes are attached to data nodes in the domain. */ ebsEnabled: pulumi.Input; /** * Baseline input/output (I/O) performance of EBS volumes attached to data nodes. Applicable only for the GP3 and Provisioned IOPS EBS volume types. */ iops?: pulumi.Input; /** * Specifies the throughput (in MiB/s) of the EBS volumes attached to data nodes. Applicable only for the gp3 volume type. */ throughput?: pulumi.Input; /** * Size of EBS volumes attached to data nodes (in GiB). */ volumeSize?: pulumi.Input; /** * Type of EBS volumes attached to data nodes. */ volumeType?: pulumi.Input; } export interface DomainEncryptAtRest { /** * Whether to enable encryption at rest. If the `encryptAtRest` block is not provided then this defaults to `false`. Enabling encryption on new domains requires `elasticsearchVersion` 5.1 or greater. */ enabled: pulumi.Input; /** * KMS key ARN to encrypt the Elasticsearch domain with. If not specified then it defaults to using the `aws/es` service KMS key. Note that KMS will accept a KMS key ID but will return the key ARN. To prevent the provider detecting unwanted changes, use the key ARN instead. */ kmsKeyId?: pulumi.Input; } export interface DomainLogPublishingOption { /** * ARN of the Cloudwatch log group to which log needs to be published. */ cloudwatchLogGroupArn: pulumi.Input; /** * Whether given log publishing option is enabled or not. */ enabled?: pulumi.Input; /** * Type of Elasticsearch log. Valid values: `INDEX_SLOW_LOGS`, `SEARCH_SLOW_LOGS`, `ES_APPLICATION_LOGS`, `AUDIT_LOGS`. */ logType: pulumi.Input; } export interface DomainNodeToNodeEncryption { /** * Whether to enable node-to-node encryption. If the `nodeToNodeEncryption` block is not provided then this defaults to `false`. Enabling node-to-node encryption of a new domain requires an `elasticsearchVersion` of `6.0` or greater. */ enabled: pulumi.Input; } export interface DomainSamlOptionsSamlOptions { /** * Whether SAML authentication is enabled. */ enabled?: pulumi.Input; /** * Information from your identity provider. */ idp?: pulumi.Input; /** * This backend role from the SAML IdP receives full permissions to the cluster, equivalent to a new master user. */ masterBackendRole?: pulumi.Input; /** * This username from the SAML IdP receives full permissions to the cluster, equivalent to a new master user. */ masterUserName?: pulumi.Input; /** * Element of the SAML assertion to use for backend roles. Default is roles. */ rolesKey?: pulumi.Input; /** * Duration of a session in minutes after a user logs in. Default is 60. Maximum value is 1,440. */ sessionTimeoutMinutes?: pulumi.Input; /** * Custom SAML attribute to use for user names. Default is an empty string - `""`. This will cause Elasticsearch to use the `NameID` element of the `Subject`, which is the default location for name identifiers in the SAML specification. */ subjectKey?: pulumi.Input; } export interface DomainSamlOptionsSamlOptionsIdp { /** * The unique Entity ID of the application in SAML Identity Provider. */ entityId: pulumi.Input; /** * The Metadata of the SAML application in xml format. */ metadataContent: pulumi.Input; } export interface DomainSnapshotOptions { /** * Hour during which the service takes an automated daily snapshot of the indices in the domain. */ automatedSnapshotStartHour: pulumi.Input; } export interface DomainVpcOptions { /** * If the domain was created inside a VPC, the names of the availability zones the configured `subnetIds` were created inside. */ availabilityZones?: pulumi.Input[]>; /** * List of VPC Security Group IDs to be applied to the Elasticsearch domain endpoints. If omitted, the default Security Group for the VPC will be used. */ securityGroupIds?: pulumi.Input[]>; /** * List of VPC Subnet IDs for the Elasticsearch domain endpoints to be created in. */ subnetIds?: pulumi.Input[]>; /** * If the domain was created inside a VPC, the ID of the VPC. */ vpcId?: pulumi.Input; } export interface VpcEndpointVpcOptions { availabilityZones?: pulumi.Input[]>; /** * The list of security group IDs associated with the VPC endpoints for the domain. If you do not provide a security group ID, elasticsearch Service uses the default security group for the VPC. */ securityGroupIds?: pulumi.Input[]>; /** * A list of subnet IDs associated with the VPC endpoints for the domain. If your domain uses multiple Availability Zones, you need to provide two subnet IDs, one per zone. Otherwise, provide only one. */ subnetIds: pulumi.Input[]>; vpcId?: pulumi.Input; } } export namespace elastictranscoder { export interface PipelineContentConfig { /** * The Amazon S3 bucket in which you want Elastic Transcoder to save transcoded files and playlists. */ bucket?: pulumi.Input; /** * The Amazon S3 storage class, `Standard` or `ReducedRedundancy`, that you want Elastic Transcoder to assign to the files and playlists that it stores in your Amazon S3 bucket. */ storageClass?: pulumi.Input; } export interface PipelineContentConfigPermission { /** * The permission that you want to give to the AWS user that you specified in `content_config_permissions.grantee`. Valid values are `Read`, `ReadAcp`, `WriteAcp` or `FullControl`. */ accesses?: pulumi.Input[]>; /** * The AWS user or group that you want to have access to transcoded files and playlists. */ grantee?: pulumi.Input; /** * Specify the type of value that appears in the `content_config_permissions.grantee` object. Valid values are `Canonical`, `Email` or `Group`. */ granteeType?: pulumi.Input; } export interface PipelineNotifications { /** * The topic ARN for the Amazon SNS topic that you want to notify when Elastic Transcoder has finished processing a job in this pipeline. */ completed?: pulumi.Input; /** * The topic ARN for the Amazon SNS topic that you want to notify when Elastic Transcoder encounters an error condition while processing a job in this pipeline. */ error?: pulumi.Input; /** * The topic ARN for the Amazon Simple Notification Service (Amazon SNS) topic that you want to notify when Elastic Transcoder has started to process a job in this pipeline. */ progressing?: pulumi.Input; /** * The topic ARN for the Amazon SNS topic that you want to notify when Elastic Transcoder encounters a warning condition while processing a job in this pipeline. * * The `thumbnailConfig` object specifies information about the Amazon S3 bucket in * which you want Elastic Transcoder to save thumbnail files: which bucket to use, * which users you want to have access to the files, the type of access you want * users to have, and the storage class that you want to assign to the files. If * you specify values for `contentConfig`, you must also specify values for * `thumbnailConfig` even if you don't want to create thumbnails. (You control * whether to create thumbnails when you create a job. For more information, see * ThumbnailPattern in the topic Create Job.) If you specify values for * `contentConfig` and `thumbnailConfig`, omit the OutputBucket object. */ warning?: pulumi.Input; } export interface PipelineThumbnailConfig { /** * The Amazon S3 bucket in which you want Elastic Transcoder to save thumbnail files. */ bucket?: pulumi.Input; /** * The Amazon S3 storage class, Standard or ReducedRedundancy, that you want Elastic Transcoder to assign to the thumbnails that it stores in your Amazon S3 bucket. */ storageClass?: pulumi.Input; } export interface PipelineThumbnailConfigPermission { /** * The permission that you want to give to the AWS user that you specified in `thumbnail_config_permissions.grantee`. Valid values are `Read`, `ReadAcp`, `WriteAcp` or `FullControl`. */ accesses?: pulumi.Input[]>; /** * The AWS user or group that you want to have access to thumbnail files. */ grantee?: pulumi.Input; /** * Specify the type of value that appears in the `thumbnail_config_permissions.grantee` object. Valid values are `Canonical`, `Email` or `Group`. */ granteeType?: pulumi.Input; } export interface PresetAudio { /** * The method of organizing audio channels and tracks. Use Audio:Channels to specify the number of channels in your output, and Audio:AudioPackingMode to specify the number of tracks and their relation to the channels. If you do not specify an Audio:AudioPackingMode, Elastic Transcoder uses SingleTrack. */ audioPackingMode?: pulumi.Input; /** * The bit rate of the audio stream in the output file, in kilobits/second. Enter an integer between 64 and 320, inclusive. */ bitRate?: pulumi.Input; /** * The number of audio channels in the output file */ channels?: pulumi.Input; /** * The audio codec for the output file. Valid values are `AAC`, `flac`, `mp2`, `mp3`, `pcm`, and `vorbis`. */ codec?: pulumi.Input; /** * The sample rate of the audio stream in the output file, in hertz. Valid values are: `auto`, `22050`, `32000`, `44100`, `48000`, `96000` */ sampleRate?: pulumi.Input; } export interface PresetAudioCodecOptions { /** * The bit depth of a sample is how many bits of information are included in the audio samples. Valid values are `16` and `24`. (FLAC/PCM Only) */ bitDepth?: pulumi.Input; /** * The order the bits of a PCM sample are stored in. The supported value is LittleEndian. (PCM Only) */ bitOrder?: pulumi.Input; /** * If you specified AAC for Audio:Codec, choose the AAC profile for the output file. */ profile?: pulumi.Input; /** * Whether audio samples are represented with negative and positive numbers (signed) or only positive numbers (unsigned). The supported value is Signed. (PCM Only) */ signed?: pulumi.Input; } export interface PresetThumbnails { /** * The aspect ratio of thumbnails. The following values are valid: auto, 1:1, 4:3, 3:2, 16:9 */ aspectRatio?: pulumi.Input; /** * The format of thumbnails, if any. Valid formats are jpg and png. */ format?: pulumi.Input; /** * The approximate number of seconds between thumbnails. The value must be an integer. The actual interval can vary by several seconds from one thumbnail to the next. */ interval?: pulumi.Input; /** * The maximum height of thumbnails, in pixels. If you specify auto, Elastic Transcoder uses 1080 (Full HD) as the default value. If you specify a numeric value, enter an even integer between 32 and 3072, inclusive. */ maxHeight?: pulumi.Input; /** * The maximum width of thumbnails, in pixels. If you specify auto, Elastic Transcoder uses 1920 (Full HD) as the default value. If you specify a numeric value, enter an even integer between 32 and 4096, inclusive. */ maxWidth?: pulumi.Input; /** * When you set PaddingPolicy to Pad, Elastic Transcoder might add black bars to the top and bottom and/or left and right sides of thumbnails to make the total size of the thumbnails match the values that you specified for thumbnail MaxWidth and MaxHeight settings. */ paddingPolicy?: pulumi.Input; /** * The width and height of thumbnail files in pixels, in the format WidthxHeight, where both values are even integers. The values cannot exceed the width and height that you specified in the Video:Resolution object. (To better control resolution and aspect ratio of thumbnails, we recommend that you use the thumbnail values `maxWidth`, `maxHeight`, `sizingPolicy`, and `paddingPolicy` instead of `resolution` and `aspectRatio`. The two groups of settings are mutually exclusive. Do not use them together) */ resolution?: pulumi.Input; /** * A value that controls scaling of thumbnails. Valid values are: `Fit`, `Fill`, `Stretch`, `Keep`, `ShrinkToFit`, and `ShrinkToFill`. */ sizingPolicy?: pulumi.Input; } export interface PresetVideo { /** * The display aspect ratio of the video in the output file. Valid values are: `auto`, `1:1`, `4:3`, `3:2`, `16:9`. (Note; to better control resolution and aspect ratio of output videos, we recommend that you use the values `maxWidth`, `maxHeight`, `sizingPolicy`, `paddingPolicy`, and `displayAspectRatio` instead of `resolution` and `aspectRatio`.) */ aspectRatio?: pulumi.Input; /** * The bit rate of the video stream in the output file, in kilobits/second. You can configure variable bit rate or constant bit rate encoding. */ bitRate?: pulumi.Input; /** * The video codec for the output file. Valid values are `gif`, `H.264`, `mpeg2`, `vp8`, and `vp9`. */ codec?: pulumi.Input; /** * The value that Elastic Transcoder adds to the metadata in the output file. If you set DisplayAspectRatio to auto, Elastic Transcoder chooses an aspect ratio that ensures square pixels. If you specify another option, Elastic Transcoder sets that value in the output file. */ displayAspectRatio?: pulumi.Input; /** * Whether to use a fixed value for Video:FixedGOP. Not applicable for containers of type gif. Valid values are true and false. Also known as, Fixed Number of Frames Between Keyframes. */ fixedGop?: pulumi.Input; /** * The frames per second for the video stream in the output file. The following values are valid: `auto`, `10`, `15`, `23.97`, `24`, `25`, `29.97`, `30`, `50`, `60`. */ frameRate?: pulumi.Input; /** * The maximum number of frames between key frames. Not applicable for containers of type gif. */ keyframesMaxDist?: pulumi.Input; /** * If you specify auto for FrameRate, Elastic Transcoder uses the frame rate of the input video for the frame rate of the output video, up to the maximum frame rate. If you do not specify a MaxFrameRate, Elastic Transcoder will use a default of 30. */ maxFrameRate?: pulumi.Input; /** * The maximum height of the output video in pixels. If you specify auto, Elastic Transcoder uses 1080 (Full HD) as the default value. If you specify a numeric value, enter an even integer between 96 and 3072, inclusive. */ maxHeight?: pulumi.Input; /** * The maximum width of the output video in pixels. If you specify auto, Elastic Transcoder uses 1920 (Full HD) as the default value. If you specify a numeric value, enter an even integer between 128 and 4096, inclusive. */ maxWidth?: pulumi.Input; /** * When you set PaddingPolicy to Pad, Elastic Transcoder might add black bars to the top and bottom and/or left and right sides of the output video to make the total size of the output video match the values that you specified for `maxWidth` and `maxHeight`. */ paddingPolicy?: pulumi.Input; /** * The width and height of the video in the output file, in pixels. Valid values are `auto` and `widthxheight`. (see note for `aspectRatio`) */ resolution?: pulumi.Input; /** * A value that controls scaling of the output video. Valid values are: `Fit`, `Fill`, `Stretch`, `Keep`, `ShrinkToFit`, `ShrinkToFill`. */ sizingPolicy?: pulumi.Input; } export interface PresetVideoWatermark { /** * The horizontal position of the watermark unless you specify a nonzero value for `horzontalOffset`. */ horizontalAlign?: pulumi.Input; /** * The amount by which you want the horizontal position of the watermark to be offset from the position specified by `horizontalAlign`. */ horizontalOffset?: pulumi.Input; /** * A unique identifier for the settings for one watermark. The value of Id can be up to 40 characters long. You can specify settings for up to four watermarks. */ id?: pulumi.Input; /** * The maximum height of the watermark. */ maxHeight?: pulumi.Input; /** * The maximum width of the watermark. */ maxWidth?: pulumi.Input; /** * A percentage that indicates how much you want a watermark to obscure the video in the location where it appears. */ opacity?: pulumi.Input; /** * A value that controls scaling of the watermark. Valid values are: `Fit`, `Stretch`, `ShrinkToFit` */ sizingPolicy?: pulumi.Input; /** * A value that determines how Elastic Transcoder interprets values that you specified for `video_watermarks.horizontal_offset`, `video_watermarks.vertical_offset`, `video_watermarks.max_width`, and `video_watermarks.max_height`. Valid values are `Content` and `Frame`. */ target?: pulumi.Input; /** * The vertical position of the watermark unless you specify a nonzero value for `verticalAlign`. Valid values are `Top`, `Bottom`, `Center`. */ verticalAlign?: pulumi.Input; /** * The amount by which you want the vertical position of the watermark to be offset from the position specified by `verticalAlign` */ verticalOffset?: pulumi.Input; } } export namespace elb { export interface LoadBalancerAccessLogs { /** * The S3 bucket name to store the logs in. */ bucket: pulumi.Input; /** * The S3 bucket prefix. Logs are stored in the root if not configured. */ bucketPrefix?: pulumi.Input; /** * Boolean to enable / disable `accessLogs`. Default is `true` */ enabled?: pulumi.Input; /** * The publishing interval in minutes. Valid values: `5` and `60`. Default: `60` */ interval?: pulumi.Input; } export interface LoadBalancerHealthCheck { /** * The number of checks before the instance is declared healthy. */ healthyThreshold: pulumi.Input; /** * The interval between checks. */ interval: pulumi.Input; /** * The target of the check. Valid pattern is "${PROTOCOL}:${PORT}${PATH}", where PROTOCOL * values are: */ target: pulumi.Input; /** * The length of time before the check times out. */ timeout: pulumi.Input; /** * The number of checks before the instance is declared unhealthy. */ unhealthyThreshold: pulumi.Input; } export interface LoadBalancerListener { /** * The port on the instance to route to */ instancePort: pulumi.Input; /** * The protocol to use to the instance. Valid * values are `HTTP`, `HTTPS`, `TCP`, or `SSL` */ instanceProtocol: pulumi.Input; /** * The port to listen on for the load balancer */ lbPort: pulumi.Input; /** * The protocol to listen on. Valid values are `HTTP`, * `HTTPS`, `TCP`, or `SSL` */ lbProtocol: pulumi.Input; /** * The ARN of an SSL certificate you have * uploaded to AWS IAM. **Note ECDSA-specific restrictions below. Only valid when `lbProtocol` is either HTTPS or SSL** */ sslCertificateId?: pulumi.Input; } export interface LoadBalancerPolicyPolicyAttribute { name?: pulumi.Input; value?: pulumi.Input; } export interface SslNegotiationPolicyAttribute { /** * The name of the attribute */ name: pulumi.Input; /** * The value of the attribute */ value: pulumi.Input; } } export namespace emr { export interface BlockPublicAccessConfigurationPermittedPublicSecurityGroupRuleRange { /** * The final port in the range of TCP ports. */ maxRange: pulumi.Input; /** * The first port in the range of TCP ports. */ minRange: pulumi.Input; } export interface ClusterAutoTerminationPolicy { /** * Specifies the amount of idle time in seconds after which the cluster automatically terminates. You can specify a minimum of `60` seconds and a maximum of `604800` seconds (seven days). */ idleTimeout?: pulumi.Input; } export interface ClusterBootstrapAction { /** * List of command line arguments to pass to the bootstrap action script. */ args?: pulumi.Input[]>; /** * Name of the bootstrap action. */ name: pulumi.Input; /** * Location of the script to run during a bootstrap action. Can be either a location in Amazon S3 or on a local file system. */ path: pulumi.Input; } export interface ClusterCoreInstanceFleet { /** * ID of the cluster. */ id?: pulumi.Input; /** * Configuration block for instance fleet. */ instanceTypeConfigs?: pulumi.Input[]>; /** * Configuration block for launch specification. */ launchSpecifications?: pulumi.Input; /** * Friendly name given to the instance fleet. */ name?: pulumi.Input; provisionedOnDemandCapacity?: pulumi.Input; provisionedSpotCapacity?: pulumi.Input; /** * The target capacity of On-Demand units for the instance fleet, which determines how many On-Demand instances to provision. */ targetOnDemandCapacity?: pulumi.Input; /** * Target capacity of Spot units for the instance fleet, which determines how many Spot instances to provision. */ targetSpotCapacity?: pulumi.Input; } export interface ClusterCoreInstanceFleetInstanceTypeConfig { /** * Bid price for each EC2 Spot instance type as defined by `instanceType`. Expressed in USD. If neither `bidPrice` nor `bidPriceAsPercentageOfOnDemandPrice` is provided, `bidPriceAsPercentageOfOnDemandPrice` defaults to 100%. */ bidPrice?: pulumi.Input; /** * Bid price, as a percentage of On-Demand price, for each EC2 Spot instance as defined by `instanceType`. Expressed as a number (for example, 20 specifies 20%). If neither `bidPrice` nor `bidPriceAsPercentageOfOnDemandPrice` is provided, `bidPriceAsPercentageOfOnDemandPrice` defaults to 100%. */ bidPriceAsPercentageOfOnDemandPrice?: pulumi.Input; /** * Configuration classification that applies when provisioning cluster instances, which can include configurations for applications and software that run on the cluster. List of `configuration` blocks. */ configurations?: pulumi.Input[]>; /** * Configuration block(s) for EBS volumes attached to each instance in the instance group. Detailed below. */ ebsConfigs?: pulumi.Input[]>; /** * EC2 instance type, such as m4.xlarge. */ instanceType: pulumi.Input; /** * Number of units that a provisioned instance of this type provides toward fulfilling the target capacities defined in `aws.emr.InstanceFleet`. */ weightedCapacity?: pulumi.Input; } export interface ClusterCoreInstanceFleetInstanceTypeConfigConfiguration { /** * Classification within a configuration. */ classification?: pulumi.Input; /** * Map of properties specified within a configuration classification. */ properties?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface ClusterCoreInstanceFleetInstanceTypeConfigEbsConfig { /** * Number of I/O operations per second (IOPS) that the volume supports. */ iops?: pulumi.Input; /** * Volume size, in gibibytes (GiB). */ size: pulumi.Input; /** * Volume type. Valid options are `gp3`, `gp2`, `io1`, `standard`, `st1` and `sc1`. See [EBS Volume Types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html). */ type: pulumi.Input; /** * Number of EBS volumes with this configuration to attach to each EC2 instance in the instance group (default is 1). */ volumesPerInstance?: pulumi.Input; } export interface ClusterCoreInstanceFleetLaunchSpecifications { /** * Configuration block for on demand instances launch specifications. */ onDemandSpecifications?: pulumi.Input[]>; /** * Configuration block for spot instances launch specifications. */ spotSpecifications?: pulumi.Input[]>; } export interface ClusterCoreInstanceFleetLaunchSpecificationsOnDemandSpecification { /** * Specifies the strategy to use in launching On-Demand instance fleets. Currently, the only option is `lowest-price` (the default), which launches the lowest price first. */ allocationStrategy: pulumi.Input; } export interface ClusterCoreInstanceFleetLaunchSpecificationsSpotSpecification { /** * Specifies the strategy to use in launching Spot instance fleets. Valid values include `capacity-optimized`, `diversified`, `lowest-price`, `price-capacity-optimized`. See the [AWS documentation](https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-instance-fleet.html#emr-instance-fleet-allocation-strategy) for details on each strategy type. */ allocationStrategy: pulumi.Input; /** * Defined duration for Spot instances (also known as Spot blocks) in minutes. When specified, the Spot instance does not terminate before the defined duration expires, and defined duration pricing for Spot instances applies. Valid values are 60, 120, 180, 240, 300, or 360. The duration period starts as soon as a Spot instance receives its instance ID. At the end of the duration, Amazon EC2 marks the Spot instance for termination and provides a Spot instance termination notice, which gives the instance a two-minute warning before it terminates. */ blockDurationMinutes?: pulumi.Input; /** * Action to take when TargetSpotCapacity has not been fulfilled when the TimeoutDurationMinutes has expired; that is, when all Spot instances could not be provisioned within the Spot provisioning timeout. Valid values are `TERMINATE_CLUSTER` and `SWITCH_TO_ON_DEMAND`. SWITCH_TO_ON_DEMAND specifies that if no Spot instances are available, On-Demand Instances should be provisioned to fulfill any remaining Spot capacity. */ timeoutAction: pulumi.Input; /** * Spot provisioning timeout period in minutes. If Spot instances are not provisioned within this time period, the TimeOutAction is taken. Minimum value is 5 and maximum value is 1440. The timeout applies only during initial provisioning, when the cluster is first created. */ timeoutDurationMinutes: pulumi.Input; } export interface ClusterCoreInstanceGroup { /** * String containing the [EMR Auto Scaling Policy](https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-automatic-scaling.html) JSON. */ autoscalingPolicy?: pulumi.Input; /** * Bid price for each EC2 instance in the instance group, expressed in USD. By setting this attribute, the instance group is being declared as a Spot Instance, and will implicitly create a Spot request. Leave this blank to use On-Demand Instances. */ bidPrice?: pulumi.Input; /** * Configuration block(s) for EBS volumes attached to each instance in the instance group. Detailed below. */ ebsConfigs?: pulumi.Input[]>; /** * Core node type Instance Group ID, if using Instance Group for this node type. */ id?: pulumi.Input; /** * Target number of instances for the instance group. Must be at least 1. Defaults to 1. */ instanceCount?: pulumi.Input; /** * EC2 instance type for all instances in the instance group. */ instanceType: pulumi.Input; /** * Friendly name given to the instance group. */ name?: pulumi.Input; } export interface ClusterCoreInstanceGroupEbsConfig { /** * Number of I/O operations per second (IOPS) that the volume supports. */ iops?: pulumi.Input; /** * Volume size, in gibibytes (GiB). */ size: pulumi.Input; /** * The throughput, in mebibyte per second (MiB/s). */ throughput?: pulumi.Input; /** * Volume type. Valid options are `gp3`, `gp2`, `io1`, `standard`, `st1` and `sc1`. See [EBS Volume Types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html). */ type: pulumi.Input; /** * Number of EBS volumes with this configuration to attach to each EC2 instance in the instance group (default is 1). */ volumesPerInstance?: pulumi.Input; } export interface ClusterEc2Attributes { /** * String containing a comma separated list of additional Amazon EC2 security group IDs for the master node. */ additionalMasterSecurityGroups?: pulumi.Input; /** * String containing a comma separated list of additional Amazon EC2 security group IDs for the slave nodes as a comma separated string. */ additionalSlaveSecurityGroups?: pulumi.Input; /** * Identifier of the Amazon EC2 EMR-Managed security group for the master node. */ emrManagedMasterSecurityGroup?: pulumi.Input; /** * Identifier of the Amazon EC2 EMR-Managed security group for the slave nodes. */ emrManagedSlaveSecurityGroup?: pulumi.Input; /** * Instance Profile for EC2 instances of the cluster assume this role. */ instanceProfile: pulumi.Input; /** * Amazon EC2 key pair that can be used to ssh to the master node as the user called `hadoop`. */ keyName?: pulumi.Input; /** * Identifier of the Amazon EC2 service-access security group - required when the cluster runs on a private subnet. */ serviceAccessSecurityGroup?: pulumi.Input; /** * VPC subnet id where you want the job flow to launch. Cannot specify the `cc1.4xlarge` instance type for nodes of a job flow launched in an Amazon VPC. */ subnetId?: pulumi.Input; /** * List of VPC subnet id-s where you want the job flow to launch. Amazon EMR identifies the best Availability Zone to launch instances according to your fleet specifications. * * > **NOTE on EMR-Managed security groups:** These security groups will have any missing inbound or outbound access rules added and maintained by AWS, to ensure proper communication between instances in a cluster. The EMR service will maintain these rules for groups provided in `emrManagedMasterSecurityGroup` and `emrManagedSlaveSecurityGroup`; attempts to remove the required rules may succeed, only for the EMR service to re-add them in a matter of minutes. This may cause this provider to fail to destroy an environment that contains an EMR cluster, because the EMR service does not revoke rules added on deletion, leaving a cyclic dependency between the security groups that prevents their deletion. To avoid this, use the `revokeRulesOnDelete` optional attribute for any Security Group used in `emrManagedMasterSecurityGroup` and `emrManagedSlaveSecurityGroup`. See [Amazon EMR-Managed Security Groups](http://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-man-sec-groups.html) for more information about the EMR-managed security group rules. */ subnetIds?: pulumi.Input[]>; } export interface ClusterKerberosAttributes { /** * Active Directory password for `adDomainJoinUser`. This provider cannot perform drift detection of this configuration. */ adDomainJoinPassword?: pulumi.Input; /** * Required only when establishing a cross-realm trust with an Active Directory domain. A user with sufficient privileges to join resources to the domain. This provider cannot perform drift detection of this configuration. */ adDomainJoinUser?: pulumi.Input; /** * Required only when establishing a cross-realm trust with a KDC in a different realm. The cross-realm principal password, which must be identical across realms. This provider cannot perform drift detection of this configuration. */ crossRealmTrustPrincipalPassword?: pulumi.Input; /** * Password used within the cluster for the kadmin service on the cluster-dedicated KDC, which maintains Kerberos principals, password policies, and keytabs for the cluster. This provider cannot perform drift detection of this configuration. */ kdcAdminPassword: pulumi.Input; /** * Name of the Kerberos realm to which all nodes in a cluster belong. For example, `EC2.INTERNAL` */ realm: pulumi.Input; } export interface ClusterMasterInstanceFleet { /** * ID of the cluster. */ id?: pulumi.Input; /** * Configuration block for instance fleet. */ instanceTypeConfigs?: pulumi.Input[]>; /** * Configuration block for launch specification. */ launchSpecifications?: pulumi.Input; /** * Friendly name given to the instance fleet. */ name?: pulumi.Input; provisionedOnDemandCapacity?: pulumi.Input; provisionedSpotCapacity?: pulumi.Input; /** * Target capacity of On-Demand units for the instance fleet, which determines how many On-Demand instances to provision. */ targetOnDemandCapacity?: pulumi.Input; /** * Target capacity of Spot units for the instance fleet, which determines how many Spot instances to provision. */ targetSpotCapacity?: pulumi.Input; } export interface ClusterMasterInstanceFleetInstanceTypeConfig { /** * Bid price for each EC2 Spot instance type as defined by `instanceType`. Expressed in USD. If neither `bidPrice` nor `bidPriceAsPercentageOfOnDemandPrice` is provided, `bidPriceAsPercentageOfOnDemandPrice` defaults to 100%. */ bidPrice?: pulumi.Input; /** * Bid price, as a percentage of On-Demand price, for each EC2 Spot instance as defined by `instanceType`. Expressed as a number (for example, 20 specifies 20%). If neither `bidPrice` nor `bidPriceAsPercentageOfOnDemandPrice` is provided, `bidPriceAsPercentageOfOnDemandPrice` defaults to 100%. */ bidPriceAsPercentageOfOnDemandPrice?: pulumi.Input; /** * Configuration classification that applies when provisioning cluster instances, which can include configurations for applications and software that run on the cluster. List of `configuration` blocks. */ configurations?: pulumi.Input[]>; /** * Configuration block(s) for EBS volumes attached to each instance in the instance group. Detailed below. */ ebsConfigs?: pulumi.Input[]>; /** * EC2 instance type, such as m4.xlarge. */ instanceType: pulumi.Input; /** * Number of units that a provisioned instance of this type provides toward fulfilling the target capacities defined in `aws.emr.InstanceFleet`. */ weightedCapacity?: pulumi.Input; } export interface ClusterMasterInstanceFleetInstanceTypeConfigConfiguration { /** * Classification within a configuration. */ classification?: pulumi.Input; /** * Map of properties specified within a configuration classification. */ properties?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface ClusterMasterInstanceFleetInstanceTypeConfigEbsConfig { /** * Number of I/O operations per second (IOPS) that the volume supports. */ iops?: pulumi.Input; /** * Volume size, in gibibytes (GiB). */ size: pulumi.Input; /** * Volume type. Valid options are `gp3`, `gp2`, `io1`, `standard`, `st1` and `sc1`. See [EBS Volume Types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html). */ type: pulumi.Input; /** * Number of EBS volumes with this configuration to attach to each EC2 instance in the instance group (default is 1). */ volumesPerInstance?: pulumi.Input; } export interface ClusterMasterInstanceFleetLaunchSpecifications { /** * Configuration block for on demand instances launch specifications. */ onDemandSpecifications?: pulumi.Input[]>; /** * Configuration block for spot instances launch specifications. */ spotSpecifications?: pulumi.Input[]>; } export interface ClusterMasterInstanceFleetLaunchSpecificationsOnDemandSpecification { /** * Specifies the strategy to use in launching On-Demand instance fleets. Currently, the only option is `lowest-price` (the default), which launches the lowest price first. */ allocationStrategy: pulumi.Input; } export interface ClusterMasterInstanceFleetLaunchSpecificationsSpotSpecification { /** * Specifies the strategy to use in launching Spot instance fleets. Valid values include `capacity-optimized`, `diversified`, `lowest-price`, `price-capacity-optimized`. See the [AWS documentation](https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-instance-fleet.html#emr-instance-fleet-allocation-strategy) for details on each strategy type. */ allocationStrategy: pulumi.Input; /** * Defined duration for Spot instances (also known as Spot blocks) in minutes. When specified, the Spot instance does not terminate before the defined duration expires, and defined duration pricing for Spot instances applies. Valid values are 60, 120, 180, 240, 300, or 360. The duration period starts as soon as a Spot instance receives its instance ID. At the end of the duration, Amazon EC2 marks the Spot instance for termination and provides a Spot instance termination notice, which gives the instance a two-minute warning before it terminates. */ blockDurationMinutes?: pulumi.Input; /** * Action to take when TargetSpotCapacity has not been fulfilled when the TimeoutDurationMinutes has expired; that is, when all Spot instances could not be provisioned within the Spot provisioning timeout. Valid values are `TERMINATE_CLUSTER` and `SWITCH_TO_ON_DEMAND`. SWITCH_TO_ON_DEMAND specifies that if no Spot instances are available, On-Demand Instances should be provisioned to fulfill any remaining Spot capacity. */ timeoutAction: pulumi.Input; /** * Spot provisioning timeout period in minutes. If Spot instances are not provisioned within this time period, the TimeOutAction is taken. Minimum value is 5 and maximum value is 1440. The timeout applies only during initial provisioning, when the cluster is first created. */ timeoutDurationMinutes: pulumi.Input; } export interface ClusterMasterInstanceGroup { /** * Bid price for each EC2 instance in the instance group, expressed in USD. By setting this attribute, the instance group is being declared as a Spot Instance, and will implicitly create a Spot request. Leave this blank to use On-Demand Instances. */ bidPrice?: pulumi.Input; /** * Configuration block(s) for EBS volumes attached to each instance in the instance group. Detailed below. */ ebsConfigs?: pulumi.Input[]>; /** * Master node type Instance Group ID, if using Instance Group for this node type. */ id?: pulumi.Input; /** * Target number of instances for the instance group. Must be 1 or 3. Defaults to 1. Launching with multiple master nodes is only supported in EMR version 5.23.0+, and requires this resource's `coreInstanceGroup` to be configured. Public (Internet accessible) instances must be created in VPC subnets that have map public IP on launch enabled. Termination protection is automatically enabled when launched with multiple master nodes and this provider must have the `terminationProtection = false` configuration applied before destroying this resource. */ instanceCount?: pulumi.Input; /** * EC2 instance type for all instances in the instance group. */ instanceType: pulumi.Input; /** * Friendly name given to the instance group. */ name?: pulumi.Input; } export interface ClusterMasterInstanceGroupEbsConfig { /** * Number of I/O operations per second (IOPS) that the volume supports. */ iops?: pulumi.Input; /** * Volume size, in gibibytes (GiB). */ size: pulumi.Input; /** * The throughput, in mebibyte per second (MiB/s). */ throughput?: pulumi.Input; /** * Volume type. Valid options are `gp3`, `gp2`, `io1`, `standard`, `st1` and `sc1`. See [EBS Volume Types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html). */ type: pulumi.Input; /** * Number of EBS volumes with this configuration to attach to each EC2 instance in the instance group (default is 1). */ volumesPerInstance?: pulumi.Input; } export interface ClusterPlacementGroupConfig { /** * Role of the instance in the cluster. Valid Values: `MASTER`, `CORE`, `TASK`. */ instanceRole: pulumi.Input; /** * EC2 Placement Group strategy associated with instance role. Valid Values: `SPREAD`, `PARTITION`, `CLUSTER`, `NONE`. */ placementStrategy?: pulumi.Input; } export interface ClusterStep { /** * Action to take if the step fails. Valid values: `TERMINATE_JOB_FLOW`, `TERMINATE_CLUSTER`, `CANCEL_AND_WAIT`, and `CONTINUE` */ actionOnFailure: pulumi.Input; /** * JAR file used for the step. See below. */ hadoopJarStep: pulumi.Input; /** * Name of the step. */ name: pulumi.Input; } export interface ClusterStepHadoopJarStep { /** * List of command line arguments passed to the JAR file's main function when executed. */ args?: pulumi.Input[]>; /** * Path to a JAR file run during the step. */ jar: pulumi.Input; /** * Name of the main class in the specified Java file. If not specified, the JAR file should specify a Main-Class in its manifest file. */ mainClass?: pulumi.Input; /** * Key-Value map of Java properties that are set when the step runs. You can use these properties to pass key value pairs to your main function. */ properties?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface GetReleaseLabelsFilters { /** * Optional release label application filter. For example, `Spark@2.1.0` or `Spark`. */ application?: string; /** * Optional release label version prefix filter. For example, `emr-5`. */ prefix?: string; } export interface GetReleaseLabelsFiltersArgs { /** * Optional release label application filter. For example, `Spark@2.1.0` or `Spark`. */ application?: pulumi.Input; /** * Optional release label version prefix filter. For example, `emr-5`. */ prefix?: pulumi.Input; } export interface GetSupportedInstanceTypesSupportedInstanceType { /** * CPU architecture. */ architecture?: string; /** * Indicates whether the instance type supports Amazon EBS optimization. */ ebsOptimizedAvailable?: boolean; /** * Indicates whether the instance type uses Amazon EBS optimization by default. */ ebsOptimizedByDefault?: boolean; /** * Indicates whether the instance type only supports Amazon EBS. */ ebsStorageOnly?: boolean; /** * The Amazon EC2 family and generation for the instance type. */ instanceFamilyId?: string; /** * Indicates whether the instance type only supports 64-bit architecture. */ is64BitsOnly?: boolean; /** * Memory that is available to Amazon EMR from the instance type. */ memoryGb?: number; /** * Number of disks for the instance type. */ numberOfDisks?: number; /** * Storage capacity of the instance type. */ storageGb?: number; /** * Amazon EC2 instance type. For example, `m5.xlarge`. */ type?: string; /** * The number of vCPUs available for the instance type. */ vcpu?: number; } export interface GetSupportedInstanceTypesSupportedInstanceTypeArgs { /** * CPU architecture. */ architecture?: pulumi.Input; /** * Indicates whether the instance type supports Amazon EBS optimization. */ ebsOptimizedAvailable?: pulumi.Input; /** * Indicates whether the instance type uses Amazon EBS optimization by default. */ ebsOptimizedByDefault?: pulumi.Input; /** * Indicates whether the instance type only supports Amazon EBS. */ ebsStorageOnly?: pulumi.Input; /** * The Amazon EC2 family and generation for the instance type. */ instanceFamilyId?: pulumi.Input; /** * Indicates whether the instance type only supports 64-bit architecture. */ is64BitsOnly?: pulumi.Input; /** * Memory that is available to Amazon EMR from the instance type. */ memoryGb?: pulumi.Input; /** * Number of disks for the instance type. */ numberOfDisks?: pulumi.Input; /** * Storage capacity of the instance type. */ storageGb?: pulumi.Input; /** * Amazon EC2 instance type. For example, `m5.xlarge`. */ type?: pulumi.Input; /** * The number of vCPUs available for the instance type. */ vcpu?: pulumi.Input; } export interface InstanceFleetInstanceTypeConfig { /** * The bid price for each EC2 Spot instance type as defined by `instanceType`. Expressed in USD. If neither `bidPrice` nor `bidPriceAsPercentageOfOnDemandPrice` is provided, `bidPriceAsPercentageOfOnDemandPrice` defaults to 100%. */ bidPrice?: pulumi.Input; /** * The bid price, as a percentage of On-Demand price, for each EC2 Spot instance as defined by `instanceType`. Expressed as a number (for example, 20 specifies 20%). If neither `bidPrice` nor `bidPriceAsPercentageOfOnDemandPrice` is provided, `bidPriceAsPercentageOfOnDemandPrice` defaults to 100%. */ bidPriceAsPercentageOfOnDemandPrice?: pulumi.Input; /** * A configuration classification that applies when provisioning cluster instances, which can include configurations for applications and software that run on the cluster. List of `configuration` blocks. */ configurations?: pulumi.Input[]>; /** * Configuration block(s) for EBS volumes attached to each instance in the instance group. Detailed below. */ ebsConfigs?: pulumi.Input[]>; /** * An EC2 instance type, such as m4.xlarge. */ instanceType: pulumi.Input; /** * The number of units that a provisioned instance of this type provides toward fulfilling the target capacities defined in `aws.emr.InstanceFleet`. */ weightedCapacity?: pulumi.Input; } export interface InstanceFleetInstanceTypeConfigConfiguration { /** * The classification within a configuration. */ classification?: pulumi.Input; /** * A map of properties specified within a configuration classification */ properties?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface InstanceFleetInstanceTypeConfigEbsConfig { /** * The number of I/O operations per second (IOPS) that the volume supports */ iops?: pulumi.Input; /** * The volume size, in gibibytes (GiB). */ size: pulumi.Input; /** * The volume type. Valid options are `gp2`, `io1`, `standard` and `st1`. See [EBS Volume Types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html). */ type: pulumi.Input; /** * The number of EBS volumes with this configuration to attach to each EC2 instance in the instance group (default is 1) */ volumesPerInstance?: pulumi.Input; } export interface InstanceFleetLaunchSpecifications { /** * Configuration block for on demand instances launch specifications */ onDemandSpecifications?: pulumi.Input[]>; /** * Configuration block for spot instances launch specifications */ spotSpecifications?: pulumi.Input[]>; } export interface InstanceFleetLaunchSpecificationsOnDemandSpecification { /** * Specifies one of the following strategies to launch Spot Instance fleets: `price-capacity-optimized`, `capacity-optimized`, `lowest-price`, or `diversified`. For more information on the provisioning strategies, see [Allocation strategies for Spot Instances](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet-allocation-strategy.html). */ allocationStrategy: pulumi.Input; } export interface InstanceFleetLaunchSpecificationsSpotSpecification { /** * Specifies one of the following strategies to launch Spot Instance fleets: `price-capacity-optimized`, `capacity-optimized`, `lowest-price`, or `diversified`. For more information on the provisioning strategies, see [Allocation strategies for Spot Instances](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet-allocation-strategy.html). */ allocationStrategy: pulumi.Input; /** * The defined duration for Spot instances (also known as Spot blocks) in minutes. When specified, the Spot instance does not terminate before the defined duration expires, and defined duration pricing for Spot instances applies. Valid values are 60, 120, 180, 240, 300, or 360. The duration period starts as soon as a Spot instance receives its instance ID. At the end of the duration, Amazon EC2 marks the Spot instance for termination and provides a Spot instance termination notice, which gives the instance a two-minute warning before it terminates. */ blockDurationMinutes?: pulumi.Input; /** * The action to take when TargetSpotCapacity has not been fulfilled when the TimeoutDurationMinutes has expired; that is, when all Spot instances could not be provisioned within the Spot provisioning timeout. Valid values are `TERMINATE_CLUSTER` and `SWITCH_TO_ON_DEMAND`. SWITCH_TO_ON_DEMAND specifies that if no Spot instances are available, On-Demand Instances should be provisioned to fulfill any remaining Spot capacity. */ timeoutAction: pulumi.Input; /** * The spot provisioning timeout period in minutes. If Spot instances are not provisioned within this time period, the TimeOutAction is taken. Minimum value is 5 and maximum value is 1440. The timeout applies only during initial provisioning, when the cluster is first created. */ timeoutDurationMinutes: pulumi.Input; } export interface InstanceGroupEbsConfig { /** * The number of I/O operations per second (IOPS) that the volume supports. */ iops?: pulumi.Input; /** * The volume size, in gibibytes (GiB). This can be a number from 1 - 1024. If the volume type is EBS-optimized, the minimum value is 10. */ size: pulumi.Input; /** * The volume type. Valid options are 'gp2', 'io1' and 'standard'. */ type: pulumi.Input; /** * The number of EBS Volumes to attach per instance. */ volumesPerInstance?: pulumi.Input; } export interface ManagedScalingPolicyComputeLimit { /** * The upper boundary of EC2 units. It is measured through VCPU cores or instances for instance groups and measured through units for instance fleets. Managed scaling activities are not allowed beyond this boundary. The limit only applies to the core and task nodes. The master node cannot be scaled after initial configuration. */ maximumCapacityUnits: pulumi.Input; /** * The upper boundary of EC2 units for core node type in a cluster. It is measured through VCPU cores or instances for instance groups and measured through units for instance fleets. The core units are not allowed to scale beyond this boundary. The parameter is used to split capacity allocation between core and task nodes. */ maximumCoreCapacityUnits?: pulumi.Input; /** * The upper boundary of On-Demand EC2 units. It is measured through VCPU cores or instances for instance groups and measured through units for instance fleets. The On-Demand units are not allowed to scale beyond this boundary. The parameter is used to split capacity allocation between On-Demand and Spot instances. */ maximumOndemandCapacityUnits?: pulumi.Input; /** * The lower boundary of EC2 units. It is measured through VCPU cores or instances for instance groups and measured through units for instance fleets. Managed scaling activities are not allowed beyond this boundary. The limit only applies to the core and task nodes. The master node cannot be scaled after initial configuration. */ minimumCapacityUnits: pulumi.Input; /** * The unit type used for specifying a managed scaling policy. Valid Values: `InstanceFleetUnits` | `Instances` | `VCPU` */ unitType: pulumi.Input; } } export namespace emrcontainers { export interface JobTemplateJobTemplateData { /** * The configuration settings that are used to override defaults configuration. */ configurationOverrides?: pulumi.Input; /** * The execution role ARN of the job run. */ executionRoleArn: pulumi.Input; /** * Specify the driver that the job runs on. Exactly one of the two available job drivers is required, either sparkSqlJobDriver or sparkSubmitJobDriver. */ jobDriver: pulumi.Input; /** * The tags assigned to jobs started using the job template. */ jobTags?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * The release version of Amazon EMR. */ releaseLabel: pulumi.Input; } export interface JobTemplateJobTemplateDataConfigurationOverrides { /** * The configurations for the application running by the job run. */ applicationConfigurations?: pulumi.Input[]>; /** * The configurations for monitoring. */ monitoringConfiguration?: pulumi.Input; } export interface JobTemplateJobTemplateDataConfigurationOverridesApplicationConfiguration { /** * The classification within a configuration. */ classification: pulumi.Input; /** * A list of additional configurations to apply within a configuration object. */ configurations?: pulumi.Input[]>; /** * A set of properties specified within a configuration classification. */ properties?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface JobTemplateJobTemplateDataConfigurationOverridesApplicationConfigurationConfiguration { classification?: pulumi.Input; properties?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface JobTemplateJobTemplateDataConfigurationOverridesMonitoringConfiguration { /** * Monitoring configurations for CloudWatch. */ cloudWatchMonitoringConfiguration?: pulumi.Input; /** * Monitoring configurations for the persistent application UI. */ persistentAppUi?: pulumi.Input; /** * Amazon S3 configuration for monitoring log publishing. */ s3MonitoringConfiguration?: pulumi.Input; } export interface JobTemplateJobTemplateDataConfigurationOverridesMonitoringConfigurationCloudWatchMonitoringConfiguration { /** * The name of the log group for log publishing. */ logGroupName: pulumi.Input; /** * The specified name prefix for log streams. */ logStreamNamePrefix?: pulumi.Input; } export interface JobTemplateJobTemplateDataConfigurationOverridesMonitoringConfigurationS3MonitoringConfiguration { /** * Amazon S3 destination URI for log publishing. */ logUri: pulumi.Input; } export interface JobTemplateJobTemplateDataJobDriver { /** * The job driver for job type. */ sparkSqlJobDriver?: pulumi.Input; /** * The job driver parameters specified for spark submit. */ sparkSubmitJobDriver?: pulumi.Input; } export interface JobTemplateJobTemplateDataJobDriverSparkSqlJobDriver { /** * The SQL file to be executed. */ entryPoint?: pulumi.Input; /** * The Spark parameters to be included in the Spark SQL command. */ sparkSqlParameters?: pulumi.Input; } export interface JobTemplateJobTemplateDataJobDriverSparkSubmitJobDriver { /** * The entry point of job application. */ entryPoint: pulumi.Input; /** * The arguments for job application. */ entryPointArguments?: pulumi.Input[]>; /** * The Spark submit parameters that are used for job runs. */ sparkSubmitParameters?: pulumi.Input; } export interface VirtualClusterContainerProvider { /** * The name of the container provider that is running your EMR Containers cluster */ id: pulumi.Input; /** * Nested list containing information about the configuration of the container provider */ info: pulumi.Input; /** * The type of the container provider */ type: pulumi.Input; } export interface VirtualClusterContainerProviderInfo { /** * Nested list containing EKS-specific information about the cluster where the EMR Containers cluster is running */ eksInfo: pulumi.Input; } export interface VirtualClusterContainerProviderInfoEksInfo { namespace?: pulumi.Input; } } export namespace emrserverless { export interface ApplicationAutoStartConfiguration { /** * Enables the application to automatically start on job submission. Defaults to `true`. */ enabled?: pulumi.Input; } export interface ApplicationAutoStopConfiguration { /** * Enables the application to automatically stop after a certain amount of time being idle. Defaults to `true`. */ enabled?: pulumi.Input; /** * The amount of idle time in minutes after which your application will automatically stop. Defaults to `15` minutes. */ idleTimeoutMinutes?: pulumi.Input; } export interface ApplicationImageConfiguration { /** * The image URI. */ imageUri: pulumi.Input; } export interface ApplicationInitialCapacity { /** * The initial capacity configuration per worker. */ initialCapacityConfig?: pulumi.Input; /** * The worker type for an analytics framework. For Spark applications, the key can either be set to `Driver` or `Executor`. For Hive applications, it can be set to `HiveDriver` or `TezTask`. */ initialCapacityType: pulumi.Input; } export interface ApplicationInitialCapacityInitialCapacityConfig { /** * The resource configuration of the initial capacity configuration. */ workerConfiguration?: pulumi.Input; /** * The number of workers in the initial capacity configuration. */ workerCount: pulumi.Input; } export interface ApplicationInitialCapacityInitialCapacityConfigWorkerConfiguration { /** * The CPU requirements for every worker instance of the worker type. */ cpu: pulumi.Input; /** * The disk requirements for every worker instance of the worker type. */ disk?: pulumi.Input; /** * The memory requirements for every worker instance of the worker type. */ memory: pulumi.Input; } export interface ApplicationMaximumCapacity { /** * The maximum allowed CPU for an application. */ cpu: pulumi.Input; /** * The maximum allowed disk for an application. */ disk?: pulumi.Input; /** * The maximum allowed resources for an application. */ memory: pulumi.Input; } export interface ApplicationNetworkConfiguration { /** * The array of security group Ids for customer VPC connectivity. */ securityGroupIds?: pulumi.Input[]>; /** * The array of subnet Ids for customer VPC connectivity. */ subnetIds?: pulumi.Input[]>; } } export namespace evidently { export interface FeatureEvaluationRule { /** * The name for the new feature. Minimum length of `1`. Maximum length of `127`. */ name?: pulumi.Input; /** * This value is `aws.evidently.splits` if this is an evaluation rule for a launch, and it is `aws.evidently.onlineab` if this is an evaluation rule for an experiment. */ type?: pulumi.Input; } export interface FeatureVariation { /** * The name of the variation. Minimum length of `1`. Maximum length of `127`. */ name: pulumi.Input; /** * A block that specifies the value assigned to this variation. Detailed below */ value: pulumi.Input; } export interface FeatureVariationValue { /** * If this feature uses the Boolean variation type, this field contains the Boolean value of this variation. */ boolValue?: pulumi.Input; /** * If this feature uses the double integer variation type, this field contains the double integer value of this variation. */ doubleValue?: pulumi.Input; /** * If this feature uses the long variation type, this field contains the long value of this variation. Minimum value of `-9007199254740991`. Maximum value of `9007199254740991`. */ longValue?: pulumi.Input; /** * If this feature uses the string variation type, this field contains the string value of this variation. Minimum length of `0`. Maximum length of `512`. */ stringValue?: pulumi.Input; } export interface LaunchExecution { /** * The date and time that the launch ended. */ endedTime?: pulumi.Input; /** * The date and time that the launch started. */ startedTime?: pulumi.Input; } export interface LaunchGroup { /** * Specifies the description of the launch group. */ description?: pulumi.Input; /** * Specifies the name of the feature that the launch is using. */ feature: pulumi.Input; /** * Specifies the name of the lahnch group. */ name: pulumi.Input; /** * Specifies the feature variation to use for this launch group. */ variation: pulumi.Input; } export interface LaunchMetricMonitor { /** * A block that defines the metric. Detailed below. */ metricDefinition: pulumi.Input; } export interface LaunchMetricMonitorMetricDefinition { /** * Specifies the entity, such as a user or session, that does an action that causes a metric value to be recorded. An example is `userDetails.userID`. */ entityIdKey: pulumi.Input; /** * Specifies The EventBridge event pattern that defines how the metric is recorded. */ eventPattern?: pulumi.Input; /** * Specifies the name for the metric. */ name: pulumi.Input; /** * Specifies a label for the units that the metric is measuring. */ unitLabel?: pulumi.Input; /** * Specifies the value that is tracked to produce the metric. */ valueKey: pulumi.Input; } export interface LaunchScheduledSplitsConfig { /** * One or up to six blocks that define the traffic allocation percentages among the feature variations during each step of the launch. This also defines the start time of each step. Detailed below. */ steps: pulumi.Input[]>; } export interface LaunchScheduledSplitsConfigStep { /** * The traffic allocation percentages among the feature variations during one step of a launch. This is a set of key-value pairs. The keys are variation names. The values represent the percentage of traffic to allocate to that variation during this step. For more information, refer to the [AWS documentation for ScheduledSplitConfig groupWeights](https://docs.aws.amazon.com/cloudwatchevidently/latest/APIReference/API_ScheduledSplitConfig.html). */ groupWeights: pulumi.Input<{[key: string]: pulumi.Input}>; /** * One or up to six blocks that specify different traffic splits for one or more audience segments. A segment is a portion of your audience that share one or more characteristics. Examples could be Chrome browser users, users in Europe, or Firefox browser users in Europe who also fit other criteria that your application collects, such as age. Detailed below. */ segmentOverrides?: pulumi.Input[]>; /** * Specifies the date and time that this step of the launch starts. */ startTime: pulumi.Input; } export interface LaunchScheduledSplitsConfigStepSegmentOverride { /** * Specifies a number indicating the order to use to evaluate segment overrides, if there are more than one. Segment overrides with lower numbers are evaluated first. */ evaluationOrder: pulumi.Input; /** * The name or ARN of the segment to use. */ segment: pulumi.Input; /** * The traffic allocation percentages among the feature variations to assign to this segment. This is a set of key-value pairs. The keys are variation names. The values represent the amount of traffic to allocate to that variation for this segment. This is expressed in thousandths of a percent, so a weight of 50000 represents 50% of traffic. */ weights: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface ProjectDataDelivery { /** * A block that defines the CloudWatch Log Group that stores the evaluation events. See below. */ cloudwatchLogs?: pulumi.Input; /** * A block that defines the S3 bucket and prefix that stores the evaluation events. See below. */ s3Destination?: pulumi.Input; } export interface ProjectDataDeliveryCloudwatchLogs { /** * The name of the log group where the project stores evaluation events. */ logGroup?: pulumi.Input; } export interface ProjectDataDeliveryS3Destination { /** * The name of the bucket in which Evidently stores evaluation events. */ bucket?: pulumi.Input; /** * The bucket prefix in which Evidently stores evaluation events. */ prefix?: pulumi.Input; } } export namespace finspace { export interface KxClusterAutoScalingConfiguration { /** * Metric your cluster will track in order to scale in and out. For example, CPU_UTILIZATION_PERCENTAGE is the average CPU usage across all nodes in a cluster. */ autoScalingMetric: pulumi.Input; /** * Highest number of nodes to scale. Cannot be greater than 5 */ maxNodeCount: pulumi.Input; /** * Desired value of chosen `autoScalingMetric`. When metric drops below this value, cluster will scale in. When metric goes above this value, cluster will scale out. Can be set between 0 and 100 percent. */ metricTarget: pulumi.Input; /** * Lowest number of nodes to scale. Must be at least 1 and less than the `maxNodeCount`. If nodes in cluster belong to multiple availability zones, then `minNodeCount` must be at least 3. */ minNodeCount: pulumi.Input; /** * Duration in seconds that FinSpace will wait after a scale in event before initiating another scaling event. */ scaleInCooldownSeconds: pulumi.Input; /** * Duration in seconds that FinSpace will wait after a scale out event before initiating another scaling event. */ scaleOutCooldownSeconds: pulumi.Input; } export interface KxClusterCacheStorageConfiguration { size: pulumi.Input; /** * Type of KDB database. The following types are available: * * HDB - Historical Database. The data is only accessible with read-only permissions from one of the FinSpace managed KX databases mounted to the cluster. * * RDB - Realtime Database. This type of database captures all the data from a ticker plant and stores it in memory until the end of day, after which it writes all of its data to a disk and reloads the HDB. This cluster type requires local storage for temporary storage of data during the savedown process. If you specify this field in your request, you must provide the `savedownStorageConfiguration` parameter. * * GATEWAY - A gateway cluster allows you to access data across processes in kdb systems. It allows you to create your own routing logic using the initialization scripts and custom code. This type of cluster does not require a writable local storage. * * GP - A general purpose cluster allows you to quickly iterate on code during development by granting greater access to system commands and enabling a fast reload of custom code. This cluster type can optionally mount databases including cache and savedown storage. For this cluster type, the node count is fixed at 1. It does not support autoscaling and supports only `SINGLE` AZ mode. * * Tickerplant – A tickerplant cluster allows you to subscribe to feed handlers based on IAM permissions. It can publish to RDBs, other Tickerplants, and real-time subscribers (RTS). Tickerplants can persist messages to log, which is readable by any RDB environment. It supports only single-node that is only one kdb process. */ type: pulumi.Input; } export interface KxClusterCapacityConfiguration { /** * Number of instances running in a cluster. Must be at least 1 and at most 5. */ nodeCount: pulumi.Input; /** * Determines the hardware of the host computer used for your cluster instance. Each node type offers different memory and storage capabilities. Choose a node type based on the requirements of the application or software that you plan to run on your instance. * * You can only specify one of the following values: * * kx.s.large – The node type with a configuration of 12 GiB memory and 2 vCPUs. * * kx.s.xlarge – The node type with a configuration of 27 GiB memory and 4 vCPUs. * * kx.s.2xlarge – The node type with a configuration of 54 GiB memory and 8 vCPUs. * * kx.s.4xlarge – The node type with a configuration of 108 GiB memory and 16 vCPUs. * * kx.s.8xlarge – The node type with a configuration of 216 GiB memory and 32 vCPUs. * * kx.s.16xlarge – The node type with a configuration of 432 GiB memory and 64 vCPUs. * * kx.s.32xlarge – The node type with a configuration of 864 GiB memory and 128 vCPUs. */ nodeType: pulumi.Input; } export interface KxClusterCode { /** * Unique name for the S3 bucket. */ s3Bucket: pulumi.Input; /** * Full S3 path (excluding bucket) to the .zip file that contains the code to be loaded onto the cluster when it’s started. */ s3Key: pulumi.Input; /** * Version of an S3 Object. */ s3ObjectVersion?: pulumi.Input; } export interface KxClusterDatabase { /** * Configuration details for the disk cache to increase performance reading from a KX database mounted to the cluster. See cache_configurations. */ cacheConfigurations?: pulumi.Input[]>; /** * A unique identifier of the changeset that is associated with the cluster. */ changesetId?: pulumi.Input; /** * Name of the KX database. */ databaseName: pulumi.Input; /** * The name of the dataview to be used for caching historical data on disk. You cannot update to a different dataview name once a cluster is created. Use `lifecycle` `ignoreChanges` for database to prevent any undesirable behaviors. */ dataviewName?: pulumi.Input; } export interface KxClusterDatabaseCacheConfiguration { /** * Type of disk cache. */ cacheType: pulumi.Input; /** * Paths within the database to cache. */ dbPaths?: pulumi.Input[]>; } export interface KxClusterSavedownStorageConfiguration { /** * Size of temporary storage in gigabytes. Must be between 10 and 16000. */ size?: pulumi.Input; /** * Type of writeable storage space for temporarily storing your savedown data. The valid values are: * * SDS01 - This type represents 3000 IOPS and io2 ebs volume type. */ type?: pulumi.Input; /** * The name of the kdb volume that you want to use as writeable save-down storage for clusters. */ volumeName?: pulumi.Input; } export interface KxClusterScalingGroupConfiguration { /** * The number of vCPUs that you want to reserve for each node of this kdb cluster on the scaling group host. */ cpu?: pulumi.Input; /** * An optional hard limit on the amount of memory a kdb cluster can use. */ memoryLimit?: pulumi.Input; /** * A reservation of the minimum amount of memory that should be available on the scaling group for a kdb cluster to be successfully placed in a scaling group. */ memoryReservation: pulumi.Input; /** * The number of kdb cluster nodes. */ nodeCount: pulumi.Input; /** * A unique identifier for the kdb scaling group. */ scalingGroupName: pulumi.Input; } export interface KxClusterTickerplantLogConfiguration { tickerplantLogVolumes: pulumi.Input[]>; } export interface KxClusterVpcConfiguration { /** * IP address type for cluster network configuration parameters. The following type is available: IP_V4 - IP address version 4. */ ipAddressType: pulumi.Input; /** * Unique identifier of the VPC security group applied to the VPC endpoint ENI for the cluster. * * `subnetIds `- (Required) Identifier of the subnet that the Privatelink VPC endpoint uses to connect to the cluster. */ securityGroupIds: pulumi.Input[]>; subnetIds: pulumi.Input[]>; /** * Identifier of the VPC endpoint */ vpcId: pulumi.Input; } export interface KxDataviewSegmentConfiguration { /** * The database path of the data that you want to place on each selected volume. Each segment must have a unique database path for each volume. */ dbPaths: pulumi.Input[]>; /** * Enables on-demand caching on the selected database path when a particular file or a column of the database is accessed. When on demand caching is **True**, dataviews perform minimal loading of files on the filesystem as needed. When it is set to **False**, everything is cached. The default value is **False**. */ onDemand?: pulumi.Input; /** * The name of the volume that you want to attach to a dataview. This volume must be in the same availability zone as the dataview that you are attaching to. */ volumeName: pulumi.Input; } export interface KxEnvironmentCustomDnsConfiguration { /** * IP address of the DNS server. */ customDnsServerIp: pulumi.Input; /** * Name of the DNS server. */ customDnsServerName: pulumi.Input; } export interface KxEnvironmentTransitGatewayConfiguration { /** * Rules that define how you manage outbound traffic from kdb network to your internal network. Defined below. */ attachmentNetworkAclConfigurations?: pulumi.Input[]>; /** * Routing CIDR on behalf of KX environment. It could be any “/26 range in the 100.64.0.0 CIDR space. After providing, it will be added to the customer’s transit gateway routing table so that the traffics could be routed to KX network. */ routableCidrSpace: pulumi.Input; /** * Identifier of the transit gateway created by the customer to connect outbound traffics from KX network to your internal network. */ transitGatewayId: pulumi.Input; } export interface KxEnvironmentTransitGatewayConfigurationAttachmentNetworkAclConfiguration { /** * The IPv4 network range to allow or deny, in CIDR notation. The specified CIDR block is modified to its canonical form. For example, `100.68.0.18/18` will be converted to `100.68.0.0/18`. */ cidrBlock: pulumi.Input; /** * Defines the ICMP protocol that consists of the ICMP type and code. Defined below. */ icmpTypeCode?: pulumi.Input; /** * Range of ports the rule applies to. Defined below. */ portRange?: pulumi.Input; /** * Protocol number. A value of `1` means all the protocols. */ protocol: pulumi.Input; /** * Indicates whether to `allow` or `deny` the traffic that matches the rule. */ ruleAction: pulumi.Input; /** * Rule number for the entry. All the network ACL entries are processed in ascending order by rule number. */ ruleNumber: pulumi.Input; } export interface KxEnvironmentTransitGatewayConfigurationAttachmentNetworkAclConfigurationIcmpTypeCode { /** * ICMP code. A value of `-1` means all codes for the specified ICMP type. */ code: pulumi.Input; /** * ICMP type. A value of `-1` means all types. */ type: pulumi.Input; } export interface KxEnvironmentTransitGatewayConfigurationAttachmentNetworkAclConfigurationPortRange { /** * First port in the range. */ from: pulumi.Input; /** * Last port in the range. */ to: pulumi.Input; } export interface KxVolumeAttachedCluster { clusterName: pulumi.Input; clusterStatus: pulumi.Input; clusterType: pulumi.Input; } export interface KxVolumeNas1Configuration { /** * The size of the network attached storage. */ size: pulumi.Input; /** * The type of the network attached storage. */ type: pulumi.Input; } } export namespace fis { export interface ExperimentTemplateAction { /** * ID of the action. To find out what actions are supported see [AWS FIS actions reference](https://docs.aws.amazon.com/fis/latest/userguide/fis-actions-reference.html). */ actionId: pulumi.Input; /** * Description of the action. */ description?: pulumi.Input; /** * Friendly name of the action. */ name: pulumi.Input; /** * Parameter(s) for the action, if applicable. See below. */ parameters?: pulumi.Input[]>; /** * Set of action names that must complete before this action can be executed. */ startAfters?: pulumi.Input[]>; /** * Action's target, if applicable. See below. */ target?: pulumi.Input; } export interface ExperimentTemplateActionParameter { /** * Parameter name. */ key: pulumi.Input; /** * Parameter value. * * For a list of parameters supported by each action, see [AWS FIS actions reference](https://docs.aws.amazon.com/fis/latest/userguide/fis-actions-reference.html). */ value: pulumi.Input; } export interface ExperimentTemplateActionTarget { /** * Target type. Valid values are `AutoScalingGroups` (EC2 Auto Scaling groups), `Buckets` (S3 Buckets), `Cluster` (EKS Cluster), `Clusters` (ECS Clusters), `DBInstances` (RDS DB Instances), `Instances` (EC2 Instances), `Nodegroups` (EKS Node groups), `Pods` (EKS Pods), `ReplicationGroups`(ElastiCache Redis Replication Groups), `Roles` (IAM Roles), `SpotInstances` (EC2 Spot Instances), `Subnets` (VPC Subnets), `Tables` (DynamoDB encrypted global tables), `Tasks` (ECS Tasks), `TransitGateways` (Transit gateways), `Volumes` (EBS Volumes). See the [documentation](https://docs.aws.amazon.com/fis/latest/userguide/actions.html#action-targets) for more details. */ key: pulumi.Input; /** * Target name, referencing a corresponding target. */ value: pulumi.Input; } export interface ExperimentTemplateLogConfiguration { /** * The configuration for experiment logging to Amazon CloudWatch Logs. See below. */ cloudwatchLogsConfiguration?: pulumi.Input; /** * The schema version. See [documentation](https://docs.aws.amazon.com/fis/latest/userguide/monitoring-logging.html#experiment-log-schema) for the list of schema versions. */ logSchemaVersion: pulumi.Input; /** * The configuration for experiment logging to Amazon S3. See below. */ s3Configuration?: pulumi.Input; } export interface ExperimentTemplateLogConfigurationCloudwatchLogsConfiguration { /** * The Amazon Resource Name (ARN) of the destination Amazon CloudWatch Logs log group. */ logGroupArn: pulumi.Input; } export interface ExperimentTemplateLogConfigurationS3Configuration { /** * The name of the destination bucket. */ bucketName: pulumi.Input; /** * The bucket prefix. */ prefix?: pulumi.Input; } export interface ExperimentTemplateStopCondition { /** * Source of the condition. One of `none`, `aws:cloudwatch:alarm`. */ source: pulumi.Input; /** * ARN of the CloudWatch alarm. Required if the source is a CloudWatch alarm. */ value?: pulumi.Input; } export interface ExperimentTemplateTarget { /** * Filter(s) for the target. Filters can be used to select resources based on specific attributes returned by the respective describe action of the resource type. For more information, see [Targets for AWS FIS](https://docs.aws.amazon.com/fis/latest/userguide/targets.html#target-filters). See below. */ filters?: pulumi.Input[]>; /** * Friendly name given to the target. */ name: pulumi.Input; /** * The resource type parameters. * * > **NOTE:** The `target` configuration block requires either `resourceArns` or `resourceTag`. */ parameters?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Set of ARNs of the resources to target with an action. Conflicts with `resourceTag`. */ resourceArns?: pulumi.Input[]>; /** * Tag(s) the resources need to have to be considered a valid target for an action. Conflicts with `resourceArns`. See below. */ resourceTags?: pulumi.Input[]>; /** * AWS resource type. The resource type must be supported for the specified action. To find out what resource types are supported, see [Targets for AWS FIS](https://docs.aws.amazon.com/fis/latest/userguide/targets.html#resource-types). */ resourceType: pulumi.Input; /** * Scopes the identified resources. Valid values are `ALL` (all identified resources), `COUNT(n)` (randomly select `n` of the identified resources), `PERCENT(n)` (randomly select `n` percent of the identified resources). */ selectionMode: pulumi.Input; } export interface ExperimentTemplateTargetFilter { /** * Attribute path for the filter. */ path: pulumi.Input; /** * Set of attribute values for the filter. * * > **NOTE:** Values specified in a `filter` are joined with an `OR` clause, while values across multiple `filter` blocks are joined with an `AND` clause. For more information, see [Targets for AWS FIS](https://docs.aws.amazon.com/fis/latest/userguide/targets.html#target-filters). */ values: pulumi.Input[]>; } export interface ExperimentTemplateTargetResourceTag { /** * Tag key. */ key: pulumi.Input; /** * Tag value. */ value: pulumi.Input; } } export namespace fms { export interface PolicyExcludeMap { /** * A list of AWS Organization member Accounts that you want to include for this AWS FMS Policy. */ accounts?: pulumi.Input[]>; /** * A list of IDs of the AWS Organizational Units that you want to include for this AWS FMS Policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time. * * You can specify inclusions or exclusions, but not both. If you specify an `includeMap`, AWS Firewall Manager applies the policy to all accounts specified by the `includeMap`, and does not evaluate any `excludeMap` specifications. If you do not specify an `includeMap`, then Firewall Manager applies the policy to all accounts except for those specified by the `excludeMap`. */ orgunits?: pulumi.Input[]>; } export interface PolicyIncludeMap { /** * A list of AWS Organization member Accounts that you want to include for this AWS FMS Policy. */ accounts?: pulumi.Input[]>; /** * A list of IDs of the AWS Organizational Units that you want to include for this AWS FMS Policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time. * * You can specify inclusions or exclusions, but not both. If you specify an `includeMap`, AWS Firewall Manager applies the policy to all accounts specified by the `includeMap`, and does not evaluate any `excludeMap` specifications. If you do not specify an `includeMap`, then Firewall Manager applies the policy to all accounts except for those specified by the `excludeMap`. */ orgunits?: pulumi.Input[]>; } export interface PolicySecurityServicePolicyData { /** * Details about the service that are specific to the service type, in JSON format. For service type `SHIELD_ADVANCED`, this is an empty string. Examples depending on `type` can be found in the [AWS Firewall Manager SecurityServicePolicyData API Reference](https://docs.aws.amazon.com/fms/2018-01-01/APIReference/API_SecurityServicePolicyData.html). */ managedServiceData?: pulumi.Input; /** * Contains the Network Firewall firewall policy options to configure a centralized deployment model. Documented below. */ policyOption?: pulumi.Input; /** * The service that the policy is using to protect the resources. For the current list of supported types, please refer to the [AWS Firewall Manager SecurityServicePolicyData API Type Reference](https://docs.aws.amazon.com/fms/2018-01-01/APIReference/API_SecurityServicePolicyData.html#fms-Type-SecurityServicePolicyData-Type). */ type: pulumi.Input; } export interface PolicySecurityServicePolicyDataPolicyOption { /** * Defines the deployment model to use for the firewall policy. Documented below. */ networkFirewallPolicy?: pulumi.Input; thirdPartyFirewallPolicy?: pulumi.Input; } export interface PolicySecurityServicePolicyDataPolicyOptionNetworkFirewallPolicy { /** * Defines the deployment model to use for the third-party firewall policy. Valid values are `CENTRALIZED` and `DISTRIBUTED`. */ firewallDeploymentModel?: pulumi.Input; } export interface PolicySecurityServicePolicyDataPolicyOptionThirdPartyFirewallPolicy { /** * Defines the deployment model to use for the third-party firewall policy. Valid values are `CENTRALIZED` and `DISTRIBUTED`. */ firewallDeploymentModel?: pulumi.Input; } } export namespace fsx { export interface DataRepositoryAssociationS3 { autoExportPolicy?: pulumi.Input; autoImportPolicy?: pulumi.Input; } export interface DataRepositoryAssociationS3AutoExportPolicy { events?: pulumi.Input[]>; } export interface DataRepositoryAssociationS3AutoImportPolicy { events?: pulumi.Input[]>; } export interface FileCacheDataRepositoryAssociation { associationId?: pulumi.Input; /** * The path to the S3 or NFS data repository that links to the cache. */ dataRepositoryPath: pulumi.Input; /** * A list of NFS Exports that will be linked with this data repository association. The Export paths are in the format /exportpath1. To use this parameter, you must configure DataRepositoryPath as the domain name of the NFS file system. The NFS file system domain name in effect is the root of the subdirectories. Note that DataRepositorySubdirectories is not supported for S3 data repositories. Max of 500. */ dataRepositorySubdirectories?: pulumi.Input[]>; /** * The system-generated, unique ID of the cache. */ fileCacheId?: pulumi.Input; /** * A path on the cache that points to a high-level directory (such as /ns1/) or subdirectory (such as /ns1/subdir/) that will be mapped 1-1 with DataRepositoryPath. The leading forward slash in the name is required. Two data repository associations cannot have overlapping cache paths. For example, if a data repository is associated with cache path /ns1/, then you cannot link another data repository with cache path /ns1/ns2. This path specifies where in your cache files will be exported from. This cache directory can be linked to only one data repository, and no data repository other can be linked to the directory. Note: The cache path can only be set to root (/) on an NFS DRA when DataRepositorySubdirectories is specified. If you specify root (/) as the cache path, you can create only one DRA on the cache. The cache path cannot be set to root (/) for an S3 DRA. */ fileCachePath: pulumi.Input; fileSystemId?: pulumi.Input; fileSystemPath?: pulumi.Input; importedFileChunkSize?: pulumi.Input; /** * (Optional) See the `nfs` configuration block. */ nfs?: pulumi.Input[]>; resourceArn?: pulumi.Input; /** * A map of tags to assign to the file cache. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. */ tags?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface FileCacheDataRepositoryAssociationNf { /** * A list of up to 2 IP addresses of DNS servers used to resolve the NFS file system domain name. The provided IP addresses can either be the IP addresses of a DNS forwarder or resolver that the customer manages and runs inside the customer VPC, or the IP addresses of the on-premises DNS servers. */ dnsIps?: pulumi.Input[]>; /** * The version of the NFS (Network File System) protocol of the NFS data repository. The only supported value is NFS3, which indicates that the data repository must support the NFSv3 protocol. The only supported value is `NFS3`. */ version: pulumi.Input; } export interface FileCacheLustreConfiguration { /** * Specifies the cache deployment type. The only supported value is `CACHE_1`. */ deploymentType: pulumi.Input; logConfigurations?: pulumi.Input[]>; /** * The configuration for a Lustre MDT (Metadata Target) storage volume. See the `metadataConfiguration` block. */ metadataConfigurations: pulumi.Input[]>; mountName?: pulumi.Input; /** * Provisions the amount of read and write throughput for each 1 tebibyte (TiB) of cache storage capacity, in MB/s/TiB. The only supported value is `1000`. */ perUnitStorageThroughput: pulumi.Input; /** * A recurring weekly time, in the format `D:HH:MM`. `D` is the day of the week, for which `1` represents Monday and `7` represents Sunday. `HH` is the zero-padded hour of the day (0-23), and `MM` is the zero-padded minute of the hour. For example, 1:05:00 specifies maintenance at 5 AM Monday. See the [ISO week date](https://en.wikipedia.org/wiki/ISO_week_date) for more information. */ weeklyMaintenanceStartTime?: pulumi.Input; } export interface FileCacheLustreConfigurationLogConfiguration { destination?: pulumi.Input; level?: pulumi.Input; } export interface FileCacheLustreConfigurationMetadataConfiguration { /** * The storage capacity of the Lustre MDT (Metadata Target) storage volume in gibibytes (GiB). The only supported value is `2400` GiB. */ storageCapacity: pulumi.Input; } export interface GetOntapStorageVirtualMachineFilter { /** * Name of the field to filter by, as defined by [the underlying AWS API](https://docs.aws.amazon.com/fsx/latest/APIReference/API_StorageVirtualMachineFilter.html). */ name: string; /** * Set of values that are accepted for the given field. An SVM will be selected if any one of the given values matches. */ values: string[]; } export interface GetOntapStorageVirtualMachineFilterArgs { /** * Name of the field to filter by, as defined by [the underlying AWS API](https://docs.aws.amazon.com/fsx/latest/APIReference/API_StorageVirtualMachineFilter.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given field. An SVM will be selected if any one of the given values matches. */ values: pulumi.Input[]>; } export interface GetOntapStorageVirtualMachinesFilter { /** * Name of the field to filter by, as defined by [the underlying AWS API](https://docs.aws.amazon.com/fsx/latest/APIReference/API_StorageVirtualMachineFilter.html). */ name: string; /** * Set of values that are accepted for the given field. An SVM will be selected if any one of the given values matches. */ values: string[]; } export interface GetOntapStorageVirtualMachinesFilterArgs { /** * Name of the field to filter by, as defined by [the underlying AWS API](https://docs.aws.amazon.com/fsx/latest/APIReference/API_StorageVirtualMachineFilter.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given field. An SVM will be selected if any one of the given values matches. */ values: pulumi.Input[]>; } export interface GetOpenZfsSnapshotFilter { /** * Name of the snapshot. */ name: string; values: string[]; } export interface GetOpenZfsSnapshotFilterArgs { /** * Name of the snapshot. */ name: pulumi.Input; values: pulumi.Input[]>; } export interface LustreFileSystemLogConfiguration { /** * The Amazon Resource Name (ARN) that specifies the destination of the logs. The name of the Amazon CloudWatch Logs log group must begin with the `/aws/fsx` prefix. If you do not provide a destination, Amazon FSx will create and use a log stream in the CloudWatch Logs `/aws/fsx/lustre` log group. */ destination?: pulumi.Input; /** * Sets which data repository events are logged by Amazon FSx. Valid values are `WARN_ONLY`, `FAILURE_ONLY`, `ERROR_ONLY`, `WARN_ERROR` and `DISABLED`. Default value is `DISABLED`. */ level?: pulumi.Input; } export interface LustreFileSystemRootSquashConfiguration { /** * When root squash is enabled, you can optionally specify an array of NIDs of clients for which root squash does not apply. A client NID is a Lustre Network Identifier used to uniquely identify a client. You can specify the NID as either a single address or a range of addresses: 1. A single address is described in standard Lustre NID format by specifying the client’s IP address followed by the Lustre network ID (for example, 10.0.1.6@tcp). 2. An address range is described using a dash to separate the range (for example, 10.0.[2-10].[1-255]@tcp). */ noSquashNids?: pulumi.Input[]>; /** * You enable root squash by setting a user ID (UID) and group ID (GID) for the file system in the format UID:GID (for example, 365534:65534). The UID and GID values can range from 0 to 4294967294. */ rootSquash?: pulumi.Input; } export interface OntapFileSystemDiskIopsConfiguration { /** * The total number of SSD IOPS provisioned for the file system. */ iops?: pulumi.Input; /** * Specifies whether the number of IOPS for the file system is using the system. Valid values are `AUTOMATIC` and `USER_PROVISIONED`. Default value is `AUTOMATIC`. */ mode?: pulumi.Input; } export interface OntapFileSystemEndpoint { /** * An endpoint for managing your file system by setting up NetApp SnapMirror with other ONTAP systems. See Endpoint. */ interclusters?: pulumi.Input[]>; /** * An endpoint for managing your file system using the NetApp ONTAP CLI and NetApp ONTAP API. See Endpoint. */ managements?: pulumi.Input[]>; } export interface OntapFileSystemEndpointIntercluster { /** * The Domain Name Service (DNS) name for the file system. You can mount your file system using its DNS name. */ dnsName?: pulumi.Input; /** * IP addresses of the file system endpoint. */ ipAddresses?: pulumi.Input[]>; } export interface OntapFileSystemEndpointManagement { /** * The Domain Name Service (DNS) name for the file system. You can mount your file system using its DNS name. */ dnsName?: pulumi.Input; /** * IP addresses of the file system endpoint. */ ipAddresses?: pulumi.Input[]>; } export interface OntapStorageVirtualMachineActiveDirectoryConfiguration { /** * The NetBIOS name of the Active Directory computer object that will be created for your SVM. This is often the same as the SVM name but can be different. AWS limits to 15 characters because of standard NetBIOS naming limits. */ netbiosName?: pulumi.Input; selfManagedActiveDirectoryConfiguration?: pulumi.Input; } export interface OntapStorageVirtualMachineActiveDirectoryConfigurationSelfManagedActiveDirectoryConfiguration { dnsIps: pulumi.Input[]>; domainName: pulumi.Input; fileSystemAdministratorsGroup?: pulumi.Input; organizationalUnitDistinguishedName?: pulumi.Input; password: pulumi.Input; username: pulumi.Input; } export interface OntapStorageVirtualMachineEndpoint { /** * An endpoint for accessing data on your storage virtual machine via iSCSI protocol. See Endpoint. */ iscsis?: pulumi.Input[]>; /** * An endpoint for managing your file system using the NetApp ONTAP CLI and NetApp ONTAP API. See Endpoint. */ managements?: pulumi.Input[]>; /** * An endpoint for accessing data on your storage virtual machine via NFS protocol. See Endpoint. */ nfs?: pulumi.Input[]>; /** * An endpoint for accessing data on your storage virtual machine via SMB protocol. This is only set if an activeDirectoryConfiguration has been set. See Endpoint. */ smbs?: pulumi.Input[]>; } export interface OntapStorageVirtualMachineEndpointIscsi { /** * The Domain Name Service (DNS) name for the storage virtual machine. You can mount your storage virtual machine using its DNS name. */ dnsName?: pulumi.Input; /** * IP addresses of the storage virtual machine endpoint. */ ipAddresses?: pulumi.Input[]>; } export interface OntapStorageVirtualMachineEndpointManagement { /** * The Domain Name Service (DNS) name for the storage virtual machine. You can mount your storage virtual machine using its DNS name. */ dnsName?: pulumi.Input; /** * IP addresses of the storage virtual machine endpoint. */ ipAddresses?: pulumi.Input[]>; } export interface OntapStorageVirtualMachineEndpointNf { /** * The Domain Name Service (DNS) name for the storage virtual machine. You can mount your storage virtual machine using its DNS name. */ dnsName?: pulumi.Input; /** * IP addresses of the storage virtual machine endpoint. */ ipAddresses?: pulumi.Input[]>; } export interface OntapStorageVirtualMachineEndpointSmb { /** * The Domain Name Service (DNS) name for the storage virtual machine. You can mount your storage virtual machine using its DNS name. */ dnsName?: pulumi.Input; /** * IP addresses of the storage virtual machine endpoint. */ ipAddresses?: pulumi.Input[]>; } export interface OntapVolumeAggregateConfiguration { /** * Used to specify the names of the aggregates on which the volume will be created. Each aggregate needs to be in the format aggrX where X is the number of the aggregate. */ aggregates?: pulumi.Input[]>; /** * Used to explicitly set the number of constituents within the FlexGroup per storage aggregate. the default value is `8`. */ constituentsPerAggregate?: pulumi.Input; /** * The total amount of constituents for a `FLEXGROUP` volume. This would equal constituentsPerAggregate x aggregates. */ totalConstituents?: pulumi.Input; } export interface OntapVolumeSnaplockConfiguration { /** * Enables or disables the audit log volume for an FSx for ONTAP SnapLock volume. The default value is `false`. */ auditLogVolume?: pulumi.Input; /** * The configuration object for setting the autocommit period of files in an FSx for ONTAP SnapLock volume. See Autocommit Period below. */ autocommitPeriod?: pulumi.Input; /** * Enables, disables, or permanently disables privileged delete on an FSx for ONTAP SnapLock Enterprise volume. Valid values: `DISABLED`, `ENABLED`, `PERMANENTLY_DISABLED`. The default value is `DISABLED`. */ privilegedDelete?: pulumi.Input; /** * The retention period of an FSx for ONTAP SnapLock volume. See SnapLock Retention Period below. */ retentionPeriod?: pulumi.Input; /** * Specifies the retention mode of an FSx for ONTAP SnapLock volume. After it is set, it can't be changed. Valid values: `COMPLIANCE`, `ENTERPRISE`. */ snaplockType: pulumi.Input; /** * Enables or disables volume-append mode on an FSx for ONTAP SnapLock volume. The default value is `false`. */ volumeAppendModeEnabled?: pulumi.Input; } export interface OntapVolumeSnaplockConfigurationAutocommitPeriod { /** * The type of time for the autocommit period of a file in an FSx for ONTAP SnapLock volume. Setting this value to `NONE` disables autocommit. Valid values: `MINUTES`, `HOURS`, `DAYS`, `MONTHS`, `YEARS`, `NONE`. */ type?: pulumi.Input; /** * The amount of time for the autocommit period of a file in an FSx for ONTAP SnapLock volume. */ value?: pulumi.Input; } export interface OntapVolumeSnaplockConfigurationRetentionPeriod { defaultRetention?: pulumi.Input; maximumRetention?: pulumi.Input; minimumRetention?: pulumi.Input; } export interface OntapVolumeSnaplockConfigurationRetentionPeriodDefaultRetention { type?: pulumi.Input; value?: pulumi.Input; } export interface OntapVolumeSnaplockConfigurationRetentionPeriodMaximumRetention { type?: pulumi.Input; value?: pulumi.Input; } export interface OntapVolumeSnaplockConfigurationRetentionPeriodMinimumRetention { type?: pulumi.Input; value?: pulumi.Input; } export interface OntapVolumeTieringPolicy { /** * Specifies the number of days that user data in a volume must remain inactive before it is considered "cold" and moved to the capacity pool. Used with `AUTO` and `SNAPSHOT_ONLY` tiering policies only. Valid values are whole numbers between 2 and 183. Default values are 31 days for `AUTO` and 2 days for `SNAPSHOT_ONLY`. */ coolingPeriod?: pulumi.Input; /** * Specifies the tiering policy for the ONTAP volume for moving data to the capacity pool storage. Valid values are `SNAPSHOT_ONLY`, `AUTO`, `ALL`, `NONE`. Default value is `SNAPSHOT_ONLY`. */ name?: pulumi.Input; } export interface OpenZfsFileSystemDiskIopsConfiguration { /** * The total number of SSD IOPS provisioned for the file system. */ iops?: pulumi.Input; /** * Specifies whether the number of IOPS for the file system is using the system. Valid values are `AUTOMATIC` and `USER_PROVISIONED`. Default value is `AUTOMATIC`. */ mode?: pulumi.Input; } export interface OpenZfsFileSystemRootVolumeConfiguration { /** * A boolean flag indicating whether tags for the file system should be copied to snapshots. The default value is false. */ copyTagsToSnapshots?: pulumi.Input; /** * Method used to compress the data on the volume. Valid values are `LZ4`, `NONE` or `ZSTD`. Child volumes that don't specify compression option will inherit from parent volume. This option on file system applies to the root volume. */ dataCompressionType?: pulumi.Input; /** * NFS export configuration for the root volume. Exactly 1 item. See NFS Exports Below. */ nfsExports?: pulumi.Input; /** * specifies whether the volume is read-only. Default is false. */ readOnly?: pulumi.Input; /** * Specifies the record size of an OpenZFS root volume, in kibibytes (KiB). Valid values are `4`, `8`, `16`, `32`, `64`, `128`, `256`, `512`, or `1024` KiB. The default is `128` KiB. */ recordSizeKib?: pulumi.Input; /** * Specify how much storage users or groups can use on the volume. Maximum of 100 items. See User and Group Quotas Below. */ userAndGroupQuotas?: pulumi.Input[]>; } export interface OpenZfsFileSystemRootVolumeConfigurationNfsExports { /** * A list of configuration objects that contain the client and options for mounting the OpenZFS file system. Maximum of 25 items. See Client Configurations Below. */ clientConfigurations: pulumi.Input[]>; } export interface OpenZfsFileSystemRootVolumeConfigurationNfsExportsClientConfiguration { /** * A value that specifies who can mount the file system. You can provide a wildcard character (*), an IP address (0.0.0.0), or a CIDR address (192.0.2.0/24. By default, Amazon FSx uses the wildcard character when specifying the client. */ clients: pulumi.Input; /** * The options to use when mounting the file system. Maximum of 20 items. See the [Linix NFS exports man page](https://linux.die.net/man/5/exports) for more information. `crossmount` and `sync` are used by default. */ options: pulumi.Input[]>; } export interface OpenZfsFileSystemRootVolumeConfigurationUserAndGroupQuota { /** * The ID of the user or group. Valid values between `0` and `2147483647` */ id: pulumi.Input; /** * The amount of storage that the user or group can use in gibibytes (GiB). Valid values between `0` and `2147483647` */ storageCapacityQuotaGib: pulumi.Input; /** * A value that specifies whether the quota applies to a user or group. Valid values are `USER` or `GROUP`. */ type: pulumi.Input; } export interface OpenZfsVolumeNfsExports { /** * A list of configuration objects that contain the client and options for mounting the OpenZFS file system. Maximum of 25 items. See `clientConfigurations` Block below for details. */ clientConfigurations: pulumi.Input[]>; } export interface OpenZfsVolumeNfsExportsClientConfiguration { /** * A value that specifies who can mount the file system. You can provide a wildcard character (*), an IP address (0.0.0.0), or a CIDR address (192.0.2.0/24. By default, Amazon FSx uses the wildcard character when specifying the client. */ clients: pulumi.Input; /** * The options to use when mounting the file system. Maximum of 20 items. See the [Linix NFS exports man page](https://linux.die.net/man/5/exports) for more information. `crossmount` and `sync` are used by default. */ options: pulumi.Input[]>; } export interface OpenZfsVolumeOriginSnapshot { /** * Specifies the strategy used when copying data from the snapshot to the new volume. Valid values are `CLONE`, `FULL_COPY`, `INCREMENTAL_COPY`. */ copyStrategy: pulumi.Input; /** * The Amazon Resource Name (ARN) of the origin snapshot. */ snapshotArn: pulumi.Input; } export interface OpenZfsVolumeUserAndGroupQuota { /** * The ID of the user or group. Valid values between `0` and `2147483647` */ id: pulumi.Input; /** * The amount of storage that the user or group can use in gibibytes (GiB). Valid values between `0` and `2147483647` */ storageCapacityQuotaGib: pulumi.Input; type: pulumi.Input; } export interface WindowsFileSystemAuditLogConfiguration { /** * The Amazon Resource Name (ARN) for the destination of the audit logs. The destination can be any Amazon CloudWatch Logs log group ARN or Amazon Kinesis Data Firehose delivery stream ARN. Can be specified when `fileAccessAuditLogLevel` and `fileShareAccessAuditLogLevel` are not set to `DISABLED`. The name of the Amazon CloudWatch Logs log group must begin with the `/aws/fsx` prefix. The name of the Amazon Kinesis Data Firehouse delivery stream must begin with the `aws-fsx` prefix. If you do not provide a destination in `auditLogDestionation`, Amazon FSx will create and use a log stream in the CloudWatch Logs /aws/fsx/windows log group. */ auditLogDestination?: pulumi.Input; /** * Sets which attempt type is logged by Amazon FSx for file and folder accesses. Valid values are `SUCCESS_ONLY`, `FAILURE_ONLY`, `SUCCESS_AND_FAILURE`, and `DISABLED`. Default value is `DISABLED`. */ fileAccessAuditLogLevel?: pulumi.Input; /** * Sets which attempt type is logged by Amazon FSx for file share accesses. Valid values are `SUCCESS_ONLY`, `FAILURE_ONLY`, `SUCCESS_AND_FAILURE`, and `DISABLED`. Default value is `DISABLED`. */ fileShareAccessAuditLogLevel?: pulumi.Input; } export interface WindowsFileSystemDiskIopsConfiguration { /** * The total number of SSD IOPS provisioned for the file system. */ iops?: pulumi.Input; /** * Specifies whether the number of IOPS for the file system is using the system. Valid values are `AUTOMATIC` and `USER_PROVISIONED`. Default value is `AUTOMATIC`. */ mode?: pulumi.Input; } export interface WindowsFileSystemSelfManagedActiveDirectory { /** * A list of up to two IP addresses of DNS servers or domain controllers in the self-managed AD directory. The IP addresses need to be either in the same VPC CIDR range as the file system or in the private IP version 4 (IPv4) address ranges as specified in [RFC 1918](https://tools.ietf.org/html/rfc1918). */ dnsIps: pulumi.Input[]>; /** * The fully qualified domain name of the self-managed AD directory. For example, `corp.example.com`. */ domainName: pulumi.Input; /** * The name of the domain group whose members are granted administrative privileges for the file system. Administrative privileges include taking ownership of files and folders, and setting audit controls (audit ACLs) on files and folders. The group that you specify must already exist in your domain. Defaults to `Domain Admins`. */ fileSystemAdministratorsGroup?: pulumi.Input; /** * The fully qualified distinguished name of the organizational unit within your self-managed AD directory that the Windows File Server instance will join. For example, `OU=FSx,DC=yourdomain,DC=corp,DC=com`. Only accepts OU as the direct parent of the file system. If none is provided, the FSx file system is created in the default location of your self-managed AD directory. To learn more, see [RFC 2253](https://tools.ietf.org/html/rfc2253). */ organizationalUnitDistinguishedName?: pulumi.Input; /** * The password for the service account on your self-managed AD domain that Amazon FSx will use to join to your AD domain. */ password: pulumi.Input; /** * The user name for the service account on your self-managed AD domain that Amazon FSx will use to join to your AD domain. */ username: pulumi.Input; } } export namespace gamelift { export interface AliasRoutingStrategy { /** * ID of the GameLift Fleet to point the alias to. */ fleetId?: pulumi.Input; /** * Message text to be used with the `TERMINAL` routing strategy. */ message?: pulumi.Input; /** * Type of routing strategyE.g., `SIMPLE` or `TERMINAL` */ type: pulumi.Input; } export interface BuildStorageLocation { /** * Name of your S3 bucket. */ bucket: pulumi.Input; /** * Name of the zip file containing your build files. */ key: pulumi.Input; /** * A specific version of the file. If not set, the latest version of the file is retrieved. */ objectVersion?: pulumi.Input; /** * ARN of the access role that allows Amazon GameLift to access your S3 bucket. */ roleArn: pulumi.Input; } export interface FleetCertificateConfiguration { /** * Indicates whether a TLS/SSL certificate is generated for a fleet. Valid values are `DISABLED` and `GENERATED`. Default value is `DISABLED`. */ certificateType?: pulumi.Input; } export interface FleetEc2InboundPermission { /** * Starting value for a range of allowed port numbers. */ fromPort: pulumi.Input; /** * Range of allowed IP addresses expressed in CIDR notationE.g., `000.000.000.000/[subnet mask]` or `0.0.0.0/[subnet mask]`. */ ipRange: pulumi.Input; /** * Network communication protocol used by the fleetE.g., `TCP` or `UDP` */ protocol: pulumi.Input; /** * Ending value for a range of allowed port numbers. Port numbers are end-inclusive. This value must be higher than `fromPort`. */ toPort: pulumi.Input; } export interface FleetResourceCreationLimitPolicy { /** * Maximum number of game sessions that an individual can create during the policy period. */ newGameSessionsPerCreator?: pulumi.Input; /** * Time span used in evaluating the resource creation limit policy. */ policyPeriodInMinutes?: pulumi.Input; } export interface FleetRuntimeConfiguration { /** * Maximum amount of time (in seconds) that a game session can remain in status `ACTIVATING`. */ gameSessionActivationTimeoutSeconds?: pulumi.Input; /** * Maximum number of game sessions with status `ACTIVATING` to allow on an instance simultaneously. */ maxConcurrentGameSessionActivations?: pulumi.Input; /** * Collection of server process configurations that describe which server processes to run on each instance in a fleet. See below. */ serverProcesses?: pulumi.Input[]>; } export interface FleetRuntimeConfigurationServerProcess { /** * Number of server processes using this configuration to run concurrently on an instance. */ concurrentExecutions: pulumi.Input; /** * Location of the server executable in a game build. All game builds are installed on instances at the root : for Windows instances `C:\game`, and for Linux instances `/local/game`. */ launchPath: pulumi.Input; /** * Optional list of parameters to pass to the server executable on launch. */ parameters?: pulumi.Input; } export interface GameServerGroupAutoScalingPolicy { /** * Length of time, in seconds, it takes for a new instance to start * new game server processes and register with GameLift FleetIQ. * Specifying a warm-up time can be useful, particularly with game servers that take a long time to start up, * because it avoids prematurely starting new instances. Defaults to `60`. */ estimatedInstanceWarmup?: pulumi.Input; targetTrackingConfiguration: pulumi.Input; } export interface GameServerGroupAutoScalingPolicyTargetTrackingConfiguration { /** * Desired value to use with a game server group target-based scaling policy. */ targetValue: pulumi.Input; } export interface GameServerGroupInstanceDefinition { /** * An EC2 instance type. */ instanceType: pulumi.Input; /** * Instance weighting that indicates how much this instance type contributes * to the total capacity of a game server group. * Instance weights are used by GameLift FleetIQ to calculate the instance type's cost per unit hour and better identify * the most cost-effective options. */ weightedCapacity?: pulumi.Input; } export interface GameServerGroupLaunchTemplate { /** * A unique identifier for an existing EC2 launch template. */ id?: pulumi.Input; /** * A readable identifier for an existing EC2 launch template. */ name?: pulumi.Input; /** * The version of the EC2 launch template to use. If none is set, the default is the first version created. */ version?: pulumi.Input; } export interface GameSessionQueuePlayerLatencyPolicy { /** * Maximum latency value that is allowed for any player. */ maximumIndividualPlayerLatencyMilliseconds: pulumi.Input; /** * Length of time that the policy is enforced while placing a new game session. Absence of value for this attribute means that the policy is enforced until the queue times out. */ policyDurationSeconds?: pulumi.Input; } export interface MatchmakingConfigurationGameProperty { /** * A game property key */ key: pulumi.Input; /** * A game property value. */ value: pulumi.Input; } export interface ScriptStorageLocation { /** * Name of your S3 bucket. */ bucket: pulumi.Input; /** * Name of the zip file containing your script files. */ key: pulumi.Input; /** * A specific version of the file. If not set, the latest version of the file is retrieved. */ objectVersion?: pulumi.Input; /** * ARN of the access role that allows Amazon GameLift to access your S3 bucket. */ roleArn: pulumi.Input; } } export namespace glacier { export interface VaultNotification { /** * You can configure a vault to publish a notification for `ArchiveRetrievalCompleted` and `InventoryRetrievalCompleted` events. */ events: pulumi.Input[]>; /** * The SNS Topic ARN. */ snsTopic: pulumi.Input; } } export namespace globalaccelerator { export interface AcceleratorAttributes { /** * Indicates whether flow logs are enabled. Defaults to `false`. Valid values: `true`, `false`. */ flowLogsEnabled?: pulumi.Input; /** * The name of the Amazon S3 bucket for the flow logs. Required if `flowLogsEnabled` is `true`. */ flowLogsS3Bucket?: pulumi.Input; /** * The prefix for the location in the Amazon S3 bucket for the flow logs. Required if `flowLogsEnabled` is `true`. */ flowLogsS3Prefix?: pulumi.Input; } export interface AcceleratorIpSet { /** * The IP addresses to use for BYOIP accelerators. If not specified, the service assigns IP addresses. Valid values: 1 or 2 IPv4 addresses. */ ipAddresses?: pulumi.Input[]>; /** * The type of IP addresses included in this IP set. */ ipFamily?: pulumi.Input; } export interface CrossAccountAttachmentResource { /** * The endpoint ID for the endpoint that is specified as a AWS resource. */ endpointId?: pulumi.Input; /** * The AWS Region where a shared endpoint resource is located. */ region?: pulumi.Input; } export interface CustomRoutingAcceleratorAttributes { /** * Indicates whether flow logs are enabled. Defaults to `false`. Valid values: `true`, `false`. */ flowLogsEnabled?: pulumi.Input; /** * The name of the Amazon S3 bucket for the flow logs. Required if `flowLogsEnabled` is `true`. */ flowLogsS3Bucket?: pulumi.Input; /** * The prefix for the location in the Amazon S3 bucket for the flow logs. Required if `flowLogsEnabled` is `true`. */ flowLogsS3Prefix?: pulumi.Input; } export interface CustomRoutingAcceleratorIpSet { /** * The IP addresses to use for BYOIP accelerators. If not specified, the service assigns IP addresses. Valid values: 1 or 2 IPv4 addresses. */ ipAddresses?: pulumi.Input[]>; /** * The type of IP addresses included in this IP set. */ ipFamily?: pulumi.Input; } export interface CustomRoutingEndpointGroupDestinationConfiguration { /** * The first port, inclusive, in the range of ports for the endpoint group that is associated with a custom routing accelerator. */ fromPort: pulumi.Input; /** * The protocol for the endpoint group that is associated with a custom routing accelerator. The protocol can be either `"TCP"` or `"UDP"`. */ protocols: pulumi.Input[]>; /** * The last port, inclusive, in the range of ports for the endpoint group that is associated with a custom routing accelerator. */ toPort: pulumi.Input; } export interface CustomRoutingEndpointGroupEndpointConfiguration { /** * An ID for the endpoint. For custom routing accelerators, this is the virtual private cloud (VPC) subnet ID. */ endpointId?: pulumi.Input; } export interface CustomRoutingListenerPortRange { /** * The first port in the range of ports, inclusive. */ fromPort?: pulumi.Input; /** * The last port in the range of ports, inclusive. */ toPort?: pulumi.Input; } export interface EndpointGroupEndpointConfiguration { /** * Indicates whether client IP address preservation is enabled for an Application Load Balancer endpoint. See the [AWS documentation](https://docs.aws.amazon.com/global-accelerator/latest/dg/preserve-client-ip-address.html) for more details. The default value is `false`. * **Note:** When client IP address preservation is enabled, the Global Accelerator service creates an EC2 Security Group in the VPC named `GlobalAccelerator` that must be deleted (potentially outside of the provider) before the VPC will successfully delete. If this EC2 Security Group is not deleted, the provider will retry the VPC deletion for a few minutes before reporting a `DependencyViolation` error. This cannot be resolved by re-running the provider. */ clientIpPreservationEnabled?: pulumi.Input; /** * An ID for the endpoint. If the endpoint is a Network Load Balancer or Application Load Balancer, this is the Amazon Resource Name (ARN) of the resource. If the endpoint is an Elastic IP address, this is the Elastic IP address allocation ID. */ endpointId?: pulumi.Input; /** * The weight associated with the endpoint. When you add weights to endpoints, you configure AWS Global Accelerator to route traffic based on proportions that you specify. */ weight?: pulumi.Input; } export interface EndpointGroupPortOverride { /** * The endpoint port that you want a listener port to be mapped to. This is the port on the endpoint, such as the Application Load Balancer or Amazon EC2 instance. */ endpointPort: pulumi.Input; /** * The listener port that you want to map to a specific endpoint port. This is the port that user traffic arrives to the Global Accelerator on. */ listenerPort: pulumi.Input; } export interface ListenerPortRange { /** * The first port in the range of ports, inclusive. */ fromPort?: pulumi.Input; /** * The last port in the range of ports, inclusive. */ toPort?: pulumi.Input; } } export namespace glue { export interface CatalogDatabaseCreateTableDefaultPermission { /** * The permissions that are granted to the principal. */ permissions?: pulumi.Input[]>; /** * The principal who is granted permissions.. See `principal` below. */ principal?: pulumi.Input; } export interface CatalogDatabaseCreateTableDefaultPermissionPrincipal { /** * An identifier for the Lake Formation principal. */ dataLakePrincipalIdentifier?: pulumi.Input; } export interface CatalogDatabaseFederatedDatabase { /** * Name of the connection to the external metastore. */ connectionName?: pulumi.Input; /** * Unique identifier for the federated database. */ identifier?: pulumi.Input; } export interface CatalogDatabaseTargetDatabase { /** * ID of the Data Catalog in which the database resides. */ catalogId: pulumi.Input; /** * Name of the catalog database. */ databaseName: pulumi.Input; /** * Region of the target database. */ region?: pulumi.Input; } export interface CatalogTableOpenTableFormatInput { /** * Configuration block for iceberg table config. See `icebergInput` below. */ icebergInput: pulumi.Input; } export interface CatalogTableOpenTableFormatInputIcebergInput { /** * A required metadata operation. Can only be set to CREATE. */ metadataOperation: pulumi.Input; /** * The table version for the Iceberg table. Defaults to 2. */ version?: pulumi.Input; } export interface CatalogTablePartitionIndex { /** * Name of the partition index. */ indexName: pulumi.Input; indexStatus?: pulumi.Input; /** * Keys for the partition index. */ keys: pulumi.Input[]>; } export interface CatalogTablePartitionKey { /** * Free-form text comment. */ comment?: pulumi.Input; /** * Name of the Partition Key. */ name: pulumi.Input; /** * Datatype of data in the Partition Key. */ type?: pulumi.Input; } export interface CatalogTableStorageDescriptor { /** * List of reducer grouping columns, clustering columns, and bucketing columns in the table. */ bucketColumns?: pulumi.Input[]>; /** * Configuration block for columns in the table. See `columns` below. */ columns?: pulumi.Input[]>; /** * Whether the data in the table is compressed. */ compressed?: pulumi.Input; /** * Input format: SequenceFileInputFormat (binary), or TextInputFormat, or a custom format. */ inputFormat?: pulumi.Input; /** * Physical location of the table. By default this takes the form of the warehouse location, followed by the database location in the warehouse, followed by the table name. */ location?: pulumi.Input; /** * Must be specified if the table contains any dimension columns. */ numberOfBuckets?: pulumi.Input; /** * Output format: SequenceFileOutputFormat (binary), or IgnoreKeyTextOutputFormat, or a custom format. */ outputFormat?: pulumi.Input; /** * User-supplied properties in key-value form. */ parameters?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Object that references a schema stored in the AWS Glue Schema Registry. When creating a table, you can pass an empty list of columns for the schema, and instead use a schema reference. See Schema Reference below. */ schemaReference?: pulumi.Input; /** * Configuration block for serialization and deserialization ("SerDe") information. See `serDeInfo` below. */ serDeInfo?: pulumi.Input; /** * Configuration block with information about values that appear very frequently in a column (skewed values). See `skewedInfo` below. */ skewedInfo?: pulumi.Input; /** * Configuration block for the sort order of each bucket in the table. See `sortColumns` below. */ sortColumns?: pulumi.Input[]>; /** * Whether the table data is stored in subdirectories. */ storedAsSubDirectories?: pulumi.Input; } export interface CatalogTableStorageDescriptorColumn { /** * Free-form text comment. */ comment?: pulumi.Input; /** * Name of the Column. */ name: pulumi.Input; /** * Key-value pairs defining properties associated with the column. */ parameters?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Datatype of data in the Column. */ type?: pulumi.Input; } export interface CatalogTableStorageDescriptorSchemaReference { /** * Configuration block that contains schema identity fields. Either this or the `schemaVersionId` has to be provided. See `schemaId` below. */ schemaId?: pulumi.Input; /** * Unique ID assigned to a version of the schema. Either this or the `schemaId` has to be provided. */ schemaVersionId?: pulumi.Input; /** * Version number of the schema. */ schemaVersionNumber: pulumi.Input; } export interface CatalogTableStorageDescriptorSchemaReferenceSchemaId { /** * Name of the schema registry that contains the schema. Must be provided when `schemaName` is specified and conflicts with `schemaArn`. */ registryName?: pulumi.Input; /** * ARN of the schema. One of `schemaArn` or `schemaName` has to be provided. */ schemaArn?: pulumi.Input; /** * Name of the schema. One of `schemaArn` or `schemaName` has to be provided. */ schemaName?: pulumi.Input; } export interface CatalogTableStorageDescriptorSerDeInfo { /** * Name of the SerDe. */ name?: pulumi.Input; /** * Map of initialization parameters for the SerDe, in key-value form. */ parameters?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Usually the class that implements the SerDe. An example is `org.apache.hadoop.hive.serde2.columnar.ColumnarSerDe`. */ serializationLibrary?: pulumi.Input; } export interface CatalogTableStorageDescriptorSkewedInfo { /** * List of names of columns that contain skewed values. */ skewedColumnNames?: pulumi.Input[]>; /** * List of values that appear so frequently as to be considered skewed. */ skewedColumnValueLocationMaps?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Map of skewed values to the columns that contain them. */ skewedColumnValues?: pulumi.Input[]>; } export interface CatalogTableStorageDescriptorSortColumn { /** * Name of the column. */ column: pulumi.Input; /** * Whether the column is sorted in ascending (`1`) or descending order (`0`). */ sortOrder: pulumi.Input; } export interface CatalogTableTargetTable { /** * ID of the Data Catalog in which the table resides. */ catalogId: pulumi.Input; /** * Name of the catalog database that contains the target table. */ databaseName: pulumi.Input; /** * Name of the target table. */ name: pulumi.Input; /** * Region of the target table. */ region?: pulumi.Input; } export interface ClassifierCsvClassifier { /** * Enables the processing of files that contain only one column. */ allowSingleColumn?: pulumi.Input; /** * Indicates whether the CSV file contains a header. This can be one of "ABSENT", "PRESENT", or "UNKNOWN". */ containsHeader?: pulumi.Input; /** * Enables the custom datatype to be configured. */ customDatatypeConfigured?: pulumi.Input; /** * A list of supported custom datatypes. Valid values are `BINARY`, `BOOLEAN`, `DATE`, `DECIMAL`, `DOUBLE`, `FLOAT`, `INT`, `LONG`, `SHORT`, `STRING`, `TIMESTAMP`. */ customDatatypes?: pulumi.Input[]>; /** * The delimiter used in the Csv to separate columns. */ delimiter?: pulumi.Input; /** * Specifies whether to trim column values. */ disableValueTrimming?: pulumi.Input; /** * A list of strings representing column names. */ headers?: pulumi.Input[]>; /** * A custom symbol to denote what combines content into a single column value. It must be different from the column delimiter. */ quoteSymbol?: pulumi.Input; serde?: pulumi.Input; } export interface ClassifierGrokClassifier { /** * An identifier of the data format that the classifier matches, such as Twitter, JSON, Omniture logs, Amazon CloudWatch Logs, and so on. */ classification: pulumi.Input; /** * Custom grok patterns used by this classifier. */ customPatterns?: pulumi.Input; /** * The grok pattern used by this classifier. */ grokPattern: pulumi.Input; } export interface ClassifierJsonClassifier { /** * A `JsonPath` string defining the JSON data for the classifier to classify. AWS Glue supports a subset of `JsonPath`, as described in [Writing JsonPath Custom Classifiers](https://docs.aws.amazon.com/glue/latest/dg/custom-classifier.html#custom-classifier-json). */ jsonPath: pulumi.Input; } export interface ClassifierXmlClassifier { /** * An identifier of the data format that the classifier matches. */ classification: pulumi.Input; /** * The XML tag designating the element that contains each record in an XML document being parsed. Note that this cannot identify a self-closing element (closed by `/>`). An empty row element that contains only attributes can be parsed as long as it ends with a closing tag (for example, `` is okay, but `` is not). */ rowTag: pulumi.Input; } export interface ConnectionPhysicalConnectionRequirements { /** * The availability zone of the connection. This field is redundant and implied by `subnetId`, but is currently an api requirement. */ availabilityZone?: pulumi.Input; /** * The security group ID list used by the connection. */ securityGroupIdLists?: pulumi.Input[]>; /** * The subnet ID used by the connection. */ subnetId?: pulumi.Input; } export interface CrawlerCatalogTarget { /** * The name of the connection for an Amazon S3-backed Data Catalog table to be a target of the crawl when using a Catalog connection type paired with a `NETWORK` Connection type. */ connectionName?: pulumi.Input; /** * The name of the Glue database to be synchronized. */ databaseName: pulumi.Input; /** * A valid Amazon SQS ARN. * * > **Note:** `deletionBehavior` of catalog target doesn't support `DEPRECATE_IN_DATABASE`. * * > **Note:** `configuration` for catalog target crawlers will have `{ ... "Grouping": { "TableGroupingPolicy": "CombineCompatibleSchemas"} }` by default. */ dlqEventQueueArn?: pulumi.Input; /** * A valid Amazon SQS ARN. */ eventQueueArn?: pulumi.Input; /** * A list of catalog tables to be synchronized. */ tables: pulumi.Input[]>; } export interface CrawlerDeltaTarget { /** * The name of the connection to use to connect to the Delta table target. */ connectionName?: pulumi.Input; /** * Specifies whether the crawler will create native tables, to allow integration with query engines that support querying of the Delta transaction log directly. */ createNativeDeltaTable?: pulumi.Input; /** * A list of the Amazon S3 paths to the Delta tables. */ deltaTables: pulumi.Input[]>; /** * Specifies whether to write the manifest files to the Delta table path. */ writeManifest: pulumi.Input; } export interface CrawlerDynamodbTarget { /** * The name of the DynamoDB table to crawl. */ path: pulumi.Input; /** * Indicates whether to scan all the records, or to sample rows from the table. Scanning all the records can take a long time when the table is not a high throughput table. defaults to `true`. */ scanAll?: pulumi.Input; /** * The percentage of the configured read capacity units to use by the AWS Glue crawler. The valid values are null or a value between 0.1 to 1.5. */ scanRate?: pulumi.Input; } export interface CrawlerHudiTarget { /** * The name of the connection to use to connect to the Hudi target. */ connectionName?: pulumi.Input; /** * A list of glob patterns used to exclude from the crawl. */ exclusions?: pulumi.Input[]>; /** * The maximum depth of Amazon S3 paths that the crawler can traverse to discover the Hudi metadata folder in your Amazon S3 path. Used to limit the crawler run time. Valid values are between `1` and `20`. */ maximumTraversalDepth: pulumi.Input; /** * One or more Amazon S3 paths that contains Hudi metadata folders as s3://bucket/prefix. */ paths: pulumi.Input[]>; } export interface CrawlerIcebergTarget { /** * The name of the connection to use to connect to the Iceberg target. */ connectionName?: pulumi.Input; /** * A list of glob patterns used to exclude from the crawl. */ exclusions?: pulumi.Input[]>; /** * The maximum depth of Amazon S3 paths that the crawler can traverse to discover the Iceberg metadata folder in your Amazon S3 path. Used to limit the crawler run time. Valid values are between `1` and `20`. */ maximumTraversalDepth: pulumi.Input; /** * One or more Amazon S3 paths that contains Iceberg metadata folders as s3://bucket/prefix. */ paths: pulumi.Input[]>; } export interface CrawlerJdbcTarget { /** * The name of the connection to use to connect to the JDBC target. */ connectionName: pulumi.Input; /** * Specify a value of `RAWTYPES` or `COMMENTS` to enable additional metadata intable responses. `RAWTYPES` provides the native-level datatype. `COMMENTS` provides comments associated with a column or table in the database. */ enableAdditionalMetadatas?: pulumi.Input[]>; /** * A list of glob patterns used to exclude from the crawl. */ exclusions?: pulumi.Input[]>; /** * The path of the JDBC target. */ path: pulumi.Input; } export interface CrawlerLakeFormationConfiguration { /** * Required for cross account crawls. For same account crawls as the target data, this can omitted. */ accountId?: pulumi.Input; /** * Specifies whether to use Lake Formation credentials for the crawler instead of the IAM role credentials. */ useLakeFormationCredentials?: pulumi.Input; } export interface CrawlerLineageConfiguration { /** * Specifies whether data lineage is enabled for the crawler. Valid values are: `ENABLE` and `DISABLE`. Default value is `DISABLE`. */ crawlerLineageSettings?: pulumi.Input; } export interface CrawlerMongodbTarget { /** * The name of the connection to use to connect to the Amazon DocumentDB or MongoDB target. */ connectionName: pulumi.Input; /** * The path of the Amazon DocumentDB or MongoDB target (database/collection). */ path: pulumi.Input; /** * Indicates whether to scan all the records, or to sample rows from the table. Scanning all the records can take a long time when the table is not a high throughput table. Default value is `true`. */ scanAll?: pulumi.Input; } export interface CrawlerRecrawlPolicy { /** * Specifies whether to crawl the entire dataset again, crawl only folders that were added since the last crawler run, or crawl what S3 notifies the crawler of via SQS. Valid Values are: `CRAWL_EVENT_MODE`, `CRAWL_EVERYTHING` and `CRAWL_NEW_FOLDERS_ONLY`. Default value is `CRAWL_EVERYTHING`. */ recrawlBehavior?: pulumi.Input; } export interface CrawlerS3Target { /** * The name of a connection which allows crawler to access data in S3 within a VPC. */ connectionName?: pulumi.Input; /** * The ARN of the dead-letter SQS queue. */ dlqEventQueueArn?: pulumi.Input; /** * The ARN of the SQS queue to receive S3 notifications from. */ eventQueueArn?: pulumi.Input; /** * A list of glob patterns used to exclude from the crawl. */ exclusions?: pulumi.Input[]>; /** * The path to the Amazon S3 target. */ path: pulumi.Input; /** * Sets the number of files in each leaf folder to be crawled when crawling sample files in a dataset. If not set, all the files are crawled. A valid value is an integer between 1 and 249. */ sampleSize?: pulumi.Input; } export interface CrawlerSchemaChangePolicy { /** * The deletion behavior when the crawler finds a deleted object. Valid values: `LOG`, `DELETE_FROM_DATABASE`, or `DEPRECATE_IN_DATABASE`. Defaults to `DEPRECATE_IN_DATABASE`. */ deleteBehavior?: pulumi.Input; /** * The update behavior when the crawler finds a changed schema. Valid values: `LOG` or `UPDATE_IN_DATABASE`. Defaults to `UPDATE_IN_DATABASE`. */ updateBehavior?: pulumi.Input; } export interface DataCatalogEncryptionSettingsDataCatalogEncryptionSettings { /** * When connection password protection is enabled, the Data Catalog uses a customer-provided key to encrypt the password as part of CreateConnection or UpdateConnection and store it in the ENCRYPTED_PASSWORD field in the connection properties. You can enable catalog encryption or only password encryption. see Connection Password Encryption. */ connectionPasswordEncryption: pulumi.Input; /** * Specifies the encryption-at-rest configuration for the Data Catalog. see Encryption At Rest. */ encryptionAtRest: pulumi.Input; } export interface DataCatalogEncryptionSettingsDataCatalogEncryptionSettingsConnectionPasswordEncryption { /** * A KMS key ARN that is used to encrypt the connection password. If connection password protection is enabled, the caller of CreateConnection and UpdateConnection needs at least `kms:Encrypt` permission on the specified AWS KMS key, to encrypt passwords before storing them in the Data Catalog. */ awsKmsKeyId?: pulumi.Input; /** * When set to `true`, passwords remain encrypted in the responses of GetConnection and GetConnections. This encryption takes effect independently of the catalog encryption. */ returnConnectionPasswordEncrypted: pulumi.Input; } export interface DataCatalogEncryptionSettingsDataCatalogEncryptionSettingsEncryptionAtRest { /** * The encryption-at-rest mode for encrypting Data Catalog data. Valid values are `DISABLED` and `SSE-KMS`. */ catalogEncryptionMode: pulumi.Input; /** * The ARN of the AWS IAM role used for accessing encrypted Data Catalog data. */ catalogEncryptionServiceRole?: pulumi.Input; /** * The ARN of the AWS KMS key to use for encryption at rest. */ sseAwsKmsKeyId?: pulumi.Input; } export interface DataQualityRulesetTargetTable { /** * The catalog id where the AWS Glue table exists. */ catalogId?: pulumi.Input; /** * Name of the database where the AWS Glue table exists. */ databaseName: pulumi.Input; /** * Name of the AWS Glue table. */ tableName: pulumi.Input; } export interface GetScriptDagEdge { /** * ID of the node at which the edge starts. */ source: string; /** * ID of the node at which the edge ends. */ target: string; /** * Target of the edge. */ targetParameter?: string; } export interface GetScriptDagEdgeArgs { /** * ID of the node at which the edge starts. */ source: pulumi.Input; /** * ID of the node at which the edge ends. */ target: pulumi.Input; /** * Target of the edge. */ targetParameter?: pulumi.Input; } export interface GetScriptDagNode { /** * Nested configuration an argument or property of a node. Defined below. */ args: inputs.glue.GetScriptDagNodeArg[]; /** * Node identifier that is unique within the node's graph. */ id: string; /** * Line number of the node. */ lineNumber?: number; /** * Type of node this is. */ nodeType: string; } export interface GetScriptDagNodeArgs { /** * Nested configuration an argument or property of a node. Defined below. */ args: pulumi.Input[]>; /** * Node identifier that is unique within the node's graph. */ id: pulumi.Input; /** * Line number of the node. */ lineNumber?: pulumi.Input; /** * Type of node this is. */ nodeType: pulumi.Input; } export interface GetScriptDagNodeArg { /** * Name of the argument or property. */ name: string; /** * Boolean if the value is used as a parameter. Defaults to `false`. */ param?: boolean; /** * Value of the argument or property. */ value: string; } export interface GetScriptDagNodeArgArgs { /** * Name of the argument or property. */ name: pulumi.Input; /** * Boolean if the value is used as a parameter. Defaults to `false`. */ param?: pulumi.Input; /** * Value of the argument or property. */ value: pulumi.Input; } export interface JobCommand { /** * The name of the job command. Defaults to `glueetl`. Use `pythonshell` for Python Shell Job Type, `glueray` for Ray Job Type, or `gluestreaming` for Streaming Job Type. `maxCapacity` needs to be set if `pythonshell` is chosen. */ name?: pulumi.Input; /** * The Python version being used to execute a Python shell job. Allowed values are 2, 3 or 3.9. Version 3 refers to Python 3.6. */ pythonVersion?: pulumi.Input; /** * In Ray jobs, runtime is used to specify the versions of Ray, Python and additional libraries available in your environment. This field is not used in other job types. For supported runtime environment values, see [Working with Ray jobs](https://docs.aws.amazon.com/glue/latest/dg/ray-jobs-section.html#author-job-ray-runtimes) in the Glue Developer Guide. */ runtime?: pulumi.Input; /** * Specifies the S3 path to a script that executes a job. */ scriptLocation: pulumi.Input; } export interface JobExecutionProperty { /** * The maximum number of concurrent runs allowed for a job. The default is 1. */ maxConcurrentRuns?: pulumi.Input; } export interface JobNotificationProperty { /** * After a job run starts, the number of minutes to wait before sending a job run delay notification. */ notifyDelayAfter?: pulumi.Input; } export interface MLTransformInputRecordTable { /** * A unique identifier for the AWS Glue Data Catalog. */ catalogId?: pulumi.Input; /** * The name of the connection to the AWS Glue Data Catalog. */ connectionName?: pulumi.Input; /** * A database name in the AWS Glue Data Catalog. */ databaseName: pulumi.Input; /** * A table name in the AWS Glue Data Catalog. */ tableName: pulumi.Input; } export interface MLTransformParameters { /** * The parameters for the find matches algorithm. see Find Matches Parameters. */ findMatchesParameters: pulumi.Input; /** * The type of machine learning transform. For information about the types of machine learning transforms, see [Creating Machine Learning Transforms](http://docs.aws.amazon.com/glue/latest/dg/add-job-machine-learning-transform.html). */ transformType: pulumi.Input; } export interface MLTransformParametersFindMatchesParameters { /** * The value that is selected when tuning your transform for a balance between accuracy and cost. */ accuracyCostTradeOff?: pulumi.Input; /** * The value to switch on or off to force the output to match the provided labels from users. */ enforceProvidedLabels?: pulumi.Input; /** * The value selected when tuning your transform for a balance between precision and recall. */ precisionRecallTradeOff?: pulumi.Input; /** * The name of a column that uniquely identifies rows in the source table. */ primaryKeyColumnName?: pulumi.Input; } export interface MLTransformSchema { /** * The type of data in the column. */ dataType?: pulumi.Input; /** * The name you assign to this ML Transform. It must be unique in your account. */ name?: pulumi.Input; } export interface PartitionIndexPartitionIndex { /** * Name of the partition index. */ indexName?: pulumi.Input; indexStatus?: pulumi.Input; /** * Keys for the partition index. */ keys?: pulumi.Input[]>; } export interface PartitionStorageDescriptor { /** * A list of reducer grouping columns, clustering columns, and bucketing columns in the table. */ bucketColumns?: pulumi.Input[]>; /** * A list of the Columns in the table. */ columns?: pulumi.Input[]>; /** * True if the data in the table is compressed, or False if not. */ compressed?: pulumi.Input; /** * The input format: SequenceFileInputFormat (binary), or TextInputFormat, or a custom format. */ inputFormat?: pulumi.Input; /** * The physical location of the table. By default this takes the form of the warehouse location, followed by the database location in the warehouse, followed by the table name. */ location?: pulumi.Input; /** * Must be specified if the table contains any dimension columns. */ numberOfBuckets?: pulumi.Input; /** * The output format: SequenceFileOutputFormat (binary), or IgnoreKeyTextOutputFormat, or a custom format. */ outputFormat?: pulumi.Input; /** * User-supplied properties in key-value form. */ parameters?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Serialization/deserialization (SerDe) information. */ serDeInfo?: pulumi.Input; /** * Information about values that appear very frequently in a column (skewed values). */ skewedInfo?: pulumi.Input; /** * A list of Order objects specifying the sort order of each bucket in the table. */ sortColumns?: pulumi.Input[]>; /** * True if the table data is stored in subdirectories, or False if not. */ storedAsSubDirectories?: pulumi.Input; } export interface PartitionStorageDescriptorColumn { comment?: pulumi.Input; name: pulumi.Input; type?: pulumi.Input; } export interface PartitionStorageDescriptorSerDeInfo { /** * Name of the SerDe. */ name?: pulumi.Input; /** * A map of initialization parameters for the SerDe, in key-value form. */ parameters?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Usually the class that implements the SerDe. An example is: org.apache.hadoop.hive.serde2.columnar.ColumnarSerDe. */ serializationLibrary?: pulumi.Input; } export interface PartitionStorageDescriptorSkewedInfo { /** * A list of names of columns that contain skewed values. */ skewedColumnNames?: pulumi.Input[]>; /** * A list of values that appear so frequently as to be considered skewed. */ skewedColumnValueLocationMaps?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * A map of skewed values to the columns that contain them. */ skewedColumnValues?: pulumi.Input[]>; } export interface PartitionStorageDescriptorSortColumn { /** * The name of the column. */ column: pulumi.Input; /** * Indicates that the column is sorted in ascending order (== 1), or in descending order (==0). */ sortOrder: pulumi.Input; } export interface SecurityConfigurationEncryptionConfiguration { cloudwatchEncryption: pulumi.Input; jobBookmarksEncryption: pulumi.Input; /** * A `s3Encryption ` block as described below, which contains encryption configuration for S3 data. */ s3Encryption: pulumi.Input; } export interface SecurityConfigurationEncryptionConfigurationCloudwatchEncryption { /** * Encryption mode to use for CloudWatch data. Valid values: `DISABLED`, `SSE-KMS`. Default value: `DISABLED`. */ cloudwatchEncryptionMode?: pulumi.Input; /** * Amazon Resource Name (ARN) of the KMS key to be used to encrypt the data. */ kmsKeyArn?: pulumi.Input; } export interface SecurityConfigurationEncryptionConfigurationJobBookmarksEncryption { /** * Encryption mode to use for job bookmarks data. Valid values: `CSE-KMS`, `DISABLED`. Default value: `DISABLED`. */ jobBookmarksEncryptionMode?: pulumi.Input; /** * Amazon Resource Name (ARN) of the KMS key to be used to encrypt the data. */ kmsKeyArn?: pulumi.Input; } export interface SecurityConfigurationEncryptionConfigurationS3Encryption { /** * Amazon Resource Name (ARN) of the KMS key to be used to encrypt the data. */ kmsKeyArn?: pulumi.Input; /** * Encryption mode to use for S3 data. Valid values: `DISABLED`, `SSE-KMS`, `SSE-S3`. Default value: `DISABLED`. */ s3EncryptionMode?: pulumi.Input; } export interface TriggerAction { /** * Arguments to be passed to the job. You can specify arguments here that your own job-execution script consumes, as well as arguments that AWS Glue itself consumes. */ arguments?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * The name of the crawler to be executed. Conflicts with `jobName`. */ crawlerName?: pulumi.Input; /** * The name of a job to be executed. Conflicts with `crawlerName`. */ jobName?: pulumi.Input; /** * Specifies configuration properties of a job run notification. See Notification Property details below. */ notificationProperty?: pulumi.Input; /** * The name of the Security Configuration structure to be used with this action. */ securityConfiguration?: pulumi.Input; /** * The job run timeout in minutes. It overrides the timeout value of the job. */ timeout?: pulumi.Input; } export interface TriggerActionNotificationProperty { /** * After a job run starts, the number of minutes to wait before sending a job run delay notification. */ notifyDelayAfter?: pulumi.Input; } export interface TriggerEventBatchingCondition { /** * Number of events that must be received from Amazon EventBridge before EventBridge event trigger fires. */ batchSize: pulumi.Input; /** * Window of time in seconds after which EventBridge event trigger fires. Window starts when first event is received. Default value is `900`. */ batchWindow?: pulumi.Input; } export interface TriggerPredicate { /** * A list of the conditions that determine when the trigger will fire. See Conditions. */ conditions: pulumi.Input[]>; /** * How to handle multiple conditions. Defaults to `AND`. Valid values are `AND` or `ANY`. */ logical?: pulumi.Input; } export interface TriggerPredicateCondition { /** * The condition crawl state. Currently, the values supported are `RUNNING`, `SUCCEEDED`, `CANCELLED`, and `FAILED`. If this is specified, `crawlerName` must also be specified. Conflicts with `state`. */ crawlState?: pulumi.Input; /** * The name of the crawler to watch. If this is specified, `crawlState` must also be specified. Conflicts with `jobName`. */ crawlerName?: pulumi.Input; /** * The name of the job to watch. If this is specified, `state` must also be specified. Conflicts with `crawlerName`. */ jobName?: pulumi.Input; /** * A logical operator. Defaults to `EQUALS`. */ logicalOperator?: pulumi.Input; /** * The condition job state. Currently, the values supported are `SUCCEEDED`, `STOPPED`, `TIMEOUT` and `FAILED`. If this is specified, `jobName` must also be specified. Conflicts with `crawlerState`. */ state?: pulumi.Input; } export interface UserDefinedFunctionResourceUri { /** * The type of the resource. can be one of `JAR`, `FILE`, and `ARCHIVE`. */ resourceType: pulumi.Input; /** * The URI for accessing the resource. */ uri: pulumi.Input; } } export namespace grafana { export interface WorkspaceNetworkAccessControl { /** * An array of prefix list IDs. */ prefixListIds: pulumi.Input[]>; /** * An array of Amazon VPC endpoint IDs for the workspace. The only VPC endpoints that can be specified here are interface VPC endpoints for Grafana workspaces (using the com.amazonaws.[region].grafana-workspace service endpoint). Other VPC endpoints will be ignored. */ vpceIds: pulumi.Input[]>; } export interface WorkspaceVpcConfiguration { /** * The list of Amazon EC2 security group IDs attached to the Amazon VPC for your Grafana workspace to connect. */ securityGroupIds: pulumi.Input[]>; /** * The list of Amazon EC2 subnet IDs created in the Amazon VPC for your Grafana workspace to connect. */ subnetIds: pulumi.Input[]>; } } export namespace guardduty { export interface DetectorDatasources { /** * Configures [Kubernetes protection](https://docs.aws.amazon.com/guardduty/latest/ug/kubernetes-protection.html). * See Kubernetes and Kubernetes Audit Logs below for more details. */ kubernetes?: pulumi.Input; /** * Configures [Malware Protection](https://docs.aws.amazon.com/guardduty/latest/ug/malware-protection.html). * See Malware Protection, Scan EC2 instance with findings and EBS volumes below for more details. */ malwareProtection?: pulumi.Input; /** * Configures [S3 protection](https://docs.aws.amazon.com/guardduty/latest/ug/s3-protection.html). * See S3 Logs below for more details. */ s3Logs?: pulumi.Input; } export interface DetectorDatasourcesKubernetes { /** * Configures Kubernetes audit logs as a data source for [Kubernetes protection](https://docs.aws.amazon.com/guardduty/latest/ug/kubernetes-protection.html). * See Kubernetes Audit Logs below for more details. */ auditLogs: pulumi.Input; } export interface DetectorDatasourcesKubernetesAuditLogs { /** * If true, enables Kubernetes audit logs as a data source for [Kubernetes protection](https://docs.aws.amazon.com/guardduty/latest/ug/kubernetes-protection.html). * Defaults to `true`. */ enable: pulumi.Input; } export interface DetectorDatasourcesMalwareProtection { /** * Configure whether [Malware Protection](https://docs.aws.amazon.com/guardduty/latest/ug/malware-protection.html) is enabled as data source for EC2 instances with findings for the detector. * See Scan EC2 instance with findings below for more details. */ scanEc2InstanceWithFindings: pulumi.Input; } export interface DetectorDatasourcesMalwareProtectionScanEc2InstanceWithFindings { /** * Configure whether scanning EBS volumes is enabled as data source for the detector for instances with findings. * See EBS volumes below for more details. */ ebsVolumes: pulumi.Input; } export interface DetectorDatasourcesMalwareProtectionScanEc2InstanceWithFindingsEbsVolumes { /** * If true, enables [Malware Protection](https://docs.aws.amazon.com/guardduty/latest/ug/malware-protection.html) as data source for the detector. * Defaults to `true`. */ enable: pulumi.Input; } export interface DetectorDatasourcesS3Logs { /** * If true, enables [S3 protection](https://docs.aws.amazon.com/guardduty/latest/ug/s3-protection.html). * Defaults to `true`. */ enable: pulumi.Input; } export interface DetectorFeatureAdditionalConfiguration { /** * The name of the additional configuration. Refer to the [AWS Documentation](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_DetectorAdditionalConfiguration.html) for the current list of supported values. */ name: pulumi.Input; /** * The status of the additional configuration. Valid values: `ENABLED`, `DISABLED`. */ status: pulumi.Input; } export interface FilterFindingCriteria { criterions: pulumi.Input[]>; } export interface FilterFindingCriteriaCriterion { /** * List of string values to be evaluated. */ equals?: pulumi.Input[]>; /** * The name of the field to be evaluated. The full list of field names can be found in [AWS documentation](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_filter-findings.html#filter_criteria). */ field: pulumi.Input; /** * A value to be evaluated. Accepts either an integer or a date in [RFC 3339 format](https://tools.ietf.org/html/rfc3339#section-5.8). */ greaterThan?: pulumi.Input; /** * A value to be evaluated. Accepts either an integer or a date in [RFC 3339 format](https://tools.ietf.org/html/rfc3339#section-5.8). */ greaterThanOrEqual?: pulumi.Input; /** * A value to be evaluated. Accepts either an integer or a date in [RFC 3339 format](https://tools.ietf.org/html/rfc3339#section-5.8). */ lessThan?: pulumi.Input; /** * A value to be evaluated. Accepts either an integer or a date in [RFC 3339 format](https://tools.ietf.org/html/rfc3339#section-5.8). */ lessThanOrEqual?: pulumi.Input; /** * List of string values to be evaluated. */ notEquals?: pulumi.Input[]>; } export interface OrganizationConfigurationDatasources { /** * Enable Kubernetes Audit Logs Monitoring automatically for new member accounts. */ kubernetes?: pulumi.Input; /** * Enable Malware Protection automatically for new member accounts. */ malwareProtection?: pulumi.Input; /** * Enable S3 Protection automatically for new member accounts. */ s3Logs?: pulumi.Input; } export interface OrganizationConfigurationDatasourcesKubernetes { /** * Enable Kubernetes Audit Logs Monitoring automatically for new member accounts. [Kubernetes protection](https://docs.aws.amazon.com/guardduty/latest/ug/kubernetes-protection.html). * See Kubernetes Audit Logs below for more details. */ auditLogs: pulumi.Input; } export interface OrganizationConfigurationDatasourcesKubernetesAuditLogs { /** * If true, enables Kubernetes audit logs as a data source for [Kubernetes protection](https://docs.aws.amazon.com/guardduty/latest/ug/kubernetes-protection.html). * Defaults to `true`. */ enable: pulumi.Input; } export interface OrganizationConfigurationDatasourcesMalwareProtection { /** * Configure whether [Malware Protection](https://docs.aws.amazon.com/guardduty/latest/ug/malware-protection.html) for EC2 instances with findings should be auto-enabled for new members joining the organization. * See Scan EC2 instance with findings below for more details. */ scanEc2InstanceWithFindings: pulumi.Input; } export interface OrganizationConfigurationDatasourcesMalwareProtectionScanEc2InstanceWithFindings { /** * Configure whether scanning EBS volumes should be auto-enabled for new members joining the organization * See EBS volumes below for more details. */ ebsVolumes: pulumi.Input; } export interface OrganizationConfigurationDatasourcesMalwareProtectionScanEc2InstanceWithFindingsEbsVolumes { /** * If true, enables [Malware Protection](https://docs.aws.amazon.com/guardduty/latest/ug/malware-protection.html) for all new accounts joining the organization. * Defaults to `true`. */ autoEnable: pulumi.Input; } export interface OrganizationConfigurationDatasourcesS3Logs { /** * Set to `true` if you want S3 data event logs to be automatically enabled for new members of the organization. Default: `false` */ autoEnable: pulumi.Input; } export interface OrganizationConfigurationFeatureAdditionalConfiguration { /** * The status of the additional configuration that will be configured for the organization. Valid values: `NEW`, `ALL`, `NONE`. */ autoEnable: pulumi.Input; /** * The name of the additional configuration that will be configured for the organization. Valid values: `EKS_ADDON_MANAGEMENT`, `ECS_FARGATE_AGENT_MANAGEMENT`, `EC2_AGENT_MANAGEMENT`. */ name: pulumi.Input; } } export namespace iam { export interface GetPolicyDocumentStatement { /** * List of actions that this statement either allows or denies. For example, `["ec2:RunInstances", "s3:*"]`. */ actions?: string[]; /** * Configuration block for a condition. Detailed below. */ conditions?: inputs.iam.GetPolicyDocumentStatementCondition[]; /** * Whether this statement allows or denies the given actions. Valid values are `Allow` and `Deny`. Defaults to `Allow`. */ effect?: string; /** * List of actions that this statement does *not* apply to. Use to apply a policy statement to all actions *except* those listed. */ notActions?: string[]; /** * Like `principals` except these are principals that the statement does *not* apply to. */ notPrincipals?: inputs.iam.GetPolicyDocumentStatementNotPrincipal[]; /** * List of resource ARNs that this statement does *not* apply to. Use to apply a policy statement to all resources *except* those listed. Conflicts with `resources`. */ notResources?: string[]; /** * Configuration block for principals. Detailed below. */ principals?: inputs.iam.GetPolicyDocumentStatementPrincipal[]; /** * List of resource ARNs that this statement applies to. This is required by AWS if used for an IAM policy. Conflicts with `notResources`. */ resources?: string[]; /** * Sid (statement ID) is an identifier for a policy statement. */ sid?: string; } export interface GetPolicyDocumentStatementArgs { /** * List of actions that this statement either allows or denies. For example, `["ec2:RunInstances", "s3:*"]`. */ actions?: pulumi.Input[]>; /** * Configuration block for a condition. Detailed below. */ conditions?: pulumi.Input[]>; /** * Whether this statement allows or denies the given actions. Valid values are `Allow` and `Deny`. Defaults to `Allow`. */ effect?: pulumi.Input; /** * List of actions that this statement does *not* apply to. Use to apply a policy statement to all actions *except* those listed. */ notActions?: pulumi.Input[]>; /** * Like `principals` except these are principals that the statement does *not* apply to. */ notPrincipals?: pulumi.Input[]>; /** * List of resource ARNs that this statement does *not* apply to. Use to apply a policy statement to all resources *except* those listed. Conflicts with `resources`. */ notResources?: pulumi.Input[]>; /** * Configuration block for principals. Detailed below. */ principals?: pulumi.Input[]>; /** * List of resource ARNs that this statement applies to. This is required by AWS if used for an IAM policy. Conflicts with `notResources`. */ resources?: pulumi.Input[]>; /** * Sid (statement ID) is an identifier for a policy statement. */ sid?: pulumi.Input; } export interface GetPolicyDocumentStatementCondition { /** * Name of the [IAM condition operator](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html) to evaluate. */ test: string; /** * Values to evaluate the condition against. If multiple values are provided, the condition matches if at least one of them applies. That is, AWS evaluates multiple values as though using an "OR" boolean operation. */ values: string[]; /** * Name of a [Context Variable](http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements.html#AvailableKeys) to apply the condition to. Context variables may either be standard AWS variables starting with `aws:` or service-specific variables prefixed with the service name. */ variable: string; } export interface GetPolicyDocumentStatementConditionArgs { /** * Name of the [IAM condition operator](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html) to evaluate. */ test: pulumi.Input; /** * Values to evaluate the condition against. If multiple values are provided, the condition matches if at least one of them applies. That is, AWS evaluates multiple values as though using an "OR" boolean operation. */ values: pulumi.Input[]>; /** * Name of a [Context Variable](http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements.html#AvailableKeys) to apply the condition to. Context variables may either be standard AWS variables starting with `aws:` or service-specific variables prefixed with the service name. */ variable: pulumi.Input; } export interface GetPolicyDocumentStatementNotPrincipal { identifiers: string[]; type: string; } export interface GetPolicyDocumentStatementNotPrincipalArgs { identifiers: pulumi.Input[]>; type: pulumi.Input; } export interface GetPolicyDocumentStatementPrincipal { /** * List of identifiers for principals. When `type` is `AWS`, these are IAM principal ARNs, e.g., `arn:aws:iam::12345678901:role/yak-role`. When `type` is `Service`, these are AWS Service roles, e.g., `lambda.amazonaws.com`. When `type` is `Federated`, these are web identity users or SAML provider ARNs, e.g., `accounts.google.com` or `arn:aws:iam::12345678901:saml-provider/yak-saml-provider`. When `type` is `CanonicalUser`, these are [canonical user IDs](https://docs.aws.amazon.com/general/latest/gr/acct-identifiers.html#FindingCanonicalId), e.g., `79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be`. */ identifiers: string[]; /** * Type of principal. Valid values include `AWS`, `Service`, `Federated`, `CanonicalUser` and `*`. */ type: string; } export interface GetPolicyDocumentStatementPrincipalArgs { /** * List of identifiers for principals. When `type` is `AWS`, these are IAM principal ARNs, e.g., `arn:aws:iam::12345678901:role/yak-role`. When `type` is `Service`, these are AWS Service roles, e.g., `lambda.amazonaws.com`. When `type` is `Federated`, these are web identity users or SAML provider ARNs, e.g., `accounts.google.com` or `arn:aws:iam::12345678901:saml-provider/yak-saml-provider`. When `type` is `CanonicalUser`, these are [canonical user IDs](https://docs.aws.amazon.com/general/latest/gr/acct-identifiers.html#FindingCanonicalId), e.g., `79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be`. */ identifiers: pulumi.Input[]>; /** * Type of principal. Valid values include `AWS`, `Service`, `Federated`, `CanonicalUser` and `*`. */ type: pulumi.Input; } export interface GetPrincipalPolicySimulationContext { /** * The context _condition key_ to set. * * If you have policies containing `Condition` elements or using dynamic interpolations then you will need to provide suitable values for each condition key your policies use. See [Actions, resources, and condition keys for AWS services](https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html) to find the various condition keys that are normally provided for real requests to each action of each AWS service. */ key: string; /** * An IAM value type that determines how the policy simulator will interpret the strings given in `values`. * * For more information, see the `ContextKeyType` field of [`iam.ContextEntry`](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ContextEntry.html) in the underlying API. */ type: string; /** * A set of one or more values for this context entry. */ values: string[]; } export interface GetPrincipalPolicySimulationContextArgs { /** * The context _condition key_ to set. * * If you have policies containing `Condition` elements or using dynamic interpolations then you will need to provide suitable values for each condition key your policies use. See [Actions, resources, and condition keys for AWS services](https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html) to find the various condition keys that are normally provided for real requests to each action of each AWS service. */ key: pulumi.Input; /** * An IAM value type that determines how the policy simulator will interpret the strings given in `values`. * * For more information, see the `ContextKeyType` field of [`iam.ContextEntry`](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ContextEntry.html) in the underlying API. */ type: pulumi.Input; /** * A set of one or more values for this context entry. */ values: pulumi.Input[]>; } export interface RoleInlinePolicy { /** * Name of the role policy. */ name?: pulumi.Input; /** * Policy document as a JSON formatted string. */ policy?: pulumi.Input; } } export namespace identitystore { export interface GetGroupAlternateIdentifier { /** * Configuration block for filtering by the identifier issued by an external identity provider. Detailed below. */ externalId?: inputs.identitystore.GetGroupAlternateIdentifierExternalId; /** * An entity attribute that's unique to a specific entity. Detailed below. * * > Exactly one of the above arguments must be provided. */ uniqueAttribute?: inputs.identitystore.GetGroupAlternateIdentifierUniqueAttribute; } export interface GetGroupAlternateIdentifierArgs { /** * Configuration block for filtering by the identifier issued by an external identity provider. Detailed below. */ externalId?: pulumi.Input; /** * An entity attribute that's unique to a specific entity. Detailed below. * * > Exactly one of the above arguments must be provided. */ uniqueAttribute?: pulumi.Input; } export interface GetGroupAlternateIdentifierExternalId { /** * The identifier issued to this resource by an external identity provider. */ id: string; /** * The issuer for an external identifier. */ issuer: string; } export interface GetGroupAlternateIdentifierExternalIdArgs { /** * The identifier issued to this resource by an external identity provider. */ id: pulumi.Input; /** * The issuer for an external identifier. */ issuer: pulumi.Input; } export interface GetGroupAlternateIdentifierUniqueAttribute { /** * Attribute path that is used to specify which attribute name to search. For example: `DisplayName`. Refer to the [Group data type](https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_Group.html). */ attributePath: string; /** * Value for an attribute. */ attributeValue: string; } export interface GetGroupAlternateIdentifierUniqueAttributeArgs { /** * Attribute path that is used to specify which attribute name to search. For example: `DisplayName`. Refer to the [Group data type](https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_Group.html). */ attributePath: pulumi.Input; /** * Value for an attribute. */ attributeValue: pulumi.Input; } export interface GetGroupFilter { /** * Attribute path that is used to specify which attribute name to search. Currently, `DisplayName` is the only valid attribute path. */ attributePath: string; /** * Value for an attribute. */ attributeValue: string; } export interface GetGroupFilterArgs { /** * Attribute path that is used to specify which attribute name to search. Currently, `DisplayName` is the only valid attribute path. */ attributePath: pulumi.Input; /** * Value for an attribute. */ attributeValue: pulumi.Input; } export interface GetUserAlternateIdentifier { /** * Configuration block for filtering by the identifier issued by an external identity provider. Detailed below. */ externalId?: inputs.identitystore.GetUserAlternateIdentifierExternalId; /** * An entity attribute that's unique to a specific entity. Detailed below. * * > Exactly one of the above arguments must be provided. */ uniqueAttribute?: inputs.identitystore.GetUserAlternateIdentifierUniqueAttribute; } export interface GetUserAlternateIdentifierArgs { /** * Configuration block for filtering by the identifier issued by an external identity provider. Detailed below. */ externalId?: pulumi.Input; /** * An entity attribute that's unique to a specific entity. Detailed below. * * > Exactly one of the above arguments must be provided. */ uniqueAttribute?: pulumi.Input; } export interface GetUserAlternateIdentifierExternalId { /** * The identifier issued to this resource by an external identity provider. */ id: string; /** * The issuer for an external identifier. */ issuer: string; } export interface GetUserAlternateIdentifierExternalIdArgs { /** * The identifier issued to this resource by an external identity provider. */ id: pulumi.Input; /** * The issuer for an external identifier. */ issuer: pulumi.Input; } export interface GetUserAlternateIdentifierUniqueAttribute { /** * Attribute path that is used to specify which attribute name to search. For example: `UserName`. Refer to the [User data type](https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_User.html). */ attributePath: string; /** * Value for an attribute. */ attributeValue: string; } export interface GetUserAlternateIdentifierUniqueAttributeArgs { /** * Attribute path that is used to specify which attribute name to search. For example: `UserName`. Refer to the [User data type](https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_User.html). */ attributePath: pulumi.Input; /** * Value for an attribute. */ attributeValue: pulumi.Input; } export interface GetUserFilter { /** * Attribute path that is used to specify which attribute name to search. Currently, `UserName` is the only valid attribute path. */ attributePath: string; /** * Value for an attribute. */ attributeValue: string; } export interface GetUserFilterArgs { /** * Attribute path that is used to specify which attribute name to search. Currently, `UserName` is the only valid attribute path. */ attributePath: pulumi.Input; /** * Value for an attribute. */ attributeValue: pulumi.Input; } export interface GroupExternalId { /** * The identifier issued to this resource by an external identity provider. */ id?: pulumi.Input; /** * The issuer for an external identifier. */ issuer?: pulumi.Input; } export interface UserAddresses { /** * The country that this address is in. */ country?: pulumi.Input; /** * The name that is typically displayed when the address is shown for display. */ formatted?: pulumi.Input; /** * The address locality. */ locality?: pulumi.Input; /** * The postal code of the address. */ postalCode?: pulumi.Input; /** * When `true`, this is the primary address associated with the user. */ primary?: pulumi.Input; /** * The region of the address. */ region?: pulumi.Input; /** * The street of the address. */ streetAddress?: pulumi.Input; /** * The type of address. */ type?: pulumi.Input; } export interface UserEmails { /** * When `true`, this is the primary email associated with the user. */ primary?: pulumi.Input; /** * The type of email. */ type?: pulumi.Input; /** * The email address. This value must be unique across the identity store. */ value?: pulumi.Input; } export interface UserExternalId { /** * The identifier issued to this resource by an external identity provider. */ id?: pulumi.Input; /** * The issuer for an external identifier. */ issuer?: pulumi.Input; } export interface UserName { /** * The family name of the user. */ familyName: pulumi.Input; /** * The name that is typically displayed when the name is shown for display. */ formatted?: pulumi.Input; /** * The given name of the user. * * The following arguments are optional: */ givenName: pulumi.Input; /** * The honorific prefix of the user. */ honorificPrefix?: pulumi.Input; /** * The honorific suffix of the user. */ honorificSuffix?: pulumi.Input; /** * The middle name of the user. */ middleName?: pulumi.Input; } export interface UserPhoneNumbers { /** * When `true`, this is the primary phone number associated with the user. */ primary?: pulumi.Input; /** * The type of phone number. */ type?: pulumi.Input; /** * The user's phone number. */ value?: pulumi.Input; } } export namespace imagebuilder { export interface ContainerRecipeComponent { /** * Amazon Resource Name (ARN) of the Image Builder Component to associate. */ componentArn: pulumi.Input; /** * Configuration block(s) for parameters to configure the component. Detailed below. */ parameters?: pulumi.Input[]>; } export interface ContainerRecipeComponentParameter { /** * The name of the component parameter. */ name: pulumi.Input; /** * The value for the named component parameter. */ value: pulumi.Input; } export interface ContainerRecipeInstanceConfiguration { /** * Configuration block(s) with block device mappings for the container recipe. Detailed below. */ blockDeviceMappings?: pulumi.Input[]>; /** * The AMI ID to use as the base image for a container build and test instance. If not specified, Image Builder will use the appropriate ECS-optimized AMI as a base image. */ image?: pulumi.Input; } export interface ContainerRecipeInstanceConfigurationBlockDeviceMapping { /** * Name of the device. For example, `/dev/sda` or `/dev/xvdb`. */ deviceName?: pulumi.Input; /** * Configuration block with Elastic Block Storage (EBS) block device mapping settings. Detailed below. */ ebs?: pulumi.Input; /** * Set to `true` to remove a mapping from the parent image. */ noDevice?: pulumi.Input; /** * Virtual device name. For example, `ephemeral0`. Instance store volumes are numbered starting from 0. */ virtualName?: pulumi.Input; } export interface ContainerRecipeInstanceConfigurationBlockDeviceMappingEbs { /** * Whether to delete the volume on termination. Defaults to unset, which is the value inherited from the parent image. */ deleteOnTermination?: pulumi.Input; /** * Whether to encrypt the volume. Defaults to unset, which is the value inherited from the parent image. */ encrypted?: pulumi.Input; /** * Number of Input/Output (I/O) operations per second to provision for an `io1` or `io2` volume. */ iops?: pulumi.Input; /** * Amazon Resource Name (ARN) of the Key Management Service (KMS) Key for encryption. */ kmsKeyId?: pulumi.Input; /** * Identifier of the EC2 Volume Snapshot. */ snapshotId?: pulumi.Input; /** * For GP3 volumes only. The throughput in MiB/s that the volume supports. */ throughput?: pulumi.Input; /** * Size of the volume, in GiB. */ volumeSize?: pulumi.Input; /** * Type of the volume. For example, `gp2` or `io2`. */ volumeType?: pulumi.Input; } export interface ContainerRecipeTargetRepository { /** * The name of the container repository where the output container image is stored. This name is prefixed by the repository location. */ repositoryName: pulumi.Input; /** * The service in which this image is registered. Valid values: `ECR`. */ service: pulumi.Input; } export interface DistributionConfigurationDistribution { /** * Configuration block with Amazon Machine Image (AMI) distribution settings. Detailed below. */ amiDistributionConfiguration?: pulumi.Input; /** * Configuration block with container distribution settings. Detailed below. */ containerDistributionConfiguration?: pulumi.Input; /** * Set of Windows faster-launching configurations to use for AMI distribution. Detailed below. */ fastLaunchConfigurations?: pulumi.Input[]>; /** * Set of launch template configuration settings that apply to image distribution. Detailed below. */ launchTemplateConfigurations?: pulumi.Input[]>; /** * Set of Amazon Resource Names (ARNs) of License Manager License Configurations. */ licenseConfigurationArns?: pulumi.Input[]>; /** * AWS Region for the distribution. * * The following arguments are optional: */ region: pulumi.Input; } export interface DistributionConfigurationDistributionAmiDistributionConfiguration { /** * Key-value map of tags to apply to the distributed AMI. */ amiTags?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Description to apply to the distributed AMI. */ description?: pulumi.Input; /** * Amazon Resource Name (ARN) of the Key Management Service (KMS) Key to encrypt the distributed AMI. */ kmsKeyId?: pulumi.Input; /** * Configuration block of EC2 launch permissions to apply to the distributed AMI. Detailed below. */ launchPermission?: pulumi.Input; /** * Name to apply to the distributed AMI. */ name?: pulumi.Input; /** * Set of AWS Account identifiers to distribute the AMI. */ targetAccountIds?: pulumi.Input[]>; } export interface DistributionConfigurationDistributionAmiDistributionConfigurationLaunchPermission { /** * Set of AWS Organization ARNs to assign. */ organizationArns?: pulumi.Input[]>; /** * Set of AWS Organizational Unit ARNs to assign. */ organizationalUnitArns?: pulumi.Input[]>; /** * Set of EC2 launch permission user groups to assign. Use `all` to distribute a public AMI. */ userGroups?: pulumi.Input[]>; /** * Set of AWS Account identifiers to assign. */ userIds?: pulumi.Input[]>; } export interface DistributionConfigurationDistributionContainerDistributionConfiguration { /** * Set of tags that are attached to the container distribution configuration. */ containerTags?: pulumi.Input[]>; /** * Description of the container distribution configuration. */ description?: pulumi.Input; /** * Configuration block with the destination repository for the container distribution configuration. */ targetRepository: pulumi.Input; } export interface DistributionConfigurationDistributionContainerDistributionConfigurationTargetRepository { /** * The name of the container repository where the output container image is stored. This name is prefixed by the repository location. */ repositoryName: pulumi.Input; /** * The service in which this image is registered. Valid values: `ECR`. */ service: pulumi.Input; } export interface DistributionConfigurationDistributionFastLaunchConfiguration { /** * The owner account ID for the fast-launch enabled Windows AMI. */ accountId: pulumi.Input; /** * A Boolean that represents the current state of faster launching for the Windows AMI. Set to `true` to start using Windows faster launching, or `false` to stop using it. */ enabled: pulumi.Input; /** * Configuration block for the launch template that the fast-launch enabled Windows AMI uses when it launches Windows instances to create pre-provisioned snapshots. Detailed below. */ launchTemplate?: pulumi.Input; /** * The maximum number of parallel instances that are launched for creating resources. */ maxParallelLaunches?: pulumi.Input; /** * Configuration block for managing the number of snapshots that are created from pre-provisioned instances for the Windows AMI when faster launching is enabled. Detailed below. */ snapshotConfiguration?: pulumi.Input; } export interface DistributionConfigurationDistributionFastLaunchConfigurationLaunchTemplate { /** * The ID of the launch template to use for faster launching for a Windows AMI. */ launchTemplateId?: pulumi.Input; /** * The name of the launch template to use for faster launching for a Windows AMI. */ launchTemplateName?: pulumi.Input; /** * The version of the launch template to use for faster launching for a Windows AMI. */ launchTemplateVersion?: pulumi.Input; } export interface DistributionConfigurationDistributionFastLaunchConfigurationSnapshotConfiguration { /** * The number of pre-provisioned snapshots to keep on hand for a fast-launch enabled Windows AMI. */ targetResourceCount?: pulumi.Input; } export interface DistributionConfigurationDistributionLaunchTemplateConfiguration { /** * The account ID that this configuration applies to. */ accountId?: pulumi.Input; /** * Indicates whether to set the specified Amazon EC2 launch template as the default launch template. Defaults to `true`. */ default?: pulumi.Input; /** * The ID of the Amazon EC2 launch template to use. */ launchTemplateId: pulumi.Input; } export interface GetComponentsFilter { /** * Name of the filter field. Valid values can be found in the [Image Builder ListComponents API Reference](https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_ListComponents.html). */ name: string; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: string[]; } export interface GetComponentsFilterArgs { /** * Name of the filter field. Valid values can be found in the [Image Builder ListComponents API Reference](https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_ListComponents.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: pulumi.Input[]>; } export interface GetContainerRecipesFilter { /** * Name of the filter field. Valid values can be found in the [Image Builder ListContainerRecipes API Reference](https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_ListContainerRecipes.html). */ name: string; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: string[]; } export interface GetContainerRecipesFilterArgs { /** * Name of the filter field. Valid values can be found in the [Image Builder ListContainerRecipes API Reference](https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_ListContainerRecipes.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: pulumi.Input[]>; } export interface GetDistributionConfigurationsFilter { /** * Name of the filter field. Valid values can be found in the [Image Builder ListDistributionConfigurations API Reference](https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_ListDistributionConfigurations.html). */ name: string; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: string[]; } export interface GetDistributionConfigurationsFilterArgs { /** * Name of the filter field. Valid values can be found in the [Image Builder ListDistributionConfigurations API Reference](https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_ListDistributionConfigurations.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: pulumi.Input[]>; } export interface GetImagePipelinesFilter { /** * Name of the filter field. Valid values can be found in the [Image Builder ListImagePipelines API Reference](https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_ListImagePipelines.html). */ name: string; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: string[]; } export interface GetImagePipelinesFilterArgs { /** * Name of the filter field. Valid values can be found in the [Image Builder ListImagePipelines API Reference](https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_ListImagePipelines.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: pulumi.Input[]>; } export interface GetImageRecipesFilter { /** * Name of the filter field. Valid values can be found in the [Image Builder ListImageRecipes API Reference](https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_ListImageRecipes.html). */ name: string; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: string[]; } export interface GetImageRecipesFilterArgs { /** * Name of the filter field. Valid values can be found in the [Image Builder ListImageRecipes API Reference](https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_ListImageRecipes.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: pulumi.Input[]>; } export interface GetInfrastructureConfigurationsFilter { /** * Name of the filter field. Valid values can be found in the [Image Builder ListInfrastructureConfigurations API Reference](https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_ListInfrastructureConfigurations.html). */ name: string; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: string[]; } export interface GetInfrastructureConfigurationsFilterArgs { /** * Name of the filter field. Valid values can be found in the [Image Builder ListInfrastructureConfigurations API Reference](https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_ListInfrastructureConfigurations.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: pulumi.Input[]>; } export interface ImageImageScanningConfiguration { /** * Configuration block with ECR configuration. Detailed below. */ ecrConfiguration?: pulumi.Input; /** * Indicates whether Image Builder keeps a snapshot of the vulnerability scans that Amazon Inspector runs against the build instance when you create a new image. Defaults to `false`. */ imageScanningEnabled?: pulumi.Input; } export interface ImageImageScanningConfigurationEcrConfiguration { /** * Set of tags for Image Builder to apply to the output container image that that Amazon Inspector scans. */ containerTags?: pulumi.Input[]>; /** * The name of the container repository that Amazon Inspector scans to identify findings for your container images. */ repositoryName?: pulumi.Input; } export interface ImageImageTestsConfiguration { /** * Whether image tests are enabled. Defaults to `true`. */ imageTestsEnabled?: pulumi.Input; /** * Number of minutes before image tests time out. Valid values are between `60` and `1440`. Defaults to `720`. */ timeoutMinutes?: pulumi.Input; } export interface ImageOutputResource { /** * Set of objects with each Amazon Machine Image (AMI) created. */ amis?: pulumi.Input[]>; /** * Set of objects with each container image created and stored in the output repository. */ containers?: pulumi.Input[]>; } export interface ImageOutputResourceAmi { /** * Account identifier of the AMI. */ accountId?: pulumi.Input; /** * Description of the AMI. */ description?: pulumi.Input; /** * Identifier of the AMI. */ image?: pulumi.Input; /** * Name of the AMI. */ name?: pulumi.Input; /** * Region of the container image. */ region?: pulumi.Input; } export interface ImageOutputResourceContainer { /** * Set of URIs for created containers. */ imageUris?: pulumi.Input[]>; /** * Region of the container image. */ region?: pulumi.Input; } export interface ImagePipelineImageScanningConfiguration { /** * Configuration block with ECR configuration for image scanning. Detailed below. */ ecrConfiguration?: pulumi.Input; /** * Whether image scans are enabled. Defaults to `false`. */ imageScanningEnabled?: pulumi.Input; } export interface ImagePipelineImageScanningConfigurationEcrConfiguration { containerTags?: pulumi.Input[]>; /** * The name of the repository to scan */ repositoryName?: pulumi.Input; } export interface ImagePipelineImageTestsConfiguration { /** * Whether image tests are enabled. Defaults to `true`. */ imageTestsEnabled?: pulumi.Input; /** * Number of minutes before image tests time out. Valid values are between `60` and `1440`. Defaults to `720`. */ timeoutMinutes?: pulumi.Input; } export interface ImagePipelineSchedule { /** * Condition when the pipeline should trigger a new image build. Valid values are `EXPRESSION_MATCH_AND_DEPENDENCY_UPDATES_AVAILABLE` and `EXPRESSION_MATCH_ONLY`. Defaults to `EXPRESSION_MATCH_AND_DEPENDENCY_UPDATES_AVAILABLE`. */ pipelineExecutionStartCondition?: pulumi.Input; /** * Cron expression of how often the pipeline start condition is evaluated. For example, `cron(0 0 * * ? *)` is evaluated every day at midnight UTC. Configurations using the five field syntax that was previously accepted by the API, such as `cron(0 0 * * *)`, must be updated to the six field syntax. For more information, see the [Image Builder User Guide](https://docs.aws.amazon.com/imagebuilder/latest/userguide/cron-expressions.html). * * The following arguments are optional: */ scheduleExpression: pulumi.Input; /** * The timezone that applies to the scheduling expression. For example, "Etc/UTC", "America/Los_Angeles" in the [IANA timezone format](https://www.joda.org/joda-time/timezones.html). If not specified this defaults to UTC. */ timezone?: pulumi.Input; } export interface ImageRecipeBlockDeviceMapping { /** * Name of the device. For example, `/dev/sda` or `/dev/xvdb`. */ deviceName?: pulumi.Input; /** * Configuration block with Elastic Block Storage (EBS) block device mapping settings. Detailed below. */ ebs?: pulumi.Input; /** * Set to `true` to remove a mapping from the parent image. */ noDevice?: pulumi.Input; /** * Virtual device name. For example, `ephemeral0`. Instance store volumes are numbered starting from 0. */ virtualName?: pulumi.Input; } export interface ImageRecipeBlockDeviceMappingEbs { /** * Whether to delete the volume on termination. Defaults to unset, which is the value inherited from the parent image. */ deleteOnTermination?: pulumi.Input; /** * Whether to encrypt the volume. Defaults to unset, which is the value inherited from the parent image. */ encrypted?: pulumi.Input; /** * Number of Input/Output (I/O) operations per second to provision for an `io1` or `io2` volume. */ iops?: pulumi.Input; /** * Amazon Resource Name (ARN) of the Key Management Service (KMS) Key for encryption. */ kmsKeyId?: pulumi.Input; /** * Identifier of the EC2 Volume Snapshot. */ snapshotId?: pulumi.Input; /** * For GP3 volumes only. The throughput in MiB/s that the volume supports. */ throughput?: pulumi.Input; /** * Size of the volume, in GiB. */ volumeSize?: pulumi.Input; /** * Type of the volume. For example, `gp2` or `io2`. */ volumeType?: pulumi.Input; } export interface ImageRecipeComponent { /** * Amazon Resource Name (ARN) of the Image Builder Component to associate. */ componentArn: pulumi.Input; /** * Configuration block(s) for parameters to configure the component. Detailed below. */ parameters?: pulumi.Input[]>; } export interface ImageRecipeComponentParameter { /** * The name of the component parameter. */ name: pulumi.Input; /** * The value for the named component parameter. */ value: pulumi.Input; } export interface ImageRecipeSystemsManagerAgent { /** * Whether to remove the Systems Manager Agent after the image has been built. Defaults to `false`. */ uninstallAfterBuild: pulumi.Input; } export interface ImageWorkflow { /** * The action to take if the workflow fails. Must be one of `CONTINUE` or `ABORT`. */ onFailure?: pulumi.Input; /** * The parallel group in which to run a test Workflow. */ parallelGroup?: pulumi.Input; /** * Configuration block for the workflow parameters. Detailed below. */ parameters?: pulumi.Input[]>; /** * Amazon Resource Name (ARN) of the Image Builder Workflow. * * The following arguments are optional: */ workflowArn: pulumi.Input; } export interface ImageWorkflowParameter { /** * The name of the Workflow parameter. */ name: pulumi.Input; /** * The value of the Workflow parameter. */ value: pulumi.Input; } export interface InfrastructureConfigurationInstanceMetadataOptions { /** * The number of hops that an instance can traverse to reach its destonation. */ httpPutResponseHopLimit?: pulumi.Input; /** * Whether a signed token is required for instance metadata retrieval requests. Valid values: `required`, `optional`. */ httpTokens?: pulumi.Input; } export interface InfrastructureConfigurationLogging { /** * Configuration block with S3 logging settings. Detailed below. */ s3Logs: pulumi.Input; } export interface InfrastructureConfigurationLoggingS3Logs { /** * Name of the S3 Bucket. * * The following arguments are optional: */ s3BucketName: pulumi.Input; /** * Prefix to use for S3 logs. Defaults to `/`. */ s3KeyPrefix?: pulumi.Input; } } export namespace inspector { export interface AssessmentTemplateEventSubscription { event: pulumi.Input; topicArn: pulumi.Input; } } export namespace inspector2 { export interface OrganizationConfigurationAutoEnable { /** * Whether Amazon EC2 scans are automatically enabled for new members of your Amazon Inspector organization. */ ec2: pulumi.Input; /** * Whether Amazon ECR scans are automatically enabled for new members of your Amazon Inspector organization. */ ecr: pulumi.Input; /** * Whether Lambda Function scans are automatically enabled for new members of your Amazon Inspector organization. */ lambda?: pulumi.Input; /** * Whether AWS Lambda code scans are automatically enabled for new members of your Amazon Inspector organization. **Note:** Lambda code scanning requires Lambda standard scanning to be activated. Consequently, if you are setting this argument to `true`, you must also set the `lambda` argument to `true`. See [Scanning AWS Lambda functions with Amazon Inspector](https://docs.aws.amazon.com/inspector/latest/user/scanning-lambda.html#lambda-code-scans) for more information. */ lambdaCode?: pulumi.Input; } } export namespace iot { export interface BillingGroupMetadata { creationDate?: pulumi.Input; } export interface BillingGroupProperties { /** * A description of the Billing Group. */ description?: pulumi.Input; } export interface CaCertificateRegistrationConfig { /** * The ARN of the role. */ roleArn?: pulumi.Input; /** * The template body. */ templateBody?: pulumi.Input; /** * The name of the provisioning template. */ templateName?: pulumi.Input; } export interface CaCertificateValidity { /** * The certificate is not valid after this date. */ notAfter?: pulumi.Input; /** * The certificate is not valid before this date. */ notBefore?: pulumi.Input; } export interface DomainConfigurationAuthorizerConfig { /** * A Boolean that specifies whether the domain configuration's authorization service can be overridden. */ allowAuthorizerOverride?: pulumi.Input; /** * The name of the authorization service for a domain configuration. */ defaultAuthorizerName?: pulumi.Input; } export interface DomainConfigurationTlsConfig { /** * The security policy for a domain configuration. */ securityPolicy?: pulumi.Input; } export interface IndexingConfigurationThingGroupIndexingConfiguration { /** * A list of thing group fields to index. This list cannot contain any managed fields. See below. */ customFields?: pulumi.Input[]>; /** * Contains fields that are indexed and whose types are already known by the Fleet Indexing service. See below. */ managedFields?: pulumi.Input[]>; /** * Thing group indexing mode. Valid values: `OFF`, `ON`. */ thingGroupIndexingMode: pulumi.Input; } export interface IndexingConfigurationThingGroupIndexingConfigurationCustomField { /** * The name of the field. */ name?: pulumi.Input; /** * The data type of the field. Valid values: `Number`, `String`, `Boolean`. */ type?: pulumi.Input; } export interface IndexingConfigurationThingGroupIndexingConfigurationManagedField { /** * The name of the field. */ name?: pulumi.Input; /** * The data type of the field. Valid values: `Number`, `String`, `Boolean`. */ type?: pulumi.Input; } export interface IndexingConfigurationThingIndexingConfiguration { /** * Contains custom field names and their data type. See below. */ customFields?: pulumi.Input[]>; /** * Device Defender indexing mode. Valid values: `VIOLATIONS`, `OFF`. Default: `OFF`. */ deviceDefenderIndexingMode?: pulumi.Input; /** * Required if `namedShadowIndexingMode` is `ON`. Enables to add named shadows filtered by `filter` to fleet indexing configuration. */ filter?: pulumi.Input; /** * Contains fields that are indexed and whose types are already known by the Fleet Indexing service. See below. */ managedFields?: pulumi.Input[]>; /** * [Named shadow](https://docs.aws.amazon.com/iot/latest/developerguide/iot-device-shadows.html) indexing mode. Valid values: `ON`, `OFF`. Default: `OFF`. */ namedShadowIndexingMode?: pulumi.Input; /** * Thing connectivity indexing mode. Valid values: `STATUS`, `OFF`. Default: `OFF`. */ thingConnectivityIndexingMode?: pulumi.Input; /** * Thing indexing mode. Valid values: `REGISTRY`, `REGISTRY_AND_SHADOW`, `OFF`. */ thingIndexingMode: pulumi.Input; } export interface IndexingConfigurationThingIndexingConfigurationCustomField { /** * The name of the field. */ name?: pulumi.Input; /** * The data type of the field. Valid values: `Number`, `String`, `Boolean`. */ type?: pulumi.Input; } export interface IndexingConfigurationThingIndexingConfigurationFilter { /** * List of shadow names that you select to index. */ namedShadowNames?: pulumi.Input[]>; } export interface IndexingConfigurationThingIndexingConfigurationManagedField { /** * The name of the field. */ name?: pulumi.Input; /** * The data type of the field. Valid values: `Number`, `String`, `Boolean`. */ type?: pulumi.Input; } export interface ProvisioningTemplatePreProvisioningHook { /** * The version of the payload that was sent to the target function. The only valid (and the default) payload version is `"2020-04-01"`. */ payloadVersion?: pulumi.Input; /** * The ARN of the target function. */ targetArn: pulumi.Input; } export interface ThingGroupMetadata { creationDate?: pulumi.Input; /** * The name of the parent Thing Group. */ parentGroupName?: pulumi.Input; rootToParentGroups?: pulumi.Input[]>; } export interface ThingGroupMetadataRootToParentGroup { groupArn?: pulumi.Input; groupName?: pulumi.Input; } export interface ThingGroupProperties { /** * The Thing Group attributes. Defined below. */ attributePayload?: pulumi.Input; /** * A description of the Thing Group. */ description?: pulumi.Input; } export interface ThingGroupPropertiesAttributePayload { /** * Key-value map. */ attributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface ThingTypeProperties { /** * The description of the thing type. */ description?: pulumi.Input; /** * A list of searchable thing attribute names. */ searchableAttributes?: pulumi.Input[]>; } export interface TopicRuleCloudwatchAlarm { /** * The CloudWatch alarm name. */ alarmName: pulumi.Input; /** * The IAM role ARN that allows access to the CloudWatch alarm. */ roleArn: pulumi.Input; /** * The reason for the alarm change. */ stateReason: pulumi.Input; /** * The value of the alarm state. Acceptable values are: OK, ALARM, INSUFFICIENT_DATA. */ stateValue: pulumi.Input; } export interface TopicRuleCloudwatchLog { /** * The CloudWatch log group name. */ logGroupName: pulumi.Input; /** * The IAM role ARN that allows access to the CloudWatch alarm. */ roleArn: pulumi.Input; } export interface TopicRuleCloudwatchMetric { /** * The CloudWatch metric name. */ metricName: pulumi.Input; /** * The CloudWatch metric namespace name. */ metricNamespace: pulumi.Input; /** * An optional Unix timestamp (http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/cloudwatch_concepts.html#about_timestamp). */ metricTimestamp?: pulumi.Input; /** * The metric unit (supported units can be found here: http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/cloudwatch_concepts.html#Unit) */ metricUnit: pulumi.Input; /** * The CloudWatch metric value. */ metricValue: pulumi.Input; /** * The IAM role ARN that allows access to the CloudWatch metric. */ roleArn: pulumi.Input; } export interface TopicRuleDestinationVpcConfiguration { /** * The ARN of a role that has permission to create and attach to elastic network interfaces (ENIs). */ roleArn: pulumi.Input; /** * The security groups of the VPC destination. */ securityGroups?: pulumi.Input[]>; /** * The subnet IDs of the VPC destination. */ subnetIds: pulumi.Input[]>; /** * The ID of the VPC. */ vpcId: pulumi.Input; } export interface TopicRuleDynamodb { /** * The hash key name. */ hashKeyField: pulumi.Input; /** * The hash key type. Valid values are "STRING" or "NUMBER". */ hashKeyType?: pulumi.Input; /** * The hash key value. */ hashKeyValue: pulumi.Input; /** * The operation. Valid values are "INSERT", "UPDATE", or "DELETE". */ operation?: pulumi.Input; /** * The action payload. */ payloadField?: pulumi.Input; /** * The range key name. */ rangeKeyField?: pulumi.Input; /** * The range key type. Valid values are "STRING" or "NUMBER". */ rangeKeyType?: pulumi.Input; /** * The range key value. */ rangeKeyValue?: pulumi.Input; /** * The ARN of the IAM role that grants access to the DynamoDB table. */ roleArn: pulumi.Input; /** * The name of the DynamoDB table. */ tableName: pulumi.Input; } export interface TopicRuleDynamodbv2 { /** * Configuration block with DynamoDB Table to which the message will be written. Nested arguments below. */ putItem?: pulumi.Input; /** * The ARN of the IAM role that grants access to the DynamoDB table. */ roleArn: pulumi.Input; } export interface TopicRuleDynamodbv2PutItem { /** * The name of the DynamoDB table. */ tableName: pulumi.Input; } export interface TopicRuleElasticsearch { /** * The endpoint of your Elasticsearch domain. */ endpoint: pulumi.Input; /** * The unique identifier for the document you are storing. */ id: pulumi.Input; /** * The Elasticsearch index where you want to store your data. */ index: pulumi.Input; /** * The IAM role ARN that has access to Elasticsearch. */ roleArn: pulumi.Input; /** * The type of document you are storing. */ type: pulumi.Input; } export interface TopicRuleErrorAction { cloudwatchAlarm?: pulumi.Input; cloudwatchLogs?: pulumi.Input; cloudwatchMetric?: pulumi.Input; dynamodb?: pulumi.Input; dynamodbv2?: pulumi.Input; elasticsearch?: pulumi.Input; firehose?: pulumi.Input; http?: pulumi.Input; iotAnalytics?: pulumi.Input; iotEvents?: pulumi.Input; kafka?: pulumi.Input; kinesis?: pulumi.Input; lambda?: pulumi.Input; republish?: pulumi.Input; s3?: pulumi.Input; sns?: pulumi.Input; sqs?: pulumi.Input; stepFunctions?: pulumi.Input; timestream?: pulumi.Input; } export interface TopicRuleErrorActionCloudwatchAlarm { /** * The CloudWatch alarm name. */ alarmName: pulumi.Input; /** * The IAM role ARN that allows access to the CloudWatch alarm. */ roleArn: pulumi.Input; /** * The reason for the alarm change. */ stateReason: pulumi.Input; /** * The value of the alarm state. Acceptable values are: OK, ALARM, INSUFFICIENT_DATA. */ stateValue: pulumi.Input; } export interface TopicRuleErrorActionCloudwatchLogs { /** * The CloudWatch log group name. */ logGroupName: pulumi.Input; /** * The IAM role ARN that allows access to the CloudWatch alarm. */ roleArn: pulumi.Input; } export interface TopicRuleErrorActionCloudwatchMetric { /** * The CloudWatch metric name. */ metricName: pulumi.Input; /** * The CloudWatch metric namespace name. */ metricNamespace: pulumi.Input; /** * An optional Unix timestamp (http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/cloudwatch_concepts.html#about_timestamp). */ metricTimestamp?: pulumi.Input; /** * The metric unit (supported units can be found here: http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/cloudwatch_concepts.html#Unit) */ metricUnit: pulumi.Input; /** * The CloudWatch metric value. */ metricValue: pulumi.Input; /** * The IAM role ARN that allows access to the CloudWatch metric. */ roleArn: pulumi.Input; } export interface TopicRuleErrorActionDynamodb { /** * The hash key name. */ hashKeyField: pulumi.Input; /** * The hash key type. Valid values are "STRING" or "NUMBER". */ hashKeyType?: pulumi.Input; /** * The hash key value. */ hashKeyValue: pulumi.Input; /** * The operation. Valid values are "INSERT", "UPDATE", or "DELETE". */ operation?: pulumi.Input; /** * The action payload. */ payloadField?: pulumi.Input; /** * The range key name. */ rangeKeyField?: pulumi.Input; /** * The range key type. Valid values are "STRING" or "NUMBER". */ rangeKeyType?: pulumi.Input; /** * The range key value. */ rangeKeyValue?: pulumi.Input; /** * The ARN of the IAM role that grants access to the DynamoDB table. */ roleArn: pulumi.Input; /** * The name of the DynamoDB table. */ tableName: pulumi.Input; } export interface TopicRuleErrorActionDynamodbv2 { /** * Configuration block with DynamoDB Table to which the message will be written. Nested arguments below. */ putItem?: pulumi.Input; /** * The ARN of the IAM role that grants access to the DynamoDB table. */ roleArn: pulumi.Input; } export interface TopicRuleErrorActionDynamodbv2PutItem { /** * The name of the DynamoDB table. */ tableName: pulumi.Input; } export interface TopicRuleErrorActionElasticsearch { /** * The endpoint of your Elasticsearch domain. */ endpoint: pulumi.Input; /** * The unique identifier for the document you are storing. */ id: pulumi.Input; /** * The Elasticsearch index where you want to store your data. */ index: pulumi.Input; /** * The IAM role ARN that has access to Elasticsearch. */ roleArn: pulumi.Input; /** * The type of document you are storing. */ type: pulumi.Input; } export interface TopicRuleErrorActionFirehose { /** * The payload that contains a JSON array of records will be sent to Kinesis Firehose via a batch call. */ batchMode?: pulumi.Input; /** * The delivery stream name. */ deliveryStreamName: pulumi.Input; /** * The IAM role ARN that grants access to the Amazon Kinesis Firehose stream. */ roleArn: pulumi.Input; /** * A character separator that is used to separate records written to the Firehose stream. Valid values are: '\n' (newline), '\t' (tab), '\r\n' (Windows newline), ',' (comma). */ separator?: pulumi.Input; } export interface TopicRuleErrorActionHttp { /** * The HTTPS URL used to verify ownership of `url`. */ confirmationUrl?: pulumi.Input; /** * Custom HTTP header IoT Core should send. It is possible to define more than one custom header. */ httpHeaders?: pulumi.Input[]>; /** * The HTTPS URL. */ url: pulumi.Input; } export interface TopicRuleErrorActionHttpHttpHeader { /** * The name of the HTTP header. */ key: pulumi.Input; /** * The value of the HTTP header. */ value: pulumi.Input; } export interface TopicRuleErrorActionIotAnalytics { /** * The payload that contains a JSON array of records will be sent to IoT Analytics via a batch call. */ batchMode?: pulumi.Input; /** * Name of AWS IOT Analytics channel. */ channelName: pulumi.Input; /** * The ARN of the IAM role that grants access. */ roleArn: pulumi.Input; } export interface TopicRuleErrorActionIotEvents { /** * The payload that contains a JSON array of records will be sent to IoT Events via a batch call. */ batchMode?: pulumi.Input; /** * The name of the AWS IoT Events input. */ inputName: pulumi.Input; /** * Use this to ensure that only one input (message) with a given messageId is processed by an AWS IoT Events detector. */ messageId?: pulumi.Input; /** * The ARN of the IAM role that grants access. */ roleArn: pulumi.Input; } export interface TopicRuleErrorActionKafka { /** * Properties of the Apache Kafka producer client. For more info, see the [AWS documentation](https://docs.aws.amazon.com/iot/latest/developerguide/apache-kafka-rule-action.html). */ clientProperties: pulumi.Input<{[key: string]: pulumi.Input}>; /** * The ARN of Kafka action's VPC `aws.iot.TopicRuleDestination`. */ destinationArn: pulumi.Input; /** * The list of Kafka headers that you specify. Nested arguments below. */ headers?: pulumi.Input[]>; /** * The Kafka message key. */ key?: pulumi.Input; /** * The Kafka message partition. */ partition?: pulumi.Input; /** * The Kafka topic for messages to be sent to the Kafka broker. */ topic: pulumi.Input; } export interface TopicRuleErrorActionKafkaHeader { /** * The key of the Kafka header. */ key: pulumi.Input; /** * The value of the Kafka header. */ value: pulumi.Input; } export interface TopicRuleErrorActionKinesis { /** * The partition key. */ partitionKey?: pulumi.Input; /** * The ARN of the IAM role that grants access to the Amazon Kinesis stream. */ roleArn: pulumi.Input; /** * The name of the Amazon Kinesis stream. */ streamName: pulumi.Input; } export interface TopicRuleErrorActionLambda { /** * The ARN of the Lambda function. */ functionArn: pulumi.Input; } export interface TopicRuleErrorActionRepublish { /** * The Quality of Service (QoS) level to use when republishing messages. Valid values are 0 or 1. The default value is 0. */ qos?: pulumi.Input; /** * The ARN of the IAM role that grants access. */ roleArn: pulumi.Input; /** * The name of the MQTT topic the message should be republished to. */ topic: pulumi.Input; } export interface TopicRuleErrorActionS3 { /** * The Amazon S3 bucket name. */ bucketName: pulumi.Input; /** * The Amazon S3 canned ACL that controls access to the object identified by the object key. [Valid values](https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#canned-acl). */ cannedAcl?: pulumi.Input; /** * The object key. */ key: pulumi.Input; /** * The ARN of the IAM role that grants access. */ roleArn: pulumi.Input; } export interface TopicRuleErrorActionSns { /** * The message format of the message to publish. Accepted values are "JSON" and "RAW". */ messageFormat?: pulumi.Input; /** * The ARN of the IAM role that grants access. */ roleArn: pulumi.Input; /** * The ARN of the SNS topic. */ targetArn: pulumi.Input; } export interface TopicRuleErrorActionSqs { /** * The URL of the Amazon SQS queue. */ queueUrl: pulumi.Input; /** * The ARN of the IAM role that grants access. */ roleArn: pulumi.Input; /** * Specifies whether to use Base64 encoding. */ useBase64: pulumi.Input; } export interface TopicRuleErrorActionStepFunctions { /** * The prefix used to generate, along with a UUID, the unique state machine execution name. */ executionNamePrefix?: pulumi.Input; /** * The ARN of the IAM role that grants access to start execution of the state machine. */ roleArn: pulumi.Input; /** * The name of the Step Functions state machine whose execution will be started. */ stateMachineName: pulumi.Input; } export interface TopicRuleErrorActionTimestream { /** * The name of an Amazon Timestream database. */ databaseName: pulumi.Input; /** * Configuration blocks with metadata attributes of the time series that are written in each measure record. Nested arguments below. */ dimensions: pulumi.Input[]>; /** * The ARN of the role that grants permission to write to the Amazon Timestream database table. */ roleArn: pulumi.Input; /** * The name of the database table into which to write the measure records. */ tableName: pulumi.Input; /** * Configuration block specifying an application-defined value to replace the default value assigned to the Timestream record's timestamp in the time column. Nested arguments below. */ timestamp?: pulumi.Input; } export interface TopicRuleErrorActionTimestreamDimension { /** * The metadata dimension name. This is the name of the column in the Amazon Timestream database table record. */ name: pulumi.Input; /** * The value to write in this column of the database record. */ value: pulumi.Input; } export interface TopicRuleErrorActionTimestreamTimestamp { /** * The precision of the timestamp value that results from the expression described in value. Valid values: `SECONDS`, `MILLISECONDS`, `MICROSECONDS`, `NANOSECONDS`. */ unit: pulumi.Input; /** * An expression that returns a long epoch time value. */ value: pulumi.Input; } export interface TopicRuleFirehose { /** * The payload that contains a JSON array of records will be sent to Kinesis Firehose via a batch call. */ batchMode?: pulumi.Input; /** * The delivery stream name. */ deliveryStreamName: pulumi.Input; /** * The IAM role ARN that grants access to the Amazon Kinesis Firehose stream. */ roleArn: pulumi.Input; /** * A character separator that is used to separate records written to the Firehose stream. Valid values are: '\n' (newline), '\t' (tab), '\r\n' (Windows newline), ',' (comma). */ separator?: pulumi.Input; } export interface TopicRuleHttp { /** * The HTTPS URL used to verify ownership of `url`. */ confirmationUrl?: pulumi.Input; /** * Custom HTTP header IoT Core should send. It is possible to define more than one custom header. */ httpHeaders?: pulumi.Input[]>; /** * The HTTPS URL. */ url: pulumi.Input; } export interface TopicRuleHttpHttpHeader { /** * The name of the HTTP header. */ key: pulumi.Input; /** * The value of the HTTP header. */ value: pulumi.Input; } export interface TopicRuleIotAnalytic { /** * The payload that contains a JSON array of records will be sent to IoT Analytics via a batch call. */ batchMode?: pulumi.Input; /** * Name of AWS IOT Analytics channel. */ channelName: pulumi.Input; /** * The ARN of the IAM role that grants access. */ roleArn: pulumi.Input; } export interface TopicRuleIotEvent { /** * The payload that contains a JSON array of records will be sent to IoT Events via a batch call. */ batchMode?: pulumi.Input; /** * The name of the AWS IoT Events input. */ inputName: pulumi.Input; /** * Use this to ensure that only one input (message) with a given messageId is processed by an AWS IoT Events detector. */ messageId?: pulumi.Input; /** * The ARN of the IAM role that grants access. */ roleArn: pulumi.Input; } export interface TopicRuleKafka { /** * Properties of the Apache Kafka producer client. For more info, see the [AWS documentation](https://docs.aws.amazon.com/iot/latest/developerguide/apache-kafka-rule-action.html). */ clientProperties: pulumi.Input<{[key: string]: pulumi.Input}>; /** * The ARN of Kafka action's VPC `aws.iot.TopicRuleDestination`. */ destinationArn: pulumi.Input; /** * The list of Kafka headers that you specify. Nested arguments below. */ headers?: pulumi.Input[]>; /** * The Kafka message key. */ key?: pulumi.Input; /** * The Kafka message partition. */ partition?: pulumi.Input; /** * The Kafka topic for messages to be sent to the Kafka broker. */ topic: pulumi.Input; } export interface TopicRuleKafkaHeader { /** * The key of the Kafka header. */ key: pulumi.Input; /** * The value of the Kafka header. */ value: pulumi.Input; } export interface TopicRuleKinesis { /** * The partition key. */ partitionKey?: pulumi.Input; /** * The ARN of the IAM role that grants access to the Amazon Kinesis stream. */ roleArn: pulumi.Input; /** * The name of the Amazon Kinesis stream. */ streamName: pulumi.Input; } export interface TopicRuleLambda { /** * The ARN of the Lambda function. */ functionArn: pulumi.Input; } export interface TopicRuleRepublish { /** * The Quality of Service (QoS) level to use when republishing messages. Valid values are 0 or 1. The default value is 0. */ qos?: pulumi.Input; /** * The ARN of the IAM role that grants access. */ roleArn: pulumi.Input; /** * The name of the MQTT topic the message should be republished to. */ topic: pulumi.Input; } export interface TopicRuleS3 { /** * The Amazon S3 bucket name. */ bucketName: pulumi.Input; /** * The Amazon S3 canned ACL that controls access to the object identified by the object key. [Valid values](https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#canned-acl). */ cannedAcl?: pulumi.Input; /** * The object key. */ key: pulumi.Input; /** * The ARN of the IAM role that grants access. */ roleArn: pulumi.Input; } export interface TopicRuleSns { /** * The message format of the message to publish. Accepted values are "JSON" and "RAW". */ messageFormat?: pulumi.Input; /** * The ARN of the IAM role that grants access. */ roleArn: pulumi.Input; /** * The ARN of the SNS topic. */ targetArn: pulumi.Input; } export interface TopicRuleSqs { /** * The URL of the Amazon SQS queue. */ queueUrl: pulumi.Input; /** * The ARN of the IAM role that grants access. */ roleArn: pulumi.Input; /** * Specifies whether to use Base64 encoding. */ useBase64: pulumi.Input; } export interface TopicRuleStepFunction { /** * The prefix used to generate, along with a UUID, the unique state machine execution name. */ executionNamePrefix?: pulumi.Input; /** * The ARN of the IAM role that grants access to start execution of the state machine. */ roleArn: pulumi.Input; /** * The name of the Step Functions state machine whose execution will be started. */ stateMachineName: pulumi.Input; } export interface TopicRuleTimestream { /** * The name of an Amazon Timestream database. */ databaseName: pulumi.Input; /** * Configuration blocks with metadata attributes of the time series that are written in each measure record. Nested arguments below. */ dimensions: pulumi.Input[]>; /** * The ARN of the role that grants permission to write to the Amazon Timestream database table. */ roleArn: pulumi.Input; /** * The name of the database table into which to write the measure records. */ tableName: pulumi.Input; /** * Configuration block specifying an application-defined value to replace the default value assigned to the Timestream record's timestamp in the time column. Nested arguments below. */ timestamp?: pulumi.Input; } export interface TopicRuleTimestreamDimension { /** * The metadata dimension name. This is the name of the column in the Amazon Timestream database table record. */ name: pulumi.Input; /** * The value to write in this column of the database record. */ value: pulumi.Input; } export interface TopicRuleTimestreamTimestamp { /** * The precision of the timestamp value that results from the expression described in value. Valid values: `SECONDS`, `MILLISECONDS`, `MICROSECONDS`, `NANOSECONDS`. */ unit: pulumi.Input; /** * An expression that returns a long epoch time value. */ value: pulumi.Input; } } export namespace ivs { export interface RecordingConfigurationDestinationConfiguration { /** * S3 destination configuration where recorded videos will be stored. */ s3: pulumi.Input; } export interface RecordingConfigurationDestinationConfigurationS3 { bucketName: pulumi.Input; } export interface RecordingConfigurationThumbnailConfiguration { /** * Thumbnail recording mode. Valid values: `DISABLED`, `INTERVAL`. */ recordingMode?: pulumi.Input; /** * The targeted thumbnail-generation interval in seconds. */ targetIntervalSeconds?: pulumi.Input; } } export namespace ivschat { export interface LoggingConfigurationDestinationConfiguration { /** * An Amazon CloudWatch Logs destination configuration where chat activity will be logged. */ cloudwatchLogs?: pulumi.Input; /** * An Amazon Kinesis Data Firehose destination configuration where chat activity will be logged. */ firehose?: pulumi.Input; /** * An Amazon S3 destination configuration where chat activity will be logged. */ s3?: pulumi.Input; } export interface LoggingConfigurationDestinationConfigurationCloudwatchLogs { logGroupName: pulumi.Input; } export interface LoggingConfigurationDestinationConfigurationFirehose { deliveryStreamName: pulumi.Input; } export interface LoggingConfigurationDestinationConfigurationS3 { bucketName: pulumi.Input; } export interface RoomMessageReviewHandler { /** * The fallback behavior (whether the message * is allowed or denied) if the handler does not return a valid response, * encounters an error, or times out. Valid values: `ALLOW`, `DENY`. */ fallbackResult?: pulumi.Input; /** * ARN of the lambda message review handler function. */ uri?: pulumi.Input; } } export namespace kendra { export interface DataSourceConfiguration { /** * A block that provides the configuration information to connect to an Amazon S3 bucket as your data source. Detailed below. */ s3Configuration?: pulumi.Input; /** * A block that provides the configuration information required for Amazon Kendra Web Crawler. Detailed below. */ webCrawlerConfiguration?: pulumi.Input; } export interface DataSourceConfigurationS3Configuration { /** * A block that provides the path to the S3 bucket that contains the user context filtering files for the data source. For the format of the file, see [Access control for S3 data sources](https://docs.aws.amazon.com/kendra/latest/dg/s3-acl.html). Detailed below. */ accessControlListConfiguration?: pulumi.Input; /** * The name of the bucket that contains the documents. */ bucketName: pulumi.Input; /** * A block that defines the Document metadata files that contain information such as the document access control information, source URI, document author, and custom attributes. Each metadata file contains metadata about a single document. Detailed below. */ documentsMetadataConfiguration?: pulumi.Input; /** * A list of glob patterns for documents that should not be indexed. If a document that matches an inclusion prefix or inclusion pattern also matches an exclusion pattern, the document is not indexed. Refer to [Exclusion Patterns for more examples](https://docs.aws.amazon.com/kendra/latest/dg/API_S3DataSourceConfiguration.html#Kendra-Type-S3DataSourceConfiguration-ExclusionPatterns). */ exclusionPatterns?: pulumi.Input[]>; /** * A list of glob patterns for documents that should be indexed. If a document that matches an inclusion pattern also matches an exclusion pattern, the document is not indexed. Refer to [Inclusion Patterns for more examples](https://docs.aws.amazon.com/kendra/latest/dg/API_S3DataSourceConfiguration.html#Kendra-Type-S3DataSourceConfiguration-InclusionPatterns). */ inclusionPatterns?: pulumi.Input[]>; /** * A list of S3 prefixes for the documents that should be included in the index. */ inclusionPrefixes?: pulumi.Input[]>; } export interface DataSourceConfigurationS3ConfigurationAccessControlListConfiguration { /** * Path to the AWS S3 bucket that contains the ACL files. */ keyPath?: pulumi.Input; } export interface DataSourceConfigurationS3ConfigurationDocumentsMetadataConfiguration { /** * A prefix used to filter metadata configuration files in the AWS S3 bucket. The S3 bucket might contain multiple metadata files. Use `s3Prefix` to include only the desired metadata files. */ s3Prefix?: pulumi.Input; } export interface DataSourceConfigurationWebCrawlerConfiguration { /** * A block with the configuration information required to connect to websites using authentication. You can connect to websites using basic authentication of user name and password. You use a secret in AWS Secrets Manager to store your authentication credentials. You must provide the website host name and port number. For example, the host name of `https://a.example.com/page1.html` is `"a.example.com"` and the port is `443`, the standard port for HTTPS. Detailed below. */ authenticationConfiguration?: pulumi.Input; /** * Specifies the number of levels in a website that you want to crawl. The first level begins from the website seed or starting point URL. For example, if a website has 3 levels – index level (i.e. seed in this example), sections level, and subsections level – and you are only interested in crawling information up to the sections level (i.e. levels 0-1), you can set your depth to 1. The default crawl depth is set to `2`. Minimum value of `0`. Maximum value of `10`. */ crawlDepth?: pulumi.Input; /** * The maximum size (in MB) of a webpage or attachment to crawl. Files larger than this size (in MB) are skipped/not crawled. The default maximum size of a webpage or attachment is set to `50` MB. Minimum value of `1.0e-06`. Maximum value of `50`. */ maxContentSizePerPageInMegaBytes?: pulumi.Input; /** * The maximum number of URLs on a webpage to include when crawling a website. This number is per webpage. As a website’s webpages are crawled, any URLs the webpages link to are also crawled. URLs on a webpage are crawled in order of appearance. The default maximum links per page is `100`. Minimum value of `1`. Maximum value of `1000`. */ maxLinksPerPage?: pulumi.Input; /** * The maximum number of URLs crawled per website host per minute. The default maximum number of URLs crawled per website host per minute is `300`. Minimum value of `1`. Maximum value of `300`. */ maxUrlsPerMinuteCrawlRate?: pulumi.Input; /** * Configuration information required to connect to your internal websites via a web proxy. You must provide the website host name and port number. For example, the host name of `https://a.example.com/page1.html` is `"a.example.com"` and the port is `443`, the standard port for HTTPS. Web proxy credentials are optional and you can use them to connect to a web proxy server that requires basic authentication. To store web proxy credentials, you use a secret in [AWS Secrets Manager](https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html). Detailed below. */ proxyConfiguration?: pulumi.Input; /** * A list of regular expression patterns to exclude certain URLs to crawl. URLs that match the patterns are excluded from the index. URLs that don't match the patterns are included in the index. If a URL matches both an inclusion and exclusion pattern, the exclusion pattern takes precedence and the URL file isn't included in the index. Array Members: Minimum number of `0` items. Maximum number of `100` items. Length Constraints: Minimum length of `1`. Maximum length of `150`. */ urlExclusionPatterns?: pulumi.Input[]>; /** * A list of regular expression patterns to include certain URLs to crawl. URLs that match the patterns are included in the index. URLs that don't match the patterns are excluded from the index. If a URL matches both an inclusion and exclusion pattern, the exclusion pattern takes precedence and the URL file isn't included in the index. Array Members: Minimum number of `0` items. Maximum number of `100` items. Length Constraints: Minimum length of `1`. Maximum length of `150`. */ urlInclusionPatterns?: pulumi.Input[]>; /** * A block that specifies the seed or starting point URLs of the websites or the sitemap URLs of the websites you want to crawl. You can include website subdomains. You can list up to `100` seed URLs and up to `3` sitemap URLs. You can only crawl websites that use the secure communication protocol, Hypertext Transfer Protocol Secure (HTTPS). If you receive an error when crawling a website, it could be that the website is blocked from crawling. When selecting websites to index, you must adhere to the [Amazon Acceptable Use Policy](https://aws.amazon.com/aup/) and all other Amazon terms. Remember that you must only use Amazon Kendra Web Crawler to index your own webpages, or webpages that you have authorization to index. Detailed below. */ urls: pulumi.Input; } export interface DataSourceConfigurationWebCrawlerConfigurationAuthenticationConfiguration { /** * The list of configuration information that's required to connect to and crawl a website host using basic authentication credentials. The list includes the name and port number of the website host. Detailed below. */ basicAuthentications?: pulumi.Input[]>; } export interface DataSourceConfigurationWebCrawlerConfigurationAuthenticationConfigurationBasicAuthentication { /** * Your secret ARN, which you can create in AWS Secrets Manager. You use a secret if basic authentication credentials are required to connect to a website. The secret stores your credentials of user name and password. */ credentials: pulumi.Input; /** * The name of the website host you want to connect to using authentication credentials. For example, the host name of `https://a.example.com/page1.html` is `"a.example.com"`. */ host: pulumi.Input; /** * The port number of the website host you want to connect to using authentication credentials. For example, the port for `https://a.example.com/page1.html` is `443`, the standard port for HTTPS. */ port: pulumi.Input; } export interface DataSourceConfigurationWebCrawlerConfigurationProxyConfiguration { /** * Your secret ARN, which you can create in AWS Secrets Manager. The credentials are optional. You use a secret if web proxy credentials are required to connect to a website host. Amazon Kendra currently support basic authentication to connect to a web proxy server. The secret stores your credentials. */ credentials?: pulumi.Input; /** * The name of the website host you want to connect to via a web proxy server. For example, the host name of `https://a.example.com/page1.html` is `"a.example.com"`. */ host: pulumi.Input; /** * The port number of the website host you want to connect to via a web proxy server. For example, the port for `https://a.example.com/page1.html` is `443`, the standard port for HTTPS. */ port: pulumi.Input; } export interface DataSourceConfigurationWebCrawlerConfigurationUrls { /** * A block that specifies the configuration of the seed or starting point URLs of the websites you want to crawl. You can choose to crawl only the website host names, or the website host names with subdomains, or the website host names with subdomains and other domains that the webpages link to. You can list up to `100` seed URLs. Detailed below. */ seedUrlConfiguration?: pulumi.Input; /** * A block that specifies the configuration of the sitemap URLs of the websites you want to crawl. Only URLs belonging to the same website host names are crawled. You can list up to `3` sitemap URLs. Detailed below. */ siteMapsConfiguration?: pulumi.Input; } export interface DataSourceConfigurationWebCrawlerConfigurationUrlsSeedUrlConfiguration { /** * The list of seed or starting point URLs of the websites you want to crawl. The list can include a maximum of `100` seed URLs. Array Members: Minimum number of `0` items. Maximum number of `100` items. Length Constraints: Minimum length of `1`. Maximum length of `2048`. */ seedUrls: pulumi.Input[]>; /** * The default mode is set to `HOST_ONLY`. You can choose one of the following modes: */ webCrawlerMode?: pulumi.Input; } export interface DataSourceConfigurationWebCrawlerConfigurationUrlsSiteMapsConfiguration { /** * The list of sitemap URLs of the websites you want to crawl. The list can include a maximum of `3` sitemap URLs. */ siteMaps: pulumi.Input[]>; } export interface DataSourceCustomDocumentEnrichmentConfiguration { /** * Configuration information to alter document attributes or metadata fields and content when ingesting documents into Amazon Kendra. Minimum number of `0` items. Maximum number of `100` items. Detailed below. */ inlineConfigurations?: pulumi.Input[]>; /** * A block that specifies the configuration information for invoking a Lambda function in AWS Lambda on the structured documents with their metadata and text extracted. You can use a Lambda function to apply advanced logic for creating, modifying, or deleting document metadata and content. For more information, see [Advanced data manipulation](https://docs.aws.amazon.com/kendra/latest/dg/custom-document-enrichment.html#advanced-data-manipulation). Detailed below. */ postExtractionHookConfiguration?: pulumi.Input; /** * Configuration information for invoking a Lambda function in AWS Lambda on the original or raw documents before extracting their metadata and text. You can use a Lambda function to apply advanced logic for creating, modifying, or deleting document metadata and content. For more information, see [Advanced data manipulation](https://docs.aws.amazon.com/kendra/latest/dg/custom-document-enrichment.html#advanced-data-manipulation). Detailed below. */ preExtractionHookConfiguration?: pulumi.Input; /** * The Amazon Resource Name (ARN) of a role with permission to run `preExtractionHookConfiguration` and `postExtractionHookConfiguration` for altering document metadata and content during the document ingestion process. For more information, see [IAM roles for Amazon Kendra](https://docs.aws.amazon.com/kendra/latest/dg/iam-roles.html). */ roleArn?: pulumi.Input; } export interface DataSourceCustomDocumentEnrichmentConfigurationInlineConfiguration { /** * Configuration of the condition used for the target document attribute or metadata field when ingesting documents into Amazon Kendra. See condition. */ condition?: pulumi.Input; /** * `TRUE` to delete content if the condition used for the target attribute is met. */ documentContentDeletion?: pulumi.Input; /** * Configuration of the target document attribute or metadata field when ingesting documents into Amazon Kendra. You can also include a value. Detailed below. */ target?: pulumi.Input; } export interface DataSourceCustomDocumentEnrichmentConfigurationInlineConfigurationCondition { /** * The identifier of the document attribute used for the condition. For example, `_source_uri` could be an identifier for the attribute or metadata field that contains source URIs associated with the documents. Amazon Kendra currently does not support `_document_body` as an attribute key used for the condition. */ conditionDocumentAttributeKey: pulumi.Input; /** * The value used by the operator. For example, you can specify the value 'financial' for strings in the `_source_uri` field that partially match or contain this value. See condition_on_value. */ conditionOnValue?: pulumi.Input; /** * The condition operator. For example, you can use `Contains` to partially match a string. Valid Values: `GreaterThan` | `GreaterThanOrEquals` | `LessThan` | `LessThanOrEquals` | `Equals` | `NotEquals` | `Contains` | `NotContains` | `Exists` | `NotExists` | `BeginsWith`. */ operator: pulumi.Input; } export interface DataSourceCustomDocumentEnrichmentConfigurationInlineConfigurationConditionConditionOnValue { /** * A date expressed as an ISO 8601 string. It is important for the time zone to be included in the ISO 8601 date-time format. As of this writing only UTC is supported. For example, `2012-03-25T12:30:10+00:00`. */ dateValue?: pulumi.Input; /** * A long integer value. */ longValue?: pulumi.Input; /** * A list of strings. */ stringListValues?: pulumi.Input[]>; stringValue?: pulumi.Input; } export interface DataSourceCustomDocumentEnrichmentConfigurationInlineConfigurationTarget { /** * The identifier of the target document attribute or metadata field. For example, 'Department' could be an identifier for the target attribute or metadata field that includes the department names associated with the documents. */ targetDocumentAttributeKey?: pulumi.Input; /** * The target value you want to create for the target attribute. For example, 'Finance' could be the target value for the target attribute key 'Department'. See target_document_attribute_value. */ targetDocumentAttributeValue?: pulumi.Input; /** * `TRUE` to delete the existing target value for your specified target attribute key. You cannot create a target value and set this to `TRUE`. To create a target value (`TargetDocumentAttributeValue`), set this to `FALSE`. */ targetDocumentAttributeValueDeletion?: pulumi.Input; } export interface DataSourceCustomDocumentEnrichmentConfigurationInlineConfigurationTargetTargetDocumentAttributeValue { /** * A date expressed as an ISO 8601 string. It is important for the time zone to be included in the ISO 8601 date-time format. As of this writing only UTC is supported. For example, `2012-03-25T12:30:10+00:00`. */ dateValue?: pulumi.Input; /** * A long integer value. */ longValue?: pulumi.Input; /** * A list of strings. */ stringListValues?: pulumi.Input[]>; stringValue?: pulumi.Input; } export interface DataSourceCustomDocumentEnrichmentConfigurationPostExtractionHookConfiguration { /** * A block that specifies the condition used for when a Lambda function should be invoked. For example, you can specify a condition that if there are empty date-time values, then Amazon Kendra should invoke a function that inserts the current date-time. See invocation_condition. */ invocationCondition?: pulumi.Input; /** * The Amazon Resource Name (ARN) of a Lambda Function that can manipulate your document metadata fields or attributes and content. */ lambdaArn: pulumi.Input; /** * Stores the original, raw documents or the structured, parsed documents before and after altering them. For more information, see [Data contracts for Lambda functions](https://docs.aws.amazon.com/kendra/latest/dg/custom-document-enrichment.html#cde-data-contracts-lambda). */ s3Bucket: pulumi.Input; } export interface DataSourceCustomDocumentEnrichmentConfigurationPostExtractionHookConfigurationInvocationCondition { /** * The identifier of the document attribute used for the condition. For example, `_source_uri` could be an identifier for the attribute or metadata field that contains source URIs associated with the documents. Amazon Kendra currently does not support `_document_body` as an attribute key used for the condition. */ conditionDocumentAttributeKey: pulumi.Input; /** * The value used by the operator. For example, you can specify the value 'financial' for strings in the `_source_uri` field that partially match or contain this value. See condition_on_value. */ conditionOnValue?: pulumi.Input; /** * The condition operator. For example, you can use `Contains` to partially match a string. Valid Values: `GreaterThan` | `GreaterThanOrEquals` | `LessThan` | `LessThanOrEquals` | `Equals` | `NotEquals` | `Contains` | `NotContains` | `Exists` | `NotExists` | `BeginsWith`. */ operator: pulumi.Input; } export interface DataSourceCustomDocumentEnrichmentConfigurationPostExtractionHookConfigurationInvocationConditionConditionOnValue { /** * A date expressed as an ISO 8601 string. It is important for the time zone to be included in the ISO 8601 date-time format. As of this writing only UTC is supported. For example, `2012-03-25T12:30:10+00:00`. */ dateValue?: pulumi.Input; /** * A long integer value. */ longValue?: pulumi.Input; /** * A list of strings. */ stringListValues?: pulumi.Input[]>; stringValue?: pulumi.Input; } export interface DataSourceCustomDocumentEnrichmentConfigurationPreExtractionHookConfiguration { /** * A block that specifies the condition used for when a Lambda function should be invoked. For example, you can specify a condition that if there are empty date-time values, then Amazon Kendra should invoke a function that inserts the current date-time. See invocation_condition. */ invocationCondition?: pulumi.Input; /** * The Amazon Resource Name (ARN) of a Lambda Function that can manipulate your document metadata fields or attributes and content. */ lambdaArn: pulumi.Input; /** * Stores the original, raw documents or the structured, parsed documents before and after altering them. For more information, see [Data contracts for Lambda functions](https://docs.aws.amazon.com/kendra/latest/dg/custom-document-enrichment.html#cde-data-contracts-lambda). */ s3Bucket: pulumi.Input; } export interface DataSourceCustomDocumentEnrichmentConfigurationPreExtractionHookConfigurationInvocationCondition { /** * The identifier of the document attribute used for the condition. For example, `_source_uri` could be an identifier for the attribute or metadata field that contains source URIs associated with the documents. Amazon Kendra currently does not support `_document_body` as an attribute key used for the condition. */ conditionDocumentAttributeKey: pulumi.Input; /** * The value used by the operator. For example, you can specify the value 'financial' for strings in the `_source_uri` field that partially match or contain this value. See condition_on_value. */ conditionOnValue?: pulumi.Input; /** * The condition operator. For example, you can use `Contains` to partially match a string. Valid Values: `GreaterThan` | `GreaterThanOrEquals` | `LessThan` | `LessThanOrEquals` | `Equals` | `NotEquals` | `Contains` | `NotContains` | `Exists` | `NotExists` | `BeginsWith`. */ operator: pulumi.Input; } export interface DataSourceCustomDocumentEnrichmentConfigurationPreExtractionHookConfigurationInvocationConditionConditionOnValue { /** * A date expressed as an ISO 8601 string. It is important for the time zone to be included in the ISO 8601 date-time format. As of this writing only UTC is supported. For example, `2012-03-25T12:30:10+00:00`. */ dateValue?: pulumi.Input; /** * A long integer value. */ longValue?: pulumi.Input; /** * A list of strings. */ stringListValues?: pulumi.Input[]>; stringValue?: pulumi.Input; } export interface ExperienceConfiguration { /** * The identifiers of your data sources and FAQs. Or, you can specify that you want to use documents indexed via the `BatchPutDocument API`. The provider will only perform drift detection of its value when present in a configuration. Detailed below. */ contentSourceConfiguration?: pulumi.Input; /** * The AWS SSO field name that contains the identifiers of your users, such as their emails. Detailed below. */ userIdentityConfiguration?: pulumi.Input; } export interface ExperienceConfigurationContentSourceConfiguration { /** * The identifiers of the data sources you want to use for your Amazon Kendra experience. Maximum number of 100 items. */ dataSourceIds?: pulumi.Input[]>; /** * Whether to use documents you indexed directly using the `BatchPutDocument API`. Defaults to `false`. */ directPutContent?: pulumi.Input; /** * The identifier of the FAQs that you want to use for your Amazon Kendra experience. Maximum number of 100 items. */ faqIds?: pulumi.Input[]>; } export interface ExperienceConfigurationUserIdentityConfiguration { /** * The AWS SSO field name that contains the identifiers of your users, such as their emails. */ identityAttributeName: pulumi.Input; } export interface ExperienceEndpoint { /** * The endpoint of your Amazon Kendra experience. */ endpoint?: pulumi.Input; /** * The type of endpoint for your Amazon Kendra experience. */ endpointType?: pulumi.Input; } export interface FaqS3Path { /** * The name of the S3 bucket that contains the file. */ bucket: pulumi.Input; /** * The name of the file. * * The following arguments are optional: */ key: pulumi.Input; } export interface IndexCapacityUnits { /** * The amount of extra query capacity for an index and GetQuerySuggestions capacity. For more information, refer to [QueryCapacityUnits](https://docs.aws.amazon.com/kendra/latest/dg/API_CapacityUnitsConfiguration.html#Kendra-Type-CapacityUnitsConfiguration-QueryCapacityUnits). */ queryCapacityUnits?: pulumi.Input; /** * The amount of extra storage capacity for an index. A single capacity unit provides 30 GB of storage space or 100,000 documents, whichever is reached first. Minimum value of 0. */ storageCapacityUnits?: pulumi.Input; } export interface IndexDocumentMetadataConfigurationUpdate { /** * The name of the index field. Minimum length of 1. Maximum length of 30. */ name: pulumi.Input; /** * A block that provides manual tuning parameters to determine how the field affects the search results. Detailed below */ relevance?: pulumi.Input; /** * A block that provides information about how the field is used during a search. Documented below. Detailed below */ search?: pulumi.Input; /** * The data type of the index field. Valid values are `STRING_VALUE`, `STRING_LIST_VALUE`, `LONG_VALUE`, `DATE_VALUE`. */ type: pulumi.Input; } export interface IndexDocumentMetadataConfigurationUpdateRelevance { /** * Specifies the time period that the boost applies to. For more information, refer to [Duration](https://docs.aws.amazon.com/kendra/latest/dg/API_Relevance.html#Kendra-Type-Relevance-Duration). */ duration?: pulumi.Input; /** * Indicates that this field determines how "fresh" a document is. For more information, refer to [Freshness](https://docs.aws.amazon.com/kendra/latest/dg/API_Relevance.html#Kendra-Type-Relevance-Freshness). */ freshness?: pulumi.Input; /** * The relative importance of the field in the search. Larger numbers provide more of a boost than smaller numbers. Minimum value of 1. Maximum value of 10. */ importance?: pulumi.Input; /** * Determines how values should be interpreted. For more information, refer to [RankOrder](https://docs.aws.amazon.com/kendra/latest/dg/API_Relevance.html#Kendra-Type-Relevance-RankOrder). */ rankOrder?: pulumi.Input; /** * A list of values that should be given a different boost when they appear in the result list. For more information, refer to [ValueImportanceMap](https://docs.aws.amazon.com/kendra/latest/dg/API_Relevance.html#Kendra-Type-Relevance-ValueImportanceMap). */ valuesImportanceMap?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface IndexDocumentMetadataConfigurationUpdateSearch { /** * Determines whether the field is returned in the query response. The default is `true`. */ displayable?: pulumi.Input; /** * Indicates that the field can be used to create search facets, a count of results for each value in the field. The default is `false`. */ facetable?: pulumi.Input; /** * Determines whether the field is used in the search. If the Searchable field is true, you can use relevance tuning to manually tune how Amazon Kendra weights the field in the search. The default is `true` for `string` fields and `false` for `number` and `date` fields. */ searchable?: pulumi.Input; /** * Determines whether the field can be used to sort the results of a query. If you specify sorting on a field that does not have Sortable set to true, Amazon Kendra returns an exception. The default is `false`. */ sortable?: pulumi.Input; } export interface IndexIndexStatistic { /** * A block that specifies the number of question and answer topics in the index. Detailed below. */ faqStatistics?: pulumi.Input[]>; /** * A block that specifies the number of text documents indexed. Detailed below. */ textDocumentStatistics?: pulumi.Input[]>; } export interface IndexIndexStatisticFaqStatistic { /** * The total number of FAQ questions and answers contained in the index. */ indexedQuestionAnswersCount?: pulumi.Input; } export interface IndexIndexStatisticTextDocumentStatistic { /** * The total size, in bytes, of the indexed documents. */ indexedTextBytes?: pulumi.Input; /** * The number of text documents indexed. */ indexedTextDocumentsCount?: pulumi.Input; } export interface IndexServerSideEncryptionConfiguration { /** * The identifier of the AWS KMScustomer master key (CMK). Amazon Kendra doesn't support asymmetric CMKs. */ kmsKeyId?: pulumi.Input; } export interface IndexUserGroupResolutionConfiguration { /** * The identity store provider (mode) you want to use to fetch access levels of groups and users. AWS Single Sign-On is currently the only available mode. Your users and groups must exist in an AWS SSO identity source in order to use this mode. Valid Values are `AWS_SSO` or `NONE`. */ userGroupResolutionMode: pulumi.Input; } export interface IndexUserTokenConfigurations { /** * A block that specifies the information about the JSON token type configuration. Detailed below. */ jsonTokenTypeConfiguration?: pulumi.Input; /** * A block that specifies the information about the JWT token type configuration. Detailed below. */ jwtTokenTypeConfiguration?: pulumi.Input; } export interface IndexUserTokenConfigurationsJsonTokenTypeConfiguration { /** * The group attribute field. Minimum length of 1. Maximum length of 2048. */ groupAttributeField: pulumi.Input; /** * The user name attribute field. Minimum length of 1. Maximum length of 2048. */ userNameAttributeField: pulumi.Input; } export interface IndexUserTokenConfigurationsJwtTokenTypeConfiguration { /** * The regular expression that identifies the claim. Minimum length of 1. Maximum length of 100. */ claimRegex?: pulumi.Input; /** * The group attribute field. Minimum length of 1. Maximum length of 100. */ groupAttributeField?: pulumi.Input; /** * The issuer of the token. Minimum length of 1. Maximum length of 65. */ issuer?: pulumi.Input; /** * The location of the key. Valid values are `URL` or `SECRET_MANAGER` */ keyLocation: pulumi.Input; /** * The Amazon Resource Name (ARN) of the secret. */ secretsManagerArn?: pulumi.Input; /** * The signing key URL. Valid pattern is `^(https?|ftp|file):\/\/([^\s]*)` */ url?: pulumi.Input; /** * The user name attribute field. Minimum length of 1. Maximum length of 100. */ userNameAttributeField?: pulumi.Input; } export interface QuerySuggestionsBlockListSourceS3Path { /** * Name of the S3 bucket that contains the file. */ bucket: pulumi.Input; /** * Name of the file. * * The following arguments are optional: */ key: pulumi.Input; } export interface ThesaurusSourceS3Path { /** * The name of the S3 bucket that contains the file. */ bucket: pulumi.Input; /** * The name of the file. * * The following arguments are optional: */ key: pulumi.Input; } } export namespace keyspaces { export interface TableCapacitySpecification { /** * The throughput capacity specified for read operations defined in read capacity units (RCUs). */ readCapacityUnits?: pulumi.Input; /** * The read/write throughput capacity mode for a table. Valid values: `PAY_PER_REQUEST`, `PROVISIONED`. The default value is `PAY_PER_REQUEST`. */ throughputMode?: pulumi.Input; /** * The throughput capacity specified for write operations defined in write capacity units (WCUs). */ writeCapacityUnits?: pulumi.Input; } export interface TableClientSideTimestamps { /** * Shows how to enable client-side timestamps settings for the specified table. Valid values: `ENABLED`. */ status: pulumi.Input; } export interface TableComment { /** * A description of the table. */ message?: pulumi.Input; } export interface TableEncryptionSpecification { /** * The Amazon Resource Name (ARN) of the customer managed KMS key. */ kmsKeyIdentifier?: pulumi.Input; /** * The encryption option specified for the table. Valid values: `AWS_OWNED_KMS_KEY`, `CUSTOMER_MANAGED_KMS_KEY`. The default value is `AWS_OWNED_KMS_KEY`. */ type?: pulumi.Input; } export interface TablePointInTimeRecovery { /** * Valid values: `ENABLED`, `DISABLED`. The default value is `DISABLED`. */ status?: pulumi.Input; } export interface TableSchemaDefinition { /** * The columns that are part of the clustering key of the table. */ clusteringKeys?: pulumi.Input[]>; /** * The regular columns of the table. */ columns: pulumi.Input[]>; /** * The columns that are part of the partition key of the table . */ partitionKeys: pulumi.Input[]>; /** * The columns that have been defined as `STATIC`. Static columns store values that are shared by all rows in the same partition. */ staticColumns?: pulumi.Input[]>; } export interface TableSchemaDefinitionClusteringKey { /** * The name of the clustering key column. */ name: pulumi.Input; /** * The order modifier. Valid values: `ASC`, `DESC`. */ orderBy: pulumi.Input; } export interface TableSchemaDefinitionColumn { /** * The name of the column. */ name: pulumi.Input; /** * The data type of the column. See the [Developer Guide](https://docs.aws.amazon.com/keyspaces/latest/devguide/cql.elements.html#cql.data-types) for a list of available data types. */ type: pulumi.Input; } export interface TableSchemaDefinitionPartitionKey { /** * The name of the partition key column. */ name: pulumi.Input; } export interface TableSchemaDefinitionStaticColumn { /** * The name of the static column. */ name: pulumi.Input; } export interface TableTtl { /** * Valid values: `ENABLED`. */ status: pulumi.Input; } } export namespace kinesis { export interface AnalyticsApplicationCloudwatchLoggingOptions { /** * The ARN of the Kinesis Analytics Application. */ id?: pulumi.Input; /** * The ARN of the CloudWatch Log Stream. */ logStreamArn: pulumi.Input; /** * The ARN of the IAM Role used to send application messages. */ roleArn: pulumi.Input; } export interface AnalyticsApplicationInputs { /** * The ARN of the Kinesis Analytics Application. */ id?: pulumi.Input; /** * The Kinesis Firehose configuration for the streaming source. Conflicts with `kinesisStream`. * See Kinesis Firehose below for more details. */ kinesisFirehose?: pulumi.Input; /** * The Kinesis Stream configuration for the streaming source. Conflicts with `kinesisFirehose`. * See Kinesis Stream below for more details. */ kinesisStream?: pulumi.Input; /** * The Name Prefix to use when creating an in-application stream. */ namePrefix: pulumi.Input; /** * The number of Parallel in-application streams to create. * See Parallelism below for more details. */ parallelism?: pulumi.Input; /** * The Processing Configuration to transform records as they are received from the stream. * See Processing Configuration below for more details. */ processingConfiguration?: pulumi.Input; /** * The Schema format of the data in the streaming source. See Source Schema below for more details. */ schema: pulumi.Input; /** * The point at which the application starts processing records from the streaming source. * See Starting Position Configuration below for more details. */ startingPositionConfigurations?: pulumi.Input[]>; streamNames?: pulumi.Input[]>; } export interface AnalyticsApplicationInputsKinesisFirehose { /** * The ARN of the Kinesis Firehose delivery stream. */ resourceArn: pulumi.Input; /** * The ARN of the IAM Role used to access the stream. */ roleArn: pulumi.Input; } export interface AnalyticsApplicationInputsKinesisStream { /** * The ARN of the Kinesis Stream. */ resourceArn: pulumi.Input; /** * The ARN of the IAM Role used to access the stream. */ roleArn: pulumi.Input; } export interface AnalyticsApplicationInputsParallelism { /** * The Count of streams. */ count?: pulumi.Input; } export interface AnalyticsApplicationInputsProcessingConfiguration { /** * The Lambda function configuration. See Lambda below for more details. */ lambda: pulumi.Input; } export interface AnalyticsApplicationInputsProcessingConfigurationLambda { /** * The ARN of the Lambda function. */ resourceArn: pulumi.Input; /** * The ARN of the IAM Role used to access the Lambda function. */ roleArn: pulumi.Input; } export interface AnalyticsApplicationInputsSchema { /** * The Record Column mapping for the streaming source data element. * See Record Columns below for more details. */ recordColumns: pulumi.Input[]>; /** * The Encoding of the record in the streaming source. */ recordEncoding?: pulumi.Input; /** * The Record Format and mapping information to schematize a record. * See Record Format below for more details. */ recordFormat: pulumi.Input; } export interface AnalyticsApplicationInputsSchemaRecordColumn { /** * The Mapping reference to the data element. */ mapping?: pulumi.Input; /** * Name of the column. */ name: pulumi.Input; /** * The SQL Type of the column. */ sqlType: pulumi.Input; } export interface AnalyticsApplicationInputsSchemaRecordFormat { /** * The Mapping Information for the record format. * See Mapping Parameters below for more details. */ mappingParameters?: pulumi.Input; /** * The type of Record Format. Can be `CSV` or `JSON`. */ recordFormatType?: pulumi.Input; } export interface AnalyticsApplicationInputsSchemaRecordFormatMappingParameters { /** * Mapping information when the record format uses delimiters. * See CSV Mapping Parameters below for more details. */ csv?: pulumi.Input; /** * Mapping information when JSON is the record format on the streaming source. * See JSON Mapping Parameters below for more details. */ json?: pulumi.Input; } export interface AnalyticsApplicationInputsSchemaRecordFormatMappingParametersCsv { /** * The Column Delimiter. */ recordColumnDelimiter: pulumi.Input; /** * The Row Delimiter. */ recordRowDelimiter: pulumi.Input; } export interface AnalyticsApplicationInputsSchemaRecordFormatMappingParametersJson { /** * Path to the top-level parent that contains the records. */ recordRowPath: pulumi.Input; } export interface AnalyticsApplicationInputsStartingPositionConfiguration { /** * The starting position on the stream. Valid values: `LAST_STOPPED_POINT`, `NOW`, `TRIM_HORIZON`. */ startingPosition?: pulumi.Input; } export interface AnalyticsApplicationOutput { /** * The ARN of the Kinesis Analytics Application. */ id?: pulumi.Input; /** * The Kinesis Firehose configuration for the destination stream. Conflicts with `kinesisStream`. * See Kinesis Firehose below for more details. */ kinesisFirehose?: pulumi.Input; /** * The Kinesis Stream configuration for the destination stream. Conflicts with `kinesisFirehose`. * See Kinesis Stream below for more details. */ kinesisStream?: pulumi.Input; /** * The Lambda function destination. See Lambda below for more details. */ lambda?: pulumi.Input; /** * The Name of the in-application stream. */ name: pulumi.Input; /** * The Schema format of the data written to the destination. See Destination Schema below for more details. */ schema: pulumi.Input; } export interface AnalyticsApplicationOutputKinesisFirehose { /** * The ARN of the Kinesis Firehose delivery stream. */ resourceArn: pulumi.Input; /** * The ARN of the IAM Role used to access the stream. */ roleArn: pulumi.Input; } export interface AnalyticsApplicationOutputKinesisStream { /** * The ARN of the Kinesis Stream. */ resourceArn: pulumi.Input; /** * The ARN of the IAM Role used to access the stream. */ roleArn: pulumi.Input; } export interface AnalyticsApplicationOutputLambda { /** * The ARN of the Lambda function. */ resourceArn: pulumi.Input; /** * The ARN of the IAM Role used to access the Lambda function. */ roleArn: pulumi.Input; } export interface AnalyticsApplicationOutputSchema { /** * The Format Type of the records on the output stream. Can be `CSV` or `JSON`. */ recordFormatType: pulumi.Input; } export interface AnalyticsApplicationReferenceDataSources { /** * The ARN of the Kinesis Analytics Application. */ id?: pulumi.Input; /** * The S3 configuration for the reference data source. See S3 Reference below for more details. */ s3: pulumi.Input; /** * The Schema format of the data in the streaming source. See Source Schema below for more details. */ schema: pulumi.Input; /** * The in-application Table Name. */ tableName: pulumi.Input; } export interface AnalyticsApplicationReferenceDataSourcesS3 { /** * The S3 Bucket ARN. */ bucketArn: pulumi.Input; /** * The File Key name containing reference data. */ fileKey: pulumi.Input; /** * The IAM Role ARN to read the data. */ roleArn: pulumi.Input; } export interface AnalyticsApplicationReferenceDataSourcesSchema { /** * The Record Column mapping for the streaming source data element. * See Record Columns below for more details. */ recordColumns: pulumi.Input[]>; /** * The Encoding of the record in the streaming source. */ recordEncoding?: pulumi.Input; /** * The Record Format and mapping information to schematize a record. * See Record Format below for more details. */ recordFormat: pulumi.Input; } export interface AnalyticsApplicationReferenceDataSourcesSchemaRecordColumn { /** * The Mapping reference to the data element. */ mapping?: pulumi.Input; /** * Name of the column. */ name: pulumi.Input; /** * The SQL Type of the column. */ sqlType: pulumi.Input; } export interface AnalyticsApplicationReferenceDataSourcesSchemaRecordFormat { /** * The Mapping Information for the record format. * See Mapping Parameters below for more details. */ mappingParameters?: pulumi.Input; /** * The type of Record Format. Can be `CSV` or `JSON`. */ recordFormatType?: pulumi.Input; } export interface AnalyticsApplicationReferenceDataSourcesSchemaRecordFormatMappingParameters { /** * Mapping information when the record format uses delimiters. * See CSV Mapping Parameters below for more details. */ csv?: pulumi.Input; /** * Mapping information when JSON is the record format on the streaming source. * See JSON Mapping Parameters below for more details. */ json?: pulumi.Input; } export interface AnalyticsApplicationReferenceDataSourcesSchemaRecordFormatMappingParametersCsv { /** * The Column Delimiter. */ recordColumnDelimiter: pulumi.Input; /** * The Row Delimiter. */ recordRowDelimiter: pulumi.Input; } export interface AnalyticsApplicationReferenceDataSourcesSchemaRecordFormatMappingParametersJson { /** * Path to the top-level parent that contains the records. */ recordRowPath: pulumi.Input; } export interface FirehoseDeliveryStreamElasticsearchConfiguration { /** * Buffer incoming data for the specified period of time, in seconds between 0 to 900, before delivering it to the destination. The default value is 300s. */ bufferingInterval?: pulumi.Input; /** * Buffer incoming data to the specified size, in MBs between 1 to 100, before delivering it to the destination. The default value is 5MB. */ bufferingSize?: pulumi.Input; /** * The CloudWatch Logging Options for the delivery stream. See `cloudwatchLoggingOptions` block below for details. */ cloudwatchLoggingOptions?: pulumi.Input; /** * The endpoint to use when communicating with the cluster. Conflicts with `domainArn`. */ clusterEndpoint?: pulumi.Input; /** * The ARN of the Amazon ES domain. The pattern needs to be `arn:.*`. Conflicts with `clusterEndpoint`. */ domainArn?: pulumi.Input; /** * The Elasticsearch index name. */ indexName: pulumi.Input; /** * The Elasticsearch index rotation period. Index rotation appends a timestamp to the IndexName to facilitate expiration of old data. Valid values are `NoRotation`, `OneHour`, `OneDay`, `OneWeek`, and `OneMonth`. The default value is `OneDay`. */ indexRotationPeriod?: pulumi.Input; /** * The data processing configuration. See `processingConfiguration` block below for details. */ processingConfiguration?: pulumi.Input; /** * After an initial failure to deliver to Amazon Elasticsearch, the total amount of time, in seconds between 0 to 7200, during which Firehose re-attempts delivery (including the first attempt). After this time has elapsed, the failed documents are written to Amazon S3. The default value is 300s. There will be no retry if the value is 0. */ retryDuration?: pulumi.Input; /** * The ARN of the IAM role to be assumed by Firehose for calling the Amazon ES Configuration API and for indexing documents. The IAM role must have permission for `DescribeElasticsearchDomain`, `DescribeElasticsearchDomains`, and `DescribeElasticsearchDomainConfig`. The pattern needs to be `arn:.*`. */ roleArn: pulumi.Input; /** * Defines how documents should be delivered to Amazon S3. Valid values are `FailedDocumentsOnly` and `AllDocuments`. Default value is `FailedDocumentsOnly`. */ s3BackupMode?: pulumi.Input; /** * The S3 Configuration. See `s3Configuration` block below for details. */ s3Configuration: pulumi.Input; /** * The Elasticsearch type name with maximum length of 100 characters. */ typeName?: pulumi.Input; /** * The VPC configuration for the delivery stream to connect to Elastic Search associated with the VPC. See `vpcConfig` block below for details. */ vpcConfig?: pulumi.Input; } export interface FirehoseDeliveryStreamElasticsearchConfigurationCloudwatchLoggingOptions { /** * Enables or disables the logging. Defaults to `false`. */ enabled?: pulumi.Input; /** * The CloudWatch group name for logging. This value is required if `enabled` is true. */ logGroupName?: pulumi.Input; /** * The CloudWatch log stream name for logging. This value is required if `enabled` is true. */ logStreamName?: pulumi.Input; } export interface FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfiguration { /** * Enables or disables data processing. */ enabled?: pulumi.Input; /** * Specifies the data processors as multiple blocks. See `processors` block below for details. */ processors?: pulumi.Input[]>; } export interface FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationProcessor { /** * Specifies the processor parameters as multiple blocks. See `parameters` block below for details. */ parameters?: pulumi.Input[]>; /** * The type of processor. Valid Values: `RecordDeAggregation`, `Lambda`, `MetadataExtraction`, `AppendDelimiterToRecord`. Validation is done against [AWS SDK constants](https://docs.aws.amazon.com/sdk-for-go/api/service/firehose/#pkg-constants); so that values not explicitly listed may also work. */ type: pulumi.Input; } export interface FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationProcessorParameter { /** * Parameter name. Valid Values: `LambdaArn`, `NumberOfRetries`, `MetadataExtractionQuery`, `JsonParsingEngine`, `RoleArn`, `BufferSizeInMBs`, `BufferIntervalInSeconds`, `SubRecordType`, `Delimiter`. Validation is done against [AWS SDK constants](https://docs.aws.amazon.com/sdk-for-go/api/service/firehose/#pkg-constants); so that values not explicitly listed may also work. */ parameterName: pulumi.Input; /** * Parameter value. Must be between 1 and 512 length (inclusive). When providing a Lambda ARN, you should specify the resource version as well. * * > **NOTE:** Parameters with default values, including `NumberOfRetries`(default: 3), `RoleArn`(default: firehose role ARN), `BufferSizeInMBs`(default: 1), and `BufferIntervalInSeconds`(default: 60), are not stored in Pulumi state. To prevent perpetual differences, it is therefore recommended to only include parameters with non-default values. */ parameterValue: pulumi.Input; } export interface FirehoseDeliveryStreamElasticsearchConfigurationS3Configuration { /** * The ARN of the S3 bucket */ bucketArn: pulumi.Input; /** * Buffer incoming data for the specified period of time, in seconds, before delivering it to the destination. The default value is 300. */ bufferingInterval?: pulumi.Input; /** * Buffer incoming data to the specified size, in MBs, before delivering it to the destination. The default value is 5. * We recommend setting SizeInMBs to a value greater than the amount of data you typically ingest into the delivery stream in 10 seconds. For example, if you typically ingest data at 1 MB/sec set SizeInMBs to be 10 MB or higher. */ bufferingSize?: pulumi.Input; /** * The CloudWatch Logging Options for the delivery stream. See `cloudwatchLoggingOptions` block below for details. */ cloudwatchLoggingOptions?: pulumi.Input; /** * The compression format. If no value is specified, the default is `UNCOMPRESSED`. Other supported values are `GZIP`, `ZIP`, `Snappy`, & `HADOOP_SNAPPY`. */ compressionFormat?: pulumi.Input; /** * Prefix added to failed records before writing them to S3. Not currently supported for `redshift` destination. This prefix appears immediately following the bucket name. For information about how to specify this prefix, see [Custom Prefixes for Amazon S3 Objects](https://docs.aws.amazon.com/firehose/latest/dev/s3-prefixes.html). */ errorOutputPrefix?: pulumi.Input; /** * Specifies the KMS key ARN the stream will use to encrypt data. If not set, no encryption will * be used. */ kmsKeyArn?: pulumi.Input; /** * The "YYYY/MM/DD/HH" time format prefix is automatically used for delivered S3 files. You can specify an extra prefix to be added in front of the time format prefix. Note that if the prefix ends with a slash, it appears as a folder in the S3 bucket */ prefix?: pulumi.Input; /** * The ARN of the AWS credentials. */ roleArn: pulumi.Input; } export interface FirehoseDeliveryStreamElasticsearchConfigurationS3ConfigurationCloudwatchLoggingOptions { /** * Enables or disables the logging. Defaults to `false`. */ enabled?: pulumi.Input; /** * The CloudWatch group name for logging. This value is required if `enabled` is true. */ logGroupName?: pulumi.Input; /** * The CloudWatch log stream name for logging. This value is required if `enabled` is true. */ logStreamName?: pulumi.Input; } export interface FirehoseDeliveryStreamElasticsearchConfigurationVpcConfig { /** * The ARN of the IAM role to be assumed by Firehose for calling the Amazon EC2 configuration API and for creating network interfaces. Make sure role has necessary [IAM permissions](https://docs.aws.amazon.com/firehose/latest/dev/controlling-access.html#using-iam-es-vpc) */ roleArn: pulumi.Input; /** * A list of security group IDs to associate with Kinesis Firehose. */ securityGroupIds: pulumi.Input[]>; /** * A list of subnet IDs to associate with Kinesis Firehose. */ subnetIds: pulumi.Input[]>; vpcId?: pulumi.Input; } export interface FirehoseDeliveryStreamExtendedS3Configuration { bucketArn: pulumi.Input; bufferingInterval?: pulumi.Input; bufferingSize?: pulumi.Input; cloudwatchLoggingOptions?: pulumi.Input; compressionFormat?: pulumi.Input; /** * The time zone you prefer. Valid values are `UTC` or a non-3-letter IANA time zones (for example, `America/Los_Angeles`). Default value is `UTC`. */ customTimeZone?: pulumi.Input; /** * Nested argument for the serializer, deserializer, and schema for converting data from the JSON format to the Parquet or ORC format before writing it to Amazon S3. See `dataFormatConversionConfiguration` block below for details. */ dataFormatConversionConfiguration?: pulumi.Input; /** * The configuration for dynamic partitioning. Required when using [dynamic partitioning](https://docs.aws.amazon.com/firehose/latest/dev/dynamic-partitioning.html). See `dynamicPartitioningConfiguration` block below for details. */ dynamicPartitioningConfiguration?: pulumi.Input; errorOutputPrefix?: pulumi.Input; /** * The file extension to override the default file extension (for example, `.json`). */ fileExtension?: pulumi.Input; kmsKeyArn?: pulumi.Input; prefix?: pulumi.Input; /** * The data processing configuration. See `processingConfiguration` block below for details. */ processingConfiguration?: pulumi.Input; roleArn: pulumi.Input; /** * The configuration for backup in Amazon S3. Required if `s3BackupMode` is `Enabled`. Supports the same fields as `s3Configuration` object. */ s3BackupConfiguration?: pulumi.Input; /** * The Amazon S3 backup mode. Valid values are `Disabled` and `Enabled`. Default value is `Disabled`. */ s3BackupMode?: pulumi.Input; } export interface FirehoseDeliveryStreamExtendedS3ConfigurationCloudwatchLoggingOptions { /** * Enables or disables the logging. Defaults to `false`. */ enabled?: pulumi.Input; /** * The CloudWatch group name for logging. This value is required if `enabled` is true. */ logGroupName?: pulumi.Input; /** * The CloudWatch log stream name for logging. This value is required if `enabled` is true. */ logStreamName?: pulumi.Input; } export interface FirehoseDeliveryStreamExtendedS3ConfigurationDataFormatConversionConfiguration { /** * Defaults to `true`. Set it to `false` if you want to disable format conversion while preserving the configuration details. */ enabled?: pulumi.Input; /** * Specifies the deserializer that you want Kinesis Data Firehose to use to convert the format of your data from JSON. See `inputFormatConfiguration` block below for details. */ inputFormatConfiguration: pulumi.Input; /** * Specifies the serializer that you want Kinesis Data Firehose to use to convert the format of your data to the Parquet or ORC format. See `outputFormatConfiguration` block below for details. */ outputFormatConfiguration: pulumi.Input; /** * Specifies the AWS Glue Data Catalog table that contains the column information. See `schemaConfiguration` block below for details. */ schemaConfiguration: pulumi.Input; } export interface FirehoseDeliveryStreamExtendedS3ConfigurationDataFormatConversionConfigurationInputFormatConfiguration { /** * Specifies which deserializer to use. You can choose either the Apache Hive JSON SerDe or the OpenX JSON SerDe. See `deserializer` block below for details. */ deserializer: pulumi.Input; } export interface FirehoseDeliveryStreamExtendedS3ConfigurationDataFormatConversionConfigurationInputFormatConfigurationDeserializer { /** * Specifies the native Hive / HCatalog JsonSerDe. More details below. See `hiveJsonSerDe` block below for details. */ hiveJsonSerDe?: pulumi.Input; /** * Specifies the OpenX SerDe. See `openXJsonSerDe` block below for details. */ openXJsonSerDe?: pulumi.Input; } export interface FirehoseDeliveryStreamExtendedS3ConfigurationDataFormatConversionConfigurationInputFormatConfigurationDeserializerHiveJsonSerDe { /** * A list of how you want Kinesis Data Firehose to parse the date and time stamps that may be present in your input data JSON. To specify these format strings, follow the pattern syntax of JodaTime's DateTimeFormat format strings. For more information, see [Class DateTimeFormat](https://www.joda.org/joda-time/apidocs/org/joda/time/format/DateTimeFormat.html). You can also use the special value millis to parse time stamps in epoch milliseconds. If you don't specify a format, Kinesis Data Firehose uses java.sql.Timestamp::valueOf by default. */ timestampFormats?: pulumi.Input[]>; } export interface FirehoseDeliveryStreamExtendedS3ConfigurationDataFormatConversionConfigurationInputFormatConfigurationDeserializerOpenXJsonSerDe { /** * When set to true, which is the default, Kinesis Data Firehose converts JSON keys to lowercase before deserializing them. */ caseInsensitive?: pulumi.Input; /** * A map of column names to JSON keys that aren't identical to the column names. This is useful when the JSON contains keys that are Hive keywords. For example, timestamp is a Hive keyword. If you have a JSON key named timestamp, set this parameter to `{ ts = "timestamp" }` to map this key to a column named ts. */ columnToJsonKeyMappings?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * When set to `true`, specifies that the names of the keys include dots and that you want Kinesis Data Firehose to replace them with underscores. This is useful because Apache Hive does not allow dots in column names. For example, if the JSON contains a key whose name is "a.b", you can define the column name to be "aB" when using this option. Defaults to `false`. */ convertDotsInJsonKeysToUnderscores?: pulumi.Input; } export interface FirehoseDeliveryStreamExtendedS3ConfigurationDataFormatConversionConfigurationOutputFormatConfiguration { /** * Specifies which serializer to use. You can choose either the ORC SerDe or the Parquet SerDe. See `serializer` block below for details. */ serializer: pulumi.Input; } export interface FirehoseDeliveryStreamExtendedS3ConfigurationDataFormatConversionConfigurationOutputFormatConfigurationSerializer { /** * Specifies converting data to the ORC format before storing it in Amazon S3. For more information, see [Apache ORC](https://orc.apache.org/docs/). See `orcSerDe` block below for details. */ orcSerDe?: pulumi.Input; /** * Specifies converting data to the Parquet format before storing it in Amazon S3. For more information, see [Apache Parquet](https://parquet.apache.org/docs/). More details below. */ parquetSerDe?: pulumi.Input; } export interface FirehoseDeliveryStreamExtendedS3ConfigurationDataFormatConversionConfigurationOutputFormatConfigurationSerializerOrcSerDe { /** * The Hadoop Distributed File System (HDFS) block size. This is useful if you intend to copy the data from Amazon S3 to HDFS before querying. The default is 256 MiB and the minimum is 64 MiB. Kinesis Data Firehose uses this value for padding calculations. */ blockSizeBytes?: pulumi.Input; /** * A list of column names for which you want Kinesis Data Firehose to create bloom filters. */ bloomFilterColumns?: pulumi.Input[]>; /** * The Bloom filter false positive probability (FPP). The lower the FPP, the bigger the Bloom filter. The default value is `0.05`, the minimum is `0`, and the maximum is `1`. */ bloomFilterFalsePositiveProbability?: pulumi.Input; /** * The compression code to use over data blocks. The default is `SNAPPY`. */ compression?: pulumi.Input; /** * A float that represents the fraction of the total number of non-null rows. To turn off dictionary encoding, set this fraction to a number that is less than the number of distinct keys in a dictionary. To always use dictionary encoding, set this threshold to `1`. */ dictionaryKeyThreshold?: pulumi.Input; /** * Set this to `true` to indicate that you want stripes to be padded to the HDFS block boundaries. This is useful if you intend to copy the data from Amazon S3 to HDFS before querying. The default is `false`. */ enablePadding?: pulumi.Input; /** * The version of the file to write. The possible values are `V0_11` and `V0_12`. The default is `V0_12`. */ formatVersion?: pulumi.Input; /** * A float between 0 and 1 that defines the tolerance for block padding as a decimal fraction of stripe size. The default value is `0.05`, which means 5 percent of stripe size. For the default values of 64 MiB ORC stripes and 256 MiB HDFS blocks, the default block padding tolerance of 5 percent reserves a maximum of 3.2 MiB for padding within the 256 MiB block. In such a case, if the available size within the block is more than 3.2 MiB, a new, smaller stripe is inserted to fit within that space. This ensures that no stripe crosses block boundaries and causes remote reads within a node-local task. Kinesis Data Firehose ignores this parameter when `enablePadding` is `false`. */ paddingTolerance?: pulumi.Input; /** * The number of rows between index entries. The default is `10000` and the minimum is `1000`. */ rowIndexStride?: pulumi.Input; /** * The number of bytes in each stripe. The default is 64 MiB and the minimum is 8 MiB. */ stripeSizeBytes?: pulumi.Input; } export interface FirehoseDeliveryStreamExtendedS3ConfigurationDataFormatConversionConfigurationOutputFormatConfigurationSerializerParquetSerDe { /** * The Hadoop Distributed File System (HDFS) block size. This is useful if you intend to copy the data from Amazon S3 to HDFS before querying. The default is 256 MiB and the minimum is 64 MiB. Kinesis Data Firehose uses this value for padding calculations. */ blockSizeBytes?: pulumi.Input; /** * The compression code to use over data blocks. The possible values are `UNCOMPRESSED`, `SNAPPY`, and `GZIP`, with the default being `SNAPPY`. Use `SNAPPY` for higher decompression speed. Use `GZIP` if the compression ratio is more important than speed. */ compression?: pulumi.Input; /** * Indicates whether to enable dictionary compression. */ enableDictionaryCompression?: pulumi.Input; /** * The maximum amount of padding to apply. This is useful if you intend to copy the data from Amazon S3 to HDFS before querying. The default is `0`. */ maxPaddingBytes?: pulumi.Input; /** * The Parquet page size. Column chunks are divided into pages. A page is conceptually an indivisible unit (in terms of compression and encoding). The minimum value is 64 KiB and the default is 1 MiB. */ pageSizeBytes?: pulumi.Input; /** * Indicates the version of row format to output. The possible values are `V1` and `V2`. The default is `V1`. */ writerVersion?: pulumi.Input; } export interface FirehoseDeliveryStreamExtendedS3ConfigurationDataFormatConversionConfigurationSchemaConfiguration { /** * The ID of the AWS Glue Data Catalog. If you don't supply this, the AWS account ID is used by default. */ catalogId?: pulumi.Input; /** * Specifies the name of the AWS Glue database that contains the schema for the output data. */ databaseName: pulumi.Input; /** * If you don't specify an AWS Region, the default is the current region. */ region?: pulumi.Input; /** * The role that Kinesis Data Firehose can use to access AWS Glue. This role must be in the same account you use for Kinesis Data Firehose. Cross-account roles aren't allowed. */ roleArn: pulumi.Input; /** * Specifies the AWS Glue table that contains the column information that constitutes your data schema. */ tableName: pulumi.Input; /** * Specifies the table version for the output data schema. Defaults to `LATEST`. */ versionId?: pulumi.Input; } export interface FirehoseDeliveryStreamExtendedS3ConfigurationDynamicPartitioningConfiguration { /** * Enables or disables dynamic partitioning. Defaults to `false`. */ enabled?: pulumi.Input; /** * Total amount of seconds Firehose spends on retries. Valid values between 0 and 7200. Default is 300. * * > **NOTE:** You can enable dynamic partitioning only when you create a new delivery stream. Once you enable dynamic partitioning on a delivery stream, it cannot be disabled on this delivery stream. Therefore, the provider will recreate the resource whenever dynamic partitioning is enabled or disabled. */ retryDuration?: pulumi.Input; } export interface FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfiguration { /** * Enables or disables data processing. */ enabled?: pulumi.Input; /** * Specifies the data processors as multiple blocks. See `processors` block below for details. */ processors?: pulumi.Input[]>; } export interface FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessor { /** * Specifies the processor parameters as multiple blocks. See `parameters` block below for details. */ parameters?: pulumi.Input[]>; /** * The type of processor. Valid Values: `RecordDeAggregation`, `Lambda`, `MetadataExtraction`, `AppendDelimiterToRecord`. Validation is done against [AWS SDK constants](https://docs.aws.amazon.com/sdk-for-go/api/service/firehose/#pkg-constants); so that values not explicitly listed may also work. */ type: pulumi.Input; } export interface FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameter { /** * Parameter name. Valid Values: `LambdaArn`, `NumberOfRetries`, `MetadataExtractionQuery`, `JsonParsingEngine`, `RoleArn`, `BufferSizeInMBs`, `BufferIntervalInSeconds`, `SubRecordType`, `Delimiter`. Validation is done against [AWS SDK constants](https://docs.aws.amazon.com/sdk-for-go/api/service/firehose/#pkg-constants); so that values not explicitly listed may also work. */ parameterName: pulumi.Input; /** * Parameter value. Must be between 1 and 512 length (inclusive). When providing a Lambda ARN, you should specify the resource version as well. * * > **NOTE:** Parameters with default values, including `NumberOfRetries`(default: 3), `RoleArn`(default: firehose role ARN), `BufferSizeInMBs`(default: 1), and `BufferIntervalInSeconds`(default: 60), are not stored in Pulumi state. To prevent perpetual differences, it is therefore recommended to only include parameters with non-default values. */ parameterValue: pulumi.Input; } export interface FirehoseDeliveryStreamExtendedS3ConfigurationS3BackupConfiguration { bucketArn: pulumi.Input; bufferingInterval?: pulumi.Input; bufferingSize?: pulumi.Input; cloudwatchLoggingOptions?: pulumi.Input; compressionFormat?: pulumi.Input; errorOutputPrefix?: pulumi.Input; kmsKeyArn?: pulumi.Input; prefix?: pulumi.Input; roleArn: pulumi.Input; } export interface FirehoseDeliveryStreamExtendedS3ConfigurationS3BackupConfigurationCloudwatchLoggingOptions { /** * Enables or disables the logging. Defaults to `false`. */ enabled?: pulumi.Input; /** * The CloudWatch group name for logging. This value is required if `enabled` is true. */ logGroupName?: pulumi.Input; /** * The CloudWatch log stream name for logging. This value is required if `enabled` is true. */ logStreamName?: pulumi.Input; } export interface FirehoseDeliveryStreamHttpEndpointConfiguration { /** * The access key required for Kinesis Firehose to authenticate with the HTTP endpoint selected as the destination. */ accessKey?: pulumi.Input; /** * Buffer incoming data for the specified period of time, in seconds, before delivering it to the destination. The default value is 300 (5 minutes). */ bufferingInterval?: pulumi.Input; /** * Buffer incoming data to the specified size, in MBs, before delivering it to the destination. The default value is 5. */ bufferingSize?: pulumi.Input; /** * The CloudWatch Logging Options for the delivery stream. See `cloudwatchLoggingOptions` block below for details. */ cloudwatchLoggingOptions?: pulumi.Input; /** * The HTTP endpoint name. */ name?: pulumi.Input; /** * The data processing configuration. See `processingConfiguration` block below for details. */ processingConfiguration?: pulumi.Input; /** * The request configuration. See `requestConfiguration` block below for details. */ requestConfiguration?: pulumi.Input; /** * Total amount of seconds Firehose spends on retries. This duration starts after the initial attempt fails, It does not include the time periods during which Firehose waits for acknowledgment from the specified destination after each attempt. Valid values between `0` and `7200`. Default is `300`. */ retryDuration?: pulumi.Input; /** * Kinesis Data Firehose uses this IAM role for all the permissions that the delivery stream needs. The pattern needs to be `arn:.*`. */ roleArn?: pulumi.Input; /** * Defines how documents should be delivered to Amazon S3. Valid values are `FailedDataOnly` and `AllData`. Default value is `FailedDataOnly`. */ s3BackupMode?: pulumi.Input; /** * The S3 Configuration. See `s3Configuration` block below for details. */ s3Configuration: pulumi.Input; /** * The HTTP endpoint URL to which Kinesis Firehose sends your data. */ url: pulumi.Input; } export interface FirehoseDeliveryStreamHttpEndpointConfigurationCloudwatchLoggingOptions { /** * Enables or disables the logging. Defaults to `false`. */ enabled?: pulumi.Input; /** * The CloudWatch group name for logging. This value is required if `enabled` is true. */ logGroupName?: pulumi.Input; /** * The CloudWatch log stream name for logging. This value is required if `enabled` is true. */ logStreamName?: pulumi.Input; } export interface FirehoseDeliveryStreamHttpEndpointConfigurationProcessingConfiguration { /** * Enables or disables data processing. */ enabled?: pulumi.Input; /** * Specifies the data processors as multiple blocks. See `processors` block below for details. */ processors?: pulumi.Input[]>; } export interface FirehoseDeliveryStreamHttpEndpointConfigurationProcessingConfigurationProcessor { /** * Specifies the processor parameters as multiple blocks. See `parameters` block below for details. */ parameters?: pulumi.Input[]>; /** * The type of processor. Valid Values: `RecordDeAggregation`, `Lambda`, `MetadataExtraction`, `AppendDelimiterToRecord`. Validation is done against [AWS SDK constants](https://docs.aws.amazon.com/sdk-for-go/api/service/firehose/#pkg-constants); so that values not explicitly listed may also work. */ type: pulumi.Input; } export interface FirehoseDeliveryStreamHttpEndpointConfigurationProcessingConfigurationProcessorParameter { /** * Parameter name. Valid Values: `LambdaArn`, `NumberOfRetries`, `MetadataExtractionQuery`, `JsonParsingEngine`, `RoleArn`, `BufferSizeInMBs`, `BufferIntervalInSeconds`, `SubRecordType`, `Delimiter`. Validation is done against [AWS SDK constants](https://docs.aws.amazon.com/sdk-for-go/api/service/firehose/#pkg-constants); so that values not explicitly listed may also work. */ parameterName: pulumi.Input; /** * Parameter value. Must be between 1 and 512 length (inclusive). When providing a Lambda ARN, you should specify the resource version as well. * * > **NOTE:** Parameters with default values, including `NumberOfRetries`(default: 3), `RoleArn`(default: firehose role ARN), `BufferSizeInMBs`(default: 1), and `BufferIntervalInSeconds`(default: 60), are not stored in Pulumi state. To prevent perpetual differences, it is therefore recommended to only include parameters with non-default values. */ parameterValue: pulumi.Input; } export interface FirehoseDeliveryStreamHttpEndpointConfigurationRequestConfiguration { /** * Describes the metadata sent to the HTTP endpoint destination. See `commonAttributes` block below for details. */ commonAttributes?: pulumi.Input[]>; /** * Kinesis Data Firehose uses the content encoding to compress the body of a request before sending the request to the destination. Valid values are `NONE` and `GZIP`. Default value is `NONE`. */ contentEncoding?: pulumi.Input; } export interface FirehoseDeliveryStreamHttpEndpointConfigurationRequestConfigurationCommonAttribute { /** * The name of the HTTP endpoint common attribute. */ name: pulumi.Input; /** * The value of the HTTP endpoint common attribute. */ value: pulumi.Input; } export interface FirehoseDeliveryStreamHttpEndpointConfigurationS3Configuration { /** * The ARN of the S3 bucket */ bucketArn: pulumi.Input; /** * Buffer incoming data for the specified period of time, in seconds, before delivering it to the destination. The default value is 300. */ bufferingInterval?: pulumi.Input; /** * Buffer incoming data to the specified size, in MBs, before delivering it to the destination. The default value is 5. * We recommend setting SizeInMBs to a value greater than the amount of data you typically ingest into the delivery stream in 10 seconds. For example, if you typically ingest data at 1 MB/sec set SizeInMBs to be 10 MB or higher. */ bufferingSize?: pulumi.Input; /** * The CloudWatch Logging Options for the delivery stream. See `cloudwatchLoggingOptions` block below for details. */ cloudwatchLoggingOptions?: pulumi.Input; /** * The compression format. If no value is specified, the default is `UNCOMPRESSED`. Other supported values are `GZIP`, `ZIP`, `Snappy`, & `HADOOP_SNAPPY`. */ compressionFormat?: pulumi.Input; /** * Prefix added to failed records before writing them to S3. Not currently supported for `redshift` destination. This prefix appears immediately following the bucket name. For information about how to specify this prefix, see [Custom Prefixes for Amazon S3 Objects](https://docs.aws.amazon.com/firehose/latest/dev/s3-prefixes.html). */ errorOutputPrefix?: pulumi.Input; /** * Specifies the KMS key ARN the stream will use to encrypt data. If not set, no encryption will * be used. */ kmsKeyArn?: pulumi.Input; /** * The "YYYY/MM/DD/HH" time format prefix is automatically used for delivered S3 files. You can specify an extra prefix to be added in front of the time format prefix. Note that if the prefix ends with a slash, it appears as a folder in the S3 bucket */ prefix?: pulumi.Input; /** * The ARN of the AWS credentials. */ roleArn: pulumi.Input; } export interface FirehoseDeliveryStreamHttpEndpointConfigurationS3ConfigurationCloudwatchLoggingOptions { /** * Enables or disables the logging. Defaults to `false`. */ enabled?: pulumi.Input; /** * The CloudWatch group name for logging. This value is required if `enabled` is true. */ logGroupName?: pulumi.Input; /** * The CloudWatch log stream name for logging. This value is required if `enabled` is true. */ logStreamName?: pulumi.Input; } export interface FirehoseDeliveryStreamKinesisSourceConfiguration { /** * The kinesis stream used as the source of the firehose delivery stream. */ kinesisStreamArn: pulumi.Input; /** * The ARN of the role that provides access to the source Kinesis stream. */ roleArn: pulumi.Input; } export interface FirehoseDeliveryStreamMskSourceConfiguration { /** * The authentication configuration of the Amazon MSK cluster. See `authenticationConfiguration` block below for details. */ authenticationConfiguration: pulumi.Input; /** * The ARN of the Amazon MSK cluster. */ mskClusterArn: pulumi.Input; /** * The topic name within the Amazon MSK cluster. */ topicName: pulumi.Input; } export interface FirehoseDeliveryStreamMskSourceConfigurationAuthenticationConfiguration { /** * The type of connectivity used to access the Amazon MSK cluster. Valid values: `PUBLIC`, `PRIVATE`. */ connectivity: pulumi.Input; /** * The ARN of the role used to access the Amazon MSK cluster. */ roleArn: pulumi.Input; } export interface FirehoseDeliveryStreamOpensearchConfiguration { /** * Buffer incoming data for the specified period of time, in seconds between 0 to 900, before delivering it to the destination. The default value is 300s. */ bufferingInterval?: pulumi.Input; /** * Buffer incoming data to the specified size, in MBs between 1 to 100, before delivering it to the destination. The default value is 5MB. */ bufferingSize?: pulumi.Input; /** * The CloudWatch Logging Options for the delivery stream. See `cloudwatchLoggingOptions` block below for details. */ cloudwatchLoggingOptions?: pulumi.Input; /** * The endpoint to use when communicating with the cluster. Conflicts with `domainArn`. */ clusterEndpoint?: pulumi.Input; /** * The method for setting up document ID. See [`documentIdOptions` block] below for details. */ documentIdOptions?: pulumi.Input; /** * The ARN of the Amazon ES domain. The pattern needs to be `arn:.*`. Conflicts with `clusterEndpoint`. */ domainArn?: pulumi.Input; /** * The OpenSearch index name. */ indexName: pulumi.Input; /** * The OpenSearch index rotation period. Index rotation appends a timestamp to the IndexName to facilitate expiration of old data. Valid values are `NoRotation`, `OneHour`, `OneDay`, `OneWeek`, and `OneMonth`. The default value is `OneDay`. */ indexRotationPeriod?: pulumi.Input; /** * The data processing configuration. See `processingConfiguration` block below for details. */ processingConfiguration?: pulumi.Input; /** * After an initial failure to deliver to Amazon OpenSearch, the total amount of time, in seconds between 0 to 7200, during which Firehose re-attempts delivery (including the first attempt). After this time has elapsed, the failed documents are written to Amazon S3. The default value is 300s. There will be no retry if the value is 0. */ retryDuration?: pulumi.Input; /** * The ARN of the IAM role to be assumed by Firehose for calling the Amazon ES Configuration API and for indexing documents. The IAM role must have permission for `DescribeDomain`, `DescribeDomains`, and `DescribeDomainConfig`. The pattern needs to be `arn:.*`. */ roleArn: pulumi.Input; /** * Defines how documents should be delivered to Amazon S3. Valid values are `FailedDocumentsOnly` and `AllDocuments`. Default value is `FailedDocumentsOnly`. */ s3BackupMode?: pulumi.Input; /** * The S3 Configuration. See `s3Configuration` block below for details. */ s3Configuration: pulumi.Input; /** * The Elasticsearch type name with maximum length of 100 characters. Types are deprecated in OpenSearch_1.1. TypeName must be empty. */ typeName?: pulumi.Input; /** * The VPC configuration for the delivery stream to connect to OpenSearch associated with the VPC. See `vpcConfig` block below for details. */ vpcConfig?: pulumi.Input; } export interface FirehoseDeliveryStreamOpensearchConfigurationCloudwatchLoggingOptions { /** * Enables or disables the logging. Defaults to `false`. */ enabled?: pulumi.Input; /** * The CloudWatch group name for logging. This value is required if `enabled` is true. */ logGroupName?: pulumi.Input; /** * The CloudWatch log stream name for logging. This value is required if `enabled` is true. */ logStreamName?: pulumi.Input; } export interface FirehoseDeliveryStreamOpensearchConfigurationDocumentIdOptions { /** * The method for setting up document ID. Valid values: `FIREHOSE_DEFAULT`, `NO_DOCUMENT_ID`. */ defaultDocumentIdFormat: pulumi.Input; } export interface FirehoseDeliveryStreamOpensearchConfigurationProcessingConfiguration { /** * Enables or disables data processing. */ enabled?: pulumi.Input; /** * Specifies the data processors as multiple blocks. See `processors` block below for details. */ processors?: pulumi.Input[]>; } export interface FirehoseDeliveryStreamOpensearchConfigurationProcessingConfigurationProcessor { /** * Specifies the processor parameters as multiple blocks. See `parameters` block below for details. */ parameters?: pulumi.Input[]>; /** * The type of processor. Valid Values: `RecordDeAggregation`, `Lambda`, `MetadataExtraction`, `AppendDelimiterToRecord`. Validation is done against [AWS SDK constants](https://docs.aws.amazon.com/sdk-for-go/api/service/firehose/#pkg-constants); so that values not explicitly listed may also work. */ type: pulumi.Input; } export interface FirehoseDeliveryStreamOpensearchConfigurationProcessingConfigurationProcessorParameter { /** * Parameter name. Valid Values: `LambdaArn`, `NumberOfRetries`, `MetadataExtractionQuery`, `JsonParsingEngine`, `RoleArn`, `BufferSizeInMBs`, `BufferIntervalInSeconds`, `SubRecordType`, `Delimiter`. Validation is done against [AWS SDK constants](https://docs.aws.amazon.com/sdk-for-go/api/service/firehose/#pkg-constants); so that values not explicitly listed may also work. */ parameterName: pulumi.Input; /** * Parameter value. Must be between 1 and 512 length (inclusive). When providing a Lambda ARN, you should specify the resource version as well. * * > **NOTE:** Parameters with default values, including `NumberOfRetries`(default: 3), `RoleArn`(default: firehose role ARN), `BufferSizeInMBs`(default: 1), and `BufferIntervalInSeconds`(default: 60), are not stored in Pulumi state. To prevent perpetual differences, it is therefore recommended to only include parameters with non-default values. */ parameterValue: pulumi.Input; } export interface FirehoseDeliveryStreamOpensearchConfigurationS3Configuration { /** * The ARN of the S3 bucket */ bucketArn: pulumi.Input; /** * Buffer incoming data for the specified period of time, in seconds, before delivering it to the destination. The default value is 300. */ bufferingInterval?: pulumi.Input; /** * Buffer incoming data to the specified size, in MBs, before delivering it to the destination. The default value is 5. * We recommend setting SizeInMBs to a value greater than the amount of data you typically ingest into the delivery stream in 10 seconds. For example, if you typically ingest data at 1 MB/sec set SizeInMBs to be 10 MB or higher. */ bufferingSize?: pulumi.Input; /** * The CloudWatch Logging Options for the delivery stream. See `cloudwatchLoggingOptions` block below for details. */ cloudwatchLoggingOptions?: pulumi.Input; /** * The compression format. If no value is specified, the default is `UNCOMPRESSED`. Other supported values are `GZIP`, `ZIP`, `Snappy`, & `HADOOP_SNAPPY`. */ compressionFormat?: pulumi.Input; /** * Prefix added to failed records before writing them to S3. Not currently supported for `redshift` destination. This prefix appears immediately following the bucket name. For information about how to specify this prefix, see [Custom Prefixes for Amazon S3 Objects](https://docs.aws.amazon.com/firehose/latest/dev/s3-prefixes.html). */ errorOutputPrefix?: pulumi.Input; /** * Specifies the KMS key ARN the stream will use to encrypt data. If not set, no encryption will * be used. */ kmsKeyArn?: pulumi.Input; /** * The "YYYY/MM/DD/HH" time format prefix is automatically used for delivered S3 files. You can specify an extra prefix to be added in front of the time format prefix. Note that if the prefix ends with a slash, it appears as a folder in the S3 bucket */ prefix?: pulumi.Input; /** * The ARN of the AWS credentials. */ roleArn: pulumi.Input; } export interface FirehoseDeliveryStreamOpensearchConfigurationS3ConfigurationCloudwatchLoggingOptions { /** * Enables or disables the logging. Defaults to `false`. */ enabled?: pulumi.Input; /** * The CloudWatch group name for logging. This value is required if `enabled` is true. */ logGroupName?: pulumi.Input; /** * The CloudWatch log stream name for logging. This value is required if `enabled` is true. */ logStreamName?: pulumi.Input; } export interface FirehoseDeliveryStreamOpensearchConfigurationVpcConfig { /** * The ARN of the IAM role to be assumed by Firehose for calling the Amazon EC2 configuration API and for creating network interfaces. Make sure role has necessary [IAM permissions](https://docs.aws.amazon.com/firehose/latest/dev/controlling-access.html#using-iam-es-vpc) */ roleArn: pulumi.Input; /** * A list of security group IDs to associate with Kinesis Firehose. */ securityGroupIds: pulumi.Input[]>; /** * A list of subnet IDs to associate with Kinesis Firehose. */ subnetIds: pulumi.Input[]>; vpcId?: pulumi.Input; } export interface FirehoseDeliveryStreamOpensearchserverlessConfiguration { /** * Buffer incoming data for the specified period of time, in seconds between 0 to 900, before delivering it to the destination. The default value is 300s. */ bufferingInterval?: pulumi.Input; /** * Buffer incoming data to the specified size, in MBs between 1 to 100, before delivering it to the destination. The default value is 5MB. */ bufferingSize?: pulumi.Input; /** * The CloudWatch Logging Options for the delivery stream. See `cloudwatchLoggingOptions` block below for details. */ cloudwatchLoggingOptions?: pulumi.Input; /** * The endpoint to use when communicating with the collection in the Serverless offering for Amazon OpenSearch Service. */ collectionEndpoint: pulumi.Input; /** * The Serverless offering for Amazon OpenSearch Service index name. */ indexName: pulumi.Input; /** * The data processing configuration. See `processingConfiguration` block below for details. */ processingConfiguration?: pulumi.Input; /** * After an initial failure to deliver to the Serverless offering for Amazon OpenSearch Service, the total amount of time, in seconds between 0 to 7200, during which Kinesis Data Firehose retries delivery (including the first attempt). After this time has elapsed, the failed documents are written to Amazon S3. The default value is 300s. There will be no retry if the value is 0. */ retryDuration?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the IAM role to be assumed by Kinesis Data Firehose for calling the Serverless offering for Amazon OpenSearch Service Configuration API and for indexing documents. The pattern needs to be `arn:.*`. */ roleArn: pulumi.Input; /** * Defines how documents should be delivered to Amazon S3. Valid values are `FailedDocumentsOnly` and `AllDocuments`. Default value is `FailedDocumentsOnly`. */ s3BackupMode?: pulumi.Input; /** * The S3 Configuration. See `s3Configuration` block below for details. */ s3Configuration: pulumi.Input; /** * The VPC configuration for the delivery stream to connect to OpenSearch Serverless associated with the VPC. See `vpcConfig` block below for details. */ vpcConfig?: pulumi.Input; } export interface FirehoseDeliveryStreamOpensearchserverlessConfigurationCloudwatchLoggingOptions { /** * Enables or disables the logging. Defaults to `false`. */ enabled?: pulumi.Input; /** * The CloudWatch group name for logging. This value is required if `enabled` is true. */ logGroupName?: pulumi.Input; /** * The CloudWatch log stream name for logging. This value is required if `enabled` is true. */ logStreamName?: pulumi.Input; } export interface FirehoseDeliveryStreamOpensearchserverlessConfigurationProcessingConfiguration { /** * Enables or disables data processing. */ enabled?: pulumi.Input; /** * Specifies the data processors as multiple blocks. See `processors` block below for details. */ processors?: pulumi.Input[]>; } export interface FirehoseDeliveryStreamOpensearchserverlessConfigurationProcessingConfigurationProcessor { /** * Specifies the processor parameters as multiple blocks. See `parameters` block below for details. */ parameters?: pulumi.Input[]>; /** * The type of processor. Valid Values: `RecordDeAggregation`, `Lambda`, `MetadataExtraction`, `AppendDelimiterToRecord`. Validation is done against [AWS SDK constants](https://docs.aws.amazon.com/sdk-for-go/api/service/firehose/#pkg-constants); so that values not explicitly listed may also work. */ type: pulumi.Input; } export interface FirehoseDeliveryStreamOpensearchserverlessConfigurationProcessingConfigurationProcessorParameter { /** * Parameter name. Valid Values: `LambdaArn`, `NumberOfRetries`, `MetadataExtractionQuery`, `JsonParsingEngine`, `RoleArn`, `BufferSizeInMBs`, `BufferIntervalInSeconds`, `SubRecordType`, `Delimiter`. Validation is done against [AWS SDK constants](https://docs.aws.amazon.com/sdk-for-go/api/service/firehose/#pkg-constants); so that values not explicitly listed may also work. */ parameterName: pulumi.Input; /** * Parameter value. Must be between 1 and 512 length (inclusive). When providing a Lambda ARN, you should specify the resource version as well. * * > **NOTE:** Parameters with default values, including `NumberOfRetries`(default: 3), `RoleArn`(default: firehose role ARN), `BufferSizeInMBs`(default: 1), and `BufferIntervalInSeconds`(default: 60), are not stored in Pulumi state. To prevent perpetual differences, it is therefore recommended to only include parameters with non-default values. */ parameterValue: pulumi.Input; } export interface FirehoseDeliveryStreamOpensearchserverlessConfigurationS3Configuration { /** * The ARN of the S3 bucket */ bucketArn: pulumi.Input; /** * Buffer incoming data for the specified period of time, in seconds, before delivering it to the destination. The default value is 300. */ bufferingInterval?: pulumi.Input; /** * Buffer incoming data to the specified size, in MBs, before delivering it to the destination. The default value is 5. * We recommend setting SizeInMBs to a value greater than the amount of data you typically ingest into the delivery stream in 10 seconds. For example, if you typically ingest data at 1 MB/sec set SizeInMBs to be 10 MB or higher. */ bufferingSize?: pulumi.Input; /** * The CloudWatch Logging Options for the delivery stream. See `cloudwatchLoggingOptions` block below for details. */ cloudwatchLoggingOptions?: pulumi.Input; /** * The compression format. If no value is specified, the default is `UNCOMPRESSED`. Other supported values are `GZIP`, `ZIP`, `Snappy`, & `HADOOP_SNAPPY`. */ compressionFormat?: pulumi.Input; /** * Prefix added to failed records before writing them to S3. Not currently supported for `redshift` destination. This prefix appears immediately following the bucket name. For information about how to specify this prefix, see [Custom Prefixes for Amazon S3 Objects](https://docs.aws.amazon.com/firehose/latest/dev/s3-prefixes.html). */ errorOutputPrefix?: pulumi.Input; /** * Specifies the KMS key ARN the stream will use to encrypt data. If not set, no encryption will * be used. */ kmsKeyArn?: pulumi.Input; /** * The "YYYY/MM/DD/HH" time format prefix is automatically used for delivered S3 files. You can specify an extra prefix to be added in front of the time format prefix. Note that if the prefix ends with a slash, it appears as a folder in the S3 bucket */ prefix?: pulumi.Input; /** * The ARN of the AWS credentials. */ roleArn: pulumi.Input; } export interface FirehoseDeliveryStreamOpensearchserverlessConfigurationS3ConfigurationCloudwatchLoggingOptions { /** * Enables or disables the logging. Defaults to `false`. */ enabled?: pulumi.Input; /** * The CloudWatch group name for logging. This value is required if `enabled` is true. */ logGroupName?: pulumi.Input; /** * The CloudWatch log stream name for logging. This value is required if `enabled` is true. */ logStreamName?: pulumi.Input; } export interface FirehoseDeliveryStreamOpensearchserverlessConfigurationVpcConfig { /** * The ARN of the IAM role to be assumed by Firehose for calling the Amazon EC2 configuration API and for creating network interfaces. Make sure role has necessary [IAM permissions](https://docs.aws.amazon.com/firehose/latest/dev/controlling-access.html#using-iam-es-vpc) */ roleArn: pulumi.Input; /** * A list of security group IDs to associate with Kinesis Firehose. */ securityGroupIds: pulumi.Input[]>; /** * A list of subnet IDs to associate with Kinesis Firehose. */ subnetIds: pulumi.Input[]>; vpcId?: pulumi.Input; } export interface FirehoseDeliveryStreamRedshiftConfiguration { /** * The CloudWatch Logging Options for the delivery stream. See `cloudwatchLoggingOptions` block below for details. */ cloudwatchLoggingOptions?: pulumi.Input; /** * The jdbcurl of the redshift cluster. */ clusterJdbcurl: pulumi.Input; /** * Copy options for copying the data from the s3 intermediate bucket into redshift, for example to change the default delimiter. For valid values, see the [AWS documentation](http://docs.aws.amazon.com/firehose/latest/APIReference/API_CopyCommand.html) */ copyOptions?: pulumi.Input; /** * The data table columns that will be targeted by the copy command. */ dataTableColumns?: pulumi.Input; /** * The name of the table in the redshift cluster that the s3 bucket will copy to. */ dataTableName: pulumi.Input; /** * The password for the username above. */ password: pulumi.Input; /** * The data processing configuration. See `processingConfiguration` block below for details. */ processingConfiguration?: pulumi.Input; /** * The length of time during which Firehose retries delivery after a failure, starting from the initial request and including the first attempt. The default value is 3600 seconds (60 minutes). Firehose does not retry if the value of DurationInSeconds is 0 (zero) or if the first delivery attempt takes longer than the current value. */ retryDuration?: pulumi.Input; /** * The arn of the role the stream assumes. */ roleArn: pulumi.Input; /** * The configuration for backup in Amazon S3. Required if `s3BackupMode` is `Enabled`. Supports the same fields as `s3Configuration` object. */ s3BackupConfiguration?: pulumi.Input; /** * The Amazon S3 backup mode. Valid values are `Disabled` and `Enabled`. Default value is `Disabled`. */ s3BackupMode?: pulumi.Input; /** * The S3 Configuration. See s3Configuration below for details. */ s3Configuration: pulumi.Input; /** * The username that the firehose delivery stream will assume. It is strongly recommended that the username and password provided is used exclusively for Amazon Kinesis Firehose purposes, and that the permissions for the account are restricted for Amazon Redshift INSERT permissions. */ username: pulumi.Input; } export interface FirehoseDeliveryStreamRedshiftConfigurationCloudwatchLoggingOptions { /** * Enables or disables the logging. Defaults to `false`. */ enabled?: pulumi.Input; /** * The CloudWatch group name for logging. This value is required if `enabled` is true. */ logGroupName?: pulumi.Input; /** * The CloudWatch log stream name for logging. This value is required if `enabled` is true. */ logStreamName?: pulumi.Input; } export interface FirehoseDeliveryStreamRedshiftConfigurationProcessingConfiguration { /** * Enables or disables data processing. */ enabled?: pulumi.Input; /** * Specifies the data processors as multiple blocks. See `processors` block below for details. */ processors?: pulumi.Input[]>; } export interface FirehoseDeliveryStreamRedshiftConfigurationProcessingConfigurationProcessor { /** * Specifies the processor parameters as multiple blocks. See `parameters` block below for details. */ parameters?: pulumi.Input[]>; /** * The type of processor. Valid Values: `RecordDeAggregation`, `Lambda`, `MetadataExtraction`, `AppendDelimiterToRecord`. Validation is done against [AWS SDK constants](https://docs.aws.amazon.com/sdk-for-go/api/service/firehose/#pkg-constants); so that values not explicitly listed may also work. */ type: pulumi.Input; } export interface FirehoseDeliveryStreamRedshiftConfigurationProcessingConfigurationProcessorParameter { /** * Parameter name. Valid Values: `LambdaArn`, `NumberOfRetries`, `MetadataExtractionQuery`, `JsonParsingEngine`, `RoleArn`, `BufferSizeInMBs`, `BufferIntervalInSeconds`, `SubRecordType`, `Delimiter`. Validation is done against [AWS SDK constants](https://docs.aws.amazon.com/sdk-for-go/api/service/firehose/#pkg-constants); so that values not explicitly listed may also work. */ parameterName: pulumi.Input; /** * Parameter value. Must be between 1 and 512 length (inclusive). When providing a Lambda ARN, you should specify the resource version as well. * * > **NOTE:** Parameters with default values, including `NumberOfRetries`(default: 3), `RoleArn`(default: firehose role ARN), `BufferSizeInMBs`(default: 1), and `BufferIntervalInSeconds`(default: 60), are not stored in Pulumi state. To prevent perpetual differences, it is therefore recommended to only include parameters with non-default values. */ parameterValue: pulumi.Input; } export interface FirehoseDeliveryStreamRedshiftConfigurationS3BackupConfiguration { bucketArn: pulumi.Input; bufferingInterval?: pulumi.Input; bufferingSize?: pulumi.Input; cloudwatchLoggingOptions?: pulumi.Input; compressionFormat?: pulumi.Input; errorOutputPrefix?: pulumi.Input; kmsKeyArn?: pulumi.Input; prefix?: pulumi.Input; roleArn: pulumi.Input; } export interface FirehoseDeliveryStreamRedshiftConfigurationS3BackupConfigurationCloudwatchLoggingOptions { /** * Enables or disables the logging. Defaults to `false`. */ enabled?: pulumi.Input; /** * The CloudWatch group name for logging. This value is required if `enabled` is true. */ logGroupName?: pulumi.Input; /** * The CloudWatch log stream name for logging. This value is required if `enabled` is true. */ logStreamName?: pulumi.Input; } export interface FirehoseDeliveryStreamRedshiftConfigurationS3Configuration { /** * The ARN of the S3 bucket */ bucketArn: pulumi.Input; /** * Buffer incoming data for the specified period of time, in seconds, before delivering it to the destination. The default value is 300. */ bufferingInterval?: pulumi.Input; /** * Buffer incoming data to the specified size, in MBs, before delivering it to the destination. The default value is 5. * We recommend setting SizeInMBs to a value greater than the amount of data you typically ingest into the delivery stream in 10 seconds. For example, if you typically ingest data at 1 MB/sec set SizeInMBs to be 10 MB or higher. */ bufferingSize?: pulumi.Input; /** * The CloudWatch Logging Options for the delivery stream. See `cloudwatchLoggingOptions` block below for details. */ cloudwatchLoggingOptions?: pulumi.Input; /** * The compression format. If no value is specified, the default is `UNCOMPRESSED`. Other supported values are `GZIP`, `ZIP`, `Snappy`, & `HADOOP_SNAPPY`. */ compressionFormat?: pulumi.Input; /** * Prefix added to failed records before writing them to S3. Not currently supported for `redshift` destination. This prefix appears immediately following the bucket name. For information about how to specify this prefix, see [Custom Prefixes for Amazon S3 Objects](https://docs.aws.amazon.com/firehose/latest/dev/s3-prefixes.html). */ errorOutputPrefix?: pulumi.Input; /** * Specifies the KMS key ARN the stream will use to encrypt data. If not set, no encryption will * be used. */ kmsKeyArn?: pulumi.Input; /** * The "YYYY/MM/DD/HH" time format prefix is automatically used for delivered S3 files. You can specify an extra prefix to be added in front of the time format prefix. Note that if the prefix ends with a slash, it appears as a folder in the S3 bucket */ prefix?: pulumi.Input; /** * The ARN of the AWS credentials. */ roleArn: pulumi.Input; } export interface FirehoseDeliveryStreamRedshiftConfigurationS3ConfigurationCloudwatchLoggingOptions { /** * Enables or disables the logging. Defaults to `false`. */ enabled?: pulumi.Input; /** * The CloudWatch group name for logging. This value is required if `enabled` is true. */ logGroupName?: pulumi.Input; /** * The CloudWatch log stream name for logging. This value is required if `enabled` is true. */ logStreamName?: pulumi.Input; } export interface FirehoseDeliveryStreamServerSideEncryption { /** * Whether to enable encryption at rest. Default is `false`. */ enabled?: pulumi.Input; /** * Amazon Resource Name (ARN) of the encryption key. Required when `keyType` is `CUSTOMER_MANAGED_CMK`. */ keyArn?: pulumi.Input; /** * Type of encryption key. Default is `AWS_OWNED_CMK`. Valid values are `AWS_OWNED_CMK` and `CUSTOMER_MANAGED_CMK` */ keyType?: pulumi.Input; } export interface FirehoseDeliveryStreamSnowflakeConfiguration { /** * The URL of the Snowflake account. Format: https://[accountIdentifier].snowflakecomputing.com. */ accountUrl: pulumi.Input; /** * The CloudWatch Logging Options for the delivery stream. See `cloudwatchLoggingOptions` block below for details. */ cloudwatchLoggingOptions?: pulumi.Input; /** * The name of the content column. */ contentColumnName?: pulumi.Input; /** * The data loading option. */ dataLoadingOption?: pulumi.Input; /** * The Snowflake database name. */ database: pulumi.Input; /** * The passphrase for the private key. */ keyPassphrase?: pulumi.Input; /** * The name of the metadata column. */ metadataColumnName?: pulumi.Input; /** * The private key for authentication. */ privateKey: pulumi.Input; /** * The processing configuration. See `processingConfiguration` block below for details. */ processingConfiguration?: pulumi.Input; /** * After an initial failure to deliver to Snowflake, the total amount of time, in seconds between 0 to 7200, during which Firehose re-attempts delivery (including the first attempt). After this time has elapsed, the failed documents are written to Amazon S3. The default value is 60s. There will be no retry if the value is 0. */ retryDuration?: pulumi.Input; /** * The ARN of the IAM role. */ roleArn: pulumi.Input; /** * The S3 backup mode. */ s3BackupMode?: pulumi.Input; /** * The S3 configuration. See `s3Configuration` block below for details. */ s3Configuration: pulumi.Input; /** * The Snowflake schema name. */ schema: pulumi.Input; /** * The configuration for Snowflake role. */ snowflakeRoleConfiguration?: pulumi.Input; /** * The VPC configuration for Snowflake. */ snowflakeVpcConfiguration?: pulumi.Input; /** * The Snowflake table name. */ table: pulumi.Input; /** * The user for authentication. */ user: pulumi.Input; } export interface FirehoseDeliveryStreamSnowflakeConfigurationCloudwatchLoggingOptions { /** * Enables or disables the logging. Defaults to `false`. */ enabled?: pulumi.Input; /** * The CloudWatch group name for logging. This value is required if `enabled` is true. */ logGroupName?: pulumi.Input; /** * The CloudWatch log stream name for logging. This value is required if `enabled` is true. */ logStreamName?: pulumi.Input; } export interface FirehoseDeliveryStreamSnowflakeConfigurationProcessingConfiguration { /** * Enables or disables data processing. */ enabled?: pulumi.Input; /** * Specifies the data processors as multiple blocks. See `processors` block below for details. */ processors?: pulumi.Input[]>; } export interface FirehoseDeliveryStreamSnowflakeConfigurationProcessingConfigurationProcessor { /** * Specifies the processor parameters as multiple blocks. See `parameters` block below for details. */ parameters?: pulumi.Input[]>; /** * The type of processor. Valid Values: `RecordDeAggregation`, `Lambda`, `MetadataExtraction`, `AppendDelimiterToRecord`. Validation is done against [AWS SDK constants](https://docs.aws.amazon.com/sdk-for-go/api/service/firehose/#pkg-constants); so that values not explicitly listed may also work. */ type: pulumi.Input; } export interface FirehoseDeliveryStreamSnowflakeConfigurationProcessingConfigurationProcessorParameter { /** * Parameter name. Valid Values: `LambdaArn`, `NumberOfRetries`, `MetadataExtractionQuery`, `JsonParsingEngine`, `RoleArn`, `BufferSizeInMBs`, `BufferIntervalInSeconds`, `SubRecordType`, `Delimiter`. Validation is done against [AWS SDK constants](https://docs.aws.amazon.com/sdk-for-go/api/service/firehose/#pkg-constants); so that values not explicitly listed may also work. */ parameterName: pulumi.Input; /** * Parameter value. Must be between 1 and 512 length (inclusive). When providing a Lambda ARN, you should specify the resource version as well. * * > **NOTE:** Parameters with default values, including `NumberOfRetries`(default: 3), `RoleArn`(default: firehose role ARN), `BufferSizeInMBs`(default: 1), and `BufferIntervalInSeconds`(default: 60), are not stored in Pulumi state. To prevent perpetual differences, it is therefore recommended to only include parameters with non-default values. */ parameterValue: pulumi.Input; } export interface FirehoseDeliveryStreamSnowflakeConfigurationS3Configuration { /** * The ARN of the S3 bucket */ bucketArn: pulumi.Input; /** * Buffer incoming data for the specified period of time, in seconds, before delivering it to the destination. The default value is 300. */ bufferingInterval?: pulumi.Input; /** * Buffer incoming data to the specified size, in MBs, before delivering it to the destination. The default value is 5. * We recommend setting SizeInMBs to a value greater than the amount of data you typically ingest into the delivery stream in 10 seconds. For example, if you typically ingest data at 1 MB/sec set SizeInMBs to be 10 MB or higher. */ bufferingSize?: pulumi.Input; /** * The CloudWatch Logging Options for the delivery stream. See `cloudwatchLoggingOptions` block below for details. */ cloudwatchLoggingOptions?: pulumi.Input; /** * The compression format. If no value is specified, the default is `UNCOMPRESSED`. Other supported values are `GZIP`, `ZIP`, `Snappy`, & `HADOOP_SNAPPY`. */ compressionFormat?: pulumi.Input; /** * Prefix added to failed records before writing them to S3. Not currently supported for `redshift` destination. This prefix appears immediately following the bucket name. For information about how to specify this prefix, see [Custom Prefixes for Amazon S3 Objects](https://docs.aws.amazon.com/firehose/latest/dev/s3-prefixes.html). */ errorOutputPrefix?: pulumi.Input; /** * Specifies the KMS key ARN the stream will use to encrypt data. If not set, no encryption will * be used. */ kmsKeyArn?: pulumi.Input; /** * The "YYYY/MM/DD/HH" time format prefix is automatically used for delivered S3 files. You can specify an extra prefix to be added in front of the time format prefix. Note that if the prefix ends with a slash, it appears as a folder in the S3 bucket */ prefix?: pulumi.Input; /** * The ARN of the AWS credentials. */ roleArn: pulumi.Input; } export interface FirehoseDeliveryStreamSnowflakeConfigurationS3ConfigurationCloudwatchLoggingOptions { /** * Enables or disables the logging. Defaults to `false`. */ enabled?: pulumi.Input; /** * The CloudWatch group name for logging. This value is required if `enabled` is true. */ logGroupName?: pulumi.Input; /** * The CloudWatch log stream name for logging. This value is required if `enabled` is true. */ logStreamName?: pulumi.Input; } export interface FirehoseDeliveryStreamSnowflakeConfigurationSnowflakeRoleConfiguration { /** * Whether the Snowflake role is enabled. */ enabled?: pulumi.Input; /** * The Snowflake role. */ snowflakeRole?: pulumi.Input; } export interface FirehoseDeliveryStreamSnowflakeConfigurationSnowflakeVpcConfiguration { /** * The VPCE ID for Firehose to privately connect with Snowflake. */ privateLinkVpceId: pulumi.Input; } export interface FirehoseDeliveryStreamSplunkConfiguration { /** * Buffer incoming data for the specified period of time, in seconds between 0 to 60, before delivering it to the destination. The default value is 60s. */ bufferingInterval?: pulumi.Input; /** * Buffer incoming data to the specified size, in MBs between 1 to 5, before delivering it to the destination. The default value is 5MB. */ bufferingSize?: pulumi.Input; /** * The CloudWatch Logging Options for the delivery stream. See `cloudwatchLoggingOptions` block below for details. */ cloudwatchLoggingOptions?: pulumi.Input; /** * The amount of time, in seconds between 180 and 600, that Kinesis Firehose waits to receive an acknowledgment from Splunk after it sends it data. */ hecAcknowledgmentTimeout?: pulumi.Input; /** * The HTTP Event Collector (HEC) endpoint to which Kinesis Firehose sends your data. */ hecEndpoint: pulumi.Input; /** * The HEC endpoint type. Valid values are `Raw` or `Event`. The default value is `Raw`. */ hecEndpointType?: pulumi.Input; /** * The GUID that you obtain from your Splunk cluster when you create a new HEC endpoint. */ hecToken: pulumi.Input; /** * The data processing configuration. See `processingConfiguration` block below for details. */ processingConfiguration?: pulumi.Input; /** * After an initial failure to deliver to Splunk, the total amount of time, in seconds between 0 to 7200, during which Firehose re-attempts delivery (including the first attempt). After this time has elapsed, the failed documents are written to Amazon S3. The default value is 300s. There will be no retry if the value is 0. */ retryDuration?: pulumi.Input; /** * Defines how documents should be delivered to Amazon S3. Valid values are `FailedEventsOnly` and `AllEvents`. Default value is `FailedEventsOnly`. */ s3BackupMode?: pulumi.Input; /** * The S3 Configuration. See `s3Configuration` block below for details. */ s3Configuration: pulumi.Input; } export interface FirehoseDeliveryStreamSplunkConfigurationCloudwatchLoggingOptions { /** * Enables or disables the logging. Defaults to `false`. */ enabled?: pulumi.Input; /** * The CloudWatch group name for logging. This value is required if `enabled` is true. */ logGroupName?: pulumi.Input; /** * The CloudWatch log stream name for logging. This value is required if `enabled` is true. */ logStreamName?: pulumi.Input; } export interface FirehoseDeliveryStreamSplunkConfigurationProcessingConfiguration { /** * Enables or disables data processing. */ enabled?: pulumi.Input; /** * Specifies the data processors as multiple blocks. See `processors` block below for details. */ processors?: pulumi.Input[]>; } export interface FirehoseDeliveryStreamSplunkConfigurationProcessingConfigurationProcessor { /** * Specifies the processor parameters as multiple blocks. See `parameters` block below for details. */ parameters?: pulumi.Input[]>; /** * The type of processor. Valid Values: `RecordDeAggregation`, `Lambda`, `MetadataExtraction`, `AppendDelimiterToRecord`. Validation is done against [AWS SDK constants](https://docs.aws.amazon.com/sdk-for-go/api/service/firehose/#pkg-constants); so that values not explicitly listed may also work. */ type: pulumi.Input; } export interface FirehoseDeliveryStreamSplunkConfigurationProcessingConfigurationProcessorParameter { /** * Parameter name. Valid Values: `LambdaArn`, `NumberOfRetries`, `MetadataExtractionQuery`, `JsonParsingEngine`, `RoleArn`, `BufferSizeInMBs`, `BufferIntervalInSeconds`, `SubRecordType`, `Delimiter`. Validation is done against [AWS SDK constants](https://docs.aws.amazon.com/sdk-for-go/api/service/firehose/#pkg-constants); so that values not explicitly listed may also work. */ parameterName: pulumi.Input; /** * Parameter value. Must be between 1 and 512 length (inclusive). When providing a Lambda ARN, you should specify the resource version as well. * * > **NOTE:** Parameters with default values, including `NumberOfRetries`(default: 3), `RoleArn`(default: firehose role ARN), `BufferSizeInMBs`(default: 1), and `BufferIntervalInSeconds`(default: 60), are not stored in Pulumi state. To prevent perpetual differences, it is therefore recommended to only include parameters with non-default values. */ parameterValue: pulumi.Input; } export interface FirehoseDeliveryStreamSplunkConfigurationS3Configuration { /** * The ARN of the S3 bucket */ bucketArn: pulumi.Input; /** * Buffer incoming data for the specified period of time, in seconds, before delivering it to the destination. The default value is 300. */ bufferingInterval?: pulumi.Input; /** * Buffer incoming data to the specified size, in MBs, before delivering it to the destination. The default value is 5. * We recommend setting SizeInMBs to a value greater than the amount of data you typically ingest into the delivery stream in 10 seconds. For example, if you typically ingest data at 1 MB/sec set SizeInMBs to be 10 MB or higher. */ bufferingSize?: pulumi.Input; /** * The CloudWatch Logging Options for the delivery stream. See `cloudwatchLoggingOptions` block below for details. */ cloudwatchLoggingOptions?: pulumi.Input; /** * The compression format. If no value is specified, the default is `UNCOMPRESSED`. Other supported values are `GZIP`, `ZIP`, `Snappy`, & `HADOOP_SNAPPY`. */ compressionFormat?: pulumi.Input; /** * Prefix added to failed records before writing them to S3. Not currently supported for `redshift` destination. This prefix appears immediately following the bucket name. For information about how to specify this prefix, see [Custom Prefixes for Amazon S3 Objects](https://docs.aws.amazon.com/firehose/latest/dev/s3-prefixes.html). */ errorOutputPrefix?: pulumi.Input; /** * Specifies the KMS key ARN the stream will use to encrypt data. If not set, no encryption will * be used. */ kmsKeyArn?: pulumi.Input; /** * The "YYYY/MM/DD/HH" time format prefix is automatically used for delivered S3 files. You can specify an extra prefix to be added in front of the time format prefix. Note that if the prefix ends with a slash, it appears as a folder in the S3 bucket */ prefix?: pulumi.Input; /** * The ARN of the AWS credentials. */ roleArn: pulumi.Input; } export interface FirehoseDeliveryStreamSplunkConfigurationS3ConfigurationCloudwatchLoggingOptions { /** * Enables or disables the logging. Defaults to `false`. */ enabled?: pulumi.Input; /** * The CloudWatch group name for logging. This value is required if `enabled` is true. */ logGroupName?: pulumi.Input; /** * The CloudWatch log stream name for logging. This value is required if `enabled` is true. */ logStreamName?: pulumi.Input; } export interface StreamStreamModeDetails { /** * Specifies the capacity mode of the stream. Must be either `PROVISIONED` or `ON_DEMAND`. */ streamMode: pulumi.Input; } } export namespace kinesisanalyticsv2 { export interface ApplicationApplicationConfiguration { /** * The code location and type parameters for the application. */ applicationCodeConfiguration: pulumi.Input; /** * Describes whether snapshots are enabled for a Flink-based application. */ applicationSnapshotConfiguration?: pulumi.Input; /** * Describes execution properties for a Flink-based application. */ environmentProperties?: pulumi.Input; /** * The configuration of a Flink-based application. */ flinkApplicationConfiguration?: pulumi.Input; /** * Describes the starting properties for a Flink-based application. */ runConfiguration?: pulumi.Input; /** * The configuration of a SQL-based application. */ sqlApplicationConfiguration?: pulumi.Input; /** * The VPC configuration of a Flink-based application. */ vpcConfiguration?: pulumi.Input; } export interface ApplicationApplicationConfigurationApplicationCodeConfiguration { /** * The location and type of the application code. */ codeContent?: pulumi.Input; /** * Specifies whether the code content is in text or zip format. Valid values: `PLAINTEXT`, `ZIPFILE`. */ codeContentType: pulumi.Input; } export interface ApplicationApplicationConfigurationApplicationCodeConfigurationCodeContent { /** * Information about the Amazon S3 bucket containing the application code. */ s3ContentLocation?: pulumi.Input; /** * The text-format code for the application. */ textContent?: pulumi.Input; } export interface ApplicationApplicationConfigurationApplicationCodeConfigurationCodeContentS3ContentLocation { /** * The ARN for the S3 bucket containing the application code. */ bucketArn: pulumi.Input; /** * The file key for the object containing the application code. */ fileKey: pulumi.Input; /** * The version of the object containing the application code. */ objectVersion?: pulumi.Input; } export interface ApplicationApplicationConfigurationApplicationSnapshotConfiguration { /** * Describes whether snapshots are enabled for a Flink-based Kinesis Data Analytics application. */ snapshotsEnabled: pulumi.Input; } export interface ApplicationApplicationConfigurationEnvironmentProperties { /** * Describes the execution property groups. */ propertyGroups: pulumi.Input[]>; } export interface ApplicationApplicationConfigurationEnvironmentPropertiesPropertyGroup { /** * The key of the application execution property key-value map. */ propertyGroupId: pulumi.Input; /** * Application execution property key-value map. */ propertyMap: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface ApplicationApplicationConfigurationFlinkApplicationConfiguration { /** * Describes an application's checkpointing configuration. */ checkpointConfiguration?: pulumi.Input; /** * Describes configuration parameters for CloudWatch logging for an application. */ monitoringConfiguration?: pulumi.Input; /** * Describes parameters for how an application executes multiple tasks simultaneously. */ parallelismConfiguration?: pulumi.Input; } export interface ApplicationApplicationConfigurationFlinkApplicationConfigurationCheckpointConfiguration { /** * Describes the interval in milliseconds between checkpoint operations. */ checkpointInterval?: pulumi.Input; /** * Describes whether checkpointing is enabled for a Flink-based Kinesis Data Analytics application. */ checkpointingEnabled?: pulumi.Input; /** * Describes whether the application uses Kinesis Data Analytics' default checkpointing behavior. Valid values: `CUSTOM`, `DEFAULT`. Set this attribute to `CUSTOM` in order for any specified `checkpointingEnabled`, `checkpointInterval`, or `minPauseBetweenCheckpoints` attribute values to be effective. If this attribute is set to `DEFAULT`, the application will always use the following values: * * `checkpointingEnabled = true` * * `checkpointInterval = 60000` * * `minPauseBetweenCheckpoints = 5000` */ configurationType: pulumi.Input; /** * Describes the minimum time in milliseconds after a checkpoint operation completes that a new checkpoint operation can start. */ minPauseBetweenCheckpoints?: pulumi.Input; } export interface ApplicationApplicationConfigurationFlinkApplicationConfigurationMonitoringConfiguration { /** * Describes whether to use the default CloudWatch logging configuration for an application. Valid values: `CUSTOM`, `DEFAULT`. Set this attribute to `CUSTOM` in order for any specified `logLevel` or `metricsLevel` attribute values to be effective. */ configurationType: pulumi.Input; /** * Describes the verbosity of the CloudWatch Logs for an application. Valid values: `DEBUG`, `ERROR`, `INFO`, `WARN`. */ logLevel?: pulumi.Input; /** * Describes the granularity of the CloudWatch Logs for an application. Valid values: `APPLICATION`, `OPERATOR`, `PARALLELISM`, `TASK`. */ metricsLevel?: pulumi.Input; } export interface ApplicationApplicationConfigurationFlinkApplicationConfigurationParallelismConfiguration { /** * Describes whether the Kinesis Data Analytics service can increase the parallelism of the application in response to increased throughput. */ autoScalingEnabled?: pulumi.Input; /** * Describes whether the application uses the default parallelism for the Kinesis Data Analytics service. Valid values: `CUSTOM`, `DEFAULT`. Set this attribute to `CUSTOM` in order for any specified `autoScalingEnabled`, `parallelism`, or `parallelismPerKpu` attribute values to be effective. */ configurationType: pulumi.Input; /** * Describes the initial number of parallel tasks that a Flink-based Kinesis Data Analytics application can perform. */ parallelism?: pulumi.Input; /** * Describes the number of parallel tasks that a Flink-based Kinesis Data Analytics application can perform per Kinesis Processing Unit (KPU) used by the application. */ parallelismPerKpu?: pulumi.Input; } export interface ApplicationApplicationConfigurationRunConfiguration { /** * The restore behavior of a restarting application. */ applicationRestoreConfiguration?: pulumi.Input; /** * The starting parameters for a Flink-based Kinesis Data Analytics application. */ flinkRunConfiguration?: pulumi.Input; } export interface ApplicationApplicationConfigurationRunConfigurationApplicationRestoreConfiguration { /** * Specifies how the application should be restored. Valid values: `RESTORE_FROM_CUSTOM_SNAPSHOT`, `RESTORE_FROM_LATEST_SNAPSHOT`, `SKIP_RESTORE_FROM_SNAPSHOT`. */ applicationRestoreType?: pulumi.Input; /** * The identifier of an existing snapshot of application state to use to restart an application. The application uses this value if `RESTORE_FROM_CUSTOM_SNAPSHOT` is specified for `applicationRestoreType`. */ snapshotName?: pulumi.Input; } export interface ApplicationApplicationConfigurationRunConfigurationFlinkRunConfiguration { /** * When restoring from a snapshot, specifies whether the runtime is allowed to skip a state that cannot be mapped to the new program. Default is `false`. */ allowNonRestoredState?: pulumi.Input; } export interface ApplicationApplicationConfigurationSqlApplicationConfiguration { /** * The input stream used by the application. */ input?: pulumi.Input; /** * The destination streams used by the application. */ outputs?: pulumi.Input[]>; /** * The reference data source used by the application. */ referenceDataSource?: pulumi.Input; } export interface ApplicationApplicationConfigurationSqlApplicationConfigurationInput { inAppStreamNames?: pulumi.Input[]>; inputId?: pulumi.Input; /** * Describes the number of in-application streams to create. */ inputParallelism?: pulumi.Input; /** * The input processing configuration for the input. * An input processor transforms records as they are received from the stream, before the application's SQL code executes. */ inputProcessingConfiguration?: pulumi.Input; /** * Describes the format of the data in the streaming source, and how each data element maps to corresponding columns in the in-application stream that is being created. */ inputSchema: pulumi.Input; /** * The point at which the application starts processing records from the streaming source. */ inputStartingPositionConfigurations?: pulumi.Input[]>; /** * If the streaming source is a Kinesis Data Firehose delivery stream, identifies the delivery stream's ARN. */ kinesisFirehoseInput?: pulumi.Input; /** * If the streaming source is a Kinesis data stream, identifies the stream's Amazon Resource Name (ARN). */ kinesisStreamsInput?: pulumi.Input; /** * The name prefix to use when creating an in-application stream. */ namePrefix: pulumi.Input; } export interface ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputParallelism { /** * The number of in-application streams to create. */ count?: pulumi.Input; } export interface ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputProcessingConfiguration { /** * Describes the Lambda function that is used to preprocess the records in the stream before being processed by your application code. */ inputLambdaProcessor: pulumi.Input; } export interface ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputProcessingConfigurationInputLambdaProcessor { /** * The ARN of the Lambda function that operates on records in the stream. */ resourceArn: pulumi.Input; } export interface ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputSchema { /** * Describes the mapping of each data element in the streaming source to the corresponding column in the in-application stream. */ recordColumns: pulumi.Input[]>; /** * Specifies the encoding of the records in the streaming source. For example, `UTF-8`. */ recordEncoding?: pulumi.Input; /** * Specifies the format of the records on the streaming source. */ recordFormat: pulumi.Input; } export interface ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputSchemaRecordColumn { /** * A reference to the data element in the streaming input or the reference data source. */ mapping?: pulumi.Input; /** * The name of the column that is created in the in-application input stream or reference table. */ name: pulumi.Input; /** * The type of column created in the in-application input stream or reference table. */ sqlType: pulumi.Input; } export interface ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputSchemaRecordFormat { /** * Provides additional mapping information specific to the record format (such as JSON, CSV, or record fields delimited by some delimiter) on the streaming source. */ mappingParameters: pulumi.Input; /** * The type of record format. Valid values: `CSV`, `JSON`. */ recordFormatType: pulumi.Input; } export interface ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputSchemaRecordFormatMappingParameters { /** * Provides additional mapping information when the record format uses delimiters (for example, CSV). */ csvMappingParameters?: pulumi.Input; /** * Provides additional mapping information when JSON is the record format on the streaming source. */ jsonMappingParameters?: pulumi.Input; } export interface ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputSchemaRecordFormatMappingParametersCsvMappingParameters { /** * The column delimiter. For example, in a CSV format, a comma (`,`) is the typical column delimiter. */ recordColumnDelimiter: pulumi.Input; /** * The row delimiter. For example, in a CSV format, `\n` is the typical row delimiter. */ recordRowDelimiter: pulumi.Input; } export interface ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputSchemaRecordFormatMappingParametersJsonMappingParameters { /** * The path to the top-level parent that contains the records. */ recordRowPath: pulumi.Input; } export interface ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputStartingPositionConfiguration { /** * The starting position on the stream. Valid values: `LAST_STOPPED_POINT`, `NOW`, `TRIM_HORIZON`. */ inputStartingPosition?: pulumi.Input; } export interface ApplicationApplicationConfigurationSqlApplicationConfigurationInputKinesisFirehoseInput { /** * The ARN of the delivery stream. */ resourceArn: pulumi.Input; } export interface ApplicationApplicationConfigurationSqlApplicationConfigurationInputKinesisStreamsInput { /** * The ARN of the input Kinesis data stream to read. */ resourceArn: pulumi.Input; } export interface ApplicationApplicationConfigurationSqlApplicationConfigurationOutput { /** * Describes the data format when records are written to the destination. */ destinationSchema: pulumi.Input; /** * Identifies a Kinesis Data Firehose delivery stream as the destination. */ kinesisFirehoseOutput?: pulumi.Input; /** * Identifies a Kinesis data stream as the destination. */ kinesisStreamsOutput?: pulumi.Input; /** * Identifies a Lambda function as the destination. */ lambdaOutput?: pulumi.Input; /** * The name of the in-application stream. */ name: pulumi.Input; outputId?: pulumi.Input; } export interface ApplicationApplicationConfigurationSqlApplicationConfigurationOutputDestinationSchema { /** * Specifies the format of the records on the output stream. Valid values: `CSV`, `JSON`. */ recordFormatType: pulumi.Input; } export interface ApplicationApplicationConfigurationSqlApplicationConfigurationOutputKinesisFirehoseOutput { /** * The ARN of the destination delivery stream to write to. */ resourceArn: pulumi.Input; } export interface ApplicationApplicationConfigurationSqlApplicationConfigurationOutputKinesisStreamsOutput { /** * The ARN of the destination Kinesis data stream to write to. */ resourceArn: pulumi.Input; } export interface ApplicationApplicationConfigurationSqlApplicationConfigurationOutputLambdaOutput { /** * The ARN of the destination Lambda function to write to. */ resourceArn: pulumi.Input; } export interface ApplicationApplicationConfigurationSqlApplicationConfigurationReferenceDataSource { referenceId?: pulumi.Input; /** * Describes the format of the data in the streaming source, and how each data element maps to corresponding columns created in the in-application stream. */ referenceSchema: pulumi.Input; /** * Identifies the S3 bucket and object that contains the reference data. */ s3ReferenceDataSource: pulumi.Input; /** * The name of the in-application table to create. */ tableName: pulumi.Input; } export interface ApplicationApplicationConfigurationSqlApplicationConfigurationReferenceDataSourceReferenceSchema { /** * Describes the mapping of each data element in the streaming source to the corresponding column in the in-application stream. */ recordColumns: pulumi.Input[]>; /** * Specifies the encoding of the records in the streaming source. For example, `UTF-8`. */ recordEncoding?: pulumi.Input; /** * Specifies the format of the records on the streaming source. */ recordFormat: pulumi.Input; } export interface ApplicationApplicationConfigurationSqlApplicationConfigurationReferenceDataSourceReferenceSchemaRecordColumn { /** * A reference to the data element in the streaming input or the reference data source. */ mapping?: pulumi.Input; /** * The name of the column that is created in the in-application input stream or reference table. */ name: pulumi.Input; /** * The type of column created in the in-application input stream or reference table. */ sqlType: pulumi.Input; } export interface ApplicationApplicationConfigurationSqlApplicationConfigurationReferenceDataSourceReferenceSchemaRecordFormat { /** * Provides additional mapping information specific to the record format (such as JSON, CSV, or record fields delimited by some delimiter) on the streaming source. */ mappingParameters: pulumi.Input; /** * The type of record format. Valid values: `CSV`, `JSON`. */ recordFormatType: pulumi.Input; } export interface ApplicationApplicationConfigurationSqlApplicationConfigurationReferenceDataSourceReferenceSchemaRecordFormatMappingParameters { /** * Provides additional mapping information when the record format uses delimiters (for example, CSV). */ csvMappingParameters?: pulumi.Input; /** * Provides additional mapping information when JSON is the record format on the streaming source. */ jsonMappingParameters?: pulumi.Input; } export interface ApplicationApplicationConfigurationSqlApplicationConfigurationReferenceDataSourceReferenceSchemaRecordFormatMappingParametersCsvMappingParameters { /** * The column delimiter. For example, in a CSV format, a comma (`,`) is the typical column delimiter. */ recordColumnDelimiter: pulumi.Input; /** * The row delimiter. For example, in a CSV format, `\n` is the typical row delimiter. */ recordRowDelimiter: pulumi.Input; } export interface ApplicationApplicationConfigurationSqlApplicationConfigurationReferenceDataSourceReferenceSchemaRecordFormatMappingParametersJsonMappingParameters { /** * The path to the top-level parent that contains the records. */ recordRowPath: pulumi.Input; } export interface ApplicationApplicationConfigurationSqlApplicationConfigurationReferenceDataSourceS3ReferenceDataSource { /** * The ARN of the S3 bucket. */ bucketArn: pulumi.Input; /** * The object key name containing the reference data. */ fileKey: pulumi.Input; } export interface ApplicationApplicationConfigurationVpcConfiguration { /** * The Security Group IDs used by the VPC configuration. */ securityGroupIds: pulumi.Input[]>; /** * The Subnet IDs used by the VPC configuration. */ subnetIds: pulumi.Input[]>; vpcConfigurationId?: pulumi.Input; vpcId?: pulumi.Input; } export interface ApplicationCloudwatchLoggingOptions { cloudwatchLoggingOptionId?: pulumi.Input; /** * The ARN of the CloudWatch log stream to receive application messages. */ logStreamArn: pulumi.Input; } } export namespace kms { export interface GetSecretSecret { context?: {[key: string]: string}; grantTokens?: string[]; name: string; payload: string; } export interface GetSecretSecretArgs { context?: pulumi.Input<{[key: string]: pulumi.Input}>; grantTokens?: pulumi.Input[]>; name: pulumi.Input; payload: pulumi.Input; } export interface GetSecretsSecret { /** * An optional mapping that makes up the Encryption Context for the secret. */ context?: {[key: string]: string}; /** * The encryption algorithm that will be used to decrypt the ciphertext. This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key. Valid Values: SYMMETRIC_DEFAULT | RSAES_OAEP_SHA_1 | RSAES_OAEP_SHA_256 | SM2PKE */ encryptionAlgorithm?: string; /** * An optional list of Grant Tokens for the secret. */ grantTokens?: string[]; /** * Specifies the KMS key that AWS KMS uses to decrypt the ciphertext. This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key. * * For more information on `context` and `grantTokens` see the [KMS * Concepts](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html) */ keyId?: string; /** * Name to export this secret under in the attributes. */ name: string; /** * Base64 encoded payload, as returned from a KMS encrypt operation. */ payload: string; } export interface GetSecretsSecretArgs { /** * An optional mapping that makes up the Encryption Context for the secret. */ context?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * The encryption algorithm that will be used to decrypt the ciphertext. This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key. Valid Values: SYMMETRIC_DEFAULT | RSAES_OAEP_SHA_1 | RSAES_OAEP_SHA_256 | SM2PKE */ encryptionAlgorithm?: pulumi.Input; /** * An optional list of Grant Tokens for the secret. */ grantTokens?: pulumi.Input[]>; /** * Specifies the KMS key that AWS KMS uses to decrypt the ciphertext. This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key. * * For more information on `context` and `grantTokens` see the [KMS * Concepts](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html) */ keyId?: pulumi.Input; /** * Name to export this secret under in the attributes. */ name: pulumi.Input; /** * Base64 encoded payload, as returned from a KMS encrypt operation. */ payload: pulumi.Input; } export interface GrantConstraint { /** * A list of key-value pairs that must match the encryption context in subsequent cryptographic operation requests. The grant allows the operation only when the encryption context in the request is the same as the encryption context specified in this constraint. Conflicts with `encryptionContextSubset`. */ encryptionContextEquals?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * A list of key-value pairs that must be included in the encryption context of subsequent cryptographic operation requests. The grant allows the cryptographic operation only when the encryption context in the request includes the key-value pairs specified in this constraint, although it can include additional key-value pairs. Conflicts with `encryptionContextEquals`. */ encryptionContextSubset?: pulumi.Input<{[key: string]: pulumi.Input}>; } } export namespace lakeformation { export interface DataCellsFilterTableData { /** * A list of column names and/or nested column attributes. */ columnNames?: pulumi.Input[]>; columnWildcard?: pulumi.Input; /** * The name of the database. */ databaseName: pulumi.Input; /** * The name of the data cells filter. */ name: pulumi.Input; /** * A PartiQL predicate. See Row Filter below for details. */ rowFilter?: pulumi.Input; /** * The ID of the Data Catalog. */ tableCatalogId: pulumi.Input; /** * The name of the table. */ tableName: pulumi.Input; /** * ID of the data cells filter version. */ versionId?: pulumi.Input; } export interface DataCellsFilterTableDataColumnWildcard { /** * (Optional) Excludes column names. Any column with this name will be excluded. */ excludedColumnNames?: pulumi.Input[]>; } export interface DataCellsFilterTableDataRowFilter { /** * (Optional) A wildcard that matches all rows. */ allRowsWildcard?: pulumi.Input; /** * (Optional) A filter expression. */ filterExpression?: pulumi.Input; } export interface DataCellsFilterTableDataRowFilterAllRowsWildcard { } export interface DataCellsFilterTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; } export interface DataLakeSettingsCreateDatabaseDefaultPermission { /** * List of permissions that are granted to the principal. Valid values may include `ALL`, `SELECT`, `ALTER`, `DROP`, `DELETE`, `INSERT`, `DESCRIBE`, and `CREATE_TABLE`. For more details, see [Lake Formation Permissions Reference](https://docs.aws.amazon.com/lake-formation/latest/dg/lf-permissions-reference.html). */ permissions?: pulumi.Input[]>; /** * Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set `principal` to `IAM_ALLOWED_PRINCIPALS` and `permissions` to `["ALL"]`. */ principal?: pulumi.Input; } export interface DataLakeSettingsCreateTableDefaultPermission { /** * List of permissions that are granted to the principal. Valid values may include `ALL`, `SELECT`, `ALTER`, `DROP`, `DELETE`, `INSERT`, and `DESCRIBE`. For more details, see [Lake Formation Permissions Reference](https://docs.aws.amazon.com/lake-formation/latest/dg/lf-permissions-reference.html). */ permissions?: pulumi.Input[]>; /** * Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set `principal` to `IAM_ALLOWED_PRINCIPALS` and `permissions` to `["ALL"]`. */ principal?: pulumi.Input; } export interface GetPermissionsDataCellsFilter { /** * The name of the database. */ databaseName: string; /** * The name of the data cells filter. */ name: string; /** * The ID of the Data Catalog. */ tableCatalogId: string; /** * The name of the table. */ tableName: string; } export interface GetPermissionsDataCellsFilterArgs { /** * The name of the database. */ databaseName: pulumi.Input; /** * The name of the data cells filter. */ name: pulumi.Input; /** * The ID of the Data Catalog. */ tableCatalogId: pulumi.Input; /** * The name of the table. */ tableName: pulumi.Input; } export interface GetPermissionsDataLocation { /** * ARN that uniquely identifies the data location resource. * * The following argument is optional: */ arn: string; /** * Identifier for the Data Catalog where the location is registered with Lake Formation. By default, it is the account ID of the caller. */ catalogId?: string; } export interface GetPermissionsDataLocationArgs { /** * ARN that uniquely identifies the data location resource. * * The following argument is optional: */ arn: pulumi.Input; /** * Identifier for the Data Catalog where the location is registered with Lake Formation. By default, it is the account ID of the caller. */ catalogId?: pulumi.Input; } export interface GetPermissionsDatabase { /** * Identifier for the Data Catalog. By default, it is the account ID of the caller. */ catalogId?: string; /** * Name of the database resource. Unique to the Data Catalog. * * The following argument is optional: */ name: string; } export interface GetPermissionsDatabaseArgs { /** * Identifier for the Data Catalog. By default, it is the account ID of the caller. */ catalogId?: pulumi.Input; /** * Name of the database resource. Unique to the Data Catalog. * * The following argument is optional: */ name: pulumi.Input; } export interface GetPermissionsLfTag { /** * Identifier for the Data Catalog. By default, it is the account ID of the caller. */ catalogId?: string; /** * Key-name for the tag. */ key: string; /** * List of possible values an attribute can take. * * The following argument is optional: */ values: string[]; } export interface GetPermissionsLfTagArgs { /** * Identifier for the Data Catalog. By default, it is the account ID of the caller. */ catalogId?: pulumi.Input; /** * Key-name for the tag. */ key: pulumi.Input; /** * List of possible values an attribute can take. * * The following argument is optional: */ values: pulumi.Input[]>; } export interface GetPermissionsLfTagPolicy { /** * Identifier for the Data Catalog. By default, it is the account ID of the caller. */ catalogId?: string; /** * List of tag conditions that apply to the resource's tag policy. Configuration block for tag conditions that apply to the policy. See `expression` below. * * The following argument is optional: */ expressions: inputs.lakeformation.GetPermissionsLfTagPolicyExpression[]; /** * Resource type for which the tag policy applies. Valid values are `DATABASE` and `TABLE`. */ resourceType: string; } export interface GetPermissionsLfTagPolicyArgs { /** * Identifier for the Data Catalog. By default, it is the account ID of the caller. */ catalogId?: pulumi.Input; /** * List of tag conditions that apply to the resource's tag policy. Configuration block for tag conditions that apply to the policy. See `expression` below. * * The following argument is optional: */ expressions: pulumi.Input[]>; /** * Resource type for which the tag policy applies. Valid values are `DATABASE` and `TABLE`. */ resourceType: pulumi.Input; } export interface GetPermissionsLfTagPolicyExpression { /** * Key-name of an LF-Tag. */ key: string; /** * List of possible values of an LF-Tag. */ values: string[]; } export interface GetPermissionsLfTagPolicyExpressionArgs { /** * Key-name of an LF-Tag. */ key: pulumi.Input; /** * List of possible values of an LF-Tag. */ values: pulumi.Input[]>; } export interface GetPermissionsTable { /** * Identifier for the Data Catalog. By default, it is the account ID of the caller. */ catalogId?: string; /** * Name of the database for the table. Unique to a Data Catalog. * * The following arguments are optional: */ databaseName: string; /** * Name of the table. At least one of `name` or `wildcard` is required. */ name?: string; /** * Whether to use a wildcard representing every table under a database. At least one of `name` or `wildcard` is required. Defaults to `false`. */ wildcard?: boolean; } export interface GetPermissionsTableArgs { /** * Identifier for the Data Catalog. By default, it is the account ID of the caller. */ catalogId?: pulumi.Input; /** * Name of the database for the table. Unique to a Data Catalog. * * The following arguments are optional: */ databaseName: pulumi.Input; /** * Name of the table. At least one of `name` or `wildcard` is required. */ name?: pulumi.Input; /** * Whether to use a wildcard representing every table under a database. At least one of `name` or `wildcard` is required. Defaults to `false`. */ wildcard?: pulumi.Input; } export interface GetPermissionsTableWithColumns { /** * Identifier for the Data Catalog. By default, it is the account ID of the caller. */ catalogId?: string; /** * Set of column names for the table. At least one of `columnNames` or `excludedColumnNames` is required. */ columnNames?: string[]; /** * Name of the database for the table with columns resource. Unique to the Data Catalog. */ databaseName: string; /** * Set of column names for the table to exclude. At least one of `columnNames` or `excludedColumnNames` is required. */ excludedColumnNames?: string[]; /** * Name of the table resource. * * The following arguments are optional: */ name: string; wildcard?: boolean; } export interface GetPermissionsTableWithColumnsArgs { /** * Identifier for the Data Catalog. By default, it is the account ID of the caller. */ catalogId?: pulumi.Input; /** * Set of column names for the table. At least one of `columnNames` or `excludedColumnNames` is required. */ columnNames?: pulumi.Input[]>; /** * Name of the database for the table with columns resource. Unique to the Data Catalog. */ databaseName: pulumi.Input; /** * Set of column names for the table to exclude. At least one of `columnNames` or `excludedColumnNames` is required. */ excludedColumnNames?: pulumi.Input[]>; /** * Name of the table resource. * * The following arguments are optional: */ name: pulumi.Input; wildcard?: pulumi.Input; } export interface PermissionsDataCellsFilter { /** * The name of the database. */ databaseName: pulumi.Input; /** * The name of the data cells filter. */ name: pulumi.Input; /** * The ID of the Data Catalog. */ tableCatalogId: pulumi.Input; /** * The name of the table. */ tableName: pulumi.Input; } export interface PermissionsDataLocation { /** * Amazon Resource Name (ARN) that uniquely identifies the data location resource. * * The following argument is optional: */ arn: pulumi.Input; /** * Identifier for the Data Catalog where the location is registered with Lake Formation. By default, it is the account ID of the caller. */ catalogId?: pulumi.Input; } export interface PermissionsDatabase { /** * Identifier for the Data Catalog. By default, it is the account ID of the caller. */ catalogId?: pulumi.Input; /** * Name of the database resource. Unique to the Data Catalog. * * The following argument is optional: */ name: pulumi.Input; } export interface PermissionsLfTag { /** * Identifier for the Data Catalog. By default, it is the account ID of the caller. */ catalogId?: pulumi.Input; /** * The key-name for the tag. */ key: pulumi.Input; /** * A list of possible values an attribute can take. * * The following argument is optional: */ values: pulumi.Input[]>; } export interface PermissionsLfTagPolicy { /** * Identifier for the Data Catalog. By default, it is the account ID of the caller. */ catalogId?: pulumi.Input; /** * A list of tag conditions that apply to the resource's tag policy. Configuration block for tag conditions that apply to the policy. See `expression` below. * * The following argument is optional: */ expressions: pulumi.Input[]>; /** * The resource type for which the tag policy applies. Valid values are `DATABASE` and `TABLE`. */ resourceType: pulumi.Input; } export interface PermissionsLfTagPolicyExpression { /** * The key-name of an LF-Tag. */ key: pulumi.Input; /** * A list of possible values of an LF-Tag. */ values: pulumi.Input[]>; } export interface PermissionsTable { /** * Identifier for the Data Catalog. By default, it is the account ID of the caller. */ catalogId?: pulumi.Input; /** * Name of the database for the table. Unique to a Data Catalog. */ databaseName: pulumi.Input; /** * Name of the table. */ name?: pulumi.Input; /** * Whether to use a wildcard representing every table under a database. Defaults to `false`. * * The following arguments are optional: */ wildcard?: pulumi.Input; } export interface PermissionsTableWithColumns { /** * Identifier for the Data Catalog. By default, it is the account ID of the caller. */ catalogId?: pulumi.Input; /** * Set of column names for the table. */ columnNames?: pulumi.Input[]>; /** * Name of the database for the table with columns resource. Unique to the Data Catalog. */ databaseName: pulumi.Input; /** * Set of column names for the table to exclude. If `excludedColumnNames` is included, `wildcard` must be set to `true` to avoid the provider reporting a difference. */ excludedColumnNames?: pulumi.Input[]>; /** * Name of the table resource. */ name: pulumi.Input; /** * Whether to use a column wildcard. If `excludedColumnNames` is included, `wildcard` must be set to `true` to avoid the provider reporting a difference. * * The following arguments are optional: */ wildcard?: pulumi.Input; } export interface ResourceLfTagDatabase { /** * Identifier for the Data Catalog. By default, it is the account ID of the caller. */ catalogId?: pulumi.Input; /** * Name of the database resource. Unique to the Data Catalog. * * The following argument is optional: */ name: pulumi.Input; } export interface ResourceLfTagLfTag { /** * Identifier for the Data Catalog. By default, it is the account ID of the caller. */ catalogId?: pulumi.Input; /** * Key name for an existing LF-tag. */ key: pulumi.Input; /** * Value from the possible values for the LF-tag. * * The following argument is optional: */ value: pulumi.Input; } export interface ResourceLfTagTable { /** * Identifier for the Data Catalog. By default, it is the account ID of the caller. */ catalogId?: pulumi.Input; /** * Name of the database for the table. Unique to a Data Catalog. */ databaseName: pulumi.Input; /** * Name of the table. */ name?: pulumi.Input; /** * Whether to use a wildcard representing every table under a database. Defaults to `false`. * * The following arguments are optional: */ wildcard?: pulumi.Input; } export interface ResourceLfTagTableWithColumns { /** * Identifier for the Data Catalog. By default, it is the account ID of the caller. */ catalogId?: pulumi.Input; /** * Set of column names for the table. */ columnNames?: pulumi.Input[]>; /** * Option to add column wildcard. See Column Wildcard for more details. */ columnWildcard?: pulumi.Input; /** * Name of the database for the table with columns resource. Unique to the Data Catalog. */ databaseName: pulumi.Input; /** * Name of the table resource. * * The following arguments are optional: */ name: pulumi.Input; } export interface ResourceLfTagTableWithColumnsColumnWildcard { excludedColumnNames?: pulumi.Input[]>; } export interface ResourceLfTagTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; } export interface ResourceLfTagsDatabase { /** * Identifier for the Data Catalog. By default, it is the account ID of the caller. */ catalogId?: pulumi.Input; /** * Name of the database resource. Unique to the Data Catalog. * * The following argument is optional: */ name: pulumi.Input; } export interface ResourceLfTagsLfTag { /** * Identifier for the Data Catalog. By default, it is the account ID of the caller. */ catalogId?: pulumi.Input; /** * Key name for an existing LF-tag. */ key: pulumi.Input; /** * Value from the possible values for the LF-tag. * * The following argument is optional: */ value: pulumi.Input; } export interface ResourceLfTagsTable { /** * Identifier for the Data Catalog. By default, it is the account ID of the caller. */ catalogId?: pulumi.Input; /** * Name of the database for the table. Unique to a Data Catalog. */ databaseName: pulumi.Input; /** * Name of the table. */ name?: pulumi.Input; /** * Whether to use a wildcard representing every table under a database. Defaults to `false`. * * The following arguments are optional: */ wildcard?: pulumi.Input; } export interface ResourceLfTagsTableWithColumns { /** * Identifier for the Data Catalog. By default, it is the account ID of the caller. */ catalogId?: pulumi.Input; /** * Set of column names for the table. */ columnNames?: pulumi.Input[]>; /** * Name of the database for the table with columns resource. Unique to the Data Catalog. */ databaseName: pulumi.Input; /** * Set of column names for the table to exclude. If `excludedColumnNames` is included, `wildcard` must be set to `true` to avoid the provider reporting a difference. */ excludedColumnNames?: pulumi.Input[]>; /** * Name of the table resource. */ name: pulumi.Input; /** * Whether to use a column wildcard. If `excludedColumnNames` is included, `wildcard` must be set to `true` to avoid the provider reporting a difference. * * The following arguments are optional: */ wildcard?: pulumi.Input; } } export namespace lambda { export interface AliasRoutingConfig { /** * A map that defines the proportion of events that should be sent to different versions of a lambda function. */ additionalVersionWeights?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface CodeSigningConfigAllowedPublishers { /** * The Amazon Resource Name (ARN) for each of the signing profiles. A signing profile defines a trusted user who can sign a code package. */ signingProfileVersionArns: pulumi.Input[]>; } export interface CodeSigningConfigPolicies { /** * Code signing configuration policy for deployment validation failure. If you set the policy to Enforce, Lambda blocks the deployment request if code-signing validation checks fail. If you set the policy to Warn, Lambda allows the deployment and creates a CloudWatch log. Valid values: `Warn`, `Enforce`. Default value: `Warn`. */ untrustedArtifactOnDeployment: pulumi.Input; } export interface EventSourceMappingAmazonManagedKafkaEventSourceConfig { /** * A Kafka consumer group ID between 1 and 200 characters for use when creating this event source mapping. If one is not specified, this value will be automatically generated. See [AmazonManagedKafkaEventSourceConfig Syntax](https://docs.aws.amazon.com/lambda/latest/dg/API_AmazonManagedKafkaEventSourceConfig.html). */ consumerGroupId?: pulumi.Input; } export interface EventSourceMappingDestinationConfig { /** * The destination configuration for failed invocations. Detailed below. */ onFailure?: pulumi.Input; } export interface EventSourceMappingDestinationConfigOnFailure { destinationArn: pulumi.Input; } export interface EventSourceMappingDocumentDbEventSourceConfig { /** * The name of the collection to consume within the database. If you do not specify a collection, Lambda consumes all collections. */ collectionName?: pulumi.Input; /** * The name of the database to consume within the DocumentDB cluster. */ databaseName: pulumi.Input; /** * Determines what DocumentDB sends to your event stream during document update operations. If set to `UpdateLookup`, DocumentDB sends a delta describing the changes, along with a copy of the entire document. Otherwise, DocumentDB sends only a partial document that contains the changes. Valid values: `UpdateLookup`, `Default`. */ fullDocument?: pulumi.Input; } export interface EventSourceMappingFilterCriteria { /** * A set of up to 5 filter. If an event satisfies at least one, Lambda sends the event to the function or adds it to the next batch. Detailed below. */ filters?: pulumi.Input[]>; } export interface EventSourceMappingFilterCriteriaFilter { pattern?: pulumi.Input; } export interface EventSourceMappingScalingConfig { /** * Limits the number of concurrent instances that the Amazon SQS event source can invoke. Must be between `2` and `1000`. See [Configuring maximum concurrency for Amazon SQS event sources](https://docs.aws.amazon.com/lambda/latest/dg/with-sqs.html#events-sqs-max-concurrency). */ maximumConcurrency?: pulumi.Input; } export interface EventSourceMappingSelfManagedEventSource { /** * A map of endpoints for the self managed source. For Kafka self-managed sources, the key should be `KAFKA_BOOTSTRAP_SERVERS` and the value should be a string with a comma separated list of broker endpoints. */ endpoints: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface EventSourceMappingSelfManagedKafkaEventSourceConfig { /** * A Kafka consumer group ID between 1 and 200 characters for use when creating this event source mapping. If one is not specified, this value will be automatically generated. See [SelfManagedKafkaEventSourceConfig Syntax](https://docs.aws.amazon.com/lambda/latest/dg/API_SelfManagedKafkaEventSourceConfig.html). */ consumerGroupId?: pulumi.Input; } export interface EventSourceMappingSourceAccessConfiguration { /** * The type of authentication protocol, VPC components, or virtual host for your event source. For valid values, refer to the [AWS documentation](https://docs.aws.amazon.com/lambda/latest/api/API_SourceAccessConfiguration.html). */ type: pulumi.Input; /** * The URI for this configuration. For type `VPC_SUBNET` the value should be `subnet:subnet_id` where `subnetId` is the value you would find in an aws.ec2.Subnet resource's id attribute. For type `VPC_SECURITY_GROUP` the value should be `security_group:security_group_id` where `securityGroupId` is the value you would find in an aws.ec2.SecurityGroup resource's id attribute. */ uri: pulumi.Input; } export interface FunctionDeadLetterConfig { /** * ARN of an SNS topic or SQS queue to notify when an invocation fails. If this option is used, the function's IAM role must be granted suitable access to write to the target object, which means allowing either the `sns:Publish` or `sqs:SendMessage` action on this ARN, depending on which service is targeted. */ targetArn: pulumi.Input; } export interface FunctionEnvironment { /** * Map of environment variables that are accessible from the function code during execution. If provided at least one key must be present. */ variables?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface FunctionEphemeralStorage { /** * The size of the Lambda function Ephemeral storage(`/tmp`) represented in MB. The minimum supported `ephemeralStorage` value defaults to `512`MB and the maximum supported value is `10240`MB. */ size?: pulumi.Input; } export interface FunctionEventInvokeConfigDestinationConfig { /** * Configuration block with destination configuration for failed asynchronous invocations. See below for details. */ onFailure?: pulumi.Input; /** * Configuration block with destination configuration for successful asynchronous invocations. See below for details. */ onSuccess?: pulumi.Input; } export interface FunctionEventInvokeConfigDestinationConfigOnFailure { destination: pulumi.Input; } export interface FunctionEventInvokeConfigDestinationConfigOnSuccess { destination: pulumi.Input; } export interface FunctionFileSystemConfig { /** * Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system. */ arn: pulumi.Input; /** * Path where the function can access the file system, starting with /mnt/. */ localMountPath: pulumi.Input; } export interface FunctionImageConfig { /** * Parameters that you want to pass in with `entryPoint`. */ commands?: pulumi.Input[]>; /** * Entry point to your application, which is typically the location of the runtime executable. */ entryPoints?: pulumi.Input[]>; /** * Working directory. */ workingDirectory?: pulumi.Input; } export interface FunctionLoggingConfig { /** * for JSON structured logs, choose the detail level of the logs your application sends to CloudWatch when using supported logging libraries. */ applicationLogLevel?: pulumi.Input; /** * select between `Text` and structured `JSON` format for your function's logs. */ logFormat: pulumi.Input; /** * the CloudWatch log group your function sends logs to. */ logGroup?: pulumi.Input; /** * for JSON structured logs, choose the detail level of the Lambda platform event logs sent to CloudWatch, such as `ERROR`, `DEBUG`, or `INFO`. */ systemLogLevel?: pulumi.Input; } export interface FunctionSnapStart { /** * Conditions where snap start is enabled. Valid values are `PublishedVersions`. */ applyOn: pulumi.Input; /** * Optimization status of the snap start configuration. Valid values are `On` and `Off`. */ optimizationStatus?: pulumi.Input; } export interface FunctionTracingConfig { /** * Whether to sample and trace a subset of incoming requests with AWS X-Ray. Valid values are `PassThrough` and `Active`. If `PassThrough`, Lambda will only trace the request from an upstream service if it contains a tracing header with "sampled=1". If `Active`, Lambda will respect any tracing header it receives from an upstream service. If no tracing header is received, Lambda will call X-Ray for a tracing decision. */ mode: pulumi.Input; } export interface FunctionUrlCors { /** * Whether to allow cookies or other credentials in requests to the function URL. The default is `false`. */ allowCredentials?: pulumi.Input; /** * The HTTP headers that origins can include in requests to the function URL. For example: `["date", "keep-alive", "x-custom-header"]`. */ allowHeaders?: pulumi.Input[]>; /** * The HTTP methods that are allowed when calling the function URL. For example: `["GET", "POST", "DELETE"]`, or the wildcard character (`["*"]`). */ allowMethods?: pulumi.Input[]>; /** * The origins that can access the function URL. You can list any number of specific origins (or the wildcard character (`"*"`)), separated by a comma. For example: `["https://www.example.com", "http://localhost:60905"]`. */ allowOrigins?: pulumi.Input[]>; /** * The HTTP headers in your function response that you want to expose to origins that call the function URL. */ exposeHeaders?: pulumi.Input[]>; /** * The maximum amount of time, in seconds, that web browsers can cache results of a preflight request. By default, this is set to `0`, which means that the browser doesn't cache results. The maximum value is `86400`. */ maxAge?: pulumi.Input; } export interface FunctionVpcConfig { /** * Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets. Default is `false`. */ ipv6AllowedForDualStack?: pulumi.Input; /** * List of security group IDs associated with the Lambda function. */ securityGroupIds: pulumi.Input[]>; /** * List of subnet IDs associated with the Lambda function. */ subnetIds: pulumi.Input[]>; /** * ID of the VPC. */ vpcId?: pulumi.Input; } } export namespace lb { export interface ListenerDefaultAction { /** * Configuration block for using Amazon Cognito to authenticate users. Specify only when `type` is `authenticate-cognito`. Detailed below. */ authenticateCognito?: pulumi.Input; /** * Configuration block for an identity provider that is compliant with OpenID Connect (OIDC). Specify only when `type` is `authenticate-oidc`. Detailed below. */ authenticateOidc?: pulumi.Input; /** * Information for creating an action that returns a custom HTTP response. Required if `type` is `fixed-response`. */ fixedResponse?: pulumi.Input; /** * Configuration block for creating an action that distributes requests among one or more target groups. Specify only if `type` is `forward`. If you specify both `forward` block and `targetGroupArn` attribute, you can specify only one target group using `forward` and it must be the same target group specified in `targetGroupArn`. Detailed below. */ forward?: pulumi.Input; /** * Order for the action. This value is required for rules with multiple actions. The action with the lowest value for order is performed first. Valid values are between `1` and `50000`. */ order?: pulumi.Input; /** * Configuration block for creating a redirect action. Required if `type` is `redirect`. Detailed below. */ redirect?: pulumi.Input; /** * ARN of the Target Group to which to route traffic. Specify only if `type` is `forward` and you want to route to a single target group. To route to one or more target groups, use a `forward` block instead. */ targetGroupArn?: pulumi.Input; /** * Type of routing action. Valid values are `forward`, `redirect`, `fixed-response`, `authenticate-cognito` and `authenticate-oidc`. * * The following arguments are optional: */ type: pulumi.Input; } export interface ListenerDefaultActionAuthenticateCognito { /** * Query parameters to include in the redirect request to the authorization endpoint. Max: 10. Detailed below. */ authenticationRequestExtraParams?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Behavior if the user is not authenticated. Valid values are `deny`, `allow` and `authenticate`. */ onUnauthenticatedRequest?: pulumi.Input; /** * Set of user claims to be requested from the IdP. */ scope?: pulumi.Input; /** * Name of the cookie used to maintain session information. */ sessionCookieName?: pulumi.Input; /** * Maximum duration of the authentication session, in seconds. */ sessionTimeout?: pulumi.Input; /** * ARN of the Cognito user pool. */ userPoolArn: pulumi.Input; /** * ID of the Cognito user pool client. */ userPoolClientId: pulumi.Input; /** * Domain prefix or fully-qualified domain name of the Cognito user pool. * * The following arguments are optional: */ userPoolDomain: pulumi.Input; } export interface ListenerDefaultActionAuthenticateOidc { /** * Query parameters to include in the redirect request to the authorization endpoint. Max: 10. */ authenticationRequestExtraParams?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Authorization endpoint of the IdP. */ authorizationEndpoint: pulumi.Input; /** * OAuth 2.0 client identifier. */ clientId: pulumi.Input; /** * OAuth 2.0 client secret. */ clientSecret: pulumi.Input; /** * OIDC issuer identifier of the IdP. */ issuer: pulumi.Input; /** * Behavior if the user is not authenticated. Valid values: `deny`, `allow` and `authenticate` */ onUnauthenticatedRequest?: pulumi.Input; /** * Set of user claims to be requested from the IdP. */ scope?: pulumi.Input; /** * Name of the cookie used to maintain session information. */ sessionCookieName?: pulumi.Input; /** * Maximum duration of the authentication session, in seconds. */ sessionTimeout?: pulumi.Input; /** * Token endpoint of the IdP. */ tokenEndpoint: pulumi.Input; /** * User info endpoint of the IdP. * * The following arguments are optional: */ userInfoEndpoint: pulumi.Input; } export interface ListenerDefaultActionFixedResponse { /** * Content type. Valid values are `text/plain`, `text/css`, `text/html`, `application/javascript` and `application/json`. * * The following arguments are optional: */ contentType: pulumi.Input; /** * Message body. */ messageBody?: pulumi.Input; /** * HTTP response code. Valid values are `2XX`, `4XX`, or `5XX`. */ statusCode?: pulumi.Input; } export interface ListenerDefaultActionForward { /** * Configuration block for target group stickiness for the rule. Detailed below. */ stickiness?: pulumi.Input; /** * Set of 1-5 target group blocks. Detailed below. * * The following arguments are optional: */ targetGroups: pulumi.Input[]>; } export interface ListenerDefaultActionForwardStickiness { /** * Time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days). * * The following arguments are optional: */ duration: pulumi.Input; /** * Whether target group stickiness is enabled. Default is `false`. */ enabled?: pulumi.Input; } export interface ListenerDefaultActionForwardTargetGroup { /** * ARN of the target group. * * The following arguments are optional: */ arn: pulumi.Input; /** * Weight. The range is 0 to 999. */ weight?: pulumi.Input; } export interface ListenerDefaultActionRedirect { /** * Hostname. This component is not percent-encoded. The hostname can contain `#{host}`. Defaults to `#{host}`. */ host?: pulumi.Input; /** * Absolute path, starting with the leading "/". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}. Defaults to `/#{path}`. */ path?: pulumi.Input; /** * Port. Specify a value from `1` to `65535` or `#{port}`. Defaults to `#{port}`. */ port?: pulumi.Input; /** * Protocol. Valid values are `HTTP`, `HTTPS`, or `#{protocol}`. Defaults to `#{protocol}`. */ protocol?: pulumi.Input; /** * Query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading "?". Defaults to `#{query}`. */ query?: pulumi.Input; /** * HTTP redirect code. The redirect is either permanent (`HTTP_301`) or temporary (`HTTP_302`). * * The following arguments are optional: */ statusCode: pulumi.Input; } export interface ListenerMutualAuthentication { /** * Whether client certificate expiry is ignored. Default is `false`. */ ignoreClientCertificateExpiry?: pulumi.Input; /** * Valid values are `off`, `verify` and `passthrough`. */ mode: pulumi.Input; /** * ARN of the elbv2 Trust Store. */ trustStoreArn?: pulumi.Input; } export interface ListenerRuleAction { /** * Information for creating an authenticate action using Cognito. Required if `type` is `authenticate-cognito`. */ authenticateCognito?: pulumi.Input; /** * Information for creating an authenticate action using OIDC. Required if `type` is `authenticate-oidc`. */ authenticateOidc?: pulumi.Input; /** * Information for creating an action that returns a custom HTTP response. Required if `type` is `fixed-response`. */ fixedResponse?: pulumi.Input; /** * Information for creating an action that distributes requests among one or more target groups. Specify only if `type` is `forward`. If you specify both `forward` block and `targetGroupArn` attribute, you can specify only one target group using `forward` and it must be the same target group specified in `targetGroupArn`. */ forward?: pulumi.Input; order?: pulumi.Input; /** * Information for creating a redirect action. Required if `type` is `redirect`. */ redirect?: pulumi.Input; /** * The ARN of the Target Group to which to route traffic. Specify only if `type` is `forward` and you want to route to a single target group. To route to one or more target groups, use a `forward` block instead. */ targetGroupArn?: pulumi.Input; /** * The type of routing action. Valid values are `forward`, `redirect`, `fixed-response`, `authenticate-cognito` and `authenticate-oidc`. */ type: pulumi.Input; } export interface ListenerRuleActionAuthenticateCognito { /** * The query parameters to include in the redirect request to the authorization endpoint. Max: 10. */ authenticationRequestExtraParams?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * The behavior if the user is not authenticated. Valid values: `deny`, `allow` and `authenticate` */ onUnauthenticatedRequest?: pulumi.Input; /** * The set of user claims to be requested from the IdP. */ scope?: pulumi.Input; /** * The name of the cookie used to maintain session information. */ sessionCookieName?: pulumi.Input; /** * The maximum duration of the authentication session, in seconds. */ sessionTimeout?: pulumi.Input; /** * The ARN of the Cognito user pool. */ userPoolArn: pulumi.Input; /** * The ID of the Cognito user pool client. */ userPoolClientId: pulumi.Input; /** * The domain prefix or fully-qualified domain name of the Cognito user pool. */ userPoolDomain: pulumi.Input; } export interface ListenerRuleActionAuthenticateOidc { /** * The query parameters to include in the redirect request to the authorization endpoint. Max: 10. */ authenticationRequestExtraParams?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * The authorization endpoint of the IdP. */ authorizationEndpoint: pulumi.Input; /** * The OAuth 2.0 client identifier. */ clientId: pulumi.Input; /** * The OAuth 2.0 client secret. */ clientSecret: pulumi.Input; /** * The OIDC issuer identifier of the IdP. */ issuer: pulumi.Input; /** * The behavior if the user is not authenticated. Valid values: `deny`, `allow` and `authenticate` */ onUnauthenticatedRequest?: pulumi.Input; /** * The set of user claims to be requested from the IdP. */ scope?: pulumi.Input; /** * The name of the cookie used to maintain session information. */ sessionCookieName?: pulumi.Input; /** * The maximum duration of the authentication session, in seconds. */ sessionTimeout?: pulumi.Input; /** * The token endpoint of the IdP. */ tokenEndpoint: pulumi.Input; /** * The user info endpoint of the IdP. */ userInfoEndpoint: pulumi.Input; } export interface ListenerRuleActionFixedResponse { /** * The content type. Valid values are `text/plain`, `text/css`, `text/html`, `application/javascript` and `application/json`. */ contentType: pulumi.Input; /** * The message body. */ messageBody?: pulumi.Input; /** * The HTTP response code. Valid values are `2XX`, `4XX`, or `5XX`. */ statusCode?: pulumi.Input; } export interface ListenerRuleActionForward { /** * The target group stickiness for the rule. */ stickiness?: pulumi.Input; /** * One or more target groups block. */ targetGroups: pulumi.Input[]>; } export interface ListenerRuleActionForwardStickiness { /** * The time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days). */ duration: pulumi.Input; /** * Indicates whether target group stickiness is enabled. */ enabled?: pulumi.Input; } export interface ListenerRuleActionForwardTargetGroup { /** * The Amazon Resource Name (ARN) of the target group. */ arn: pulumi.Input; /** * The weight. The range is 0 to 999. */ weight?: pulumi.Input; } export interface ListenerRuleActionRedirect { /** * The hostname. This component is not percent-encoded. The hostname can contain `#{host}`. Defaults to `#{host}`. */ host?: pulumi.Input; /** * The absolute path, starting with the leading "/". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}. Defaults to `/#{path}`. */ path?: pulumi.Input; /** * The port. Specify a value from `1` to `65535` or `#{port}`. Defaults to `#{port}`. */ port?: pulumi.Input; /** * The protocol. Valid values are `HTTP`, `HTTPS`, or `#{protocol}`. Defaults to `#{protocol}`. */ protocol?: pulumi.Input; /** * The query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading "?". Defaults to `#{query}`. */ query?: pulumi.Input; /** * The HTTP redirect code. The redirect is either permanent (`HTTP_301`) or temporary (`HTTP_302`). */ statusCode: pulumi.Input; } export interface ListenerRuleCondition { /** * Contains a single `values` item which is a list of host header patterns to match. The maximum size of each pattern is 128 characters. Comparison is case insensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). Only one pattern needs to match for the condition to be satisfied. */ hostHeader?: pulumi.Input; /** * HTTP headers to match. HTTP Header block fields documented below. */ httpHeader?: pulumi.Input; /** * Contains a single `values` item which is a list of HTTP request methods or verbs to match. Maximum size is 40 characters. Only allowed characters are A-Z, hyphen (-) and underscore (\_). Comparison is case sensitive. Wildcards are not supported. Only one needs to match for the condition to be satisfied. AWS recommends that GET and HEAD requests are routed in the same way because the response to a HEAD request may be cached. */ httpRequestMethod?: pulumi.Input; /** * Contains a single `values` item which is a list of path patterns to match against the request URL. Maximum size of each pattern is 128 characters. Comparison is case sensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). Only one pattern needs to match for the condition to be satisfied. Path pattern is compared only to the path of the URL, not to its query string. To compare against the query string, use a `queryString` condition. */ pathPattern?: pulumi.Input; /** * Query strings to match. Query String block fields documented below. */ queryStrings?: pulumi.Input[]>; /** * Contains a single `values` item which is a list of source IP CIDR notations to match. You can use both IPv4 and IPv6 addresses. Wildcards are not supported. Condition is satisfied if the source IP address of the request matches one of the CIDR blocks. Condition is not satisfied by the addresses in the `X-Forwarded-For` header, use `httpHeader` condition instead. * * > **NOTE::** Exactly one of `hostHeader`, `httpHeader`, `httpRequestMethod`, `pathPattern`, `queryString` or `sourceIp` must be set per condition. */ sourceIp?: pulumi.Input; } export interface ListenerRuleConditionHostHeader { values: pulumi.Input[]>; } export interface ListenerRuleConditionHttpHeader { /** * Name of HTTP header to search. The maximum size is 40 characters. Comparison is case insensitive. Only RFC7240 characters are supported. Wildcards are not supported. You cannot use HTTP header condition to specify the host header, use a `host-header` condition instead. */ httpHeaderName: pulumi.Input; /** * List of header value patterns to match. Maximum size of each pattern is 128 characters. Comparison is case insensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). If the same header appears multiple times in the request they will be searched in order until a match is found. Only one pattern needs to match for the condition to be satisfied. To require that all of the strings are a match, create one condition block per string. */ values: pulumi.Input[]>; } export interface ListenerRuleConditionHttpRequestMethod { values: pulumi.Input[]>; } export interface ListenerRuleConditionPathPattern { values: pulumi.Input[]>; } export interface ListenerRuleConditionQueryString { /** * Query string key pattern to match. */ key?: pulumi.Input; /** * Query string value pattern to match. */ value: pulumi.Input; } export interface ListenerRuleConditionSourceIp { values: pulumi.Input[]>; } export interface LoadBalancerAccessLogs { /** * S3 bucket name to store the logs in. */ bucket: pulumi.Input; /** * Boolean to enable / disable `accessLogs`. Defaults to `false`, even when `bucket` is specified. */ enabled?: pulumi.Input; /** * S3 bucket prefix. Logs are stored in the root if not configured. */ prefix?: pulumi.Input; } export interface LoadBalancerConnectionLogs { /** * S3 bucket name to store the logs in. */ bucket: pulumi.Input; /** * Boolean to enable / disable `connectionLogs`. Defaults to `false`, even when `bucket` is specified. */ enabled?: pulumi.Input; /** * S3 bucket prefix. Logs are stored in the root if not configured. */ prefix?: pulumi.Input; } export interface LoadBalancerSubnetMapping { /** * Allocation ID of the Elastic IP address for an internet-facing load balancer. */ allocationId?: pulumi.Input; /** * IPv6 address. You associate IPv6 CIDR blocks with your VPC and choose the subnets where you launch both internet-facing and internal Application Load Balancers or Network Load Balancers. */ ipv6Address?: pulumi.Input; outpostId?: pulumi.Input; /** * Private IPv4 address for an internal load balancer. */ privateIpv4Address?: pulumi.Input; /** * ID of the subnet of which to attach to the load balancer. You can specify only one subnet per Availability Zone. */ subnetId: pulumi.Input; } export interface TargetGroupHealthCheck { /** * Whether health checks are enabled. Defaults to `true`. */ enabled?: pulumi.Input; /** * Number of consecutive health check successes required before considering a target healthy. The range is 2-10. Defaults to 3. */ healthyThreshold?: pulumi.Input; /** * Approximate amount of time, in seconds, between health checks of an individual target. The range is 5-300. For `lambda` target groups, it needs to be greater than the timeout of the underlying `lambda`. Defaults to 30. */ interval?: pulumi.Input; /** * The HTTP or gRPC codes to use when checking for a successful response from a target. * The `health_check.protocol` must be one of `HTTP` or `HTTPS` or the `targetType` must be `lambda`. * Values can be comma-separated individual values (e.g., "200,202") or a range of values (e.g., "200-299"). * * For gRPC-based target groups (i.e., the `protocol` is one of `HTTP` or `HTTPS` and the `protocolVersion` is `GRPC`), values can be between `0` and `99`. The default is `12`. * * When used with an Application Load Balancer (i.e., the `protocol` is one of `HTTP` or `HTTPS` and the `protocolVersion` is not `GRPC`), values can be between `200` and `499`. The default is `200`. * * When used with a Network Load Balancer (i.e., the `protocol` is one of `TCP`, `TCP_UDP`, `UDP`, or `TLS`), values can be between `200` and `599`. The default is `200-399`. * * When the `targetType` is `lambda`, values can be between `200` and `499`. The default is `200`. */ matcher?: pulumi.Input; /** * Destination for the health check request. Required for HTTP/HTTPS ALB and HTTP NLB. Only applies to HTTP/HTTPS. * * For HTTP and HTTPS health checks, the default is `/`. * * For gRPC health checks, the default is `/Amazon Web Services.ALB/healthcheck`. */ path?: pulumi.Input; /** * The port the load balancer uses when performing health checks on targets. * Valid values are either `traffic-port`, to use the same port as the target group, or a valid port number between `1` and `65536`. * Default is `traffic-port`. */ port?: pulumi.Input; /** * Protocol the load balancer uses when performing health checks on targets. * Must be one of `TCP`, `HTTP`, or `HTTPS`. * The `TCP` protocol is not supported for health checks if the protocol of the target group is `HTTP` or `HTTPS`. * Default is `HTTP`. * Cannot be specified when the `targetType` is `lambda`. */ protocol?: pulumi.Input; /** * Amount of time, in seconds, during which no response from a target means a failed health check. The range is 2–120 seconds. For target groups with a protocol of HTTP, the default is 6 seconds. For target groups with a protocol of TCP, TLS or HTTPS, the default is 10 seconds. For target groups with a protocol of GENEVE, the default is 5 seconds. If the target type is lambda, the default is 30 seconds. */ timeout?: pulumi.Input; /** * Number of consecutive health check failures required before considering a target unhealthy. The range is 2-10. Defaults to 3. */ unhealthyThreshold?: pulumi.Input; } export interface TargetGroupStickiness { /** * Only used when the type is `lbCookie`. The time period, in seconds, during which requests from a client should be routed to the same target. After this time period expires, the load balancer-generated cookie is considered stale. The range is 1 second to 1 week (604800 seconds). The default value is 1 day (86400 seconds). */ cookieDuration?: pulumi.Input; /** * Name of the application based cookie. AWSALB, AWSALBAPP, and AWSALBTG prefixes are reserved and cannot be used. Only needed when type is `appCookie`. */ cookieName?: pulumi.Input; /** * Boolean to enable / disable `stickiness`. Default is `true`. */ enabled?: pulumi.Input; /** * The type of sticky sessions. The only current possible values are `lbCookie`, `appCookie` for ALBs, `sourceIp` for NLBs, and `sourceIpDestIp`, `sourceIpDestIpProto` for GWLBs. */ type: pulumi.Input; } export interface TargetGroupTargetFailover { /** * Indicates how the GWLB handles existing flows when a target is deregistered. Possible values are `rebalance` and `noRebalance`. Must match the attribute value set for `onUnhealthy`. Default: `noRebalance`. */ onDeregistration: pulumi.Input; /** * Indicates how the GWLB handles existing flows when a target is unhealthy. Possible values are `rebalance` and `noRebalance`. Must match the attribute value set for `onDeregistration`. Default: `noRebalance`. */ onUnhealthy: pulumi.Input; } export interface TargetGroupTargetHealthState { /** * Indicates whether the load balancer terminates connections to unhealthy targets. Possible values are `true` or `false`. Default: `true`. */ enableUnhealthyConnectionTermination: pulumi.Input; } } export namespace lex { export interface BotAbortStatement { messages: pulumi.Input[]>; responseCard?: pulumi.Input; } export interface BotAbortStatementMessage { /** * The text of the message. */ content: pulumi.Input; /** * The content type of the message string. */ contentType: pulumi.Input; /** * Identifies the message group that the message belongs to. When a group * is assigned to a message, Amazon Lex returns one message from each group in the response. */ groupNumber?: pulumi.Input; } export interface BotAliasConversationLogs { /** * The Amazon Resource Name (ARN) of the IAM role used to write your logs to CloudWatch Logs or an S3 bucket. Must be between 20 and 2048 characters in length. */ iamRoleArn: pulumi.Input; /** * The settings for your conversation logs. You can log text, audio, or both. Attributes are documented under log_settings. */ logSettings?: pulumi.Input[]>; } export interface BotAliasConversationLogsLogSetting { /** * The destination where logs are delivered. Options are `CLOUDWATCH_LOGS` or `S3`. */ destination: pulumi.Input; /** * The Amazon Resource Name (ARN) of the key used to encrypt audio logs in an S3 bucket. This can only be specified when `destination` is set to `S3`. Must be between 20 and 2048 characters in length. */ kmsKeyArn?: pulumi.Input; /** * The type of logging that is enabled. Options are `AUDIO` or `TEXT`. */ logType: pulumi.Input; /** * The Amazon Resource Name (ARN) of the CloudWatch Logs log group or S3 bucket where the logs are delivered. Must be less than or equal to 2048 characters in length. */ resourceArn: pulumi.Input; /** * The prefix of the S3 object key for `AUDIO` logs or the log stream name for `TEXT` logs. */ resourcePrefix?: pulumi.Input; } export interface BotClarificationPrompt { maxAttempts: pulumi.Input; messages: pulumi.Input[]>; responseCard?: pulumi.Input; } export interface BotClarificationPromptMessage { /** * The text of the message. */ content: pulumi.Input; /** * The content type of the message string. */ contentType: pulumi.Input; /** * Identifies the message group that the message belongs to. When a group * is assigned to a message, Amazon Lex returns one message from each group in the response. */ groupNumber?: pulumi.Input; } export interface BotIntent { /** * The name of the intent. Must be less than or equal to 100 characters in length. */ intentName: pulumi.Input; /** * The version of the intent. Must be less than or equal to 64 characters in length. */ intentVersion: pulumi.Input; } export interface IntentConclusionStatement { messages: pulumi.Input[]>; responseCard?: pulumi.Input; } export interface IntentConclusionStatementMessage { /** * The text of the message. Must be less than or equal to 1000 characters in length. */ content: pulumi.Input; /** * The content type of the message string. */ contentType: pulumi.Input; /** * Identifies the message group that the message belongs to. When a group * is assigned to a message, Amazon Lex returns one message from each group in the response. Must be a number between 1 and 5 (inclusive). */ groupNumber?: pulumi.Input; } export interface IntentConfirmationPrompt { maxAttempts: pulumi.Input; messages: pulumi.Input[]>; responseCard?: pulumi.Input; } export interface IntentConfirmationPromptMessage { /** * The text of the message. Must be less than or equal to 1000 characters in length. */ content: pulumi.Input; /** * The content type of the message string. */ contentType: pulumi.Input; /** * Identifies the message group that the message belongs to. When a group * is assigned to a message, Amazon Lex returns one message from each group in the response. Must be a number between 1 and 5 (inclusive). */ groupNumber?: pulumi.Input; } export interface IntentDialogCodeHook { messageVersion: pulumi.Input; uri: pulumi.Input; } export interface IntentFollowUpPrompt { /** * Prompts for information from the user. Attributes are documented under prompt. */ prompt: pulumi.Input; /** * If the user answers "no" to the question defined in the prompt field, * Amazon Lex responds with this statement to acknowledge that the intent was canceled. Attributes are * documented below under statement. */ rejectionStatement: pulumi.Input; } export interface IntentFollowUpPromptPrompt { /** * The number of times to prompt the user for information. Must be a number between 1 and 5 (inclusive). */ maxAttempts: pulumi.Input; /** * A set of messages, each of which provides a message string and its type. * You can specify the message string in plain text or in Speech Synthesis Markup Language (SSML). * Attributes are documented under message. Must contain between 1 and 15 messages. */ messages: pulumi.Input[]>; /** * The response card. Amazon Lex will substitute session attributes and * slot values into the response card. For more information, see * [Example: Using a Response Card](https://docs.aws.amazon.com/lex/latest/dg/ex-resp-card.html). Must be less than or equal to 50000 characters in length. */ responseCard?: pulumi.Input; } export interface IntentFollowUpPromptPromptMessage { /** * The text of the message. Must be less than or equal to 1000 characters in length. */ content: pulumi.Input; /** * The content type of the message string. */ contentType: pulumi.Input; /** * Identifies the message group that the message belongs to. When a group * is assigned to a message, Amazon Lex returns one message from each group in the response. Must be a number between 1 and 5 (inclusive). */ groupNumber?: pulumi.Input; } export interface IntentFollowUpPromptRejectionStatement { messages: pulumi.Input[]>; responseCard?: pulumi.Input; } export interface IntentFollowUpPromptRejectionStatementMessage { /** * The text of the message. Must be less than or equal to 1000 characters in length. */ content: pulumi.Input; /** * The content type of the message string. */ contentType: pulumi.Input; /** * Identifies the message group that the message belongs to. When a group * is assigned to a message, Amazon Lex returns one message from each group in the response. Must be a number between 1 and 5 (inclusive). */ groupNumber?: pulumi.Input; } export interface IntentFulfillmentActivity { /** * A description of the Lambda function that is run to fulfill the intent. * Required if type is CodeHook. Attributes are documented under code_hook. */ codeHook?: pulumi.Input; /** * How the intent should be fulfilled, either by running a Lambda function or by * returning the slot data to the client application. Type can be either `ReturnIntent` or `CodeHook`, as documented [here](https://docs.aws.amazon.com/lex/latest/dg/API_FulfillmentActivity.html). */ type: pulumi.Input; } export interface IntentFulfillmentActivityCodeHook { /** * The version of the request-response that you want Amazon Lex to use * to invoke your Lambda function. For more information, see * [Using Lambda Functions](https://docs.aws.amazon.com/lex/latest/dg/using-lambda.html). Must be less than or equal to 5 characters in length. */ messageVersion: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Lambda function. */ uri: pulumi.Input; } export interface IntentRejectionStatement { messages: pulumi.Input[]>; responseCard?: pulumi.Input; } export interface IntentRejectionStatementMessage { /** * The text of the message. Must be less than or equal to 1000 characters in length. */ content: pulumi.Input; /** * The content type of the message string. */ contentType: pulumi.Input; /** * Identifies the message group that the message belongs to. When a group * is assigned to a message, Amazon Lex returns one message from each group in the response. Must be a number between 1 and 5 (inclusive). */ groupNumber?: pulumi.Input; } export interface IntentSlot { /** * A description of the bot. Must be less than or equal to 200 characters in length. */ description?: pulumi.Input; /** * The name of the intent slot that you want to create. The name is case sensitive. Must be less than or equal to 100 characters in length. */ name: pulumi.Input; /** * Directs Lex the order in which to elicit this slot value from the user. * For example, if the intent has two slots with priorities 1 and 2, AWS Lex first elicits a value for * the slot with priority 1. If multiple slots share the same priority, the order in which Lex elicits * values is arbitrary. Must be between 1 and 100. */ priority?: pulumi.Input; /** * The response card. Amazon Lex will substitute session attributes and * slot values into the response card. For more information, see * [Example: Using a Response Card](https://docs.aws.amazon.com/lex/latest/dg/ex-resp-card.html). Must be less than or equal to 50000 characters in length. */ responseCard?: pulumi.Input; /** * If you know a specific pattern with which users might respond to * an Amazon Lex request for a slot value, you can provide those utterances to improve accuracy. This * is optional. In most cases, Amazon Lex is capable of understanding user utterances. Must have between 1 and 10 items in the list, and each item must be less than or equal to 200 characters in length. */ sampleUtterances?: pulumi.Input[]>; /** * Specifies whether the slot is required or optional. */ slotConstraint: pulumi.Input; /** * The type of the slot, either a custom slot type that you defined or one of * the built-in slot types. Must be less than or equal to 100 characters in length. */ slotType: pulumi.Input; /** * The version of the slot type. Must be less than or equal to 64 characters in length. */ slotTypeVersion?: pulumi.Input; /** * The prompt that Amazon Lex uses to elicit the slot value * from the user. Attributes are documented under prompt. */ valueElicitationPrompt?: pulumi.Input; } export interface IntentSlotValueElicitationPrompt { maxAttempts: pulumi.Input; messages: pulumi.Input[]>; responseCard?: pulumi.Input; } export interface IntentSlotValueElicitationPromptMessage { /** * The text of the message. Must be less than or equal to 1000 characters in length. */ content: pulumi.Input; /** * The content type of the message string. */ contentType: pulumi.Input; /** * Identifies the message group that the message belongs to. When a group * is assigned to a message, Amazon Lex returns one message from each group in the response. Must be a number between 1 and 5 (inclusive). */ groupNumber?: pulumi.Input; } export interface SlotTypeEnumerationValue { /** * Additional values related to the slot type value. Each item must be less than or equal to 140 characters in length. */ synonyms?: pulumi.Input[]>; /** * The value of the slot type. Must be less than or equal to 140 characters in length. */ value: pulumi.Input; } export interface V2modelsBotDataPrivacy { /** * (Required) - For each Amazon Lex bot created with the Amazon Lex Model Building Service, you must specify whether your use of Amazon Lex is related to a website, program, or other application that is directed or targeted, in whole or in part, to children under age 13 and subject to the Children's Online Privacy Protection Act (COPPA) by specifying true or false in the childDirected field. */ childDirected: pulumi.Input; } export interface V2modelsBotLocaleTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface V2modelsBotLocaleVoiceSettings { /** * Indicates the type of Amazon Polly voice that Amazon Lex should use for voice interaction with the user. Valid values are `standard` and `neural`. If not specified, the default is `standard`. */ engine?: pulumi.Input; /** * Identifier of the Amazon Polly voice to use. */ voiceId: pulumi.Input; } export interface V2modelsBotMember { /** * (Required) - Alias ID of a bot that is a member of this network of bots. */ aliasId: pulumi.Input; /** * (Required) - Alias name of a bot that is a member of this network of bots. */ aliasName: pulumi.Input; /** * (Required) - Unique ID of a bot that is a member of this network of bots. */ id: pulumi.Input; /** * Name of the bot. The bot name must be unique in the account that creates the bot. Type String. Length Constraints: Minimum length of 1. Maximum length of 100. */ name: pulumi.Input; /** * (Required) - Version of a bot that is a member of this network of bots. */ version: pulumi.Input; } export interface V2modelsBotTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface V2modelsBotVersionLocaleSpecification { sourceBotVersion: pulumi.Input; } export interface V2modelsBotVersionTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; } export interface V2modelsIntentClosingSetting { /** * Whether an intent's closing response is used. When this field is false, the closing response isn't sent to the user. If the active field isn't specified, the default is true. */ active?: pulumi.Input; /** * Configuration block for response that Amazon Lex sends to the user when the intent is complete. See `closingResponse`. */ closingResponse?: pulumi.Input; /** * Configuration block for list of conditional branches associated with the intent's closing response. These branches are executed when the `nextStep` attribute is set to `EvalutateConditional`. See `conditional`. */ conditional?: pulumi.Input; /** * Next step that the bot executes after playing the intent's closing response. See `nextStep`. */ nextStep?: pulumi.Input; } export interface V2modelsIntentClosingSettingClosingResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentClosingSettingClosingResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentClosingSettingClosingResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentClosingSettingClosingResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentClosingSettingClosingResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentClosingSettingClosingResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentClosingSettingClosingResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentClosingSettingClosingResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentClosingSettingClosingResponseMessageGroupVariation { customPayload?: pulumi.Input; imageResponseCard?: pulumi.Input; plainTextMessage?: pulumi.Input; ssmlMessage?: pulumi.Input; } export interface V2modelsIntentClosingSettingClosingResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentClosingSettingClosingResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentClosingSettingClosingResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentClosingSettingClosingResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentClosingSettingClosingResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentClosingSettingConditional { /** * Whether a conditional branch is active. When active is false, the conditions are not evaluated. */ active: pulumi.Input; /** * Configuration blocks for conditional branches. A conditional branch is made up of a condition, a response and a next step. The response and next step are executed when the condition is true. See `conditionalBranch`. */ conditionalBranches?: pulumi.Input[]>; /** * Configuration block for the conditional branch that should be followed when the conditions for other branches are not satisfied. A branch is made up of a condition, a response and a next step. See `defaultBranch`. */ defaultBranch: pulumi.Input; } export interface V2modelsIntentClosingSettingConditionalConditionalBranch { /** * Configuration block for the expression to evaluate. If the condition is true, the branch's actions are taken. See `condition`. */ condition: pulumi.Input; /** * Name of the branch. */ name: pulumi.Input; /** * Configuration block for the next step in the conversation. See `nextStep`. */ nextStep: pulumi.Input; /** * Configuration block for a list of message groups that Amazon Lex uses to respond to the user input. See `response`. */ response?: pulumi.Input; } export interface V2modelsIntentClosingSettingConditionalConditionalBranchCondition { /** * Expression string that is evaluated. */ expressionString: pulumi.Input; } export interface V2modelsIntentClosingSettingConditionalConditionalBranchNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentClosingSettingConditionalConditionalBranchNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentClosingSettingConditionalConditionalBranchNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentClosingSettingConditionalConditionalBranchNextStepIntentSlot { mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentClosingSettingConditionalConditionalBranchNextStepIntentSlotValue { interpretedValue?: pulumi.Input; } export interface V2modelsIntentClosingSettingConditionalConditionalBranchResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentClosingSettingConditionalConditionalBranchResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentClosingSettingConditionalConditionalBranchResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentClosingSettingConditionalConditionalBranchResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentClosingSettingConditionalConditionalBranchResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentClosingSettingConditionalConditionalBranchResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentClosingSettingConditionalConditionalBranchResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentClosingSettingConditionalConditionalBranchResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentClosingSettingConditionalConditionalBranchResponseMessageGroupVariation { customPayload?: pulumi.Input; imageResponseCard?: pulumi.Input; plainTextMessage?: pulumi.Input; ssmlMessage?: pulumi.Input; } export interface V2modelsIntentClosingSettingConditionalConditionalBranchResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentClosingSettingConditionalConditionalBranchResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentClosingSettingConditionalConditionalBranchResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentClosingSettingConditionalConditionalBranchResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentClosingSettingConditionalConditionalBranchResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentClosingSettingConditionalDefaultBranch { /** * Configuration block for the next step in the conversation. See `nextStep`. */ nextStep?: pulumi.Input; /** * Configuration block for a list of message groups that Amazon Lex uses to respond to the user input. See `response`. */ response?: pulumi.Input; } export interface V2modelsIntentClosingSettingConditionalDefaultBranchNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentClosingSettingConditionalDefaultBranchNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentClosingSettingConditionalDefaultBranchNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentClosingSettingConditionalDefaultBranchNextStepIntentSlot { mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentClosingSettingConditionalDefaultBranchNextStepIntentSlotValue { interpretedValue?: pulumi.Input; } export interface V2modelsIntentClosingSettingConditionalDefaultBranchResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentClosingSettingConditionalDefaultBranchResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentClosingSettingConditionalDefaultBranchResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentClosingSettingConditionalDefaultBranchResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentClosingSettingConditionalDefaultBranchResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentClosingSettingConditionalDefaultBranchResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentClosingSettingConditionalDefaultBranchResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentClosingSettingConditionalDefaultBranchResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentClosingSettingConditionalDefaultBranchResponseMessageGroupVariation { customPayload?: pulumi.Input; imageResponseCard?: pulumi.Input; plainTextMessage?: pulumi.Input; ssmlMessage?: pulumi.Input; } export interface V2modelsIntentClosingSettingConditionalDefaultBranchResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentClosingSettingConditionalDefaultBranchResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentClosingSettingConditionalDefaultBranchResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentClosingSettingConditionalDefaultBranchResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentClosingSettingConditionalDefaultBranchResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentClosingSettingNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentClosingSettingNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentClosingSettingNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentClosingSettingNextStepIntentSlot { mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentClosingSettingNextStepIntentSlotValue { interpretedValue?: pulumi.Input; } export interface V2modelsIntentConfirmationSetting { /** * Whether the intent's confirmation is sent to the user. When this field is false, confirmation and declination responses aren't sent. If the active field isn't specified, the default is true. */ active?: pulumi.Input; /** * Configuration block for the intent's confirmation step. The dialog code hook is triggered based on these invocation settings when the confirmation next step or declination next step or failure next step is `invokeDialogCodeHook`. See `codeHook`. */ codeHook?: pulumi.Input; /** * Configuration block for conditional branches to evaluate after the intent is closed. See `confirmationConditional`. */ confirmationConditional?: pulumi.Input; /** * Configuration block for the next step that the bot executes when the customer confirms the intent. See `confirmationNextStep`. */ confirmationNextStep?: pulumi.Input; /** * Configuration block for message groups that Amazon Lex uses to respond the user input. See `confirmationResponse`. */ confirmationResponse?: pulumi.Input; /** * Configuration block for conditional branches to evaluate after the intent is declined. See `declinationConditional`. */ declinationConditional?: pulumi.Input; /** * Configuration block for the next step that the bot executes when the customer declines the intent. See `declinationNextStep`. */ declinationNextStep?: pulumi.Input; /** * Configuration block for when the user answers "no" to the question defined in `promptSpecification`, Amazon Lex responds with this response to acknowledge that the intent was canceled. See `declinationResponse`. */ declinationResponse?: pulumi.Input; /** * Configuration block for when the code hook is invoked during confirmation prompt retries. See `elicitationCodeHook`. */ elicitationCodeHook?: pulumi.Input; /** * Configuration block for conditional branches. Branches are evaluated in the order that they are entered in the list. The first branch with a condition that evaluates to true is executed. The last branch in the list is the default branch. The default branch should not have any condition expression. The default branch is executed if no other branch has a matching condition. See `failureConditional`. */ failureConditional?: pulumi.Input; /** * Configuration block for the next step to take in the conversation if the confirmation step fails. See `failureNextStep`. */ failureNextStep?: pulumi.Input; /** * Configuration block for message groups that Amazon Lex uses to respond the user input. See `failureResponse`. */ failureResponse?: pulumi.Input; /** * Configuration block for prompting the user to confirm the intent. This question should have a yes or no answer. Amazon Lex uses this prompt to ensure that the user acknowledges that the intent is ready for fulfillment. See `promptSpecification`. */ promptSpecification: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHook { /** * Whether a dialog code hook is used when the intent is activated. */ active: pulumi.Input; /** * Whether a Lambda function should be invoked for the dialog. */ enableCodeHookInvocation: pulumi.Input; /** * Label that indicates the dialog step from which the dialog code hook is happening. */ invocationLabel?: pulumi.Input; /** * Configuration block that contains the responses and actions that Amazon Lex takes after the Lambda function is complete. See `postCodeHookSpecification`. */ postCodeHookSpecification: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecification { /** * Configuration block for conditional branches to evaluate after the dialog code hook throws an exception or returns with the State field of the Intent object set to Failed. */ failureConditional?: pulumi.Input; /** * Configuration block for the next step the bot runs after the dialog code hook throws an exception or returns with the State field of the Intent object set to Failed . See `failureNextStep`. */ failureNextStep?: pulumi.Input; /** * Configuration block for message groups that Amazon Lex uses to respond the user input. See `failureResponse`. */ failureResponse?: pulumi.Input; /** * Configuration block for conditional branches to evaluate after the dialog code hook finishes successfully. See `successConditional`. */ successConditional?: pulumi.Input; /** * Configuration block for the next step the bot runs after the dialog code hook finishes successfully. See `successNextStep`. */ successNextStep?: pulumi.Input; /** * Configuration block for message groups that Amazon Lex uses to respond the user input. See `successResponse`. */ successResponse?: pulumi.Input; /** * Configuration block for conditional branches to evaluate if the code hook times out. See `timeoutConditional`. */ timeoutConditional?: pulumi.Input; /** * Configuration block for the next step that the bot runs when the code hook times out. See `timeoutNextStep`. */ timeoutNextStep?: pulumi.Input; /** * Configuration block for a list of message groups that Amazon Lex uses to respond the user input. See `timeoutResponse`. */ timeoutResponse?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditional { /** * Whether a conditional branch is active. When active is false, the conditions are not evaluated. */ active: pulumi.Input; /** * Configuration blocks for conditional branches. A conditional branch is made up of a condition, a response and a next step. The response and next step are executed when the condition is true. See `conditionalBranch`. */ conditionalBranches?: pulumi.Input[]>; /** * Configuration block for the conditional branch that should be followed when the conditions for other branches are not satisfied. A branch is made up of a condition, a response and a next step. See `defaultBranch`. */ defaultBranch: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranch { /** * Configuration block for the expression to evaluate. If the condition is true, the branch's actions are taken. See `condition`. */ condition: pulumi.Input; /** * Name of the branch. */ name: pulumi.Input; /** * Configuration block for the next step in the conversation. See `nextStep`. */ nextStep: pulumi.Input; /** * Configuration block for a list of message groups that Amazon Lex uses to respond to the user input. See `response`. */ response?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchCondition { /** * Expression string that is evaluated. */ expressionString: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchNextStepIntentSlot { mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchNextStepIntentSlotValue { interpretedValue?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchResponseMessageGroupVariation { customPayload?: pulumi.Input; imageResponseCard?: pulumi.Input; plainTextMessage?: pulumi.Input; ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranch { /** * Configuration block for the next step in the conversation. See `nextStep`. */ nextStep?: pulumi.Input; /** * Configuration block for a list of message groups that Amazon Lex uses to respond to the user input. See `response`. */ response?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchNextStepIntentSlot { mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchNextStepIntentSlotValue { interpretedValue?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchResponseMessageGroupVariation { customPayload?: pulumi.Input; imageResponseCard?: pulumi.Input; plainTextMessage?: pulumi.Input; ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureNextStepIntentSlot { mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureNextStepIntentSlotValue { interpretedValue?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureResponseMessageGroupVariation { customPayload?: pulumi.Input; imageResponseCard?: pulumi.Input; plainTextMessage?: pulumi.Input; ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationFailureResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditional { /** * Whether a conditional branch is active. When active is false, the conditions are not evaluated. */ active: pulumi.Input; /** * Configuration blocks for conditional branches. A conditional branch is made up of a condition, a response and a next step. The response and next step are executed when the condition is true. See `conditionalBranch`. */ conditionalBranches?: pulumi.Input[]>; /** * Configuration block for the conditional branch that should be followed when the conditions for other branches are not satisfied. A branch is made up of a condition, a response and a next step. See `defaultBranch`. */ defaultBranch: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranch { /** * Configuration block for the expression to evaluate. If the condition is true, the branch's actions are taken. See `condition`. */ condition: pulumi.Input; /** * Name of the branch. */ name: pulumi.Input; /** * Configuration block for the next step in the conversation. See `nextStep`. */ nextStep: pulumi.Input; /** * Configuration block for a list of message groups that Amazon Lex uses to respond to the user input. See `response`. */ response?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchCondition { /** * Expression string that is evaluated. */ expressionString: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchNextStepIntentSlot { mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchNextStepIntentSlotValue { interpretedValue?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchResponseMessageGroupVariation { customPayload?: pulumi.Input; imageResponseCard?: pulumi.Input; plainTextMessage?: pulumi.Input; ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranch { /** * Configuration block for the next step in the conversation. See `nextStep`. */ nextStep?: pulumi.Input; /** * Configuration block for a list of message groups that Amazon Lex uses to respond to the user input. See `response`. */ response?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchNextStepIntentSlot { mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchNextStepIntentSlotValue { interpretedValue?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchResponseMessageGroupVariation { customPayload?: pulumi.Input; imageResponseCard?: pulumi.Input; plainTextMessage?: pulumi.Input; ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessNextStepIntentSlot { mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessNextStepIntentSlotValue { interpretedValue?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessResponseMessageGroupVariation { customPayload?: pulumi.Input; imageResponseCard?: pulumi.Input; plainTextMessage?: pulumi.Input; ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationSuccessResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditional { /** * Whether a conditional branch is active. When active is false, the conditions are not evaluated. */ active: pulumi.Input; /** * Configuration blocks for conditional branches. A conditional branch is made up of a condition, a response and a next step. The response and next step are executed when the condition is true. See `conditionalBranch`. */ conditionalBranches?: pulumi.Input[]>; /** * Configuration block for the conditional branch that should be followed when the conditions for other branches are not satisfied. A branch is made up of a condition, a response and a next step. See `defaultBranch`. */ defaultBranch: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranch { /** * Configuration block for the expression to evaluate. If the condition is true, the branch's actions are taken. See `condition`. */ condition: pulumi.Input; /** * Name of the branch. */ name: pulumi.Input; /** * Configuration block for the next step in the conversation. See `nextStep`. */ nextStep: pulumi.Input; /** * Configuration block for a list of message groups that Amazon Lex uses to respond to the user input. See `response`. */ response?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchCondition { /** * Expression string that is evaluated. */ expressionString: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchNextStepIntentSlot { mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchNextStepIntentSlotValue { interpretedValue?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchResponseMessageGroupVariation { customPayload?: pulumi.Input; imageResponseCard?: pulumi.Input; plainTextMessage?: pulumi.Input; ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranch { /** * Configuration block for the next step in the conversation. See `nextStep`. */ nextStep?: pulumi.Input; /** * Configuration block for a list of message groups that Amazon Lex uses to respond to the user input. See `response`. */ response?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchNextStepIntentSlot { mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchNextStepIntentSlotValue { interpretedValue?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchResponseMessageGroupVariation { customPayload?: pulumi.Input; imageResponseCard?: pulumi.Input; plainTextMessage?: pulumi.Input; ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutNextStepIntentSlot { mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutNextStepIntentSlotValue { interpretedValue?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutResponseMessageGroupVariation { customPayload?: pulumi.Input; imageResponseCard?: pulumi.Input; plainTextMessage?: pulumi.Input; ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingCodeHookPostCodeHookSpecificationTimeoutResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationConditional { /** * Whether a conditional branch is active. When active is false, the conditions are not evaluated. */ active: pulumi.Input; /** * Configuration blocks for conditional branches. A conditional branch is made up of a condition, a response and a next step. The response and next step are executed when the condition is true. See `conditionalBranch`. */ conditionalBranches?: pulumi.Input[]>; /** * Configuration block for the conditional branch that should be followed when the conditions for other branches are not satisfied. A branch is made up of a condition, a response and a next step. See `defaultBranch`. */ defaultBranch: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalConditionalBranch { /** * Configuration block for the expression to evaluate. If the condition is true, the branch's actions are taken. See `condition`. */ condition: pulumi.Input; /** * Name of the branch. */ name: pulumi.Input; /** * Configuration block for the next step in the conversation. See `nextStep`. */ nextStep: pulumi.Input; /** * Configuration block for a list of message groups that Amazon Lex uses to respond to the user input. See `response`. */ response?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalConditionalBranchCondition { /** * Expression string that is evaluated. */ expressionString: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalConditionalBranchNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalConditionalBranchNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalConditionalBranchNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalConditionalBranchNextStepIntentSlot { mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalConditionalBranchNextStepIntentSlotValue { interpretedValue?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalConditionalBranchResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalConditionalBranchResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalConditionalBranchResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalConditionalBranchResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalConditionalBranchResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalConditionalBranchResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalConditionalBranchResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalConditionalBranchResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalConditionalBranchResponseMessageGroupVariation { customPayload?: pulumi.Input; imageResponseCard?: pulumi.Input; plainTextMessage?: pulumi.Input; ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalConditionalBranchResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalConditionalBranchResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalConditionalBranchResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalConditionalBranchResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalConditionalBranchResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalDefaultBranch { /** * Configuration block for the next step in the conversation. See `nextStep`. */ nextStep?: pulumi.Input; /** * Configuration block for a list of message groups that Amazon Lex uses to respond to the user input. See `response`. */ response?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalDefaultBranchNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalDefaultBranchNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalDefaultBranchNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalDefaultBranchNextStepIntentSlot { mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalDefaultBranchNextStepIntentSlotValue { interpretedValue?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalDefaultBranchResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalDefaultBranchResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalDefaultBranchResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalDefaultBranchResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalDefaultBranchResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalDefaultBranchResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalDefaultBranchResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalDefaultBranchResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalDefaultBranchResponseMessageGroupVariation { customPayload?: pulumi.Input; imageResponseCard?: pulumi.Input; plainTextMessage?: pulumi.Input; ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalDefaultBranchResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalDefaultBranchResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalDefaultBranchResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalDefaultBranchResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationConditionalDefaultBranchResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentConfirmationSettingConfirmationNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingConfirmationNextStepIntentSlot { mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationNextStepIntentSlotValue { interpretedValue?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingConfirmationResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingConfirmationResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationResponseMessageGroupVariation { customPayload?: pulumi.Input; imageResponseCard?: pulumi.Input; plainTextMessage?: pulumi.Input; ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingConfirmationResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationConditional { /** * Whether a conditional branch is active. When active is false, the conditions are not evaluated. */ active: pulumi.Input; /** * Configuration blocks for conditional branches. A conditional branch is made up of a condition, a response and a next step. The response and next step are executed when the condition is true. See `conditionalBranch`. */ conditionalBranches?: pulumi.Input[]>; /** * Configuration block for the conditional branch that should be followed when the conditions for other branches are not satisfied. A branch is made up of a condition, a response and a next step. See `defaultBranch`. */ defaultBranch: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalConditionalBranch { /** * Configuration block for the expression to evaluate. If the condition is true, the branch's actions are taken. See `condition`. */ condition: pulumi.Input; /** * Name of the branch. */ name: pulumi.Input; /** * Configuration block for the next step in the conversation. See `nextStep`. */ nextStep: pulumi.Input; /** * Configuration block for a list of message groups that Amazon Lex uses to respond to the user input. See `response`. */ response?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalConditionalBranchCondition { /** * Expression string that is evaluated. */ expressionString: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalConditionalBranchNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalConditionalBranchNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalConditionalBranchNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalConditionalBranchNextStepIntentSlot { mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalConditionalBranchNextStepIntentSlotValue { interpretedValue?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalConditionalBranchResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalConditionalBranchResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalConditionalBranchResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalConditionalBranchResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalConditionalBranchResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalConditionalBranchResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalConditionalBranchResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalConditionalBranchResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalConditionalBranchResponseMessageGroupVariation { customPayload?: pulumi.Input; imageResponseCard?: pulumi.Input; plainTextMessage?: pulumi.Input; ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalConditionalBranchResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalConditionalBranchResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalConditionalBranchResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalConditionalBranchResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalConditionalBranchResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalDefaultBranch { /** * Configuration block for the next step in the conversation. See `nextStep`. */ nextStep?: pulumi.Input; /** * Configuration block for a list of message groups that Amazon Lex uses to respond to the user input. See `response`. */ response?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalDefaultBranchNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalDefaultBranchNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalDefaultBranchNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalDefaultBranchNextStepIntentSlot { mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalDefaultBranchNextStepIntentSlotValue { interpretedValue?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalDefaultBranchResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalDefaultBranchResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalDefaultBranchResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalDefaultBranchResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalDefaultBranchResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalDefaultBranchResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalDefaultBranchResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalDefaultBranchResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalDefaultBranchResponseMessageGroupVariation { customPayload?: pulumi.Input; imageResponseCard?: pulumi.Input; plainTextMessage?: pulumi.Input; ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalDefaultBranchResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalDefaultBranchResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalDefaultBranchResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalDefaultBranchResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationConditionalDefaultBranchResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentConfirmationSettingDeclinationNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingDeclinationNextStepIntentSlot { mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationNextStepIntentSlotValue { interpretedValue?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingDeclinationResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingDeclinationResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationResponseMessageGroupVariation { customPayload?: pulumi.Input; imageResponseCard?: pulumi.Input; plainTextMessage?: pulumi.Input; ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingDeclinationResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingElicitationCodeHook { /** * Whether a Lambda function should be invoked for the dialog. */ enableCodeHookInvocation?: pulumi.Input; /** * Label that indicates the dialog step from which the dialog code hook is happening. */ invocationLabel?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureConditional { /** * Whether a conditional branch is active. When active is false, the conditions are not evaluated. */ active: pulumi.Input; /** * Configuration blocks for conditional branches. A conditional branch is made up of a condition, a response and a next step. The response and next step are executed when the condition is true. See `conditionalBranch`. */ conditionalBranches?: pulumi.Input[]>; /** * Configuration block for the conditional branch that should be followed when the conditions for other branches are not satisfied. A branch is made up of a condition, a response and a next step. See `defaultBranch`. */ defaultBranch: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureConditionalConditionalBranch { /** * Configuration block for the expression to evaluate. If the condition is true, the branch's actions are taken. See `condition`. */ condition: pulumi.Input; /** * Name of the branch. */ name: pulumi.Input; /** * Configuration block for the next step in the conversation. See `nextStep`. */ nextStep: pulumi.Input; /** * Configuration block for a list of message groups that Amazon Lex uses to respond to the user input. See `response`. */ response?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureConditionalConditionalBranchCondition { /** * Expression string that is evaluated. */ expressionString: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureConditionalConditionalBranchNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentConfirmationSettingFailureConditionalConditionalBranchNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureConditionalConditionalBranchNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingFailureConditionalConditionalBranchNextStepIntentSlot { mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureConditionalConditionalBranchNextStepIntentSlotValue { interpretedValue?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureConditionalConditionalBranchResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingFailureConditionalConditionalBranchResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingFailureConditionalConditionalBranchResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureConditionalConditionalBranchResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureConditionalConditionalBranchResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureConditionalConditionalBranchResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureConditionalConditionalBranchResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureConditionalConditionalBranchResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureConditionalConditionalBranchResponseMessageGroupVariation { customPayload?: pulumi.Input; imageResponseCard?: pulumi.Input; plainTextMessage?: pulumi.Input; ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureConditionalConditionalBranchResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureConditionalConditionalBranchResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureConditionalConditionalBranchResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureConditionalConditionalBranchResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureConditionalConditionalBranchResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureConditionalDefaultBranch { /** * Configuration block for the next step in the conversation. See `nextStep`. */ nextStep?: pulumi.Input; /** * Configuration block for a list of message groups that Amazon Lex uses to respond to the user input. See `response`. */ response?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureConditionalDefaultBranchNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentConfirmationSettingFailureConditionalDefaultBranchNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureConditionalDefaultBranchNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingFailureConditionalDefaultBranchNextStepIntentSlot { mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureConditionalDefaultBranchNextStepIntentSlotValue { interpretedValue?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureConditionalDefaultBranchResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingFailureConditionalDefaultBranchResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingFailureConditionalDefaultBranchResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureConditionalDefaultBranchResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureConditionalDefaultBranchResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureConditionalDefaultBranchResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureConditionalDefaultBranchResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureConditionalDefaultBranchResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureConditionalDefaultBranchResponseMessageGroupVariation { customPayload?: pulumi.Input; imageResponseCard?: pulumi.Input; plainTextMessage?: pulumi.Input; ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureConditionalDefaultBranchResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureConditionalDefaultBranchResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureConditionalDefaultBranchResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureConditionalDefaultBranchResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureConditionalDefaultBranchResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentConfirmationSettingFailureNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingFailureNextStepIntentSlot { mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureNextStepIntentSlotValue { interpretedValue?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingFailureResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingFailureResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureResponseMessageGroupVariation { customPayload?: pulumi.Input; imageResponseCard?: pulumi.Input; plainTextMessage?: pulumi.Input; ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingFailureResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingPromptSpecification { /** * Whether the user can interrupt a speech prompt from the bot. */ allowInterrupt?: pulumi.Input; /** * Maximum number of times the bot tries to elicit a response from the user using this prompt. */ maxRetries: pulumi.Input; /** * Configuration block for messages that Amazon Lex can send to the user. Amazon Lex chooses the actual message to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; /** * How a message is selected from a message group among retries. Valid values are `Random` and `Ordered`. */ messageSelectionStrategy?: pulumi.Input; /** * Configuration block for advanced settings on each attempt of the prompt. See `promptAttemptsSpecification`. */ promptAttemptsSpecifications?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingPromptSpecificationMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentConfirmationSettingPromptSpecificationMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingPromptSpecificationMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingPromptSpecificationMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingPromptSpecificationMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingPromptSpecificationMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingPromptSpecificationMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingPromptSpecificationMessageGroupVariation { customPayload?: pulumi.Input; imageResponseCard?: pulumi.Input; plainTextMessage?: pulumi.Input; ssmlMessage?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingPromptSpecificationMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingPromptSpecificationMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentConfirmationSettingPromptSpecificationMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingPromptSpecificationMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingPromptSpecificationMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentConfirmationSettingPromptSpecificationPromptAttemptsSpecification { /** * Whether the user can interrupt a speech prompt attempt from the bot. */ allowInterrupt?: pulumi.Input; /** * Configuration block for the allowed input types of the prompt attempt. See `allowedInputTypes`. */ allowedInputTypes: pulumi.Input; /** * Configuration block for settings on audio and DTMF input. See `audioAndDtmfInputSpecification`. */ audioAndDtmfInputSpecification?: pulumi.Input; /** * Which attempt to configure. Valid values are `Initial`, `Retry1`, `Retry2`, `Retry3`, `Retry4`, `Retry5`. */ mapBlockKey: pulumi.Input; /** * Configuration block for the settings on text input. See `textInputSpecification`. */ textInputSpecification?: pulumi.Input; } export interface V2modelsIntentConfirmationSettingPromptSpecificationPromptAttemptsSpecificationAllowedInputTypes { /** * Whether audio input is allowed. */ allowAudioInput: pulumi.Input; /** * Whether DTMF input is allowed. */ allowDtmfInput: pulumi.Input; } export interface V2modelsIntentConfirmationSettingPromptSpecificationPromptAttemptsSpecificationAudioAndDtmfInputSpecification { /** * Configuration block for the settings on audio input. See `audioSpecification`. */ audioSpecification?: pulumi.Input; /** * Configuration block for the settings on DTMF input. See `dtmfSpecification`. */ dtmfSpecification?: pulumi.Input; /** * Time for which a bot waits before assuming that the customer isn't going to speak or press a key. This timeout is shared between Audio and DTMF inputs. */ startTimeoutMs: pulumi.Input; } export interface V2modelsIntentConfirmationSettingPromptSpecificationPromptAttemptsSpecificationAudioAndDtmfInputSpecificationAudioSpecification { /** * Time for which a bot waits after the customer stops speaking to assume the utterance is finished. */ endTimeoutMs: pulumi.Input; /** * Time for how long Amazon Lex waits before speech input is truncated and the speech is returned to application. */ maxLengthMs: pulumi.Input; } export interface V2modelsIntentConfirmationSettingPromptSpecificationPromptAttemptsSpecificationAudioAndDtmfInputSpecificationDtmfSpecification { /** * DTMF character that clears the accumulated DTMF digits and immediately ends the input. */ deletionCharacter: pulumi.Input; /** * DTMF character that immediately ends input. If the user does not press this character, the input ends after the end timeout. */ endCharacter: pulumi.Input; /** * How long the bot should wait after the last DTMF character input before assuming that the input has concluded. */ endTimeoutMs: pulumi.Input; /** * Maximum number of DTMF digits allowed in an utterance. */ maxLength: pulumi.Input; } export interface V2modelsIntentConfirmationSettingPromptSpecificationPromptAttemptsSpecificationTextInputSpecification { /** * Time for which a bot waits before re-prompting a customer for text input. */ startTimeoutMs: pulumi.Input; } export interface V2modelsIntentDialogCodeHook { /** * Enables the dialog code hook so that it processes user requests. */ enabled: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHook { /** * Whether the fulfillment code hook is used. When active is false, the code hook doesn't run. */ active?: pulumi.Input; /** * Whether a Lambda function should be invoked to fulfill a specific intent. */ enabled: pulumi.Input; /** * Configuration block for settings for update messages sent to the user for long-running Lambda fulfillment functions. Fulfillment updates can be used only with streaming conversations. See `fulfillmentUpdatesSpecification`. */ fulfillmentUpdatesSpecification?: pulumi.Input; /** * Configuration block for settings for messages sent to the user for after the Lambda fulfillment function completes. Post-fulfillment messages can be sent for both streaming and non-streaming conversations. See `postFulfillmentStatusSpecification`. */ postFulfillmentStatusSpecification?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookFulfillmentUpdatesSpecification { /** * Whether fulfillment updates are sent to the user. When this field is true, updates are sent. If the active field is set to true, the `startResponse`, `updateResponse`, and `timeoutInSeconds` fields are required. */ active: pulumi.Input; /** * Configuration block for the message sent to users when the fulfillment Lambda functions starts running. */ startResponse?: pulumi.Input; /** * Length of time that the fulfillment Lambda function should run before it times out. */ timeoutInSeconds?: pulumi.Input; /** * Configuration block for messages sent periodically to the user while the fulfillment Lambda function is running. */ updateResponse?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookFulfillmentUpdatesSpecificationStartResponse { /** * Whether the user can interrupt the start message while it is playing. */ allowInterrupt?: pulumi.Input; /** * Delay between when the Lambda fulfillment function starts running and the start message is played. If the Lambda function returns before the delay is over, the start message isn't played. */ delayInSeconds?: pulumi.Input; /** * Between 1-5 configuration block message groups that contain start messages. Amazon Lex chooses one of the messages to play to the user. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentFulfillmentCodeHookFulfillmentUpdatesSpecificationStartResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentFulfillmentCodeHookFulfillmentUpdatesSpecificationStartResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookFulfillmentUpdatesSpecificationStartResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookFulfillmentUpdatesSpecificationStartResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookFulfillmentUpdatesSpecificationStartResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookFulfillmentUpdatesSpecificationStartResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookFulfillmentUpdatesSpecificationStartResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookFulfillmentUpdatesSpecificationStartResponseMessageGroupVariation { customPayload?: pulumi.Input; imageResponseCard?: pulumi.Input; plainTextMessage?: pulumi.Input; ssmlMessage?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookFulfillmentUpdatesSpecificationStartResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookFulfillmentUpdatesSpecificationStartResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookFulfillmentUpdatesSpecificationStartResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookFulfillmentUpdatesSpecificationStartResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookFulfillmentUpdatesSpecificationStartResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookFulfillmentUpdatesSpecificationUpdateResponse { /** * Whether the user can interrupt the start message while it is playing. */ allowInterrupt?: pulumi.Input; /** * Frequency that a message is sent to the user. When the period ends, Amazon Lex chooses a message from the message groups and plays it to the user. If the fulfillment Lambda returns before the first period ends, an update message is not played to the user. */ frequencyInSeconds: pulumi.Input; /** * Between 1-5 configuration block message groups that contain start messages. Amazon Lex chooses one of the messages to play to the user. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentFulfillmentCodeHookFulfillmentUpdatesSpecificationUpdateResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentFulfillmentCodeHookFulfillmentUpdatesSpecificationUpdateResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookFulfillmentUpdatesSpecificationUpdateResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookFulfillmentUpdatesSpecificationUpdateResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookFulfillmentUpdatesSpecificationUpdateResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookFulfillmentUpdatesSpecificationUpdateResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookFulfillmentUpdatesSpecificationUpdateResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookFulfillmentUpdatesSpecificationUpdateResponseMessageGroupVariation { customPayload?: pulumi.Input; imageResponseCard?: pulumi.Input; plainTextMessage?: pulumi.Input; ssmlMessage?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookFulfillmentUpdatesSpecificationUpdateResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookFulfillmentUpdatesSpecificationUpdateResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookFulfillmentUpdatesSpecificationUpdateResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookFulfillmentUpdatesSpecificationUpdateResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookFulfillmentUpdatesSpecificationUpdateResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecification { /** * Configuration block for conditional branches to evaluate after the dialog code hook throws an exception or returns with the State field of the Intent object set to Failed. See `failureConditional`. */ failureConditional?: pulumi.Input; /** * Configuration block for the next step the bot runs after the dialog code hook throws an exception or returns with the State field of the Intent object set to Failed. See `failureNextStep`. */ failureNextStep?: pulumi.Input; /** * Configuration block for message groups that Amazon Lex uses to respond the user input. See `failureResponse`. */ failureResponse?: pulumi.Input; /** * Configuration block for conditional branches to evaluate after the dialog code hook finishes successfully. See `successConditional`. */ successConditional?: pulumi.Input; /** * Configuration block for the next step the bot runs after the dialog code hook finishes successfully. See `successNextStep`. */ successNextStep?: pulumi.Input; /** * Configuration block for message groups that Amazon Lex uses to respond the user input. See `successResponse`. */ successResponse?: pulumi.Input; /** * Configuration block for conditional branches to evaluate if the code hook times out. See `timeoutConditional`. */ timeoutConditional?: pulumi.Input; /** * Configuration block for the next step that the bot runs when the code hook times out. See `timeoutNextStep`. */ timeoutNextStep?: pulumi.Input; /** * Configuration block for a list of message groups that Amazon Lex uses to respond the user input. See `timeoutResponse`. */ timeoutResponse?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditional { /** * Whether a conditional branch is active. When active is false, the conditions are not evaluated. */ active: pulumi.Input; /** * Configuration blocks for conditional branches. A conditional branch is made up of a condition, a response and a next step. The response and next step are executed when the condition is true. See `conditionalBranch`. */ conditionalBranches?: pulumi.Input[]>; /** * Configuration block for the conditional branch that should be followed when the conditions for other branches are not satisfied. A branch is made up of a condition, a response and a next step. See `defaultBranch`. */ defaultBranch: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalConditionalBranch { /** * Configuration block for the expression to evaluate. If the condition is true, the branch's actions are taken. See `condition`. */ condition: pulumi.Input; /** * Name of the branch. */ name: pulumi.Input; /** * Configuration block for the next step in the conversation. See `nextStep`. */ nextStep: pulumi.Input; /** * Configuration block for a list of message groups that Amazon Lex uses to respond to the user input. See `response`. */ response?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalConditionalBranchCondition { /** * Expression string that is evaluated. */ expressionString: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalConditionalBranchNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalConditionalBranchNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalConditionalBranchNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalConditionalBranchNextStepIntentSlot { mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalConditionalBranchNextStepIntentSlotValue { interpretedValue?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalConditionalBranchResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalConditionalBranchResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalConditionalBranchResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalConditionalBranchResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalConditionalBranchResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalConditionalBranchResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalConditionalBranchResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalConditionalBranchResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalConditionalBranchResponseMessageGroupVariation { customPayload?: pulumi.Input; imageResponseCard?: pulumi.Input; plainTextMessage?: pulumi.Input; ssmlMessage?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalConditionalBranchResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalConditionalBranchResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalConditionalBranchResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalConditionalBranchResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalConditionalBranchResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalDefaultBranch { /** * Configuration block for the next step in the conversation. See `nextStep`. */ nextStep?: pulumi.Input; /** * Configuration block for a list of message groups that Amazon Lex uses to respond to the user input. See `response`. */ response?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalDefaultBranchNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalDefaultBranchNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalDefaultBranchNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalDefaultBranchNextStepIntentSlot { mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalDefaultBranchNextStepIntentSlotValue { interpretedValue?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalDefaultBranchResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalDefaultBranchResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalDefaultBranchResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalDefaultBranchResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalDefaultBranchResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalDefaultBranchResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalDefaultBranchResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalDefaultBranchResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalDefaultBranchResponseMessageGroupVariation { customPayload?: pulumi.Input; imageResponseCard?: pulumi.Input; plainTextMessage?: pulumi.Input; ssmlMessage?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalDefaultBranchResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalDefaultBranchResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalDefaultBranchResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalDefaultBranchResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureConditionalDefaultBranchResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureNextStepIntentSlot { mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureNextStepIntentSlotValue { interpretedValue?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureResponseMessageGroupVariation { customPayload?: pulumi.Input; imageResponseCard?: pulumi.Input; plainTextMessage?: pulumi.Input; ssmlMessage?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationFailureResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditional { /** * Whether a conditional branch is active. When active is false, the conditions are not evaluated. */ active: pulumi.Input; /** * Configuration blocks for conditional branches. A conditional branch is made up of a condition, a response and a next step. The response and next step are executed when the condition is true. See `conditionalBranch`. */ conditionalBranches?: pulumi.Input[]>; /** * Configuration block for the conditional branch that should be followed when the conditions for other branches are not satisfied. A branch is made up of a condition, a response and a next step. See `defaultBranch`. */ defaultBranch: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalConditionalBranch { /** * Configuration block for the expression to evaluate. If the condition is true, the branch's actions are taken. See `condition`. */ condition: pulumi.Input; /** * Name of the branch. */ name: pulumi.Input; /** * Configuration block for the next step in the conversation. See `nextStep`. */ nextStep: pulumi.Input; /** * Configuration block for a list of message groups that Amazon Lex uses to respond to the user input. See `response`. */ response?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalConditionalBranchCondition { /** * Expression string that is evaluated. */ expressionString: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalConditionalBranchNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalConditionalBranchNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalConditionalBranchNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalConditionalBranchNextStepIntentSlot { mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalConditionalBranchNextStepIntentSlotValue { interpretedValue?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalConditionalBranchResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalConditionalBranchResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalConditionalBranchResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalConditionalBranchResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalConditionalBranchResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalConditionalBranchResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalConditionalBranchResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalConditionalBranchResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalConditionalBranchResponseMessageGroupVariation { customPayload?: pulumi.Input; imageResponseCard?: pulumi.Input; plainTextMessage?: pulumi.Input; ssmlMessage?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalConditionalBranchResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalConditionalBranchResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalConditionalBranchResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalConditionalBranchResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalConditionalBranchResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalDefaultBranch { /** * Configuration block for the next step in the conversation. See `nextStep`. */ nextStep?: pulumi.Input; /** * Configuration block for a list of message groups that Amazon Lex uses to respond to the user input. See `response`. */ response?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalDefaultBranchNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalDefaultBranchNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalDefaultBranchNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalDefaultBranchNextStepIntentSlot { mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalDefaultBranchNextStepIntentSlotValue { interpretedValue?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalDefaultBranchResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalDefaultBranchResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalDefaultBranchResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalDefaultBranchResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalDefaultBranchResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalDefaultBranchResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalDefaultBranchResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalDefaultBranchResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalDefaultBranchResponseMessageGroupVariation { customPayload?: pulumi.Input; imageResponseCard?: pulumi.Input; plainTextMessage?: pulumi.Input; ssmlMessage?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalDefaultBranchResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalDefaultBranchResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalDefaultBranchResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalDefaultBranchResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessConditionalDefaultBranchResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessNextStepIntentSlot { mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessNextStepIntentSlotValue { interpretedValue?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessResponseMessageGroupVariation { customPayload?: pulumi.Input; imageResponseCard?: pulumi.Input; plainTextMessage?: pulumi.Input; ssmlMessage?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationSuccessResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditional { /** * Whether a conditional branch is active. When active is false, the conditions are not evaluated. */ active: pulumi.Input; /** * Configuration blocks for conditional branches. A conditional branch is made up of a condition, a response and a next step. The response and next step are executed when the condition is true. See `conditionalBranch`. */ conditionalBranches?: pulumi.Input[]>; /** * Configuration block for the conditional branch that should be followed when the conditions for other branches are not satisfied. A branch is made up of a condition, a response and a next step. See `defaultBranch`. */ defaultBranch: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalConditionalBranch { /** * Configuration block for the expression to evaluate. If the condition is true, the branch's actions are taken. See `condition`. */ condition: pulumi.Input; /** * Name of the branch. */ name: pulumi.Input; /** * Configuration block for the next step in the conversation. See `nextStep`. */ nextStep: pulumi.Input; /** * Configuration block for a list of message groups that Amazon Lex uses to respond to the user input. See `response`. */ response?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalConditionalBranchCondition { /** * Expression string that is evaluated. */ expressionString: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalConditionalBranchNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalConditionalBranchNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalConditionalBranchNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalConditionalBranchNextStepIntentSlot { mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalConditionalBranchNextStepIntentSlotValue { interpretedValue?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalConditionalBranchResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalConditionalBranchResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalConditionalBranchResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalConditionalBranchResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalConditionalBranchResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalConditionalBranchResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalConditionalBranchResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalConditionalBranchResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalConditionalBranchResponseMessageGroupVariation { customPayload?: pulumi.Input; imageResponseCard?: pulumi.Input; plainTextMessage?: pulumi.Input; ssmlMessage?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalConditionalBranchResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalConditionalBranchResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalConditionalBranchResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalConditionalBranchResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalConditionalBranchResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalDefaultBranch { /** * Configuration block for the next step in the conversation. See `nextStep`. */ nextStep?: pulumi.Input; /** * Configuration block for a list of message groups that Amazon Lex uses to respond to the user input. See `response`. */ response?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalDefaultBranchNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalDefaultBranchNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalDefaultBranchNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalDefaultBranchNextStepIntentSlot { mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalDefaultBranchNextStepIntentSlotValue { interpretedValue?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalDefaultBranchResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalDefaultBranchResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalDefaultBranchResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalDefaultBranchResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalDefaultBranchResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalDefaultBranchResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalDefaultBranchResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalDefaultBranchResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalDefaultBranchResponseMessageGroupVariation { customPayload?: pulumi.Input; imageResponseCard?: pulumi.Input; plainTextMessage?: pulumi.Input; ssmlMessage?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalDefaultBranchResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalDefaultBranchResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalDefaultBranchResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalDefaultBranchResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutConditionalDefaultBranchResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutNextStepIntentSlot { mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutNextStepIntentSlotValue { interpretedValue?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutResponseMessageGroupVariation { customPayload?: pulumi.Input; imageResponseCard?: pulumi.Input; plainTextMessage?: pulumi.Input; ssmlMessage?: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentFulfillmentCodeHookPostFulfillmentStatusSpecificationTimeoutResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSetting { /** * Configuration block for the dialog code hook that is called by Amazon Lex at a step of the conversation. See `codeHook`. */ codeHook?: pulumi.Input; /** * Configuration block for conditional branches. Branches are evaluated in the order that they are entered in the list. The first branch with a condition that evaluates to true is executed. The last branch in the list is the default branch. The default branch should not have any condition expression. The default branch is executed if no other branch has a matching condition. See `conditional`. */ conditional?: pulumi.Input; /** * Configuration block for message groups that Amazon Lex uses to respond the user input. See `initialResponse`. */ initialResponse?: pulumi.Input; /** * Configuration block for the next step in the conversation. See `nextStep`. */ nextStep?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHook { /** * Whether a dialog code hook is used when the intent is activated. */ active: pulumi.Input; /** * Whether a Lambda function should be invoked for the dialog. */ enableCodeHookInvocation: pulumi.Input; /** * Label that indicates the dialog step from which the dialog code hook is happening. */ invocationLabel?: pulumi.Input; /** * Configuration block that contains the responses and actions that Amazon Lex takes after the Lambda function is complete. See `postCodeHookSpecification`. */ postCodeHookSpecification: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecification { /** * Configuration block for conditional branches to evaluate after the dialog code hook throws an exception or returns with the State field of the Intent object set to Failed. */ failureConditional?: pulumi.Input; /** * Configuration block for the next step the bot runs after the dialog code hook throws an exception or returns with the State field of the Intent object set to Failed . See `failureNextStep`. */ failureNextStep?: pulumi.Input; /** * Configuration block for message groups that Amazon Lex uses to respond the user input. See `failureResponse`. */ failureResponse?: pulumi.Input; /** * Configuration block for conditional branches to evaluate after the dialog code hook finishes successfully. See `successConditional`. */ successConditional?: pulumi.Input; /** * Configuration block for the next step the bot runs after the dialog code hook finishes successfully. See `successNextStep`. */ successNextStep?: pulumi.Input; /** * Configuration block for message groups that Amazon Lex uses to respond the user input. See `successResponse`. */ successResponse?: pulumi.Input; /** * Configuration block for conditional branches to evaluate if the code hook times out. See `timeoutConditional`. */ timeoutConditional?: pulumi.Input; /** * Configuration block for the next step that the bot runs when the code hook times out. See `timeoutNextStep`. */ timeoutNextStep?: pulumi.Input; /** * Configuration block for a list of message groups that Amazon Lex uses to respond the user input. See `timeoutResponse`. */ timeoutResponse?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditional { /** * Whether a conditional branch is active. When active is false, the conditions are not evaluated. */ active: pulumi.Input; /** * Configuration blocks for conditional branches. A conditional branch is made up of a condition, a response and a next step. The response and next step are executed when the condition is true. See `conditionalBranch`. */ conditionalBranches?: pulumi.Input[]>; /** * Configuration block for the conditional branch that should be followed when the conditions for other branches are not satisfied. A branch is made up of a condition, a response and a next step. See `defaultBranch`. */ defaultBranch: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranch { /** * Configuration block for the expression to evaluate. If the condition is true, the branch's actions are taken. See `condition`. */ condition: pulumi.Input; /** * Name of the branch. */ name: pulumi.Input; /** * Configuration block for the next step in the conversation. See `nextStep`. */ nextStep: pulumi.Input; /** * Configuration block for a list of message groups that Amazon Lex uses to respond to the user input. See `response`. */ response?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchCondition { /** * Expression string that is evaluated. */ expressionString: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchNextStepIntentSlot { mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchNextStepIntentSlotValue { interpretedValue?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchResponseMessageGroupVariation { customPayload?: pulumi.Input; imageResponseCard?: pulumi.Input; plainTextMessage?: pulumi.Input; ssmlMessage?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalConditionalBranchResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranch { /** * Configuration block for the next step in the conversation. See `nextStep`. */ nextStep?: pulumi.Input; /** * Configuration block for a list of message groups that Amazon Lex uses to respond to the user input. See `response`. */ response?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchNextStepIntentSlot { mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchNextStepIntentSlotValue { interpretedValue?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchResponseMessageGroupVariation { customPayload?: pulumi.Input; imageResponseCard?: pulumi.Input; plainTextMessage?: pulumi.Input; ssmlMessage?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureConditionalDefaultBranchResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureNextStepIntentSlot { mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureNextStepIntentSlotValue { interpretedValue?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureResponseMessageGroupVariation { customPayload?: pulumi.Input; imageResponseCard?: pulumi.Input; plainTextMessage?: pulumi.Input; ssmlMessage?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationFailureResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditional { /** * Whether a conditional branch is active. When active is false, the conditions are not evaluated. */ active: pulumi.Input; /** * Configuration blocks for conditional branches. A conditional branch is made up of a condition, a response and a next step. The response and next step are executed when the condition is true. See `conditionalBranch`. */ conditionalBranches?: pulumi.Input[]>; /** * Configuration block for the conditional branch that should be followed when the conditions for other branches are not satisfied. A branch is made up of a condition, a response and a next step. See `defaultBranch`. */ defaultBranch: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranch { /** * Configuration block for the expression to evaluate. If the condition is true, the branch's actions are taken. See `condition`. */ condition: pulumi.Input; /** * Name of the branch. */ name: pulumi.Input; /** * Configuration block for the next step in the conversation. See `nextStep`. */ nextStep: pulumi.Input; /** * Configuration block for a list of message groups that Amazon Lex uses to respond to the user input. See `response`. */ response?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchCondition { /** * Expression string that is evaluated. */ expressionString: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchNextStepIntentSlot { mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchNextStepIntentSlotValue { interpretedValue?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchResponseMessageGroupVariation { customPayload?: pulumi.Input; imageResponseCard?: pulumi.Input; plainTextMessage?: pulumi.Input; ssmlMessage?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalConditionalBranchResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranch { /** * Configuration block for the next step in the conversation. See `nextStep`. */ nextStep?: pulumi.Input; /** * Configuration block for a list of message groups that Amazon Lex uses to respond to the user input. See `response`. */ response?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchNextStepIntentSlot { mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchNextStepIntentSlotValue { interpretedValue?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchResponseMessageGroupVariation { customPayload?: pulumi.Input; imageResponseCard?: pulumi.Input; plainTextMessage?: pulumi.Input; ssmlMessage?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessConditionalDefaultBranchResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessNextStepIntentSlot { mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessNextStepIntentSlotValue { interpretedValue?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessResponseMessageGroupVariation { customPayload?: pulumi.Input; imageResponseCard?: pulumi.Input; plainTextMessage?: pulumi.Input; ssmlMessage?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationSuccessResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditional { /** * Whether a conditional branch is active. When active is false, the conditions are not evaluated. */ active: pulumi.Input; /** * Configuration blocks for conditional branches. A conditional branch is made up of a condition, a response and a next step. The response and next step are executed when the condition is true. See `conditionalBranch`. */ conditionalBranches?: pulumi.Input[]>; /** * Configuration block for the conditional branch that should be followed when the conditions for other branches are not satisfied. A branch is made up of a condition, a response and a next step. See `defaultBranch`. */ defaultBranch: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranch { /** * Configuration block for the expression to evaluate. If the condition is true, the branch's actions are taken. See `condition`. */ condition: pulumi.Input; /** * Name of the branch. */ name: pulumi.Input; /** * Configuration block for the next step in the conversation. See `nextStep`. */ nextStep: pulumi.Input; /** * Configuration block for a list of message groups that Amazon Lex uses to respond to the user input. See `response`. */ response?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchCondition { /** * Expression string that is evaluated. */ expressionString: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchNextStepIntentSlot { mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchNextStepIntentSlotValue { interpretedValue?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchResponseMessageGroupVariation { customPayload?: pulumi.Input; imageResponseCard?: pulumi.Input; plainTextMessage?: pulumi.Input; ssmlMessage?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalConditionalBranchResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranch { /** * Configuration block for the next step in the conversation. See `nextStep`. */ nextStep?: pulumi.Input; /** * Configuration block for a list of message groups that Amazon Lex uses to respond to the user input. See `response`. */ response?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchNextStepIntentSlot { mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchNextStepIntentSlotValue { interpretedValue?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchResponseMessageGroupVariation { customPayload?: pulumi.Input; imageResponseCard?: pulumi.Input; plainTextMessage?: pulumi.Input; ssmlMessage?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutConditionalDefaultBranchResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutNextStepIntentSlot { mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutNextStepIntentSlotValue { interpretedValue?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutResponseMessageGroupVariation { customPayload?: pulumi.Input; imageResponseCard?: pulumi.Input; plainTextMessage?: pulumi.Input; ssmlMessage?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingCodeHookPostCodeHookSpecificationTimeoutResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingConditional { /** * Whether a conditional branch is active. When active is false, the conditions are not evaluated. */ active: pulumi.Input; /** * Configuration blocks for conditional branches. A conditional branch is made up of a condition, a response and a next step. The response and next step are executed when the condition is true. See `conditionalBranch`. */ conditionalBranches?: pulumi.Input[]>; /** * Configuration block for the conditional branch that should be followed when the conditions for other branches are not satisfied. A branch is made up of a condition, a response and a next step. See `defaultBranch`. */ defaultBranch: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingConditionalConditionalBranch { /** * Configuration block for the expression to evaluate. If the condition is true, the branch's actions are taken. See `condition`. */ condition: pulumi.Input; /** * Name of the branch. */ name: pulumi.Input; /** * Configuration block for the next step in the conversation. See `nextStep`. */ nextStep: pulumi.Input; /** * Configuration block for a list of message groups that Amazon Lex uses to respond to the user input. See `response`. */ response?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingConditionalConditionalBranchCondition { /** * Expression string that is evaluated. */ expressionString: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingConditionalConditionalBranchNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentInitialResponseSettingConditionalConditionalBranchNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingConditionalConditionalBranchNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentInitialResponseSettingConditionalConditionalBranchNextStepIntentSlot { mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingConditionalConditionalBranchNextStepIntentSlotValue { interpretedValue?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingConditionalConditionalBranchResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentInitialResponseSettingConditionalConditionalBranchResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentInitialResponseSettingConditionalConditionalBranchResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingConditionalConditionalBranchResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingConditionalConditionalBranchResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingConditionalConditionalBranchResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingConditionalConditionalBranchResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingConditionalConditionalBranchResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingConditionalConditionalBranchResponseMessageGroupVariation { customPayload?: pulumi.Input; imageResponseCard?: pulumi.Input; plainTextMessage?: pulumi.Input; ssmlMessage?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingConditionalConditionalBranchResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingConditionalConditionalBranchResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingConditionalConditionalBranchResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingConditionalConditionalBranchResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingConditionalConditionalBranchResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingConditionalDefaultBranch { /** * Configuration block for the next step in the conversation. See `nextStep`. */ nextStep?: pulumi.Input; /** * Configuration block for a list of message groups that Amazon Lex uses to respond to the user input. See `response`. */ response?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingConditionalDefaultBranchNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentInitialResponseSettingConditionalDefaultBranchNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingConditionalDefaultBranchNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentInitialResponseSettingConditionalDefaultBranchNextStepIntentSlot { mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingConditionalDefaultBranchNextStepIntentSlotValue { interpretedValue?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingConditionalDefaultBranchResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentInitialResponseSettingConditionalDefaultBranchResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentInitialResponseSettingConditionalDefaultBranchResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingConditionalDefaultBranchResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingConditionalDefaultBranchResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingConditionalDefaultBranchResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingConditionalDefaultBranchResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingConditionalDefaultBranchResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingConditionalDefaultBranchResponseMessageGroupVariation { customPayload?: pulumi.Input; imageResponseCard?: pulumi.Input; plainTextMessage?: pulumi.Input; ssmlMessage?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingConditionalDefaultBranchResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingConditionalDefaultBranchResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingConditionalDefaultBranchResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingConditionalDefaultBranchResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingConditionalDefaultBranchResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingInitialResponse { /** * Whether the user can interrupt a speech response from Amazon Lex. */ allowInterrupt?: pulumi.Input; /** * Configuration blocks for responses that Amazon Lex can send to the user. Amazon Lex chooses the actual response to send at runtime. See `messageGroup`. */ messageGroups?: pulumi.Input[]>; } export interface V2modelsIntentInitialResponseSettingInitialResponseMessageGroup { /** * Configuration block for the primary message that Amazon Lex should send to the user. See `message`. */ message: pulumi.Input; /** * Configuration blocks for message variations to send to the user. When variations are defined, Amazon Lex chooses the primary message or one of the variations to send to the user. See `variation`. */ variations?: pulumi.Input[]>; } export interface V2modelsIntentInitialResponseSettingInitialResponseMessageGroupMessage { /** * Configuration block for a message in a custom format defined by the client application. See `customPayload`. */ customPayload?: pulumi.Input; /** * Configuration block for a message that defines a response card that the client application can show to the user. See `imageResponseCard`. */ imageResponseCard?: pulumi.Input; /** * Configuration block for a message in plain text format. See `plainTextMessage`. */ plainTextMessage?: pulumi.Input; /** * Configuration block for a message in Speech Synthesis Markup Language (SSML). See `ssmlMessage`. */ ssmlMessage?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingInitialResponseMessageGroupMessageCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingInitialResponseMessageGroupMessageImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingInitialResponseMessageGroupMessageImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingInitialResponseMessageGroupMessagePlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingInitialResponseMessageGroupMessageSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingInitialResponseMessageGroupVariation { customPayload?: pulumi.Input; imageResponseCard?: pulumi.Input; plainTextMessage?: pulumi.Input; ssmlMessage?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingInitialResponseMessageGroupVariationCustomPayload { /** * String that is sent to your application. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingInitialResponseMessageGroupVariationImageResponseCard { /** * Configuration blocks for buttons that should be displayed on the response card. The arrangement of the buttons is determined by the platform that displays the button. See `button`. */ buttons?: pulumi.Input[]>; /** * URL of an image to display on the response card. The image URL must be publicly available so that the platform displaying the response card has access to the image. */ imageUrl?: pulumi.Input; /** * Subtitle to display on the response card. The format of the subtitle is determined by the platform displaying the response card. */ subtitle?: pulumi.Input; /** * Title to display on the response card. The format of the title is determined by the platform displaying the response card. */ title: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingInitialResponseMessageGroupVariationImageResponseCardButton { /** * Text that appears on the button. Use this to tell the user what value is returned when they choose this button. */ text: pulumi.Input; /** * Value returned to Amazon Lex when the user chooses this button. This must be one of the slot values configured for the slot. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingInitialResponseMessageGroupVariationPlainTextMessage { /** * Message to send to the user. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingInitialResponseMessageGroupVariationSsmlMessage { /** * SSML text that defines the prompt. */ value: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingNextStep { /** * Configuration block for action that the bot executes at runtime when the conversation reaches this step. See `dialogAction`. */ dialogAction?: pulumi.Input; /** * Configuration block for override settings to configure the intent state. See `intent`. */ intent?: pulumi.Input; /** * Map of key/value pairs representing session-specific context information. It contains application information passed between Amazon Lex and a client application. */ sessionAttributes?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface V2modelsIntentInitialResponseSettingNextStepDialogAction { /** * If the dialog action is `ElicitSlot`, defines the slot to elicit from the user. */ slotToElicit?: pulumi.Input; /** * Whether the next message for the intent is _not_ used. */ suppressNextMessage?: pulumi.Input; /** * Action that the bot should execute. Valid values are `ElicitIntent`, `StartIntent`, `ElicitSlot`, `EvaluateConditional`, `InvokeDialogCodeHook`, `ConfirmIntent`, `FulfillIntent`, `CloseIntent`, `EndConversation`. */ type: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingNextStepIntent { /** * Name of the intent. */ name?: pulumi.Input; /** * Configuration block for all of the slot value overrides for the intent. The name of the slot maps to the value of the slot. Slots that are not included in the map aren't overridden. See `slot`. */ slots?: pulumi.Input[]>; } export interface V2modelsIntentInitialResponseSettingNextStepIntentSlot { mapBlockKey: pulumi.Input; /** * When the shape value is `List`, `values` contains a list of slot values. When the value is `Scalar`, `value` contains a single value. */ shape?: pulumi.Input; /** * Configuration block for the current value of the slot. See `value`. */ value?: pulumi.Input; } export interface V2modelsIntentInitialResponseSettingNextStepIntentSlotValue { interpretedValue?: pulumi.Input; } export interface V2modelsIntentInputContext { /** * Name of the context. */ name: pulumi.Input; } export interface V2modelsIntentKendraConfiguration { /** * ARN of the Amazon Kendra index that you want the AMAZON.KendraSearchIntent intent to search. The index must be in the same account and Region as the Amazon Lex bot. */ kendraIndex: pulumi.Input; /** * Query filter that Amazon Lex sends to Amazon Kendra to filter the response from a query. The filter is in the format defined by Amazon Kendra. For more information, see [Filtering queries](https://docs.aws.amazon.com/kendra/latest/dg/filtering.html). */ queryFilterString?: pulumi.Input; /** * Whether the AMAZON.KendraSearchIntent intent uses a custom query string to query the Amazon Kendra index. */ queryFilterStringEnabled?: pulumi.Input; } export interface V2modelsIntentOutputContext { /** * Name of the output context. */ name: pulumi.Input; /** * Amount of time, in seconds, that the output context should remain active. The time is figured from the first time the context is sent to the user. */ timeToLiveInSeconds: pulumi.Input; /** * Number of conversation turns that the output context should remain active. The number of turns is counted from the first time that the context is sent to the user. */ turnsToLive: pulumi.Input; } export interface V2modelsIntentSampleUtterance { /** * Sample utterance that Amazon Lex uses to build its machine-learning model to recognize intents. */ utterance: pulumi.Input; } export interface V2modelsIntentSlotPriority { /** * Priority that Amazon Lex should apply to the slot. */ priority: pulumi.Input; /** * Unique identifier of the slot. */ slotId: pulumi.Input; } export interface V2modelsIntentTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface V2modelsSlotMultipleValuesSetting { /** * Whether a slot can return multiple values. When `true`, the slot may return more than one value in a response. When `false`, the slot returns only a single value. Multi-value slots are only available in the `en-US` locale. */ allowMultipleValues?: pulumi.Input; } export interface V2modelsSlotObfuscationSetting { /** * Whether Amazon Lex obscures slot values in conversation logs. Valid values are `DefaultObfuscation` and `None`. */ obfuscationSettingType: pulumi.Input; } export interface V2modelsSlotTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface V2modelsSlotTypeCompositeSlotTypeSetting { /** * Subslots in the composite slot. Contains filtered or unexported fields. See [`subSlotTypeComposition` argument reference] below. */ subSlots: pulumi.Input; } export interface V2modelsSlotTypeExternalSourceSetting { /** * Settings required for a slot type based on a grammar that you provide. See `grammarSlotTypeSetting` argument reference below. */ grammarSlotTypeSetting?: pulumi.Input; } export interface V2modelsSlotTypeExternalSourceSettingGrammarSlotTypeSetting { /** * Source of the grammar used to create the slot type. See `grammarSlotTypeSource` argument reference below. */ source?: pulumi.Input; } export interface V2modelsSlotTypeExternalSourceSettingGrammarSlotTypeSettingSource { kmsKeyArn: pulumi.Input; s3BucketName: pulumi.Input; s3ObjectKey: pulumi.Input; } export interface V2modelsSlotTypeSlotTypeValues { /** * List of SlotTypeValue objects that defines the values that the slot type can take. Each value can have a list of synonyms, additional values that help train the machine learning model about the values that it resolves for a slot. See `slotTypeValues` argument reference below. */ slotTypeValues: pulumi.Input; /** * Additional values related to the slot type entry. See `sampleValue` argument reference below. */ synonyms?: pulumi.Input[]>; } export interface V2modelsSlotTypeSlotTypeValuesSynonym { value: pulumi.Input; } export interface V2modelsSlotTypeTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface V2modelsSlotTypeValueSelectionSetting { /** * Provides settings that enable advanced recognition settings for slot values. You can use this to enable using slot values as a custom vocabulary for recognizing user utterances. See [`advancedRecognitionSetting` argument reference] below. */ advancedRecognitionSettings?: pulumi.Input[]>; /** * Used to validate the value of the slot. See [`regexFilter` argument reference] below. */ regexFilters?: pulumi.Input[]>; /** * Determines the slot resolution strategy that Amazon Lex uses to return slot type values. The field can be set to one of the following values: `ORIGINAL_VALUE` - Returns the value entered by the user, if the user value is similar to the slot value. `TOP_RESOLUTION` If there is a resolution list for the slot, return the first value in the resolution list as the slot type value. If there is no resolution list, null is returned. If you don't specify the valueSelectionStrategy , the default is `ORIGINAL_VALUE`. Valid values are `OriginalValue`, `TopResolution`, and `Concatenation`. */ resolutionStrategy: pulumi.Input; } export interface V2modelsSlotTypeValueSelectionSettingAdvancedRecognitionSetting { audioRecognitionSetting?: pulumi.Input; } export interface V2modelsSlotTypeValueSelectionSettingRegexFilter { pattern: pulumi.Input; } export interface V2modelsSlotValueElicitationSetting { defaultValueSpecifications?: pulumi.Input[]>; promptSpecification: pulumi.Input; sampleUtterances?: pulumi.Input[]>; slotConstraint: pulumi.Input; slotResolutionSettings?: pulumi.Input[]>; waitAndContinueSpecifications?: pulumi.Input[]>; } export interface V2modelsSlotValueElicitationSettingDefaultValueSpecification { defaultValueLists?: pulumi.Input[]>; } export interface V2modelsSlotValueElicitationSettingDefaultValueSpecificationDefaultValueList { defaultValue: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingPromptSpecification { allowInterrupt?: pulumi.Input; maxRetries: pulumi.Input; messageGroups?: pulumi.Input[]>; messageSelectionStrategy?: pulumi.Input; promptAttemptsSpecifications?: pulumi.Input[]>; } export interface V2modelsSlotValueElicitationSettingPromptSpecificationMessageGroup { message: pulumi.Input; variations?: pulumi.Input[]>; } export interface V2modelsSlotValueElicitationSettingPromptSpecificationMessageGroupMessage { customPayloads?: pulumi.Input[]>; imageResponseCard?: pulumi.Input; plainTextMessage?: pulumi.Input; ssmlMessage?: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingPromptSpecificationMessageGroupMessageCustomPayload { value: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingPromptSpecificationMessageGroupMessageImageResponseCard { buttons?: pulumi.Input[]>; imageUrl?: pulumi.Input; subtitle?: pulumi.Input; title: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingPromptSpecificationMessageGroupMessageImageResponseCardButton { text: pulumi.Input; value: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingPromptSpecificationMessageGroupMessagePlainTextMessage { value: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingPromptSpecificationMessageGroupMessageSsmlMessage { value: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingPromptSpecificationMessageGroupVariation { customPayloads?: pulumi.Input[]>; imageResponseCard?: pulumi.Input; plainTextMessage?: pulumi.Input; ssmlMessage?: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingPromptSpecificationMessageGroupVariationCustomPayload { value: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingPromptSpecificationMessageGroupVariationImageResponseCard { buttons?: pulumi.Input[]>; imageUrl?: pulumi.Input; subtitle?: pulumi.Input; title: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingPromptSpecificationMessageGroupVariationImageResponseCardButton { text: pulumi.Input; value: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingPromptSpecificationMessageGroupVariationPlainTextMessage { value: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingPromptSpecificationMessageGroupVariationSsmlMessage { value: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingPromptSpecificationPromptAttemptsSpecification { allowInterrupt?: pulumi.Input; allowedInputTypes: pulumi.Input; audioAndDtmfInputSpecification?: pulumi.Input; mapBlockKey: pulumi.Input; textInputSpecification?: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingPromptSpecificationPromptAttemptsSpecificationAllowedInputTypes { allowAudioInput: pulumi.Input; allowDtmfInput: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingPromptSpecificationPromptAttemptsSpecificationAudioAndDtmfInputSpecification { audioSpecification?: pulumi.Input; dtmfSpecification?: pulumi.Input; startTimeoutMs: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingPromptSpecificationPromptAttemptsSpecificationAudioAndDtmfInputSpecificationAudioSpecification { endTimeoutMs: pulumi.Input; maxLengthMs: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingPromptSpecificationPromptAttemptsSpecificationAudioAndDtmfInputSpecificationDtmfSpecification { deletionCharacter: pulumi.Input; endCharacter: pulumi.Input; endTimeoutMs: pulumi.Input; maxLength: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingPromptSpecificationPromptAttemptsSpecificationTextInputSpecification { startTimeoutMs: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingSampleUtterance { utterance: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingSlotResolutionSetting { slotResolutionStrategy: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecification { active?: pulumi.Input; continueResponses?: pulumi.Input[]>; stillWaitingResponses?: pulumi.Input[]>; waitingResponses?: pulumi.Input[]>; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationContinueResponse { allowInterrupt?: pulumi.Input; messageGroups?: pulumi.Input[]>; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationContinueResponseMessageGroup { message: pulumi.Input; variations?: pulumi.Input[]>; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationContinueResponseMessageGroupMessage { customPayloads?: pulumi.Input[]>; imageResponseCard?: pulumi.Input; plainTextMessage?: pulumi.Input; ssmlMessage?: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationContinueResponseMessageGroupMessageCustomPayload { value: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationContinueResponseMessageGroupMessageImageResponseCard { buttons?: pulumi.Input[]>; imageUrl?: pulumi.Input; subtitle?: pulumi.Input; title: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationContinueResponseMessageGroupMessageImageResponseCardButton { text: pulumi.Input; value: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationContinueResponseMessageGroupMessagePlainTextMessage { value: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationContinueResponseMessageGroupMessageSsmlMessage { value: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationContinueResponseMessageGroupVariation { customPayloads?: pulumi.Input[]>; imageResponseCard?: pulumi.Input; plainTextMessage?: pulumi.Input; ssmlMessage?: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationContinueResponseMessageGroupVariationCustomPayload { value: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationContinueResponseMessageGroupVariationImageResponseCard { buttons?: pulumi.Input[]>; imageUrl?: pulumi.Input; subtitle?: pulumi.Input; title: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationContinueResponseMessageGroupVariationImageResponseCardButton { text: pulumi.Input; value: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationContinueResponseMessageGroupVariationPlainTextMessage { value: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationContinueResponseMessageGroupVariationSsmlMessage { value: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationStillWaitingResponse { allowInterrupt?: pulumi.Input; frequencyInSeconds: pulumi.Input; messageGroups?: pulumi.Input[]>; timeoutInSeconds: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationStillWaitingResponseMessageGroup { message: pulumi.Input; variations?: pulumi.Input[]>; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationStillWaitingResponseMessageGroupMessage { customPayloads?: pulumi.Input[]>; imageResponseCard?: pulumi.Input; plainTextMessage?: pulumi.Input; ssmlMessage?: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationStillWaitingResponseMessageGroupMessageCustomPayload { value: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationStillWaitingResponseMessageGroupMessageImageResponseCard { buttons?: pulumi.Input[]>; imageUrl?: pulumi.Input; subtitle?: pulumi.Input; title: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationStillWaitingResponseMessageGroupMessageImageResponseCardButton { text: pulumi.Input; value: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationStillWaitingResponseMessageGroupMessagePlainTextMessage { value: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationStillWaitingResponseMessageGroupMessageSsmlMessage { value: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationStillWaitingResponseMessageGroupVariation { customPayloads?: pulumi.Input[]>; imageResponseCard?: pulumi.Input; plainTextMessage?: pulumi.Input; ssmlMessage?: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationStillWaitingResponseMessageGroupVariationCustomPayload { value: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationStillWaitingResponseMessageGroupVariationImageResponseCard { buttons?: pulumi.Input[]>; imageUrl?: pulumi.Input; subtitle?: pulumi.Input; title: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationStillWaitingResponseMessageGroupVariationImageResponseCardButton { text: pulumi.Input; value: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationStillWaitingResponseMessageGroupVariationPlainTextMessage { value: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationStillWaitingResponseMessageGroupVariationSsmlMessage { value: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationWaitingResponse { allowInterrupt?: pulumi.Input; messageGroups?: pulumi.Input[]>; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationWaitingResponseMessageGroup { message: pulumi.Input; variations?: pulumi.Input[]>; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationWaitingResponseMessageGroupMessage { customPayloads?: pulumi.Input[]>; imageResponseCard?: pulumi.Input; plainTextMessage?: pulumi.Input; ssmlMessage?: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationWaitingResponseMessageGroupMessageCustomPayload { value: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationWaitingResponseMessageGroupMessageImageResponseCard { buttons?: pulumi.Input[]>; imageUrl?: pulumi.Input; subtitle?: pulumi.Input; title: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationWaitingResponseMessageGroupMessageImageResponseCardButton { text: pulumi.Input; value: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationWaitingResponseMessageGroupMessagePlainTextMessage { value: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationWaitingResponseMessageGroupMessageSsmlMessage { value: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationWaitingResponseMessageGroupVariation { customPayloads?: pulumi.Input[]>; imageResponseCard?: pulumi.Input; plainTextMessage?: pulumi.Input; ssmlMessage?: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationWaitingResponseMessageGroupVariationCustomPayload { value: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationWaitingResponseMessageGroupVariationImageResponseCard { buttons?: pulumi.Input[]>; imageUrl?: pulumi.Input; subtitle?: pulumi.Input; title: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationWaitingResponseMessageGroupVariationImageResponseCardButton { text: pulumi.Input; value: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationWaitingResponseMessageGroupVariationPlainTextMessage { value: pulumi.Input; } export interface V2modelsSlotValueElicitationSettingWaitAndContinueSpecificationWaitingResponseMessageGroupVariationSsmlMessage { value: pulumi.Input; } } export namespace licensemanager { export interface GetLicenseGrantsFilter { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/license-manager/latest/APIReference/API_ListReceivedGrants.html#API_ListReceivedGrants_RequestSyntax). * For example, if filtering using `ProductSKU`, use: * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * const selected = aws.licensemanager.getLicenseGrants({ * filters: [{ * name: "ProductSKU", * values: [""], * }], * }); * ``` */ name: string; /** * Set of values that are accepted for the given field. */ values: string[]; } export interface GetLicenseGrantsFilterArgs { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/license-manager/latest/APIReference/API_ListReceivedGrants.html#API_ListReceivedGrants_RequestSyntax). * For example, if filtering using `ProductSKU`, use: * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * const selected = aws.licensemanager.getLicenseGrants({ * filters: [{ * name: "ProductSKU", * values: [""], * }], * }); * ``` */ name: pulumi.Input; /** * Set of values that are accepted for the given field. */ values: pulumi.Input[]>; } export interface GetReceivedLicensesFilter { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/license-manager/latest/APIReference/API_ListReceivedLicenses.html#API_ListReceivedLicenses_RequestSyntax). * For example, if filtering using `ProductSKU`, use: * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * const selected = aws.licensemanager.getReceivedLicenses({ * filters: [{ * name: "ProductSKU", * values: [""], * }], * }); * ``` */ name: string; /** * Set of values that are accepted for the given field. */ values: string[]; } export interface GetReceivedLicensesFilterArgs { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/license-manager/latest/APIReference/API_ListReceivedLicenses.html#API_ListReceivedLicenses_RequestSyntax). * For example, if filtering using `ProductSKU`, use: * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * const selected = aws.licensemanager.getReceivedLicenses({ * filters: [{ * name: "ProductSKU", * values: [""], * }], * }); * ``` */ name: pulumi.Input; /** * Set of values that are accepted for the given field. */ values: pulumi.Input[]>; } } export namespace lightsail { export interface CertificateDomainValidationOption { /** * A domain name for which the certificate should be issued. */ domainName?: pulumi.Input; resourceRecordName?: pulumi.Input; resourceRecordType?: pulumi.Input; resourceRecordValue?: pulumi.Input; } export interface ContainerServiceDeploymentVersionContainer { /** * The launch command for the container. A list of string. */ commands?: pulumi.Input[]>; /** * The name for the container. */ containerName: pulumi.Input; /** * A key-value map of the environment variables of the container. */ environment?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * The name of the image used for the container. Container images sourced from your Lightsail container service, that are registered and stored on your service, start with a colon (`:`). For example, `:container-service-1.mystaticwebsite.1`. Container images sourced from a public registry like Docker Hub don't start with a colon. For example, `nginx:latest` or `nginx`. */ image: pulumi.Input; /** * A key-value map of the open firewall ports of the container. Valid values: `HTTP`, `HTTPS`, `TCP`, `UDP`. */ ports?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface ContainerServiceDeploymentVersionPublicEndpoint { /** * The name of the container for the endpoint. */ containerName: pulumi.Input; /** * The port of the container to which traffic is forwarded to. */ containerPort: pulumi.Input; /** * A configuration block that describes the health check configuration of the container. Detailed below. */ healthCheck: pulumi.Input; } export interface ContainerServiceDeploymentVersionPublicEndpointHealthCheck { /** * The number of consecutive health checks successes required before moving the container to the Healthy state. Defaults to 2. */ healthyThreshold?: pulumi.Input; /** * The approximate interval, in seconds, between health checks of an individual container. You can specify between 5 and 300 seconds. Defaults to 5. */ intervalSeconds?: pulumi.Input; /** * The path on the container on which to perform the health check. Defaults to "/". */ path?: pulumi.Input; /** * The HTTP codes to use when checking for a successful response from a container. You can specify values between 200 and 499. Defaults to "200-499". */ successCodes?: pulumi.Input; /** * The amount of time, in seconds, during which no response means a failed health check. You can specify between 2 and 60 seconds. Defaults to 2. */ timeoutSeconds?: pulumi.Input; /** * The number of consecutive health checks failures required before moving the container to the Unhealthy state. Defaults to 2. */ unhealthyThreshold?: pulumi.Input; } export interface ContainerServicePrivateRegistryAccess { /** * Describes a request to configure an Amazon Lightsail container service to access private container image repositories, such as Amazon Elastic Container Registry (Amazon ECR) private repositories. See ECR Image Puller Role below for more details. */ ecrImagePullerRole?: pulumi.Input; } export interface ContainerServicePrivateRegistryAccessEcrImagePullerRole { /** * A Boolean value that indicates whether to activate the role. The default is `false`. */ isActive?: pulumi.Input; /** * The principal ARN of the container service. The principal ARN can be used to create a trust * relationship between your standard AWS account and your Lightsail container service. This allows you to give your * service permission to access resources in your standard AWS account. */ principalArn?: pulumi.Input; } export interface ContainerServicePublicDomainNames { certificates: pulumi.Input[]>; } export interface ContainerServicePublicDomainNamesCertificate { certificateName: pulumi.Input; domainNames: pulumi.Input[]>; } export interface DistributionCacheBehavior { /** * The cache behavior for the specified path. */ behavior: pulumi.Input; /** * The path to a directory or file to cached, or not cache. Use an asterisk symbol to specify wildcard directories (path/to/assets/\*), and file types (\*.html, \*jpg, \*js). Directories and file paths are case-sensitive. */ path: pulumi.Input; } export interface DistributionCacheBehaviorSettings { /** * The HTTP methods that are processed and forwarded to the distribution's origin. */ allowedHttpMethods?: pulumi.Input; /** * The HTTP method responses that are cached by your distribution. */ cachedHttpMethods?: pulumi.Input; /** * The default amount of time that objects stay in the distribution's cache before the distribution forwards another request to the origin to determine whether the content has been updated. */ defaultTtl?: pulumi.Input; /** * An object that describes the cookies that are forwarded to the origin. Your content is cached based on the cookies that are forwarded. Detailed below */ forwardedCookies?: pulumi.Input; /** * An object that describes the headers that are forwarded to the origin. Your content is cached based on the headers that are forwarded. Detailed below */ forwardedHeaders?: pulumi.Input; /** * An object that describes the query strings that are forwarded to the origin. Your content is cached based on the query strings that are forwarded. Detailed below */ forwardedQueryStrings?: pulumi.Input; /** * The maximum amount of time that objects stay in the distribution's cache before the distribution forwards another request to the origin to determine whether the object has been updated. */ maximumTtl?: pulumi.Input; /** * The minimum amount of time that objects stay in the distribution's cache before the distribution forwards another request to the origin to determine whether the object has been updated. */ minimumTtl?: pulumi.Input; } export interface DistributionCacheBehaviorSettingsForwardedCookies { /** * The specific cookies to forward to your distribution's origin. */ cookiesAllowLists?: pulumi.Input[]>; /** * Specifies which cookies to forward to the distribution's origin for a cache behavior: all, none, or allow-list to forward only the cookies specified in the cookiesAllowList parameter. */ option?: pulumi.Input; } export interface DistributionCacheBehaviorSettingsForwardedHeaders { /** * The specific headers to forward to your distribution's origin. */ headersAllowLists?: pulumi.Input[]>; /** * The headers that you want your distribution to forward to your origin and base caching on. */ option?: pulumi.Input; } export interface DistributionCacheBehaviorSettingsForwardedQueryStrings { /** * Indicates whether the distribution forwards and caches based on query strings. */ option?: pulumi.Input; /** * The specific query strings that the distribution forwards to the origin. */ queryStringsAllowedLists?: pulumi.Input[]>; } export interface DistributionDefaultCacheBehavior { /** * The cache behavior of the distribution. Valid values: `cache` and `dont-cache`. */ behavior: pulumi.Input; } export interface DistributionLocation { /** * The Availability Zone. Follows the format us-east-2a (case-sensitive). */ availabilityZone: pulumi.Input; /** * The AWS Region name. */ regionName: pulumi.Input; } export interface DistributionOrigin { /** * The name of the origin resource. Your origin can be an instance with an attached static IP, a bucket, or a load balancer that has at least one instance attached to it. */ name: pulumi.Input; /** * The protocol that your Amazon Lightsail distribution uses when establishing a connection with your origin to pull content. */ protocolPolicy?: pulumi.Input; /** * The AWS Region name of the origin resource. */ regionName: pulumi.Input; /** * The resource type of the origin resource (e.g., Instance). */ resourceType?: pulumi.Input; } export interface InstanceAddOn { /** * The daily time when an automatic snapshot will be created. Must be in HH:00 format, and in an hourly increment and specified in Coordinated Universal Time (UTC). The snapshot will be automatically created between the time specified and up to 45 minutes after. */ snapshotTime: pulumi.Input; /** * The status of the add on. Valid Values: `Enabled`, `Disabled`. */ status: pulumi.Input; /** * The add-on type. There is currently only one valid type `AutoSnapshot`. */ type: pulumi.Input; } export interface InstancePublicPortsPortInfo { /** * Set of CIDR aliases that define access for a preconfigured range of IP addresses. */ cidrListAliases?: pulumi.Input[]>; /** * Set of CIDR blocks. */ cidrs?: pulumi.Input[]>; /** * First port in a range of open ports on an instance. */ fromPort: pulumi.Input; ipv6Cidrs?: pulumi.Input[]>; /** * IP protocol name. Valid values are `tcp`, `all`, `udp`, and `icmp`. */ protocol: pulumi.Input; /** * Last port in a range of open ports on an instance. * * The following arguments are optional: */ toPort: pulumi.Input; } export interface LbCertificateDomainValidationRecord { /** * The domain name (e.g., example.com) for your SSL/TLS certificate. */ domainName?: pulumi.Input; resourceRecordName?: pulumi.Input; resourceRecordType?: pulumi.Input; resourceRecordValue?: pulumi.Input; } } export namespace location { export interface MapConfiguration { /** * Specifies the map style selected from an available data provider. Valid values can be found in the [Location Service CreateMap API Reference](https://docs.aws.amazon.com/location/latest/APIReference/API_CreateMap.html). */ style: pulumi.Input; } export interface PlaceIndexDataSourceConfiguration { /** * Specifies how the results of an operation will be stored by the caller. Valid values: `SingleUse`, `Storage`. Default: `SingleUse`. */ intendedUse?: pulumi.Input; } } export namespace m2 { export interface ApplicationDefinition { /** * JSON application definition. Either this or `s3Location` must be specified. */ content?: pulumi.Input; /** * Location of the application definition in S3. Either this or `content` must be specified. */ s3Location?: pulumi.Input; } export interface ApplicationTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface DeploymentTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface EnvironmentHighAvailabilityConfig { /** * Desired number of instances for the Environment. */ desiredCapacity: pulumi.Input; } export interface EnvironmentStorageConfiguration { efs?: pulumi.Input; fsx?: pulumi.Input; } export interface EnvironmentStorageConfigurationEfs { /** * Id of the EFS filesystem to mount. */ fileSystemId: pulumi.Input; /** * Path to mount the filesystem on, must start with `/m2/mount/`. */ mountPoint: pulumi.Input; } export interface EnvironmentStorageConfigurationFsx { /** * Id of the FSX filesystem to mount. */ fileSystemId: pulumi.Input; /** * Path to mount the filesystem on, must start with `/m2/mount/`. */ mountPoint: pulumi.Input; } export interface EnvironmentTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } } export namespace macie { export interface FindingsFilterFindingCriteria { /** * A condition that specifies the property, operator, and one or more values to use to filter the results. (documented below) */ criterions?: pulumi.Input[]>; } export interface FindingsFilterFindingCriteriaCriterion { /** * The value for the property exclusively matches (equals an exact match for) all the specified values. If you specify multiple values, Amazon Macie uses AND logic to join the values. */ eqExactMatches?: pulumi.Input[]>; /** * The value for the property matches (equals) the specified value. If you specify multiple values, Amazon Macie uses OR logic to join the values. */ eqs?: pulumi.Input[]>; /** * The name of the field to be evaluated. */ field: pulumi.Input; /** * The value for the property is greater than the specified value. */ gt?: pulumi.Input; /** * The value for the property is greater than or equal to the specified value. */ gte?: pulumi.Input; /** * The value for the property is less than the specified value. */ lt?: pulumi.Input; /** * The value for the property is less than or equal to the specified value. */ lte?: pulumi.Input; /** * The value for the property doesn't match (doesn't equal) the specified value. If you specify multiple values, Amazon Macie uses OR logic to join the values. */ neqs?: pulumi.Input[]>; } } export namespace macie2 { export interface ClassificationExportConfigurationS3Destination { /** * The Amazon S3 bucket name in which Amazon Macie exports the data classification results. */ bucketName: pulumi.Input; /** * The object key for the bucket in which Amazon Macie exports the data classification results. */ keyPrefix?: pulumi.Input; /** * Amazon Resource Name (ARN) of the KMS key to be used to encrypt the data. * * Additional information can be found in the [Storing and retaining sensitive data discovery results with Amazon Macie for AWS Macie documentation](https://docs.aws.amazon.com/macie/latest/user/discovery-results-repository-s3.html). */ kmsKeyArn: pulumi.Input; } export interface ClassificationJobS3JobDefinition { /** * The property- and tag-based conditions that determine which S3 buckets to include or exclude from the analysis. Conflicts with `bucketDefinitions`. (documented below) */ bucketCriteria?: pulumi.Input; /** * An array of objects, one for each AWS account that owns buckets to analyze. Each object specifies the account ID for an account and one or more buckets to analyze for the account. Conflicts with `bucketCriteria`. (documented below) */ bucketDefinitions?: pulumi.Input[]>; /** * The property- and tag-based conditions that determine which objects to include or exclude from the analysis. (documented below) */ scoping?: pulumi.Input; } export interface ClassificationJobS3JobDefinitionBucketCriteria { /** * The property- or tag-based conditions that determine which S3 buckets to exclude from the analysis. (documented below) */ excludes?: pulumi.Input; /** * The property- or tag-based conditions that determine which S3 buckets to include in the analysis. (documented below) */ includes?: pulumi.Input; } export interface ClassificationJobS3JobDefinitionBucketCriteriaExcludes { /** * An array of conditions, one for each condition that determines which objects to include or exclude from the job. (documented below) */ ands?: pulumi.Input[]>; } export interface ClassificationJobS3JobDefinitionBucketCriteriaExcludesAnd { /** * A property-based condition that defines a property, operator, and one or more values for including or excluding an S3 buckets from the job. (documented below) */ simpleCriterion?: pulumi.Input; /** * A tag-based condition that defines the operator and tag keys or tag key and value pairs for including or excluding an S3 buckets from the job. (documented below) */ tagCriterion?: pulumi.Input; } export interface ClassificationJobS3JobDefinitionBucketCriteriaExcludesAndSimpleCriterion { /** * The operator to use in a condition. Valid combination of values are available in the [AWS Documentation](https://docs.aws.amazon.com/macie/latest/APIReference/jobs.html#jobs-model-jobcomparator) */ comparator?: pulumi.Input; /** * The object property to use in the condition. Valid combination of values are available in the [AWS Documentation](https://docs.aws.amazon.com/macie/latest/APIReference/jobs.html#jobs-model-simplecriterionkeyforjob) */ key?: pulumi.Input; /** * An array that lists the values to use in the condition. Valid combination of values are available in the [AWS Documentation](https://docs.aws.amazon.com/macie/latest/APIReference/jobs.html#jobs-model-simplecriterionforjob) */ values?: pulumi.Input[]>; } export interface ClassificationJobS3JobDefinitionBucketCriteriaExcludesAndTagCriterion { /** * The operator to use in the condition. Valid combination and values are available in the [AWS Documentation](https://docs.aws.amazon.com/macie/latest/APIReference/jobs.html#jobs-model-jobcomparator) */ comparator?: pulumi.Input; /** * The tag key and value pairs to use in the condition. One or more blocks are allowed. (documented below) */ tagValues?: pulumi.Input[]>; } export interface ClassificationJobS3JobDefinitionBucketCriteriaExcludesAndTagCriterionTagValue { /** * The tag key. */ key?: pulumi.Input; /** * The tag value. */ value?: pulumi.Input; } export interface ClassificationJobS3JobDefinitionBucketCriteriaIncludes { /** * An array of conditions, one for each condition that determines which objects to include or exclude from the job. (documented below) */ ands?: pulumi.Input[]>; } export interface ClassificationJobS3JobDefinitionBucketCriteriaIncludesAnd { /** * A property-based condition that defines a property, operator, and one or more values for including or excluding an S3 buckets from the job. (documented below) */ simpleCriterion?: pulumi.Input; /** * A tag-based condition that defines the operator and tag keys or tag key and value pairs for including or excluding an S3 buckets from the job. (documented below) */ tagCriterion?: pulumi.Input; } export interface ClassificationJobS3JobDefinitionBucketCriteriaIncludesAndSimpleCriterion { /** * The operator to use in a condition. Valid combination of values are available in the [AWS Documentation](https://docs.aws.amazon.com/macie/latest/APIReference/jobs.html#jobs-model-jobcomparator) */ comparator?: pulumi.Input; /** * The object property to use in the condition. Valid combination of values are available in the [AWS Documentation](https://docs.aws.amazon.com/macie/latest/APIReference/jobs.html#jobs-model-simplecriterionkeyforjob) */ key?: pulumi.Input; /** * An array that lists the values to use in the condition. Valid combination of values are available in the [AWS Documentation](https://docs.aws.amazon.com/macie/latest/APIReference/jobs.html#jobs-model-simplecriterionforjob) */ values?: pulumi.Input[]>; } export interface ClassificationJobS3JobDefinitionBucketCriteriaIncludesAndTagCriterion { /** * The operator to use in the condition. Valid combination and values are available in the [AWS Documentation](https://docs.aws.amazon.com/macie/latest/APIReference/jobs.html#jobs-model-jobcomparator) */ comparator?: pulumi.Input; /** * The tag key and value pairs to use in the condition. One or more blocks are allowed. (documented below) */ tagValues?: pulumi.Input[]>; } export interface ClassificationJobS3JobDefinitionBucketCriteriaIncludesAndTagCriterionTagValue { /** * The tag key. */ key?: pulumi.Input; /** * The tag value. */ value?: pulumi.Input; } export interface ClassificationJobS3JobDefinitionBucketDefinition { /** * The unique identifier for the AWS account that owns the buckets. */ accountId: pulumi.Input; /** * An array that lists the names of the buckets. */ buckets: pulumi.Input[]>; } export interface ClassificationJobS3JobDefinitionScoping { /** * The property- or tag-based conditions that determine which objects to exclude from the analysis. (documented below) */ excludes?: pulumi.Input; /** * The property- or tag-based conditions that determine which objects to include in the analysis. (documented below) */ includes?: pulumi.Input; } export interface ClassificationJobS3JobDefinitionScopingExcludes { /** * An array of conditions, one for each condition that determines which objects to include or exclude from the job. (documented below) */ ands?: pulumi.Input[]>; } export interface ClassificationJobS3JobDefinitionScopingExcludesAnd { /** * A property-based condition that defines a property, operator, and one or more values for including or excluding an object from the job. (documented below) */ simpleScopeTerm?: pulumi.Input; /** * A tag-based condition that defines the operator and tag keys or tag key and value pairs for including or excluding an object from the job. (documented below) */ tagScopeTerm?: pulumi.Input; } export interface ClassificationJobS3JobDefinitionScopingExcludesAndSimpleScopeTerm { /** * The operator to use in a condition. Valid values are: `EQ`, `GT`, `GTE`, `LT`, `LTE`, `NE`, `CONTAINS`, `STARTS_WITH` */ comparator?: pulumi.Input; /** * The object property to use in the condition. */ key?: pulumi.Input; /** * An array that lists the values to use in the condition. */ values?: pulumi.Input[]>; } export interface ClassificationJobS3JobDefinitionScopingExcludesAndTagScopeTerm { /** * The operator to use in the condition. */ comparator?: pulumi.Input; /** * The tag key to use in the condition. The only valid value is `TAG`. */ key?: pulumi.Input; /** * The tag keys or tag key and value pairs to use in the condition. */ tagValues?: pulumi.Input[]>; /** * The type of object to apply the condition to. The only valid value is `S3_OBJECT`. */ target?: pulumi.Input; } export interface ClassificationJobS3JobDefinitionScopingExcludesAndTagScopeTermTagValue { /** * The tag key. */ key?: pulumi.Input; /** * The tag value. */ value?: pulumi.Input; } export interface ClassificationJobS3JobDefinitionScopingIncludes { /** * An array of conditions, one for each condition that determines which objects to include or exclude from the job. (documented below) */ ands?: pulumi.Input[]>; } export interface ClassificationJobS3JobDefinitionScopingIncludesAnd { /** * A property-based condition that defines a property, operator, and one or more values for including or excluding an object from the job. (documented below) */ simpleScopeTerm?: pulumi.Input; /** * A tag-based condition that defines the operator and tag keys or tag key and value pairs for including or excluding an object from the job. (documented below) */ tagScopeTerm?: pulumi.Input; } export interface ClassificationJobS3JobDefinitionScopingIncludesAndSimpleScopeTerm { /** * The operator to use in a condition. Valid values are: `EQ`, `GT`, `GTE`, `LT`, `LTE`, `NE`, `CONTAINS`, `STARTS_WITH` */ comparator?: pulumi.Input; /** * The object property to use in the condition. */ key?: pulumi.Input; /** * An array that lists the values to use in the condition. */ values?: pulumi.Input[]>; } export interface ClassificationJobS3JobDefinitionScopingIncludesAndTagScopeTerm { /** * The operator to use in the condition. */ comparator?: pulumi.Input; /** * The tag key to use in the condition. The only valid value is `TAG`. */ key?: pulumi.Input; /** * The tag keys or tag key and value pairs to use in the condition. */ tagValues?: pulumi.Input[]>; /** * The type of object to apply the condition to. The only valid value is `S3_OBJECT`. */ target?: pulumi.Input; } export interface ClassificationJobS3JobDefinitionScopingIncludesAndTagScopeTermTagValue { /** * The tag key. */ key?: pulumi.Input; /** * The tag value. */ value?: pulumi.Input; } export interface ClassificationJobScheduleFrequency { /** * Specifies a daily recurrence pattern for running the job. */ dailySchedule?: pulumi.Input; /** * Specifies a monthly recurrence pattern for running the job. */ monthlySchedule?: pulumi.Input; /** * Specifies a weekly recurrence pattern for running the job. */ weeklySchedule?: pulumi.Input; } export interface ClassificationJobUserPausedDetail { jobExpiresAt?: pulumi.Input; jobImminentExpirationHealthEventArn?: pulumi.Input; jobPausedAt?: pulumi.Input; } } export namespace mediaconvert { export interface QueueReservationPlanSettings { /** * The length of the term of your reserved queue pricing plan commitment. Valid value is `ONE_YEAR`. */ commitment: pulumi.Input; /** * Specifies whether the term of your reserved queue pricing plan. Valid values are `AUTO_RENEW` or `EXPIRE`. */ renewalType: pulumi.Input; /** * Specifies the number of reserved transcode slots (RTS) for queue. */ reservedSlots: pulumi.Input; } } export namespace medialive { export interface ChannelCdiInputSpecification { /** * Maximum CDI input resolution. */ resolution: pulumi.Input; } export interface ChannelDestination { /** * User-specified id. Ths is used in an output group or an output. */ id: pulumi.Input; /** * Destination settings for a MediaPackage output; one destination for both encoders. See Media Package Settings for more details. */ mediaPackageSettings?: pulumi.Input[]>; /** * Destination settings for a Multiplex output; one destination for both encoders. See Multiplex Settings for more details. */ multiplexSettings?: pulumi.Input; /** * Destination settings for a standard output; one destination for each redundant encoder. See Settings for more details. */ settings?: pulumi.Input[]>; } export interface ChannelDestinationMediaPackageSetting { /** * ID of the channel in MediaPackage that is the destination for this output group. */ channelId: pulumi.Input; } export interface ChannelDestinationMultiplexSettings { /** * The ID of the Multiplex that the encoder is providing output to. */ multiplexId: pulumi.Input; /** * The program name of the Multiplex program that the encoder is providing output to. */ programName: pulumi.Input; } export interface ChannelDestinationSetting { /** * Key used to extract the password from EC2 Parameter store. */ passwordParam?: pulumi.Input; /** * Stream name RTMP destinations (URLs of type rtmp://) */ streamName?: pulumi.Input; /** * A URL specifying a destination. */ url?: pulumi.Input; /** * Username for destination. */ username?: pulumi.Input; } export interface ChannelEncoderSettings { /** * Audio descriptions for the channel. See Audio Descriptions for more details. */ audioDescriptions?: pulumi.Input[]>; /** * Settings for ad avail blanking. See Avail Blanking for more details. */ availBlanking?: pulumi.Input; /** * Caption Descriptions. See Caption Descriptions for more details. */ captionDescriptions?: pulumi.Input[]>; /** * Configuration settings that apply to the event as a whole. See Global Configuration for more details. */ globalConfiguration?: pulumi.Input; /** * Settings for motion graphics. See Motion Graphics Configuration for more details. */ motionGraphicsConfiguration?: pulumi.Input; /** * Nielsen configuration settings. See Nielsen Configuration for more details. */ nielsenConfiguration?: pulumi.Input; /** * Output groups for the channel. See Output Groups for more details. */ outputGroups: pulumi.Input[]>; /** * Contains settings used to acquire and adjust timecode information from inputs. See Timecode Config for more details. */ timecodeConfig: pulumi.Input; /** * Video Descriptions. See Video Descriptions for more details. */ videoDescriptions?: pulumi.Input[]>; } export interface ChannelEncoderSettingsAudioDescription { /** * Advanced audio normalization settings. See Audio Normalization Settings for more details. */ audioNormalizationSettings?: pulumi.Input; /** * The name of the audio selector used as the source for this AudioDescription. */ audioSelectorName: pulumi.Input; /** * Applies only if audioTypeControl is useConfigured. The values for audioType are defined in ISO-IEC 13818-1. */ audioType?: pulumi.Input; /** * Determined how audio type is determined. */ audioTypeControl?: pulumi.Input; /** * Settings to configure one or more solutions that insert audio watermarks in the audio encode. See Audio Watermark Settings for more details. */ audioWatermarkSettings?: pulumi.Input; /** * Audio codec settings. See Audio Codec Settings for more details. */ codecSettings?: pulumi.Input; languageCode?: pulumi.Input; languageCodeControl?: pulumi.Input; /** * The name of this audio description. */ name: pulumi.Input; remixSettings?: pulumi.Input; streamName?: pulumi.Input; } export interface ChannelEncoderSettingsAudioDescriptionAudioNormalizationSettings { /** * Audio normalization algorithm to use. itu17701 conforms to the CALM Act specification, itu17702 to the EBU R-128 specification. */ algorithm?: pulumi.Input; /** * Algorithm control for the audio description. */ algorithmControl?: pulumi.Input; /** * Target LKFS (loudness) to adjust volume to. */ targetLkfs?: pulumi.Input; } export interface ChannelEncoderSettingsAudioDescriptionAudioWatermarkSettings { nielsenWatermarksSettings?: pulumi.Input; } export interface ChannelEncoderSettingsAudioDescriptionAudioWatermarkSettingsNielsenWatermarksSettings { nielsenCbetSettings?: pulumi.Input; nielsenDistributionType?: pulumi.Input; nielsenNaesIiNwSettings?: pulumi.Input[]>; } export interface ChannelEncoderSettingsAudioDescriptionAudioWatermarkSettingsNielsenWatermarksSettingsNielsenCbetSettings { cbetCheckDigitString: pulumi.Input; /** * Determines the method of CBET insertion mode when prior encoding is detected on the same layer. */ cbetStepaside: pulumi.Input; /** * CBET source ID to use in the watermark. */ csid: pulumi.Input; } export interface ChannelEncoderSettingsAudioDescriptionAudioWatermarkSettingsNielsenWatermarksSettingsNielsenNaesIiNwSetting { checkDigitString: pulumi.Input; /** * The Nielsen Source ID to include in the watermark. */ sid: pulumi.Input; } export interface ChannelEncoderSettingsAudioDescriptionCodecSettings { aacSettings?: pulumi.Input; ac3Settings?: pulumi.Input; eac3AtmosSettings?: pulumi.Input; eac3Settings?: pulumi.Input; mp2Settings?: pulumi.Input; passThroughSettings?: pulumi.Input; wavSettings?: pulumi.Input; } export interface ChannelEncoderSettingsAudioDescriptionCodecSettingsAacSettings { /** * Average bitrate in bits/second. */ bitrate?: pulumi.Input; /** * Mono, Stereo, or 5.1 channel layout. */ codingMode?: pulumi.Input; /** * Set to "broadcasterMixedAd" when input contains pre-mixed main audio + AD (narration) as a stereo pair. */ inputType?: pulumi.Input; /** * AAC profile. */ profile?: pulumi.Input; /** * The rate control mode. */ rateControlMode?: pulumi.Input; /** * Sets LATM/LOAS AAC output for raw containers. */ rawFormat?: pulumi.Input; /** * Sample rate in Hz. */ sampleRate?: pulumi.Input; /** * Use MPEG-2 AAC audio instead of MPEG-4 AAC audio for raw or MPEG-2 Transport Stream containers. */ spec?: pulumi.Input; /** * VBR Quality Level - Only used if rateControlMode is VBR. */ vbrQuality?: pulumi.Input; } export interface ChannelEncoderSettingsAudioDescriptionCodecSettingsAc3Settings { /** * Average bitrate in bits/second. */ bitrate?: pulumi.Input; /** * Specifies the bitstream mode (bsmod) for the emitted AC-3 stream. */ bitstreamMode?: pulumi.Input; /** * Dolby Digital coding mode. */ codingMode?: pulumi.Input; /** * Sets the dialnorm of the output. */ dialnorm?: pulumi.Input; /** * If set to filmStandard, adds dynamic range compression signaling to the output bitstream as defined in the Dolby Digital specification. */ drcProfile?: pulumi.Input; /** * When set to enabled, applies a 120Hz lowpass filter to the LFE channel prior to encoding. */ lfeFilter?: pulumi.Input; /** * Metadata control. */ metadataControl?: pulumi.Input; } export interface ChannelEncoderSettingsAudioDescriptionCodecSettingsEac3AtmosSettings { /** * Average bitrate in bits/second. */ bitrate?: pulumi.Input; /** * Dolby Digital Plus with Dolby Atmos coding mode. */ codingMode?: pulumi.Input; /** * Sets the dialnorm for the output. */ dialnorm?: pulumi.Input; /** * Sets the Dolby dynamic range compression profile. */ drcLine?: pulumi.Input; /** * Sets the profile for heavy Dolby dynamic range compression. */ drcRf?: pulumi.Input; /** * Height dimensional trim. */ heightTrim?: pulumi.Input; /** * Surround dimensional trim. */ surroundTrim?: pulumi.Input; } export interface ChannelEncoderSettingsAudioDescriptionCodecSettingsEac3Settings { /** * Sets the attenuation control. */ attenuationControl?: pulumi.Input; /** * Average bitrate in bits/second. */ bitrate?: pulumi.Input; /** * Specifies the bitstream mode (bsmod) for the emitted AC-3 stream. */ bitstreamMode?: pulumi.Input; /** * Dolby Digital Plus coding mode. */ codingMode?: pulumi.Input; dcFilter?: pulumi.Input; dialnorm?: pulumi.Input; drcLine?: pulumi.Input; drcRf?: pulumi.Input; lfeControl?: pulumi.Input; lfeFilter?: pulumi.Input; loRoCenterMixLevel?: pulumi.Input; loRoSurroundMixLevel?: pulumi.Input; ltRtCenterMixLevel?: pulumi.Input; ltRtSurroundMixLevel?: pulumi.Input; metadataControl?: pulumi.Input; passthroughControl?: pulumi.Input; phaseControl?: pulumi.Input; stereoDownmix?: pulumi.Input; surroundExMode?: pulumi.Input; surroundMode?: pulumi.Input; } export interface ChannelEncoderSettingsAudioDescriptionCodecSettingsMp2Settings { bitrate?: pulumi.Input; codingMode?: pulumi.Input; sampleRate?: pulumi.Input; } export interface ChannelEncoderSettingsAudioDescriptionCodecSettingsPassThroughSettings { } export interface ChannelEncoderSettingsAudioDescriptionCodecSettingsWavSettings { bitDepth?: pulumi.Input; codingMode?: pulumi.Input; sampleRate?: pulumi.Input; } export interface ChannelEncoderSettingsAudioDescriptionRemixSettings { channelMappings: pulumi.Input[]>; channelsIn?: pulumi.Input; channelsOut?: pulumi.Input; } export interface ChannelEncoderSettingsAudioDescriptionRemixSettingsChannelMapping { inputChannelLevels: pulumi.Input[]>; outputChannel: pulumi.Input; } export interface ChannelEncoderSettingsAudioDescriptionRemixSettingsChannelMappingInputChannelLevel { gain: pulumi.Input; inputChannel: pulumi.Input; } export interface ChannelEncoderSettingsAvailBlanking { /** * Blanking image to be used. See Avail Blanking Image for more details. */ availBlankingImage?: pulumi.Input; /** * When set to enabled, causes video, audio and captions to be blanked when insertion metadata is added. */ state?: pulumi.Input; } export interface ChannelEncoderSettingsAvailBlankingAvailBlankingImage { /** * Key used to extract the password from EC2 Parameter store. */ passwordParam?: pulumi.Input; /** * Path to a file accessible to the live stream. */ uri: pulumi.Input; /** * . Username to be used. */ username?: pulumi.Input; } export interface ChannelEncoderSettingsCaptionDescription { /** * Indicates whether the caption track implements accessibility features such as written descriptions of spoken dialog, music, and sounds. */ accessibility?: pulumi.Input; /** * Specifies which input caption selector to use as a caption source when generating output captions. This field should match a captionSelector name. */ captionSelectorName: pulumi.Input; /** * Additional settings for captions destination that depend on the destination type. See Destination Settings for more details. */ destinationSettings?: pulumi.Input; /** * ISO 639-2 three-digit code. */ languageCode?: pulumi.Input; /** * Human readable information to indicate captions available for players (eg. English, or Spanish). */ languageDescription?: pulumi.Input; /** * Name of the caption description. Used to associate a caption description with an output. Names must be unique within an event. */ name: pulumi.Input; } export interface ChannelEncoderSettingsCaptionDescriptionDestinationSettings { /** * ARIB Destination Settings. */ aribDestinationSettings?: pulumi.Input; /** * Burn In Destination Settings. See Burn In Destination Settings for more details. */ burnInDestinationSettings?: pulumi.Input; /** * DVB Sub Destination Settings. See DVB Sub Destination Settings for more details. */ dvbSubDestinationSettings?: pulumi.Input; /** * EBU TT D Destination Settings. See EBU TT D Destination Settings for more details. */ ebuTtDDestinationSettings?: pulumi.Input; /** * Embedded Destination Settings. */ embeddedDestinationSettings?: pulumi.Input; /** * Embedded Plus SCTE20 Destination Settings. */ embeddedPlusScte20DestinationSettings?: pulumi.Input; /** * RTMP Caption Info Destination Settings. */ rtmpCaptionInfoDestinationSettings?: pulumi.Input; /** * SCTE20 Plus Embedded Destination Settings. */ scte20PlusEmbeddedDestinationSettings?: pulumi.Input; /** * SCTE27 Destination Settings. */ scte27DestinationSettings?: pulumi.Input; /** * SMPTE TT Destination Settings. */ smpteTtDestinationSettings?: pulumi.Input; /** * Teletext Destination Settings. */ teletextDestinationSettings?: pulumi.Input; /** * TTML Destination Settings. See TTML Destination Settings for more details. */ ttmlDestinationSettings?: pulumi.Input; /** * WebVTT Destination Settings. See WebVTT Destination Settings for more details. */ webvttDestinationSettings?: pulumi.Input; } export interface ChannelEncoderSettingsCaptionDescriptionDestinationSettingsAribDestinationSettings { } export interface ChannelEncoderSettingsCaptionDescriptionDestinationSettingsBurnInDestinationSettings { /** * If no explicit xPosition or yPosition is provided, setting alignment to centered will place the captions at the bottom center of the output. Similarly, setting a left alignment will align captions to the bottom left of the output. If x and y positions are given in conjunction with the alignment parameter, the font will be justified (either left or centered) relative to those coordinates. Selecting “smart” justification will left-justify live subtitles and center-justify pre-recorded subtitles. All burn-in and DVB-Sub font settings must match. */ alignment?: pulumi.Input; /** * Specifies the color of the rectangle behind the captions. All burn-in and DVB-Sub font settings must match. */ backgroundColor?: pulumi.Input; /** * Specifies the opacity of the background rectangle. 255 is opaque; 0 is transparent. Leaving this parameter out is equivalent to setting it to 0 (transparent). All burn-in and DVB-Sub font settings must match. */ backgroundOpacity?: pulumi.Input; /** * External font file used for caption burn-in. File extension must be ‘ttf’ or ‘tte’. Although the user can select output fonts for many different types of input captions, embedded, STL and teletext sources use a strict grid system. Using external fonts with these caption sources could cause unexpected display of proportional fonts. All burn-in and DVB-Sub font settings must match. See Font for more details. */ font?: pulumi.Input; /** * Specifies the color of the burned-in captions. This option is not valid for source captions that are STL, 608/embedded or teletext. These source settings are already pre-defined by the caption stream. All burn-in and DVB-Sub font settings must match. */ fontColor?: pulumi.Input; /** * Specifies the opacity of the burned-in captions. 255 is opaque; 0 is transparent. All burn-in and DVB-Sub font settings must match. */ fontOpacity?: pulumi.Input; /** * Font resolution in DPI (dots per inch); default is 96 dpi. All burn-in and DVB-Sub font settings must match. */ fontResolution?: pulumi.Input; /** * When set to ‘auto’ fontSize will scale depending on the size of the output. Giving a positive integer will specify the exact font size in points. All burn-in and DVB-Sub font settings must match. */ fontSize?: pulumi.Input; /** * Specifies font outline color. This option is not valid for source captions that are either 608/embedded or teletext. These source settings are already pre-defined by the caption stream. All burn-in and DVB-Sub font settings must match. */ outlineColor: pulumi.Input; /** * Specifies font outline size in pixels. This option is not valid for source captions that are either 608/embedded or teletext. These source settings are already pre-defined by the caption stream. All burn-in and DVB-Sub font settings must match. */ outlineSize?: pulumi.Input; /** * Specifies the color of the shadow cast by the captions. All burn-in and DVB-Sub font settings must match. */ shadowColor?: pulumi.Input; /** * Specifies the opacity of the shadow. 255 is opaque; 0 is transparent. Leaving this parameter out is equivalent to setting it to 0 (transparent). All burn-in and DVB-Sub font settings must match. */ shadowOpacity?: pulumi.Input; /** * Specifies the horizontal offset of the shadow relative to the captions in pixels. A value of -2 would result in a shadow offset 2 pixels to the left. All burn-in and DVB-Sub font settings must match. */ shadowXOffset?: pulumi.Input; /** * Specifies the vertical offset of the shadow relative to the captions in pixels. A value of -2 would result in a shadow offset 2 pixels above the text. All burn-in and DVB-Sub font settings must match. */ shadowYOffset?: pulumi.Input; /** * Controls whether a fixed grid size will be used to generate the output subtitles bitmap. Only applicable for Teletext inputs and DVB-Sub/Burn-in outputs. */ teletextGridControl: pulumi.Input; /** * Specifies the horizontal position of the caption relative to the left side of the output in pixels. A value of 10 would result in the captions starting 10 pixels from the left of the output. If no explicit xPosition is provided, the horizontal caption position will be determined by the alignment parameter. All burn-in and DVB-Sub font settings must match. */ xPosition?: pulumi.Input; /** * Specifies the vertical position of the caption relative to the top of the output in pixels. A value of 10 would result in the captions starting 10 pixels from the top of the output. If no explicit yPosition is provided, the caption will be positioned towards the bottom of the output. All burn-in and DVB-Sub font settings must match. */ yPosition?: pulumi.Input; } export interface ChannelEncoderSettingsCaptionDescriptionDestinationSettingsBurnInDestinationSettingsFont { /** * Key used to extract the password from EC2 Parameter store. */ passwordParam?: pulumi.Input; /** * Path to a file accessible to the live stream. */ uri: pulumi.Input; /** * Username to be used. */ username?: pulumi.Input; } export interface ChannelEncoderSettingsCaptionDescriptionDestinationSettingsDvbSubDestinationSettings { /** * If no explicit xPosition or yPosition is provided, setting alignment to centered will place the captions at the bottom center of the output. Similarly, setting a left alignment will align captions to the bottom left of the output. If x and y positions are given in conjunction with the alignment parameter, the font will be justified (either left or centered) relative to those coordinates. Selecting “smart” justification will left-justify live subtitles and center-justify pre-recorded subtitles. This option is not valid for source captions that are STL or 608/embedded. These source settings are already pre-defined by the caption stream. All burn-in and DVB-Sub font settings must match. */ alignment?: pulumi.Input; /** * Specifies the color of the rectangle behind the captions. All burn-in and DVB-Sub font settings must match. */ backgroundColor?: pulumi.Input; /** * Specifies the opacity of the background rectangle. 255 is opaque; 0 is transparent. Leaving this parameter blank is equivalent to setting it to 0 (transparent). All burn-in and DVB-Sub font settings must match. */ backgroundOpacity?: pulumi.Input; /** * External font file used for caption burn-in. File extension must be ‘ttf’ or ‘tte’. Although the user can select output fonts for many different types of input captions, embedded, STL and teletext sources use a strict grid system. Using external fonts with these caption sources could cause unexpected display of proportional fonts. All burn-in and DVB-Sub font settings must match. See Font for more details. */ font?: pulumi.Input; /** * Specifies the color of the burned-in captions. This option is not valid for source captions that are STL, 608/embedded or teletext. These source settings are already pre-defined by the caption stream. All burn-in and DVB-Sub font settings must match. */ fontColor?: pulumi.Input; /** * Specifies the opacity of the burned-in captions. 255 is opaque; 0 is transparent. All burn-in and DVB-Sub font settings must match. */ fontOpacity?: pulumi.Input; /** * Font resolution in DPI (dots per inch); default is 96 dpi. All burn-in and DVB-Sub font settings must match. */ fontResolution?: pulumi.Input; /** * When set to auto fontSize will scale depending on the size of the output. Giving a positive integer will specify the exact font size in points. All burn-in and DVB-Sub font settings must match. */ fontSize?: pulumi.Input; /** * Specifies font outline color. This option is not valid for source captions that are either 608/embedded or teletext. These source settings are already pre-defined by the caption stream. All burn-in and DVB-Sub font settings must match. */ outlineColor?: pulumi.Input; /** * Specifies font outline size in pixels. This option is not valid for source captions that are either 608/embedded or teletext. These source settings are already pre-defined by the caption stream. All burn-in and DVB-Sub font settings must match. */ outlineSize?: pulumi.Input; /** * Specifies the color of the shadow cast by the captions. All burn-in and DVB-Sub font settings must match. */ shadowColor?: pulumi.Input; /** * Specifies the opacity of the shadow. 255 is opaque; 0 is transparent. Leaving this parameter blank is equivalent to setting it to 0 (transparent). All burn-in and DVB-Sub font settings must match. */ shadowOpacity?: pulumi.Input; /** * Specifies the horizontal offset of the shadow relative to the captions in pixels. A value of -2 would result in a shadow offset 2 pixels to the left. All burn-in and DVB-Sub font settings must match. */ shadowXOffset?: pulumi.Input; /** * Specifies the vertical offset of the shadow relative to the captions in pixels. A value of -2 would result in a shadow offset 2 pixels above the text. All burn-in and DVB-Sub font settings must match. */ shadowYOffset?: pulumi.Input; /** * Controls whether a fixed grid size will be used to generate the output subtitles bitmap. Only applicable for Teletext inputs and DVB-Sub/Burn-in outputs. */ teletextGridControl?: pulumi.Input; /** * Specifies the horizontal position of the caption relative to the left side of the output in pixels. A value of 10 would result in the captions starting 10 pixels from the left of the output. If no explicit xPosition is provided, the horizontal caption position will be determined by the alignment parameter. This option is not valid for source captions that are STL, 608/embedded or teletext. These source settings are already pre-defined by the caption stream. All burn-in and DVB-Sub font settings must match. */ xPosition?: pulumi.Input; /** * Specifies the vertical position of the caption relative to the top of the output in pixels. A value of 10 would result in the captions starting 10 pixels from the top of the output. If no explicit yPosition is provided, the caption will be positioned towards the bottom of the output. This option is not valid for source captions that are STL, 608/embedded or teletext. These source settings are already pre-defined by the caption stream. All burn-in and DVB-Sub font settings must match. */ yPosition?: pulumi.Input; } export interface ChannelEncoderSettingsCaptionDescriptionDestinationSettingsDvbSubDestinationSettingsFont { /** * Key used to extract the password from EC2 Parameter store. */ passwordParam?: pulumi.Input; /** * Path to a file accessible to the live stream. */ uri: pulumi.Input; /** * Username to be used. */ username?: pulumi.Input; } export interface ChannelEncoderSettingsCaptionDescriptionDestinationSettingsEbuTtDDestinationSettings { /** * Complete this field if you want to include the name of the copyright holder in the copyright tag in the captions metadata. */ copyrightHolder?: pulumi.Input; /** * Specifies how to handle the gap between the lines (in multi-line captions). - enabled: Fill with the captions background color (as specified in the input captions). - disabled: Leave the gap unfilled. */ fillLineGap?: pulumi.Input; /** * Specifies the font family to include in the font data attached to the EBU-TT captions. Valid only if styleControl is set to include. If you leave this field empty, the font family is set to “monospaced”. (If styleControl is set to exclude, the font family is always set to “monospaced”.) You specify only the font family. All other style information (color, bold, position and so on) is copied from the input captions. The size is always set to 100% to allow the downstream player to choose the size. - Enter a list of font families, as a comma-separated list of font names, in order of preference. The name can be a font family (such as “Arial”), or a generic font family (such as “serif”), or “default” (to let the downstream player choose the font). - Leave blank to set the family to “monospace”. */ fontFamily?: pulumi.Input; /** * Specifies the style information (font color, font position, and so on) to include in the font data that is attached to the EBU-TT captions. - include: Take the style information (font color, font position, and so on) from the source captions and include that information in the font data attached to the EBU-TT captions. This option is valid only if the source captions are Embedded or Teletext. - exclude: In the font data attached to the EBU-TT captions, set the font family to “monospaced”. Do not include any other style information. */ styleControl?: pulumi.Input; } export interface ChannelEncoderSettingsCaptionDescriptionDestinationSettingsEmbeddedDestinationSettings { } export interface ChannelEncoderSettingsCaptionDescriptionDestinationSettingsEmbeddedPlusScte20DestinationSettings { } export interface ChannelEncoderSettingsCaptionDescriptionDestinationSettingsRtmpCaptionInfoDestinationSettings { } export interface ChannelEncoderSettingsCaptionDescriptionDestinationSettingsScte20PlusEmbeddedDestinationSettings { } export interface ChannelEncoderSettingsCaptionDescriptionDestinationSettingsScte27DestinationSettings { } export interface ChannelEncoderSettingsCaptionDescriptionDestinationSettingsSmpteTtDestinationSettings { } export interface ChannelEncoderSettingsCaptionDescriptionDestinationSettingsTeletextDestinationSettings { } export interface ChannelEncoderSettingsCaptionDescriptionDestinationSettingsTtmlDestinationSettings { /** * This field is not currently supported and will not affect the output styling. Leave the default value. */ styleControl: pulumi.Input; } export interface ChannelEncoderSettingsCaptionDescriptionDestinationSettingsWebvttDestinationSettings { /** * Controls whether the color and position of the source captions is passed through to the WebVTT output captions. PASSTHROUGH - Valid only if the source captions are EMBEDDED or TELETEXT. NO\_STYLE\_DATA - Don’t pass through the style. The output captions will not contain any font styling information. */ styleControl: pulumi.Input; } export interface ChannelEncoderSettingsGlobalConfiguration { /** * Value to set the initial audio gain for the Live Event. */ initialAudioGain?: pulumi.Input; /** * Indicates the action to take when the current input completes (e.g. end-of-file). When switchAndLoopInputs is configured the encoder will restart at the beginning of the first input. When “none” is configured the encoder will transcode either black, a solid color, or a user specified slate images per the “Input Loss Behavior” configuration until the next input switch occurs (which is controlled through the Channel Schedule API). */ inputEndAction?: pulumi.Input; /** * Settings for system actions when input is lost. See Input Loss Behavior for more details. */ inputLossBehavior?: pulumi.Input; /** * Indicates how MediaLive pipelines are synchronized. PIPELINE\_LOCKING - MediaLive will attempt to synchronize the output of each pipeline to the other. EPOCH\_LOCKING - MediaLive will attempt to synchronize the output of each pipeline to the Unix epoch. */ outputLockingMode?: pulumi.Input; /** * Indicates whether the rate of frames emitted by the Live encoder should be paced by its system clock (which optionally may be locked to another source via NTP) or should be locked to the clock of the source that is providing the input stream. */ outputTimingSource?: pulumi.Input; /** * Adjusts video input buffer for streams with very low video framerates. This is commonly set to enabled for music channels with less than one video frame per second. */ supportLowFramerateInputs?: pulumi.Input; } export interface ChannelEncoderSettingsGlobalConfigurationInputLossBehavior { blackFrameMsec?: pulumi.Input; inputLossImageColor?: pulumi.Input; inputLossImageSlate?: pulumi.Input; inputLossImageType?: pulumi.Input; repeatFrameMsec?: pulumi.Input; } export interface ChannelEncoderSettingsGlobalConfigurationInputLossBehaviorInputLossImageSlate { passwordParam?: pulumi.Input; uri: pulumi.Input; username?: pulumi.Input; } export interface ChannelEncoderSettingsMotionGraphicsConfiguration { /** * Motion Graphics Insertion. */ motionGraphicsInsertion?: pulumi.Input; /** * Motion Graphics Settings. See Motion Graphics Settings for more details. */ motionGraphicsSettings: pulumi.Input; } export interface ChannelEncoderSettingsMotionGraphicsConfigurationMotionGraphicsSettings { /** * Html Motion Graphics Settings. */ htmlMotionGraphicsSettings?: pulumi.Input; } export interface ChannelEncoderSettingsMotionGraphicsConfigurationMotionGraphicsSettingsHtmlMotionGraphicsSettings { } export interface ChannelEncoderSettingsNielsenConfiguration { /** * Enter the Distributor ID assigned to your organization by Nielsen. */ distributorId?: pulumi.Input; /** * Enables Nielsen PCM to ID3 tagging. */ nielsenPcmToId3Tagging?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroup { /** * Custom output group name defined by the user. */ name?: pulumi.Input; /** * Settings associated with the output group. See Output Group Settings for more details. */ outputGroupSettings: pulumi.Input; /** * List of outputs. See Outputs for more details. */ outputs: pulumi.Input[]>; } export interface ChannelEncoderSettingsOutputGroupOutput { /** * The names of the audio descriptions used as audio sources for the output. */ audioDescriptionNames?: pulumi.Input[]>; /** * The names of the caption descriptions used as caption sources for the output. */ captionDescriptionNames?: pulumi.Input[]>; /** * The name used to identify an output. */ outputName?: pulumi.Input; /** * Settings for output. See Output Settings for more details. */ outputSettings: pulumi.Input; /** * The name of the video description used as video source for the output. */ videoDescriptionName?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputGroupSettings { /** * Archive group settings. See Archive Group Settings for more details. */ archiveGroupSettings?: pulumi.Input[]>; frameCaptureGroupSettings?: pulumi.Input; hlsGroupSettings?: pulumi.Input; /** * Media package group settings. See Media Package Group Settings for more details. */ mediaPackageGroupSettings?: pulumi.Input; msSmoothGroupSettings?: pulumi.Input; multiplexGroupSettings?: pulumi.Input; /** * RTMP group settings. See RTMP Group Settings for more details. */ rtmpGroupSettings?: pulumi.Input; udpGroupSettings?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputGroupSettingsArchiveGroupSetting { /** * Parameters that control the interactions with the CDN. See Archive CDN Settings for more details. */ archiveCdnSettings?: pulumi.Input; /** * A director and base filename where archive files should be written. See Destination for more details. */ destination: pulumi.Input; /** * Number of seconds to write to archive file before closing and starting a new one. */ rolloverInterval?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputGroupSettingsArchiveGroupSettingArchiveCdnSettings { /** * Archive S3 Settings. See Archive S3 Settings for more details. */ archiveS3Settings?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputGroupSettingsArchiveGroupSettingArchiveCdnSettingsArchiveS3Settings { /** * Specify the canned ACL to apply to each S3 request. */ cannedAcl?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputGroupSettingsArchiveGroupSettingDestination { /** * Reference ID for the destination. */ destinationRefId: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputGroupSettingsFrameCaptureGroupSettings { destination: pulumi.Input; frameCaptureCdnSettings?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputGroupSettingsFrameCaptureGroupSettingsDestination { /** * Reference ID for the destination. */ destinationRefId: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputGroupSettingsFrameCaptureGroupSettingsFrameCaptureCdnSettings { frameCaptureS3Settings?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputGroupSettingsFrameCaptureGroupSettingsFrameCaptureCdnSettingsFrameCaptureS3Settings { cannedAcl?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputGroupSettingsHlsGroupSettings { adMarkers?: pulumi.Input[]>; baseUrlContent?: pulumi.Input; baseUrlContent1?: pulumi.Input; baseUrlManifest?: pulumi.Input; baseUrlManifest1?: pulumi.Input; captionLanguageMappings?: pulumi.Input[]>; captionLanguageSetting?: pulumi.Input; clientCache?: pulumi.Input; codecSpecification?: pulumi.Input; constantIv?: pulumi.Input; destination: pulumi.Input; directoryStructure?: pulumi.Input; discontinuityTags?: pulumi.Input; encryptionType?: pulumi.Input; hlsCdnSettings?: pulumi.Input[]>; hlsId3SegmentTagging?: pulumi.Input; iframeOnlyPlaylists?: pulumi.Input; incompleteSegmentBehavior?: pulumi.Input; indexNSegments?: pulumi.Input; inputLossAction?: pulumi.Input; ivInManifest?: pulumi.Input; ivSource?: pulumi.Input; keepSegments?: pulumi.Input; keyFormat?: pulumi.Input; keyFormatVersions?: pulumi.Input; keyProviderSettings?: pulumi.Input; manifestCompression?: pulumi.Input; manifestDurationFormat?: pulumi.Input; minSegmentLength?: pulumi.Input; mode?: pulumi.Input; outputSelection?: pulumi.Input; programDateTime?: pulumi.Input; programDateTimeClock?: pulumi.Input; programDateTimePeriod?: pulumi.Input; redundantManifest?: pulumi.Input; segmentLength?: pulumi.Input; segmentsPerSubdirectory?: pulumi.Input; streamInfResolution?: pulumi.Input; timedMetadataId3Frame?: pulumi.Input; timedMetadataId3Period?: pulumi.Input; timestampDeltaMilliseconds?: pulumi.Input; tsFileMode?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputGroupSettingsHlsGroupSettingsCaptionLanguageMapping { captionChannel: pulumi.Input; languageCode: pulumi.Input; languageDescription: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputGroupSettingsHlsGroupSettingsDestination { /** * Reference ID for the destination. */ destinationRefId: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputGroupSettingsHlsGroupSettingsHlsCdnSetting { hlsAkamaiSettings?: pulumi.Input; hlsBasicPutSettings?: pulumi.Input; hlsMediaStoreSettings?: pulumi.Input; hlsS3Settings?: pulumi.Input; hlsWebdavSettings?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputGroupSettingsHlsGroupSettingsHlsCdnSettingHlsAkamaiSettings { connectionRetryInterval?: pulumi.Input; filecacheDuration?: pulumi.Input; httpTransferMode?: pulumi.Input; numRetries?: pulumi.Input; restartDelay?: pulumi.Input; salt?: pulumi.Input; token?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputGroupSettingsHlsGroupSettingsHlsCdnSettingHlsBasicPutSettings { connectionRetryInterval?: pulumi.Input; filecacheDuration?: pulumi.Input; numRetries?: pulumi.Input; restartDelay?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputGroupSettingsHlsGroupSettingsHlsCdnSettingHlsMediaStoreSettings { connectionRetryInterval?: pulumi.Input; filecacheDuration?: pulumi.Input; mediaStoreStorageClass?: pulumi.Input; numRetries?: pulumi.Input; restartDelay?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputGroupSettingsHlsGroupSettingsHlsCdnSettingHlsS3Settings { cannedAcl?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputGroupSettingsHlsGroupSettingsHlsCdnSettingHlsWebdavSettings { connectionRetryInterval?: pulumi.Input; filecacheDuration?: pulumi.Input; httpTransferMode?: pulumi.Input; numRetries?: pulumi.Input; restartDelay?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputGroupSettingsHlsGroupSettingsKeyProviderSettings { staticKeySettings?: pulumi.Input[]>; } export interface ChannelEncoderSettingsOutputGroupOutputGroupSettingsHlsGroupSettingsKeyProviderSettingsStaticKeySetting { keyProviderServer?: pulumi.Input; staticKeyValue: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputGroupSettingsHlsGroupSettingsKeyProviderSettingsStaticKeySettingKeyProviderServer { passwordParam?: pulumi.Input; uri: pulumi.Input; username?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputGroupSettingsMediaPackageGroupSettings { /** * A director and base filename where archive files should be written. See Destination for more details. */ destination: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputGroupSettingsMediaPackageGroupSettingsDestination { /** * Reference ID for the destination. */ destinationRefId: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputGroupSettingsMsSmoothGroupSettings { acquisitionPointId?: pulumi.Input; audioOnlyTimecodeControl?: pulumi.Input; certificateMode?: pulumi.Input; connectionRetryInterval?: pulumi.Input; destination: pulumi.Input; eventId?: pulumi.Input; eventIdMode?: pulumi.Input; eventStopBehavior?: pulumi.Input; filecacheDuration?: pulumi.Input; fragmentLength?: pulumi.Input; inputLossAction?: pulumi.Input; numRetries?: pulumi.Input; restartDelay?: pulumi.Input; segmentationMode?: pulumi.Input; sendDelayMs?: pulumi.Input; sparseTrackType?: pulumi.Input; streamManifestBehavior?: pulumi.Input; timestampOffset?: pulumi.Input; timestampOffsetMode?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputGroupSettingsMsSmoothGroupSettingsDestination { /** * Reference ID for the destination. */ destinationRefId: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputGroupSettingsMultiplexGroupSettings { } export interface ChannelEncoderSettingsOutputGroupOutputGroupSettingsRtmpGroupSettings { /** * The ad marker type for this output group. */ adMarkers?: pulumi.Input[]>; /** * Authentication scheme to use when connecting with CDN. */ authenticationScheme?: pulumi.Input; /** * Controls behavior when content cache fills up. */ cacheFullBehavior?: pulumi.Input; /** * Cache length in seconds, is used to calculate buffer size. */ cacheLength?: pulumi.Input; /** * Controls the types of data that passes to onCaptionInfo outputs. */ captionData?: pulumi.Input; /** * Controls the behavior of the RTMP group if input becomes unavailable. */ inputLossAction?: pulumi.Input; /** * Number of seconds to wait until a restart is initiated. */ restartDelay?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputGroupSettingsUdpGroupSettings { /** * Specifies behavior of last resort when input video os lost. */ inputLossAction?: pulumi.Input; /** * Indicates ID3 frame that has the timecode. */ timedMetadataId3Frame?: pulumi.Input; timedMetadataId3Period?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputOutputSettings { /** * Archive output settings. See Archive Output Settings for more details. */ archiveOutputSettings?: pulumi.Input; frameCaptureOutputSettings?: pulumi.Input; hlsOutputSettings?: pulumi.Input; /** * Media package output settings. This can be set as an empty block. */ mediaPackageOutputSettings?: pulumi.Input; msSmoothOutputSettings?: pulumi.Input; /** * Multiplex output settings. See Multiplex Output Settings for more details. */ multiplexOutputSettings?: pulumi.Input; /** * RTMP output settings. See RTMP Output Settings for more details. */ rtmpOutputSettings?: pulumi.Input; /** * UDP output settings. See UDP Output Settings for more details. */ udpOutputSettings?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputOutputSettingsArchiveOutputSettings { /** * Settings specific to the container type of the file. See Container Settings for more details. */ containerSettings?: pulumi.Input; /** * Output file extension. */ extension?: pulumi.Input; /** * String concatenated to the end of the destination filename. Required for multiple outputs of the same type. */ nameModifier?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputOutputSettingsArchiveOutputSettingsContainerSettings { /** * M2TS Settings. See [M2TS Settings](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-medialive-channel-m2tssettings.html) for more details. */ m2tsSettings?: pulumi.Input; /** * Raw Settings. This can be set as an empty block. */ rawSettings?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputOutputSettingsArchiveOutputSettingsContainerSettingsM2tsSettings { absentInputAudioBehavior?: pulumi.Input; arib?: pulumi.Input; aribCaptionsPid?: pulumi.Input; aribCaptionsPidControl?: pulumi.Input; audioBufferModel?: pulumi.Input; audioFramesPerPes?: pulumi.Input; audioPids?: pulumi.Input; audioStreamType?: pulumi.Input; bitrate?: pulumi.Input; bufferModel?: pulumi.Input; ccDescriptor?: pulumi.Input; dvbNitSettings?: pulumi.Input; dvbSdtSettings?: pulumi.Input; dvbSubPids?: pulumi.Input; dvbTdtSettings?: pulumi.Input; dvbTeletextPid?: pulumi.Input; ebif?: pulumi.Input; ebpAudioInterval?: pulumi.Input; ebpLookaheadMs?: pulumi.Input; ebpPlacement?: pulumi.Input; ecmPid?: pulumi.Input; esRateInPes?: pulumi.Input; etvPlatformPid?: pulumi.Input; etvSignalPid?: pulumi.Input; fragmentTime?: pulumi.Input; klv?: pulumi.Input; klvDataPids?: pulumi.Input; nielsenId3Behavior?: pulumi.Input; nullPacketBitrate?: pulumi.Input; patInterval?: pulumi.Input; pcrControl?: pulumi.Input; pcrPeriod?: pulumi.Input; pcrPid?: pulumi.Input; pmtInterval?: pulumi.Input; pmtPid?: pulumi.Input; programNum?: pulumi.Input; rateMode?: pulumi.Input; scte27Pids?: pulumi.Input; scte35Control?: pulumi.Input; scte35Pid?: pulumi.Input; segmentationMarkers?: pulumi.Input; segmentationStyle?: pulumi.Input; segmentationTime?: pulumi.Input; timedMetadataBehavior?: pulumi.Input; timedMetadataPid?: pulumi.Input; transportStreamId?: pulumi.Input; videoPid?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputOutputSettingsArchiveOutputSettingsContainerSettingsM2tsSettingsDvbNitSettings { networkId: pulumi.Input; networkName: pulumi.Input; repInterval?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputOutputSettingsArchiveOutputSettingsContainerSettingsM2tsSettingsDvbSdtSettings { outputSdt?: pulumi.Input; repInterval?: pulumi.Input; serviceName?: pulumi.Input; serviceProviderName?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputOutputSettingsArchiveOutputSettingsContainerSettingsM2tsSettingsDvbTdtSettings { repInterval?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputOutputSettingsArchiveOutputSettingsContainerSettingsRawSettings { } export interface ChannelEncoderSettingsOutputGroupOutputOutputSettingsFrameCaptureOutputSettings { nameModifier?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputOutputSettingsHlsOutputSettings { h265PackagingType?: pulumi.Input; hlsSettings: pulumi.Input; nameModifier?: pulumi.Input; segmentModifier?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputOutputSettingsHlsOutputSettingsHlsSettings { audioOnlyHlsSettings?: pulumi.Input; fmp4HlsSettings?: pulumi.Input; frameCaptureHlsSettings?: pulumi.Input; standardHlsSettings?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputOutputSettingsHlsOutputSettingsHlsSettingsAudioOnlyHlsSettings { audioGroupId?: pulumi.Input; audioOnlyImage?: pulumi.Input; audioTrackType?: pulumi.Input; segmentType?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputOutputSettingsHlsOutputSettingsHlsSettingsAudioOnlyHlsSettingsAudioOnlyImage { passwordParam?: pulumi.Input; uri: pulumi.Input; username?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputOutputSettingsHlsOutputSettingsHlsSettingsFmp4HlsSettings { audioRenditionSets?: pulumi.Input; nielsenId3Behavior?: pulumi.Input; timedMetadataBehavior?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputOutputSettingsHlsOutputSettingsHlsSettingsFrameCaptureHlsSettings { } export interface ChannelEncoderSettingsOutputGroupOutputOutputSettingsHlsOutputSettingsHlsSettingsStandardHlsSettings { audioRenditionSets?: pulumi.Input; m3u8Settings: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputOutputSettingsHlsOutputSettingsHlsSettingsStandardHlsSettingsM3u8Settings { audioFramesPerPes?: pulumi.Input; audioPids?: pulumi.Input; ecmPid?: pulumi.Input; nielsenId3Behavior?: pulumi.Input; patInterval?: pulumi.Input; pcrControl?: pulumi.Input; pcrPeriod?: pulumi.Input; pcrPid?: pulumi.Input; pmtInterval?: pulumi.Input; pmtPid?: pulumi.Input; programNum?: pulumi.Input; scte35Behavior?: pulumi.Input; scte35Pid?: pulumi.Input; timedMetadataBehavior?: pulumi.Input; timedMetadataPid?: pulumi.Input; transportStreamId?: pulumi.Input; videoPid?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputOutputSettingsMediaPackageOutputSettings { } export interface ChannelEncoderSettingsOutputGroupOutputOutputSettingsMsSmoothOutputSettings { h265PackagingType?: pulumi.Input; nameModifier?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputOutputSettingsMultiplexOutputSettings { /** * Destination is a multiplex. See Destination for more details. */ destination: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputOutputSettingsMultiplexOutputSettingsDestination { /** * Reference ID for the destination. */ destinationRefId: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputOutputSettingsRtmpOutputSettings { /** * Setting to allow self signed or verified RTMP certificates. */ certificateMode?: pulumi.Input; /** * Number of seconds to wait before retrying connection to the flash media server if the connection is lost. */ connectionRetryInterval?: pulumi.Input; /** * The RTMP endpoint excluding the stream name. See Destination for more details. */ destination: pulumi.Input; /** * Number of retry attempts. */ numRetries?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputOutputSettingsRtmpOutputSettingsDestination { /** * Reference ID for the destination. */ destinationRefId: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputOutputSettingsUdpOutputSettings { /** * UDP output buffering in milliseconds. */ bufferMsec?: pulumi.Input; /** * UDP container settings. See Container Settings for more details. */ containerSettings: pulumi.Input; /** * Destination address and port number for RTP or UDP packets. See Destination for more details. */ destination: pulumi.Input; fecOutputSettings?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputOutputSettingsUdpOutputSettingsContainerSettings { /** * M2TS Settings. See [M2TS Settings](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-medialive-channel-m2tssettings.html) for more details. */ m2tsSettings?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputOutputSettingsUdpOutputSettingsContainerSettingsM2tsSettings { absentInputAudioBehavior?: pulumi.Input; arib?: pulumi.Input; aribCaptionsPid?: pulumi.Input; aribCaptionsPidControl?: pulumi.Input; audioBufferModel?: pulumi.Input; audioFramesPerPes?: pulumi.Input; audioPids?: pulumi.Input; audioStreamType?: pulumi.Input; bitrate?: pulumi.Input; bufferModel?: pulumi.Input; ccDescriptor?: pulumi.Input; dvbNitSettings?: pulumi.Input; dvbSdtSettings?: pulumi.Input; dvbSubPids?: pulumi.Input; dvbTdtSettings?: pulumi.Input; dvbTeletextPid?: pulumi.Input; ebif?: pulumi.Input; ebpAudioInterval?: pulumi.Input; ebpLookaheadMs?: pulumi.Input; ebpPlacement?: pulumi.Input; ecmPid?: pulumi.Input; esRateInPes?: pulumi.Input; etvPlatformPid?: pulumi.Input; etvSignalPid?: pulumi.Input; fragmentTime?: pulumi.Input; klv?: pulumi.Input; klvDataPids?: pulumi.Input; nielsenId3Behavior?: pulumi.Input; nullPacketBitrate?: pulumi.Input; patInterval?: pulumi.Input; pcrControl?: pulumi.Input; pcrPeriod?: pulumi.Input; pcrPid?: pulumi.Input; pmtInterval?: pulumi.Input; pmtPid?: pulumi.Input; programNum?: pulumi.Input; rateMode?: pulumi.Input; scte27Pids?: pulumi.Input; scte35Control?: pulumi.Input; scte35Pid?: pulumi.Input; segmentationMarkers?: pulumi.Input; segmentationStyle?: pulumi.Input; segmentationTime?: pulumi.Input; timedMetadataBehavior?: pulumi.Input; timedMetadataPid?: pulumi.Input; transportStreamId?: pulumi.Input; videoPid?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputOutputSettingsUdpOutputSettingsContainerSettingsM2tsSettingsDvbNitSettings { networkId: pulumi.Input; networkName: pulumi.Input; repInterval?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputOutputSettingsUdpOutputSettingsContainerSettingsM2tsSettingsDvbSdtSettings { outputSdt?: pulumi.Input; repInterval?: pulumi.Input; serviceName?: pulumi.Input; serviceProviderName?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputOutputSettingsUdpOutputSettingsContainerSettingsM2tsSettingsDvbTdtSettings { repInterval?: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputOutputSettingsUdpOutputSettingsDestination { /** * Reference ID for the destination. */ destinationRefId: pulumi.Input; } export interface ChannelEncoderSettingsOutputGroupOutputOutputSettingsUdpOutputSettingsFecOutputSettings { /** * The height of the FEC protection matrix. */ columnDepth?: pulumi.Input; /** * Enables column only or column and row based FEC. */ includeFec?: pulumi.Input; /** * The width of the FEC protection matrix. */ rowLength?: pulumi.Input; } export interface ChannelEncoderSettingsTimecodeConfig { /** * The source for the timecode that will be associated with the events outputs. */ source: pulumi.Input; /** * Threshold in frames beyond which output timecode is resynchronized to the input timecode. */ syncThreshold?: pulumi.Input; } export interface ChannelEncoderSettingsVideoDescription { /** * The video codec settings. See Video Codec Settings for more details. */ codecSettings?: pulumi.Input; /** * Output video height in pixels. */ height?: pulumi.Input; /** * The name of the video description. */ name: pulumi.Input; /** * Indicate how to respond to the AFD values that might be in the input video. */ respondToAfd?: pulumi.Input; /** * Behavior on how to scale. */ scalingBehavior?: pulumi.Input; /** * Changes the strength of the anti-alias filter used for scaling. */ sharpness?: pulumi.Input; /** * Output video width in pixels. */ width?: pulumi.Input; } export interface ChannelEncoderSettingsVideoDescriptionCodecSettings { frameCaptureSettings?: pulumi.Input; h264Settings?: pulumi.Input; h265Settings?: pulumi.Input; } export interface ChannelEncoderSettingsVideoDescriptionCodecSettingsFrameCaptureSettings { /** * The frequency at which to capture frames for inclusion in the output. */ captureInterval?: pulumi.Input; /** * Unit for the frame capture interval. */ captureIntervalUnits?: pulumi.Input; } export interface ChannelEncoderSettingsVideoDescriptionCodecSettingsH264Settings { /** * Enables or disables adaptive quantization. */ adaptiveQuantization?: pulumi.Input; /** * Indicates that AFD values will be written into the output stream. */ afdSignaling?: pulumi.Input; /** * Average bitrate in bits/second. */ bitrate?: pulumi.Input; bufFillPct?: pulumi.Input; /** * Size of buffer in bits. */ bufSize?: pulumi.Input; /** * Includes color space metadata in the output. */ colorMetadata?: pulumi.Input; /** * Entropy encoding mode. */ entropyEncoding?: pulumi.Input; /** * Filters to apply to an encode. See H264 Filter Settings for more details. */ filterSettings?: pulumi.Input; /** * Four bit AFD value to write on all frames of video in the output stream. */ fixedAfd?: pulumi.Input; flickerAq?: pulumi.Input; /** * Controls whether coding is performed on a field basis or on a frame basis. */ forceFieldPictures?: pulumi.Input; /** * Indicates how the output video frame rate is specified. */ framerateControl?: pulumi.Input; /** * Framerate denominator. */ framerateDenominator?: pulumi.Input; /** * Framerate numerator. */ framerateNumerator?: pulumi.Input; /** * GOP-B reference. */ gopBReference?: pulumi.Input; /** * Frequency of closed GOPs. */ gopClosedCadence?: pulumi.Input; /** * Number of B-frames between reference frames. */ gopNumBFrames?: pulumi.Input; /** * GOP size in units of either frames of seconds per `gopSizeUnits`. */ gopSize?: pulumi.Input; /** * Indicates if the `gopSize` is specified in frames or seconds. */ gopSizeUnits?: pulumi.Input; /** * H264 level. */ level?: pulumi.Input; /** * Amount of lookahead. */ lookAheadRateControl?: pulumi.Input; /** * Set the maximum bitrate in order to accommodate expected spikes in the complexity of the video. */ maxBitrate?: pulumi.Input; minIInterval?: pulumi.Input; /** * Number of reference frames to use. */ numRefFrames?: pulumi.Input; /** * Indicates how the output pixel aspect ratio is specified. */ parControl?: pulumi.Input; /** * Pixel Aspect Ratio denominator. */ parDenominator?: pulumi.Input; /** * Pixel Aspect Ratio numerator. */ parNumerator?: pulumi.Input; /** * H264 profile. */ profile?: pulumi.Input; /** * Quality level. */ qualityLevel?: pulumi.Input; /** * Controls the target quality for the video encode. */ qvbrQualityLevel?: pulumi.Input; /** * Rate control mode. */ rateControlMode?: pulumi.Input; /** * Sets the scan type of the output. */ scanType?: pulumi.Input; /** * Scene change detection. */ sceneChangeDetect?: pulumi.Input; /** * Number of slices per picture. */ slices?: pulumi.Input; /** * Softness. */ softness?: pulumi.Input; /** * Makes adjustments within each frame based on spatial variation of content complexity. */ spatialAq?: pulumi.Input; /** * Subgop length. */ subgopLength?: pulumi.Input; /** * Produces a bitstream compliant with SMPTE RP-2027. */ syntax?: pulumi.Input; /** * Makes adjustments within each frame based on temporal variation of content complexity. */ temporalAq?: pulumi.Input; /** * Determines how timecodes should be inserted into the video elementary stream. */ timecodeInsertion?: pulumi.Input; } export interface ChannelEncoderSettingsVideoDescriptionCodecSettingsH264SettingsFilterSettings { temporalFilterSettings?: pulumi.Input; } export interface ChannelEncoderSettingsVideoDescriptionCodecSettingsH264SettingsFilterSettingsTemporalFilterSettings { /** * Post filter sharpening. */ postFilterSharpening?: pulumi.Input; /** * Filter strength. */ strength?: pulumi.Input; } export interface ChannelEncoderSettingsVideoDescriptionCodecSettingsH265Settings { /** * Enables or disables adaptive quantization. */ adaptiveQuantization?: pulumi.Input; /** * Indicates that AFD values will be written into the output stream. */ afdSignaling?: pulumi.Input; /** * Whether or not EML should insert an Alternative Transfer Function SEI message. */ alternativeTransferFunction?: pulumi.Input; /** * Average bitrate in bits/second. */ bitrate: pulumi.Input; /** * Size of buffer in bits. */ bufSize?: pulumi.Input; /** * Includes color space metadata in the output. */ colorMetadata?: pulumi.Input; /** * Define the color metadata for the output. H265 Color Space Settings for more details. */ colorSpaceSettings?: pulumi.Input; /** * Filters to apply to an encode. See H265 Filter Settings for more details. */ filterSettings?: pulumi.Input; /** * Four bit AFD value to write on all frames of video in the output stream. */ fixedAfd?: pulumi.Input; flickerAq?: pulumi.Input; /** * Framerate denominator. */ framerateDenominator: pulumi.Input; /** * Framerate numerator. */ framerateNumerator: pulumi.Input; /** * Frequency of closed GOPs. */ gopClosedCadence?: pulumi.Input; /** * GOP size in units of either frames of seconds per `gopSizeUnits`. */ gopSize?: pulumi.Input; /** * Indicates if the `gopSize` is specified in frames or seconds. */ gopSizeUnits?: pulumi.Input; /** * H265 level. */ level?: pulumi.Input; /** * Amount of lookahead. */ lookAheadRateControl?: pulumi.Input; /** * Set the maximum bitrate in order to accommodate expected spikes in the complexity of the video. */ maxBitrate?: pulumi.Input; minIInterval?: pulumi.Input; /** * Pixel Aspect Ratio denominator. */ parDenominator?: pulumi.Input; /** * Pixel Aspect Ratio numerator. */ parNumerator?: pulumi.Input; /** * H265 profile. */ profile?: pulumi.Input; /** * Controls the target quality for the video encode. */ qvbrQualityLevel?: pulumi.Input; /** * Rate control mode. */ rateControlMode?: pulumi.Input; /** * Sets the scan type of the output. */ scanType?: pulumi.Input; /** * Scene change detection. */ sceneChangeDetect?: pulumi.Input; /** * Number of slices per picture. */ slices?: pulumi.Input; /** * Set the H265 tier in the output. */ tier?: pulumi.Input; /** * Apply a burned in timecode. See H265 Timecode Burnin Settings for more details. */ timecodeBurninSettings?: pulumi.Input; /** * Determines how timecodes should be inserted into the video elementary stream. */ timecodeInsertion?: pulumi.Input; } export interface ChannelEncoderSettingsVideoDescriptionCodecSettingsH265SettingsColorSpaceSettings { colorSpacePassthroughSettings?: pulumi.Input; dolbyVision81Settings?: pulumi.Input; hdr10Settings?: pulumi.Input; rec601Settings?: pulumi.Input; rec709Settings?: pulumi.Input; } export interface ChannelEncoderSettingsVideoDescriptionCodecSettingsH265SettingsColorSpaceSettingsColorSpacePassthroughSettings { } export interface ChannelEncoderSettingsVideoDescriptionCodecSettingsH265SettingsColorSpaceSettingsDolbyVision81Settings { } export interface ChannelEncoderSettingsVideoDescriptionCodecSettingsH265SettingsColorSpaceSettingsHdr10Settings { maxCll?: pulumi.Input; maxFall?: pulumi.Input; } export interface ChannelEncoderSettingsVideoDescriptionCodecSettingsH265SettingsColorSpaceSettingsRec601Settings { } export interface ChannelEncoderSettingsVideoDescriptionCodecSettingsH265SettingsColorSpaceSettingsRec709Settings { } export interface ChannelEncoderSettingsVideoDescriptionCodecSettingsH265SettingsFilterSettings { temporalFilterSettings?: pulumi.Input; } export interface ChannelEncoderSettingsVideoDescriptionCodecSettingsH265SettingsFilterSettingsTemporalFilterSettings { /** * Post filter sharpening. */ postFilterSharpening?: pulumi.Input; /** * Filter strength. */ strength?: pulumi.Input; } export interface ChannelEncoderSettingsVideoDescriptionCodecSettingsH265SettingsTimecodeBurninSettings { prefix?: pulumi.Input; timecodeBurninFontSize?: pulumi.Input; timecodeBurninPosition?: pulumi.Input; } export interface ChannelInputAttachment { /** * User-specified settings for defining what the conditions are for declaring the input unhealthy and failing over to a different input. See Automatic Input Failover Settings for more details. */ automaticInputFailoverSettings?: pulumi.Input; /** * User-specified name for the attachment. */ inputAttachmentName: pulumi.Input; /** * The ID of the input. */ inputId: pulumi.Input; /** * Settings of an input. See Input Settings for more details. */ inputSettings?: pulumi.Input; } export interface ChannelInputAttachmentAutomaticInputFailoverSettings { /** * This clear time defines the requirement a recovered input must meet to be considered healthy. The input must have no failover conditions for this length of time. Enter a time in milliseconds. This value is particularly important if the input\_preference for the failover pair is set to PRIMARY\_INPUT\_PREFERRED, because after this time, MediaLive will switch back to the primary input. */ errorClearTimeMsec?: pulumi.Input; /** * A list of failover conditions. If any of these conditions occur, MediaLive will perform a failover to the other input. See Failover Condition Block for more details. */ failoverConditions?: pulumi.Input[]>; /** * Input preference when deciding which input to make active when a previously failed input has recovered. */ inputPreference?: pulumi.Input; /** * The input ID of the secondary input in the automatic input failover pair. */ secondaryInputId: pulumi.Input; } export interface ChannelInputAttachmentAutomaticInputFailoverSettingsFailoverCondition { failoverConditionSettings?: pulumi.Input; } export interface ChannelInputAttachmentAutomaticInputFailoverSettingsFailoverConditionFailoverConditionSettings { /** * MediaLive will perform a failover if the specified audio selector is silent for the specified period. See Audio Silence Failover Settings for more details. */ audioSilenceSettings?: pulumi.Input; /** * MediaLive will perform a failover if content is not detected in this input for the specified period. See Input Loss Failover Settings for more details. */ inputLossSettings?: pulumi.Input; /** * MediaLive will perform a failover if content is considered black for the specified period. See Video Black Failover Settings for more details. */ videoBlackSettings?: pulumi.Input; } export interface ChannelInputAttachmentAutomaticInputFailoverSettingsFailoverConditionFailoverConditionSettingsAudioSilenceSettings { audioSelectorName: pulumi.Input; audioSilenceThresholdMsec?: pulumi.Input; } export interface ChannelInputAttachmentAutomaticInputFailoverSettingsFailoverConditionFailoverConditionSettingsInputLossSettings { inputLossThresholdMsec?: pulumi.Input; } export interface ChannelInputAttachmentAutomaticInputFailoverSettingsFailoverConditionFailoverConditionSettingsVideoBlackSettings { blackDetectThreshold?: pulumi.Input; videoBlackThresholdMsec?: pulumi.Input; } export interface ChannelInputAttachmentInputSettings { audioSelectors?: pulumi.Input[]>; captionSelectors?: pulumi.Input[]>; /** * Enable or disable the deblock filter when filtering. */ deblockFilter?: pulumi.Input; /** * Enable or disable the denoise filter when filtering. */ denoiseFilter?: pulumi.Input; /** * Adjusts the magnitude of filtering from 1 (minimal) to 5 (strongest). */ filterStrength?: pulumi.Input; /** * Turns on the filter for the input. */ inputFilter?: pulumi.Input; /** * Input settings. See Network Input Settings for more details. */ networkInputSettings?: pulumi.Input; /** * PID from which to read SCTE-35 messages. */ scte35Pid?: pulumi.Input; /** * Specifies whether to extract applicable ancillary data from a SMPTE-2038 source in the input. */ smpte2038DataPreference?: pulumi.Input; /** * Loop input if it is a file. */ sourceEndBehavior?: pulumi.Input; videoSelector?: pulumi.Input; } export interface ChannelInputAttachmentInputSettingsAudioSelector { /** * Name of the Channel. * * The following arguments are optional: */ name: pulumi.Input; selectorSettings?: pulumi.Input; } export interface ChannelInputAttachmentInputSettingsAudioSelectorSelectorSettings { audioHlsRenditionSelection?: pulumi.Input; audioLanguageSelection?: pulumi.Input; audioPidSelection?: pulumi.Input; audioTrackSelection?: pulumi.Input; } export interface ChannelInputAttachmentInputSettingsAudioSelectorSelectorSettingsAudioHlsRenditionSelection { /** * Specifies the GROUP-ID in the #EXT-X-MEDIA tag of the target HLS audio rendition. */ groupId: pulumi.Input; /** * Specifies the NAME in the #EXT-X-MEDIA tag of the target HLS audio rendition. */ name: pulumi.Input; } export interface ChannelInputAttachmentInputSettingsAudioSelectorSelectorSettingsAudioLanguageSelection { /** * Selects a specific three-letter language code from within an audio source. */ languageCode: pulumi.Input; /** * When set to “strict”, the transport stream demux strictly identifies audio streams by their language descriptor. If a PMT update occurs such that an audio stream matching the initially selected language is no longer present then mute will be encoded until the language returns. If “loose”, then on a PMT update the demux will choose another audio stream in the program with the same stream type if it can’t find one with the same language. */ languageSelectionPolicy?: pulumi.Input; } export interface ChannelInputAttachmentInputSettingsAudioSelectorSelectorSettingsAudioPidSelection { /** * Selects a specific PID from within a source. */ pid: pulumi.Input; } export interface ChannelInputAttachmentInputSettingsAudioSelectorSelectorSettingsAudioTrackSelection { /** * Configure decoding options for Dolby E streams - these should be Dolby E frames carried in PCM streams tagged with SMPTE-337. See Dolby E Decode for more details. */ dolbyEDecode?: pulumi.Input; /** * Selects one or more unique audio tracks from within a source. See Audio Tracks for more details. */ tracks: pulumi.Input[]>; } export interface ChannelInputAttachmentInputSettingsAudioSelectorSelectorSettingsAudioTrackSelectionDolbyEDecode { /** * Applies only to Dolby E. Enter the program ID (according to the metadata in the audio) of the Dolby E program to extract from the specified track. One program extracted per audio selector. To select multiple programs, create multiple selectors with the same Track and different Program numbers. “All channels” means to ignore the program IDs and include all the channels in this selector; useful if metadata is known to be incorrect. */ programSelection: pulumi.Input; } export interface ChannelInputAttachmentInputSettingsAudioSelectorSelectorSettingsAudioTrackSelectionTrack { track: pulumi.Input; } export interface ChannelInputAttachmentInputSettingsCaptionSelector { languageCode?: pulumi.Input; /** * Name of the Channel. * * The following arguments are optional: */ name: pulumi.Input; selectorSettings?: pulumi.Input; } export interface ChannelInputAttachmentInputSettingsCaptionSelectorSelectorSettings { ancillarySourceSettings?: pulumi.Input; aribSourceSettings?: pulumi.Input; dvbSubSourceSettings?: pulumi.Input; embeddedSourceSettings?: pulumi.Input; scte20SourceSettings?: pulumi.Input; scte27SourceSettings?: pulumi.Input; teletextSourceSettings?: pulumi.Input; } export interface ChannelInputAttachmentInputSettingsCaptionSelectorSelectorSettingsAncillarySourceSettings { /** * Specifies the number (1 to 4) of the captions channel you want to extract from the ancillary captions. If you plan to convert the ancillary captions to another format, complete this field. If you plan to choose Embedded as the captions destination in the output (to pass through all the channels in the ancillary captions), leave this field blank because MediaLive ignores the field. */ sourceAncillaryChannelNumber?: pulumi.Input; } export interface ChannelInputAttachmentInputSettingsCaptionSelectorSelectorSettingsAribSourceSettings { } export interface ChannelInputAttachmentInputSettingsCaptionSelectorSelectorSettingsDvbSubSourceSettings { /** * If you will configure a WebVTT caption description that references this caption selector, use this field to provide the language to consider when translating the image-based source to text. */ ocrLanguage?: pulumi.Input; /** * When using DVB-Sub with Burn-In or SMPTE-TT, use this PID for the source content. Unused for DVB-Sub passthrough. All DVB-Sub content is passed through, regardless of selectors. */ pid?: pulumi.Input; } export interface ChannelInputAttachmentInputSettingsCaptionSelectorSelectorSettingsEmbeddedSourceSettings { /** * If upconvert, 608 data is both passed through via the “608 compatibility bytes” fields of the 708 wrapper as well as translated into 708. 708 data present in the source content will be discarded. */ convert608To708?: pulumi.Input; /** * Set to “auto” to handle streams with intermittent and/or non-aligned SCTE-20 and Embedded captions. */ scte20Detection?: pulumi.Input; /** * Specifies the 608/708 channel number within the video track from which to extract captions. Unused for passthrough. */ source608ChannelNumber?: pulumi.Input; } export interface ChannelInputAttachmentInputSettingsCaptionSelectorSelectorSettingsScte20SourceSettings { convert608To708?: pulumi.Input; source608ChannelNumber?: pulumi.Input; } export interface ChannelInputAttachmentInputSettingsCaptionSelectorSelectorSettingsScte27SourceSettings { ocrLanguage?: pulumi.Input; pid?: pulumi.Input; } export interface ChannelInputAttachmentInputSettingsCaptionSelectorSelectorSettingsTeletextSourceSettings { /** * Optionally defines a region where TTML style captions will be displayed. See Caption Rectangle for more details. */ outputRectangle?: pulumi.Input; /** * Specifies the teletext page number within the data stream from which to extract captions. Range of 0x100 (256) to 0x8FF (2303). Unused for passthrough. Should be specified as a hexadecimal string with no “0x” prefix. */ pageNumber?: pulumi.Input; } export interface ChannelInputAttachmentInputSettingsCaptionSelectorSelectorSettingsTeletextSourceSettingsOutputRectangle { height: pulumi.Input; leftOffset: pulumi.Input; topOffset: pulumi.Input; width: pulumi.Input; } export interface ChannelInputAttachmentInputSettingsNetworkInputSettings { /** * Specifies HLS input settings when the uri is for a HLS manifest. See HLS Input Settings for more details. */ hlsInputSettings?: pulumi.Input; /** * Check HTTPS server certificates. */ serverValidation?: pulumi.Input; } export interface ChannelInputAttachmentInputSettingsNetworkInputSettingsHlsInputSettings { /** * The bitrate is specified in bits per second, as in an HLS manifest. */ bandwidth?: pulumi.Input; /** * Buffer segments. */ bufferSegments?: pulumi.Input; /** * The number of consecutive times that attempts to read a manifest or segment must fail before the input is considered unavailable. */ retries?: pulumi.Input; /** * The number of seconds between retries when an attempt to read a manifest or segment fails. */ retryInterval?: pulumi.Input; scte35Source?: pulumi.Input; } export interface ChannelInputAttachmentInputSettingsVideoSelector { colorSpace?: pulumi.Input; colorSpaceUsage?: pulumi.Input; } export interface ChannelInputSpecification { codec: pulumi.Input; inputResolution: pulumi.Input; maximumBitrate: pulumi.Input; } export interface ChannelMaintenance { /** * The day of the week to use for maintenance. */ maintenanceDay: pulumi.Input; /** * The hour maintenance will start. */ maintenanceStartTime: pulumi.Input; } export interface ChannelVpc { availabilityZones?: pulumi.Input[]>; networkInterfaceIds?: pulumi.Input[]>; /** * List of public address allocation ids to associate with ENIs that will be created in Output VPC. Must specify one for SINGLE_PIPELINE, two for STANDARD channels. */ publicAddressAllocationIds: pulumi.Input[]>; /** * A list of up to 5 EC2 VPC security group IDs to attach to the Output VPC network interfaces. If none are specified then the VPC default security group will be used. */ securityGroupIds?: pulumi.Input[]>; /** * A list of VPC subnet IDs from the same VPC. If STANDARD channel, subnet IDs must be mapped to two unique availability zones (AZ). */ subnetIds: pulumi.Input[]>; } export interface InputDestination { /** * A unique name for the location the RTMP stream is being pushed to. */ streamName: pulumi.Input; } export interface InputInputDevice { /** * The unique ID for the device. */ id: pulumi.Input; } export interface InputMediaConnectFlow { /** * The ARN of the MediaConnect Flow */ flowArn: pulumi.Input; } export interface InputSecurityGroupWhitelistRule { /** * The IPv4 CIDR that's whitelisted. */ cidr: pulumi.Input; } export interface InputSource { /** * The key used to extract the password from EC2 Parameter store. */ passwordParam: pulumi.Input; /** * The URL where the stream is pulled from. */ url: pulumi.Input; /** * The username for the input source. */ username: pulumi.Input; } export interface InputVpc { /** * A list of up to 5 EC2 VPC security group IDs to attach to the Input. */ securityGroupIds?: pulumi.Input[]>; /** * A list of 2 VPC subnet IDs from the same VPC. */ subnetIds: pulumi.Input[]>; } export interface MultiplexMultiplexSettings { /** * Maximum video buffer delay. */ maximumVideoBufferDelayMilliseconds?: pulumi.Input; /** * Transport stream bit rate. */ transportStreamBitrate: pulumi.Input; /** * Unique ID for each multiplex. */ transportStreamId: pulumi.Input; /** * Transport stream reserved bit rate. */ transportStreamReservedBitrate?: pulumi.Input; } export interface MultiplexProgramMultiplexProgramSettings { preferredChannelPipeline: pulumi.Input; programNumber: pulumi.Input; serviceDescriptor?: pulumi.Input; videoSettings?: pulumi.Input; } export interface MultiplexProgramMultiplexProgramSettingsServiceDescriptor { /** * Unique provider name. */ providerName: pulumi.Input; /** * Unique service name. */ serviceName: pulumi.Input; } export interface MultiplexProgramMultiplexProgramSettingsVideoSettings { /** * Constant bitrate value. */ constantBitrate?: pulumi.Input; /** * Statmux settings. See Statmux Settings for more details. */ statmuxSettings?: pulumi.Input; } export interface MultiplexProgramMultiplexProgramSettingsVideoSettingsStatmuxSettings { /** * Maximum bitrate. */ maximumBitrate?: pulumi.Input; /** * Minimum bitrate. */ minimumBitrate?: pulumi.Input; /** * Priority value. */ priority?: pulumi.Input; } } export namespace mediapackage { export interface ChannelHlsIngest { /** * A list of the ingest endpoints */ ingestEndpoints?: pulumi.Input[]>; } export interface ChannelHlsIngestIngestEndpoint { /** * The password */ password?: pulumi.Input; /** * The URL */ url?: pulumi.Input; /** * The username */ username?: pulumi.Input; } } export namespace memorydb { export interface ClusterClusterEndpoint { /** * DNS hostname of the node. */ address?: pulumi.Input; /** * The port number on which each of the nodes accepts connections. Defaults to `6379`. */ port?: pulumi.Input; } export interface ClusterShard { /** * Name of the cluster. If omitted, the provider will assign a random, unique name. Conflicts with `namePrefix`. */ name?: pulumi.Input; /** * Set of nodes in this shard. */ nodes?: pulumi.Input[]>; /** * Number of individual nodes in this shard. */ numNodes?: pulumi.Input; /** * Keyspace for this shard. Example: `0-16383`. */ slots?: pulumi.Input; } export interface ClusterShardNode { /** * The Availability Zone in which the node resides. */ availabilityZone?: pulumi.Input; /** * The date and time when the node was created. Example: `2022-01-01T21:00:00Z`. */ createTime?: pulumi.Input; endpoints?: pulumi.Input[]>; /** * Name of the cluster. If omitted, the provider will assign a random, unique name. Conflicts with `namePrefix`. */ name?: pulumi.Input; } export interface ClusterShardNodeEndpoint { /** * DNS hostname of the node. */ address?: pulumi.Input; /** * The port number on which each of the nodes accepts connections. Defaults to `6379`. */ port?: pulumi.Input; } export interface ParameterGroupParameter { /** * The name of the parameter. */ name: pulumi.Input; /** * The value of the parameter. */ value: pulumi.Input; } export interface SnapshotClusterConfiguration { /** * Description for the cluster. */ description?: pulumi.Input; /** * Version number of the Redis engine used by the cluster. */ engineVersion?: pulumi.Input; /** * The weekly time range during which maintenance on the cluster is performed. */ maintenanceWindow?: pulumi.Input; /** * Name of the snapshot. If omitted, the provider will assign a random, unique name. Conflicts with `namePrefix`. */ name?: pulumi.Input; /** * Compute and memory capacity of the nodes in the cluster. */ nodeType?: pulumi.Input; /** * Number of shards in the cluster. */ numShards?: pulumi.Input; /** * Name of the parameter group associated with the cluster. */ parameterGroupName?: pulumi.Input; /** * Port number on which the cluster accepts connections. */ port?: pulumi.Input; /** * Number of days for which MemoryDB retains automatic snapshots before deleting them. */ snapshotRetentionLimit?: pulumi.Input; /** * The daily time range (in UTC) during which MemoryDB begins taking a daily snapshot of the shard. */ snapshotWindow?: pulumi.Input; /** * Name of the subnet group used by the cluster. */ subnetGroupName?: pulumi.Input; /** * ARN of the SNS topic to which cluster notifications are sent. */ topicArn?: pulumi.Input; /** * The VPC in which the cluster exists. */ vpcId?: pulumi.Input; } export interface UserAuthenticationMode { /** * Number of passwords belonging to the user if `type` is set to `password`. */ passwordCount?: pulumi.Input; /** * Set of passwords used for authentication if `type` is set to `password`. You can create up to two passwords for each user. */ passwords?: pulumi.Input[]>; /** * Specifies the authentication type. Valid values are: `password` or `iam`. */ type: pulumi.Input; } } export namespace mq { export interface BrokerConfiguration { /** * The Configuration ID. */ id?: pulumi.Input; /** * Revision of the Configuration. */ revision?: pulumi.Input; } export interface BrokerEncryptionOptions { /** * Amazon Resource Name (ARN) of Key Management Service (KMS) Customer Master Key (CMK) to use for encryption at rest. Requires setting `useAwsOwnedKey` to `false`. To perform drift detection when AWS-managed CMKs or customer-managed CMKs are in use, this value must be configured. */ kmsKeyId?: pulumi.Input; /** * Whether to enable an AWS-owned KMS CMK that is not in your account. Defaults to `true`. Setting to `false` without configuring `kmsKeyId` will create an AWS-managed CMK aliased to `aws/mq` in your account. */ useAwsOwnedKey?: pulumi.Input; } export interface BrokerInstance { /** * The URL of the [ActiveMQ Web Console](http://activemq.apache.org/web-console.html) or the [RabbitMQ Management UI](https://www.rabbitmq.com/management.html#external-monitoring) depending on `engineType`. */ consoleUrl?: pulumi.Input; /** * Broker's wire-level protocol endpoints in the following order & format referenceable e.g., as `instances.0.endpoints.0` (SSL): * * For `ActiveMQ`: * * `ssl://broker-id.mq.us-west-2.amazonaws.com:61617` * * `amqp+ssl://broker-id.mq.us-west-2.amazonaws.com:5671` * * `stomp+ssl://broker-id.mq.us-west-2.amazonaws.com:61614` * * `mqtt+ssl://broker-id.mq.us-west-2.amazonaws.com:8883` * * `wss://broker-id.mq.us-west-2.amazonaws.com:61619` * * For `RabbitMQ`: * * `amqps://broker-id.mq.us-west-2.amazonaws.com:5671` */ endpoints?: pulumi.Input[]>; /** * IP Address of the broker. */ ipAddress?: pulumi.Input; } export interface BrokerLdapServerMetadata { /** * List of a fully qualified domain name of the LDAP server and an optional failover server. */ hosts?: pulumi.Input[]>; /** * Fully qualified name of the directory to search for a user’s groups. */ roleBase?: pulumi.Input; /** * Specifies the LDAP attribute that identifies the group name attribute in the object returned from the group membership query. */ roleName?: pulumi.Input; /** * Search criteria for groups. */ roleSearchMatching?: pulumi.Input; /** * Whether the directory search scope is the entire sub-tree. */ roleSearchSubtree?: pulumi.Input; /** * Service account password. */ serviceAccountPassword?: pulumi.Input; /** * Service account username. */ serviceAccountUsername?: pulumi.Input; /** * Fully qualified name of the directory where you want to search for users. */ userBase?: pulumi.Input; /** * Specifies the name of the LDAP attribute for the user group membership. */ userRoleName?: pulumi.Input; /** * Search criteria for users. */ userSearchMatching?: pulumi.Input; /** * Whether the directory search scope is the entire sub-tree. */ userSearchSubtree?: pulumi.Input; } export interface BrokerLogs { /** * Enables audit logging. Auditing is only possible for `engineType` of `ActiveMQ`. User management action made using JMX or the ActiveMQ Web Console is logged. Defaults to `false`. */ audit?: pulumi.Input; /** * Enables general logging via CloudWatch. Defaults to `false`. */ general?: pulumi.Input; } export interface BrokerMaintenanceWindowStartTime { /** * Day of the week, e.g., `MONDAY`, `TUESDAY`, or `WEDNESDAY`. */ dayOfWeek: pulumi.Input; /** * Time, in 24-hour format, e.g., `02:00`. */ timeOfDay: pulumi.Input; /** * Time zone in either the Country/City format or the UTC offset format, e.g., `CET`. */ timeZone: pulumi.Input; } export interface BrokerUser { /** * Whether to enable access to the [ActiveMQ Web Console](http://activemq.apache.org/web-console.html) for the user. Applies to `engineType` of `ActiveMQ` only. */ consoleAccess?: pulumi.Input; /** * List of groups (20 maximum) to which the ActiveMQ user belongs. Applies to `engineType` of `ActiveMQ` only. */ groups?: pulumi.Input[]>; /** * Password of the user. It must be 12 to 250 characters long, at least 4 unique characters, and must not contain commas. */ password: pulumi.Input; /** * Whether to set set replication user. Defaults to `false`. */ replicationUser?: pulumi.Input; /** * Username of the user. * * > **NOTE:** AWS currently does not support updating RabbitMQ users. Updates to users can only be in the RabbitMQ UI. */ username: pulumi.Input; } } export namespace msk { export interface ClusterBrokerNodeGroupInfo { /** * The distribution of broker nodes across availability zones ([documentation](https://docs.aws.amazon.com/msk/1.0/apireference/clusters.html#clusters-model-brokerazdistribution)). Currently the only valid value is `DEFAULT`. */ azDistribution?: pulumi.Input; /** * A list of subnets to connect to in client VPC ([documentation](https://docs.aws.amazon.com/msk/1.0/apireference/clusters.html#clusters-prop-brokernodegroupinfo-clientsubnets)). */ clientSubnets: pulumi.Input[]>; /** * Information about the cluster access configuration. See below. For security reasons, you can't turn on public access while creating an MSK cluster. However, you can update an existing cluster to make it publicly accessible. You can also create a new cluster and then update it to make it publicly accessible ([documentation](https://docs.aws.amazon.com/msk/latest/developerguide/public-access.html)). */ connectivityInfo?: pulumi.Input; /** * Specify the instance type to use for the kafka brokersE.g., kafka.m5.large. ([Pricing info](https://aws.amazon.com/msk/pricing/)) */ instanceType: pulumi.Input; /** * A list of the security groups to associate with the elastic network interfaces to control who can communicate with the cluster. */ securityGroups: pulumi.Input[]>; /** * A block that contains information about storage volumes attached to MSK broker nodes. See below. */ storageInfo?: pulumi.Input; } export interface ClusterBrokerNodeGroupInfoConnectivityInfo { publicAccess?: pulumi.Input; vpcConnectivity?: pulumi.Input; } export interface ClusterBrokerNodeGroupInfoConnectivityInfoPublicAccess { type?: pulumi.Input; } export interface ClusterBrokerNodeGroupInfoConnectivityInfoVpcConnectivity { /** * Configuration block for specifying a client authentication. See below. */ clientAuthentication?: pulumi.Input; } export interface ClusterBrokerNodeGroupInfoConnectivityInfoVpcConnectivityClientAuthentication { /** * Configuration block for specifying SASL client authentication. See below. */ sasl?: pulumi.Input; /** * Configuration block for specifying TLS client authentication. See below. */ tls?: pulumi.Input; } export interface ClusterBrokerNodeGroupInfoConnectivityInfoVpcConnectivityClientAuthenticationSasl { iam?: pulumi.Input; scram?: pulumi.Input; } export interface ClusterBrokerNodeGroupInfoStorageInfo { ebsStorageInfo?: pulumi.Input; } export interface ClusterBrokerNodeGroupInfoStorageInfoEbsStorageInfo { provisionedThroughput?: pulumi.Input; volumeSize?: pulumi.Input; } export interface ClusterBrokerNodeGroupInfoStorageInfoEbsStorageInfoProvisionedThroughput { enabled?: pulumi.Input; volumeThroughput?: pulumi.Input; } export interface ClusterClientAuthentication { /** * Configuration block for specifying SASL client authentication. See below. */ sasl?: pulumi.Input; /** * Configuration block for specifying TLS client authentication. See below. */ tls?: pulumi.Input; /** * Enables unauthenticated access. */ unauthenticated?: pulumi.Input; } export interface ClusterClientAuthenticationSasl { iam?: pulumi.Input; scram?: pulumi.Input; } export interface ClusterClientAuthenticationTls { certificateAuthorityArns?: pulumi.Input[]>; } export interface ClusterConfigurationInfo { /** * Amazon Resource Name (ARN) of the MSK Configuration to use in the cluster. */ arn: pulumi.Input; /** * Revision of the MSK Configuration to use in the cluster. */ revision: pulumi.Input; } export interface ClusterEncryptionInfo { /** * You may specify a KMS key short ID or ARN (it will always output an ARN) to use for encrypting your data at rest. If no key is specified, an AWS managed KMS ('aws/msk' managed service) key will be used for encrypting the data at rest. */ encryptionAtRestKmsKeyArn?: pulumi.Input; /** * Configuration block to specify encryption in transit. See below. */ encryptionInTransit?: pulumi.Input; } export interface ClusterEncryptionInfoEncryptionInTransit { clientBroker?: pulumi.Input; inCluster?: pulumi.Input; } export interface ClusterLoggingInfo { /** * Configuration block for Broker Logs settings for logging info. See below. */ brokerLogs: pulumi.Input; } export interface ClusterLoggingInfoBrokerLogs { cloudwatchLogs?: pulumi.Input; firehose?: pulumi.Input; s3?: pulumi.Input; } export interface ClusterLoggingInfoBrokerLogsCloudwatchLogs { enabled: pulumi.Input; logGroup?: pulumi.Input; } export interface ClusterLoggingInfoBrokerLogsFirehose { deliveryStream?: pulumi.Input; enabled: pulumi.Input; } export interface ClusterLoggingInfoBrokerLogsS3 { bucket?: pulumi.Input; enabled: pulumi.Input; prefix?: pulumi.Input; } export interface ClusterOpenMonitoring { /** * Configuration block for Prometheus settings for open monitoring. See below. */ prometheus: pulumi.Input; } export interface ClusterOpenMonitoringPrometheus { jmxExporter?: pulumi.Input; nodeExporter?: pulumi.Input; } export interface ClusterOpenMonitoringPrometheusJmxExporter { enabledInBroker: pulumi.Input; } export interface ClusterOpenMonitoringPrometheusNodeExporter { enabledInBroker: pulumi.Input; } export interface ReplicatorKafkaCluster { /** * Details of an Amazon MSK cluster. */ amazonMskCluster: pulumi.Input; /** * Details of an Amazon VPC which has network connectivity to the Apache Kafka cluster. */ vpcConfig: pulumi.Input; } export interface ReplicatorKafkaClusterAmazonMskCluster { /** * The ARN of an Amazon MSK cluster. */ mskClusterArn: pulumi.Input; } export interface ReplicatorKafkaClusterVpcConfig { /** * The AWS security groups to associate with the ENIs used by the replicator. If a security group is not specified, the default security group associated with the VPC is used. */ securityGroupsIds?: pulumi.Input[]>; /** * The list of subnets to connect to in the virtual private cloud (VPC). AWS creates elastic network interfaces inside these subnets to allow communication between your Kafka Cluster and the replicator. */ subnetIds: pulumi.Input[]>; } export interface ReplicatorReplicationInfoList { /** * Confguration relating to consumer group replication. */ consumerGroupReplications: pulumi.Input[]>; sourceKafkaClusterAlias?: pulumi.Input; /** * The ARN of the source Kafka cluster. */ sourceKafkaClusterArn: pulumi.Input; /** * The type of compression to use writing records to target Kafka cluster. */ targetCompressionType: pulumi.Input; targetKafkaClusterAlias?: pulumi.Input; /** * The ARN of the target Kafka cluster. */ targetKafkaClusterArn: pulumi.Input; /** * Configuration relating to topic replication. */ topicReplications: pulumi.Input[]>; } export interface ReplicatorReplicationInfoListConsumerGroupReplication { /** * List of regular expression patterns indicating the consumer groups that should not be replicated. */ consumerGroupsToExcludes?: pulumi.Input[]>; /** * List of regular expression patterns indicating the consumer groups to copy. */ consumerGroupsToReplicates: pulumi.Input[]>; /** * Whether to periodically check for new consumer groups. */ detectAndCopyNewConsumerGroups?: pulumi.Input; /** * Whether to periodically write the translated offsets to __consumer_offsets topic in target cluster. */ synchroniseConsumerGroupOffsets?: pulumi.Input; } export interface ReplicatorReplicationInfoListTopicReplication { /** * Whether to periodically configure remote topic ACLs to match their corresponding upstream topics. */ copyAccessControlListsForTopics?: pulumi.Input; /** * Whether to periodically configure remote topics to match their corresponding upstream topics. */ copyTopicConfigurations?: pulumi.Input; /** * Whether to periodically check for new topics and partitions. */ detectAndCopyNewTopics?: pulumi.Input; /** * List of regular expression patterns indicating the topics that should not be replica. */ topicsToExcludes?: pulumi.Input[]>; /** * List of regular expression patterns indicating the topics to copy. */ topicsToReplicates: pulumi.Input[]>; } export interface ServerlessClusterClientAuthentication { /** * Details for client authentication using SASL. See below. */ sasl: pulumi.Input; } export interface ServerlessClusterClientAuthenticationSasl { /** * Details for client authentication using IAM. See below. */ iam: pulumi.Input; } export interface ServerlessClusterClientAuthenticationSaslIam { /** * Whether SASL/IAM authentication is enabled or not. */ enabled: pulumi.Input; } export interface ServerlessClusterVpcConfig { /** * Specifies up to five security groups that control inbound and outbound traffic for the serverless cluster. */ securityGroupIds?: pulumi.Input[]>; /** * A list of subnets in at least two different Availability Zones that host your client applications. */ subnetIds: pulumi.Input[]>; } } export namespace mskconnect { export interface ConnectorCapacity { /** * Information about the auto scaling parameters for the connector. See below. */ autoscaling?: pulumi.Input; /** * Details about a fixed capacity allocated to a connector. See below. */ provisionedCapacity?: pulumi.Input; } export interface ConnectorCapacityAutoscaling { /** * The maximum number of workers allocated to the connector. */ maxWorkerCount: pulumi.Input; /** * The number of microcontroller units (MCUs) allocated to each connector worker. Valid values: `1`, `2`, `4`, `8`. The default value is `1`. */ mcuCount?: pulumi.Input; /** * The minimum number of workers allocated to the connector. */ minWorkerCount: pulumi.Input; /** * The scale-in policy for the connector. See below. */ scaleInPolicy?: pulumi.Input; /** * The scale-out policy for the connector. See below. */ scaleOutPolicy?: pulumi.Input; } export interface ConnectorCapacityAutoscalingScaleInPolicy { /** * Specifies the CPU utilization percentage threshold at which you want connector scale in to be triggered. */ cpuUtilizationPercentage?: pulumi.Input; } export interface ConnectorCapacityAutoscalingScaleOutPolicy { /** * The CPU utilization percentage threshold at which you want connector scale out to be triggered. */ cpuUtilizationPercentage?: pulumi.Input; } export interface ConnectorCapacityProvisionedCapacity { /** * The number of microcontroller units (MCUs) allocated to each connector worker. Valid values: `1`, `2`, `4`, `8`. The default value is `1`. */ mcuCount?: pulumi.Input; /** * The number of workers that are allocated to the connector. */ workerCount: pulumi.Input; } export interface ConnectorKafkaCluster { /** * The Apache Kafka cluster to which the connector is connected. */ apacheKafkaCluster: pulumi.Input; } export interface ConnectorKafkaClusterApacheKafkaCluster { /** * The bootstrap servers of the cluster. */ bootstrapServers: pulumi.Input; /** * Details of an Amazon VPC which has network connectivity to the Apache Kafka cluster. */ vpc: pulumi.Input; } export interface ConnectorKafkaClusterApacheKafkaClusterVpc { /** * The security groups for the connector. */ securityGroups: pulumi.Input[]>; /** * The subnets for the connector. */ subnets: pulumi.Input[]>; } export interface ConnectorKafkaClusterClientAuthentication { /** * The type of client authentication used to connect to the Apache Kafka cluster. Valid values: `IAM`, `NONE`. A value of `NONE` means that no client authentication is used. The default value is `NONE`. */ authenticationType?: pulumi.Input; } export interface ConnectorKafkaClusterEncryptionInTransit { /** * The type of encryption in transit to the Apache Kafka cluster. Valid values: `PLAINTEXT`, `TLS`. The default values is `PLAINTEXT`. */ encryptionType?: pulumi.Input; } export interface ConnectorLogDelivery { /** * The workers can send worker logs to different destination types. This configuration specifies the details of these destinations. See below. */ workerLogDelivery: pulumi.Input; } export interface ConnectorLogDeliveryWorkerLogDelivery { /** * Details about delivering logs to Amazon CloudWatch Logs. See below. */ cloudwatchLogs?: pulumi.Input; /** * Details about delivering logs to Amazon Kinesis Data Firehose. See below. */ firehose?: pulumi.Input; /** * Details about delivering logs to Amazon S3. See below. */ s3?: pulumi.Input; } export interface ConnectorLogDeliveryWorkerLogDeliveryCloudwatchLogs { /** * Whether log delivery to Amazon CloudWatch Logs is enabled. */ enabled: pulumi.Input; /** * The name of the CloudWatch log group that is the destination for log delivery. */ logGroup?: pulumi.Input; } export interface ConnectorLogDeliveryWorkerLogDeliveryFirehose { /** * The name of the Kinesis Data Firehose delivery stream that is the destination for log delivery. */ deliveryStream?: pulumi.Input; /** * Specifies whether connector logs get delivered to Amazon Kinesis Data Firehose. */ enabled: pulumi.Input; } export interface ConnectorLogDeliveryWorkerLogDeliveryS3 { /** * The name of the S3 bucket that is the destination for log delivery. */ bucket?: pulumi.Input; /** * Specifies whether connector logs get sent to the specified Amazon S3 destination. */ enabled: pulumi.Input; /** * The S3 prefix that is the destination for log delivery. */ prefix?: pulumi.Input; } export interface ConnectorPlugin { /** * Details about a custom plugin. See below. */ customPlugin: pulumi.Input; } export interface ConnectorPluginCustomPlugin { /** * The Amazon Resource Name (ARN) of the custom plugin. */ arn: pulumi.Input; /** * The revision of the custom plugin. */ revision: pulumi.Input; } export interface ConnectorWorkerConfiguration { /** * The Amazon Resource Name (ARN) of the worker configuration. */ arn: pulumi.Input; /** * The revision of the worker configuration. */ revision: pulumi.Input; } export interface CustomPluginLocation { /** * Information of the plugin file stored in Amazon S3. See below. */ s3: pulumi.Input; } export interface CustomPluginLocationS3 { bucketArn: pulumi.Input; fileKey: pulumi.Input; objectVersion?: pulumi.Input; } } export namespace mwaa { export interface EnvironmentLastUpdated { /** * The Created At date of the MWAA Environment */ createdAt?: pulumi.Input; errors?: pulumi.Input[]>; /** * The status of the Amazon MWAA Environment */ status?: pulumi.Input; } export interface EnvironmentLastUpdatedError { errorCode?: pulumi.Input; errorMessage?: pulumi.Input; } export interface EnvironmentLoggingConfiguration { /** * (Optional) Log configuration options for processing DAGs. See Module logging configuration for more information. Disabled by default. */ dagProcessingLogs?: pulumi.Input; /** * Log configuration options for the schedulers. See Module logging configuration for more information. Disabled by default. */ schedulerLogs?: pulumi.Input; /** * Log configuration options for DAG tasks. See Module logging configuration for more information. Enabled by default with `INFO` log level. */ taskLogs?: pulumi.Input; /** * Log configuration options for the webservers. See Module logging configuration for more information. Disabled by default. */ webserverLogs?: pulumi.Input; /** * Log configuration options for the workers. See Module logging configuration for more information. Disabled by default. */ workerLogs?: pulumi.Input; } export interface EnvironmentLoggingConfigurationDagProcessingLogs { cloudWatchLogGroupArn?: pulumi.Input; enabled?: pulumi.Input; logLevel?: pulumi.Input; } export interface EnvironmentLoggingConfigurationSchedulerLogs { cloudWatchLogGroupArn?: pulumi.Input; enabled?: pulumi.Input; logLevel?: pulumi.Input; } export interface EnvironmentLoggingConfigurationTaskLogs { cloudWatchLogGroupArn?: pulumi.Input; enabled?: pulumi.Input; logLevel?: pulumi.Input; } export interface EnvironmentLoggingConfigurationWebserverLogs { cloudWatchLogGroupArn?: pulumi.Input; enabled?: pulumi.Input; logLevel?: pulumi.Input; } export interface EnvironmentLoggingConfigurationWorkerLogs { cloudWatchLogGroupArn?: pulumi.Input; enabled?: pulumi.Input; logLevel?: pulumi.Input; } export interface EnvironmentNetworkConfiguration { /** * Security groups IDs for the environment. At least one of the security group needs to allow MWAA resources to talk to each other, otherwise MWAA cannot be provisioned. */ securityGroupIds: pulumi.Input[]>; /** * The private subnet IDs in which the environment should be created. MWAA requires two subnets. */ subnetIds: pulumi.Input[]>; } } export namespace neptune { export interface ClusterParameterGroupParameter { /** * Valid values are `immediate` and `pending-reboot`. Defaults to `pending-reboot`. */ applyMethod?: pulumi.Input; /** * The name of the neptune parameter. */ name: pulumi.Input; /** * The value of the neptune parameter. */ value: pulumi.Input; } export interface ClusterServerlessV2ScalingConfiguration { maxCapacity?: pulumi.Input; minCapacity?: pulumi.Input; } export interface GlobalClusterGlobalClusterMember { /** * Amazon Resource Name (ARN) of member DB Cluster. */ dbClusterArn?: pulumi.Input; /** * Whether the member is the primary DB Cluster. */ isWriter?: pulumi.Input; } export interface ParameterGroupParameter { /** * The apply method of the Neptune parameter. Valid values are `immediate` and `pending-reboot`. Defaults to `pending-reboot`. */ applyMethod?: pulumi.Input; /** * The name of the Neptune parameter. */ name: pulumi.Input; /** * The value of the Neptune parameter. */ value: pulumi.Input; } } export namespace networkfirewall { export interface FirewallEncryptionConfiguration { /** * The ID of the customer managed key. You can use any of the [key identifiers](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id) that KMS supports, unless you're using a key that's managed by another account. If you're using a key managed by another account, then specify the key ARN. */ keyId?: pulumi.Input; /** * The type of AWS KMS key to use for encryption of your Network Firewall resources. Valid values are `CUSTOMER_KMS` and `AWS_OWNED_KMS_KEY`. */ type: pulumi.Input; } export interface FirewallFirewallStatus { /** * Set of subnets configured for use by the firewall. */ syncStates?: pulumi.Input[]>; } export interface FirewallFirewallStatusSyncState { /** * Nested list describing the attachment status of the firewall's association with a single VPC subnet. */ attachments?: pulumi.Input[]>; /** * The Availability Zone where the subnet is configured. */ availabilityZone?: pulumi.Input; } export interface FirewallFirewallStatusSyncStateAttachment { /** * The identifier of the firewall endpoint that AWS Network Firewall has instantiated in the subnet. You use this to identify the firewall endpoint in the VPC route tables, when you redirect the VPC traffic through the endpoint. */ endpointId?: pulumi.Input; /** * The unique identifier of the subnet that you've specified to be used for a firewall endpoint. */ subnetId?: pulumi.Input; } export interface FirewallPolicyEncryptionConfiguration { /** * The ID of the customer managed key. You can use any of the [key identifiers](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id) that KMS supports, unless you're using a key that's managed by another account. If you're using a key managed by another account, then specify the key ARN. */ keyId?: pulumi.Input; /** * The type of AWS KMS key to use for encryption of your Network Firewall resources. Valid values are `CUSTOMER_KMS` and `AWS_OWNED_KMS_KEY`. */ type: pulumi.Input; } export interface FirewallPolicyFirewallPolicy { /** * . Contains variables that you can use to override default Suricata settings in your firewall policy. See Rule Variables for details. */ policyVariables?: pulumi.Input; /** * Set of actions to take on a packet if it does not match any stateful rules in the policy. This can only be specified if the policy has a `statefulEngineOptions` block with a `ruleOrder` value of `STRICT_ORDER`. You can specify one of either or neither values of `aws:drop_strict` or `aws:drop_established`, as well as any combination of `aws:alert_strict` and `aws:alert_established`. */ statefulDefaultActions?: pulumi.Input[]>; /** * A configuration block that defines options on how the policy handles stateful rules. See Stateful Engine Options below for details. */ statefulEngineOptions?: pulumi.Input; /** * Set of configuration blocks containing references to the stateful rule groups that are used in the policy. See Stateful Rule Group Reference below for details. */ statefulRuleGroupReferences?: pulumi.Input[]>; /** * Set of configuration blocks describing the custom action definitions that are available for use in the firewall policy's `statelessDefaultActions`. See Stateless Custom Action below for details. */ statelessCustomActions?: pulumi.Input[]>; /** * Set of actions to take on a packet if it does not match any of the stateless rules in the policy. You must specify one of the standard actions including: `aws:drop`, `aws:pass`, or `aws:forward_to_sfe`. * In addition, you can specify custom actions that are compatible with your standard action choice. If you want non-matching packets to be forwarded for stateful inspection, specify `aws:forward_to_sfe`. */ statelessDefaultActions: pulumi.Input[]>; /** * Set of actions to take on a fragmented packet if it does not match any of the stateless rules in the policy. You must specify one of the standard actions including: `aws:drop`, `aws:pass`, or `aws:forward_to_sfe`. * In addition, you can specify custom actions that are compatible with your standard action choice. If you want non-matching packets to be forwarded for stateful inspection, specify `aws:forward_to_sfe`. */ statelessFragmentDefaultActions: pulumi.Input[]>; /** * Set of configuration blocks containing references to the stateless rule groups that are used in the policy. See Stateless Rule Group Reference below for details. */ statelessRuleGroupReferences?: pulumi.Input[]>; /** * The (ARN) of the TLS Inspection policy to attach to the FW Policy. This must be added at creation of the resource per AWS documentation. "You can only add a TLS inspection configuration to a new policy, not to an existing policy." This cannot be removed from a FW Policy. */ tlsInspectionConfigurationArn?: pulumi.Input; } export interface FirewallPolicyFirewallPolicyPolicyVariables { ruleVariables?: pulumi.Input[]>; } export interface FirewallPolicyFirewallPolicyPolicyVariablesRuleVariable { /** * A configuration block that defines a set of IP addresses. See IP Set below for details. */ ipSet: pulumi.Input; /** * An alphanumeric string to identify the `ipSet`. Valid values: `HOME_NET` */ key: pulumi.Input; } export interface FirewallPolicyFirewallPolicyPolicyVariablesRuleVariableIpSet { /** * Set of IPv4 or IPv6 addresses in CIDR notation to use for the Suricata `HOME_NET` variable. */ definitions: pulumi.Input[]>; } export interface FirewallPolicyFirewallPolicyStatefulEngineOptions { /** * Indicates how to manage the order of stateful rule evaluation for the policy. Default value: `DEFAULT_ACTION_ORDER`. Valid values: `DEFAULT_ACTION_ORDER`, `STRICT_ORDER`. */ ruleOrder?: pulumi.Input; /** * Describes how to treat traffic which has broken midstream. Default value: `DROP`. Valid values: `DROP`, `CONTINUE`, `REJECT`. */ streamExceptionPolicy?: pulumi.Input; } export interface FirewallPolicyFirewallPolicyStatefulRuleGroupReference { /** * Configuration block for override values */ override?: pulumi.Input; /** * An integer setting that indicates the order in which to apply the stateful rule groups in a single policy. This argument must be specified if the policy has a `statefulEngineOptions` block with a `ruleOrder` value of `STRICT_ORDER`. AWS Network Firewall applies each stateful rule group to a packet starting with the group that has the lowest priority setting. */ priority?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the stateful rule group. */ resourceArn: pulumi.Input; } export interface FirewallPolicyFirewallPolicyStatefulRuleGroupReferenceOverride { /** * The action that changes the rule group from DROP to ALERT . This only applies to managed rule groups. */ action?: pulumi.Input; } export interface FirewallPolicyFirewallPolicyStatelessCustomAction { /** * A configuration block describing the custom action associated with the `actionName`. See Action Definition below for details. */ actionDefinition: pulumi.Input; /** * A friendly name of the custom action. */ actionName: pulumi.Input; } export interface FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinition { /** * A configuration block describing the stateless inspection criteria that publishes the specified metrics to Amazon CloudWatch for the matching packet. You can pair this custom action with any of the standard stateless rule actions. See Publish Metric Action below for details. */ publishMetricAction: pulumi.Input; } export interface FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinitionPublishMetricAction { /** * Set of configuration blocks describing dimension settings to use for Amazon CloudWatch custom metrics. See Dimension below for more details. */ dimensions: pulumi.Input[]>; } export interface FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinitionPublishMetricActionDimension { /** * The string value to use in the custom metric dimension. */ value: pulumi.Input; } export interface FirewallPolicyFirewallPolicyStatelessRuleGroupReference { /** * An integer setting that indicates the order in which to run the stateless rule groups in a single policy. AWS Network Firewall applies each stateless rule group to a packet starting with the group that has the lowest priority setting. */ priority: pulumi.Input; /** * The Amazon Resource Name (ARN) of the stateless rule group. */ resourceArn: pulumi.Input; } export interface FirewallSubnetMapping { /** * The subnet's IP address type. Valida values: `"DUALSTACK"`, `"IPV4"`. */ ipAddressType?: pulumi.Input; /** * The unique identifier for the subnet. */ subnetId: pulumi.Input; } export interface LoggingConfigurationLoggingConfiguration { /** * Set of configuration blocks describing the logging details for a firewall. See Log Destination Config below for details. At most, only two blocks can be specified; one for `FLOW` logs and one for `ALERT` logs. */ logDestinationConfigs: pulumi.Input[]>; } export interface LoggingConfigurationLoggingConfigurationLogDestinationConfig { /** * A map describing the logging destination for the chosen `logDestinationType`. * * For an Amazon S3 bucket, specify the key `bucketName` with the name of the bucket and optionally specify the key `prefix` with a path. * * For a CloudWatch log group, specify the key `logGroup` with the name of the CloudWatch log group. * * For a Kinesis Data Firehose delivery stream, specify the key `deliveryStream` with the name of the delivery stream. */ logDestination: pulumi.Input<{[key: string]: pulumi.Input}>; /** * The location to send logs to. Valid values: `S3`, `CloudWatchLogs`, `KinesisDataFirehose`. */ logDestinationType: pulumi.Input; /** * The type of log to send. Valid values: `ALERT` or `FLOW`. Alert logs report traffic that matches a `StatefulRule` with an action setting that sends a log message. Flow logs are standard network traffic flow logs. */ logType: pulumi.Input; } export interface RuleGroupEncryptionConfiguration { /** * The ID of the customer managed key. You can use any of the [key identifiers](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id) that KMS supports, unless you're using a key that's managed by another account. If you're using a key managed by another account, then specify the key ARN. */ keyId?: pulumi.Input; /** * The type of AWS KMS key to use for encryption of your Network Firewall resources. Valid values are `CUSTOMER_KMS` and `AWS_OWNED_KMS_KEY`. */ type: pulumi.Input; } export interface RuleGroupRuleGroup { /** * A configuration block that defines the IP Set References for the rule group. See Reference Sets below for details. Please notes that there can only be a maximum of 5 `referenceSets` in a `ruleGroup`. See the [AWS documentation](https://docs.aws.amazon.com/network-firewall/latest/developerguide/rule-groups-ip-set-references.html#rule-groups-ip-set-reference-limits) for details. */ referenceSets?: pulumi.Input; /** * A configuration block that defines additional settings available to use in the rules defined in the rule group. Can only be specified for **stateful** rule groups. See Rule Variables below for details. */ ruleVariables?: pulumi.Input; /** * A configuration block that defines the stateful or stateless rules for the rule group. See Rules Source below for details. */ rulesSource: pulumi.Input; /** * A configuration block that defines stateful rule options for the rule group. See Stateful Rule Options below for details. */ statefulRuleOptions?: pulumi.Input; } export interface RuleGroupRuleGroupReferenceSets { ipSetReferences?: pulumi.Input[]>; } export interface RuleGroupRuleGroupReferenceSetsIpSetReference { ipSetReferences: pulumi.Input[]>; key: pulumi.Input; } export interface RuleGroupRuleGroupReferenceSetsIpSetReferenceIpSetReference { /** * Set of Managed Prefix IP ARN(s) */ referenceArn: pulumi.Input; } export interface RuleGroupRuleGroupRuleVariables { /** * Set of configuration blocks that define IP address information. See IP Sets below for details. */ ipSets?: pulumi.Input[]>; /** * Set of configuration blocks that define port range information. See Port Sets below for details. */ portSets?: pulumi.Input[]>; } export interface RuleGroupRuleGroupRuleVariablesIpSet { /** * A configuration block that defines a set of IP addresses. See IP Set below for details. */ ipSet: pulumi.Input; /** * A unique alphanumeric string to identify the `ipSet`. */ key: pulumi.Input; } export interface RuleGroupRuleGroupRuleVariablesIpSetIpSet { /** * Set of IP addresses and address ranges, in CIDR notation. */ definitions: pulumi.Input[]>; } export interface RuleGroupRuleGroupRuleVariablesPortSet { /** * An unique alphanumeric string to identify the `portSet`. */ key: pulumi.Input; /** * A configuration block that defines a set of port ranges. See Port Set below for details. */ portSet: pulumi.Input; } export interface RuleGroupRuleGroupRuleVariablesPortSetPortSet { /** * Set of port ranges. */ definitions: pulumi.Input[]>; } export interface RuleGroupRuleGroupRulesSource { /** * A configuration block containing **stateful** inspection criteria for a domain list rule group. See Rules Source List below for details. */ rulesSourceList?: pulumi.Input; /** * The fully qualified name of a file in an S3 bucket that contains Suricata compatible intrusion preventions system (IPS) rules or the Suricata rules as a string. These rules contain **stateful** inspection criteria and the action to take for traffic that matches the criteria. */ rulesString?: pulumi.Input; /** * Set of configuration blocks containing **stateful** inspection criteria for 5-tuple rules to be used together in a rule group. See Stateful Rule below for details. */ statefulRules?: pulumi.Input[]>; /** * A configuration block containing **stateless** inspection criteria for a stateless rule group. See Stateless Rules and Custom Actions below for details. */ statelessRulesAndCustomActions?: pulumi.Input; } export interface RuleGroupRuleGroupRulesSourceRulesSourceList { /** * String value to specify whether domains in the target list are allowed or denied access. Valid values: `ALLOWLIST`, `DENYLIST`. */ generatedRulesType: pulumi.Input; /** * Set of types of domain specifications that are provided in the `targets` argument. Valid values: `HTTP_HOST`, `TLS_SNI`. */ targetTypes: pulumi.Input[]>; /** * Set of domains that you want to inspect for in your traffic flows. */ targets: pulumi.Input[]>; } export interface RuleGroupRuleGroupRulesSourceStatefulRule { /** * Action to take with packets in a traffic flow when the flow matches the stateful rule criteria. For all actions, AWS Network Firewall performs the specified action and discontinues stateful inspection of the traffic flow. Valid values: `ALERT`, `DROP`, `PASS`, or `REJECT`. */ action: pulumi.Input; /** * A configuration block containing the stateful 5-tuple inspection criteria for the rule, used to inspect traffic flows. See Header below for details. */ header: pulumi.Input; /** * Set of configuration blocks containing additional settings for a stateful rule. See Rule Option below for details. */ ruleOptions: pulumi.Input[]>; } export interface RuleGroupRuleGroupRulesSourceStatefulRuleHeader { /** * The destination IP address or address range to inspect for, in CIDR notation. To match with any address, specify `ANY`. */ destination: pulumi.Input; /** * The destination port to inspect for. To match with any address, specify `ANY`. */ destinationPort: pulumi.Input; /** * The direction of traffic flow to inspect. Valid values: `ANY` or `FORWARD`. */ direction: pulumi.Input; /** * The protocol to inspect. Valid values: `IP`, `TCP`, `UDP`, `ICMP`, `HTTP`, `FTP`, `TLS`, `SMB`, `DNS`, `DCERPC`, `SSH`, `SMTP`, `IMAP`, `MSN`, `KRB5`, `IKEV2`, `TFTP`, `NTP`, `DHCP`. */ protocol: pulumi.Input; /** * The source IP address or address range for, in CIDR notation. To match with any address, specify `ANY`. */ source: pulumi.Input; /** * The source port to inspect for. To match with any address, specify `ANY`. */ sourcePort: pulumi.Input; } export interface RuleGroupRuleGroupRulesSourceStatefulRuleRuleOption { /** * Keyword defined by open source detection systems like Snort or Suricata for stateful rule inspection. * See [Snort General Rule Options](http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node31.html) or [Suricata Rule Options](https://suricata.readthedocs.io/en/suricata-5.0.1/rules/intro.html#rule-options) for more details. */ keyword: pulumi.Input; /** * Set of strings for additional settings to use in stateful rule inspection. */ settings?: pulumi.Input[]>; } export interface RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActions { /** * Set of configuration blocks containing custom action definitions that are available for use by the set of `stateless rule`. See Custom Action below for details. */ customActions?: pulumi.Input[]>; /** * Set of configuration blocks containing the stateless rules for use in the stateless rule group. See Stateless Rule below for details. */ statelessRules: pulumi.Input[]>; } export interface RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsCustomAction { /** * A configuration block describing the custom action associated with the `actionName`. See Action Definition below for details. */ actionDefinition: pulumi.Input; /** * A friendly name of the custom action. */ actionName: pulumi.Input; } export interface RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsCustomActionActionDefinition { /** * A configuration block describing the stateless inspection criteria that publishes the specified metrics to Amazon CloudWatch for the matching packet. You can pair this custom action with any of the standard stateless rule actions. See Publish Metric Action below for details. */ publishMetricAction: pulumi.Input; } export interface RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsCustomActionActionDefinitionPublishMetricAction { /** * Set of configuration blocks containing the dimension settings to use for Amazon CloudWatch custom metrics. See Dimension below for details. */ dimensions: pulumi.Input[]>; } export interface RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsCustomActionActionDefinitionPublishMetricActionDimension { /** * The value to use in the custom metric dimension. */ value: pulumi.Input; } export interface RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsStatelessRule { /** * A setting that indicates the order in which to run this rule relative to all of the rules that are defined for a stateless rule group. AWS Network Firewall evaluates the rules in a rule group starting with the lowest priority setting. */ priority: pulumi.Input; /** * A configuration block defining the stateless 5-tuple packet inspection criteria and the action to take on a packet that matches the criteria. See Rule Definition below for details. */ ruleDefinition: pulumi.Input; } export interface RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsStatelessRuleRuleDefinition { /** * Set of actions to take on a packet that matches one of the stateless rule definition's `matchAttributes`. For every rule you must specify 1 standard action, and you can add custom actions. Standard actions include: `aws:pass`, `aws:drop`, `aws:forward_to_sfe`. */ actions: pulumi.Input[]>; /** * A configuration block containing criteria for AWS Network Firewall to use to inspect an individual packet in stateless rule inspection. See Match Attributes below for details. */ matchAttributes: pulumi.Input; } export interface RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsStatelessRuleRuleDefinitionMatchAttributes { /** * Set of configuration blocks describing the destination ports to inspect for. If not specified, this matches with any destination port. See Destination Port below for details. */ destinationPorts?: pulumi.Input[]>; /** * Set of configuration blocks describing the destination IP address and address ranges to inspect for, in CIDR notation. If not specified, this matches with any destination address. See Destination below for details. */ destinations?: pulumi.Input[]>; /** * Set of protocols to inspect for, specified using the protocol's assigned internet protocol number (IANA). If not specified, this matches with any protocol. */ protocols?: pulumi.Input[]>; /** * Set of configuration blocks describing the source ports to inspect for. If not specified, this matches with any source port. See Source Port below for details. */ sourcePorts?: pulumi.Input[]>; /** * Set of configuration blocks describing the source IP address and address ranges to inspect for, in CIDR notation. If not specified, this matches with any source address. See Source below for details. */ sources?: pulumi.Input[]>; /** * Set of configuration blocks containing the TCP flags and masks to inspect for. If not specified, this matches with any settings. */ tcpFlags?: pulumi.Input[]>; } export interface RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsStatelessRuleRuleDefinitionMatchAttributesDestination { /** * An IP address or a block of IP addresses in CIDR notation. AWS Network Firewall supports all address ranges for IPv4. */ addressDefinition: pulumi.Input; } export interface RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsStatelessRuleRuleDefinitionMatchAttributesDestinationPort { /** * The lower limit of the port range. This must be less than or equal to the `toPort`. */ fromPort: pulumi.Input; /** * The upper limit of the port range. This must be greater than or equal to the `fromPort`. */ toPort?: pulumi.Input; } export interface RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsStatelessRuleRuleDefinitionMatchAttributesSource { /** * An IP address or a block of IP addresses in CIDR notation. AWS Network Firewall supports all address ranges for IPv4. */ addressDefinition: pulumi.Input; } export interface RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsStatelessRuleRuleDefinitionMatchAttributesSourcePort { /** * The lower limit of the port range. This must be less than or equal to the `toPort`. */ fromPort: pulumi.Input; /** * The upper limit of the port range. This must be greater than or equal to the `fromPort`. */ toPort?: pulumi.Input; } export interface RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsStatelessRuleRuleDefinitionMatchAttributesTcpFlag { /** * Set of flags to look for in a packet. This setting can only specify values that are also specified in `masks`. * Valid values: `FIN`, `SYN`, `RST`, `PSH`, `ACK`, `URG`, `ECE`, `CWR`. */ flags: pulumi.Input[]>; /** * Set of flags to consider in the inspection. To inspect all flags, leave this empty. * Valid values: `FIN`, `SYN`, `RST`, `PSH`, `ACK`, `URG`, `ECE`, `CWR`. */ masks?: pulumi.Input[]>; } export interface RuleGroupRuleGroupStatefulRuleOptions { /** * Indicates how to manage the order of the rule evaluation for the rule group. Default value: `DEFAULT_ACTION_ORDER`. Valid values: `DEFAULT_ACTION_ORDER`, `STRICT_ORDER`. */ ruleOrder: pulumi.Input; } } export namespace networkmanager { export interface ConnectAttachmentOptions { /** * The protocol used for the attachment connection. Possible values are `GRE` and `NO_ENCAP`. */ protocol?: pulumi.Input; } export interface ConnectPeerBgpOptions { peerAsn?: pulumi.Input; } export interface ConnectPeerConfiguration { bgpConfigurations?: pulumi.Input[]>; /** * A Connect peer core network address. */ coreNetworkAddress?: pulumi.Input; /** * The inside IP addresses used for BGP peering. Required when the Connect attachment protocol is `GRE`. See `aws.networkmanager.ConnectAttachment` for details. */ insideCidrBlocks?: pulumi.Input[]>; /** * The Connect peer address. * * The following arguments are optional: */ peerAddress?: pulumi.Input; protocol?: pulumi.Input; } export interface ConnectPeerConfigurationBgpConfiguration { /** * A Connect peer core network address. */ coreNetworkAddress?: pulumi.Input; coreNetworkAsn?: pulumi.Input; /** * The Connect peer address. * * The following arguments are optional: */ peerAddress?: pulumi.Input; peerAsn?: pulumi.Input; } export interface CoreNetworkEdge { /** * ASN of a core network edge. */ asn?: pulumi.Input; /** * Region where a core network edge is located. */ edgeLocation?: pulumi.Input; /** * Inside IP addresses used for core network edges. */ insideCidrBlocks?: pulumi.Input[]>; } export interface CoreNetworkSegment { /** * Regions where the edges are located. */ edgeLocations?: pulumi.Input[]>; /** * Name of a core network segment. */ name?: pulumi.Input; /** * Shared segments of a core network. */ sharedSegments?: pulumi.Input[]>; } export interface DeviceAwsLocation { /** * The Amazon Resource Name (ARN) of the subnet that the device is located in. */ subnetArn?: pulumi.Input; /** * The Zone that the device is located in. Specify the ID of an Availability Zone, Local Zone, Wavelength Zone, or an Outpost. */ zone?: pulumi.Input; } export interface DeviceLocation { /** * The physical address. */ address?: pulumi.Input; /** * The latitude. */ latitude?: pulumi.Input; /** * The longitude. */ longitude?: pulumi.Input; } export interface GetCoreNetworkPolicyDocumentAttachmentPolicy { /** * Action to take when a condition is true. Detailed Below. */ action: inputs.networkmanager.GetCoreNetworkPolicyDocumentAttachmentPolicyAction; /** * Valid values include `and` or `or`. This is a mandatory parameter only if you have more than one condition. The `conditionLogic` apply to all of the conditions for a rule, which also means nested conditions of `and` or `or` are not supported. Use `or` if you want to associate the attachment with the segment by either the segment name or attachment tag value, or by the chosen conditions. Use `and` if you want to associate the attachment with the segment by either the segment name or attachment tag value and by the chosen conditions. Detailed Below. */ conditionLogic?: string; /** * A block argument. Detailed Below. */ conditions: inputs.networkmanager.GetCoreNetworkPolicyDocumentAttachmentPolicyCondition[]; /** * A user-defined description that further helps identify the rule. */ description?: string; /** * An integer from `1` to `65535` indicating the rule's order number. Rules are processed in order from the lowest numbered rule to the highest. Rules stop processing when a rule is matched. It's important to make sure that you number your rules in the exact order that you want them processed. */ ruleNumber: number; } export interface GetCoreNetworkPolicyDocumentAttachmentPolicyArgs { /** * Action to take when a condition is true. Detailed Below. */ action: pulumi.Input; /** * Valid values include `and` or `or`. This is a mandatory parameter only if you have more than one condition. The `conditionLogic` apply to all of the conditions for a rule, which also means nested conditions of `and` or `or` are not supported. Use `or` if you want to associate the attachment with the segment by either the segment name or attachment tag value, or by the chosen conditions. Use `and` if you want to associate the attachment with the segment by either the segment name or attachment tag value and by the chosen conditions. Detailed Below. */ conditionLogic?: pulumi.Input; /** * A block argument. Detailed Below. */ conditions: pulumi.Input[]>; /** * A user-defined description that further helps identify the rule. */ description?: pulumi.Input; /** * An integer from `1` to `65535` indicating the rule's order number. Rules are processed in order from the lowest numbered rule to the highest. Rules stop processing when a rule is matched. It's important to make sure that you number your rules in the exact order that you want them processed. */ ruleNumber: pulumi.Input; } export interface GetCoreNetworkPolicyDocumentAttachmentPolicyAction { /** * Defines how a segment is mapped. Values can be `constant` or `tag`. `constant` statically defines the segment to associate the attachment to. `tag` uses the value of a tag to dynamically try to map to a segment.reference_policies_elements_condition_operators.html) to evaluate. */ associationMethod: string; /** * Determines if this mapping should override the segment value for `requireAttachmentAcceptance`. You can only set this to `true`, indicating that this setting applies only to segments that have `requireAttachmentAcceptance` set to `false`. If the segment already has the default `requireAttachmentAcceptance`, you can set this to inherit segment’s acceptance value. */ requireAcceptance?: boolean; /** * Name of the `segment` to share as defined in the `segments` section. This is used only when the `associationMethod` is `constant`. */ segment?: string; /** * Maps the attachment to the value of a known key. This is used with the `associationMethod` is `tag`. For example a `tag` of `stage = “test”`, will map to a segment named `test`. The value must exactly match the name of a segment. This allows you to have many segments, but use only a single rule without having to define multiple nearly identical conditions. This prevents creating many similar conditions that all use the same keys to map to segments. */ tagValueOfKey?: string; } export interface GetCoreNetworkPolicyDocumentAttachmentPolicyActionArgs { /** * Defines how a segment is mapped. Values can be `constant` or `tag`. `constant` statically defines the segment to associate the attachment to. `tag` uses the value of a tag to dynamically try to map to a segment.reference_policies_elements_condition_operators.html) to evaluate. */ associationMethod: pulumi.Input; /** * Determines if this mapping should override the segment value for `requireAttachmentAcceptance`. You can only set this to `true`, indicating that this setting applies only to segments that have `requireAttachmentAcceptance` set to `false`. If the segment already has the default `requireAttachmentAcceptance`, you can set this to inherit segment’s acceptance value. */ requireAcceptance?: pulumi.Input; /** * Name of the `segment` to share as defined in the `segments` section. This is used only when the `associationMethod` is `constant`. */ segment?: pulumi.Input; /** * Maps the attachment to the value of a known key. This is used with the `associationMethod` is `tag`. For example a `tag` of `stage = “test”`, will map to a segment named `test`. The value must exactly match the name of a segment. This allows you to have many segments, but use only a single rule without having to define multiple nearly identical conditions. This prevents creating many similar conditions that all use the same keys to map to segments. */ tagValueOfKey?: pulumi.Input; } export interface GetCoreNetworkPolicyDocumentAttachmentPolicyCondition { /** * string value */ key?: string; /** * Valid values include: `equals`, `not-equals`, `contains`, `begins-with`. */ operator?: string; /** * Valid values include: `account-id`, `any`, `tag-value`, `tag-exists`, `resource-id`, `region`, `attachment-type`. */ type: string; /** * string value */ value?: string; } export interface GetCoreNetworkPolicyDocumentAttachmentPolicyConditionArgs { /** * string value */ key?: pulumi.Input; /** * Valid values include: `equals`, `not-equals`, `contains`, `begins-with`. */ operator?: pulumi.Input; /** * Valid values include: `account-id`, `any`, `tag-value`, `tag-exists`, `resource-id`, `region`, `attachment-type`. */ type: pulumi.Input; /** * string value */ value?: pulumi.Input; } export interface GetCoreNetworkPolicyDocumentCoreNetworkConfiguration { /** * List of strings containing Autonomous System Numbers (ASNs) to assign to Core Network Edges. By default, the core network automatically assigns an ASN for each Core Network Edge but you can optionally define the ASN in the edge-locations for each Region. The ASN uses an array of integer ranges only from `64512` to `65534` and `4200000000` to `4294967294` expressed as a string like `"64512-65534"`. No other ASN ranges can be used. */ asnRanges: string[]; /** * A block value of AWS Region locations where you're creating Core Network Edges. Detailed below. */ edgeLocations: inputs.networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocation[]; /** * The Classless Inter-Domain Routing (CIDR) block range used to create tunnels for AWS Transit Gateway Connect. The format is standard AWS CIDR range (for example, `10.0.1.0/24`). You can optionally define the inside CIDR in the Core Network Edges section per Region. The minimum is a `/24` for IPv4 or `/64` for IPv6. You can provide multiple `/24` subnets or a larger CIDR range. If you define a larger CIDR range, new Core Network Edges will be automatically assigned `/24` and `/64` subnets from the larger CIDR. an Inside CIDR block is required for attaching Connect attachments to a Core Network Edge. */ insideCidrBlocks?: string[]; /** * Indicates whether the core network forwards traffic over multiple equal-cost routes using VPN. The value can be either `true` or `false`. The default is `true`. */ vpnEcmpSupport?: boolean; } export interface GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArgs { /** * List of strings containing Autonomous System Numbers (ASNs) to assign to Core Network Edges. By default, the core network automatically assigns an ASN for each Core Network Edge but you can optionally define the ASN in the edge-locations for each Region. The ASN uses an array of integer ranges only from `64512` to `65534` and `4200000000` to `4294967294` expressed as a string like `"64512-65534"`. No other ASN ranges can be used. */ asnRanges: pulumi.Input[]>; /** * A block value of AWS Region locations where you're creating Core Network Edges. Detailed below. */ edgeLocations: pulumi.Input[]>; /** * The Classless Inter-Domain Routing (CIDR) block range used to create tunnels for AWS Transit Gateway Connect. The format is standard AWS CIDR range (for example, `10.0.1.0/24`). You can optionally define the inside CIDR in the Core Network Edges section per Region. The minimum is a `/24` for IPv4 or `/64` for IPv6. You can provide multiple `/24` subnets or a larger CIDR range. If you define a larger CIDR range, new Core Network Edges will be automatically assigned `/24` and `/64` subnets from the larger CIDR. an Inside CIDR block is required for attaching Connect attachments to a Core Network Edge. */ insideCidrBlocks?: pulumi.Input[]>; /** * Indicates whether the core network forwards traffic over multiple equal-cost routes using VPN. The value can be either `true` or `false`. The default is `true`. */ vpnEcmpSupport?: pulumi.Input; } export interface GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocation { /** * ASN of the Core Network Edge in an AWS Region. By default, the ASN will be a single integer automatically assigned from `asnRanges` */ asn?: string; /** * The local CIDR blocks for this Core Network Edge for AWS Transit Gateway Connect attachments. By default, this CIDR block will be one or more optional IPv4 and IPv6 CIDR prefixes auto-assigned from `insideCidrBlocks`. */ insideCidrBlocks?: string[]; location: string; } export interface GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs { /** * ASN of the Core Network Edge in an AWS Region. By default, the ASN will be a single integer automatically assigned from `asnRanges` */ asn?: pulumi.Input; /** * The local CIDR blocks for this Core Network Edge for AWS Transit Gateway Connect attachments. By default, this CIDR block will be one or more optional IPv4 and IPv6 CIDR prefixes auto-assigned from `insideCidrBlocks`. */ insideCidrBlocks?: pulumi.Input[]>; location: pulumi.Input; } export interface GetCoreNetworkPolicyDocumentSegment { /** * List of strings of segment names that explicitly allows only routes from the segments that are listed in the array. Use the `allowFilter` setting if a segment has a well-defined group of other segments that connectivity should be restricted to. It is applied after routes have been shared in `segmentActions`. If a segment is listed in `allowFilter`, attachments between the two segments will have routes if they are also shared in the segment-actions area. For example, you might have a segment named "video-producer" that should only ever share routes with a "video-distributor" segment, no matter how many other share statements are created. */ allowFilters?: string[]; /** * An array of segments that disallows routes from the segments listed in the array. It is applied only after routes have been shared in `segmentActions`. If a segment is listed in the `denyFilter`, attachments between the two segments will never have routes shared across them. For example, you might have a "financial" payment segment that should never share routes with a "development" segment, regardless of how many other share statements are created. Adding the payments segment to the deny-filter parameter prevents any shared routes from being created with other segments. */ denyFilters?: string[]; /** * A user-defined string describing the segment. */ description?: string; /** * A list of strings of AWS Region names. Allows you to define a more restrictive set of Regions for a segment. The edge location must be a subset of the locations that are defined for `edgeLocations` in the `coreNetworkConfiguration`. */ edgeLocations?: string[]; /** * This Boolean setting determines whether attachments on the same segment can communicate with each other. If set to `true`, the only routes available will be either shared routes through the share actions, which are attachments in other segments, or static routes. The default value is `false`. For example, you might have a segment dedicated to "development" that should never allow VPCs to talk to each other, even if they’re on the same segment. In this example, you would keep the default parameter of `false`. */ isolateAttachments?: boolean; /** * Unique name for a segment. The name is a string used in other parts of the policy document, as well as in the console for metrics and other reference points. Valid characters are a–z, and 0–9. */ name: string; /** * This Boolean setting determines whether attachment requests are automatically approved or require acceptance. The default is `true`, indicating that attachment requests require acceptance. For example, you might use this setting to allow a "sandbox" segment to allow any attachment request so that a core network or attachment administrator does not need to review and approve attachment requests. In this example, `requireAttachmentAcceptance` is set to `false`. */ requireAttachmentAcceptance?: boolean; } export interface GetCoreNetworkPolicyDocumentSegmentArgs { /** * List of strings of segment names that explicitly allows only routes from the segments that are listed in the array. Use the `allowFilter` setting if a segment has a well-defined group of other segments that connectivity should be restricted to. It is applied after routes have been shared in `segmentActions`. If a segment is listed in `allowFilter`, attachments between the two segments will have routes if they are also shared in the segment-actions area. For example, you might have a segment named "video-producer" that should only ever share routes with a "video-distributor" segment, no matter how many other share statements are created. */ allowFilters?: pulumi.Input[]>; /** * An array of segments that disallows routes from the segments listed in the array. It is applied only after routes have been shared in `segmentActions`. If a segment is listed in the `denyFilter`, attachments between the two segments will never have routes shared across them. For example, you might have a "financial" payment segment that should never share routes with a "development" segment, regardless of how many other share statements are created. Adding the payments segment to the deny-filter parameter prevents any shared routes from being created with other segments. */ denyFilters?: pulumi.Input[]>; /** * A user-defined string describing the segment. */ description?: pulumi.Input; /** * A list of strings of AWS Region names. Allows you to define a more restrictive set of Regions for a segment. The edge location must be a subset of the locations that are defined for `edgeLocations` in the `coreNetworkConfiguration`. */ edgeLocations?: pulumi.Input[]>; /** * This Boolean setting determines whether attachments on the same segment can communicate with each other. If set to `true`, the only routes available will be either shared routes through the share actions, which are attachments in other segments, or static routes. The default value is `false`. For example, you might have a segment dedicated to "development" that should never allow VPCs to talk to each other, even if they’re on the same segment. In this example, you would keep the default parameter of `false`. */ isolateAttachments?: pulumi.Input; /** * Unique name for a segment. The name is a string used in other parts of the policy document, as well as in the console for metrics and other reference points. Valid characters are a–z, and 0–9. */ name: pulumi.Input; /** * This Boolean setting determines whether attachment requests are automatically approved or require acceptance. The default is `true`, indicating that attachment requests require acceptance. For example, you might use this setting to allow a "sandbox" segment to allow any attachment request so that a core network or attachment administrator does not need to review and approve attachment requests. In this example, `requireAttachmentAcceptance` is set to `false`. */ requireAttachmentAcceptance?: pulumi.Input; } export interface GetCoreNetworkPolicyDocumentSegmentAction { /** * Action to take for the chosen segment. Valid values `create-route` or `share`. */ action: string; /** * A user-defined string describing the segment action. */ description?: string; /** * List of strings containing CIDRs. You can define the IPv4 and IPv6 CIDR notation for each AWS Region. For example, `10.1.0.0/16` or `2001:db8::/56`. This is an array of CIDR notation strings. */ destinationCidrBlocks?: string[]; /** * A list of strings. Valid values include `["blackhole"]` or a list of attachment ids. */ destinations?: string[]; /** * String. This mode places the attachment and return routes in each of the `shareWith` segments. Valid values include: `attachment-route`. */ mode?: string; /** * Name of the segment. */ segment: string; /** * A set subtraction of segments to not share with. */ shareWithExcepts?: string[]; /** * A list of strings to share with. Must be a substring is all segments. Valid values include: `["*"]` or `[""]`. */ shareWiths?: string[]; } export interface GetCoreNetworkPolicyDocumentSegmentActionArgs { /** * Action to take for the chosen segment. Valid values `create-route` or `share`. */ action: pulumi.Input; /** * A user-defined string describing the segment action. */ description?: pulumi.Input; /** * List of strings containing CIDRs. You can define the IPv4 and IPv6 CIDR notation for each AWS Region. For example, `10.1.0.0/16` or `2001:db8::/56`. This is an array of CIDR notation strings. */ destinationCidrBlocks?: pulumi.Input[]>; /** * A list of strings. Valid values include `["blackhole"]` or a list of attachment ids. */ destinations?: pulumi.Input[]>; /** * String. This mode places the attachment and return routes in each of the `shareWith` segments. Valid values include: `attachment-route`. */ mode?: pulumi.Input; /** * Name of the segment. */ segment: pulumi.Input; /** * A set subtraction of segments to not share with. */ shareWithExcepts?: pulumi.Input[]>; /** * A list of strings to share with. Must be a substring is all segments. Valid values include: `["*"]` or `[""]`. */ shareWiths?: pulumi.Input[]>; } export interface LinkBandwidth { /** * Download speed in Mbps. */ downloadSpeed?: pulumi.Input; /** * Upload speed in Mbps. */ uploadSpeed?: pulumi.Input; } export interface SiteLocation { /** * Address of the location. */ address?: pulumi.Input; /** * Latitude of the location. */ latitude?: pulumi.Input; /** * Longitude of the location. */ longitude?: pulumi.Input; } export interface VpcAttachmentOptions { /** * Indicates whether appliance mode is supported. * If enabled, traffic flow between a source and destination use the same Availability Zone for the VPC attachment for the lifetime of that flow. * If the VPC attachment is pending acceptance, changing this value will recreate the resource. */ applianceModeSupport?: pulumi.Input; /** * Indicates whether IPv6 is supported. * If the VPC attachment is pending acceptance, changing this value will recreate the resource. */ ipv6Support?: pulumi.Input; } } export namespace opensearch { export interface DomainAdvancedSecurityOptions { /** * Whether Anonymous auth is enabled. Enables fine-grained access control on an existing domain. Ignored unless `advancedSecurityOptions` are enabled. _Can only be enabled on an existing domain._ */ anonymousAuthEnabled?: pulumi.Input; /** * Whether advanced security is enabled. */ enabled: pulumi.Input; /** * Whether the internal user database is enabled. Default is `false`. */ internalUserDatabaseEnabled?: pulumi.Input; /** * Configuration block for the main user. Detailed below. */ masterUserOptions?: pulumi.Input; } export interface DomainAdvancedSecurityOptionsMasterUserOptions { /** * ARN for the main user. Only specify if `internalUserDatabaseEnabled` is not set or set to `false`. */ masterUserArn?: pulumi.Input; /** * Main user's username, which is stored in the Amazon OpenSearch Service domain's internal database. Only specify if `internalUserDatabaseEnabled` is set to `true`. */ masterUserName?: pulumi.Input; /** * Main user's password, which is stored in the Amazon OpenSearch Service domain's internal database. Only specify if `internalUserDatabaseEnabled` is set to `true`. */ masterUserPassword?: pulumi.Input; } export interface DomainAutoTuneOptions { /** * Auto-Tune desired state for the domain. Valid values: `ENABLED` or `DISABLED`. */ desiredState: pulumi.Input; /** * Configuration block for Auto-Tune maintenance windows. Can be specified multiple times for each maintenance window. Detailed below. * * **NOTE:** Maintenance windows are deprecated and have been replaced with [off-peak windows](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/off-peak.html). Consequently, `maintenanceSchedule` configuration blocks cannot be specified when `useOffPeakWindow` is set to `true`. */ maintenanceSchedules?: pulumi.Input[]>; /** * Whether to roll back to default Auto-Tune settings when disabling Auto-Tune. Valid values: `DEFAULT_ROLLBACK` or `NO_ROLLBACK`. */ rollbackOnDisable?: pulumi.Input; /** * Whether to schedule Auto-Tune optimizations that require blue/green deployments during the domain's configured daily off-peak window. Defaults to `false`. */ useOffPeakWindow?: pulumi.Input; } export interface DomainAutoTuneOptionsMaintenanceSchedule { /** * A cron expression specifying the recurrence pattern for an Auto-Tune maintenance schedule. */ cronExpressionForRecurrence: pulumi.Input; /** * Configuration block for the duration of the Auto-Tune maintenance window. Detailed below. */ duration: pulumi.Input; /** * Date and time at which to start the Auto-Tune maintenance schedule in [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8). */ startAt: pulumi.Input; } export interface DomainAutoTuneOptionsMaintenanceScheduleDuration { /** * Unit of time specifying the duration of an Auto-Tune maintenance window. Valid values: `HOURS`. */ unit: pulumi.Input; /** * An integer specifying the value of the duration of an Auto-Tune maintenance window. */ value: pulumi.Input; } export interface DomainClusterConfig { /** * Configuration block containing cold storage configuration. Detailed below. */ coldStorageOptions?: pulumi.Input; /** * Number of dedicated main nodes in the cluster. */ dedicatedMasterCount?: pulumi.Input; /** * Whether dedicated main nodes are enabled for the cluster. */ dedicatedMasterEnabled?: pulumi.Input; /** * Instance type of the dedicated main nodes in the cluster. */ dedicatedMasterType?: pulumi.Input; /** * Number of instances in the cluster. */ instanceCount?: pulumi.Input; /** * Instance type of data nodes in the cluster. */ instanceType?: pulumi.Input; /** * Whether a multi-AZ domain is turned on with a standby AZ. For more information, see [Configuring a multi-AZ domain in Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/managedomains-multiaz.html). */ multiAzWithStandbyEnabled?: pulumi.Input; /** * Number of warm nodes in the cluster. Valid values are between `2` and `150`. `warmCount` can be only and must be set when `warmEnabled` is set to `true`. */ warmCount?: pulumi.Input; /** * Whether to enable warm storage. */ warmEnabled?: pulumi.Input; /** * Instance type for the OpenSearch cluster's warm nodes. Valid values are `ultrawarm1.medium.search`, `ultrawarm1.large.search` and `ultrawarm1.xlarge.search`. `warmType` can be only and must be set when `warmEnabled` is set to `true`. */ warmType?: pulumi.Input; /** * Configuration block containing zone awareness settings. Detailed below. */ zoneAwarenessConfig?: pulumi.Input; /** * Whether zone awareness is enabled, set to `true` for multi-az deployment. To enable awareness with three Availability Zones, the `availabilityZoneCount` within the `zoneAwarenessConfig` must be set to `3`. */ zoneAwarenessEnabled?: pulumi.Input; } export interface DomainClusterConfigColdStorageOptions { /** * Boolean to enable cold storage for an OpenSearch domain. Defaults to `false`. Master and ultrawarm nodes must be enabled for cold storage. */ enabled?: pulumi.Input; } export interface DomainClusterConfigZoneAwarenessConfig { /** * Number of Availability Zones for the domain to use with `zoneAwarenessEnabled`. Defaults to `2`. Valid values: `2` or `3`. */ availabilityZoneCount?: pulumi.Input; } export interface DomainCognitoOptions { /** * Whether Amazon Cognito authentication with Dashboard is enabled or not. Default is `false`. */ enabled?: pulumi.Input; /** * ID of the Cognito Identity Pool to use. */ identityPoolId: pulumi.Input; /** * ARN of the IAM role that has the AmazonOpenSearchServiceCognitoAccess policy attached. */ roleArn: pulumi.Input; /** * ID of the Cognito User Pool to use. */ userPoolId: pulumi.Input; } export interface DomainDomainEndpointOptions { /** * Fully qualified domain for your custom endpoint. */ customEndpoint?: pulumi.Input; /** * ACM certificate ARN for your custom endpoint. */ customEndpointCertificateArn?: pulumi.Input; /** * Whether to enable custom endpoint for the OpenSearch domain. */ customEndpointEnabled?: pulumi.Input; /** * Whether or not to require HTTPS. Defaults to `true`. */ enforceHttps?: pulumi.Input; /** * Name of the TLS security policy that needs to be applied to the HTTPS endpoint. For valid values, refer to the [AWS documentation](https://docs.aws.amazon.com/opensearch-service/latest/APIReference/API_DomainEndpointOptions.html#opensearchservice-Type-DomainEndpointOptions-TLSSecurityPolicy). Pulumi will only perform drift detection if a configuration value is provided. */ tlsSecurityPolicy?: pulumi.Input; } export interface DomainEbsOptions { /** * Whether EBS volumes are attached to data nodes in the domain. */ ebsEnabled: pulumi.Input; /** * Baseline input/output (I/O) performance of EBS volumes attached to data nodes. Applicable only for the GP3 and Provisioned IOPS EBS volume types. */ iops?: pulumi.Input; /** * Specifies the throughput (in MiB/s) of the EBS volumes attached to data nodes. Applicable only for the gp3 volume type. */ throughput?: pulumi.Input; /** * Size of EBS volumes attached to data nodes (in GiB). */ volumeSize?: pulumi.Input; /** * Type of EBS volumes attached to data nodes. */ volumeType?: pulumi.Input; } export interface DomainEncryptAtRest { /** * Whether to enable encryption at rest. If the `encryptAtRest` block is not provided then this defaults to `false`. Enabling encryption on new domains requires an `engineVersion` of `OpenSearch_X.Y` or `Elasticsearch_5.1` or greater. */ enabled: pulumi.Input; /** * KMS key ARN to encrypt the Elasticsearch domain with. If not specified then it defaults to using the `aws/es` service KMS key. Note that KMS will accept a KMS key ID but will return the key ARN. To prevent the provider detecting unwanted changes, use the key ARN instead. */ kmsKeyId?: pulumi.Input; } export interface DomainLogPublishingOption { /** * ARN of the Cloudwatch log group to which log needs to be published. */ cloudwatchLogGroupArn: pulumi.Input; /** * Whether given log publishing option is enabled or not. */ enabled?: pulumi.Input; /** * Type of OpenSearch log. Valid values: `INDEX_SLOW_LOGS`, `SEARCH_SLOW_LOGS`, `ES_APPLICATION_LOGS`, `AUDIT_LOGS`. */ logType: pulumi.Input; } export interface DomainNodeToNodeEncryption { /** * Whether to enable node-to-node encryption. If the `nodeToNodeEncryption` block is not provided then this defaults to `false`. Enabling node-to-node encryption of a new domain requires an `engineVersion` of `OpenSearch_X.Y` or `Elasticsearch_6.0` or greater. */ enabled: pulumi.Input; } export interface DomainOffPeakWindowOptions { /** * Enabled disabled toggle for off-peak update window. */ enabled?: pulumi.Input; offPeakWindow?: pulumi.Input; } export interface DomainOffPeakWindowOptionsOffPeakWindow { /** * 10h window for updates */ windowStartTime?: pulumi.Input; } export interface DomainOffPeakWindowOptionsOffPeakWindowWindowStartTime { hours?: pulumi.Input; minutes?: pulumi.Input; } export interface DomainSamlOptionsSamlOptions { /** * Whether SAML authentication is enabled. */ enabled?: pulumi.Input; /** * Information from your identity provider. */ idp?: pulumi.Input; /** * This backend role from the SAML IdP receives full permissions to the cluster, equivalent to a new master user. */ masterBackendRole?: pulumi.Input; /** * This username from the SAML IdP receives full permissions to the cluster, equivalent to a new master user. */ masterUserName?: pulumi.Input; /** * Element of the SAML assertion to use for backend roles. Default is roles. */ rolesKey?: pulumi.Input; /** * Duration of a session in minutes after a user logs in. Default is 60. Maximum value is 1,440. */ sessionTimeoutMinutes?: pulumi.Input; /** * Element of the SAML assertion to use for username. Default is NameID. */ subjectKey?: pulumi.Input; } export interface DomainSamlOptionsSamlOptionsIdp { /** * Unique Entity ID of the application in SAML Identity Provider. */ entityId: pulumi.Input; /** * Metadata of the SAML application in xml format. */ metadataContent: pulumi.Input; } export interface DomainSnapshotOptions { /** * Hour during which the service takes an automated daily snapshot of the indices in the domain. */ automatedSnapshotStartHour: pulumi.Input; } export interface DomainSoftwareUpdateOptions { /** * Whether automatic service software updates are enabled for the domain. Defaults to `false`. */ autoSoftwareUpdateEnabled?: pulumi.Input; } export interface DomainVpcOptions { /** * If the domain was created inside a VPC, the names of the availability zones the configured `subnetIds` were created inside. */ availabilityZones?: pulumi.Input[]>; /** * List of VPC Security Group IDs to be applied to the OpenSearch domain endpoints. If omitted, the default Security Group for the VPC will be used. */ securityGroupIds?: pulumi.Input[]>; /** * List of VPC Subnet IDs for the OpenSearch domain endpoints to be created in. */ subnetIds?: pulumi.Input[]>; /** * If the domain was created inside a VPC, the ID of the VPC. */ vpcId?: pulumi.Input; } export interface GetDomainOffPeakWindowOptions { /** * Enabled disabled toggle for off-peak update window */ enabled?: boolean; offPeakWindows?: inputs.opensearch.GetDomainOffPeakWindowOptionsOffPeakWindow[]; } export interface GetDomainOffPeakWindowOptionsArgs { /** * Enabled disabled toggle for off-peak update window */ enabled?: pulumi.Input; offPeakWindows?: pulumi.Input[]>; } export interface GetDomainOffPeakWindowOptionsOffPeakWindow { /** * 10h window for updates */ windowStartTimes?: inputs.opensearch.GetDomainOffPeakWindowOptionsOffPeakWindowWindowStartTime[]; } export interface GetDomainOffPeakWindowOptionsOffPeakWindowArgs { /** * 10h window for updates */ windowStartTimes?: pulumi.Input[]>; } export interface GetDomainOffPeakWindowOptionsOffPeakWindowWindowStartTime { /** * Starting hour of the 10-hour window for updates */ hours?: number; /** * Starting minute of the 10-hour window for updates */ minutes?: number; } export interface GetDomainOffPeakWindowOptionsOffPeakWindowWindowStartTimeArgs { /** * Starting hour of the 10-hour window for updates */ hours?: pulumi.Input; /** * Starting minute of the 10-hour window for updates */ minutes?: pulumi.Input; } export interface GetServerlessSecurityConfigSamlOptions { /** * Group attribute for this SAML integration. */ groupAttribute?: string; /** * The XML IdP metadata file generated from your identity provider. */ metadata?: string; /** * Session timeout, in minutes. Minimum is 5 minutes and maximum is 720 minutes (12 hours). Default is 60 minutes. */ sessionTimeout?: number; /** * User attribute for this SAML integration. */ userAttribute?: string; } export interface GetServerlessSecurityConfigSamlOptionsArgs { /** * Group attribute for this SAML integration. */ groupAttribute?: pulumi.Input; /** * The XML IdP metadata file generated from your identity provider. */ metadata?: pulumi.Input; /** * Session timeout, in minutes. Minimum is 5 minutes and maximum is 720 minutes (12 hours). Default is 60 minutes. */ sessionTimeout?: pulumi.Input; /** * User attribute for this SAML integration. */ userAttribute?: pulumi.Input; } export interface OutboundConnectionConnectionProperties { /** * Configuration block for cross cluster search. */ crossClusterSearch?: pulumi.Input; /** * The endpoint of the remote domain, is only set when `connectionMode` is `VPC_ENDPOINT` and `acceptConnection` is `TRUE`. */ endpoint?: pulumi.Input; } export interface OutboundConnectionConnectionPropertiesCrossClusterSearch { /** * Skips unavailable clusters and can only be used for cross-cluster searches. Accepted values are `ENABLED` or `DISABLED`. */ skipUnavailable?: pulumi.Input; } export interface OutboundConnectionLocalDomainInfo { /** * The name of the local domain. */ domainName: pulumi.Input; /** * The Account ID of the owner of the local domain. */ ownerId: pulumi.Input; /** * The region of the local domain. */ region: pulumi.Input; } export interface OutboundConnectionRemoteDomainInfo { /** * The name of the remote domain. */ domainName: pulumi.Input; /** * The Account ID of the owner of the remote domain. */ ownerId: pulumi.Input; /** * The region of the remote domain. */ region: pulumi.Input; } export interface PackagePackageSource { /** * The name of the Amazon S3 bucket containing the package. */ s3BucketName: pulumi.Input; /** * Key (file name) of the package. */ s3Key: pulumi.Input; } export interface ServerlessCollectionTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; } export interface ServerlessSecurityConfigSamlOptions { /** * Group attribute for this SAML integration. */ groupAttribute?: pulumi.Input; /** * The XML IdP metadata file generated from your identity provider. */ metadata: pulumi.Input; /** * Session timeout, in minutes. Minimum is 5 minutes and maximum is 720 minutes (12 hours). Default is 60 minutes. */ sessionTimeout?: pulumi.Input; /** * User attribute for this SAML integration. */ userAttribute?: pulumi.Input; } export interface ServerlessVpcEndpointTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface VpcEndpointVpcOptions { availabilityZones?: pulumi.Input[]>; /** * The list of security group IDs associated with the VPC endpoints for the domain. If you do not provide a security group ID, OpenSearch Service uses the default security group for the VPC. */ securityGroupIds?: pulumi.Input[]>; /** * A list of subnet IDs associated with the VPC endpoints for the domain. If your domain uses multiple Availability Zones, you need to provide two subnet IDs, one per zone. Otherwise, provide only one. */ subnetIds: pulumi.Input[]>; vpcId?: pulumi.Input; } } export namespace opensearchingest { export interface PipelineBufferOptions { /** * Whether persistent buffering should be enabled. */ persistentBufferEnabled: pulumi.Input; } export interface PipelineEncryptionAtRestOptions { /** * The ARN of the KMS key used to encrypt data-at-rest in OpenSearch Ingestion. By default, data is encrypted using an AWS owned key. */ kmsKeyArn: pulumi.Input; } export interface PipelineLogPublishingOptions { /** * The destination for OpenSearch Ingestion logs sent to Amazon CloudWatch Logs. This parameter is required if IsLoggingEnabled is set to true. See `cloudwatchLogDestination` below. */ cloudwatchLogDestination?: pulumi.Input; /** * Whether logs should be published. */ isLoggingEnabled?: pulumi.Input; } export interface PipelineLogPublishingOptionsCloudwatchLogDestination { /** * The name of the CloudWatch Logs group to send pipeline logs to. You can specify an existing log group or create a new one. For example, /aws/OpenSearchService/IngestionService/my-pipeline. */ logGroup: pulumi.Input; } export interface PipelineTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface PipelineVpcOptions { /** * A list of security groups associated with the VPC endpoint. */ securityGroupIds?: pulumi.Input[]>; /** * A list of subnet IDs associated with the VPC endpoint. */ subnetIds: pulumi.Input[]>; } } export namespace opsworks { export interface ApplicationAppSource { /** * Password to use when authenticating to the source. This provider cannot perform drift detection of this configuration. */ password?: pulumi.Input; /** * For sources that are version-aware, the revision to use. */ revision?: pulumi.Input; /** * SSH key to use when authenticating to the source. This provider cannot perform drift detection of this configuration. */ sshKey?: pulumi.Input; /** * The type of source to use. For example, "archive". */ type: pulumi.Input; /** * The URL where the app resource can be found. */ url?: pulumi.Input; /** * Username to use when authenticating to the source. */ username?: pulumi.Input; } export interface ApplicationEnvironment { /** * Variable name. */ key: pulumi.Input; /** * Set visibility of the variable value to `true` or `false`. */ secure?: pulumi.Input; /** * Variable value. */ value: pulumi.Input; } export interface ApplicationSslConfiguration { /** * The contents of the certificate's domain.crt file. */ certificate: pulumi.Input; /** * Can be used to specify an intermediate certificate authority key or client authentication. */ chain?: pulumi.Input; /** * The private key; the contents of the certificate's domain.key file. */ privateKey: pulumi.Input; } export interface CustomLayerCloudwatchConfiguration { enabled?: pulumi.Input; /** * A block the specifies how an opsworks logs look like. See Log Streams. */ logStreams?: pulumi.Input[]>; } export interface CustomLayerCloudwatchConfigurationLogStream { /** * Specifies the max number of log events in a batch, up to `10000`. The default value is `1000`. */ batchCount?: pulumi.Input; /** * Specifies the maximum size of log events in a batch, in bytes, up to `1048576` bytes. The default value is `32768` bytes. */ batchSize?: pulumi.Input; /** * Specifies the time duration for the batching of log events. The minimum value is `5000` and default value is `5000`. */ bufferDuration?: pulumi.Input; /** * Specifies how the timestamp is extracted from logs. For more information, see the CloudWatch Logs Agent Reference (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AgentReference.html). */ datetimeFormat?: pulumi.Input; /** * Specifies the encoding of the log file so that the file can be read correctly. The default is `utf8`. */ encoding?: pulumi.Input; /** * Specifies log files that you want to push to CloudWatch Logs. File can point to a specific file or multiple files (by using wild card characters such as /var/log/system.log*). */ file: pulumi.Input; /** * Specifies the range of lines for identifying a file. The valid values are one number, or two dash-delimited numbers, such as `1`, `2-5`. The default value is `1`. */ fileFingerprintLines?: pulumi.Input; /** * Specifies where to start to read data (`startOfFile` or `endOfFile`). The default is `startOfFile`. */ initialPosition?: pulumi.Input; /** * Specifies the destination log group. A log group is created automatically if it doesn't already exist. */ logGroupName: pulumi.Input; /** * Specifies the pattern for identifying the start of a log message. */ multilineStartPattern?: pulumi.Input; /** * Specifies the time zone of log event time stamps. */ timeZone?: pulumi.Input; } export interface CustomLayerEbsVolume { /** * Encrypt the volume. */ encrypted?: pulumi.Input; /** * For PIOPS volumes, the IOPS per disk. */ iops?: pulumi.Input; /** * The path to mount the EBS volume on the layer's instances. */ mountPoint: pulumi.Input; /** * The number of disks to use for the EBS volume. */ numberOfDisks: pulumi.Input; /** * The RAID level to use for the volume. */ raidLevel?: pulumi.Input; /** * The size of the volume in gigabytes. */ size: pulumi.Input; /** * The type of volume to create. This may be `standard` (the default), `io1` or `gp2`. */ type?: pulumi.Input; } export interface CustomLayerLoadBasedAutoScaling { downscaling?: pulumi.Input; enable?: pulumi.Input; upscaling?: pulumi.Input; } export interface CustomLayerLoadBasedAutoScalingDownscaling { /** * Custom Cloudwatch auto scaling alarms, to be used as thresholds. This parameter takes a list of up to five alarm names, which are case sensitive and must be in the same region as the stack. */ alarms?: pulumi.Input[]>; /** * The CPU utilization threshold, as a percent of the available CPU. A value of -1 disables the threshold. */ cpuThreshold?: pulumi.Input; /** * The amount of time (in minutes) after a scaling event occurs that AWS OpsWorks Stacks should ignore metrics and suppress additional scaling events. */ ignoreMetricsTime?: pulumi.Input; /** * The number of instances to add or remove when the load exceeds a threshold. */ instanceCount?: pulumi.Input; /** * The load threshold. A value of -1 disables the threshold. */ loadThreshold?: pulumi.Input; /** * The memory utilization threshold, as a percent of the available memory. A value of -1 disables the threshold. */ memoryThreshold?: pulumi.Input; /** * The amount of time, in minutes, that the load must exceed a threshold before more instances are added or removed. */ thresholdsWaitTime?: pulumi.Input; } export interface CustomLayerLoadBasedAutoScalingUpscaling { /** * Custom Cloudwatch auto scaling alarms, to be used as thresholds. This parameter takes a list of up to five alarm names, which are case sensitive and must be in the same region as the stack. */ alarms?: pulumi.Input[]>; /** * The CPU utilization threshold, as a percent of the available CPU. A value of -1 disables the threshold. */ cpuThreshold?: pulumi.Input; /** * The amount of time (in minutes) after a scaling event occurs that AWS OpsWorks Stacks should ignore metrics and suppress additional scaling events. */ ignoreMetricsTime?: pulumi.Input; /** * The number of instances to add or remove when the load exceeds a threshold. */ instanceCount?: pulumi.Input; /** * The load threshold. A value of -1 disables the threshold. */ loadThreshold?: pulumi.Input; /** * The memory utilization threshold, as a percent of the available memory. A value of -1 disables the threshold. */ memoryThreshold?: pulumi.Input; /** * The amount of time, in minutes, that the load must exceed a threshold before more instances are added or removed. */ thresholdsWaitTime?: pulumi.Input; } export interface EcsClusterLayerCloudwatchConfiguration { enabled?: pulumi.Input; logStreams?: pulumi.Input[]>; } export interface EcsClusterLayerCloudwatchConfigurationLogStream { batchCount?: pulumi.Input; batchSize?: pulumi.Input; bufferDuration?: pulumi.Input; datetimeFormat?: pulumi.Input; encoding?: pulumi.Input; file: pulumi.Input; fileFingerprintLines?: pulumi.Input; initialPosition?: pulumi.Input; logGroupName: pulumi.Input; multilineStartPattern?: pulumi.Input; timeZone?: pulumi.Input; } export interface EcsClusterLayerEbsVolume { encrypted?: pulumi.Input; /** * For PIOPS volumes, the IOPS per disk. */ iops?: pulumi.Input; /** * The path to mount the EBS volume on the layer's instances. */ mountPoint: pulumi.Input; /** * The number of disks to use for the EBS volume. */ numberOfDisks: pulumi.Input; /** * The RAID level to use for the volume. */ raidLevel?: pulumi.Input; /** * The size of the volume in gigabytes. */ size: pulumi.Input; /** * The type of volume to create. This may be `standard` (the default), `io1` or `gp2`. */ type?: pulumi.Input; } export interface EcsClusterLayerLoadBasedAutoScaling { downscaling?: pulumi.Input; enable?: pulumi.Input; upscaling?: pulumi.Input; } export interface EcsClusterLayerLoadBasedAutoScalingDownscaling { alarms?: pulumi.Input[]>; cpuThreshold?: pulumi.Input; ignoreMetricsTime?: pulumi.Input; instanceCount?: pulumi.Input; loadThreshold?: pulumi.Input; memoryThreshold?: pulumi.Input; thresholdsWaitTime?: pulumi.Input; } export interface EcsClusterLayerLoadBasedAutoScalingUpscaling { alarms?: pulumi.Input[]>; cpuThreshold?: pulumi.Input; ignoreMetricsTime?: pulumi.Input; instanceCount?: pulumi.Input; loadThreshold?: pulumi.Input; memoryThreshold?: pulumi.Input; thresholdsWaitTime?: pulumi.Input; } export interface GangliaLayerCloudwatchConfiguration { enabled?: pulumi.Input; logStreams?: pulumi.Input[]>; } export interface GangliaLayerCloudwatchConfigurationLogStream { batchCount?: pulumi.Input; batchSize?: pulumi.Input; bufferDuration?: pulumi.Input; datetimeFormat?: pulumi.Input; encoding?: pulumi.Input; file: pulumi.Input; fileFingerprintLines?: pulumi.Input; initialPosition?: pulumi.Input; logGroupName: pulumi.Input; multilineStartPattern?: pulumi.Input; timeZone?: pulumi.Input; } export interface GangliaLayerEbsVolume { encrypted?: pulumi.Input; /** * For PIOPS volumes, the IOPS per disk. */ iops?: pulumi.Input; /** * The path to mount the EBS volume on the layer's instances. */ mountPoint: pulumi.Input; /** * The number of disks to use for the EBS volume. */ numberOfDisks: pulumi.Input; /** * The RAID level to use for the volume. */ raidLevel?: pulumi.Input; /** * The size of the volume in gigabytes. */ size: pulumi.Input; /** * The type of volume to create. This may be `standard` (the default), `io1` or `gp2`. */ type?: pulumi.Input; } export interface GangliaLayerLoadBasedAutoScaling { downscaling?: pulumi.Input; enable?: pulumi.Input; upscaling?: pulumi.Input; } export interface GangliaLayerLoadBasedAutoScalingDownscaling { alarms?: pulumi.Input[]>; cpuThreshold?: pulumi.Input; ignoreMetricsTime?: pulumi.Input; instanceCount?: pulumi.Input; loadThreshold?: pulumi.Input; memoryThreshold?: pulumi.Input; thresholdsWaitTime?: pulumi.Input; } export interface GangliaLayerLoadBasedAutoScalingUpscaling { alarms?: pulumi.Input[]>; cpuThreshold?: pulumi.Input; ignoreMetricsTime?: pulumi.Input; instanceCount?: pulumi.Input; loadThreshold?: pulumi.Input; memoryThreshold?: pulumi.Input; thresholdsWaitTime?: pulumi.Input; } export interface HaproxyLayerCloudwatchConfiguration { enabled?: pulumi.Input; logStreams?: pulumi.Input[]>; } export interface HaproxyLayerCloudwatchConfigurationLogStream { batchCount?: pulumi.Input; batchSize?: pulumi.Input; bufferDuration?: pulumi.Input; datetimeFormat?: pulumi.Input; encoding?: pulumi.Input; file: pulumi.Input; fileFingerprintLines?: pulumi.Input; initialPosition?: pulumi.Input; logGroupName: pulumi.Input; multilineStartPattern?: pulumi.Input; timeZone?: pulumi.Input; } export interface HaproxyLayerEbsVolume { encrypted?: pulumi.Input; /** * For PIOPS volumes, the IOPS per disk. */ iops?: pulumi.Input; /** * The path to mount the EBS volume on the layer's instances. */ mountPoint: pulumi.Input; /** * The number of disks to use for the EBS volume. */ numberOfDisks: pulumi.Input; /** * The RAID level to use for the volume. */ raidLevel?: pulumi.Input; /** * The size of the volume in gigabytes. */ size: pulumi.Input; /** * The type of volume to create. This may be `standard` (the default), `io1` or `gp2`. */ type?: pulumi.Input; } export interface HaproxyLayerLoadBasedAutoScaling { downscaling?: pulumi.Input; enable?: pulumi.Input; upscaling?: pulumi.Input; } export interface HaproxyLayerLoadBasedAutoScalingDownscaling { alarms?: pulumi.Input[]>; cpuThreshold?: pulumi.Input; ignoreMetricsTime?: pulumi.Input; instanceCount?: pulumi.Input; loadThreshold?: pulumi.Input; memoryThreshold?: pulumi.Input; thresholdsWaitTime?: pulumi.Input; } export interface HaproxyLayerLoadBasedAutoScalingUpscaling { alarms?: pulumi.Input[]>; cpuThreshold?: pulumi.Input; ignoreMetricsTime?: pulumi.Input; instanceCount?: pulumi.Input; loadThreshold?: pulumi.Input; memoryThreshold?: pulumi.Input; thresholdsWaitTime?: pulumi.Input; } export interface InstanceEbsBlockDevice { deleteOnTermination?: pulumi.Input; deviceName: pulumi.Input; iops?: pulumi.Input; snapshotId?: pulumi.Input; volumeSize?: pulumi.Input; volumeType?: pulumi.Input; } export interface InstanceEphemeralBlockDevice { deviceName: pulumi.Input; virtualName: pulumi.Input; } export interface InstanceRootBlockDevice { deleteOnTermination?: pulumi.Input; iops?: pulumi.Input; volumeSize?: pulumi.Input; volumeType?: pulumi.Input; } export interface JavaAppLayerCloudwatchConfiguration { enabled?: pulumi.Input; logStreams?: pulumi.Input[]>; } export interface JavaAppLayerCloudwatchConfigurationLogStream { batchCount?: pulumi.Input; batchSize?: pulumi.Input; bufferDuration?: pulumi.Input; datetimeFormat?: pulumi.Input; encoding?: pulumi.Input; file: pulumi.Input; fileFingerprintLines?: pulumi.Input; initialPosition?: pulumi.Input; logGroupName: pulumi.Input; multilineStartPattern?: pulumi.Input; timeZone?: pulumi.Input; } export interface JavaAppLayerEbsVolume { encrypted?: pulumi.Input; /** * For PIOPS volumes, the IOPS per disk. */ iops?: pulumi.Input; /** * The path to mount the EBS volume on the layer's instances. */ mountPoint: pulumi.Input; /** * The number of disks to use for the EBS volume. */ numberOfDisks: pulumi.Input; /** * The RAID level to use for the volume. */ raidLevel?: pulumi.Input; /** * The size of the volume in gigabytes. */ size: pulumi.Input; /** * The type of volume to create. This may be `standard` (the default), `io1` or `gp2`. */ type?: pulumi.Input; } export interface JavaAppLayerLoadBasedAutoScaling { downscaling?: pulumi.Input; enable?: pulumi.Input; upscaling?: pulumi.Input; } export interface JavaAppLayerLoadBasedAutoScalingDownscaling { alarms?: pulumi.Input[]>; cpuThreshold?: pulumi.Input; ignoreMetricsTime?: pulumi.Input; instanceCount?: pulumi.Input; loadThreshold?: pulumi.Input; memoryThreshold?: pulumi.Input; thresholdsWaitTime?: pulumi.Input; } export interface JavaAppLayerLoadBasedAutoScalingUpscaling { alarms?: pulumi.Input[]>; cpuThreshold?: pulumi.Input; ignoreMetricsTime?: pulumi.Input; instanceCount?: pulumi.Input; loadThreshold?: pulumi.Input; memoryThreshold?: pulumi.Input; thresholdsWaitTime?: pulumi.Input; } export interface MemcachedLayerCloudwatchConfiguration { enabled?: pulumi.Input; logStreams?: pulumi.Input[]>; } export interface MemcachedLayerCloudwatchConfigurationLogStream { batchCount?: pulumi.Input; batchSize?: pulumi.Input; bufferDuration?: pulumi.Input; datetimeFormat?: pulumi.Input; encoding?: pulumi.Input; file: pulumi.Input; fileFingerprintLines?: pulumi.Input; initialPosition?: pulumi.Input; logGroupName: pulumi.Input; multilineStartPattern?: pulumi.Input; timeZone?: pulumi.Input; } export interface MemcachedLayerEbsVolume { encrypted?: pulumi.Input; /** * For PIOPS volumes, the IOPS per disk. */ iops?: pulumi.Input; /** * The path to mount the EBS volume on the layer's instances. */ mountPoint: pulumi.Input; /** * The number of disks to use for the EBS volume. */ numberOfDisks: pulumi.Input; /** * The RAID level to use for the volume. */ raidLevel?: pulumi.Input; /** * The size of the volume in gigabytes. */ size: pulumi.Input; /** * The type of volume to create. This may be `standard` (the default), `io1` or `gp2`. */ type?: pulumi.Input; } export interface MemcachedLayerLoadBasedAutoScaling { downscaling?: pulumi.Input; enable?: pulumi.Input; upscaling?: pulumi.Input; } export interface MemcachedLayerLoadBasedAutoScalingDownscaling { alarms?: pulumi.Input[]>; cpuThreshold?: pulumi.Input; ignoreMetricsTime?: pulumi.Input; instanceCount?: pulumi.Input; loadThreshold?: pulumi.Input; memoryThreshold?: pulumi.Input; thresholdsWaitTime?: pulumi.Input; } export interface MemcachedLayerLoadBasedAutoScalingUpscaling { alarms?: pulumi.Input[]>; cpuThreshold?: pulumi.Input; ignoreMetricsTime?: pulumi.Input; instanceCount?: pulumi.Input; loadThreshold?: pulumi.Input; memoryThreshold?: pulumi.Input; thresholdsWaitTime?: pulumi.Input; } export interface MysqlLayerCloudwatchConfiguration { enabled?: pulumi.Input; logStreams?: pulumi.Input[]>; } export interface MysqlLayerCloudwatchConfigurationLogStream { batchCount?: pulumi.Input; batchSize?: pulumi.Input; bufferDuration?: pulumi.Input; datetimeFormat?: pulumi.Input; encoding?: pulumi.Input; file: pulumi.Input; fileFingerprintLines?: pulumi.Input; initialPosition?: pulumi.Input; logGroupName: pulumi.Input; multilineStartPattern?: pulumi.Input; timeZone?: pulumi.Input; } export interface MysqlLayerEbsVolume { encrypted?: pulumi.Input; /** * For PIOPS volumes, the IOPS per disk. */ iops?: pulumi.Input; /** * The path to mount the EBS volume on the layer's instances. */ mountPoint: pulumi.Input; /** * The number of disks to use for the EBS volume. */ numberOfDisks: pulumi.Input; /** * The RAID level to use for the volume. */ raidLevel?: pulumi.Input; /** * The size of the volume in gigabytes. */ size: pulumi.Input; /** * The type of volume to create. This may be `standard` (the default), `io1` or `gp2`. */ type?: pulumi.Input; } export interface MysqlLayerLoadBasedAutoScaling { downscaling?: pulumi.Input; enable?: pulumi.Input; upscaling?: pulumi.Input; } export interface MysqlLayerLoadBasedAutoScalingDownscaling { alarms?: pulumi.Input[]>; cpuThreshold?: pulumi.Input; ignoreMetricsTime?: pulumi.Input; instanceCount?: pulumi.Input; loadThreshold?: pulumi.Input; memoryThreshold?: pulumi.Input; thresholdsWaitTime?: pulumi.Input; } export interface MysqlLayerLoadBasedAutoScalingUpscaling { alarms?: pulumi.Input[]>; cpuThreshold?: pulumi.Input; ignoreMetricsTime?: pulumi.Input; instanceCount?: pulumi.Input; loadThreshold?: pulumi.Input; memoryThreshold?: pulumi.Input; thresholdsWaitTime?: pulumi.Input; } export interface NodejsAppLayerCloudwatchConfiguration { enabled?: pulumi.Input; logStreams?: pulumi.Input[]>; } export interface NodejsAppLayerCloudwatchConfigurationLogStream { batchCount?: pulumi.Input; batchSize?: pulumi.Input; bufferDuration?: pulumi.Input; datetimeFormat?: pulumi.Input; encoding?: pulumi.Input; file: pulumi.Input; fileFingerprintLines?: pulumi.Input; initialPosition?: pulumi.Input; logGroupName: pulumi.Input; multilineStartPattern?: pulumi.Input; timeZone?: pulumi.Input; } export interface NodejsAppLayerEbsVolume { encrypted?: pulumi.Input; /** * For PIOPS volumes, the IOPS per disk. */ iops?: pulumi.Input; /** * The path to mount the EBS volume on the layer's instances. */ mountPoint: pulumi.Input; /** * The number of disks to use for the EBS volume. */ numberOfDisks: pulumi.Input; /** * The RAID level to use for the volume. */ raidLevel?: pulumi.Input; /** * The size of the volume in gigabytes. */ size: pulumi.Input; /** * The type of volume to create. This may be `standard` (the default), `io1` or `gp2`. */ type?: pulumi.Input; } export interface NodejsAppLayerLoadBasedAutoScaling { downscaling?: pulumi.Input; enable?: pulumi.Input; upscaling?: pulumi.Input; } export interface NodejsAppLayerLoadBasedAutoScalingDownscaling { alarms?: pulumi.Input[]>; cpuThreshold?: pulumi.Input; ignoreMetricsTime?: pulumi.Input; instanceCount?: pulumi.Input; loadThreshold?: pulumi.Input; memoryThreshold?: pulumi.Input; thresholdsWaitTime?: pulumi.Input; } export interface NodejsAppLayerLoadBasedAutoScalingUpscaling { alarms?: pulumi.Input[]>; cpuThreshold?: pulumi.Input; ignoreMetricsTime?: pulumi.Input; instanceCount?: pulumi.Input; loadThreshold?: pulumi.Input; memoryThreshold?: pulumi.Input; thresholdsWaitTime?: pulumi.Input; } export interface PhpAppLayerCloudwatchConfiguration { enabled?: pulumi.Input; logStreams?: pulumi.Input[]>; } export interface PhpAppLayerCloudwatchConfigurationLogStream { batchCount?: pulumi.Input; batchSize?: pulumi.Input; bufferDuration?: pulumi.Input; datetimeFormat?: pulumi.Input; encoding?: pulumi.Input; file: pulumi.Input; fileFingerprintLines?: pulumi.Input; initialPosition?: pulumi.Input; logGroupName: pulumi.Input; multilineStartPattern?: pulumi.Input; timeZone?: pulumi.Input; } export interface PhpAppLayerEbsVolume { encrypted?: pulumi.Input; /** * For PIOPS volumes, the IOPS per disk. */ iops?: pulumi.Input; /** * The path to mount the EBS volume on the layer's instances. */ mountPoint: pulumi.Input; /** * The number of disks to use for the EBS volume. */ numberOfDisks: pulumi.Input; /** * The RAID level to use for the volume. */ raidLevel?: pulumi.Input; /** * The size of the volume in gigabytes. */ size: pulumi.Input; /** * The type of volume to create. This may be `standard` (the default), `io1` or `gp2`. */ type?: pulumi.Input; } export interface PhpAppLayerLoadBasedAutoScaling { downscaling?: pulumi.Input; enable?: pulumi.Input; upscaling?: pulumi.Input; } export interface PhpAppLayerLoadBasedAutoScalingDownscaling { alarms?: pulumi.Input[]>; cpuThreshold?: pulumi.Input; ignoreMetricsTime?: pulumi.Input; instanceCount?: pulumi.Input; loadThreshold?: pulumi.Input; memoryThreshold?: pulumi.Input; thresholdsWaitTime?: pulumi.Input; } export interface PhpAppLayerLoadBasedAutoScalingUpscaling { alarms?: pulumi.Input[]>; cpuThreshold?: pulumi.Input; ignoreMetricsTime?: pulumi.Input; instanceCount?: pulumi.Input; loadThreshold?: pulumi.Input; memoryThreshold?: pulumi.Input; thresholdsWaitTime?: pulumi.Input; } export interface RailsAppLayerCloudwatchConfiguration { enabled?: pulumi.Input; logStreams?: pulumi.Input[]>; } export interface RailsAppLayerCloudwatchConfigurationLogStream { batchCount?: pulumi.Input; batchSize?: pulumi.Input; bufferDuration?: pulumi.Input; datetimeFormat?: pulumi.Input; encoding?: pulumi.Input; file: pulumi.Input; fileFingerprintLines?: pulumi.Input; initialPosition?: pulumi.Input; logGroupName: pulumi.Input; multilineStartPattern?: pulumi.Input; timeZone?: pulumi.Input; } export interface RailsAppLayerEbsVolume { encrypted?: pulumi.Input; /** * For PIOPS volumes, the IOPS per disk. */ iops?: pulumi.Input; /** * The path to mount the EBS volume on the layer's instances. */ mountPoint: pulumi.Input; /** * The number of disks to use for the EBS volume. */ numberOfDisks: pulumi.Input; /** * The RAID level to use for the volume. */ raidLevel?: pulumi.Input; /** * The size of the volume in gigabytes. */ size: pulumi.Input; /** * The type of volume to create. This may be `standard` (the default), `io1` or `gp2`. */ type?: pulumi.Input; } export interface RailsAppLayerLoadBasedAutoScaling { downscaling?: pulumi.Input; enable?: pulumi.Input; upscaling?: pulumi.Input; } export interface RailsAppLayerLoadBasedAutoScalingDownscaling { alarms?: pulumi.Input[]>; cpuThreshold?: pulumi.Input; ignoreMetricsTime?: pulumi.Input; instanceCount?: pulumi.Input; loadThreshold?: pulumi.Input; memoryThreshold?: pulumi.Input; thresholdsWaitTime?: pulumi.Input; } export interface RailsAppLayerLoadBasedAutoScalingUpscaling { alarms?: pulumi.Input[]>; cpuThreshold?: pulumi.Input; ignoreMetricsTime?: pulumi.Input; instanceCount?: pulumi.Input; loadThreshold?: pulumi.Input; memoryThreshold?: pulumi.Input; thresholdsWaitTime?: pulumi.Input; } export interface StackCustomCookbooksSource { /** * Password to use when authenticating to the source. The provider cannot perform drift detection of this configuration. */ password?: pulumi.Input; /** * For sources that are version-aware, the revision to use. */ revision?: pulumi.Input; /** * SSH key to use when authenticating to the source. This provider cannot perform drift detection of this configuration. */ sshKey?: pulumi.Input; /** * The type of source to use. For example, "archive". */ type: pulumi.Input; /** * The URL where the cookbooks resource can be found. */ url: pulumi.Input; /** * Username to use when authenticating to the source. */ username?: pulumi.Input; } export interface StaticWebLayerCloudwatchConfiguration { enabled?: pulumi.Input; logStreams?: pulumi.Input[]>; } export interface StaticWebLayerCloudwatchConfigurationLogStream { batchCount?: pulumi.Input; batchSize?: pulumi.Input; bufferDuration?: pulumi.Input; datetimeFormat?: pulumi.Input; encoding?: pulumi.Input; file: pulumi.Input; fileFingerprintLines?: pulumi.Input; initialPosition?: pulumi.Input; logGroupName: pulumi.Input; multilineStartPattern?: pulumi.Input; timeZone?: pulumi.Input; } export interface StaticWebLayerEbsVolume { encrypted?: pulumi.Input; /** * For PIOPS volumes, the IOPS per disk. */ iops?: pulumi.Input; /** * The path to mount the EBS volume on the layer's instances. */ mountPoint: pulumi.Input; /** * The number of disks to use for the EBS volume. */ numberOfDisks: pulumi.Input; /** * The RAID level to use for the volume. */ raidLevel?: pulumi.Input; /** * The size of the volume in gigabytes. */ size: pulumi.Input; /** * The type of volume to create. This may be `standard` (the default), `io1` or `gp2`. */ type?: pulumi.Input; } export interface StaticWebLayerLoadBasedAutoScaling { downscaling?: pulumi.Input; enable?: pulumi.Input; upscaling?: pulumi.Input; } export interface StaticWebLayerLoadBasedAutoScalingDownscaling { alarms?: pulumi.Input[]>; cpuThreshold?: pulumi.Input; ignoreMetricsTime?: pulumi.Input; instanceCount?: pulumi.Input; loadThreshold?: pulumi.Input; memoryThreshold?: pulumi.Input; thresholdsWaitTime?: pulumi.Input; } export interface StaticWebLayerLoadBasedAutoScalingUpscaling { alarms?: pulumi.Input[]>; cpuThreshold?: pulumi.Input; ignoreMetricsTime?: pulumi.Input; instanceCount?: pulumi.Input; loadThreshold?: pulumi.Input; memoryThreshold?: pulumi.Input; thresholdsWaitTime?: pulumi.Input; } } export namespace organizations { export interface OrganizationAccount { /** * ARN of the root */ arn?: pulumi.Input; /** * Email of the account */ email?: pulumi.Input; /** * Identifier of the root */ id?: pulumi.Input; /** * The name of the policy type */ name?: pulumi.Input; /** * The status of the policy type as it relates to the associated root */ status?: pulumi.Input; } export interface OrganizationNonMasterAccount { /** * ARN of the root */ arn?: pulumi.Input; /** * Email of the account */ email?: pulumi.Input; /** * Identifier of the root */ id?: pulumi.Input; /** * The name of the policy type */ name?: pulumi.Input; /** * The status of the policy type as it relates to the associated root */ status?: pulumi.Input; } export interface OrganizationRoot { /** * ARN of the root */ arn?: pulumi.Input; /** * Identifier of the root */ id?: pulumi.Input; /** * The name of the policy type */ name?: pulumi.Input; /** * List of policy types enabled for this root. All elements have these attributes: */ policyTypes?: pulumi.Input[]>; } export interface OrganizationRootPolicyType { /** * The status of the policy type as it relates to the associated root */ status?: pulumi.Input; type?: pulumi.Input; } export interface OrganizationalUnitAccount { /** * ARN of the organizational unit */ arn?: pulumi.Input; /** * Email of the account */ email?: pulumi.Input; /** * Identifier of the organization unit */ id?: pulumi.Input; /** * The name for the organizational unit */ name?: pulumi.Input; } } export namespace pinpoint { export interface AppCampaignHook { /** * Lambda function name or ARN to be called for delivery. Conflicts with `webUrl` */ lambdaFunctionName?: pulumi.Input; /** * What mode Lambda should be invoked in. Valid values for this parameter are `DELIVERY`, `FILTER`. */ mode?: pulumi.Input; /** * Web URL to call for hook. If the URL has authentication specified it will be added as authentication to the request. Conflicts with `lambdaFunctionName` */ webUrl?: pulumi.Input; } export interface AppLimits { /** * The maximum number of messages that the campaign can send daily. */ daily?: pulumi.Input; /** * The length of time (in seconds) that the campaign can run before it ends and message deliveries stop. This duration begins at the scheduled start time for the campaign. The minimum value is 60. */ maximumDuration?: pulumi.Input; /** * The number of messages that the campaign can send per second. The minimum value is 50, and the maximum is 20000. */ messagesPerSecond?: pulumi.Input; /** * The maximum total number of messages that the campaign can send. */ total?: pulumi.Input; } export interface AppQuietTime { /** * The default end time for quiet time in ISO 8601 format. Required if `start` is set */ end?: pulumi.Input; /** * The default start time for quiet time in ISO 8601 format. Required if `end` is set */ start?: pulumi.Input; } } export namespace pipes { export interface PipeEnrichmentParameters { /** * Contains the HTTP parameters to use when the target is a API Gateway REST endpoint or EventBridge ApiDestination. If you specify an API Gateway REST API or EventBridge ApiDestination as a target, you can use this parameter to specify headers, path parameters, and query string keys/values as part of your target invoking request. If you're using ApiDestinations, the corresponding Connection can also have these values configured. In case of any conflicting keys, values from the Connection take precedence. Detailed below. */ httpParameters?: pulumi.Input; /** * Valid JSON text passed to the target. In this case, nothing from the event itself is passed to the target. Maximum length of 8192 characters. */ inputTemplate?: pulumi.Input; } export interface PipeEnrichmentParametersHttpParameters { headerParameters?: pulumi.Input<{[key: string]: pulumi.Input}>; pathParameterValues?: pulumi.Input; queryStringParameters?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface PipeSourceParameters { /** * The parameters for using an Active MQ broker as a source. Detailed below. */ activemqBrokerParameters?: pulumi.Input; /** * The parameters for using a DynamoDB stream as a source. Detailed below. */ dynamodbStreamParameters?: pulumi.Input; /** * The collection of event patterns used to [filter events](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-pipes-event-filtering.html). Detailed below. */ filterCriteria?: pulumi.Input; /** * The parameters for using a Kinesis stream as a source. Detailed below. */ kinesisStreamParameters?: pulumi.Input; /** * The parameters for using an MSK stream as a source. Detailed below. */ managedStreamingKafkaParameters?: pulumi.Input; /** * The parameters for using a Rabbit MQ broker as a source. Detailed below. */ rabbitmqBrokerParameters?: pulumi.Input; /** * The parameters for using a self-managed Apache Kafka stream as a source. Detailed below. */ selfManagedKafkaParameters?: pulumi.Input; /** * The parameters for using a Amazon SQS stream as a source. Detailed below. */ sqsQueueParameters?: pulumi.Input; } export interface PipeSourceParametersActivemqBrokerParameters { batchSize?: pulumi.Input; credentials: pulumi.Input; maximumBatchingWindowInSeconds?: pulumi.Input; queueName: pulumi.Input; } export interface PipeSourceParametersActivemqBrokerParametersCredentials { basicAuth: pulumi.Input; } export interface PipeSourceParametersDynamodbStreamParameters { batchSize?: pulumi.Input; deadLetterConfig?: pulumi.Input; maximumBatchingWindowInSeconds?: pulumi.Input; maximumRecordAgeInSeconds?: pulumi.Input; maximumRetryAttempts?: pulumi.Input; onPartialBatchItemFailure?: pulumi.Input; parallelizationFactor?: pulumi.Input; startingPosition: pulumi.Input; } export interface PipeSourceParametersDynamodbStreamParametersDeadLetterConfig { /** * ARN of this pipe. */ arn?: pulumi.Input; } export interface PipeSourceParametersFilterCriteria { filters?: pulumi.Input[]>; } export interface PipeSourceParametersFilterCriteriaFilter { pattern: pulumi.Input; } export interface PipeSourceParametersKinesisStreamParameters { batchSize?: pulumi.Input; deadLetterConfig?: pulumi.Input; maximumBatchingWindowInSeconds?: pulumi.Input; maximumRecordAgeInSeconds?: pulumi.Input; maximumRetryAttempts?: pulumi.Input; onPartialBatchItemFailure?: pulumi.Input; parallelizationFactor?: pulumi.Input; startingPosition: pulumi.Input; startingPositionTimestamp?: pulumi.Input; } export interface PipeSourceParametersKinesisStreamParametersDeadLetterConfig { /** * ARN of this pipe. */ arn?: pulumi.Input; } export interface PipeSourceParametersManagedStreamingKafkaParameters { batchSize?: pulumi.Input; consumerGroupId?: pulumi.Input; credentials?: pulumi.Input; maximumBatchingWindowInSeconds?: pulumi.Input; startingPosition?: pulumi.Input; topicName: pulumi.Input; } export interface PipeSourceParametersManagedStreamingKafkaParametersCredentials { clientCertificateTlsAuth?: pulumi.Input; saslScram512Auth?: pulumi.Input; } export interface PipeSourceParametersRabbitmqBrokerParameters { batchSize?: pulumi.Input; credentials: pulumi.Input; maximumBatchingWindowInSeconds?: pulumi.Input; queueName: pulumi.Input; virtualHost?: pulumi.Input; } export interface PipeSourceParametersRabbitmqBrokerParametersCredentials { basicAuth: pulumi.Input; } export interface PipeSourceParametersSelfManagedKafkaParameters { additionalBootstrapServers?: pulumi.Input[]>; batchSize?: pulumi.Input; consumerGroupId?: pulumi.Input; credentials?: pulumi.Input; maximumBatchingWindowInSeconds?: pulumi.Input; serverRootCaCertificate?: pulumi.Input; startingPosition?: pulumi.Input; topicName: pulumi.Input; vpc?: pulumi.Input; } export interface PipeSourceParametersSelfManagedKafkaParametersCredentials { basicAuth: pulumi.Input; clientCertificateTlsAuth?: pulumi.Input; saslScram256Auth?: pulumi.Input; saslScram512Auth?: pulumi.Input; } export interface PipeSourceParametersSelfManagedKafkaParametersVpc { securityGroups?: pulumi.Input[]>; subnets?: pulumi.Input[]>; } export interface PipeSourceParametersSqsQueueParameters { batchSize?: pulumi.Input; maximumBatchingWindowInSeconds?: pulumi.Input; } export interface PipeTargetParameters { /** * The parameters for using an AWS Batch job as a target. Detailed below. */ batchJobParameters?: pulumi.Input; /** * The parameters for using an CloudWatch Logs log stream as a target. Detailed below. */ cloudwatchLogsParameters?: pulumi.Input; /** * The parameters for using an Amazon ECS task as a target. Detailed below. */ ecsTaskParameters?: pulumi.Input; /** * The parameters for using an EventBridge event bus as a target. Detailed below. */ eventbridgeEventBusParameters?: pulumi.Input; /** * These are custom parameter to be used when the target is an API Gateway REST APIs or EventBridge ApiDestinations. Detailed below. */ httpParameters?: pulumi.Input; /** * Valid JSON text passed to the target. In this case, nothing from the event itself is passed to the target. Maximum length of 8192 characters. */ inputTemplate?: pulumi.Input; /** * The parameters for using a Kinesis stream as a source. Detailed below. */ kinesisStreamParameters?: pulumi.Input; /** * The parameters for using a Lambda function as a target. Detailed below. */ lambdaFunctionParameters?: pulumi.Input; /** * These are custom parameters to be used when the target is a Amazon Redshift cluster to invoke the Amazon Redshift Data API BatchExecuteStatement. Detailed below. */ redshiftDataParameters?: pulumi.Input; /** * The parameters for using a SageMaker pipeline as a target. Detailed below. */ sagemakerPipelineParameters?: pulumi.Input; /** * The parameters for using a Amazon SQS stream as a target. Detailed below. */ sqsQueueParameters?: pulumi.Input; /** * The parameters for using a Step Functions state machine as a target. Detailed below. */ stepFunctionStateMachineParameters?: pulumi.Input; } export interface PipeTargetParametersBatchJobParameters { arrayProperties?: pulumi.Input; containerOverrides?: pulumi.Input; dependsOns?: pulumi.Input[]>; jobDefinition: pulumi.Input; jobName: pulumi.Input; parameters?: pulumi.Input<{[key: string]: pulumi.Input}>; retryStrategy?: pulumi.Input; } export interface PipeTargetParametersBatchJobParametersArrayProperties { size?: pulumi.Input; } export interface PipeTargetParametersBatchJobParametersContainerOverrides { commands?: pulumi.Input[]>; environments?: pulumi.Input[]>; instanceType?: pulumi.Input; resourceRequirements?: pulumi.Input[]>; } export interface PipeTargetParametersBatchJobParametersContainerOverridesEnvironment { /** * Name of the pipe. If omitted, the provider will assign a random, unique name. Conflicts with `namePrefix`. */ name?: pulumi.Input; value?: pulumi.Input; } export interface PipeTargetParametersBatchJobParametersContainerOverridesResourceRequirement { type: pulumi.Input; value: pulumi.Input; } export interface PipeTargetParametersBatchJobParametersDependsOn { jobId?: pulumi.Input; type?: pulumi.Input; } export interface PipeTargetParametersBatchJobParametersRetryStrategy { attempts?: pulumi.Input; } export interface PipeTargetParametersCloudwatchLogsParameters { logStreamName?: pulumi.Input; timestamp?: pulumi.Input; } export interface PipeTargetParametersEcsTaskParameters { capacityProviderStrategies?: pulumi.Input[]>; enableEcsManagedTags?: pulumi.Input; enableExecuteCommand?: pulumi.Input; group?: pulumi.Input; launchType?: pulumi.Input; networkConfiguration?: pulumi.Input; overrides?: pulumi.Input; placementConstraints?: pulumi.Input[]>; placementStrategies?: pulumi.Input[]>; platformVersion?: pulumi.Input; propagateTags?: pulumi.Input; referenceId?: pulumi.Input; /** * Key-value mapping of resource tags. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. */ tags?: pulumi.Input<{[key: string]: pulumi.Input}>; taskCount?: pulumi.Input; taskDefinitionArn: pulumi.Input; } export interface PipeTargetParametersEcsTaskParametersCapacityProviderStrategy { base?: pulumi.Input; capacityProvider: pulumi.Input; weight?: pulumi.Input; } export interface PipeTargetParametersEcsTaskParametersNetworkConfiguration { awsVpcConfiguration?: pulumi.Input; } export interface PipeTargetParametersEcsTaskParametersNetworkConfigurationAwsVpcConfiguration { assignPublicIp?: pulumi.Input; securityGroups?: pulumi.Input[]>; subnets?: pulumi.Input[]>; } export interface PipeTargetParametersEcsTaskParametersOverrides { containerOverrides?: pulumi.Input[]>; cpu?: pulumi.Input; ephemeralStorage?: pulumi.Input; executionRoleArn?: pulumi.Input; inferenceAcceleratorOverrides?: pulumi.Input[]>; memory?: pulumi.Input; taskRoleArn?: pulumi.Input; } export interface PipeTargetParametersEcsTaskParametersOverridesContainerOverride { commands?: pulumi.Input[]>; cpu?: pulumi.Input; environmentFiles?: pulumi.Input[]>; environments?: pulumi.Input[]>; memory?: pulumi.Input; memoryReservation?: pulumi.Input; /** * Name of the pipe. If omitted, the provider will assign a random, unique name. Conflicts with `namePrefix`. */ name?: pulumi.Input; resourceRequirements?: pulumi.Input[]>; } export interface PipeTargetParametersEcsTaskParametersOverridesContainerOverrideEnvironment { /** * Name of the pipe. If omitted, the provider will assign a random, unique name. Conflicts with `namePrefix`. */ name?: pulumi.Input; value?: pulumi.Input; } export interface PipeTargetParametersEcsTaskParametersOverridesContainerOverrideEnvironmentFile { type: pulumi.Input; value: pulumi.Input; } export interface PipeTargetParametersEcsTaskParametersOverridesContainerOverrideResourceRequirement { type: pulumi.Input; value: pulumi.Input; } export interface PipeTargetParametersEcsTaskParametersOverridesEphemeralStorage { sizeInGib: pulumi.Input; } export interface PipeTargetParametersEcsTaskParametersOverridesInferenceAcceleratorOverride { deviceName?: pulumi.Input; deviceType?: pulumi.Input; } export interface PipeTargetParametersEcsTaskParametersPlacementConstraint { expression?: pulumi.Input; type?: pulumi.Input; } export interface PipeTargetParametersEcsTaskParametersPlacementStrategy { field?: pulumi.Input; type?: pulumi.Input; } export interface PipeTargetParametersEventbridgeEventBusParameters { detailType?: pulumi.Input; endpointId?: pulumi.Input; resources?: pulumi.Input[]>; /** * Source resource of the pipe (typically an ARN). */ source?: pulumi.Input; time?: pulumi.Input; } export interface PipeTargetParametersHttpParameters { headerParameters?: pulumi.Input<{[key: string]: pulumi.Input}>; pathParameterValues?: pulumi.Input; queryStringParameters?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface PipeTargetParametersKinesisStreamParameters { partitionKey: pulumi.Input; } export interface PipeTargetParametersLambdaFunctionParameters { invocationType: pulumi.Input; } export interface PipeTargetParametersRedshiftDataParameters { database: pulumi.Input; dbUser?: pulumi.Input; secretManagerArn?: pulumi.Input; sqls: pulumi.Input[]>; statementName?: pulumi.Input; withEvent?: pulumi.Input; } export interface PipeTargetParametersSagemakerPipelineParameters { pipelineParameters?: pulumi.Input[]>; } export interface PipeTargetParametersSagemakerPipelineParametersPipelineParameter { /** * Name of the pipe. If omitted, the provider will assign a random, unique name. Conflicts with `namePrefix`. */ name: pulumi.Input; value: pulumi.Input; } export interface PipeTargetParametersSqsQueueParameters { messageDeduplicationId?: pulumi.Input; messageGroupId?: pulumi.Input; } export interface PipeTargetParametersStepFunctionStateMachineParameters { invocationType: pulumi.Input; } } export namespace polly { export interface GetVoicesVoice { /** * Additional codes for languages available for the specified voice in addition to its default language. */ additionalLanguageCodes?: string[]; /** * Gender of the voice. */ gender?: string; /** * Amazon Polly assigned voice ID. */ id?: string; /** * Language identification tag for filtering the list of voices returned. If not specified, all available voices are returned. */ languageCode?: string; /** * Human readable name of the language in English. */ languageName?: string; /** * Name of the voice. */ name?: string; /** * Specifies which engines are supported by a given voice. */ supportedEngines?: string[]; } export interface GetVoicesVoiceArgs { /** * Additional codes for languages available for the specified voice in addition to its default language. */ additionalLanguageCodes?: pulumi.Input[]>; /** * Gender of the voice. */ gender?: pulumi.Input; /** * Amazon Polly assigned voice ID. */ id?: pulumi.Input; /** * Language identification tag for filtering the list of voices returned. If not specified, all available voices are returned. */ languageCode?: pulumi.Input; /** * Human readable name of the language in English. */ languageName?: pulumi.Input; /** * Name of the voice. */ name?: pulumi.Input; /** * Specifies which engines are supported by a given voice. */ supportedEngines?: pulumi.Input[]>; } } export namespace pricing { export interface GetProductFilter { /** * Product attribute name that you want to filter on. */ field: string; /** * Product attribute value that you want to filter on. */ value: string; } export interface GetProductFilterArgs { /** * Product attribute name that you want to filter on. */ field: pulumi.Input; /** * Product attribute value that you want to filter on. */ value: pulumi.Input; } } export namespace qldb { export interface StreamKinesisConfiguration { /** * Enables QLDB to publish multiple data records in a single Kinesis Data Streams record, increasing the number of records sent per API call. Default: `true`. */ aggregationEnabled?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Kinesis Data Streams resource. */ streamArn: pulumi.Input; } } export namespace quicksight { export interface AnalysisParameters { /** * A list of parameters that have a data type of date-time. See [AWS API Documentation for complete description](https://docs.aws.amazon.com/quicksight/latest/APIReference/API_DateTimeParameter.html). */ dateTimeParameters?: pulumi.Input[]>; /** * A list of parameters that have a data type of decimal. See [AWS API Documentation for complete description](https://docs.aws.amazon.com/quicksight/latest/APIReference/API_DecimalParameter.html). */ decimalParameters?: pulumi.Input[]>; /** * A list of parameters that have a data type of integer. See [AWS API Documentation for complete description](https://docs.aws.amazon.com/quicksight/latest/APIReference/API_IntegerParameter.html). */ integerParameters?: pulumi.Input[]>; /** * A list of parameters that have a data type of string. See [AWS API Documentation for complete description](https://docs.aws.amazon.com/quicksight/latest/APIReference/API_StringParameter.html). */ stringParameters?: pulumi.Input[]>; } export interface AnalysisParametersDateTimeParameter { /** * Display name for the analysis. * * The following arguments are optional: */ name: pulumi.Input; values: pulumi.Input[]>; } export interface AnalysisParametersDecimalParameter { /** * Display name for the analysis. * * The following arguments are optional: */ name: pulumi.Input; values: pulumi.Input[]>; } export interface AnalysisParametersIntegerParameter { /** * Display name for the analysis. * * The following arguments are optional: */ name: pulumi.Input; values: pulumi.Input[]>; } export interface AnalysisParametersStringParameter { /** * Display name for the analysis. * * The following arguments are optional: */ name: pulumi.Input; values: pulumi.Input[]>; } export interface AnalysisPermission { /** * List of IAM actions to grant or revoke permissions on. */ actions: pulumi.Input[]>; /** * ARN of the principal. See the [ResourcePermission documentation](https://docs.aws.amazon.com/quicksight/latest/APIReference/API_ResourcePermission.html) for the applicable ARN values. */ principal: pulumi.Input; } export interface AnalysisSourceEntity { /** * The source template. See source_template. */ sourceTemplate?: pulumi.Input; } export interface AnalysisSourceEntitySourceTemplate { /** * The Amazon Resource Name (ARN) of the resource. */ arn: pulumi.Input; /** * List of dataset references. See data_set_references. */ dataSetReferences: pulumi.Input[]>; } export interface AnalysisSourceEntitySourceTemplateDataSetReference { /** * Dataset Amazon Resource Name (ARN). */ dataSetArn: pulumi.Input; /** * Dataset placeholder. */ dataSetPlaceholder: pulumi.Input; } export interface DashboardDashboardPublishOptions { /** * Ad hoc (one-time) filtering option. See ad_hoc_filtering_option. */ adHocFilteringOption?: pulumi.Input; /** * The drill-down options of data points in a dashboard. See data_point_drill_up_down_option. */ dataPointDrillUpDownOption?: pulumi.Input; /** * The data point menu label options of a dashboard. See data_point_menu_label_option. */ dataPointMenuLabelOption?: pulumi.Input; /** * The data point tool tip options of a dashboard. See data_point_tooltip_option. */ dataPointTooltipOption?: pulumi.Input; /** * Export to .csv option. See export_to_csv_option. */ exportToCsvOption?: pulumi.Input; /** * Determines if hidden fields are exported with a dashboard. See export_with_hidden_fields_option. */ exportWithHiddenFieldsOption?: pulumi.Input; /** * Sheet controls option. See sheet_controls_option. */ sheetControlsOption?: pulumi.Input; /** * The sheet layout maximization options of a dashboard. See sheet_layout_element_maximization_option. */ sheetLayoutElementMaximizationOption?: pulumi.Input; /** * The axis sort options of a dashboard. See visual_axis_sort_option. */ visualAxisSortOption?: pulumi.Input; /** * The menu options of a visual in a dashboard. See visual_menu_option. */ visualMenuOption?: pulumi.Input; } export interface DashboardDashboardPublishOptionsAdHocFilteringOption { /** * Availability status. Possibles values: ENABLED, DISABLED. */ availabilityStatus?: pulumi.Input; } export interface DashboardDashboardPublishOptionsDataPointDrillUpDownOption { /** * Availability status. Possibles values: ENABLED, DISABLED. */ availabilityStatus?: pulumi.Input; } export interface DashboardDashboardPublishOptionsDataPointMenuLabelOption { /** * Availability status. Possibles values: ENABLED, DISABLED. */ availabilityStatus?: pulumi.Input; } export interface DashboardDashboardPublishOptionsDataPointTooltipOption { /** * Availability status. Possibles values: ENABLED, DISABLED. */ availabilityStatus?: pulumi.Input; } export interface DashboardDashboardPublishOptionsExportToCsvOption { /** * Availability status. Possibles values: ENABLED, DISABLED. */ availabilityStatus?: pulumi.Input; } export interface DashboardDashboardPublishOptionsExportWithHiddenFieldsOption { /** * Availability status. Possibles values: ENABLED, DISABLED. */ availabilityStatus?: pulumi.Input; } export interface DashboardDashboardPublishOptionsSheetControlsOption { /** * Visibility state. Possibles values: EXPANDED, COLLAPSED. */ visibilityState?: pulumi.Input; } export interface DashboardDashboardPublishOptionsSheetLayoutElementMaximizationOption { /** * Availability status. Possibles values: ENABLED, DISABLED. */ availabilityStatus?: pulumi.Input; } export interface DashboardDashboardPublishOptionsVisualAxisSortOption { /** * Availability status. Possibles values: ENABLED, DISABLED. */ availabilityStatus?: pulumi.Input; } export interface DashboardDashboardPublishOptionsVisualMenuOption { /** * Availability status. Possibles values: ENABLED, DISABLED. */ availabilityStatus?: pulumi.Input; } export interface DashboardParameters { /** * A list of parameters that have a data type of date-time. See [AWS API Documentation for complete description](https://docs.aws.amazon.com/quicksight/latest/APIReference/API_DateTimeParameter.html). */ dateTimeParameters?: pulumi.Input[]>; /** * A list of parameters that have a data type of decimal. See [AWS API Documentation for complete description](https://docs.aws.amazon.com/quicksight/latest/APIReference/API_DecimalParameter.html). */ decimalParameters?: pulumi.Input[]>; /** * A list of parameters that have a data type of integer. See [AWS API Documentation for complete description](https://docs.aws.amazon.com/quicksight/latest/APIReference/API_IntegerParameter.html). */ integerParameters?: pulumi.Input[]>; /** * A list of parameters that have a data type of string. See [AWS API Documentation for complete description](https://docs.aws.amazon.com/quicksight/latest/APIReference/API_StringParameter.html). */ stringParameters?: pulumi.Input[]>; } export interface DashboardParametersDateTimeParameter { /** * Display name for the dashboard. */ name: pulumi.Input; values: pulumi.Input[]>; } export interface DashboardParametersDecimalParameter { /** * Display name for the dashboard. */ name: pulumi.Input; values: pulumi.Input[]>; } export interface DashboardParametersIntegerParameter { /** * Display name for the dashboard. */ name: pulumi.Input; values: pulumi.Input[]>; } export interface DashboardParametersStringParameter { /** * Display name for the dashboard. */ name: pulumi.Input; values: pulumi.Input[]>; } export interface DashboardPermission { /** * List of IAM actions to grant or revoke permissions on. */ actions: pulumi.Input[]>; /** * ARN of the principal. See the [ResourcePermission documentation](https://docs.aws.amazon.com/quicksight/latest/APIReference/API_ResourcePermission.html) for the applicable ARN values. */ principal: pulumi.Input; } export interface DashboardSourceEntity { /** * The source template. See source_template. */ sourceTemplate?: pulumi.Input; } export interface DashboardSourceEntitySourceTemplate { /** * The Amazon Resource Name (ARN) of the resource. */ arn: pulumi.Input; /** * List of dataset references. See data_set_references. */ dataSetReferences: pulumi.Input[]>; } export interface DashboardSourceEntitySourceTemplateDataSetReference { /** * Dataset Amazon Resource Name (ARN). */ dataSetArn: pulumi.Input; /** * Dataset placeholder. */ dataSetPlaceholder: pulumi.Input; } export interface DataSetColumnGroup { /** * Geospatial column group that denotes a hierarchy. See geo_spatial_column_group. */ geoSpatialColumnGroup?: pulumi.Input; } export interface DataSetColumnGroupGeoSpatialColumnGroup { /** * Columns in this hierarchy. */ columns: pulumi.Input[]>; /** * Country code. Valid values are `US`. */ countryCode: pulumi.Input; /** * A display name for the hierarchy. */ name: pulumi.Input; } export interface DataSetColumnLevelPermissionRule { /** * An array of column names. */ columnNames?: pulumi.Input[]>; /** * An array of ARNs for Amazon QuickSight users or groups. */ principals?: pulumi.Input[]>; } export interface DataSetDataSetUsageConfiguration { /** * Controls whether a child dataset of a direct query can use this dataset as a source. */ disableUseAsDirectQuerySource?: pulumi.Input; /** * Controls whether a child dataset that's stored in QuickSight can use this dataset as a source. */ disableUseAsImportedSource?: pulumi.Input; } export interface DataSetFieldFolder { /** * An array of column names to add to the folder. A column can only be in one folder. */ columns?: pulumi.Input[]>; /** * Field folder description. */ description?: pulumi.Input; /** * Key of the field folder map. */ fieldFoldersId: pulumi.Input; } export interface DataSetLogicalTableMap { /** * A display name for the logical table. */ alias: pulumi.Input; /** * Transform operations that act on this logical table. For this structure to be valid, only one of the attributes can be non-null. See data_transforms. */ dataTransforms?: pulumi.Input[]>; /** * Key of the logical table map. */ logicalTableMapId: pulumi.Input; /** * Source of this logical table. See source. */ source: pulumi.Input; } export interface DataSetLogicalTableMapDataTransform { /** * A transform operation that casts a column to a different type. See cast_column_type_operation. */ castColumnTypeOperation?: pulumi.Input; /** * An operation that creates calculated columns. Columns created in one such operation form a lexical closure. See create_columns_operation. */ createColumnsOperation?: pulumi.Input; /** * An operation that filters rows based on some condition. See filter_operation. */ filterOperation?: pulumi.Input; /** * An operation that projects columns. Operations that come after a projection can only refer to projected columns. See project_operation. */ projectOperation?: pulumi.Input; /** * An operation that renames a column. See rename_column_operation. */ renameColumnOperation?: pulumi.Input; /** * An operation that tags a column with additional information. See tag_column_operation. */ tagColumnOperation?: pulumi.Input; /** * A transform operation that removes tags associated with a column. See untag_column_operation. */ untagColumnOperation?: pulumi.Input; } export interface DataSetLogicalTableMapDataTransformCastColumnTypeOperation { /** * Column name. */ columnName: pulumi.Input; /** * When casting a column from string to datetime type, you can supply a string in a format supported by Amazon QuickSight to denote the source data format. */ format?: pulumi.Input; /** * New column data type. Valid values are `STRING`, `INTEGER`, `DECIMAL`, `DATETIME`. */ newColumnType: pulumi.Input; } export interface DataSetLogicalTableMapDataTransformCreateColumnsOperation { /** * Calculated columns to create. See columns. */ columns: pulumi.Input[]>; } export interface DataSetLogicalTableMapDataTransformCreateColumnsOperationColumn { /** * A unique ID to identify a calculated column. During a dataset update, if the column ID of a calculated column matches that of an existing calculated column, Amazon QuickSight preserves the existing calculated column. */ columnId: pulumi.Input; /** * Column name. */ columnName: pulumi.Input; /** * An expression that defines the calculated column. */ expression: pulumi.Input; } export interface DataSetLogicalTableMapDataTransformFilterOperation { /** * An expression that must evaluate to a Boolean value. Rows for which the expression evaluates to true are kept in the dataset. */ conditionExpression: pulumi.Input; } export interface DataSetLogicalTableMapDataTransformProjectOperation { /** * Projected columns. */ projectedColumns: pulumi.Input[]>; } export interface DataSetLogicalTableMapDataTransformRenameColumnOperation { /** * Column to be renamed. */ columnName: pulumi.Input; /** * New name for the column. */ newColumnName: pulumi.Input; } export interface DataSetLogicalTableMapDataTransformTagColumnOperation { /** * Column name. */ columnName: pulumi.Input; /** * The dataset column tag, currently only used for geospatial type tagging. See tags. */ tags: pulumi.Input[]>; } export interface DataSetLogicalTableMapDataTransformTagColumnOperationTag { /** * A description for a column. See column_description. */ columnDescription?: pulumi.Input; /** * A geospatial role for a column. Valid values are `COUNTRY`, `STATE`, `COUNTY`, `CITY`, `POSTCODE`, `LONGITUDE`, and `LATITUDE`. */ columnGeographicRole?: pulumi.Input; } export interface DataSetLogicalTableMapDataTransformTagColumnOperationTagColumnDescription { /** * The text of a description for a column. */ text?: pulumi.Input; } export interface DataSetLogicalTableMapDataTransformUntagColumnOperation { /** * Column name. */ columnName: pulumi.Input; /** * The column tags to remove from this column. */ tagNames: pulumi.Input[]>; } export interface DataSetLogicalTableMapSource { /** * ARN of the parent data set. */ dataSetArn?: pulumi.Input; /** * Specifies the result of a join of two logical tables. See join_instruction. */ joinInstruction?: pulumi.Input; /** * Physical table ID. */ physicalTableId?: pulumi.Input; } export interface DataSetLogicalTableMapSourceJoinInstruction { /** * Join key properties of the left operand. See left_join_key_properties. */ leftJoinKeyProperties?: pulumi.Input; /** * Operand on the left side of a join. */ leftOperand: pulumi.Input; /** * Join instructions provided in the ON clause of a join. */ onClause: pulumi.Input; /** * Join key properties of the right operand. See right_join_key_properties. */ rightJoinKeyProperties?: pulumi.Input; /** * Operand on the right side of a join. */ rightOperand: pulumi.Input; /** * Type of join. Valid values are `INNER`, `OUTER`, `LEFT`, and `RIGHT`. */ type: pulumi.Input; } export interface DataSetLogicalTableMapSourceJoinInstructionLeftJoinKeyProperties { /** * A value that indicates that a row in a table is uniquely identified by the columns in a join key. This is used by Amazon QuickSight to optimize query performance. */ uniqueKey?: pulumi.Input; } export interface DataSetLogicalTableMapSourceJoinInstructionRightJoinKeyProperties { /** * A value that indicates that a row in a table is uniquely identified by the columns in a join key. This is used by Amazon QuickSight to optimize query performance. */ uniqueKey?: pulumi.Input; } export interface DataSetOutputColumn { description?: pulumi.Input; /** * Display name for the dataset. */ name?: pulumi.Input; type?: pulumi.Input; } export interface DataSetPermission { /** * List of IAM actions to grant or revoke permissions on. */ actions: pulumi.Input[]>; /** * ARN of the principal. See the [ResourcePermission documentation](https://docs.aws.amazon.com/quicksight/latest/APIReference/API_ResourcePermission.html) for the applicable ARN values. */ principal: pulumi.Input; } export interface DataSetPhysicalTableMap { /** * A physical table type built from the results of the custom SQL query. See custom_sql. */ customSql?: pulumi.Input; /** * Key of the physical table map. */ physicalTableMapId: pulumi.Input; /** * A physical table type for relational data sources. See relational_table. */ relationalTable?: pulumi.Input; /** * A physical table type for as S3 data source. See s3_source. */ s3Source?: pulumi.Input; } export interface DataSetPhysicalTableMapCustomSql { /** * Column schema from the SQL query result set. See columns. */ columns?: pulumi.Input[]>; /** * ARN of the data source. */ dataSourceArn: pulumi.Input; /** * Display name for the SQL query result. */ name: pulumi.Input; /** * SQL query. */ sqlQuery: pulumi.Input; } export interface DataSetPhysicalTableMapCustomSqlColumn { /** * Name of this column in the underlying data source. */ name: pulumi.Input; /** * Data type of the column. */ type: pulumi.Input; } export interface DataSetPhysicalTableMapRelationalTable { /** * Catalog associated with the table. */ catalog?: pulumi.Input; /** * ARN of the data source. */ dataSourceArn: pulumi.Input; /** * Column schema of the table. See input_columns. */ inputColumns: pulumi.Input[]>; /** * Name of the relational table. */ name: pulumi.Input; /** * Schema name. This name applies to certain relational database engines. */ schema?: pulumi.Input; } export interface DataSetPhysicalTableMapRelationalTableInputColumn { /** * Name of this column in the underlying data source. */ name: pulumi.Input; /** * Data type of the column. */ type: pulumi.Input; } export interface DataSetPhysicalTableMapS3Source { /** * ARN of the data source. */ dataSourceArn: pulumi.Input; /** * Column schema of the table. See input_columns. */ inputColumns: pulumi.Input[]>; /** * Information about the format for the S3 source file or files. See upload_settings. */ uploadSettings: pulumi.Input; } export interface DataSetPhysicalTableMapS3SourceInputColumn { /** * Name of this column in the underlying data source. */ name: pulumi.Input; /** * Data type of the column. */ type: pulumi.Input; } export interface DataSetPhysicalTableMapS3SourceUploadSettings { /** * Whether the file has a header row, or the files each have a header row. */ containsHeader?: pulumi.Input; /** * Delimiter between values in the file. */ delimiter?: pulumi.Input; /** * File format. Valid values are `CSV`, `TSV`, `CLF`, `ELF`, `XLSX`, and `JSON`. */ format?: pulumi.Input; /** * A row number to start reading data from. */ startFromRow?: pulumi.Input; /** * Text qualifier. Valid values are `DOUBLE_QUOTE` and `SINGLE_QUOTE`. */ textQualifier?: pulumi.Input; } export interface DataSetRefreshProperties { /** * The refresh configuration for the data set. See refresh_configuration. */ refreshConfiguration: pulumi.Input; } export interface DataSetRefreshPropertiesRefreshConfiguration { /** * The incremental refresh for the data set. See incremental_refresh. */ incrementalRefresh: pulumi.Input; } export interface DataSetRefreshPropertiesRefreshConfigurationIncrementalRefresh { /** * The lookback window setup for an incremental refresh configuration. See lookback_window. */ lookbackWindow: pulumi.Input; } export interface DataSetRefreshPropertiesRefreshConfigurationIncrementalRefreshLookbackWindow { /** * The name of the lookback window column. */ columnName: pulumi.Input; /** * The lookback window column size. */ size: pulumi.Input; /** * The size unit that is used for the lookback window column. Valid values for this structure are `HOUR`, `DAY`, and `WEEK`. */ sizeUnit: pulumi.Input; } export interface DataSetRowLevelPermissionDataSet { /** * ARN of the dataset that contains permissions for RLS. */ arn: pulumi.Input; /** * User or group rules associated with the dataset that contains permissions for RLS. */ formatVersion?: pulumi.Input; /** * Namespace associated with the dataset that contains permissions for RLS. */ namespace?: pulumi.Input; /** * Type of permissions to use when interpreting the permissions for RLS. Valid values are `GRANT_ACCESS` and `DENY_ACCESS`. */ permissionPolicy: pulumi.Input; /** * Status of the row-level security permission dataset. If enabled, the status is `ENABLED`. If disabled, the status is `DISABLED`. */ status?: pulumi.Input; } export interface DataSetRowLevelPermissionTagConfiguration { /** * The status of row-level security tags. If enabled, the status is `ENABLED`. If disabled, the status is `DISABLED`. */ status?: pulumi.Input; /** * A set of rules associated with row-level security, such as the tag names and columns that they are assigned to. See tag_rules. */ tagRules: pulumi.Input[]>; } export interface DataSetRowLevelPermissionTagConfigurationTagRule { /** * Column name that a tag key is assigned to. */ columnName: pulumi.Input; /** * A string that you want to use to filter by all the values in a column in the dataset and don’t want to list the values one by one. */ matchAllValue?: pulumi.Input; /** * Unique key for a tag. */ tagKey: pulumi.Input; /** * A string that you want to use to delimit the values when you pass the values at run time. */ tagMultiValueDelimiter?: pulumi.Input; } export interface DataSourceCredentials { /** * The Amazon Resource Name (ARN) of a data source that has the credential pair that you want to use. * When the value is not null, the `credentialPair` from the data source in the ARN is used. */ copySourceArn?: pulumi.Input; /** * Credential pair. See Credential Pair below for more details. */ credentialPair?: pulumi.Input; } export interface DataSourceCredentialsCredentialPair { /** * Password, maximum length of 1024 characters. */ password: pulumi.Input; /** * User name, maximum length of 64 characters. */ username: pulumi.Input; } export interface DataSourceParameters { /** * Parameters for connecting to Amazon Elasticsearch. */ amazonElasticsearch?: pulumi.Input; /** * Parameters for connecting to Athena. */ athena?: pulumi.Input; /** * Parameters for connecting to Aurora MySQL. */ aurora?: pulumi.Input; /** * Parameters for connecting to Aurora Postgresql. */ auroraPostgresql?: pulumi.Input; /** * Parameters for connecting to AWS IOT Analytics. */ awsIotAnalytics?: pulumi.Input; /** * Parameters for connecting to Jira. */ jira?: pulumi.Input; /** * Parameters for connecting to MariaDB. */ mariaDb?: pulumi.Input; /** * Parameters for connecting to MySQL. */ mysql?: pulumi.Input; /** * Parameters for connecting to Oracle. */ oracle?: pulumi.Input; /** * Parameters for connecting to Postgresql. */ postgresql?: pulumi.Input; /** * Parameters for connecting to Presto. */ presto?: pulumi.Input; /** * Parameters for connecting to RDS. */ rds?: pulumi.Input; /** * Parameters for connecting to Redshift. */ redshift?: pulumi.Input; /** * Parameters for connecting to S3. */ s3?: pulumi.Input; /** * Parameters for connecting to ServiceNow. */ serviceNow?: pulumi.Input; /** * Parameters for connecting to Snowflake. */ snowflake?: pulumi.Input; /** * Parameters for connecting to Spark. */ spark?: pulumi.Input; /** * Parameters for connecting to SQL Server. */ sqlServer?: pulumi.Input; /** * Parameters for connecting to Teradata. */ teradata?: pulumi.Input; /** * Parameters for connecting to Twitter. */ twitter?: pulumi.Input; } export interface DataSourceParametersAmazonElasticsearch { /** * The OpenSearch domain. */ domain: pulumi.Input; } export interface DataSourceParametersAthena { /** * The work-group to which to connect. */ workGroup?: pulumi.Input; } export interface DataSourceParametersAurora { /** * The database to which to connect. */ database: pulumi.Input; /** * The host to which to connect. */ host: pulumi.Input; /** * The port to which to connect. */ port: pulumi.Input; } export interface DataSourceParametersAuroraPostgresql { /** * The database to which to connect. */ database: pulumi.Input; /** * The host to which to connect. */ host: pulumi.Input; /** * The port to which to connect. */ port: pulumi.Input; } export interface DataSourceParametersAwsIotAnalytics { /** * The name of the data set to which to connect. */ dataSetName: pulumi.Input; } export interface DataSourceParametersJira { /** * The base URL of the Jira instance's site to which to connect. */ siteBaseUrl: pulumi.Input; } export interface DataSourceParametersMariaDb { /** * The database to which to connect. */ database: pulumi.Input; /** * The host to which to connect. */ host: pulumi.Input; /** * The port to which to connect. */ port: pulumi.Input; } export interface DataSourceParametersMysql { /** * The database to which to connect. */ database: pulumi.Input; /** * The host to which to connect. */ host: pulumi.Input; /** * The port to which to connect. */ port: pulumi.Input; } export interface DataSourceParametersOracle { /** * The database to which to connect. */ database: pulumi.Input; /** * The host to which to connect. */ host: pulumi.Input; /** * The port to which to connect. */ port: pulumi.Input; } export interface DataSourceParametersPostgresql { /** * The database to which to connect. */ database: pulumi.Input; /** * The host to which to connect. */ host: pulumi.Input; /** * The port to which to connect. */ port: pulumi.Input; } export interface DataSourceParametersPresto { /** * The catalog to which to connect. */ catalog: pulumi.Input; /** * The host to which to connect. */ host: pulumi.Input; /** * The port to which to connect. */ port: pulumi.Input; } export interface DataSourceParametersRds { /** * The database to which to connect. */ database: pulumi.Input; /** * The instance ID to which to connect. */ instanceId: pulumi.Input; } export interface DataSourceParametersRedshift { /** * The ID of the cluster to which to connect. */ clusterId?: pulumi.Input; /** * The database to which to connect. */ database: pulumi.Input; /** * The host to which to connect. */ host?: pulumi.Input; /** * The port to which to connect. */ port?: pulumi.Input; } export interface DataSourceParametersS3 { /** * An object containing the S3 location of the S3 manifest file. */ manifestFileLocation: pulumi.Input; } export interface DataSourceParametersS3ManifestFileLocation { /** * The name of the bucket that contains the manifest file. */ bucket: pulumi.Input; /** * The key of the manifest file within the bucket. */ key: pulumi.Input; } export interface DataSourceParametersServiceNow { /** * The base URL of the Jira instance's site to which to connect. */ siteBaseUrl: pulumi.Input; } export interface DataSourceParametersSnowflake { /** * The database to which to connect. */ database: pulumi.Input; /** * The host to which to connect. */ host: pulumi.Input; /** * The warehouse to which to connect. */ warehouse: pulumi.Input; } export interface DataSourceParametersSpark { /** * The host to which to connect. */ host: pulumi.Input; /** * The warehouse to which to connect. */ port: pulumi.Input; } export interface DataSourceParametersSqlServer { /** * The database to which to connect. */ database: pulumi.Input; /** * The host to which to connect. */ host: pulumi.Input; /** * The warehouse to which to connect. */ port: pulumi.Input; } export interface DataSourceParametersTeradata { /** * The database to which to connect. */ database: pulumi.Input; /** * The host to which to connect. */ host: pulumi.Input; /** * The warehouse to which to connect. */ port: pulumi.Input; } export interface DataSourceParametersTwitter { /** * The maximum number of rows to query. */ maxRows: pulumi.Input; /** * The Twitter query to retrieve the data. */ query: pulumi.Input; } export interface DataSourcePermission { /** * Set of IAM actions to grant or revoke permissions on. Max of 16 items. */ actions: pulumi.Input[]>; /** * The Amazon Resource Name (ARN) of the principal. */ principal: pulumi.Input; } export interface DataSourceSslProperties { /** * A Boolean option to control whether SSL should be disabled. */ disableSsl: pulumi.Input; } export interface DataSourceVpcConnectionProperties { /** * The Amazon Resource Name (ARN) for the VPC connection. */ vpcConnectionArn: pulumi.Input; } export interface FolderPermission { /** * List of IAM actions to grant or revoke permissions on. */ actions: pulumi.Input[]>; /** * ARN of the principal. See the [ResourcePermission documentation](https://docs.aws.amazon.com/quicksight/latest/APIReference/API_ResourcePermission.html) for the applicable ARN values. */ principal: pulumi.Input; } export interface GetDataSetColumnLevelPermissionRule { columnNames?: string[]; principals?: string[]; } export interface GetDataSetColumnLevelPermissionRuleArgs { columnNames?: pulumi.Input[]>; principals?: pulumi.Input[]>; } export interface IamPolicyAssignmentIdentities { /** * Array of Quicksight group names to assign the policy to. */ groups?: pulumi.Input[]>; /** * Array of Quicksight user names to assign the policy to. */ users?: pulumi.Input[]>; } export interface NamespaceTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; } export interface RefreshScheduleSchedule { /** * The type of refresh that the dataset undergoes. Valid values are `INCREMENTAL_REFRESH` and `FULL_REFRESH`. */ refreshType: pulumi.Input; /** * The configuration of the [schedule frequency](https://docs.aws.amazon.com/quicksight/latest/APIReference/API_RefreshFrequency.html). See schedule_frequency. */ scheduleFrequency?: pulumi.Input; /** * Time after which the refresh schedule can be started, expressed in `YYYY-MM-DDTHH:MM:SS` format. */ startAfterDateTime?: pulumi.Input; } export interface RefreshScheduleScheduleScheduleFrequency { /** * The interval between scheduled refreshes. Valid values are `MINUTE15`, `MINUTE30`, `HOURLY`, `DAILY`, `WEEKLY` and `MONTHLY`. */ interval: pulumi.Input; /** * The [refresh on entity](https://docs.aws.amazon.com/quicksight/latest/APIReference/API_ScheduleRefreshOnEntity.html) configuration for weekly or monthly schedules. See refresh_on_day. */ refreshOnDay?: pulumi.Input; /** * The time of day that you want the dataset to refresh. This value is expressed in `HH:MM` format. This field is not required for schedules that refresh hourly. */ timeOfTheDay?: pulumi.Input; /** * The timezone that you want the refresh schedule to use. */ timezone?: pulumi.Input; } export interface RefreshScheduleScheduleScheduleFrequencyRefreshOnDay { /** * The day of the month that you want to schedule refresh on. */ dayOfMonth?: pulumi.Input; /** * The day of the week that you want to schedule a refresh on. Valid values are `SUNDAY`, `MONDAY`, `TUESDAY`, `WEDNESDAY`, `THURSDAY`, `FRIDAY` and `SATURDAY`. */ dayOfWeek?: pulumi.Input; } export interface TemplatePermission { /** * List of IAM actions to grant or revoke permissions on. */ actions: pulumi.Input[]>; /** * ARN of the principal. See the [ResourcePermission documentation](https://docs.aws.amazon.com/quicksight/latest/APIReference/API_ResourcePermission.html) for the applicable ARN values. */ principal: pulumi.Input; } export interface TemplateSourceEntity { /** * The source analysis, if it is based on an analysis.. Only one of `sourceAnalysis` or `sourceTemplate` should be configured. See source_analysis. */ sourceAnalysis?: pulumi.Input; /** * The source template, if it is based on an template.. Only one of `sourceAnalysis` or `sourceTemplate` should be configured. See source_template. */ sourceTemplate?: pulumi.Input; } export interface TemplateSourceEntitySourceAnalysis { /** * The Amazon Resource Name (ARN) of the resource. */ arn: pulumi.Input; /** * A list of dataset references used as placeholders in the template. See data_set_references. */ dataSetReferences: pulumi.Input[]>; } export interface TemplateSourceEntitySourceAnalysisDataSetReference { /** * Dataset Amazon Resource Name (ARN). */ dataSetArn: pulumi.Input; /** * Dataset placeholder. */ dataSetPlaceholder: pulumi.Input; } export interface TemplateSourceEntitySourceTemplate { /** * The Amazon Resource Name (ARN) of the resource. */ arn: pulumi.Input; } export interface ThemeConfiguration { /** * Color properties that apply to chart data colors. See data_color_palette. */ dataColorPalette?: pulumi.Input; /** * Display options related to sheets. See sheet. */ sheet?: pulumi.Input; /** * Determines the typography options. See typography. */ typography?: pulumi.Input; /** * Color properties that apply to the UI and to charts, excluding the colors that apply to data. See ui_color_palette. */ uiColorPalette?: pulumi.Input; } export interface ThemeConfigurationDataColorPalette { /** * List of hexadecimal codes for the colors. Minimum of 8 items and maximum of 20 items. */ colors?: pulumi.Input[]>; /** * The hexadecimal code of a color that applies to charts where a lack of data is highlighted. */ emptyFillColor?: pulumi.Input; /** * The minimum and maximum hexadecimal codes that describe a color gradient. List of exactly 2 items. */ minMaxGradients?: pulumi.Input[]>; } export interface ThemeConfigurationSheet { /** * The display options for tiles. See tile. */ tile?: pulumi.Input; /** * The layout options for tiles. See tile_layout. */ tileLayout?: pulumi.Input; } export interface ThemeConfigurationSheetTile { /** * The border around a tile. See border. */ border?: pulumi.Input; } export interface ThemeConfigurationSheetTileBorder { /** * The option to enable display of borders for visuals. */ show?: pulumi.Input; } export interface ThemeConfigurationSheetTileLayout { /** * The gutter settings that apply between tiles. See gutter. */ gutter?: pulumi.Input; /** * The margin settings that apply around the outside edge of sheets. See margin. */ margin?: pulumi.Input; } export interface ThemeConfigurationSheetTileLayoutGutter { /** * This Boolean value controls whether to display a gutter space between sheet tiles. */ show?: pulumi.Input; } export interface ThemeConfigurationSheetTileLayoutMargin { /** * This Boolean value controls whether to display sheet margins. */ show?: pulumi.Input; } export interface ThemeConfigurationTypography { /** * Determines the list of font families. Maximum number of 5 items. See font_families. */ fontFamilies?: pulumi.Input[]>; } export interface ThemeConfigurationTypographyFontFamily { /** * Font family name. */ fontFamily?: pulumi.Input; } export interface ThemeConfigurationUiColorPalette { /** * Color (hexadecimal) that applies to selected states and buttons. */ accent?: pulumi.Input; /** * Color (hexadecimal) that applies to any text or other elements that appear over the accent color. */ accentForeground?: pulumi.Input; /** * Color (hexadecimal) that applies to error messages. */ danger?: pulumi.Input; /** * Color (hexadecimal) that applies to any text or other elements that appear over the error color. */ dangerForeground?: pulumi.Input; /** * Color (hexadecimal) that applies to the names of fields that are identified as dimensions. */ dimension?: pulumi.Input; /** * Color (hexadecimal) that applies to any text or other elements that appear over the dimension color. */ dimensionForeground?: pulumi.Input; /** * Color (hexadecimal) that applies to the names of fields that are identified as measures. */ measure?: pulumi.Input; /** * Color (hexadecimal) that applies to any text or other elements that appear over the measure color. */ measureForeground?: pulumi.Input; /** * Color (hexadecimal) that applies to visuals and other high emphasis UI. */ primaryBackground?: pulumi.Input; /** * Color (hexadecimal) of text and other foreground elements that appear over the primary background regions, such as grid lines, borders, table banding, icons, and so on. */ primaryForeground?: pulumi.Input; /** * Color (hexadecimal) that applies to the sheet background and sheet controls. */ secondaryBackground?: pulumi.Input; /** * Color (hexadecimal) that applies to any sheet title, sheet control text, or UI that appears over the secondary background. */ secondaryForeground?: pulumi.Input; /** * Color (hexadecimal) that applies to success messages, for example the check mark for a successful download. */ success?: pulumi.Input; /** * Color (hexadecimal) that applies to any text or other elements that appear over the success color. */ successForeground?: pulumi.Input; /** * Color (hexadecimal) that applies to warning and informational messages. */ warning?: pulumi.Input; /** * Color (hexadecimal) that applies to any text or other elements that appear over the warning color. */ warningForeground?: pulumi.Input; } export interface ThemePermission { /** * List of IAM actions to grant or revoke permissions on. */ actions: pulumi.Input[]>; /** * ARN of the principal. See the [ResourcePermission documentation](https://docs.aws.amazon.com/quicksight/latest/APIReference/API_ResourcePermission.html) for the applicable ARN values. */ principal: pulumi.Input; } export interface VpcConnectionTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } } export namespace ram { export interface GetResourceShareFilter { /** * Name of the tag key to filter on. */ name: string; /** * Value of the tag key. */ values: string[]; } export interface GetResourceShareFilterArgs { /** * Name of the tag key to filter on. */ name: pulumi.Input; /** * Value of the tag key. */ values: pulumi.Input[]>; } } export namespace rbin { export interface RuleLockConfiguration { /** * Information about the retention rule unlock delay. See `unlockDelay` below. */ unlockDelay: pulumi.Input; } export interface RuleLockConfigurationUnlockDelay { /** * The unit of time in which to measure the unlock delay. Currently, the unlock delay can be measure only in days. */ unlockDelayUnit: pulumi.Input; /** * The unlock delay period, measured in the unit specified for UnlockDelayUnit. */ unlockDelayValue: pulumi.Input; } export interface RuleResourceTag { /** * The tag key. * * The following argument is optional: */ resourceTagKey: pulumi.Input; /** * The tag value. */ resourceTagValue?: pulumi.Input; } export interface RuleRetentionPeriod { /** * The unit of time in which the retention period is measured. Currently, only DAYS is supported. */ retentionPeriodUnit: pulumi.Input; /** * The period value for which the retention rule is to retain resources. The period is measured using the unit specified for RetentionPeriodUnit. */ retentionPeriodValue: pulumi.Input; } } export namespace rds { export interface ClusterMasterUserSecret { /** * ARN for the KMS encryption key. When specifying `kmsKeyId`, `storageEncrypted` needs to be set to true. */ kmsKeyId?: pulumi.Input; /** * Amazon Resource Name (ARN) of the secret. */ secretArn?: pulumi.Input; /** * Status of the secret. Valid Values: `creating` | `active` | `rotating` | `impaired`. */ secretStatus?: pulumi.Input; } export interface ClusterParameterGroupParameter { /** * "immediate" (default), or "pending-reboot". Some * engines can't apply some parameters without a reboot, and you will need to * specify "pending-reboot" here. */ applyMethod?: pulumi.Input; /** * The name of the DB parameter. */ name: pulumi.Input; /** * The value of the DB parameter. */ value: pulumi.Input; } export interface ClusterRestoreToPointInTime { /** * Date and time in UTC format to restore the database cluster to. Conflicts with `useLatestRestorableTime`. */ restoreToTime?: pulumi.Input; /** * Type of restore to be performed. * Valid options are `full-copy` (default) and `copy-on-write`. */ restoreType?: pulumi.Input; /** * Identifier of the source database cluster from which to restore. When restoring from a cluster in another AWS account, the identifier is the ARN of that cluster. */ sourceClusterIdentifier: pulumi.Input; /** * Set to true to restore the database cluster to the latest restorable backup time. Defaults to false. Conflicts with `restoreToTime`. */ useLatestRestorableTime?: pulumi.Input; } export interface ClusterS3Import { bucketName: pulumi.Input; bucketPrefix?: pulumi.Input; ingestionRole: pulumi.Input; sourceEngine: pulumi.Input; sourceEngineVersion: pulumi.Input; } export interface ClusterScalingConfiguration { /** * Whether to enable automatic pause. A DB cluster can be paused only when it's idle (it has no connections). If a DB cluster is paused for more than seven days, the DB cluster might be backed up with a snapshot. In this case, the DB cluster is restored when there is a request to connect to it. Defaults to `true`. */ autoPause?: pulumi.Input; /** * Maximum capacity for an Aurora DB cluster in `serverless` DB engine mode. The maximum capacity must be greater than or equal to the minimum capacity. Valid Aurora MySQL capacity values are `1`, `2`, `4`, `8`, `16`, `32`, `64`, `128`, `256`. Valid Aurora PostgreSQL capacity values are (`2`, `4`, `8`, `16`, `32`, `64`, `192`, and `384`). Defaults to `16`. */ maxCapacity?: pulumi.Input; /** * Minimum capacity for an Aurora DB cluster in `serverless` DB engine mode. The minimum capacity must be lesser than or equal to the maximum capacity. Valid Aurora MySQL capacity values are `1`, `2`, `4`, `8`, `16`, `32`, `64`, `128`, `256`. Valid Aurora PostgreSQL capacity values are (`2`, `4`, `8`, `16`, `32`, `64`, `192`, and `384`). Defaults to `1`. */ minCapacity?: pulumi.Input; /** * Time, in seconds, before an Aurora DB cluster in serverless mode is paused. Valid values are `300` through `86400`. Defaults to `300`. */ secondsUntilAutoPause?: pulumi.Input; /** * Action to take when the timeout is reached. Valid values: `ForceApplyCapacityChange`, `RollbackCapacityChange`. Defaults to `RollbackCapacityChange`. See [documentation](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless-v1.how-it-works.html#aurora-serverless.how-it-works.timeout-action). */ timeoutAction?: pulumi.Input; } export interface ClusterServerlessv2ScalingConfiguration { /** * Maximum capacity for an Aurora DB cluster in `provisioned` DB engine mode. The maximum capacity must be greater than or equal to the minimum capacity. Valid capacity values are in a range of `0.5` up to `128` in steps of `0.5`. */ maxCapacity: pulumi.Input; /** * Minimum capacity for an Aurora DB cluster in `provisioned` DB engine mode. The minimum capacity must be lesser than or equal to the maximum capacity. Valid capacity values are in a range of `0.5` up to `128` in steps of `0.5`. */ minCapacity: pulumi.Input; } export interface ExportTaskTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; } export interface GetClustersFilter { /** * Name of the filter field. Valid values can be found in the [RDS DescribeDBClusters API Reference](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBClusters.html). */ name: string; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: string[]; } export interface GetClustersFilterArgs { /** * Name of the filter field. Valid values can be found in the [RDS DescribeDBClusters API Reference](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBClusters.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: pulumi.Input[]>; } export interface GetEngineVersionFilter { name: string; values: string[]; } export interface GetEngineVersionFilterArgs { name: pulumi.Input; values: pulumi.Input[]>; } export interface GetInstancesFilter { /** * Name of the filter field. Valid values can be found in the [RDS DescribeDBClusters API Reference](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBClusters.html) or [RDS DescribeDBInstances API Reference](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBInstances.html). */ name: string; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: string[]; } export interface GetInstancesFilterArgs { /** * Name of the filter field. Valid values can be found in the [RDS DescribeDBClusters API Reference](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBClusters.html) or [RDS DescribeDBInstances API Reference](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBInstances.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: pulumi.Input[]>; } export interface GlobalClusterGlobalClusterMember { /** * Amazon Resource Name (ARN) of member DB Cluster */ dbClusterArn?: pulumi.Input; /** * Whether the member is the primary DB Cluster */ isWriter?: pulumi.Input; } export interface InstanceBlueGreenUpdate { /** * Enables low-downtime updates when `true`. * Default is `false`. * * [instance-replication]: * https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.Replication.html * [instance-maintenance]: * https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Maintenance.html * [blue-green]: * https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/blue-green-deployments.html */ enabled?: pulumi.Input; } export interface InstanceListenerEndpoint { /** * Specifies the DNS address of the DB instance. */ address?: pulumi.Input; /** * Specifies the ID that Amazon Route 53 assigns when you create a hosted zone. */ hostedZoneId?: pulumi.Input; /** * The port on which the DB accepts connections. */ port?: pulumi.Input; } export interface InstanceMasterUserSecret { /** * The ARN for the KMS encryption key. If creating an * encrypted replica, set this to the destination KMS ARN. */ kmsKeyId?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the secret. */ secretArn?: pulumi.Input; /** * The status of the secret. Valid Values: `creating` | `active` | `rotating` | `impaired`. */ secretStatus?: pulumi.Input; } export interface InstanceRestoreToPointInTime { /** * The date and time to restore from. Value must be a time in Universal Coordinated Time (UTC) format and must be before the latest restorable time for the DB instance. Cannot be specified with `useLatestRestorableTime`. */ restoreTime?: pulumi.Input; /** * The ARN of the automated backup from which to restore. Required if `sourceDbInstanceIdentifier` or `sourceDbiResourceId` is not specified. */ sourceDbInstanceAutomatedBackupsArn?: pulumi.Input; /** * The identifier of the source DB instance from which to restore. Must match the identifier of an existing DB instance. Required if `sourceDbInstanceAutomatedBackupsArn` or `sourceDbiResourceId` is not specified. */ sourceDbInstanceIdentifier?: pulumi.Input; /** * The resource ID of the source DB instance from which to restore. Required if `sourceDbInstanceIdentifier` or `sourceDbInstanceAutomatedBackupsArn` is not specified. */ sourceDbiResourceId?: pulumi.Input; /** * A boolean value that indicates whether the DB instance is restored from the latest backup time. Defaults to `false`. Cannot be specified with `restoreTime`. */ useLatestRestorableTime?: pulumi.Input; } export interface InstanceS3Import { bucketName: pulumi.Input; bucketPrefix?: pulumi.Input; ingestionRole: pulumi.Input; sourceEngine: pulumi.Input; sourceEngineVersion: pulumi.Input; } export interface OptionGroupOption { /** * List of DB Security Groups for which the option is enabled. */ dbSecurityGroupMemberships?: pulumi.Input[]>; /** * Name of the option (e.g., MEMCACHED). */ optionName: pulumi.Input; /** * The option settings to apply. See `optionSettings` Block below for more details. */ optionSettings?: pulumi.Input[]>; /** * Port number when connecting to the option (e.g., 11211). Leaving out or removing `port` from your configuration does not remove or clear a port from the option in AWS. AWS may assign a default port. Not including `port` in your configuration means that the AWS provider will ignore a previously set value, a value set by AWS, and any port changes. */ port?: pulumi.Input; /** * Version of the option (e.g., 13.1.0.0). Leaving out or removing `version` from your configuration does not remove or clear a version from the option in AWS. AWS may assign a default version. Not including `version` in your configuration means that the AWS provider will ignore a previously set value, a value set by AWS, and any version changes. */ version?: pulumi.Input; /** * List of VPC Security Groups for which the option is enabled. */ vpcSecurityGroupMemberships?: pulumi.Input[]>; } export interface OptionGroupOptionOptionSetting { /** * Name of the setting. */ name: pulumi.Input; /** * Value of the setting. */ value: pulumi.Input; } export interface ParameterGroupParameter { /** * "immediate" (default), or "pending-reboot". Some * engines can't apply some parameters without a reboot, and you will need to * specify "pending-reboot" here. */ applyMethod?: pulumi.Input; /** * The name of the DB parameter. */ name: pulumi.Input; /** * The value of the DB parameter. */ value: pulumi.Input; } /** * parameterGroupParameterProvideDefaults sets the appropriate defaults for ParameterGroupParameter */ export function parameterGroupParameterProvideDefaults(val: ParameterGroupParameter): ParameterGroupParameter { return { ...val, applyMethod: (val.applyMethod) ?? "immediate", }; } export interface ProxyAuth { /** * The type of authentication that the proxy uses for connections from the proxy to the underlying database. One of `SECRETS`. */ authScheme?: pulumi.Input; /** * The type of authentication the proxy uses for connections from clients. Valid values are `MYSQL_NATIVE_PASSWORD`, `POSTGRES_SCRAM_SHA_256`, `POSTGRES_MD5`, and `SQL_SERVER_AUTHENTICATION`. */ clientPasswordAuthType?: pulumi.Input; /** * A user-specified description about the authentication used by a proxy to log in as a specific database user. */ description?: pulumi.Input; /** * Whether to require or disallow AWS Identity and Access Management (IAM) authentication for connections to the proxy. One of `DISABLED`, `REQUIRED`. */ iamAuth?: pulumi.Input; /** * The Amazon Resource Name (ARN) representing the secret that the proxy uses to authenticate to the RDS DB instance or Aurora DB cluster. These secrets are stored within Amazon Secrets Manager. */ secretArn?: pulumi.Input; /** * The name of the database user to which the proxy connects. */ username?: pulumi.Input; } export interface ProxyDefaultTargetGroupConnectionPoolConfig { /** * The number of seconds for a proxy to wait for a connection to become available in the connection pool. Only applies when the proxy has opened its maximum number of connections and all connections are busy with client sessions. */ connectionBorrowTimeout?: pulumi.Input; /** * One or more SQL statements for the proxy to run when opening each new database connection. Typically used with `SET` statements to make sure that each connection has identical settings such as time zone and character set. This setting is empty by default. For multiple statements, use semicolons as the separator. You can also include multiple variables in a single `SET` statement, such as `SET x=1, y=2`. */ initQuery?: pulumi.Input; /** * The maximum size of the connection pool for each target in a target group. For Aurora MySQL, it is expressed as a percentage of the maxConnections setting for the RDS DB instance or Aurora DB cluster used by the target group. */ maxConnectionsPercent?: pulumi.Input; /** * Controls how actively the proxy closes idle database connections in the connection pool. A high value enables the proxy to leave a high percentage of idle connections open. A low value causes the proxy to close idle client connections and return the underlying database connections to the connection pool. For Aurora MySQL, it is expressed as a percentage of the maxConnections setting for the RDS DB instance or Aurora DB cluster used by the target group. */ maxIdleConnectionsPercent?: pulumi.Input; /** * Each item in the list represents a class of SQL operations that normally cause all later statements in a session using a proxy to be pinned to the same underlying database connection. Including an item in the list exempts that class of SQL operations from the pinning behavior. Currently, the only allowed value is `EXCLUDE_VARIABLE_SETS`. */ sessionPinningFilters?: pulumi.Input[]>; } export interface ReservedInstanceRecurringCharge { recurringChargeAmount?: pulumi.Input; recurringChargeFrequency?: pulumi.Input; } } export namespace redshift { export interface ClusterClusterNode { /** * Whether the node is a leader node or a compute node */ nodeRole?: pulumi.Input; /** * The private IP address of a node within a cluster */ privateIpAddress?: pulumi.Input; /** * The public IP address of a node within a cluster */ publicIpAddress?: pulumi.Input; } export interface ClusterLogging { /** * The name of an existing S3 bucket where the log files are to be stored. Must be in the same region as the cluster and the cluster must have read bucket and put object permissions. * For more information on the permissions required for the bucket, please read the AWS [documentation](http://docs.aws.amazon.com/redshift/latest/mgmt/db-auditing.html#db-auditing-enable-logging) */ bucketName?: pulumi.Input; /** * Enables logging information such as queries and connection attempts, for the specified Amazon Redshift cluster. */ enable: pulumi.Input; /** * The log destination type. An enum with possible values of `s3` and `cloudwatch`. */ logDestinationType?: pulumi.Input; /** * The collection of exported log types. Log types include the connection log, user log and user activity log. Required when `logDestinationType` is `cloudwatch`. Valid log types are `connectionlog`, `userlog`, and `useractivitylog`. */ logExports?: pulumi.Input[]>; /** * The prefix applied to the log file names. */ s3KeyPrefix?: pulumi.Input; } export interface ClusterSnapshotCopy { /** * The destination region that you want to copy snapshots to. */ destinationRegion: pulumi.Input; /** * The name of the snapshot copy grant to use when snapshots of an AWS KMS-encrypted cluster are copied to the destination region. */ grantName?: pulumi.Input; /** * The number of days to retain automated snapshots in the destination region after they are copied from the source region. Defaults to `7`. */ retentionPeriod?: pulumi.Input; } export interface EndpointAccessVpcEndpoint { /** * One or more network interfaces of the endpoint. Also known as an interface endpoint. See details below. */ networkInterfaces?: pulumi.Input[]>; /** * The connection endpoint ID for connecting an Amazon Redshift cluster through the proxy. */ vpcEndpointId?: pulumi.Input; /** * The VPC identifier that the endpoint is associated. */ vpcId?: pulumi.Input; } export interface EndpointAccessVpcEndpointNetworkInterface { /** * The Availability Zone. */ availabilityZone?: pulumi.Input; /** * The network interface identifier. */ networkInterfaceId?: pulumi.Input; /** * The IPv4 address of the network interface within the subnet. */ privateIpAddress?: pulumi.Input; /** * The subnet identifier. */ subnetId?: pulumi.Input; } export interface GetDataSharesDataShare { /** * ARN (Amazon Resource Name) of the data share. */ dataShareArn?: string; /** * Identifier of a datashare to show its managing entity. */ managedBy?: string; /** * ARN (Amazon Resource Name) of the producer. */ producerArn?: string; } export interface GetDataSharesDataShareArgs { /** * ARN (Amazon Resource Name) of the data share. */ dataShareArn?: pulumi.Input; /** * Identifier of a datashare to show its managing entity. */ managedBy?: pulumi.Input; /** * ARN (Amazon Resource Name) of the producer. */ producerArn?: pulumi.Input; } export interface GetProducerDataSharesDataShare { /** * ARN (Amazon Resource Name) of the data share. */ dataShareArn?: string; /** * Identifier of a datashare to show its managing entity. */ managedBy?: string; /** * Amazon Resource Name (ARN) of the producer namespace that returns in the list of datashares. * * The following arguments are optional: */ producerArn?: string; } export interface GetProducerDataSharesDataShareArgs { /** * ARN (Amazon Resource Name) of the data share. */ dataShareArn?: pulumi.Input; /** * Identifier of a datashare to show its managing entity. */ managedBy?: pulumi.Input; /** * Amazon Resource Name (ARN) of the producer namespace that returns in the list of datashares. * * The following arguments are optional: */ producerArn?: pulumi.Input; } export interface ParameterGroupParameter { /** * The name of the Redshift parameter. */ name: pulumi.Input; /** * The value of the Redshift parameter. */ value: pulumi.Input; } export interface ScheduledActionTargetAction { /** * An action that runs a `PauseCluster` API operation. Documented below. */ pauseCluster?: pulumi.Input; /** * An action that runs a `ResizeCluster` API operation. Documented below. */ resizeCluster?: pulumi.Input; /** * An action that runs a `ResumeCluster` API operation. Documented below. */ resumeCluster?: pulumi.Input; } export interface ScheduledActionTargetActionPauseCluster { /** * The identifier of the cluster to be paused. */ clusterIdentifier: pulumi.Input; } export interface ScheduledActionTargetActionResizeCluster { /** * A boolean value indicating whether the resize operation is using the classic resize process. Default: `false`. */ classic?: pulumi.Input; /** * The unique identifier for the cluster to resize. */ clusterIdentifier: pulumi.Input; /** * The new cluster type for the specified cluster. */ clusterType?: pulumi.Input; /** * The new node type for the nodes you are adding. */ nodeType?: pulumi.Input; /** * The new number of nodes for the cluster. */ numberOfNodes?: pulumi.Input; } export interface ScheduledActionTargetActionResumeCluster { /** * The identifier of the cluster to be resumed. */ clusterIdentifier: pulumi.Input; } } export namespace redshiftdata { export interface StatementParameter { name: pulumi.Input; value: pulumi.Input; } } export namespace redshiftserverless { export interface EndpointAccessVpcEndpoint { /** * The network interfaces of the endpoint.. See `Network Interface` below. */ networkInterfaces?: pulumi.Input[]>; /** * The DNS address of the VPC endpoint. */ vpcEndpointId?: pulumi.Input; /** * The port that Amazon Redshift Serverless listens on. */ vpcId?: pulumi.Input; } export interface EndpointAccessVpcEndpointNetworkInterface { /** * The availability Zone. */ availabilityZone?: pulumi.Input; /** * The unique identifier of the network interface. */ networkInterfaceId?: pulumi.Input; /** * The IPv4 address of the network interface within the subnet. */ privateIpAddress?: pulumi.Input; /** * The unique identifier of the subnet. */ subnetId?: pulumi.Input; } export interface WorkgroupConfigParameter { /** * The key of the parameter. The options are `autoMv`, `datestyle`, `enableCaseSensitiveIdentifier`, `enableUserActivityLogging`, `queryGroup`, `searchPath`, `requireSsl`, `useFipsSsl`, and [query monitoring metrics](https://docs.aws.amazon.com/redshift/latest/dg/cm-c-wlm-query-monitoring-rules.html#cm-c-wlm-query-monitoring-metrics-serverless) that let you define performance boundaries: `maxQueryCpuTime`, `maxQueryBlocksRead`, `maxScanRowCount`, `maxQueryExecutionTime`, `maxQueryQueueTime`, `maxQueryCpuUsagePercent`, `maxQueryTempBlocksToDisk`, `maxJoinRowCount` and `maxNestedLoopJoinRowCount`. */ parameterKey: pulumi.Input; /** * The value of the parameter to set. */ parameterValue: pulumi.Input; } export interface WorkgroupEndpoint { /** * The DNS address of the VPC endpoint. */ address?: pulumi.Input; /** * The port number on which the cluster accepts incoming connections. */ port?: pulumi.Input; /** * The VPC endpoint or the Redshift Serverless workgroup. See `VPC Endpoint` below. */ vpcEndpoints?: pulumi.Input[]>; } export interface WorkgroupEndpointVpcEndpoint { /** * The network interfaces of the endpoint.. See `Network Interface` below. */ networkInterfaces?: pulumi.Input[]>; /** * The DNS address of the VPC endpoint. */ vpcEndpointId?: pulumi.Input; /** * The port that Amazon Redshift Serverless listens on. */ vpcId?: pulumi.Input; } export interface WorkgroupEndpointVpcEndpointNetworkInterface { /** * The availability Zone. */ availabilityZone?: pulumi.Input; /** * The unique identifier of the network interface. */ networkInterfaceId?: pulumi.Input; /** * The IPv4 address of the network interface within the subnet. */ privateIpAddress?: pulumi.Input; /** * The unique identifier of the subnet. */ subnetId?: pulumi.Input; } } export namespace rekognition { export interface CollectionTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; } export interface ProjectTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; } } export namespace resourceexplorer { export interface IndexTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface SearchResource { /** * Amazon resource name of resource. */ arn?: string; /** * The date and time that the information about this resource property was last updated. */ lastReportedAt?: string; /** * Amazon Web Services account that owns the resource. */ owningAccountId?: string; /** * Amazon Web Services Region in which the resource was created and exists. */ region?: string; /** * Structure with additional type-specific details about the resource. See `resourceProperty` below. */ resourceProperties?: inputs.resourceexplorer.SearchResourceResourceProperty[]; /** * Type of the resource. */ resourceType?: string; /** * Amazon Web Service that owns the resource and is responsible for creating and updating it. */ service?: string; } export interface SearchResourceArgs { /** * Amazon resource name of resource. */ arn?: pulumi.Input; /** * The date and time that the information about this resource property was last updated. */ lastReportedAt?: pulumi.Input; /** * Amazon Web Services account that owns the resource. */ owningAccountId?: pulumi.Input; /** * Amazon Web Services Region in which the resource was created and exists. */ region?: pulumi.Input; /** * Structure with additional type-specific details about the resource. See `resourceProperty` below. */ resourceProperties?: pulumi.Input[]>; /** * Type of the resource. */ resourceType?: pulumi.Input; /** * Amazon Web Service that owns the resource and is responsible for creating and updating it. */ service?: pulumi.Input; } export interface SearchResourceCount { completed: boolean; /** * Number of resources that match the search query. This value can't exceed 1,000. If there are more than 1,000 resources that match the query, then only 1,000 are counted and the Complete field is set to false. We recommend that you refine your query to return a smaller number of results. */ totalResources?: number; } export interface SearchResourceCountArgs { completed: pulumi.Input; /** * Number of resources that match the search query. This value can't exceed 1,000. If there are more than 1,000 resources that match the query, then only 1,000 are counted and the Complete field is set to false. We recommend that you refine your query to return a smaller number of results. */ totalResources?: pulumi.Input; } export interface SearchResourceResourceProperty { /** * Details about this property. The content of this field is a JSON object that varies based on the resource type. */ data?: string; /** * The date and time that the information about this resource property was last updated. */ lastReportedAt?: string; /** * Name of this property of the resource. */ name?: string; } export interface SearchResourceResourcePropertyArgs { /** * Details about this property. The content of this field is a JSON object that varies based on the resource type. */ data?: pulumi.Input; /** * The date and time that the information about this resource property was last updated. */ lastReportedAt?: pulumi.Input; /** * Name of this property of the resource. */ name?: pulumi.Input; } export interface ViewFilters { /** * The string that contains the search keywords, prefixes, and operators to control the results that can be returned by a search operation. For more details, see [Search query syntax](https://docs.aws.amazon.com/resource-explorer/latest/userguide/using-search-query-syntax.html). */ filterString: pulumi.Input; } export interface ViewIncludedProperty { /** * The name of the property that is included in this view. Valid values: `tags`. */ name: pulumi.Input; } } export namespace resourcegroups { export interface GroupConfiguration { /** * A collection of parameters for this group configuration item. See below for details. */ parameters?: pulumi.Input[]>; /** * Specifies the type of group configuration item. */ type: pulumi.Input; } export interface GroupConfigurationParameter { /** * The name of the group configuration parameter. */ name: pulumi.Input; /** * The value or values to be used for the specified parameter. */ values: pulumi.Input[]>; } export interface GroupResourceQuery { /** * The resource query as a JSON string. */ query: pulumi.Input; /** * The type of the resource query. Defaults to `TAG_FILTERS_1_0`. */ type?: pulumi.Input; } } export namespace resourcegroupstaggingapi { export interface GetResourcesTagFilter { /** * One part of a key-value pair that makes up a tag. */ key: string; /** * Optional part of a key-value pair that make up a tag. */ values?: string[]; } export interface GetResourcesTagFilterArgs { /** * One part of a key-value pair that makes up a tag. */ key: pulumi.Input; /** * Optional part of a key-value pair that make up a tag. */ values?: pulumi.Input[]>; } } export namespace rolesanywhere { export interface TrustAnchorSource { /** * The data denoting the source of trust, documented below */ sourceData: pulumi.Input; /** * The type of the source of trust. Must be either `AWS_ACM_PCA` or `CERTIFICATE_BUNDLE`. */ sourceType: pulumi.Input; } export interface TrustAnchorSourceSourceData { /** * The ARN of an ACM Private Certificate Authority. */ acmPcaArn?: pulumi.Input; x509CertificateData?: pulumi.Input; } } export namespace route53 { export interface GetQueryLogConfigFilter { /** * The name of the query logging configuration. */ name: string; values: string[]; } export interface GetQueryLogConfigFilterArgs { /** * The name of the query logging configuration. */ name: pulumi.Input; values: pulumi.Input[]>; } export interface GetResolverEndpointFilter { name: string; values: string[]; } export interface GetResolverEndpointFilterArgs { name: pulumi.Input; values: pulumi.Input[]>; } export interface GetTrafficPolicyDocumentEndpoint { /** * ID of an endpoint you want to assign. */ id: string; /** * To route traffic to an Amazon S3 bucket that is configured as a website endpoint, specify the region in which you created the bucket for `region`. */ region?: string; /** * Type of the endpoint. Valid values are `value` , `cloudfront` , `elastic-load-balancer`, `s3-website` */ type?: string; /** * Value of the `type`. */ value?: string; } export interface GetTrafficPolicyDocumentEndpointArgs { /** * ID of an endpoint you want to assign. */ id: pulumi.Input; /** * To route traffic to an Amazon S3 bucket that is configured as a website endpoint, specify the region in which you created the bucket for `region`. */ region?: pulumi.Input; /** * Type of the endpoint. Valid values are `value` , `cloudfront` , `elastic-load-balancer`, `s3-website` */ type?: pulumi.Input; /** * Value of the `type`. */ value?: pulumi.Input; } export interface GetTrafficPolicyDocumentRule { /** * Configuration block for when you add a geoproximity rule, you configure Amazon Route 53 to route traffic to your resources based on the geographic location of your resources. Only valid for `geoproximity` type. See below */ geoProximityLocations?: inputs.route53.GetTrafficPolicyDocumentRuleGeoProximityLocation[]; /** * ID of a rule you want to assign. */ id: string; /** * Configuration block for when you add a multivalue answer rule, you configure your traffic policy to route traffic approximately randomly to your healthy resources. Only valid for `multivalue` type. See below */ items?: inputs.route53.GetTrafficPolicyDocumentRuleItem[]; /** * Configuration block for when you add a geolocation rule, you configure your traffic policy to route your traffic based on the geographic location of your users. Only valid for `geo` type. See below */ locations?: inputs.route53.GetTrafficPolicyDocumentRuleLocation[]; /** * Configuration block for the settings for the rule or endpoint that you want to route traffic to whenever the corresponding resources are available. Only valid for `failover` type. See below */ primary?: inputs.route53.GetTrafficPolicyDocumentRulePrimary; regions?: inputs.route53.GetTrafficPolicyDocumentRuleRegion[]; /** * Configuration block for the rule or endpoint that you want to route traffic to whenever the primary resources are not available. Only valid for `failover` type. See below */ secondary?: inputs.route53.GetTrafficPolicyDocumentRuleSecondary; /** * Type of the rule. */ type?: string; } export interface GetTrafficPolicyDocumentRuleArgs { /** * Configuration block for when you add a geoproximity rule, you configure Amazon Route 53 to route traffic to your resources based on the geographic location of your resources. Only valid for `geoproximity` type. See below */ geoProximityLocations?: pulumi.Input[]>; /** * ID of a rule you want to assign. */ id: pulumi.Input; /** * Configuration block for when you add a multivalue answer rule, you configure your traffic policy to route traffic approximately randomly to your healthy resources. Only valid for `multivalue` type. See below */ items?: pulumi.Input[]>; /** * Configuration block for when you add a geolocation rule, you configure your traffic policy to route your traffic based on the geographic location of your users. Only valid for `geo` type. See below */ locations?: pulumi.Input[]>; /** * Configuration block for the settings for the rule or endpoint that you want to route traffic to whenever the corresponding resources are available. Only valid for `failover` type. See below */ primary?: pulumi.Input; regions?: pulumi.Input[]>; /** * Configuration block for the rule or endpoint that you want to route traffic to whenever the primary resources are not available. Only valid for `failover` type. See below */ secondary?: pulumi.Input; /** * Type of the rule. */ type?: pulumi.Input; } export interface GetTrafficPolicyDocumentRuleGeoProximityLocation { /** * Specify a value for `bias` if you want to route more traffic to an endpoint from nearby endpoints (positive values) or route less traffic to an endpoint (negative values). */ bias?: string; /** * References to an endpoint. */ endpointReference?: string; /** * Indicates whether you want Amazon Route 53 to evaluate the health of the endpoint and route traffic only to healthy endpoints. */ evaluateTargetHealth?: boolean; /** * If you want to associate a health check with the endpoint or rule. */ healthCheck?: string; /** * Represents the location south (negative) or north (positive) of the equator. Valid values are -90 degrees to 90 degrees. */ latitude?: string; /** * Represents the location west (negative) or east (positive) of the prime meridian. Valid values are -180 degrees to 180 degrees. */ longitude?: string; /** * If your endpoint is an AWS resource, specify the AWS Region that you created the resource in. */ region?: string; /** * References to a rule. */ ruleReference?: string; } export interface GetTrafficPolicyDocumentRuleGeoProximityLocationArgs { /** * Specify a value for `bias` if you want to route more traffic to an endpoint from nearby endpoints (positive values) or route less traffic to an endpoint (negative values). */ bias?: pulumi.Input; /** * References to an endpoint. */ endpointReference?: pulumi.Input; /** * Indicates whether you want Amazon Route 53 to evaluate the health of the endpoint and route traffic only to healthy endpoints. */ evaluateTargetHealth?: pulumi.Input; /** * If you want to associate a health check with the endpoint or rule. */ healthCheck?: pulumi.Input; /** * Represents the location south (negative) or north (positive) of the equator. Valid values are -90 degrees to 90 degrees. */ latitude?: pulumi.Input; /** * Represents the location west (negative) or east (positive) of the prime meridian. Valid values are -180 degrees to 180 degrees. */ longitude?: pulumi.Input; /** * If your endpoint is an AWS resource, specify the AWS Region that you created the resource in. */ region?: pulumi.Input; /** * References to a rule. */ ruleReference?: pulumi.Input; } export interface GetTrafficPolicyDocumentRuleItem { endpointReference?: string; healthCheck?: string; } export interface GetTrafficPolicyDocumentRuleItemArgs { endpointReference?: pulumi.Input; healthCheck?: pulumi.Input; } export interface GetTrafficPolicyDocumentRuleLocation { /** * Value of a continent. */ continent?: string; /** * Value of a country. */ country?: string; /** * References to an endpoint. */ endpointReference?: string; /** * Indicates whether you want Amazon Route 53 to evaluate the health of the endpoint and route traffic only to healthy endpoints. */ evaluateTargetHealth?: boolean; /** * If you want to associate a health check with the endpoint or rule. */ healthCheck?: string; /** * Indicates whether this set of values represents the default location. */ isDefault?: boolean; /** * References to a rule. */ ruleReference?: string; /** * Value of a subdivision. */ subdivision?: string; } export interface GetTrafficPolicyDocumentRuleLocationArgs { /** * Value of a continent. */ continent?: pulumi.Input; /** * Value of a country. */ country?: pulumi.Input; /** * References to an endpoint. */ endpointReference?: pulumi.Input; /** * Indicates whether you want Amazon Route 53 to evaluate the health of the endpoint and route traffic only to healthy endpoints. */ evaluateTargetHealth?: pulumi.Input; /** * If you want to associate a health check with the endpoint or rule. */ healthCheck?: pulumi.Input; /** * Indicates whether this set of values represents the default location. */ isDefault?: pulumi.Input; /** * References to a rule. */ ruleReference?: pulumi.Input; /** * Value of a subdivision. */ subdivision?: pulumi.Input; } export interface GetTrafficPolicyDocumentRulePrimary { /** * References to an endpoint. */ endpointReference?: string; /** * Indicates whether you want Amazon Route 53 to evaluate the health of the endpoint and route traffic only to healthy endpoints. */ evaluateTargetHealth?: boolean; /** * If you want to associate a health check with the endpoint or rule. */ healthCheck?: string; /** * References to a rule. */ ruleReference?: string; } export interface GetTrafficPolicyDocumentRulePrimaryArgs { /** * References to an endpoint. */ endpointReference?: pulumi.Input; /** * Indicates whether you want Amazon Route 53 to evaluate the health of the endpoint and route traffic only to healthy endpoints. */ evaluateTargetHealth?: pulumi.Input; /** * If you want to associate a health check with the endpoint or rule. */ healthCheck?: pulumi.Input; /** * References to a rule. */ ruleReference?: pulumi.Input; } export interface GetTrafficPolicyDocumentRuleRegion { /** * References to an endpoint. */ endpointReference?: string; /** * Indicates whether you want Amazon Route 53 to evaluate the health of the endpoint and route traffic only to healthy endpoints. */ evaluateTargetHealth?: boolean; /** * If you want to associate a health check with the endpoint or rule. */ healthCheck?: string; /** * Region code for the AWS Region that you created the resource in. */ region?: string; /** * References to a rule. */ ruleReference?: string; } export interface GetTrafficPolicyDocumentRuleRegionArgs { /** * References to an endpoint. */ endpointReference?: pulumi.Input; /** * Indicates whether you want Amazon Route 53 to evaluate the health of the endpoint and route traffic only to healthy endpoints. */ evaluateTargetHealth?: pulumi.Input; /** * If you want to associate a health check with the endpoint or rule. */ healthCheck?: pulumi.Input; /** * Region code for the AWS Region that you created the resource in. */ region?: pulumi.Input; /** * References to a rule. */ ruleReference?: pulumi.Input; } export interface GetTrafficPolicyDocumentRuleSecondary { endpointReference?: string; evaluateTargetHealth?: boolean; healthCheck?: string; ruleReference?: string; } export interface GetTrafficPolicyDocumentRuleSecondaryArgs { endpointReference?: pulumi.Input; evaluateTargetHealth?: pulumi.Input; healthCheck?: pulumi.Input; ruleReference?: pulumi.Input; } export interface RecordAlias { /** * Set to `true` if you want Route 53 to determine whether to respond to DNS queries using this resource record set by checking the health of the resource record set. Some resources have special requirements, see [related part of documentation](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resource-record-sets-values.html#rrsets-values-alias-evaluate-target-health). */ evaluateTargetHealth: pulumi.Input; /** * DNS domain name for a CloudFront distribution, S3 bucket, ELB, or another resource record set in this hosted zone. */ name: pulumi.Input; /** * Hosted zone ID for a CloudFront distribution, S3 bucket, ELB, or Route 53 hosted zone. See `resource_elb.zone_id` for example. */ zoneId: pulumi.Input; } export interface RecordCidrRoutingPolicy { /** * The CIDR collection ID. See the `aws.route53.CidrCollection` resource for more details. */ collectionId: pulumi.Input; /** * The CIDR collection location name. See the `aws.route53.CidrLocation` resource for more details. A `locationName` with an asterisk `"*"` can be used to create a default CIDR record. `collectionId` is still required for default record. */ locationName: pulumi.Input; } export interface RecordFailoverRoutingPolicy { /** * `PRIMARY` or `SECONDARY`. A `PRIMARY` record will be served if its healthcheck is passing, otherwise the `SECONDARY` will be served. See http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-configuring-options.html#dns-failover-failover-rrsets */ type: pulumi.Input; } export interface RecordGeolocationRoutingPolicy { /** * A two-letter continent code. See http://docs.aws.amazon.com/Route53/latest/APIReference/API_GetGeoLocation.html for code details. Either `continent` or `country` must be specified. */ continent?: pulumi.Input; /** * A two-character country code or `*` to indicate a default resource record set. */ country?: pulumi.Input; /** * A subdivision code for a country. */ subdivision?: pulumi.Input; } export interface RecordGeoproximityRoutingPolicy { awsRegion?: pulumi.Input; bias?: pulumi.Input; coordinates?: pulumi.Input[]>; localZoneGroup?: pulumi.Input; } export interface RecordGeoproximityRoutingPolicyCoordinate { latitude: pulumi.Input; longitude: pulumi.Input; } export interface RecordLatencyRoutingPolicy { /** * An AWS region from which to measure latency. See http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy.html#routing-policy-latency */ region: pulumi.Input; } export interface RecordWeightedRoutingPolicy { /** * A numeric value indicating the relative weight of the record. See http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy.html#routing-policy-weighted. */ weight: pulumi.Input; } export interface ResolverEndpointIpAddress { /** * The IP address in the subnet that you want to use for DNS queries. */ ip?: pulumi.Input; ipId?: pulumi.Input; /** * The ID of the subnet that contains the IP address. */ subnetId: pulumi.Input; } export interface ResolverRuleTargetIp { /** * One IP address that you want to forward DNS queries to. You can specify only IPv4 addresses. */ ip: pulumi.Input; /** * The port at `ip` that you want to forward DNS queries to. Default value is `53`. */ port?: pulumi.Input; /** * The protocol for the resolver endpoint. Valid values can be found in the [AWS documentation](https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_TargetAddress.html). Default value is `Do53`. */ protocol?: pulumi.Input; } export interface ZoneVpc { /** * ID of the VPC to associate. */ vpcId: pulumi.Input; /** * Region of the VPC to associate. Defaults to AWS provider region. */ vpcRegion?: pulumi.Input; } } export namespace route53domains { export interface DelegationSignerRecordSigningAttributes { /** * Algorithm which was used to generate the digest from the public key. */ algorithm: pulumi.Input; /** * Defines the type of key. It can be either a KSK (key-signing-key, value `257`) or ZSK (zone-signing-key, value `256`). */ flags: pulumi.Input; /** * The base64-encoded public key part of the key pair that is passed to the registry. */ publicKey: pulumi.Input; } export interface DelegationSignerRecordTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; } export interface RegisteredDomainAdminContact { /** * First line of the contact's address. */ addressLine1?: pulumi.Input; /** * Second line of contact's address, if any. */ addressLine2?: pulumi.Input; /** * The city of the contact's address. */ city?: pulumi.Input; /** * Indicates whether the contact is a person, company, association, or public organization. See the [AWS API documentation](https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_ContactDetail.html#Route53Domains-Type-domains_ContactDetail-ContactType) for valid values. */ contactType?: pulumi.Input; /** * Code for the country of the contact's address. See the [AWS API documentation](https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_ContactDetail.html#Route53Domains-Type-domains_ContactDetail-CountryCode) for valid values. */ countryCode?: pulumi.Input; /** * Email address of the contact. */ email?: pulumi.Input; /** * A key-value map of parameters required by certain top-level domains. */ extraParams?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Fax number of the contact. Phone number must be specified in the format "+[country dialing code].[number including any area code]". */ fax?: pulumi.Input; /** * First name of contact. */ firstName?: pulumi.Input; /** * Last name of contact. */ lastName?: pulumi.Input; /** * Name of the organization for contact types other than `PERSON`. */ organizationName?: pulumi.Input; /** * The phone number of the contact. Phone number must be specified in the format "+[country dialing code].[number including any area code]". */ phoneNumber?: pulumi.Input; /** * The state or province of the contact's city. */ state?: pulumi.Input; /** * The zip or postal code of the contact's address. */ zipCode?: pulumi.Input; } export interface RegisteredDomainBillingContact { /** * First line of the contact's address. */ addressLine1?: pulumi.Input; /** * Second line of contact's address, if any. */ addressLine2?: pulumi.Input; /** * The city of the contact's address. */ city?: pulumi.Input; /** * Indicates whether the contact is a person, company, association, or public organization. See the [AWS API documentation](https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_ContactDetail.html#Route53Domains-Type-domains_ContactDetail-ContactType) for valid values. */ contactType?: pulumi.Input; /** * Code for the country of the contact's address. See the [AWS API documentation](https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_ContactDetail.html#Route53Domains-Type-domains_ContactDetail-CountryCode) for valid values. */ countryCode?: pulumi.Input; /** * Email address of the contact. */ email?: pulumi.Input; /** * A key-value map of parameters required by certain top-level domains. */ extraParams?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Fax number of the contact. Phone number must be specified in the format "+[country dialing code].[number including any area code]". */ fax?: pulumi.Input; /** * First name of contact. */ firstName?: pulumi.Input; /** * Last name of contact. */ lastName?: pulumi.Input; /** * Name of the organization for contact types other than `PERSON`. */ organizationName?: pulumi.Input; /** * The phone number of the contact. Phone number must be specified in the format "+[country dialing code].[number including any area code]". */ phoneNumber?: pulumi.Input; /** * The state or province of the contact's city. */ state?: pulumi.Input; /** * The zip or postal code of the contact's address. */ zipCode?: pulumi.Input; } export interface RegisteredDomainNameServer { /** * Glue IP addresses of a name server. The list can contain only one IPv4 and one IPv6 address. */ glueIps?: pulumi.Input[]>; /** * The fully qualified host name of the name server. */ name: pulumi.Input; } export interface RegisteredDomainRegistrantContact { /** * First line of the contact's address. */ addressLine1?: pulumi.Input; /** * Second line of contact's address, if any. */ addressLine2?: pulumi.Input; /** * The city of the contact's address. */ city?: pulumi.Input; /** * Indicates whether the contact is a person, company, association, or public organization. See the [AWS API documentation](https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_ContactDetail.html#Route53Domains-Type-domains_ContactDetail-ContactType) for valid values. */ contactType?: pulumi.Input; /** * Code for the country of the contact's address. See the [AWS API documentation](https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_ContactDetail.html#Route53Domains-Type-domains_ContactDetail-CountryCode) for valid values. */ countryCode?: pulumi.Input; /** * Email address of the contact. */ email?: pulumi.Input; /** * A key-value map of parameters required by certain top-level domains. */ extraParams?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Fax number of the contact. Phone number must be specified in the format "+[country dialing code].[number including any area code]". */ fax?: pulumi.Input; /** * First name of contact. */ firstName?: pulumi.Input; /** * Last name of contact. */ lastName?: pulumi.Input; /** * Name of the organization for contact types other than `PERSON`. */ organizationName?: pulumi.Input; /** * The phone number of the contact. Phone number must be specified in the format "+[country dialing code].[number including any area code]". */ phoneNumber?: pulumi.Input; /** * The state or province of the contact's city. */ state?: pulumi.Input; /** * The zip or postal code of the contact's address. */ zipCode?: pulumi.Input; } export interface RegisteredDomainTechContact { /** * First line of the contact's address. */ addressLine1?: pulumi.Input; /** * Second line of contact's address, if any. */ addressLine2?: pulumi.Input; /** * The city of the contact's address. */ city?: pulumi.Input; /** * Indicates whether the contact is a person, company, association, or public organization. See the [AWS API documentation](https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_ContactDetail.html#Route53Domains-Type-domains_ContactDetail-ContactType) for valid values. */ contactType?: pulumi.Input; /** * Code for the country of the contact's address. See the [AWS API documentation](https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_ContactDetail.html#Route53Domains-Type-domains_ContactDetail-CountryCode) for valid values. */ countryCode?: pulumi.Input; /** * Email address of the contact. */ email?: pulumi.Input; /** * A key-value map of parameters required by certain top-level domains. */ extraParams?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Fax number of the contact. Phone number must be specified in the format "+[country dialing code].[number including any area code]". */ fax?: pulumi.Input; /** * First name of contact. */ firstName?: pulumi.Input; /** * Last name of contact. */ lastName?: pulumi.Input; /** * Name of the organization for contact types other than `PERSON`. */ organizationName?: pulumi.Input; /** * The phone number of the contact. Phone number must be specified in the format "+[country dialing code].[number including any area code]". */ phoneNumber?: pulumi.Input; /** * The state or province of the contact's city. */ state?: pulumi.Input; /** * The zip or postal code of the contact's address. */ zipCode?: pulumi.Input; } } export namespace route53recoverycontrol { export interface ClusterClusterEndpoint { /** * Cluster endpoint. */ endpoint?: pulumi.Input; /** * Region of the endpoint. */ region?: pulumi.Input; } export interface SafetyRuleRuleConfig { /** * Logical negation of the rule. */ inverted: pulumi.Input; /** * Number of controls that must be set when you specify an `ATLEAST` type rule. */ threshold: pulumi.Input; /** * Rule type. Valid values are `ATLEAST`, `AND`, and `OR`. */ type: pulumi.Input; } } export namespace route53recoveryreadiness { export interface ResourceSetResource { componentId?: pulumi.Input; /** * Component for DNS/Routing Control Readiness Checks. */ dnsTargetResource?: pulumi.Input; /** * Recovery group ARN or cell ARN that contains this resource set. */ readinessScopes?: pulumi.Input[]>; /** * ARN of the resource. */ resourceArn?: pulumi.Input; } export interface ResourceSetResourceDnsTargetResource { /** * DNS Name that acts as the ingress point to a portion of application. */ domainName: pulumi.Input; /** * Hosted Zone ARN that contains the DNS record with the provided name of target resource. */ hostedZoneArn?: pulumi.Input; /** * Route53 record set id to uniquely identify a record given a `domainName` and a `recordType`. */ recordSetId?: pulumi.Input; /** * Type of DNS Record of target resource. */ recordType?: pulumi.Input; /** * Target resource the R53 record specified with the above params points to. */ targetResource?: pulumi.Input; } export interface ResourceSetResourceDnsTargetResourceTargetResource { /** * NLB resource a DNS Target Resource points to. Required if `r53Resource` is not set. */ nlbResource?: pulumi.Input; /** * Route53 resource a DNS Target Resource record points to. */ r53Resource?: pulumi.Input; } export interface ResourceSetResourceDnsTargetResourceTargetResourceNlbResource { /** * NLB resource ARN. */ arn?: pulumi.Input; } export interface ResourceSetResourceDnsTargetResourceTargetResourceR53Resource { /** * Domain name that is targeted. */ domainName?: pulumi.Input; /** * Resource record set ID that is targeted. */ recordSetId?: pulumi.Input; } } export namespace rum { export interface AppMonitorAppMonitorConfiguration { /** * If you set this to `true`, RUM web client sets two cookies, a session cookie and a user cookie. The cookies allow the RUM web client to collect data relating to the number of users an application has and the behavior of the application across a sequence of events. Cookies are stored in the top-level domain of the current page. */ allowCookies?: pulumi.Input; /** * If you set this to `true`, RUM enables X-Ray tracing for the user sessions that RUM samples. RUM adds an X-Ray trace header to allowed HTTP requests. It also records an X-Ray segment for allowed HTTP requests. */ enableXray?: pulumi.Input; /** * A list of URLs in your website or application to exclude from RUM data collection. */ excludedPages?: pulumi.Input[]>; /** * A list of pages in the CloudWatch RUM console that are to be displayed with a "favorite" icon. */ favoritePages?: pulumi.Input[]>; /** * The ARN of the guest IAM role that is attached to the Amazon Cognito identity pool that is used to authorize the sending of data to RUM. */ guestRoleArn?: pulumi.Input; /** * The ID of the Amazon Cognito identity pool that is used to authorize the sending of data to RUM. */ identityPoolId?: pulumi.Input; /** * If this app monitor is to collect data from only certain pages in your application, this structure lists those pages. */ includedPages?: pulumi.Input[]>; /** * Specifies the percentage of user sessions to use for RUM data collection. Choosing a higher percentage gives you more data but also incurs more costs. The number you specify is the percentage of user sessions that will be used. Default value is `0.1`. */ sessionSampleRate?: pulumi.Input; /** * An array that lists the types of telemetry data that this app monitor is to collect. Valid values are `errors`, `performance`, and `http`. */ telemetries?: pulumi.Input[]>; } export interface AppMonitorCustomEvents { /** * Specifies whether this app monitor allows the web client to define and send custom events. The default is for custom events to be `DISABLED`. Valid values are `DISABLED` and `ENABLED`. */ status?: pulumi.Input; } } export namespace s3 { export interface AccessPointPublicAccessBlockConfiguration { /** * Whether Amazon S3 should block public ACLs for buckets in this account. Defaults to `true`. Enabling this setting does not affect existing policies or ACLs. When set to `true` causes the following behavior: * * PUT Bucket acl and PUT Object acl calls fail if the specified ACL is public. * * PUT Object calls fail if the request includes a public ACL. * * PUT Bucket calls fail if the request includes a public ACL. */ blockPublicAcls?: pulumi.Input; /** * Whether Amazon S3 should block public bucket policies for buckets in this account. Defaults to `true`. Enabling this setting does not affect existing bucket policies. When set to `true` causes Amazon S3 to: * * Reject calls to PUT Bucket policy if the specified bucket policy allows public access. */ blockPublicPolicy?: pulumi.Input; /** * Whether Amazon S3 should ignore public ACLs for buckets in this account. Defaults to `true`. Enabling this setting does not affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set. When set to `true` causes Amazon S3 to: * * Ignore all public ACLs on buckets in this account and any objects that they contain. */ ignorePublicAcls?: pulumi.Input; /** * Whether Amazon S3 should restrict public bucket policies for buckets in this account. Defaults to `true`. Enabling this setting does not affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked. When set to `true`: * * Only the bucket owner and AWS Services can access buckets with public policies. */ restrictPublicBuckets?: pulumi.Input; } export interface AccessPointVpcConfiguration { /** * This access point will only allow connections from the specified VPC ID. */ vpcId: pulumi.Input; } export interface AnalyticsConfigurationFilter { /** * Object prefix for filtering. */ prefix?: pulumi.Input; /** * Set of object tags for filtering. */ tags?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface AnalyticsConfigurationStorageClassAnalysis { /** * Data export configuration (documented below). */ dataExport: pulumi.Input; } export interface AnalyticsConfigurationStorageClassAnalysisDataExport { /** * Specifies the destination for the exported analytics data (documented below). */ destination: pulumi.Input; /** * Schema version of exported analytics data. Allowed values: `V_1`. Default value: `V_1`. */ outputSchemaVersion?: pulumi.Input; } export interface AnalyticsConfigurationStorageClassAnalysisDataExportDestination { /** * Analytics data export currently only supports an S3 bucket destination (documented below). */ s3BucketDestination: pulumi.Input; } export interface AnalyticsConfigurationStorageClassAnalysisDataExportDestinationS3BucketDestination { /** * Account ID that owns the destination bucket. */ bucketAccountId?: pulumi.Input; /** * ARN of the destination bucket. */ bucketArn: pulumi.Input; /** * Output format of exported analytics data. Allowed values: `CSV`. Default value: `CSV`. */ format?: pulumi.Input; /** * Prefix to append to exported analytics data. */ prefix?: pulumi.Input; } export interface BucketAclV2AccessControlPolicy { /** * Set of `grant` configuration blocks. See below. */ grants?: pulumi.Input[]>; /** * Configuration block for the bucket owner's display name and ID. See below. */ owner: pulumi.Input; } export interface BucketAclV2AccessControlPolicyGrant { /** * Configuration block for the person being granted permissions. See below. */ grantee?: pulumi.Input; /** * Logging permissions assigned to the grantee for the bucket. Valid values: `FULL_CONTROL`, `WRITE`, `WRITE_ACP`, `READ`, `READ_ACP`. See [What permissions can I grant?](https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#permissions) for more details about what each permission means in the context of buckets. */ permission: pulumi.Input; } export interface BucketAclV2AccessControlPolicyGrantGrantee { displayName?: pulumi.Input; /** * Email address of the grantee. See [Regions and Endpoints](https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) for supported AWS regions where this argument can be specified. */ emailAddress?: pulumi.Input; /** * Canonical user ID of the grantee. */ id?: pulumi.Input; /** * Type of grantee. Valid values: `CanonicalUser`, `AmazonCustomerByEmail`, `Group`. */ type: pulumi.Input; /** * URI of the grantee group. */ uri?: pulumi.Input; } export interface BucketAclV2AccessControlPolicyOwner { /** * Display name of the owner. */ displayName?: pulumi.Input; /** * ID of the owner. */ id: pulumi.Input; } export interface BucketCorsConfigurationV2CorsRule { /** * Set of Headers that are specified in the `Access-Control-Request-Headers` header. */ allowedHeaders?: pulumi.Input[]>; /** * Set of HTTP methods that you allow the origin to execute. Valid values are `GET`, `PUT`, `HEAD`, `POST`, and `DELETE`. */ allowedMethods: pulumi.Input[]>; /** * Set of origins you want customers to be able to access the bucket from. */ allowedOrigins: pulumi.Input[]>; /** * Set of headers in the response that you want customers to be able to access from their applications (for example, from a JavaScript `XMLHttpRequest` object). */ exposeHeaders?: pulumi.Input[]>; /** * Unique identifier for the rule. The value cannot be longer than 255 characters. */ id?: pulumi.Input; /** * Time in seconds that your browser is to cache the preflight response for the specified resource. */ maxAgeSeconds?: pulumi.Input; } export interface BucketCorsRule { allowedHeaders?: pulumi.Input[]>; allowedMethods: pulumi.Input[]>; allowedOrigins: pulumi.Input[]>; exposeHeaders?: pulumi.Input[]>; maxAgeSeconds?: pulumi.Input; } export interface BucketGrant { /** * Canonical user id to grant for. Used only when `type` is `CanonicalUser`. */ id?: pulumi.Input; /** * List of permissions to apply for grantee. Valid values are `READ`, `WRITE`, `READ_ACP`, `WRITE_ACP`, `FULL_CONTROL`. */ permissions: pulumi.Input[]>; /** * Type of grantee to apply for. Valid values are `CanonicalUser` and `Group`. `AmazonCustomerByEmail` is not supported. */ type: pulumi.Input; /** * Uri address to grant for. Used only when `type` is `Group`. */ uri?: pulumi.Input; } export interface BucketIntelligentTieringConfigurationFilter { /** * Object key name prefix that identifies the subset of objects to which the configuration applies. */ prefix?: pulumi.Input; /** * All of these tags must exist in the object's tag set in order for the configuration to apply. */ tags?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface BucketIntelligentTieringConfigurationTiering { /** * S3 Intelligent-Tiering access tier. Valid values: `ARCHIVE_ACCESS`, `DEEP_ARCHIVE_ACCESS`. */ accessTier: pulumi.Input; /** * Number of consecutive days of no access after which an object will be eligible to be transitioned to the corresponding tier. */ days: pulumi.Input; } export interface BucketLifecycleConfigurationV2Rule { /** * Configuration block that specifies the days since the initiation of an incomplete multipart upload that Amazon S3 will wait before permanently removing all parts of the upload. See below. */ abortIncompleteMultipartUpload?: pulumi.Input; /** * Configuration block that specifies the expiration for the lifecycle of the object in the form of date, days and, whether the object has a delete marker. See below. */ expiration?: pulumi.Input; /** * Configuration block used to identify objects that a Lifecycle Rule applies to. See below. If not specified, the `rule` will default to using `prefix`. */ filter?: pulumi.Input; /** * Unique identifier for the rule. The value cannot be longer than 255 characters. */ id: pulumi.Input; /** * Configuration block that specifies when noncurrent object versions expire. See below. */ noncurrentVersionExpiration?: pulumi.Input; /** * Set of configuration blocks that specify the transition rule for the lifecycle rule that describes when noncurrent objects transition to a specific storage class. See below. */ noncurrentVersionTransitions?: pulumi.Input[]>; /** * **DEPRECATED** Use `filter` instead. This has been deprecated by Amazon S3. Prefix identifying one or more objects to which the rule applies. Defaults to an empty string (`""`) if `filter` is not specified. * * @deprecated Use filter instead */ prefix?: pulumi.Input; /** * Whether the rule is currently being applied. Valid values: `Enabled` or `Disabled`. */ status: pulumi.Input; /** * Set of configuration blocks that specify when an Amazon S3 object transitions to a specified storage class. See below. */ transitions?: pulumi.Input[]>; } export interface BucketLifecycleConfigurationV2RuleAbortIncompleteMultipartUpload { /** * Number of days after which Amazon S3 aborts an incomplete multipart upload. */ daysAfterInitiation?: pulumi.Input; } export interface BucketLifecycleConfigurationV2RuleExpiration { /** * Date the object is to be moved or deleted. The date value must be in [RFC3339 full-date format](https://datatracker.ietf.org/doc/html/rfc3339#section-5.6) e.g. `2023-08-22`. */ date?: pulumi.Input; /** * Lifetime, in days, of the objects that are subject to the rule. The value must be a non-zero positive integer. */ days?: pulumi.Input; /** * Indicates whether Amazon S3 will remove a delete marker with no noncurrent versions. If set to `true`, the delete marker will be expired; if set to `false` the policy takes no action. */ expiredObjectDeleteMarker?: pulumi.Input; } export interface BucketLifecycleConfigurationV2RuleFilter { /** * Configuration block used to apply a logical `AND` to two or more predicates. See below. The Lifecycle Rule will apply to any object matching all the predicates configured inside the `and` block. */ and?: pulumi.Input; /** * Minimum object size (in bytes) to which the rule applies. */ objectSizeGreaterThan?: pulumi.Input; /** * Maximum object size (in bytes) to which the rule applies. */ objectSizeLessThan?: pulumi.Input; /** * Prefix identifying one or more objects to which the rule applies. Defaults to an empty string (`""`) if not specified. */ prefix?: pulumi.Input; /** * Configuration block for specifying a tag key and value. See below. */ tag?: pulumi.Input; } export interface BucketLifecycleConfigurationV2RuleFilterAnd { /** * Minimum object size to which the rule applies. Value must be at least `0` if specified. */ objectSizeGreaterThan?: pulumi.Input; /** * Maximum object size to which the rule applies. Value must be at least `1` if specified. */ objectSizeLessThan?: pulumi.Input; /** * Prefix identifying one or more objects to which the rule applies. */ prefix?: pulumi.Input; /** * Key-value map of resource tags. All of these tags must exist in the object's tag set in order for the rule to apply. */ tags?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface BucketLifecycleConfigurationV2RuleFilterTag { /** * Name of the object key. */ key: pulumi.Input; /** * Value of the tag. */ value: pulumi.Input; } export interface BucketLifecycleConfigurationV2RuleNoncurrentVersionExpiration { /** * Number of noncurrent versions Amazon S3 will retain. Must be a non-zero positive integer. */ newerNoncurrentVersions?: pulumi.Input; /** * Number of days an object is noncurrent before Amazon S3 can perform the associated action. Must be a positive integer. */ noncurrentDays?: pulumi.Input; } export interface BucketLifecycleConfigurationV2RuleNoncurrentVersionTransition { /** * Number of noncurrent versions Amazon S3 will retain. Must be a non-zero positive integer. */ newerNoncurrentVersions?: pulumi.Input; /** * Number of days an object is noncurrent before Amazon S3 can perform the associated action. */ noncurrentDays?: pulumi.Input; /** * Class of storage used to store the object. Valid Values: `GLACIER`, `STANDARD_IA`, `ONEZONE_IA`, `INTELLIGENT_TIERING`, `DEEP_ARCHIVE`, `GLACIER_IR`. */ storageClass: pulumi.Input; } export interface BucketLifecycleConfigurationV2RuleTransition { /** * Date objects are transitioned to the specified storage class. The date value must be in [RFC3339 full-date format](https://datatracker.ietf.org/doc/html/rfc3339#section-5.6) e.g. `2023-08-22`. */ date?: pulumi.Input; /** * Number of days after creation when objects are transitioned to the specified storage class. The value must be a positive integer. If both `days` and `date` are not specified, defaults to `0`. Valid values depend on `storageClass`, see [Transition objects using Amazon S3 Lifecycle](https://docs.aws.amazon.com/AmazonS3/latest/userguide/lifecycle-transition-general-considerations.html) for more details. */ days?: pulumi.Input; /** * Class of storage used to store the object. Valid Values: `GLACIER`, `STANDARD_IA`, `ONEZONE_IA`, `INTELLIGENT_TIERING`, `DEEP_ARCHIVE`, `GLACIER_IR`. */ storageClass: pulumi.Input; } export interface BucketLifecycleRule { /** * Specifies the number of days after initiating a multipart upload when the multipart upload must be completed. */ abortIncompleteMultipartUploadDays?: pulumi.Input; /** * Specifies lifecycle rule status. */ enabled: pulumi.Input; /** * Specifies a period in the object's expire (documented below). */ expiration?: pulumi.Input; /** * Unique identifier for the rule. Must be less than or equal to 255 characters in length. */ id?: pulumi.Input; /** * Specifies when noncurrent object versions expire (documented below). */ noncurrentVersionExpiration?: pulumi.Input; /** * Specifies when noncurrent object versions transitions (documented below). * * At least one of `abortIncompleteMultipartUploadDays`, `expiration`, `transition`, `noncurrentVersionExpiration`, `noncurrentVersionTransition` must be specified. */ noncurrentVersionTransitions?: pulumi.Input[]>; /** * Object key prefix identifying one or more objects to which the rule applies. */ prefix?: pulumi.Input; /** * Specifies object tags key and value. */ tags?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Specifies a period in the object's transitions (documented below). */ transitions?: pulumi.Input[]>; } export interface BucketLifecycleRuleExpiration { /** * Specifies the date after which you want the corresponding action to take effect. */ date?: pulumi.Input; /** * Specifies the number of days after object creation when the specific rule action takes effect. */ days?: pulumi.Input; /** * On a versioned bucket (versioning-enabled or versioning-suspended bucket), you can add this element in the lifecycle configuration to direct Amazon S3 to delete expired object delete markers. This cannot be specified with Days or Date in a Lifecycle Expiration Policy. */ expiredObjectDeleteMarker?: pulumi.Input; } export interface BucketLifecycleRuleNoncurrentVersionExpiration { /** * Specifies the number of days noncurrent object versions expire. */ days?: pulumi.Input; } export interface BucketLifecycleRuleNoncurrentVersionTransition { /** * Specifies the number of days noncurrent object versions transition. */ days?: pulumi.Input; /** * Specifies the Amazon S3 [storage class](https://docs.aws.amazon.com/AmazonS3/latest/API/API_Transition.html#AmazonS3-Type-Transition-StorageClass) to which you want the object to transition. */ storageClass: pulumi.Input; } export interface BucketLifecycleRuleTransition { /** * Specifies the date after which you want the corresponding action to take effect. */ date?: pulumi.Input; /** * Specifies the number of days after object creation when the specific rule action takes effect. */ days?: pulumi.Input; /** * Specifies the Amazon S3 [storage class](https://docs.aws.amazon.com/AmazonS3/latest/API/API_Transition.html#AmazonS3-Type-Transition-StorageClass) to which you want the object to transition. */ storageClass: pulumi.Input; } export interface BucketLogging { /** * The name of the bucket that will receive the log objects. */ targetBucket: pulumi.Input; /** * To specify a key prefix for log objects. */ targetPrefix?: pulumi.Input; } export interface BucketLoggingV2TargetGrant { /** * Configuration block for the person being granted permissions. See below. */ grantee: pulumi.Input; /** * Logging permissions assigned to the grantee for the bucket. Valid values: `FULL_CONTROL`, `READ`, `WRITE`. */ permission: pulumi.Input; } export interface BucketLoggingV2TargetGrantGrantee { displayName?: pulumi.Input; /** * Email address of the grantee. See [Regions and Endpoints](https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) for supported AWS regions where this argument can be specified. */ emailAddress?: pulumi.Input; /** * Canonical user ID of the grantee. */ id?: pulumi.Input; /** * Type of grantee. Valid values: `CanonicalUser`, `AmazonCustomerByEmail`, `Group`. */ type: pulumi.Input; /** * URI of the grantee group. */ uri?: pulumi.Input; } export interface BucketLoggingV2TargetObjectKeyFormat { /** * Partitioned S3 key for log objects. See below. */ partitionedPrefix?: pulumi.Input; /** * Use the simple format for S3 keys for log objects. To use, set `simplePrefix {}`. */ simplePrefix?: pulumi.Input; } export interface BucketLoggingV2TargetObjectKeyFormatPartitionedPrefix { /** * Specifies the partition date source for the partitioned prefix. Valid values: `EventTime`, `DeliveryTime`. */ partitionDateSource: pulumi.Input; } export interface BucketLoggingV2TargetObjectKeyFormatSimplePrefix { } export interface BucketMetricFilter { /** * S3 Access Point ARN for filtering (singular). */ accessPoint?: pulumi.Input; /** * Object prefix for filtering (singular). */ prefix?: pulumi.Input; /** * Object tags for filtering (up to 10). */ tags?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface BucketNotificationLambdaFunction { /** * [Event](http://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html#notification-how-to-event-types-and-destinations) for which to send notifications. */ events: pulumi.Input[]>; /** * Object key name prefix. */ filterPrefix?: pulumi.Input; /** * Object key name suffix. */ filterSuffix?: pulumi.Input; /** * Unique identifier for each of the notification configurations. */ id?: pulumi.Input; /** * Lambda function ARN. */ lambdaFunctionArn?: pulumi.Input; } export interface BucketNotificationQueue { /** * Specifies [event](http://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html#notification-how-to-event-types-and-destinations) for which to send notifications. */ events: pulumi.Input[]>; /** * Object key name prefix. */ filterPrefix?: pulumi.Input; /** * Object key name suffix. */ filterSuffix?: pulumi.Input; /** * Unique identifier for each of the notification configurations. */ id?: pulumi.Input; /** * SQS queue ARN. */ queueArn: pulumi.Input; } export interface BucketNotificationTopic { /** * [Event](http://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html#notification-how-to-event-types-and-destinations) for which to send notifications. */ events: pulumi.Input[]>; /** * Object key name prefix. */ filterPrefix?: pulumi.Input; /** * Object key name suffix. */ filterSuffix?: pulumi.Input; /** * Unique identifier for each of the notification configurations. */ id?: pulumi.Input; /** * SNS topic ARN. */ topicArn: pulumi.Input; } export interface BucketObjectLockConfiguration { /** * Indicates whether this bucket has an Object Lock configuration enabled. Valid value is `Enabled`. */ objectLockEnabled: pulumi.Input; /** * The Object Lock rule in place for this bucket. */ rule?: pulumi.Input; } export interface BucketObjectLockConfigurationRule { /** * The default retention period that you want to apply to new objects placed in this bucket. */ defaultRetention: pulumi.Input; } export interface BucketObjectLockConfigurationRuleDefaultRetention { /** * The number of days that you want to specify for the default retention period. */ days?: pulumi.Input; /** * The default Object Lock retention mode you want to apply to new objects placed in this bucket. Valid values are `GOVERNANCE` and `COMPLIANCE`. */ mode: pulumi.Input; /** * The number of years that you want to specify for the default retention period. * * Either `days` or `years` must be specified, but not both. * * > **NOTE on `objectLockConfiguration`:** You can only enable S3 Object Lock for new buckets. If you need to turn on S3 Object Lock for an existing bucket, please contact AWS Support. * When you create a bucket with S3 Object Lock enabled, Amazon S3 automatically enables versioning for the bucket. * Once you create a bucket with S3 Object Lock enabled, you can't disable Object Lock or suspend versioning for the bucket. */ years?: pulumi.Input; } export interface BucketObjectLockConfigurationV2Rule { /** * Configuration block for specifying the default Object Lock retention settings for new objects placed in the specified bucket. See below. */ defaultRetention: pulumi.Input; } export interface BucketObjectLockConfigurationV2RuleDefaultRetention { /** * Number of days that you want to specify for the default retention period. */ days?: pulumi.Input; /** * Default Object Lock retention mode you want to apply to new objects placed in the specified bucket. Valid values: `COMPLIANCE`, `GOVERNANCE`. */ mode?: pulumi.Input; /** * Number of years that you want to specify for the default retention period. */ years?: pulumi.Input; } export interface BucketObjectv2OverrideProvider { /** * Override the provider `defaultTags` configuration block. */ defaultTags?: pulumi.Input; } export interface BucketObjectv2OverrideProviderDefaultTags { /** * Map of tags to assign to the object. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. */ tags?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface BucketOwnershipControlsRule { /** * Object ownership. Valid values: `BucketOwnerPreferred`, `ObjectWriter` or `BucketOwnerEnforced` */ objectOwnership: pulumi.Input; } export interface BucketReplicationConfigRule { /** * Whether delete markers are replicated. This argument is only valid with V2 replication configurations (i.e., when `filter` is used)documented below. */ deleteMarkerReplication?: pulumi.Input; /** * Specifies the destination for the rule. See below. */ destination: pulumi.Input; /** * Replicate existing objects in the source bucket according to the rule configurations. See below. */ existingObjectReplication?: pulumi.Input; /** * Filter that identifies subset of objects to which the replication rule applies. See below. If not specified, the `rule` will default to using `prefix`. */ filter?: pulumi.Input; /** * Unique identifier for the rule. Must be less than or equal to 255 characters in length. */ id?: pulumi.Input; /** * Object key name prefix identifying one or more objects to which the rule applies. Must be less than or equal to 1024 characters in length. Defaults to an empty string (`""`) if `filter` is not specified. * * @deprecated Use filter instead */ prefix?: pulumi.Input; /** * Priority associated with the rule. Priority should only be set if `filter` is configured. If not provided, defaults to `0`. Priority must be unique between multiple rules. */ priority?: pulumi.Input; /** * Specifies special object selection criteria. See below. */ sourceSelectionCriteria?: pulumi.Input; /** * Status of the rule. Either `"Enabled"` or `"Disabled"`. The rule is ignored if status is not "Enabled". */ status: pulumi.Input; } export interface BucketReplicationConfigRuleDeleteMarkerReplication { /** * Whether delete markers should be replicated. Either `"Enabled"` or `"Disabled"`. */ status: pulumi.Input; } export interface BucketReplicationConfigRuleDestination { /** * Configuration block that specifies the overrides to use for object owners on replication. See below. Specify this only in a cross-account scenario (where source and destination bucket owners are not the same), and you want to change replica ownership to the AWS account that owns the destination bucket. If this is not specified in the replication configuration, the replicas are owned by same AWS account that owns the source object. Must be used in conjunction with `account` owner override configuration. */ accessControlTranslation?: pulumi.Input; /** * Account ID to specify the replica ownership. Must be used in conjunction with `accessControlTranslation` override configuration. */ account?: pulumi.Input; /** * ARN of the bucket where you want Amazon S3 to store the results. */ bucket: pulumi.Input; /** * Configuration block that provides information about encryption. See below. If `sourceSelectionCriteria` is specified, you must specify this element. */ encryptionConfiguration?: pulumi.Input; /** * Configuration block that specifies replication metrics-related settings enabling replication metrics and events. See below. */ metrics?: pulumi.Input; /** * Configuration block that specifies S3 Replication Time Control (S3 RTC), including whether S3 RTC is enabled and the time when all objects and operations on objects must be replicated. See below. Replication Time Control must be used in conjunction with `metrics`. */ replicationTime?: pulumi.Input; /** * The [storage class](https://docs.aws.amazon.com/AmazonS3/latest/API/API_Destination.html#AmazonS3-Type-Destination-StorageClass) used to store the object. By default, Amazon S3 uses the storage class of the source object to create the object replica. */ storageClass?: pulumi.Input; } export interface BucketReplicationConfigRuleDestinationAccessControlTranslation { /** * Specifies the replica ownership. For default and valid values, see [PUT bucket replication](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTreplication.html) in the Amazon S3 API Reference. Valid values: `Destination`. */ owner: pulumi.Input; } export interface BucketReplicationConfigRuleDestinationEncryptionConfiguration { /** * ID (Key ARN or Alias ARN) of the customer managed AWS KMS key stored in AWS Key Management Service (KMS) for the destination bucket. */ replicaKmsKeyId: pulumi.Input; } export interface BucketReplicationConfigRuleDestinationMetrics { /** * Configuration block that specifies the time threshold for emitting the `s3:Replication:OperationMissedThreshold` event. See below. */ eventThreshold?: pulumi.Input; /** * Status of the Destination Metrics. Either `"Enabled"` or `"Disabled"`. */ status: pulumi.Input; } export interface BucketReplicationConfigRuleDestinationMetricsEventThreshold { /** * Time in minutes. Valid values: `15`. */ minutes: pulumi.Input; } export interface BucketReplicationConfigRuleDestinationReplicationTime { /** * Status of the Replication Time Control. Either `"Enabled"` or `"Disabled"`. */ status: pulumi.Input; /** * Configuration block specifying the time by which replication should be complete for all objects and operations on objects. See below. */ time: pulumi.Input; } export interface BucketReplicationConfigRuleDestinationReplicationTimeTime { /** * Time in minutes. Valid values: `15`. */ minutes: pulumi.Input; } export interface BucketReplicationConfigRuleExistingObjectReplication { /** * Whether the existing objects should be replicated. Either `"Enabled"` or `"Disabled"`. */ status: pulumi.Input; } export interface BucketReplicationConfigRuleFilter { /** * Configuration block for specifying rule filters. This element is required only if you specify more than one filter. See and below for more details. */ and?: pulumi.Input; /** * Object key name prefix that identifies subset of objects to which the rule applies. Must be less than or equal to 1024 characters in length. */ prefix?: pulumi.Input; /** * Configuration block for specifying a tag key and value. See below. */ tag?: pulumi.Input; } export interface BucketReplicationConfigRuleFilterAnd { /** * Object key name prefix that identifies subset of objects to which the rule applies. Must be less than or equal to 1024 characters in length. */ prefix?: pulumi.Input; /** * Map of tags (key and value pairs) that identifies a subset of objects to which the rule applies. The rule applies only to objects having all the tags in its tagset. */ tags?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface BucketReplicationConfigRuleFilterTag { /** * Name of the object key. */ key: pulumi.Input; /** * Value of the tag. */ value: pulumi.Input; } export interface BucketReplicationConfigRuleSourceSelectionCriteria { /** * Configuration block that you can specify for selections for modifications on replicas. Amazon S3 doesn't replicate replica modifications by default. In the latest version of replication configuration (when `filter` is specified), you can specify this element and set the status to `Enabled` to replicate modifications on replicas. */ replicaModifications?: pulumi.Input; /** * Configuration block for filter information for the selection of Amazon S3 objects encrypted with AWS KMS. If specified, `replicaKmsKeyId` in `destination` `encryptionConfiguration` must be specified as well. */ sseKmsEncryptedObjects?: pulumi.Input; } export interface BucketReplicationConfigRuleSourceSelectionCriteriaReplicaModifications { /** * Whether the existing objects should be replicated. Either `"Enabled"` or `"Disabled"`. */ status: pulumi.Input; } export interface BucketReplicationConfigRuleSourceSelectionCriteriaSseKmsEncryptedObjects { /** * Whether the existing objects should be replicated. Either `"Enabled"` or `"Disabled"`. */ status: pulumi.Input; } export interface BucketReplicationConfiguration { role: pulumi.Input; rules: pulumi.Input[]>; } export interface BucketReplicationConfigurationRule { /** * Whether delete markers are replicated. The only valid value is `Enabled`. To disable, omit this argument. This argument is only valid with V2 replication configurations (i.e., when `filter` is used). */ deleteMarkerReplicationStatus?: pulumi.Input; /** * Specifies the destination for the rule (documented below). */ destination: pulumi.Input; /** * Filter that identifies subset of objects to which the replication rule applies (documented below). */ filter?: pulumi.Input; /** * Unique identifier for the rule. Must be less than or equal to 255 characters in length. */ id?: pulumi.Input; /** * Object keyname prefix identifying one or more objects to which the rule applies. Must be less than or equal to 1024 characters in length. */ prefix?: pulumi.Input; /** * The priority associated with the rule. Priority should only be set if `filter` is configured. If not provided, defaults to `0`. Priority must be unique between multiple rules. */ priority?: pulumi.Input; /** * Specifies special object selection criteria (documented below). */ sourceSelectionCriteria?: pulumi.Input; /** * The status of the rule. Either `Enabled` or `Disabled`. The rule is ignored if status is not Enabled. * * > **NOTE:** Replication to multiple destination buckets requires that `priority` is specified in the `rules` object. If the corresponding rule requires no filter, an empty configuration block `filter {}` must be specified. */ status: pulumi.Input; } export interface BucketReplicationConfigurationRuleDestination { /** * Specifies the overrides to use for object owners on replication. Must be used in conjunction with `accountId` owner override configuration. */ accessControlTranslation?: pulumi.Input; /** * The Account ID to use for overriding the object owner on replication. Must be used in conjunction with `accessControlTranslation` override configuration. */ accountId?: pulumi.Input; /** * The ARN of the S3 bucket where you want Amazon S3 to store replicas of the object identified by the rule. */ bucket: pulumi.Input; /** * Enables replication metrics (required for S3 RTC) (documented below). */ metrics?: pulumi.Input; /** * Destination KMS encryption key ARN for SSE-KMS replication. Must be used in conjunction with * `sseKmsEncryptedObjects` source selection criteria. */ replicaKmsKeyId?: pulumi.Input; /** * Enables S3 Replication Time Control (S3 RTC) (documented below). */ replicationTime?: pulumi.Input; /** * The [storage class](https://docs.aws.amazon.com/AmazonS3/latest/API/API_Destination.html#AmazonS3-Type-Destination-StorageClass) used to store the object. By default, Amazon S3 uses the storage class of the source object to create the object replica. */ storageClass?: pulumi.Input; } export interface BucketReplicationConfigurationRuleDestinationAccessControlTranslation { /** * The override value for the owner on replicated objects. Currently only `Destination` is supported. */ owner: pulumi.Input; } export interface BucketReplicationConfigurationRuleDestinationMetrics { /** * Threshold within which objects are to be replicated. The only valid value is `15`. */ minutes?: pulumi.Input; /** * The status of replication metrics. Either `Enabled` or `Disabled`. */ status?: pulumi.Input; } export interface BucketReplicationConfigurationRuleDestinationReplicationTime { /** * Threshold within which objects are to be replicated. The only valid value is `15`. */ minutes?: pulumi.Input; /** * The status of RTC. Either `Enabled` or `Disabled`. */ status?: pulumi.Input; } export interface BucketReplicationConfigurationRuleFilter { /** * Object keyname prefix that identifies subset of objects to which the rule applies. Must be less than or equal to 1024 characters in length. */ prefix?: pulumi.Input; /** * A map of tags that identifies subset of objects to which the rule applies. * The rule applies only to objects having all the tags in its tagset. */ tags?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface BucketReplicationConfigurationRuleSourceSelectionCriteria { /** * Match SSE-KMS encrypted objects (documented below). If specified, `replicaKmsKeyId` * in `destination` must be specified as well. */ sseKmsEncryptedObjects?: pulumi.Input; } export interface BucketReplicationConfigurationRuleSourceSelectionCriteriaSseKmsEncryptedObjects { /** * Boolean which indicates if this criteria is enabled. */ enabled: pulumi.Input; } export interface BucketServerSideEncryptionConfiguration { /** * A single object for server-side encryption by default configuration. (documented below) */ rule: pulumi.Input; } export interface BucketServerSideEncryptionConfigurationRule { /** * A single object for setting server-side encryption by default. (documented below) */ applyServerSideEncryptionByDefault: pulumi.Input; /** * Whether or not to use [Amazon S3 Bucket Keys](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html) for SSE-KMS. */ bucketKeyEnabled?: pulumi.Input; } export interface BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefault { /** * The AWS KMS master key ID used for the SSE-KMS encryption. This can only be used when you set the value of `sseAlgorithm` as `aws:kms`. The default `aws/s3` AWS KMS master key is used if this element is absent while the `sseAlgorithm` is `aws:kms`. */ kmsMasterKeyId?: pulumi.Input; /** * The server-side encryption algorithm to use. Valid values are `AES256` and `aws:kms` */ sseAlgorithm: pulumi.Input; } export interface BucketServerSideEncryptionConfigurationV2Rule { /** * Single object for setting server-side encryption by default. See below. */ applyServerSideEncryptionByDefault?: pulumi.Input; /** * Whether or not to use [Amazon S3 Bucket Keys](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html) for SSE-KMS. */ bucketKeyEnabled?: pulumi.Input; } export interface BucketServerSideEncryptionConfigurationV2RuleApplyServerSideEncryptionByDefault { /** * AWS KMS master key ID used for the SSE-KMS encryption. This can only be used when you set the value of `sseAlgorithm` as `aws:kms`. The default `aws/s3` AWS KMS master key is used if this element is absent while the `sseAlgorithm` is `aws:kms`. */ kmsMasterKeyId?: pulumi.Input; /** * Server-side encryption algorithm to use. Valid values are `AES256`, `aws:kms`, and `aws:kms:dsse` */ sseAlgorithm: pulumi.Input; } export interface BucketV2CorsRule { /** * List of headers allowed. */ allowedHeaders?: pulumi.Input[]>; /** * One or more HTTP methods that you allow the origin to execute. Can be `GET`, `PUT`, `POST`, `DELETE` or `HEAD`. */ allowedMethods: pulumi.Input[]>; /** * One or more origins you want customers to be able to access the bucket from. */ allowedOrigins: pulumi.Input[]>; /** * One or more headers in the response that you want customers to be able to access from their applications (for example, from a JavaScript `XMLHttpRequest` object). */ exposeHeaders?: pulumi.Input[]>; /** * Specifies time in seconds that browser can cache the response for a preflight request. */ maxAgeSeconds?: pulumi.Input; } export interface BucketV2Grant { /** * Canonical user id to grant for. Used only when `type` is `CanonicalUser`. */ id?: pulumi.Input; /** * List of permissions to apply for grantee. Valid values are `READ`, `WRITE`, `READ_ACP`, `WRITE_ACP`, `FULL_CONTROL`. */ permissions: pulumi.Input[]>; /** * Type of grantee to apply for. Valid values are `CanonicalUser` and `Group`. `AmazonCustomerByEmail` is not supported. */ type: pulumi.Input; /** * Uri address to grant for. Used only when `type` is `Group`. */ uri?: pulumi.Input; } export interface BucketV2LifecycleRule { /** * Specifies the number of days after initiating a multipart upload when the multipart upload must be completed. */ abortIncompleteMultipartUploadDays?: pulumi.Input; /** * Specifies lifecycle rule status. */ enabled: pulumi.Input; /** * Specifies a period in the object's expire. See Expiration below for details. */ expirations?: pulumi.Input[]>; /** * Unique identifier for the rule. Must be less than or equal to 255 characters in length. */ id?: pulumi.Input; /** * Specifies when noncurrent object versions expire. See Noncurrent Version Expiration below for details. */ noncurrentVersionExpirations?: pulumi.Input[]>; /** * Specifies when noncurrent object versions transitions. See Noncurrent Version Transition below for details. */ noncurrentVersionTransitions?: pulumi.Input[]>; /** * Object key prefix identifying one or more objects to which the rule applies. */ prefix?: pulumi.Input; /** * Specifies object tags key and value. */ tags?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Specifies a period in the object's transitions. See Transition below for details. */ transitions?: pulumi.Input[]>; } export interface BucketV2LifecycleRuleExpiration { /** * Specifies the date after which you want the corresponding action to take effect. */ date?: pulumi.Input; /** * Specifies the number of days after object creation when the specific rule action takes effect. */ days?: pulumi.Input; /** * On a versioned bucket (versioning-enabled or versioning-suspended bucket), you can add this element in the lifecycle configuration to direct Amazon S3 to delete expired object delete markers. This cannot be specified with Days or Date in a Lifecycle Expiration Policy. */ expiredObjectDeleteMarker?: pulumi.Input; } export interface BucketV2LifecycleRuleNoncurrentVersionExpiration { /** * Specifies the number of days noncurrent object versions expire. */ days?: pulumi.Input; } export interface BucketV2LifecycleRuleNoncurrentVersionTransition { /** * Specifies the number of days noncurrent object versions transition. */ days?: pulumi.Input; /** * Specifies the Amazon S3 [storage class](https://docs.aws.amazon.com/AmazonS3/latest/API/API_Transition.html#AmazonS3-Type-Transition-StorageClass) to which you want the object to transition. */ storageClass: pulumi.Input; } export interface BucketV2LifecycleRuleTransition { /** * Specifies the date after which you want the corresponding action to take effect. */ date?: pulumi.Input; /** * Specifies the number of days after object creation when the specific rule action takes effect. */ days?: pulumi.Input; /** * Specifies the Amazon S3 [storage class](https://docs.aws.amazon.com/AmazonS3/latest/API/API_Transition.html#AmazonS3-Type-Transition-StorageClass) to which you want the object to transition. */ storageClass: pulumi.Input; } export interface BucketV2Logging { /** * Name of the bucket that will receive the log objects. */ targetBucket: pulumi.Input; /** * To specify a key prefix for log objects. */ targetPrefix?: pulumi.Input; } export interface BucketV2ObjectLockConfiguration { /** * Indicates whether this bucket has an Object Lock configuration enabled. Valid values are `true` or `false`. This argument is not supported in all regions or partitions. * * @deprecated Use the top-level parameter objectLockEnabled instead */ objectLockEnabled?: pulumi.Input; /** * Object Lock rule in place for this bucket (documented below). * * @deprecated Use the aws.s3.BucketObjectLockConfigurationV2 resource instead */ rules?: pulumi.Input[]>; } export interface BucketV2ObjectLockConfigurationRule { /** * Default retention period that you want to apply to new objects placed in this bucket (documented below). */ defaultRetentions: pulumi.Input[]>; } export interface BucketV2ObjectLockConfigurationRuleDefaultRetention { /** * Number of days that you want to specify for the default retention period. */ days?: pulumi.Input; /** * Default Object Lock retention mode you want to apply to new objects placed in this bucket. Valid values are `GOVERNANCE` and `COMPLIANCE`. */ mode: pulumi.Input; /** * Number of years that you want to specify for the default retention period. */ years?: pulumi.Input; } export interface BucketV2ReplicationConfiguration { /** * ARN of the IAM role for Amazon S3 to assume when replicating the objects. */ role: pulumi.Input; /** * Specifies the rules managing the replication (documented below). */ rules: pulumi.Input[]>; } export interface BucketV2ReplicationConfigurationRule { /** * Whether delete markers are replicated. The only valid value is `Enabled`. To disable, omit this argument. This argument is only valid with V2 replication configurations (i.e., when `filter` is used). */ deleteMarkerReplicationStatus?: pulumi.Input; /** * Specifies the destination for the rule (documented below). */ destinations: pulumi.Input[]>; /** * Filter that identifies subset of objects to which the replication rule applies (documented below). */ filters?: pulumi.Input[]>; /** * Unique identifier for the rule. Must be less than or equal to 255 characters in length. */ id?: pulumi.Input; /** * Object keyname prefix identifying one or more objects to which the rule applies. Must be less than or equal to 1024 characters in length. */ prefix?: pulumi.Input; /** * Priority associated with the rule. Priority should only be set if `filter` is configured. If not provided, defaults to `0`. Priority must be unique between multiple rules. */ priority?: pulumi.Input; /** * Specifies special object selection criteria (documented below). */ sourceSelectionCriterias?: pulumi.Input[]>; /** * Status of the rule. Either `Enabled` or `Disabled`. The rule is ignored if status is not Enabled. */ status: pulumi.Input; } export interface BucketV2ReplicationConfigurationRuleDestination { /** * Specifies the overrides to use for object owners on replication (documented below). Must be used in conjunction with `accountId` owner override configuration. */ accessControlTranslations?: pulumi.Input[]>; /** * Account ID to use for overriding the object owner on replication. Must be used in conjunction with `accessControlTranslation` override configuration. */ accountId?: pulumi.Input; /** * ARN of the S3 bucket where you want Amazon S3 to store replicas of the object identified by the rule. */ bucket: pulumi.Input; /** * Enables replication metrics (required for S3 RTC) (documented below). */ metrics?: pulumi.Input[]>; /** * Destination KMS encryption key ARN for SSE-KMS replication. Must be used in conjunction with * `sseKmsEncryptedObjects` source selection criteria. */ replicaKmsKeyId?: pulumi.Input; /** * Enables S3 Replication Time Control (S3 RTC) (documented below). */ replicationTimes?: pulumi.Input[]>; /** * The [storage class](https://docs.aws.amazon.com/AmazonS3/latest/API/API_Destination.html#AmazonS3-Type-Destination-StorageClass) used to store the object. By default, Amazon S3 uses the storage class of the source object to create the object replica. */ storageClass?: pulumi.Input; } export interface BucketV2ReplicationConfigurationRuleDestinationAccessControlTranslation { /** * Specifies the replica ownership. For default and valid values, see [PUT bucket replication](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketReplication.html) in the Amazon S3 API Reference. The only valid value is `Destination`. */ owner: pulumi.Input; } export interface BucketV2ReplicationConfigurationRuleDestinationMetric { /** * Threshold within which objects are to be replicated. The only valid value is `15`. */ minutes?: pulumi.Input; /** * Status of replication metrics. Either `Enabled` or `Disabled`. */ status?: pulumi.Input; } export interface BucketV2ReplicationConfigurationRuleDestinationReplicationTime { /** * Threshold within which objects are to be replicated. The only valid value is `15`. */ minutes?: pulumi.Input; /** * Status of RTC. Either `Enabled` or `Disabled`. */ status?: pulumi.Input; } export interface BucketV2ReplicationConfigurationRuleFilter { /** * Object keyname prefix that identifies subset of objects to which the rule applies. Must be less than or equal to 1024 characters in length. */ prefix?: pulumi.Input; /** * A map of tags that identifies subset of objects to which the rule applies. * The rule applies only to objects having all the tags in its tagset. */ tags?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface BucketV2ReplicationConfigurationRuleSourceSelectionCriteria { /** * Match SSE-KMS encrypted objects (documented below). If specified, `replicaKmsKeyId` * in `destination` must be specified as well. */ sseKmsEncryptedObjects?: pulumi.Input[]>; } export interface BucketV2ReplicationConfigurationRuleSourceSelectionCriteriaSseKmsEncryptedObject { /** * Boolean which indicates if this criteria is enabled. */ enabled: pulumi.Input; } export interface BucketV2ServerSideEncryptionConfiguration { /** * Single object for server-side encryption by default configuration. (documented below) */ rules: pulumi.Input[]>; } export interface BucketV2ServerSideEncryptionConfigurationRule { /** * Single object for setting server-side encryption by default. (documented below) */ applyServerSideEncryptionByDefaults: pulumi.Input[]>; /** * Whether or not to use [Amazon S3 Bucket Keys](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html) for SSE-KMS. */ bucketKeyEnabled?: pulumi.Input; } export interface BucketV2ServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefault { /** * AWS KMS master key ID used for the SSE-KMS encryption. This can only be used when you set the value of `sseAlgorithm` as `aws:kms`. The default `aws/s3` AWS KMS master key is used if this element is absent while the `sseAlgorithm` is `aws:kms`. */ kmsMasterKeyId?: pulumi.Input; /** * Server-side encryption algorithm to use. Valid values are `AES256` and `aws:kms` */ sseAlgorithm: pulumi.Input; } export interface BucketV2Versioning { /** * Enable versioning. Once you version-enable a bucket, it can never return to an unversioned state. You can, however, suspend versioning on that bucket. */ enabled?: pulumi.Input; /** * Enable MFA delete for either `Change the versioning state of your bucket` or `Permanently delete an object version`. Default is `false`. This cannot be used to toggle this setting but is available to allow managed buckets to reflect the state in AWS */ mfaDelete?: pulumi.Input; } export interface BucketV2Website { /** * Absolute path to the document to return in case of a 4XX error. */ errorDocument?: pulumi.Input; /** * Amazon S3 returns this index document when requests are made to the root domain or any of the subfolders. */ indexDocument?: pulumi.Input; /** * Hostname to redirect all website requests for this bucket to. Hostname can optionally be prefixed with a protocol (`http://` or `https://`) to use when redirecting requests. The default is the protocol that is used in the original request. */ redirectAllRequestsTo?: pulumi.Input; /** * JSON array containing [routing rules](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-websiteconfiguration-routingrules.html) * describing redirect behavior and when redirects are applied. */ routingRules?: pulumi.Input; } export interface BucketVersioning { /** * Enable versioning. Once you version-enable a bucket, it can never return to an unversioned state. You can, however, suspend versioning on that bucket. */ enabled?: pulumi.Input; /** * Enable MFA delete for either `Change the versioning state of your bucket` or `Permanently delete an object version`. Default is `false`. This cannot be used to toggle this setting but is available to allow managed buckets to reflect the state in AWS */ mfaDelete?: pulumi.Input; } export interface BucketVersioningV2VersioningConfiguration { /** * Specifies whether MFA delete is enabled in the bucket versioning configuration. Valid values: `Enabled` or `Disabled`. */ mfaDelete?: pulumi.Input; /** * Versioning state of the bucket. Valid values: `Enabled`, `Suspended`, or `Disabled`. `Disabled` should only be used when creating or importing resources that correspond to unversioned S3 buckets. */ status: pulumi.Input; } export interface BucketWebsite { /** * An absolute path to the document to return in case of a 4XX error. */ errorDocument?: pulumi.Input; /** * Amazon S3 returns this index document when requests are made to the root domain or any of the subfolders. */ indexDocument?: pulumi.Input; /** * A hostname to redirect all website requests for this bucket to. Hostname can optionally be prefixed with a protocol (`http://` or `https://`) to use when redirecting requests. The default is the protocol that is used in the original request. */ redirectAllRequestsTo?: pulumi.Input; /** * A json array containing [routing rules](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-websiteconfiguration-routingrules.html) * describing redirect behavior and when redirects are applied. * * The `CORS` object supports the following: */ routingRules?: pulumi.Input[]>; } export interface BucketWebsiteConfigurationV2ErrorDocument { /** * Object key name to use when a 4XX class error occurs. */ key: pulumi.Input; } export interface BucketWebsiteConfigurationV2IndexDocument { /** * Suffix that is appended to a request that is for a directory on the website endpoint. * For example, if the suffix is `index.html` and you make a request to `samplebucket/images/`, the data that is returned will be for the object with the key name `images/index.html`. * The suffix must not be empty and must not include a slash character. */ suffix: pulumi.Input; } export interface BucketWebsiteConfigurationV2RedirectAllRequestsTo { /** * Name of the host where requests are redirected. */ hostName: pulumi.Input; /** * Protocol to use when redirecting requests. The default is the protocol that is used in the original request. Valid values: `http`, `https`. */ protocol?: pulumi.Input; } export interface BucketWebsiteConfigurationV2RoutingRule { /** * Configuration block for describing a condition that must be met for the specified redirect to apply. See below. */ condition?: pulumi.Input; /** * Configuration block for redirect information. See below. */ redirect: pulumi.Input; } export interface BucketWebsiteConfigurationV2RoutingRuleCondition { /** * HTTP error code when the redirect is applied. If specified with `keyPrefixEquals`, then both must be true for the redirect to be applied. */ httpErrorCodeReturnedEquals?: pulumi.Input; /** * Object key name prefix when the redirect is applied. If specified with `httpErrorCodeReturnedEquals`, then both must be true for the redirect to be applied. */ keyPrefixEquals?: pulumi.Input; } export interface BucketWebsiteConfigurationV2RoutingRuleRedirect { /** * Host name to use in the redirect request. */ hostName?: pulumi.Input; /** * HTTP redirect code to use on the response. */ httpRedirectCode?: pulumi.Input; /** * Protocol to use when redirecting requests. The default is the protocol that is used in the original request. Valid values: `http`, `https`. */ protocol?: pulumi.Input; /** * Object key prefix to use in the redirect request. For example, to redirect requests for all pages with prefix `docs/` (objects in the `docs/` folder) to `documents/`, you can set a `condition` block with `keyPrefixEquals` set to `docs/` and in the `redirect` set `replaceKeyPrefixWith` to `/documents`. */ replaceKeyPrefixWith?: pulumi.Input; /** * Specific object key to use in the redirect request. For example, redirect request to `error.html`. */ replaceKeyWith?: pulumi.Input; } export interface DirectoryBucketLocation { /** * [Availability Zone ID](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#az-ids). */ name: pulumi.Input; /** * Location type. Valid values: `AvailabilityZone`. */ type?: pulumi.Input; } export interface InventoryDestination { /** * S3 bucket configuration where inventory results are published (documented below). */ bucket: pulumi.Input; } export interface InventoryDestinationBucket { /** * ID of the account that owns the destination bucket. Recommended to be set to prevent problems if the destination bucket ownership changes. */ accountId?: pulumi.Input; /** * Amazon S3 bucket ARN of the destination. */ bucketArn: pulumi.Input; /** * Contains the type of server-side encryption to use to encrypt the inventory (documented below). */ encryption?: pulumi.Input; /** * Specifies the output format of the inventory results. Can be `CSV`, [`ORC`](https://orc.apache.org/) or [`Parquet`](https://parquet.apache.org/). */ format: pulumi.Input; /** * Prefix that is prepended to all inventory results. */ prefix?: pulumi.Input; } export interface InventoryDestinationBucketEncryption { /** * Specifies to use server-side encryption with AWS KMS-managed keys to encrypt the inventory file (documented below). */ sseKms?: pulumi.Input; /** * Specifies to use server-side encryption with Amazon S3-managed keys (SSE-S3) to encrypt the inventory file. */ sseS3?: pulumi.Input; } export interface InventoryDestinationBucketEncryptionSseKms { /** * ARN of the KMS customer master key (CMK) used to encrypt the inventory file. */ keyId: pulumi.Input; } export interface InventoryDestinationBucketEncryptionSseS3 { } export interface InventoryFilter { /** * Prefix that an object must have to be included in the inventory results. */ prefix?: pulumi.Input; } export interface InventorySchedule { /** * Specifies how frequently inventory results are produced. Valid values: `Daily`, `Weekly`. */ frequency: pulumi.Input; } export interface ObjectCopyGrant { /** * Email address of the grantee. Used only when `type` is `AmazonCustomerByEmail`. */ email?: pulumi.Input; /** * Canonical user ID of the grantee. Used only when `type` is `CanonicalUser`. */ id?: pulumi.Input; /** * List of permissions to grant to grantee. Valid values are `READ`, `READ_ACP`, `WRITE_ACP`, `FULL_CONTROL`. */ permissions: pulumi.Input[]>; /** * Type of grantee. Valid values are `CanonicalUser`, `Group`, and `AmazonCustomerByEmail`. * * This configuration block has the following optional arguments (one of the three is required): */ type: pulumi.Input; /** * URI of the grantee group. Used only when `type` is `Group`. */ uri?: pulumi.Input; } } export namespace s3control { export interface AccessGrantAccessGrantsLocationConfiguration { /** * Sub-prefix. */ s3SubPrefix?: pulumi.Input; } export interface AccessGrantGrantee { /** * Grantee identifier. */ granteeIdentifier: pulumi.Input; /** * Grantee types. Valid values: `DIRECTORY_USER`, `DIRECTORY_GROUP`, `IAM`. */ granteeType: pulumi.Input; } export interface BucketLifecycleConfigurationRule { /** * Configuration block containing settings for abort incomplete multipart upload. */ abortIncompleteMultipartUpload?: pulumi.Input; /** * Configuration block containing settings for expiration of objects. */ expiration?: pulumi.Input; /** * Configuration block containing settings for filtering. */ filter?: pulumi.Input; /** * Unique identifier for the rule. */ id: pulumi.Input; /** * Status of the rule. Valid values: `Enabled` and `Disabled`. Defaults to `Enabled`. */ status?: pulumi.Input; } export interface BucketLifecycleConfigurationRuleAbortIncompleteMultipartUpload { daysAfterInitiation: pulumi.Input; } export interface BucketLifecycleConfigurationRuleExpiration { date?: pulumi.Input; days?: pulumi.Input; expiredObjectDeleteMarker?: pulumi.Input; } export interface BucketLifecycleConfigurationRuleFilter { prefix?: pulumi.Input; tags?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface MultiRegionAccessPointDetails { name: pulumi.Input; publicAccessBlock?: pulumi.Input; regions: pulumi.Input[]>; } export interface MultiRegionAccessPointDetailsPublicAccessBlock { blockPublicAcls?: pulumi.Input; blockPublicPolicy?: pulumi.Input; ignorePublicAcls?: pulumi.Input; restrictPublicBuckets?: pulumi.Input; } export interface MultiRegionAccessPointDetailsRegion { bucket: pulumi.Input; bucketAccountId?: pulumi.Input; region?: pulumi.Input; } export interface MultiRegionAccessPointPolicyDetails { /** * The name of the Multi-Region Access Point. */ name: pulumi.Input; /** * A valid JSON document that specifies the policy that you want to associate with this Multi-Region Access Point. Once applied, the policy can be edited, but not deleted. For more information, see the documentation on [Multi-Region Access Point Permissions](https://docs.aws.amazon.com/AmazonS3/latest/userguide/MultiRegionAccessPointPermissions.html). * * > **NOTE:** When you update the `policy`, the update is first listed as the proposed policy. After the update is finished and all Regions have been updated, the proposed policy is listed as the established policy. If both policies have the same version number, the proposed policy is the established policy. */ policy: pulumi.Input; } export interface ObjectLambdaAccessPointConfiguration { /** * Allowed features. Valid values: `GetObject-Range`, `GetObject-PartNumber`. */ allowedFeatures?: pulumi.Input[]>; /** * Whether or not the CloudWatch metrics configuration is enabled. */ cloudWatchMetricsEnabled?: pulumi.Input; /** * Standard access point associated with the Object Lambda Access Point. */ supportingAccessPoint: pulumi.Input; /** * List of transformation configurations for the Object Lambda Access Point. See Transformation Configuration below for more details. */ transformationConfigurations: pulumi.Input[]>; } export interface ObjectLambdaAccessPointConfigurationTransformationConfiguration { /** * The actions of an Object Lambda Access Point configuration. Valid values: `GetObject`. */ actions: pulumi.Input[]>; /** * The content transformation of an Object Lambda Access Point configuration. See Content Transformation below for more details. */ contentTransformation: pulumi.Input; } export interface ObjectLambdaAccessPointConfigurationTransformationConfigurationContentTransformation { /** * Configuration for an AWS Lambda function. See AWS Lambda below for more details. */ awsLambda: pulumi.Input; } export interface ObjectLambdaAccessPointConfigurationTransformationConfigurationContentTransformationAwsLambda { /** * The Amazon Resource Name (ARN) of the AWS Lambda function. */ functionArn: pulumi.Input; /** * Additional JSON that provides supplemental data to the Lambda function used to transform objects. */ functionPayload?: pulumi.Input; } export interface StorageLensConfigurationStorageLensConfiguration { /** * The account-level configurations of the S3 Storage Lens configuration. See Account Level below for more details. */ accountLevel: pulumi.Input; /** * The Amazon Web Services organization for the S3 Storage Lens configuration. See AWS Org below for more details. */ awsOrg?: pulumi.Input; /** * Properties of S3 Storage Lens metrics export including the destination, schema and format. See Data Export below for more details. */ dataExport?: pulumi.Input; /** * Whether the S3 Storage Lens configuration is enabled. */ enabled: pulumi.Input; /** * What is excluded in this configuration. Conflicts with `include`. See Exclude below for more details. */ exclude?: pulumi.Input; /** * What is included in this configuration. Conflicts with `exclude`. See Include below for more details. */ include?: pulumi.Input; } export interface StorageLensConfigurationStorageLensConfigurationAccountLevel { /** * S3 Storage Lens activity metrics. See Activity Metrics below for more details. */ activityMetrics?: pulumi.Input; /** * Advanced cost-optimization metrics for S3 Storage Lens. See Advanced Cost-Optimization Metrics below for more details. */ advancedCostOptimizationMetrics?: pulumi.Input; /** * Advanced data-protection metrics for S3 Storage Lens. See Advanced Data-Protection Metrics below for more details. */ advancedDataProtectionMetrics?: pulumi.Input; /** * S3 Storage Lens bucket-level configuration. See Bucket Level below for more details. */ bucketLevel: pulumi.Input; /** * Detailed status code metrics for S3 Storage Lens. See Detailed Status Code Metrics below for more details. */ detailedStatusCodeMetrics?: pulumi.Input; } export interface StorageLensConfigurationStorageLensConfigurationAccountLevelActivityMetrics { /** * Whether the activity metrics are enabled. */ enabled?: pulumi.Input; } export interface StorageLensConfigurationStorageLensConfigurationAccountLevelAdvancedCostOptimizationMetrics { /** * Whether advanced cost-optimization metrics are enabled. */ enabled?: pulumi.Input; } export interface StorageLensConfigurationStorageLensConfigurationAccountLevelAdvancedDataProtectionMetrics { /** * Whether advanced data-protection metrics are enabled. */ enabled?: pulumi.Input; } export interface StorageLensConfigurationStorageLensConfigurationAccountLevelBucketLevel { /** * S3 Storage Lens activity metrics. See Activity Metrics above for more details. */ activityMetrics?: pulumi.Input; /** * Advanced cost-optimization metrics for S3 Storage Lens. See Advanced Cost-Optimization Metrics above for more details. */ advancedCostOptimizationMetrics?: pulumi.Input; /** * Advanced data-protection metrics for S3 Storage Lens. See Advanced Data-Protection Metrics above for more details. */ advancedDataProtectionMetrics?: pulumi.Input; /** * Detailed status code metrics for S3 Storage Lens. See Detailed Status Code Metrics above for more details. */ detailedStatusCodeMetrics?: pulumi.Input; /** * Prefix-level metrics for S3 Storage Lens. See Prefix Level below for more details. */ prefixLevel?: pulumi.Input; } export interface StorageLensConfigurationStorageLensConfigurationAccountLevelBucketLevelActivityMetrics { /** * Whether the activity metrics are enabled. */ enabled?: pulumi.Input; } export interface StorageLensConfigurationStorageLensConfigurationAccountLevelBucketLevelAdvancedCostOptimizationMetrics { /** * Whether advanced cost-optimization metrics are enabled. */ enabled?: pulumi.Input; } export interface StorageLensConfigurationStorageLensConfigurationAccountLevelBucketLevelAdvancedDataProtectionMetrics { /** * Whether advanced data-protection metrics are enabled. */ enabled?: pulumi.Input; } export interface StorageLensConfigurationStorageLensConfigurationAccountLevelBucketLevelDetailedStatusCodeMetrics { /** * Whether detailed status code metrics are enabled. */ enabled?: pulumi.Input; } export interface StorageLensConfigurationStorageLensConfigurationAccountLevelBucketLevelPrefixLevel { /** * Prefix-level storage metrics for S3 Storage Lens. See Prefix Level Storage Metrics below for more details. */ storageMetrics: pulumi.Input; } export interface StorageLensConfigurationStorageLensConfigurationAccountLevelBucketLevelPrefixLevelStorageMetrics { /** * Whether prefix-level storage metrics are enabled. */ enabled?: pulumi.Input; /** * Selection criteria. See Selection Criteria below for more details. */ selectionCriteria?: pulumi.Input; } export interface StorageLensConfigurationStorageLensConfigurationAccountLevelBucketLevelPrefixLevelStorageMetricsSelectionCriteria { /** * The delimiter of the selection criteria being used. */ delimiter?: pulumi.Input; /** * The max depth of the selection criteria. */ maxDepth?: pulumi.Input; /** * The minimum number of storage bytes percentage whose metrics will be selected. */ minStorageBytesPercentage?: pulumi.Input; } export interface StorageLensConfigurationStorageLensConfigurationAccountLevelDetailedStatusCodeMetrics { /** * Whether detailed status code metrics are enabled. */ enabled?: pulumi.Input; } export interface StorageLensConfigurationStorageLensConfigurationAwsOrg { /** * The Amazon Resource Name (ARN) of the Amazon Web Services organization. */ arn: pulumi.Input; } export interface StorageLensConfigurationStorageLensConfigurationDataExport { /** * Amazon CloudWatch publishing for S3 Storage Lens metrics. See Cloud Watch Metrics below for more details. */ cloudWatchMetrics?: pulumi.Input; /** * The bucket where the S3 Storage Lens metrics export will be located. See S3 Bucket Destination below for more details. */ s3BucketDestination?: pulumi.Input; } export interface StorageLensConfigurationStorageLensConfigurationDataExportCloudWatchMetrics { /** * Whether CloudWatch publishing for S3 Storage Lens metrics is enabled. */ enabled: pulumi.Input; } export interface StorageLensConfigurationStorageLensConfigurationDataExportS3BucketDestination { /** * The account ID of the owner of the S3 Storage Lens metrics export bucket. */ accountId: pulumi.Input; /** * The Amazon Resource Name (ARN) of the bucket. */ arn: pulumi.Input; /** * Encryption of the metrics exports in this bucket. See Encryption below for more details. */ encryption?: pulumi.Input; /** * The export format. Valid values: `CSV`, `Parquet`. */ format: pulumi.Input; /** * The schema version of the export file. Valid values: `V_1`. */ outputSchemaVersion: pulumi.Input; /** * The prefix of the destination bucket where the metrics export will be delivered. */ prefix?: pulumi.Input; } export interface StorageLensConfigurationStorageLensConfigurationDataExportS3BucketDestinationEncryption { /** * SSE-KMS encryption. See SSE KMS below for more details. */ sseKms?: pulumi.Input; /** * SSE-S3 encryption. An empty configuration block `{}` should be used. */ sseS3s?: pulumi.Input[]>; } export interface StorageLensConfigurationStorageLensConfigurationDataExportS3BucketDestinationEncryptionSseKms { /** * KMS key ARN. */ keyId: pulumi.Input; } export interface StorageLensConfigurationStorageLensConfigurationDataExportS3BucketDestinationEncryptionSseS3 { } export interface StorageLensConfigurationStorageLensConfigurationExclude { /** * List of S3 bucket ARNs. */ buckets?: pulumi.Input[]>; /** * List of AWS Regions. */ regions?: pulumi.Input[]>; } export interface StorageLensConfigurationStorageLensConfigurationInclude { /** * List of S3 bucket ARNs. */ buckets?: pulumi.Input[]>; /** * List of AWS Regions. */ regions?: pulumi.Input[]>; } } export namespace s3outposts { export interface EndpointNetworkInterface { /** * Identifier of the Elastic Network Interface (ENI). */ networkInterfaceId?: pulumi.Input; } } export namespace sagemaker { export interface AppImageConfigCodeEditorAppImageConfig { /** * The configuration used to run the application image container. See Container Config details below. */ containerConfig?: pulumi.Input; /** * The URL where the Git repository is located. See File System Config details below. */ fileSystemConfig?: pulumi.Input; } export interface AppImageConfigCodeEditorAppImageConfigContainerConfig { /** * The arguments for the container when you're running the application. */ containerArguments?: pulumi.Input[]>; /** * The entrypoint used to run the application in the container. */ containerEntrypoints?: pulumi.Input[]>; /** * The environment variables to set in the container. */ containerEnvironmentVariables?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface AppImageConfigCodeEditorAppImageConfigFileSystemConfig { /** * The default POSIX group ID (GID). If not specified, defaults to `100`. Valid values are `0` and `100`. */ defaultGid?: pulumi.Input; /** * The default POSIX user ID (UID). If not specified, defaults to `1000`. Valid values are `0` and `1000`. */ defaultUid?: pulumi.Input; /** * The path within the image to mount the user's EFS home directory. The directory should be empty. If not specified, defaults to `/home/sagemaker-user`. * * > **Note:** When specifying `defaultGid` and `defaultUid`, Valid value pairs are [`0`, `0`] and [`100`, `1000`]. */ mountPath?: pulumi.Input; } export interface AppImageConfigJupyterLabImageConfig { /** * The configuration used to run the application image container. See Container Config details below. */ containerConfig?: pulumi.Input; /** * The URL where the Git repository is located. See File System Config details below. */ fileSystemConfig?: pulumi.Input; } export interface AppImageConfigJupyterLabImageConfigContainerConfig { /** * The arguments for the container when you're running the application. */ containerArguments?: pulumi.Input[]>; /** * The entrypoint used to run the application in the container. */ containerEntrypoints?: pulumi.Input[]>; /** * The environment variables to set in the container. */ containerEnvironmentVariables?: pulumi.Input<{[key: string]: pulumi.Input}>; } export interface AppImageConfigJupyterLabImageConfigFileSystemConfig { /** * The default POSIX group ID (GID). If not specified, defaults to `100`. Valid values are `0` and `100`. */ defaultGid?: pulumi.Input; /** * The default POSIX user ID (UID). If not specified, defaults to `1000`. Valid values are `0` and `1000`. */ defaultUid?: pulumi.Input; /** * The path within the image to mount the user's EFS home directory. The directory should be empty. If not specified, defaults to `/home/sagemaker-user`. * * > **Note:** When specifying `defaultGid` and `defaultUid`, Valid value pairs are [`0`, `0`] and [`100`, `1000`]. */ mountPath?: pulumi.Input; } export interface AppImageConfigKernelGatewayImageConfig { /** * The URL where the Git repository is located. See File System Config details below. */ fileSystemConfig?: pulumi.Input; /** * The default branch for the Git repository. See Kernel Spec details below. */ kernelSpec: pulumi.Input; } export interface AppImageConfigKernelGatewayImageConfigFileSystemConfig { /** * The default POSIX group ID (GID). If not specified, defaults to `100`. Valid values are `0` and `100`. */ defaultGid?: pulumi.Input; /** * The default POSIX user ID (UID). If not specified, defaults to `1000`. Valid values are `0` and `1000`. */ defaultUid?: pulumi.Input; /** * The path within the image to mount the user's EFS home directory. The directory should be empty. If not specified, defaults to `/home/sagemaker-user`. * * > **Note:** When specifying `defaultGid` and `defaultUid`, Valid value pairs are [`0`, `0`] and [`100`, `1000`]. */ mountPath?: pulumi.Input; } export interface AppImageConfigKernelGatewayImageConfigKernelSpec { /** * The display name of the kernel. */ displayName?: pulumi.Input; /** * The name of the kernel. */ name: pulumi.Input; } export interface AppResourceSpec { /** * The instance type that the image version runs on. For valid values see [SageMaker Instance Types](https://docs.aws.amazon.com/sagemaker/latest/dg/notebooks-available-instance-types.html). */ instanceType?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Lifecycle Configuration attached to the Resource. */ lifecycleConfigArn?: pulumi.Input; /** * The ARN of the SageMaker image that the image version belongs to. */ sagemakerImageArn?: pulumi.Input; /** * The SageMaker Image Version Alias. */ sagemakerImageVersionAlias?: pulumi.Input; /** * The ARN of the image version created on the instance. */ sagemakerImageVersionArn?: pulumi.Input; } export interface CodeRepositoryGitConfig { /** * The default branch for the Git repository. */ branch?: pulumi.Input; /** * The URL where the Git repository is located. */ repositoryUrl: pulumi.Input; /** * The Amazon Resource Name (ARN) of the AWS Secrets Manager secret that contains the credentials used to access the git repository. The secret must have a staging label of AWSCURRENT and must be in the following format: `{"username": UserName, "password": Password}` */ secretArn?: pulumi.Input; } export interface DataQualityJobDefinitionDataQualityAppSpecification { /** * Sets the environment variables in the container that the monitoring job runs. A list of key value pairs. */ environment?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * The container image that the data quality monitoring job runs. */ imageUri: pulumi.Input; /** * An Amazon S3 URI to a script that is called after analysis has been performed. Applicable only for the built-in (first party) containers. */ postAnalyticsProcessorSourceUri?: pulumi.Input; /** * An Amazon S3 URI to a script that is called per row prior to running analysis. It can base64 decode the payload and convert it into a flatted json so that the built-in container can use the converted data. Applicable only for the built-in (first party) containers. */ recordPreprocessorSourceUri?: pulumi.Input; } export interface DataQualityJobDefinitionDataQualityBaselineConfig { /** * The constraints resource for a monitoring job. Fields are documented below. */ constraintsResource?: pulumi.Input; /** * The statistics resource for a monitoring job. Fields are documented below. */ statisticsResource?: pulumi.Input; } export interface DataQualityJobDefinitionDataQualityBaselineConfigConstraintsResource { /** * The Amazon S3 URI for the constraints resource. */ s3Uri?: pulumi.Input; } export interface DataQualityJobDefinitionDataQualityBaselineConfigStatisticsResource { /** * The Amazon S3 URI for the statistics resource. */ s3Uri?: pulumi.Input; } export interface DataQualityJobDefinitionDataQualityJobInput { /** * Input object for the batch transform job. Fields are documented below. */ batchTransformInput?: pulumi.Input; /** * Input object for the endpoint. Fields are documented below. */ endpointInput?: pulumi.Input; } export interface DataQualityJobDefinitionDataQualityJobInputBatchTransformInput { /** * The Amazon S3 location being used to capture the data. */ dataCapturedDestinationS3Uri: pulumi.Input; /** * The dataset format for your batch transform job. Fields are documented below. */ datasetFormat: pulumi.Input; /** * Path to the filesystem where the batch transform data is available to the container. Defaults to `/opt/ml/processing/input`. */ localPath?: pulumi.Input; /** * Whether input data distributed in Amazon S3 is fully replicated or sharded by an S3 key. Defaults to `FullyReplicated`. Valid values are `FullyReplicated` or `ShardedByS3Key` */ s3DataDistributionType?: pulumi.Input; /** * Whether the `Pipe` or `File` is used as the input mode for transferring data for the monitoring job. `Pipe` mode is recommended for large datasets. `File` mode is useful for small files that fit in memory. Defaults to `File`. Valid values are `Pipe` or `File` */ s3InputMode?: pulumi.Input; } export interface DataQualityJobDefinitionDataQualityJobInputBatchTransformInputDatasetFormat { /** * The CSV dataset used in the monitoring job. Fields are documented below. */ csv?: pulumi.Input; /** * The JSON dataset used in the monitoring job. Fields are documented below. */ json?: pulumi.Input; } export interface DataQualityJobDefinitionDataQualityJobInputBatchTransformInputDatasetFormatCsv { /** * Indicates if the CSV data has a header. */ header?: pulumi.Input; } export interface DataQualityJobDefinitionDataQualityJobInputBatchTransformInputDatasetFormatJson { /** * Indicates if the file should be read as a json object per line. */ line?: pulumi.Input; } export interface DataQualityJobDefinitionDataQualityJobInputEndpointInput { /** * An endpoint in customer's account which has `dataCaptureConfig` enabled. */ endpointName: pulumi.Input; /** * Path to the filesystem where the endpoint data is available to the container. Defaults to `/opt/ml/processing/input`. */ localPath?: pulumi.Input; /** * Whether input data distributed in Amazon S3 is fully replicated or sharded by an S3 key. Defaults to `FullyReplicated`. Valid values are `FullyReplicated` or `ShardedByS3Key` */ s3DataDistributionType?: pulumi.Input; /** * Whether the `Pipe` or `File` is used as the input mode for transferring data for the monitoring job. `Pipe` mode is recommended for large datasets. `File` mode is useful for small files that fit in memory. Defaults to `File`. Valid values are `Pipe` or `File` */ s3InputMode?: pulumi.Input; } export interface DataQualityJobDefinitionDataQualityJobOutputConfig { /** * The AWS Key Management Service (AWS KMS) key that Amazon SageMaker uses to encrypt the model artifacts at rest using Amazon S3 server-side encryption. */ kmsKeyId?: pulumi.Input; /** * Monitoring outputs for monitoring jobs. This is where the output of the periodic monitoring jobs is uploaded. Fields are documented below. */ monitoringOutputs: pulumi.Input; } export interface DataQualityJobDefinitionDataQualityJobOutputConfigMonitoringOutputs { /** * The Amazon S3 storage location where the results of a monitoring job are saved. Fields are documented below. */ s3Output: pulumi.Input; } export interface DataQualityJobDefinitionDataQualityJobOutputConfigMonitoringOutputsS3Output { /** * The local path to the Amazon S3 storage location where Amazon SageMaker saves the results of a monitoring job. LocalPath is an absolute path for the output data. Defaults to `/opt/ml/processing/output`. */ localPath?: pulumi.Input; /** * Whether to upload the results of the monitoring job continuously or after the job completes. Valid values are `Continuous` or `EndOfJob` */ s3UploadMode?: pulumi.Input; /** * A URI that identifies the Amazon S3 storage location where Amazon SageMaker saves the results of a monitoring job. */ s3Uri: pulumi.Input; } export interface DataQualityJobDefinitionJobResources { /** * The configuration for the cluster resources used to run the processing job. Fields are documented below. */ clusterConfig: pulumi.Input; } export interface DataQualityJobDefinitionJobResourcesClusterConfig { /** * The number of ML compute instances to use in the model monitoring job. For distributed processing jobs, specify a value greater than 1. */ instanceCount: pulumi.Input; /** * The ML compute instance type for the processing job. */ instanceType: pulumi.Input; /** * The AWS Key Management Service (AWS KMS) key that Amazon SageMaker uses to encrypt data on the storage volume attached to the ML compute instance(s) that run the model monitoring job. */ volumeKmsKeyId?: pulumi.Input; /** * The size of the ML storage volume, in gigabytes, that you want to provision. You must specify sufficient ML storage for your scenario. */ volumeSizeInGb: pulumi.Input; } export interface DataQualityJobDefinitionNetworkConfig { /** * Whether to encrypt all communications between the instances used for the monitoring jobs. Choose `true` to encrypt communications. Encryption provides greater security for distributed jobs, but the processing might take longer. */ enableInterContainerTrafficEncryption?: pulumi.Input; /** * Whether to allow inbound and outbound network calls to and from the containers used for the monitoring job. */ enableNetworkIsolation?: pulumi.Input; /** * Specifies a VPC that your training jobs and hosted models have access to. Control access to and from your training and model containers by configuring the VPC. Fields are documented below. */ vpcConfig?: pulumi.Input; } export interface DataQualityJobDefinitionNetworkConfigVpcConfig { /** * The VPC security group IDs, in the form sg-xxxxxxxx. Specify the security groups for the VPC that is specified in the `subnets` field. */ securityGroupIds: pulumi.Input[]>; /** * The ID of the subnets in the VPC to which you want to connect your training job or model. */ subnets: pulumi.Input[]>; } export interface DataQualityJobDefinitionStoppingCondition { /** * The maximum runtime allowed in seconds. */ maxRuntimeInSeconds?: pulumi.Input; } export interface DeviceDevice { /** * A description for the device. */ description?: pulumi.Input; /** * The name of the device. */ deviceName: pulumi.Input; /** * Amazon Web Services Internet of Things (IoT) object name. */ iotThingName?: pulumi.Input; } export interface DeviceFleetOutputConfig { /** * The AWS Key Management Service (AWS KMS) key that Amazon SageMaker uses to encrypt data on the storage volume after compilation job. If you don't provide a KMS key ID, Amazon SageMaker uses the default KMS key for Amazon S3 for your role's account. */ kmsKeyId?: pulumi.Input; /** * The Amazon Simple Storage (S3) bucker URI. */ s3OutputLocation: pulumi.Input; } export interface DomainDefaultSpaceSettings { /** * The execution role for the space. */ executionRole: pulumi.Input; /** * The Jupyter server's app settings. See `jupyterServerAppSettings` Block below. */ jupyterServerAppSettings?: pulumi.Input; /** * The kernel gateway app settings. See `kernelGatewayAppSettings` Block below. */ kernelGatewayAppSettings?: pulumi.Input; /** * The security groups for the Amazon Virtual Private Cloud that the space uses for communication. */ securityGroups?: pulumi.Input[]>; } export interface DomainDefaultSpaceSettingsJupyterServerAppSettings { /** * A list of Git repositories that SageMaker automatically displays to users for cloning in the JupyterServer application. see `codeRepository` Block below. */ codeRepositories?: pulumi.Input[]>; /** * The default instance type and the Amazon Resource Name (ARN) of the SageMaker image created on the instance. see `defaultResourceSpec` Block below. */ defaultResourceSpec?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Lifecycle Configurations. */ lifecycleConfigArns?: pulumi.Input[]>; } export interface DomainDefaultSpaceSettingsJupyterServerAppSettingsCodeRepository { /** * The URL of the Git repository. */ repositoryUrl: pulumi.Input; } export interface DomainDefaultSpaceSettingsJupyterServerAppSettingsDefaultResourceSpec { /** * The instance type that the image version runs on.. For valid values see [SageMaker Instance Types](https://docs.aws.amazon.com/sagemaker/latest/dg/notebooks-available-instance-types.html). */ instanceType?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Lifecycle Configuration attached to the Resource. */ lifecycleConfigArn?: pulumi.Input; /** * The ARN of the SageMaker image that the image version belongs to. */ sagemakerImageArn?: pulumi.Input; /** * The SageMaker Image Version Alias. */ sagemakerImageVersionAlias?: pulumi.Input; /** * The ARN of the image version created on the instance. */ sagemakerImageVersionArn?: pulumi.Input; } export interface DomainDefaultSpaceSettingsKernelGatewayAppSettings { /** * A list of custom SageMaker images that are configured to run as a KernelGateway app. see `customImage` Block below. */ customImages?: pulumi.Input[]>; /** * The default instance type and the Amazon Resource Name (ARN) of the SageMaker image created on the instance. see `defaultResourceSpec` Block below. */ defaultResourceSpec?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Lifecycle Configurations. */ lifecycleConfigArns?: pulumi.Input[]>; } export interface DomainDefaultSpaceSettingsKernelGatewayAppSettingsCustomImage { /** * The name of the App Image Config. */ appImageConfigName: pulumi.Input; /** * The name of the Custom Image. */ imageName: pulumi.Input; /** * The version number of the Custom Image. */ imageVersionNumber?: pulumi.Input; } export interface DomainDefaultSpaceSettingsKernelGatewayAppSettingsDefaultResourceSpec { /** * The instance type that the image version runs on.. For valid values see [SageMaker Instance Types](https://docs.aws.amazon.com/sagemaker/latest/dg/notebooks-available-instance-types.html). */ instanceType?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Lifecycle Configuration attached to the Resource. */ lifecycleConfigArn?: pulumi.Input; /** * The ARN of the SageMaker image that the image version belongs to. */ sagemakerImageArn?: pulumi.Input; /** * The SageMaker Image Version Alias. */ sagemakerImageVersionAlias?: pulumi.Input; /** * The ARN of the image version created on the instance. */ sagemakerImageVersionArn?: pulumi.Input; } export interface DomainDefaultUserSettings { /** * The Canvas app settings. See `canvasAppSettings` Block below. */ canvasAppSettings?: pulumi.Input; /** * The Code Editor application settings. See `codeEditorAppSettings` Block below. */ codeEditorAppSettings?: pulumi.Input; /** * The settings for assigning a custom file system to a user profile. Permitted users can access this file system in Amazon SageMaker Studio. See `customFileSystemConfig` Block below. */ customFileSystemConfigs?: pulumi.Input[]>; /** * Details about the POSIX identity that is used for file system operations. See `customPosixUserConfig` Block below. */ customPosixUserConfig?: pulumi.Input; /** * The default experience that the user is directed to when accessing the domain. The supported values are: `studio::`: Indicates that Studio is the default experience. This value can only be passed if StudioWebPortal is set to ENABLED. `app:JupyterServer:`: Indicates that Studio Classic is the default experience. */ defaultLandingUri?: pulumi.Input; /** * The execution role ARN for the user. */ executionRole: pulumi.Input; /** * The settings for the JupyterLab application. See `jupyterLabAppSettings` Block below. */ jupyterLabAppSettings?: pulumi.Input; /** * The Jupyter server's app settings. See `jupyterServerAppSettings` Block below. */ jupyterServerAppSettings?: pulumi.Input; /** * The kernel gateway app settings. See `kernelGatewayAppSettings` Block below. */ kernelGatewayAppSettings?: pulumi.Input; /** * The RSession app settings. See `rSessionAppSettings` Block below. */ rSessionAppSettings?: pulumi.Input; /** * A collection of settings that configure user interaction with the RStudioServerPro app. See `rStudioServerProAppSettings` Block below. */ rStudioServerProAppSettings?: pulumi.Input; /** * A list of security group IDs that will be attached to the user. */ securityGroups?: pulumi.Input[]>; /** * The sharing settings. See `sharingSettings` Block below. */ sharingSettings?: pulumi.Input; /** * The storage settings for a private space. See `spaceStorageSettings` Block below. */ spaceStorageSettings?: pulumi.Input; /** * Whether the user can access Studio. If this value is set to `DISABLED`, the user cannot access Studio, even if that is the default experience for the domain. Valid values are `ENABLED` and `DISABLED`. */ studioWebPortal?: pulumi.Input; /** * The TensorBoard app settings. See `tensorBoardAppSettings` Block below. */ tensorBoardAppSettings?: pulumi.Input; } export interface DomainDefaultUserSettingsCanvasAppSettings { /** * The model deployment settings for the SageMaker Canvas application. See `directDeploySettings` Block below. */ directDeploySettings?: pulumi.Input; /** * The settings for connecting to an external data source with OAuth. See `identityProviderOauthSettings` Block below. */ identityProviderOauthSettings?: pulumi.Input[]>; /** * The settings for document querying. See `kendraSettings` Block below. */ kendraSettings?: pulumi.Input; /** * The model registry settings for the SageMaker Canvas application. See `modelRegisterSettings` Block below. */ modelRegisterSettings?: pulumi.Input; /** * Time series forecast settings for the Canvas app. See `timeSeriesForecastingSettings` Block below. */ timeSeriesForecastingSettings?: pulumi.Input; /** * The workspace settings for the SageMaker Canvas application. See `workspaceSettings` Block below. */ workspaceSettings?: pulumi.Input; } export interface DomainDefaultUserSettingsCanvasAppSettingsDirectDeploySettings { /** * Describes whether model deployment permissions are enabled or disabled in the Canvas application. Valid values are `ENABLED` and `DISABLED`. */ status?: pulumi.Input; } export interface DomainDefaultUserSettingsCanvasAppSettingsIdentityProviderOauthSetting { /** * The name of the data source that you're connecting to. Canvas currently supports OAuth for Snowflake and Salesforce Data Cloud. Valid values are `SalesforceGenie` and `Snowflake`. */ dataSourceName?: pulumi.Input; /** * The ARN of an Amazon Web Services Secrets Manager secret that stores the credentials from your identity provider, such as the client ID and secret, authorization URL, and token URL. */ secretArn: pulumi.Input; /** * Describes whether OAuth for a data source is enabled or disabled in the Canvas application. Valid values are `ENABLED` and `DISABLED`. */ status?: pulumi.Input; } export interface DomainDefaultUserSettingsCanvasAppSettingsKendraSettings { /** * Describes whether the document querying feature is enabled or disabled in the Canvas application. Valid values are `ENABLED` and `DISABLED`. */ status?: pulumi.Input; } export interface DomainDefaultUserSettingsCanvasAppSettingsModelRegisterSettings { /** * The Amazon Resource Name (ARN) of the SageMaker model registry account. Required only to register model versions created by a different SageMaker Canvas AWS account than the AWS account in which SageMaker model registry is set up. */ crossAccountModelRegisterRoleArn?: pulumi.Input; /** * Describes whether the integration to the model registry is enabled or disabled in the Canvas application. Valid values are `ENABLED` and `DISABLED`. */ status?: pulumi.Input; } export interface DomainDefaultUserSettingsCanvasAppSettingsTimeSeriesForecastingSettings { /** * The IAM role that Canvas passes to Amazon Forecast for time series forecasting. By default, Canvas uses the execution role specified in the UserProfile that launches the Canvas app. If an execution role is not specified in the UserProfile, Canvas uses the execution role specified in the Domain that owns the UserProfile. To allow time series forecasting, this IAM role should have the [AmazonSageMakerCanvasForecastAccess](https://docs.aws.amazon.com/sagemaker/latest/dg/security-iam-awsmanpol-canvas.html#security-iam-awsmanpol-AmazonSageMakerCanvasForecastAccess) policy attached and forecast.amazonaws.com added in the trust relationship as a service principal. */ amazonForecastRoleArn?: pulumi.Input; /** * Describes whether time series forecasting is enabled or disabled in the Canvas app. Valid values are `ENABLED` and `DISABLED`. */ status?: pulumi.Input; } export interface DomainDefaultUserSettingsCanvasAppSettingsWorkspaceSettings { /** * The Amazon S3 bucket used to store artifacts generated by Canvas. Updating the Amazon S3 location impacts existing configuration settings, and Canvas users no longer have access to their artifacts. Canvas users must log out and log back in to apply the new location. */ s3ArtifactPath?: pulumi.Input; /** * The Amazon Web Services Key Management Service (KMS) encryption key ID that is used to encrypt artifacts generated by Canvas in the Amazon S3 bucket. */ s3KmsKeyId?: pulumi.Input; } export interface DomainDefaultUserSettingsCodeEditorAppSettings { /** * The default instance type and the Amazon Resource Name (ARN) of the SageMaker image created on the instance. see `defaultResourceSpec` Block below. */ defaultResourceSpec?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Lifecycle Configurations. */ lifecycleConfigArns?: pulumi.Input[]>; } export interface DomainDefaultUserSettingsCodeEditorAppSettingsDefaultResourceSpec { /** * The instance type that the image version runs on.. For valid values see [SageMaker Instance Types](https://docs.aws.amazon.com/sagemaker/latest/dg/notebooks-available-instance-types.html). */ instanceType?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Lifecycle Configuration attached to the Resource. */ lifecycleConfigArn?: pulumi.Input; /** * The ARN of the SageMaker image that the image version belongs to. */ sagemakerImageArn?: pulumi.Input; /** * The SageMaker Image Version Alias. */ sagemakerImageVersionAlias?: pulumi.Input; /** * The ARN of the image version created on the instance. */ sagemakerImageVersionArn?: pulumi.Input; } export interface DomainDefaultUserSettingsCustomFileSystemConfig { /** * The default EBS storage settings for a private space. See `efsFileSystemConfig` Block below. */ efsFileSystemConfig?: pulumi.Input; } export interface DomainDefaultUserSettingsCustomFileSystemConfigEfsFileSystemConfig { /** * The ID of your Amazon EFS file system. */ fileSystemId: pulumi.Input; /** * The path to the file system directory that is accessible in Amazon SageMaker Studio. Permitted users can access only this directory and below. */ fileSystemPath: pulumi.Input; } export interface DomainDefaultUserSettingsCustomPosixUserConfig { /** * The POSIX group ID. */ gid: pulumi.Input; /** * The POSIX user ID. */ uid: pulumi.Input; } export interface DomainDefaultUserSettingsJupyterLabAppSettings { /** * A list of Git repositories that SageMaker automatically displays to users for cloning in the JupyterServer application. see `codeRepository` Block below. */ codeRepositories?: pulumi.Input[]>; /** * A list of custom SageMaker images that are configured to run as a JupyterLab app. see `customImage` Block below. */ customImages?: pulumi.Input[]>; /** * The default instance type and the Amazon Resource Name (ARN) of the SageMaker image created on the instance. see `defaultResourceSpec` Block below. */ defaultResourceSpec?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Lifecycle Configurations. */ lifecycleConfigArns?: pulumi.Input[]>; } export interface DomainDefaultUserSettingsJupyterLabAppSettingsCodeRepository { /** * The URL of the Git repository. */ repositoryUrl: pulumi.Input; } export interface DomainDefaultUserSettingsJupyterLabAppSettingsCustomImage { /** * The name of the App Image Config. */ appImageConfigName: pulumi.Input; /** * The name of the Custom Image. */ imageName: pulumi.Input; /** * The version number of the Custom Image. */ imageVersionNumber?: pulumi.Input; } export interface DomainDefaultUserSettingsJupyterLabAppSettingsDefaultResourceSpec { /** * The instance type that the image version runs on.. For valid values see [SageMaker Instance Types](https://docs.aws.amazon.com/sagemaker/latest/dg/notebooks-available-instance-types.html). */ instanceType?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Lifecycle Configuration attached to the Resource. */ lifecycleConfigArn?: pulumi.Input; /** * The ARN of the SageMaker image that the image version belongs to. */ sagemakerImageArn?: pulumi.Input; /** * The SageMaker Image Version Alias. */ sagemakerImageVersionAlias?: pulumi.Input; /** * The ARN of the image version created on the instance. */ sagemakerImageVersionArn?: pulumi.Input; } export interface DomainDefaultUserSettingsJupyterServerAppSettings { /** * A list of Git repositories that SageMaker automatically displays to users for cloning in the JupyterServer application. see `codeRepository` Block below. */ codeRepositories?: pulumi.Input[]>; /** * The default instance type and the Amazon Resource Name (ARN) of the SageMaker image created on the instance. see `defaultResourceSpec` Block below. */ defaultResourceSpec?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Lifecycle Configurations. */ lifecycleConfigArns?: pulumi.Input[]>; } export interface DomainDefaultUserSettingsJupyterServerAppSettingsCodeRepository { /** * The URL of the Git repository. */ repositoryUrl: pulumi.Input; } export interface DomainDefaultUserSettingsJupyterServerAppSettingsDefaultResourceSpec { /** * The instance type that the image version runs on.. For valid values see [SageMaker Instance Types](https://docs.aws.amazon.com/sagemaker/latest/dg/notebooks-available-instance-types.html). */ instanceType?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Lifecycle Configuration attached to the Resource. */ lifecycleConfigArn?: pulumi.Input; /** * The ARN of the SageMaker image that the image version belongs to. */ sagemakerImageArn?: pulumi.Input; /** * The SageMaker Image Version Alias. */ sagemakerImageVersionAlias?: pulumi.Input; /** * The ARN of the image version created on the instance. */ sagemakerImageVersionArn?: pulumi.Input; } export interface DomainDefaultUserSettingsKernelGatewayAppSettings { /** * A list of custom SageMaker images that are configured to run as a KernelGateway app. see `customImage` Block below. */ customImages?: pulumi.Input[]>; /** * The default instance type and the Amazon Resource Name (ARN) of the SageMaker image created on the instance. see `defaultResourceSpec` Block below. */ defaultResourceSpec?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Lifecycle Configurations. */ lifecycleConfigArns?: pulumi.Input[]>; } export interface DomainDefaultUserSettingsKernelGatewayAppSettingsCustomImage { /** * The name of the App Image Config. */ appImageConfigName: pulumi.Input; /** * The name of the Custom Image. */ imageName: pulumi.Input; /** * The version number of the Custom Image. */ imageVersionNumber?: pulumi.Input; } export interface DomainDefaultUserSettingsKernelGatewayAppSettingsDefaultResourceSpec { /** * The instance type that the image version runs on.. For valid values see [SageMaker Instance Types](https://docs.aws.amazon.com/sagemaker/latest/dg/notebooks-available-instance-types.html). */ instanceType?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Lifecycle Configuration attached to the Resource. */ lifecycleConfigArn?: pulumi.Input; /** * The ARN of the SageMaker image that the image version belongs to. */ sagemakerImageArn?: pulumi.Input; /** * The SageMaker Image Version Alias. */ sagemakerImageVersionAlias?: pulumi.Input; /** * The ARN of the image version created on the instance. */ sagemakerImageVersionArn?: pulumi.Input; } export interface DomainDefaultUserSettingsRSessionAppSettings { /** * A list of custom SageMaker images that are configured to run as a RSession app. see `customImage` Block below. */ customImages?: pulumi.Input[]>; /** * The default instance type and the Amazon Resource Name (ARN) of the SageMaker image created on the instance. see `defaultResourceSpec` Block above. */ defaultResourceSpec?: pulumi.Input; } export interface DomainDefaultUserSettingsRSessionAppSettingsCustomImage { /** * The name of the App Image Config. */ appImageConfigName: pulumi.Input; /** * The name of the Custom Image. */ imageName: pulumi.Input; /** * The version number of the Custom Image. */ imageVersionNumber?: pulumi.Input; } export interface DomainDefaultUserSettingsRSessionAppSettingsDefaultResourceSpec { /** * The instance type that the image version runs on.. For valid values see [SageMaker Instance Types](https://docs.aws.amazon.com/sagemaker/latest/dg/notebooks-available-instance-types.html). */ instanceType?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Lifecycle Configuration attached to the Resource. */ lifecycleConfigArn?: pulumi.Input; /** * The ARN of the SageMaker image that the image version belongs to. */ sagemakerImageArn?: pulumi.Input; /** * The SageMaker Image Version Alias. */ sagemakerImageVersionAlias?: pulumi.Input; /** * The ARN of the image version created on the instance. */ sagemakerImageVersionArn?: pulumi.Input; } export interface DomainDefaultUserSettingsRStudioServerProAppSettings { /** * Indicates whether the current user has access to the RStudioServerPro app. Valid values are `ENABLED` and `DISABLED`. */ accessStatus?: pulumi.Input; /** * The level of permissions that the user has within the RStudioServerPro app. This value defaults to `R_STUDIO_USER`. The `R_STUDIO_ADMIN` value allows the user access to the RStudio Administrative Dashboard. Valid values are `R_STUDIO_USER` and `R_STUDIO_ADMIN`. */ userGroup?: pulumi.Input; } export interface DomainDefaultUserSettingsSharingSettings { /** * Whether to include the notebook cell output when sharing the notebook. The default is `Disabled`. Valid values are `Allowed` and `Disabled`. */ notebookOutputOption?: pulumi.Input; /** * When `notebookOutputOption` is Allowed, the AWS Key Management Service (KMS) encryption key ID used to encrypt the notebook cell output in the Amazon S3 bucket. */ s3KmsKeyId?: pulumi.Input; /** * When `notebookOutputOption` is Allowed, the Amazon S3 bucket used to save the notebook cell output. */ s3OutputPath?: pulumi.Input; } export interface DomainDefaultUserSettingsSpaceStorageSettings { /** * The default EBS storage settings for a private space. See `defaultEbsStorageSettings` Block below. */ defaultEbsStorageSettings?: pulumi.Input; } export interface DomainDefaultUserSettingsSpaceStorageSettingsDefaultEbsStorageSettings { /** * The default size of the EBS storage volume for a private space. */ defaultEbsVolumeSizeInGb: pulumi.Input; /** * The maximum size of the EBS storage volume for a private space. */ maximumEbsVolumeSizeInGb: pulumi.Input; } export interface DomainDefaultUserSettingsTensorBoardAppSettings { /** * The default instance type and the Amazon Resource Name (ARN) of the SageMaker image created on the instance. see `defaultResourceSpec` Block below. */ defaultResourceSpec?: pulumi.Input; } export interface DomainDefaultUserSettingsTensorBoardAppSettingsDefaultResourceSpec { /** * The instance type that the image version runs on.. For valid values see [SageMaker Instance Types](https://docs.aws.amazon.com/sagemaker/latest/dg/notebooks-available-instance-types.html). */ instanceType?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Lifecycle Configuration attached to the Resource. */ lifecycleConfigArn?: pulumi.Input; /** * The ARN of the SageMaker image that the image version belongs to. */ sagemakerImageArn?: pulumi.Input; /** * The SageMaker Image Version Alias. */ sagemakerImageVersionAlias?: pulumi.Input; /** * The ARN of the image version created on the instance. */ sagemakerImageVersionArn?: pulumi.Input; } export interface DomainDomainSettings { /** * The configuration for attaching a SageMaker user profile name to the execution role as a sts:SourceIdentity key [AWS Docs](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html). Valid values are `USER_PROFILE_NAME` and `DISABLED`. */ executionRoleIdentityConfig?: pulumi.Input; /** * A collection of settings that configure the RStudioServerPro Domain-level app. see `rStudioServerProDomainSettings` Block below. */ rStudioServerProDomainSettings?: pulumi.Input; /** * The security groups for the Amazon Virtual Private Cloud that the Domain uses for communication between Domain-level apps and user apps. */ securityGroupIds?: pulumi.Input[]>; } export interface DomainDomainSettingsRStudioServerProDomainSettings { /** * The default instance type and the Amazon Resource Name (ARN) of the SageMaker image created on the instance. see `defaultResourceSpec` Block above. */ defaultResourceSpec?: pulumi.Input; /** * The ARN of the execution role for the RStudioServerPro Domain-level app. */ domainExecutionRoleArn: pulumi.Input; /** * A URL pointing to an RStudio Connect server. */ rStudioConnectUrl?: pulumi.Input; /** * A URL pointing to an RStudio Package Manager server. */ rStudioPackageManagerUrl?: pulumi.Input; } export interface DomainDomainSettingsRStudioServerProDomainSettingsDefaultResourceSpec { /** * The instance type that the image version runs on.. For valid values see [SageMaker Instance Types](https://docs.aws.amazon.com/sagemaker/latest/dg/notebooks-available-instance-types.html). */ instanceType?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Lifecycle Configuration attached to the Resource. */ lifecycleConfigArn?: pulumi.Input; /** * The ARN of the SageMaker image that the image version belongs to. */ sagemakerImageArn?: pulumi.Input; /** * The SageMaker Image Version Alias. */ sagemakerImageVersionAlias?: pulumi.Input; /** * The ARN of the image version created on the instance. */ sagemakerImageVersionArn?: pulumi.Input; } export interface DomainRetentionPolicy { /** * The retention policy for data stored on an Amazon Elastic File System (EFS) volume. Valid values are `Retain` or `Delete`. Default value is `Retain`. */ homeEfsFileSystem?: pulumi.Input; } export interface EndpointConfigurationAsyncInferenceConfig { /** * Configures the behavior of the client used by Amazon SageMaker to interact with the model container during asynchronous inference. */ clientConfig?: pulumi.Input; /** * Specifies the configuration for asynchronous inference invocation outputs. */ outputConfig: pulumi.Input; } export interface EndpointConfigurationAsyncInferenceConfigClientConfig { /** * The maximum number of concurrent requests sent by the SageMaker client to the model container. If no value is provided, Amazon SageMaker will choose an optimal value for you. */ maxConcurrentInvocationsPerInstance?: pulumi.Input; } export interface EndpointConfigurationAsyncInferenceConfigOutputConfig { /** * The Amazon Web Services Key Management Service (Amazon Web Services KMS) key that Amazon SageMaker uses to encrypt the asynchronous inference output in Amazon S3. */ kmsKeyId?: pulumi.Input; /** * Specifies the configuration for notifications of inference results for asynchronous inference. */ notificationConfig?: pulumi.Input; /** * The Amazon S3 location to upload failure inference responses to. */ s3FailurePath?: pulumi.Input; /** * The Amazon S3 location to upload inference responses to. */ s3OutputPath: pulumi.Input; } export interface EndpointConfigurationAsyncInferenceConfigOutputConfigNotificationConfig { /** * Amazon SNS topic to post a notification to when inference fails. If no topic is provided, no notification is sent on failure. */ errorTopic?: pulumi.Input; /** * The Amazon SNS topics where you want the inference response to be included. Valid values are `SUCCESS_NOTIFICATION_TOPIC` and `ERROR_NOTIFICATION_TOPIC`. */ includeInferenceResponseIns?: pulumi.Input[]>; /** * Amazon SNS topic to post a notification to when inference completes successfully. If no topic is provided, no notification is sent on success. */ successTopic?: pulumi.Input; } export interface EndpointConfigurationDataCaptureConfig { /** * The content type headers to capture. Fields are documented below. */ captureContentTypeHeader?: pulumi.Input; /** * Specifies what data to capture. Fields are documented below. */ captureOptions: pulumi.Input[]>; /** * The URL for S3 location where the captured data is stored. */ destinationS3Uri: pulumi.Input; /** * Flag to enable data capture. Defaults to `false`. */ enableCapture?: pulumi.Input; /** * Portion of data to capture. Should be between 0 and 100. */ initialSamplingPercentage: pulumi.Input; /** * Amazon Resource Name (ARN) of a AWS Key Management Service key that Amazon SageMaker uses to encrypt the captured data on Amazon S3. */ kmsKeyId?: pulumi.Input; } export interface EndpointConfigurationDataCaptureConfigCaptureContentTypeHeader { /** * The CSV content type headers to capture. */ csvContentTypes?: pulumi.Input[]>; /** * The JSON content type headers to capture. */ jsonContentTypes?: pulumi.Input[]>; } export interface EndpointConfigurationDataCaptureConfigCaptureOption { /** * Specifies the data to be captured. Should be one of `Input` or `Output`. */ captureMode: pulumi.Input; } export interface EndpointConfigurationProductionVariant { /** * The size of the Elastic Inference (EI) instance to use for the production variant. */ acceleratorType?: pulumi.Input; /** * The timeout value, in seconds, for your inference container to pass health check by SageMaker Hosting. For more information about health check, see [How Your Container Should Respond to Health Check (Ping) Requests](https://docs.aws.amazon.com/sagemaker/latest/dg/your-algorithms-inference-code.html#your-algorithms-inference-algo-ping-requests). Valid values between `60` and `3600`. */ containerStartupHealthCheckTimeoutInSeconds?: pulumi.Input; /** * Specifies configuration for a core dump from the model container when the process crashes. Fields are documented below. */ coreDumpConfig?: pulumi.Input; /** * You can use this parameter to turn on native Amazon Web Services Systems Manager (SSM) access for a production variant behind an endpoint. By default, SSM access is disabled for all production variants behind an endpoints. */ enableSsmAccess?: pulumi.Input; /** * Initial number of instances used for auto-scaling. */ initialInstanceCount?: pulumi.Input; /** * Determines initial traffic distribution among all of the models that you specify in the endpoint configuration. If unspecified, it defaults to `1.0`. */ initialVariantWeight?: pulumi.Input; /** * The type of instance to start. */ instanceType?: pulumi.Input; /** * The timeout value, in seconds, to download and extract the model that you want to host from Amazon S3 to the individual inference instance associated with this production variant. Valid values between `60` and `3600`. */ modelDataDownloadTimeoutInSeconds?: pulumi.Input; /** * The name of the model to use. */ modelName: pulumi.Input; /** * Sets how the endpoint routes incoming traffic. See routingConfig below. */ routingConfigs?: pulumi.Input[]>; /** * Specifies configuration for how an endpoint performs asynchronous inference. */ serverlessConfig?: pulumi.Input; /** * The name of the variant. If omitted, this provider will assign a random, unique name. */ variantName?: pulumi.Input; /** * The size, in GB, of the ML storage volume attached to individual inference instance associated with the production variant. Valid values between `1` and `512`. */ volumeSizeInGb?: pulumi.Input; } export interface EndpointConfigurationProductionVariantCoreDumpConfig { /** * The Amazon S3 bucket to send the core dump to. */ destinationS3Uri: pulumi.Input; /** * The Amazon Web Services Key Management Service (Amazon Web Services KMS) key that SageMaker uses to encrypt the core dump data at rest using Amazon S3 server-side encryption. */ kmsKeyId?: pulumi.Input; } export interface EndpointConfigurationProductionVariantRoutingConfig { /** * Sets how the endpoint routes incoming traffic. Valid values are `LEAST_OUTSTANDING_REQUESTS` and `RANDOM`. `LEAST_OUTSTANDING_REQUESTS` routes requests to the specific instances that have more capacity to process them. `RANDOM` routes each request to a randomly chosen instance. */ routingStrategy: pulumi.Input; } export interface EndpointConfigurationProductionVariantServerlessConfig { /** * The maximum number of concurrent invocations your serverless endpoint can process. Valid values are between `1` and `200`. */ maxConcurrency: pulumi.Input; /** * The memory size of your serverless endpoint. Valid values are in 1 GB increments: `1024` MB, `2048` MB, `3072` MB, `4096` MB, `5120` MB, or `6144` MB. */ memorySizeInMb: pulumi.Input; /** * The amount of provisioned concurrency to allocate for the serverless endpoint. Should be less than or equal to `maxConcurrency`. Valid values are between `1` and `200`. */ provisionedConcurrency?: pulumi.Input; } export interface EndpointConfigurationShadowProductionVariant { acceleratorType?: pulumi.Input; containerStartupHealthCheckTimeoutInSeconds?: pulumi.Input; coreDumpConfig?: pulumi.Input; enableSsmAccess?: pulumi.Input; initialInstanceCount?: pulumi.Input; initialVariantWeight?: pulumi.Input; instanceType?: pulumi.Input; modelDataDownloadTimeoutInSeconds?: pulumi.Input; modelName: pulumi.Input; routingConfigs?: pulumi.Input[]>; serverlessConfig?: pulumi.Input; variantName?: pulumi.Input; volumeSizeInGb?: pulumi.Input; } export interface EndpointConfigurationShadowProductionVariantCoreDumpConfig { /** * The Amazon S3 bucket to send the core dump to. */ destinationS3Uri: pulumi.Input; /** * The Amazon Web Services Key Management Service (Amazon Web Services KMS) key that SageMaker uses to encrypt the core dump data at rest using Amazon S3 server-side encryption. */ kmsKeyId: pulumi.Input; } export interface EndpointConfigurationShadowProductionVariantRoutingConfig { /** * Sets how the endpoint routes incoming traffic. Valid values are `LEAST_OUTSTANDING_REQUESTS` and `RANDOM`. `LEAST_OUTSTANDING_REQUESTS` routes requests to the specific instances that have more capacity to process them. `RANDOM` routes each request to a randomly chosen instance. */ routingStrategy: pulumi.Input; } export interface EndpointConfigurationShadowProductionVariantServerlessConfig { /** * The maximum number of concurrent invocations your serverless endpoint can process. Valid values are between `1` and `200`. */ maxConcurrency: pulumi.Input; /** * The memory size of your serverless endpoint. Valid values are in 1 GB increments: `1024` MB, `2048` MB, `3072` MB, `4096` MB, `5120` MB, or `6144` MB. */ memorySizeInMb: pulumi.Input; /** * The amount of provisioned concurrency to allocate for the serverless endpoint. Should be less than or equal to `maxConcurrency`. Valid values are between `1` and `200`. */ provisionedConcurrency?: pulumi.Input; } export interface EndpointDeploymentConfig { /** * Automatic rollback configuration for handling endpoint deployment failures and recovery. See Auto Rollback Configuration. */ autoRollbackConfiguration?: pulumi.Input; /** * Update policy for a blue/green deployment. If this update policy is specified, SageMaker creates a new fleet during the deployment while maintaining the old fleet. SageMaker flips traffic to the new fleet according to the specified traffic routing configuration. Only one update policy should be used in the deployment configuration. If no update policy is specified, SageMaker uses a blue/green deployment strategy with all at once traffic shifting by default. See Blue Green Update Config. */ blueGreenUpdatePolicy?: pulumi.Input; /** * Specifies a rolling deployment strategy for updating a SageMaker endpoint. See Rolling Update Policy. */ rollingUpdatePolicy?: pulumi.Input; } export interface EndpointDeploymentConfigAutoRollbackConfiguration { /** * List of CloudWatch alarms in your account that are configured to monitor metrics on an endpoint. If any alarms are tripped during a deployment, SageMaker rolls back the deployment. See Alarms. */ alarms?: pulumi.Input[]>; } export interface EndpointDeploymentConfigAutoRollbackConfigurationAlarm { /** * The name of a CloudWatch alarm in your account. */ alarmName: pulumi.Input; } export interface EndpointDeploymentConfigBlueGreenUpdatePolicy { maximumExecutionTimeoutInSeconds?: pulumi.Input; terminationWaitInSeconds?: pulumi.Input; trafficRoutingConfiguration: pulumi.Input; } export interface EndpointDeploymentConfigBlueGreenUpdatePolicyTrafficRoutingConfiguration { /** * Batch size for the first step to turn on traffic on the new endpoint fleet. Value must be less than or equal to 50% of the variant's total instance count. See Canary Size. */ canarySize?: pulumi.Input; /** * Batch size for each step to turn on traffic on the new endpoint fleet. Value must be 10-50% of the variant's total instance count. See Linear Step Size. */ linearStepSize?: pulumi.Input; /** * Traffic routing strategy type. Valid values are: `ALL_AT_ONCE`, `CANARY`, and `LINEAR`. */ type: pulumi.Input; /** * The waiting time (in seconds) between incremental steps to turn on traffic on the new endpoint fleet. Valid values are between `0` and `3600`. */ waitIntervalInSeconds: pulumi.Input; } export interface EndpointDeploymentConfigBlueGreenUpdatePolicyTrafficRoutingConfigurationCanarySize { /** * Specifies the endpoint capacity type. Valid values are: `INSTANCE_COUNT`, or `CAPACITY_PERCENT`. */ type: pulumi.Input; /** * Defines the capacity size, either as a number of instances or a capacity percentage. */ value: pulumi.Input; } export interface EndpointDeploymentConfigBlueGreenUpdatePolicyTrafficRoutingConfigurationLinearStepSize { /** * Specifies the endpoint capacity type. Valid values are: `INSTANCE_COUNT`, or `CAPACITY_PERCENT`. */ type: pulumi.Input; /** * Defines the capacity size, either as a number of instances or a capacity percentage. */ value: pulumi.Input; } export interface EndpointDeploymentConfigRollingUpdatePolicy { /** * Batch size for each rolling step to provision capacity and turn on traffic on the new endpoint fleet, and terminate capacity on the old endpoint fleet. Value must be between 5% to 50% of the variant's total instance count. See Maximum Batch Size. */ maximumBatchSize: pulumi.Input; /** * The time limit for the total deployment. Exceeding this limit causes a timeout. Valid values are between `600` and `14400`. */ maximumExecutionTimeoutInSeconds?: pulumi.Input; /** * Batch size for rollback to the old endpoint fleet. Each rolling step to provision capacity and turn on traffic on the old endpoint fleet, and terminate capacity on the new endpoint fleet. If this field is absent, the default value will be set to 100% of total capacity which means to bring up the whole capacity of the old fleet at once during rollback. See Rollback Maximum Batch Size. */ rollbackMaximumBatchSize?: pulumi.Input; /** * The length of the baking period, during which SageMaker monitors alarms for each batch on the new fleet. Valid values are between `0` and `3600`. */ waitIntervalInSeconds: pulumi.Input; } export interface EndpointDeploymentConfigRollingUpdatePolicyMaximumBatchSize { /** * Specifies the endpoint capacity type. Valid values are: `INSTANCE_COUNT`, or `CAPACITY_PERCENT`. */ type: pulumi.Input; /** * Defines the capacity size, either as a number of instances or a capacity percentage. */ value: pulumi.Input; } export interface EndpointDeploymentConfigRollingUpdatePolicyRollbackMaximumBatchSize { /** * Specifies the endpoint capacity type. Valid values are: `INSTANCE_COUNT`, or `CAPACITY_PERCENT`. */ type: pulumi.Input; /** * Defines the capacity size, either as a number of instances or a capacity percentage. */ value: pulumi.Input; } export interface FeatureGroupFeatureDefinition { /** * The name of a feature. `featureName` cannot be any of the following: `isDeleted`, `writeTime`, `apiInvocationTime`. */ featureName?: pulumi.Input; /** * The value type of a feature. Valid values are `Integral`, `Fractional`, or `String`. */ featureType?: pulumi.Input; } export interface FeatureGroupOfflineStoreConfig { /** * The meta data of the Glue table that is autogenerated when an OfflineStore is created. See Data Catalog Config Below. */ dataCatalogConfig?: pulumi.Input; disableGlueTableCreation?: pulumi.Input; /** * The Amazon Simple Storage (Amazon S3) location of OfflineStore. See S3 Storage Config Below. */ s3StorageConfig: pulumi.Input; /** * Format for the offline store table. Supported formats are `Glue` (Default) and Apache `Iceberg` (https://iceberg.apache.org/). */ tableFormat?: pulumi.Input; } export interface FeatureGroupOfflineStoreConfigDataCatalogConfig { /** * The name of the Glue table catalog. */ catalog?: pulumi.Input; /** * The name of the Glue table database. */ database?: pulumi.Input; /** * The name of the Glue table. */ tableName?: pulumi.Input; } export interface FeatureGroupOfflineStoreConfigS3StorageConfig { /** * The AWS Key Management Service (KMS) key ID of the key used to encrypt any objects written into the OfflineStore S3 location. */ kmsKeyId?: pulumi.Input; /** * The S3 path where offline records are written. */ resolvedOutputS3Uri?: pulumi.Input; /** * The S3 URI, or location in Amazon S3, of OfflineStore. */ s3Uri: pulumi.Input; } export interface FeatureGroupOnlineStoreConfig { enableOnlineStore?: pulumi.Input; /** * Security config for at-rest encryption of your OnlineStore. See Security Config Below. */ securityConfig?: pulumi.Input; /** * Option for different tiers of low latency storage for real-time data retrieval. Valid values are `Standard`, or `InMemory`. */ storageType?: pulumi.Input; /** * Time to live duration, where the record is hard deleted after the expiration time is reached; ExpiresAt = EventTime + TtlDuration.. See TTl Duration Below. */ ttlDuration?: pulumi.Input; } export interface FeatureGroupOnlineStoreConfigSecurityConfig { /** * The ID of the AWS Key Management Service (AWS KMS) key that SageMaker Feature Store uses to encrypt the Amazon S3 objects at rest using Amazon S3 server-side encryption. */ kmsKeyId?: pulumi.Input; } export interface FeatureGroupOnlineStoreConfigTtlDuration { /** * TtlDuration time unit. Valid values are `Seconds`, `Minutes`, `Hours`, `Days`, or `Weeks`. */ unit?: pulumi.Input; /** * TtlDuration time value. */ value?: pulumi.Input; } export interface FlowDefinitionHumanLoopActivationConfig { /** * defines under what conditions SageMaker creates a human loop. See Human Loop Activation Conditions Config details below. */ humanLoopActivationConditionsConfig?: pulumi.Input; } export interface FlowDefinitionHumanLoopActivationConfigHumanLoopActivationConditionsConfig { /** * A JSON expressing use-case specific conditions declaratively. If any condition is matched, atomic tasks are created against the configured work team. For more information about how to structure the JSON, see [JSON Schema for Human Loop Activation Conditions in Amazon Augmented AI](https://docs.aws.amazon.com/sagemaker/latest/dg/a2i-human-fallback-conditions-json-schema.html). */ humanLoopActivationConditions: pulumi.Input; } export interface FlowDefinitionHumanLoopConfig { /** * The Amazon Resource Name (ARN) of the human task user interface. */ humanTaskUiArn: pulumi.Input; /** * Defines the amount of money paid to an Amazon Mechanical Turk worker for each task performed. See Public Workforce Task Price details below. */ publicWorkforceTaskPrice?: pulumi.Input; /** * The length of time that a task remains available for review by human workers. Valid value range between `1` and `864000`. */ taskAvailabilityLifetimeInSeconds?: pulumi.Input; /** * The number of distinct workers who will perform the same task on each object. Valid value range between `1` and `3`. */ taskCount: pulumi.Input; /** * A description for the human worker task. */ taskDescription: pulumi.Input; /** * An array of keywords used to describe the task so that workers can discover the task. */ taskKeywords?: pulumi.Input[]>; /** * The amount of time that a worker has to complete a task. The default value is `3600` seconds. */ taskTimeLimitInSeconds?: pulumi.Input; /** * A title for the human worker task. */ taskTitle: pulumi.Input; /** * The Amazon Resource Name (ARN) of the human task user interface. Amazon Resource Name (ARN) of a team of workers. For Public workforces see [AWS Docs](https://docs.aws.amazon.com/sagemaker/latest/dg/sms-workforce-management-public.html). */ workteamArn: pulumi.Input; } export interface FlowDefinitionHumanLoopConfigPublicWorkforceTaskPrice { /** * Defines the amount of money paid to an Amazon Mechanical Turk worker in United States dollars. See Amount In Usd details below. */ amountInUsd?: pulumi.Input; } export interface FlowDefinitionHumanLoopConfigPublicWorkforceTaskPriceAmountInUsd { /** * The fractional portion, in cents, of the amount. Valid value range between `0` and `99`. */ cents?: pulumi.Input; /** * The whole number of dollars in the amount. Valid value range between `0` and `2`. */ dollars?: pulumi.Input; /** * Fractions of a cent, in tenths. Valid value range between `0` and `9`. */ tenthFractionsOfACent?: pulumi.Input; } export interface FlowDefinitionHumanLoopRequestSource { /** * Specifies whether Amazon Rekognition or Amazon Textract are used as the integration source. Valid values are: `AWS/Rekognition/DetectModerationLabels/Image/V3` and `AWS/Textract/AnalyzeDocument/Forms/V1`. */ awsManagedHumanLoopRequestSource: pulumi.Input; } export interface FlowDefinitionOutputConfig { /** * The Amazon Key Management Service (KMS) key ARN for server-side encryption. */ kmsKeyId?: pulumi.Input; /** * The Amazon S3 path where the object containing human output will be made available. */ s3OutputPath: pulumi.Input; } export interface HumanTaskUIUiTemplate { /** * The content of the Liquid template for the worker user interface. */ content?: pulumi.Input; /** * The SHA-256 digest of the contents of the template. */ contentSha256?: pulumi.Input; /** * The URL for the user interface template. */ url?: pulumi.Input; } export interface ModelContainer { /** * The DNS host name for the container. */ containerHostname?: pulumi.Input; /** * Environment variables for the Docker container. * A list of key value pairs. */ environment?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * The registry path where the inference code image is stored in Amazon ECR. */ image?: pulumi.Input; /** * Specifies whether the model container is in Amazon ECR or a private Docker registry accessible from your Amazon Virtual Private Cloud (VPC). For more information see [Using a Private Docker Registry for Real-Time Inference Containers](https://docs.aws.amazon.com/sagemaker/latest/dg/your-algorithms-containers-inference-private.html). see Image Config. */ imageConfig?: pulumi.Input; /** * The container hosts value `SingleModel/MultiModel`. The default value is `SingleModel`. */ mode?: pulumi.Input; /** * The location of model data to deploy. Use this for uncompressed model deployment. For information about how to deploy an uncompressed model, see [Deploying uncompressed models](https://docs.aws.amazon.com/sagemaker/latest/dg/large-model-inference-uncompressed.html) in the _AWS SageMaker Developer Guide_. */ modelDataSource?: pulumi.Input; /** * The URL for the S3 location where model artifacts are stored. */ modelDataUrl?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the model package to use to create the model. */ modelPackageName?: pulumi.Input; } export interface ModelContainerImageConfig { /** * Specifies whether the model container is in Amazon ECR or a private Docker registry accessible from your Amazon Virtual Private Cloud (VPC). Allowed values are: `Platform` and `Vpc`. */ repositoryAccessMode: pulumi.Input; /** * Specifies an authentication configuration for the private docker registry where your model image is hosted. Specify a value for this property only if you specified Vpc as the value for the RepositoryAccessMode field, and the private Docker registry where the model image is hosted requires authentication. see Repository Auth Config. */ repositoryAuthConfig?: pulumi.Input; } export interface ModelContainerImageConfigRepositoryAuthConfig { /** * The Amazon Resource Name (ARN) of an AWS Lambda function that provides credentials to authenticate to the private Docker registry where your model image is hosted. For information about how to create an AWS Lambda function, see [Create a Lambda function with the console](https://docs.aws.amazon.com/lambda/latest/dg/getting-started-create-function.html) in the _AWS Lambda Developer Guide_. */ repositoryCredentialsProviderArn: pulumi.Input; } export interface ModelContainerModelDataSource { /** * The S3 location of model data to deploy. */ s3DataSources: pulumi.Input[]>; } export interface ModelContainerModelDataSourceS3DataSource { /** * How the model data is prepared. Allowed values are: `None` and `Gzip`. */ compressionType: pulumi.Input; /** * The type of model data to deploy. Allowed values are: `S3Object` and `S3Prefix`. */ s3DataType: pulumi.Input; /** * The S3 path of model data to deploy. */ s3Uri: pulumi.Input; } export interface ModelInferenceExecutionConfig { mode: pulumi.Input; } export interface ModelPrimaryContainer { containerHostname?: pulumi.Input; environment?: pulumi.Input<{[key: string]: pulumi.Input}>; image?: pulumi.Input; imageConfig?: pulumi.Input; mode?: pulumi.Input; modelDataSource?: pulumi.Input; modelDataUrl?: pulumi.Input; modelPackageName?: pulumi.Input; } export interface ModelPrimaryContainerImageConfig { /** * Specifies whether the model container is in Amazon ECR or a private Docker registry accessible from your Amazon Virtual Private Cloud (VPC). Allowed values are: `Platform` and `Vpc`. */ repositoryAccessMode: pulumi.Input; /** * Specifies an authentication configuration for the private docker registry where your model image is hosted. Specify a value for this property only if you specified Vpc as the value for the RepositoryAccessMode field, and the private Docker registry where the model image is hosted requires authentication. see Repository Auth Config. */ repositoryAuthConfig?: pulumi.Input; } export interface ModelPrimaryContainerImageConfigRepositoryAuthConfig { /** * The Amazon Resource Name (ARN) of an AWS Lambda function that provides credentials to authenticate to the private Docker registry where your model image is hosted. For information about how to create an AWS Lambda function, see [Create a Lambda function with the console](https://docs.aws.amazon.com/lambda/latest/dg/getting-started-create-function.html) in the _AWS Lambda Developer Guide_. */ repositoryCredentialsProviderArn: pulumi.Input; } export interface ModelPrimaryContainerModelDataSource { /** * The S3 location of model data to deploy. */ s3DataSources: pulumi.Input[]>; } export interface ModelPrimaryContainerModelDataSourceS3DataSource { /** * How the model data is prepared. Allowed values are: `None` and `Gzip`. */ compressionType: pulumi.Input; /** * The type of model data to deploy. Allowed values are: `S3Object` and `S3Prefix`. */ s3DataType: pulumi.Input; /** * The S3 path of model data to deploy. */ s3Uri: pulumi.Input; } export interface ModelVpcConfig { securityGroupIds: pulumi.Input[]>; subnets: pulumi.Input[]>; } export interface MonitoringScheduleMonitoringScheduleConfig { /** * The name of the monitoring job definition to schedule. */ monitoringJobDefinitionName: pulumi.Input; /** * The type of the monitoring job definition to schedule. Valid values are `DataQuality`, `ModelQuality`, `ModelBias` or `ModelExplainability` */ monitoringType: pulumi.Input; /** * Configures the monitoring schedule. Fields are documented below. */ scheduleConfig?: pulumi.Input; } export interface MonitoringScheduleMonitoringScheduleConfigScheduleConfig { /** * A cron expression that describes details about the monitoring schedule. For example, and hourly schedule would be `cron(0 * ? * * *)`. */ scheduleExpression: pulumi.Input; } export interface NotebookInstanceInstanceMetadataServiceConfiguration { /** * Indicates the minimum IMDS version that the notebook instance supports. When passed "1" is passed. This means that both IMDSv1 and IMDSv2 are supported. Valid values are `1` and `2`. */ minimumInstanceMetadataServiceVersion?: pulumi.Input; } export interface PipelineParallelismConfiguration { /** * The max number of steps that can be executed in parallel. */ maxParallelExecutionSteps: pulumi.Input; } export interface PipelinePipelineDefinitionS3Location { /** * Name of the S3 bucket. */ bucket: pulumi.Input; /** * The object key (or key name) uniquely identifies the object in an S3 bucket. */ objectKey: pulumi.Input; /** * Version Id of the pipeline definition file. If not specified, Amazon SageMaker will retrieve the latest version. */ versionId?: pulumi.Input; } export interface ProjectServiceCatalogProvisioningDetails { /** * The path identifier of the product. This value is optional if the product has a default path, and required if the product has more than one path. */ pathId?: pulumi.Input; /** * The ID of the product to provision. */ productId: pulumi.Input; /** * The ID of the provisioning artifact. */ provisioningArtifactId?: pulumi.Input; /** * A list of key value pairs that you specify when you provision a product. See Provisioning Parameter below. */ provisioningParameters?: pulumi.Input[]>; } export interface ProjectServiceCatalogProvisioningDetailsProvisioningParameter { /** * The key that identifies a provisioning parameter. */ key: pulumi.Input; /** * The value of the provisioning parameter. */ value?: pulumi.Input; } export interface SpaceOwnershipSettings { /** * The user profile who is the owner of the private space. */ ownerUserProfileName: pulumi.Input; } export interface SpaceSpaceSettings { /** * The type of app created within the space. */ appType?: pulumi.Input; /** * The Code Editor application settings. See Code Editor App Settings below. */ codeEditorAppSettings?: pulumi.Input; /** * A file system, created by you, that you assign to a space for an Amazon SageMaker Domain. See Custom File System below. */ customFileSystems?: pulumi.Input[]>; /** * The settings for the JupyterLab application. See Jupyter Lab App Settings below. */ jupyterLabAppSettings?: pulumi.Input; /** * The Jupyter server's app settings. See Jupyter Server App Settings below. */ jupyterServerAppSettings?: pulumi.Input; /** * The kernel gateway app settings. See Kernel Gateway App Settings below. */ kernelGatewayAppSettings?: pulumi.Input; spaceStorageSettings?: pulumi.Input; } export interface SpaceSpaceSettingsCodeEditorAppSettings { /** * The default instance type and the Amazon Resource Name (ARN) of the SageMaker image created on the instance. see Default Resource Spec below. */ defaultResourceSpec: pulumi.Input; } export interface SpaceSpaceSettingsCodeEditorAppSettingsDefaultResourceSpec { /** * The instance type. */ instanceType?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Lifecycle Configuration attached to the Resource. */ lifecycleConfigArn?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the SageMaker image created on the instance. */ sagemakerImageArn?: pulumi.Input; /** * The SageMaker Image Version Alias. */ sagemakerImageVersionAlias?: pulumi.Input; /** * The ARN of the image version created on the instance. */ sagemakerImageVersionArn?: pulumi.Input; } export interface SpaceSpaceSettingsCustomFileSystem { /** * A custom file system in Amazon EFS. see EFS File System below. */ efsFileSystem: pulumi.Input; } export interface SpaceSpaceSettingsCustomFileSystemEfsFileSystem { /** * The ID of your Amazon EFS file system. */ fileSystemId: pulumi.Input; } export interface SpaceSpaceSettingsJupyterLabAppSettings { /** * A list of Git repositories that SageMaker automatically displays to users for cloning in the JupyterServer application. see Code Repository below. */ codeRepositories?: pulumi.Input[]>; /** * The default instance type and the Amazon Resource Name (ARN) of the SageMaker image created on the instance. see Default Resource Spec below. */ defaultResourceSpec: pulumi.Input; } export interface SpaceSpaceSettingsJupyterLabAppSettingsCodeRepository { /** * The URL of the Git repository. */ repositoryUrl: pulumi.Input; } export interface SpaceSpaceSettingsJupyterLabAppSettingsDefaultResourceSpec { /** * The instance type. */ instanceType?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Lifecycle Configuration attached to the Resource. */ lifecycleConfigArn?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the SageMaker image created on the instance. */ sagemakerImageArn?: pulumi.Input; /** * The SageMaker Image Version Alias. */ sagemakerImageVersionAlias?: pulumi.Input; /** * The ARN of the image version created on the instance. */ sagemakerImageVersionArn?: pulumi.Input; } export interface SpaceSpaceSettingsJupyterServerAppSettings { /** * A list of Git repositories that SageMaker automatically displays to users for cloning in the JupyterServer application. see Code Repository below. */ codeRepositories?: pulumi.Input[]>; /** * The default instance type and the Amazon Resource Name (ARN) of the SageMaker image created on the instance. see Default Resource Spec below. */ defaultResourceSpec: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Lifecycle Configurations. */ lifecycleConfigArns?: pulumi.Input[]>; } export interface SpaceSpaceSettingsJupyterServerAppSettingsCodeRepository { /** * The URL of the Git repository. */ repositoryUrl: pulumi.Input; } export interface SpaceSpaceSettingsJupyterServerAppSettingsDefaultResourceSpec { /** * The instance type. */ instanceType?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Lifecycle Configuration attached to the Resource. */ lifecycleConfigArn?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the SageMaker image created on the instance. */ sagemakerImageArn?: pulumi.Input; /** * The SageMaker Image Version Alias. */ sagemakerImageVersionAlias?: pulumi.Input; /** * The ARN of the image version created on the instance. */ sagemakerImageVersionArn?: pulumi.Input; } export interface SpaceSpaceSettingsKernelGatewayAppSettings { /** * A list of custom SageMaker images that are configured to run as a KernelGateway app. see Custom Image below. */ customImages?: pulumi.Input[]>; /** * The default instance type and the Amazon Resource Name (ARN) of the SageMaker image created on the instance. see Default Resource Spec below. */ defaultResourceSpec: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Lifecycle Configurations. */ lifecycleConfigArns?: pulumi.Input[]>; } export interface SpaceSpaceSettingsKernelGatewayAppSettingsCustomImage { /** * The name of the App Image Config. */ appImageConfigName: pulumi.Input; /** * The name of the Custom Image. */ imageName: pulumi.Input; /** * The version number of the Custom Image. */ imageVersionNumber?: pulumi.Input; } export interface SpaceSpaceSettingsKernelGatewayAppSettingsDefaultResourceSpec { /** * The instance type. */ instanceType?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Lifecycle Configuration attached to the Resource. */ lifecycleConfigArn?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the SageMaker image created on the instance. */ sagemakerImageArn?: pulumi.Input; /** * The SageMaker Image Version Alias. */ sagemakerImageVersionAlias?: pulumi.Input; /** * The ARN of the image version created on the instance. */ sagemakerImageVersionArn?: pulumi.Input; } export interface SpaceSpaceSettingsSpaceStorageSettings { ebsStorageSettings: pulumi.Input; } export interface SpaceSpaceSettingsSpaceStorageSettingsEbsStorageSettings { ebsVolumeSizeInGb: pulumi.Input; } export interface SpaceSpaceSharingSettings { /** * Specifies the sharing type of the space. Valid values are `Private` and `Shared`. */ sharingType: pulumi.Input; } export interface UserProfileUserSettings { /** * The Canvas app settings. See Canvas App Settings below. */ canvasAppSettings?: pulumi.Input; /** * The Code Editor application settings. See Code Editor App Settings below. */ codeEditorAppSettings?: pulumi.Input; /** * The settings for assigning a custom file system to a user profile. Permitted users can access this file system in Amazon SageMaker Studio. See Custom File System Config below. */ customFileSystemConfigs?: pulumi.Input[]>; /** * Details about the POSIX identity that is used for file system operations. See Custom Posix User Config below. */ customPosixUserConfig?: pulumi.Input; /** * The default experience that the user is directed to when accessing the domain. The supported values are: `studio::`: Indicates that Studio is the default experience. This value can only be passed if StudioWebPortal is set to ENABLED. `app:JupyterServer:`: Indicates that Studio Classic is the default experience. */ defaultLandingUri?: pulumi.Input; /** * The execution role ARN for the user. */ executionRole: pulumi.Input; /** * The settings for the JupyterLab application. See Jupyter Lab App Settings below. */ jupyterLabAppSettings?: pulumi.Input; /** * The Jupyter server's app settings. See Jupyter Server App Settings below. */ jupyterServerAppSettings?: pulumi.Input; /** * The kernel gateway app settings. See Kernel Gateway App Settings below. */ kernelGatewayAppSettings?: pulumi.Input; /** * The RSession app settings. See RSession App Settings below. */ rSessionAppSettings?: pulumi.Input; /** * A collection of settings that configure user interaction with the RStudioServerPro app. See RStudioServerProAppSettings below. */ rStudioServerProAppSettings?: pulumi.Input; /** * A list of security group IDs that will be attached to the user. */ securityGroups?: pulumi.Input[]>; /** * The sharing settings. See Sharing Settings below. */ sharingSettings?: pulumi.Input; /** * The storage settings for a private space. See Space Storage Settings below. */ spaceStorageSettings?: pulumi.Input; /** * Whether the user can access Studio. If this value is set to `DISABLED`, the user cannot access Studio, even if that is the default experience for the domain. Valid values are `ENABLED` and `DISABLED`. */ studioWebPortal?: pulumi.Input; /** * The TensorBoard app settings. See TensorBoard App Settings below. */ tensorBoardAppSettings?: pulumi.Input; } export interface UserProfileUserSettingsCanvasAppSettings { /** * The model deployment settings for the SageMaker Canvas application. See Direct Deploy Settings below. */ directDeploySettings?: pulumi.Input; /** * The settings for connecting to an external data source with OAuth. See Identity Provider OAuth Settings below. */ identityProviderOauthSettings?: pulumi.Input[]>; /** * The settings for document querying. See Kendra Settings below. */ kendraSettings?: pulumi.Input; /** * The model registry settings for the SageMaker Canvas application. See Model Register Settings below. */ modelRegisterSettings?: pulumi.Input; /** * Time series forecast settings for the Canvas app. See Time Series Forecasting Settings below. */ timeSeriesForecastingSettings?: pulumi.Input; /** * The workspace settings for the SageMaker Canvas application. See Workspace Settings below. */ workspaceSettings?: pulumi.Input; } export interface UserProfileUserSettingsCanvasAppSettingsDirectDeploySettings { /** * Describes whether model deployment permissions are enabled or disabled in the Canvas application. Valid values are `ENABLED` and `DISABLED`. */ status?: pulumi.Input; } export interface UserProfileUserSettingsCanvasAppSettingsIdentityProviderOauthSetting { /** * The name of the data source that you're connecting to. Canvas currently supports OAuth for Snowflake and Salesforce Data Cloud. Valid values are `SalesforceGenie` and `Snowflake`. */ dataSourceName?: pulumi.Input; /** * The ARN of an Amazon Web Services Secrets Manager secret that stores the credentials from your identity provider, such as the client ID and secret, authorization URL, and token URL. */ secretArn: pulumi.Input; /** * Describes whether OAuth for a data source is enabled or disabled in the Canvas application. Valid values are `ENABLED` and `DISABLED`. */ status?: pulumi.Input; } export interface UserProfileUserSettingsCanvasAppSettingsKendraSettings { /** * Describes whether the document querying feature is enabled or disabled in the Canvas application. Valid values are `ENABLED` and `DISABLED`. */ status?: pulumi.Input; } export interface UserProfileUserSettingsCanvasAppSettingsModelRegisterSettings { /** * The Amazon Resource Name (ARN) of the SageMaker model registry account. Required only to register model versions created by a different SageMaker Canvas AWS account than the AWS account in which SageMaker model registry is set up. */ crossAccountModelRegisterRoleArn?: pulumi.Input; /** * Describes whether the integration to the model registry is enabled or disabled in the Canvas application. Valid values are `ENABLED` and `DISABLED`. */ status?: pulumi.Input; } export interface UserProfileUserSettingsCanvasAppSettingsTimeSeriesForecastingSettings { /** * The IAM role that Canvas passes to Amazon Forecast for time series forecasting. By default, Canvas uses the execution role specified in the UserProfile that launches the Canvas app. If an execution role is not specified in the UserProfile, Canvas uses the execution role specified in the Domain that owns the UserProfile. To allow time series forecasting, this IAM role should have the [AmazonSageMakerCanvasForecastAccess](https://docs.aws.amazon.com/sagemaker/latest/dg/security-iam-awsmanpol-canvas.html#security-iam-awsmanpol-AmazonSageMakerCanvasForecastAccess) policy attached and forecast.amazonaws.com added in the trust relationship as a service principal. */ amazonForecastRoleArn?: pulumi.Input; /** * Describes whether time series forecasting is enabled or disabled in the Canvas app. Valid values are `ENABLED` and `DISABLED`. */ status?: pulumi.Input; } export interface UserProfileUserSettingsCanvasAppSettingsWorkspaceSettings { /** * The Amazon S3 bucket used to store artifacts generated by Canvas. Updating the Amazon S3 location impacts existing configuration settings, and Canvas users no longer have access to their artifacts. Canvas users must log out and log back in to apply the new location. */ s3ArtifactPath?: pulumi.Input; /** * The Amazon Web Services Key Management Service (KMS) encryption key ID that is used to encrypt artifacts generated by Canvas in the Amazon S3 bucket. */ s3KmsKeyId?: pulumi.Input; } export interface UserProfileUserSettingsCodeEditorAppSettings { /** * The default instance type and the Amazon Resource Name (ARN) of the SageMaker image created on the instance. see Default Resource Spec below. */ defaultResourceSpec?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Lifecycle Configurations. */ lifecycleConfigArns?: pulumi.Input[]>; } export interface UserProfileUserSettingsCodeEditorAppSettingsDefaultResourceSpec { /** * The instance type that the image version runs on.. For valid values see [SageMaker Instance Types](https://docs.aws.amazon.com/sagemaker/latest/dg/notebooks-available-instance-types.html). */ instanceType?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Lifecycle Configuration attached to the Resource. */ lifecycleConfigArn?: pulumi.Input; /** * The ARN of the SageMaker image that the image version belongs to. */ sagemakerImageArn?: pulumi.Input; /** * The SageMaker Image Version Alias. */ sagemakerImageVersionAlias?: pulumi.Input; /** * The ARN of the image version created on the instance. */ sagemakerImageVersionArn?: pulumi.Input; } export interface UserProfileUserSettingsCustomFileSystemConfig { /** * The default EBS storage settings for a private space. See EFS File System Config below. */ efsFileSystemConfigs?: pulumi.Input[]>; } export interface UserProfileUserSettingsCustomFileSystemConfigEfsFileSystemConfig { /** * The ID of your Amazon EFS file system. */ fileSystemId: pulumi.Input; /** * The path to the file system directory that is accessible in Amazon SageMaker Studio. Permitted users can access only this directory and below. */ fileSystemPath?: pulumi.Input; } export interface UserProfileUserSettingsCustomPosixUserConfig { /** * The POSIX group ID. */ gid: pulumi.Input; /** * The POSIX user ID. */ uid: pulumi.Input; } export interface UserProfileUserSettingsJupyterLabAppSettings { /** * A list of Git repositories that SageMaker automatically displays to users for cloning in the JupyterServer application. see Code Repository below. */ codeRepositories?: pulumi.Input[]>; customImages?: pulumi.Input[]>; /** * The default instance type and the Amazon Resource Name (ARN) of the SageMaker image created on the instance. see Default Resource Spec below. */ defaultResourceSpec?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Lifecycle Configurations. */ lifecycleConfigArns?: pulumi.Input[]>; } export interface UserProfileUserSettingsJupyterLabAppSettingsCodeRepository { /** * The URL of the Git repository. */ repositoryUrl: pulumi.Input; } export interface UserProfileUserSettingsJupyterLabAppSettingsCustomImage { /** * The name of the App Image Config. */ appImageConfigName: pulumi.Input; /** * The name of the Custom Image. */ imageName: pulumi.Input; /** * The version number of the Custom Image. */ imageVersionNumber?: pulumi.Input; } export interface UserProfileUserSettingsJupyterLabAppSettingsDefaultResourceSpec { /** * The instance type that the image version runs on.. For valid values see [SageMaker Instance Types](https://docs.aws.amazon.com/sagemaker/latest/dg/notebooks-available-instance-types.html). */ instanceType?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Lifecycle Configuration attached to the Resource. */ lifecycleConfigArn?: pulumi.Input; /** * The ARN of the SageMaker image that the image version belongs to. */ sagemakerImageArn?: pulumi.Input; /** * The SageMaker Image Version Alias. */ sagemakerImageVersionAlias?: pulumi.Input; /** * The ARN of the image version created on the instance. */ sagemakerImageVersionArn?: pulumi.Input; } export interface UserProfileUserSettingsJupyterServerAppSettings { /** * A list of Git repositories that SageMaker automatically displays to users for cloning in the JupyterServer application. see Code Repository below. */ codeRepositories?: pulumi.Input[]>; /** * The default instance type and the Amazon Resource Name (ARN) of the SageMaker image created on the instance. see Default Resource Spec below. */ defaultResourceSpec?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Lifecycle Configurations. */ lifecycleConfigArns?: pulumi.Input[]>; } export interface UserProfileUserSettingsJupyterServerAppSettingsCodeRepository { /** * The URL of the Git repository. */ repositoryUrl: pulumi.Input; } export interface UserProfileUserSettingsJupyterServerAppSettingsDefaultResourceSpec { /** * The instance type that the image version runs on.. For valid values see [SageMaker Instance Types](https://docs.aws.amazon.com/sagemaker/latest/dg/notebooks-available-instance-types.html). */ instanceType?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Lifecycle Configuration attached to the Resource. */ lifecycleConfigArn?: pulumi.Input; /** * The ARN of the SageMaker image that the image version belongs to. */ sagemakerImageArn?: pulumi.Input; /** * The SageMaker Image Version Alias. */ sagemakerImageVersionAlias?: pulumi.Input; /** * The ARN of the image version created on the instance. */ sagemakerImageVersionArn?: pulumi.Input; } export interface UserProfileUserSettingsKernelGatewayAppSettings { /** * A list of custom SageMaker images that are configured to run as a KernelGateway app. see Custom Image below. */ customImages?: pulumi.Input[]>; /** * The default instance type and the Amazon Resource Name (ARN) of the SageMaker image created on the instance. see Default Resource Spec below. */ defaultResourceSpec?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Lifecycle Configurations. */ lifecycleConfigArns?: pulumi.Input[]>; } export interface UserProfileUserSettingsKernelGatewayAppSettingsCustomImage { /** * The name of the App Image Config. */ appImageConfigName: pulumi.Input; /** * The name of the Custom Image. */ imageName: pulumi.Input; /** * The version number of the Custom Image. */ imageVersionNumber?: pulumi.Input; } export interface UserProfileUserSettingsKernelGatewayAppSettingsDefaultResourceSpec { /** * The instance type that the image version runs on.. For valid values see [SageMaker Instance Types](https://docs.aws.amazon.com/sagemaker/latest/dg/notebooks-available-instance-types.html). */ instanceType?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Lifecycle Configuration attached to the Resource. */ lifecycleConfigArn?: pulumi.Input; /** * The ARN of the SageMaker image that the image version belongs to. */ sagemakerImageArn?: pulumi.Input; /** * The SageMaker Image Version Alias. */ sagemakerImageVersionAlias?: pulumi.Input; /** * The ARN of the image version created on the instance. */ sagemakerImageVersionArn?: pulumi.Input; } export interface UserProfileUserSettingsRSessionAppSettings { /** * A list of custom SageMaker images that are configured to run as a KernelGateway app. see Custom Image below. */ customImages?: pulumi.Input[]>; /** * The default instance type and the Amazon Resource Name (ARN) of the SageMaker image created on the instance. see Default Resource Spec below. */ defaultResourceSpec?: pulumi.Input; } export interface UserProfileUserSettingsRSessionAppSettingsCustomImage { /** * The name of the App Image Config. */ appImageConfigName: pulumi.Input; /** * The name of the Custom Image. */ imageName: pulumi.Input; /** * The version number of the Custom Image. */ imageVersionNumber?: pulumi.Input; } export interface UserProfileUserSettingsRSessionAppSettingsDefaultResourceSpec { /** * The instance type that the image version runs on.. For valid values see [SageMaker Instance Types](https://docs.aws.amazon.com/sagemaker/latest/dg/notebooks-available-instance-types.html). */ instanceType?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Lifecycle Configuration attached to the Resource. */ lifecycleConfigArn?: pulumi.Input; /** * The ARN of the SageMaker image that the image version belongs to. */ sagemakerImageArn?: pulumi.Input; /** * The SageMaker Image Version Alias. */ sagemakerImageVersionAlias?: pulumi.Input; /** * The ARN of the image version created on the instance. */ sagemakerImageVersionArn?: pulumi.Input; } export interface UserProfileUserSettingsRStudioServerProAppSettings { /** * Indicates whether the current user has access to the RStudioServerPro app. Valid values are `ENABLED` and `DISABLED`. */ accessStatus?: pulumi.Input; /** * The level of permissions that the user has within the RStudioServerPro app. This value defaults to `R_STUDIO_USER`. The `R_STUDIO_ADMIN` value allows the user access to the RStudio Administrative Dashboard. Valid values are `R_STUDIO_USER` and `R_STUDIO_ADMIN`. */ userGroup?: pulumi.Input; } export interface UserProfileUserSettingsSharingSettings { /** * Whether to include the notebook cell output when sharing the notebook. The default is `Disabled`. Valid values are `Allowed` and `Disabled`. */ notebookOutputOption?: pulumi.Input; /** * When `notebookOutputOption` is Allowed, the AWS Key Management Service (KMS) encryption key ID used to encrypt the notebook cell output in the Amazon S3 bucket. */ s3KmsKeyId?: pulumi.Input; /** * When `notebookOutputOption` is Allowed, the Amazon S3 bucket used to save the notebook cell output. */ s3OutputPath?: pulumi.Input; } export interface UserProfileUserSettingsSpaceStorageSettings { /** * The default EBS storage settings for a private space. See Default EBS Storage Settings below. */ defaultEbsStorageSettings?: pulumi.Input; } export interface UserProfileUserSettingsSpaceStorageSettingsDefaultEbsStorageSettings { /** * The default size of the EBS storage volume for a private space. */ defaultEbsVolumeSizeInGb: pulumi.Input; /** * The maximum size of the EBS storage volume for a private space. */ maximumEbsVolumeSizeInGb: pulumi.Input; } export interface UserProfileUserSettingsTensorBoardAppSettings { /** * The default instance type and the Amazon Resource Name (ARN) of the SageMaker image created on the instance. see Default Resource Spec below. */ defaultResourceSpec?: pulumi.Input; } export interface UserProfileUserSettingsTensorBoardAppSettingsDefaultResourceSpec { /** * The instance type that the image version runs on.. For valid values see [SageMaker Instance Types](https://docs.aws.amazon.com/sagemaker/latest/dg/notebooks-available-instance-types.html). */ instanceType?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the Lifecycle Configuration attached to the Resource. */ lifecycleConfigArn?: pulumi.Input; /** * The ARN of the SageMaker image that the image version belongs to. */ sagemakerImageArn?: pulumi.Input; /** * The SageMaker Image Version Alias. */ sagemakerImageVersionAlias?: pulumi.Input; /** * The ARN of the image version created on the instance. */ sagemakerImageVersionArn?: pulumi.Input; } export interface WorkforceCognitoConfig { /** * The client ID for your Amazon Cognito user pool. */ clientId: pulumi.Input; /** * ID for your Amazon Cognito user pool. */ userPool: pulumi.Input; } export interface WorkforceOidcConfig { /** * The OIDC IdP authorization endpoint used to configure your private workforce. */ authorizationEndpoint: pulumi.Input; /** * The OIDC IdP client ID used to configure your private workforce. */ clientId: pulumi.Input; /** * The OIDC IdP client secret used to configure your private workforce. */ clientSecret: pulumi.Input; /** * The OIDC IdP issuer used to configure your private workforce. */ issuer: pulumi.Input; /** * The OIDC IdP JSON Web Key Set (Jwks) URI used to configure your private workforce. */ jwksUri: pulumi.Input; /** * The OIDC IdP logout endpoint used to configure your private workforce. */ logoutEndpoint: pulumi.Input; /** * The OIDC IdP token endpoint used to configure your private workforce. */ tokenEndpoint: pulumi.Input; /** * The OIDC IdP user information endpoint used to configure your private workforce. */ userInfoEndpoint: pulumi.Input; } export interface WorkforceSourceIpConfig { /** * A list of up to 10 CIDR values. */ cidrs: pulumi.Input[]>; } export interface WorkforceWorkforceVpcConfig { /** * The VPC security group IDs. The security groups must be for the same VPC as specified in the subnet. */ securityGroupIds?: pulumi.Input[]>; /** * The ID of the subnets in the VPC that you want to connect. */ subnets?: pulumi.Input[]>; /** * The IDs for the VPC service endpoints of your VPC workforce. */ vpcEndpointId?: pulumi.Input; /** * The ID of the VPC that the workforce uses for communication. */ vpcId?: pulumi.Input; } export interface WorkteamMemberDefinition { /** * The Amazon Cognito user group that is part of the work team. See Cognito Member Definition details below. */ cognitoMemberDefinition?: pulumi.Input; /** * A list user groups that exist in your OIDC Identity Provider (IdP). One to ten groups can be used to create a single private work team. See Cognito Member Definition details below. */ oidcMemberDefinition?: pulumi.Input; } export interface WorkteamMemberDefinitionCognitoMemberDefinition { /** * An identifier for an application client. You must create the app client ID using Amazon Cognito. */ clientId: pulumi.Input; /** * An identifier for a user group. */ userGroup: pulumi.Input; /** * An identifier for a user pool. The user pool must be in the same region as the service that you are calling. */ userPool: pulumi.Input; } export interface WorkteamMemberDefinitionOidcMemberDefinition { /** * A list of comma separated strings that identifies user groups in your OIDC IdP. Each user group is made up of a group of private workers. */ groups: pulumi.Input[]>; } export interface WorkteamNotificationConfiguration { /** * The ARN for the SNS topic to which notifications should be published. */ notificationTopicArn?: pulumi.Input; } } export namespace scheduler { export interface ScheduleFlexibleTimeWindow { /** * Maximum time window during which a schedule can be invoked. Ranges from `1` to `1440` minutes. */ maximumWindowInMinutes?: pulumi.Input; /** * Determines whether the schedule is invoked within a flexible time window. One of: `OFF`, `FLEXIBLE`. */ mode: pulumi.Input; } export interface ScheduleTarget { /** * ARN of the target of this schedule, such as a SQS queue or ECS cluster. For universal targets, this is a [Service ARN specific to the target service](https://docs.aws.amazon.com/scheduler/latest/UserGuide/managing-targets-universal.html#supported-universal-targets). */ arn: pulumi.Input; /** * Information about an Amazon SQS queue that EventBridge Scheduler uses as a dead-letter queue for your schedule. If specified, EventBridge Scheduler delivers failed events that could not be successfully delivered to a target to the queue. Detailed below. */ deadLetterConfig?: pulumi.Input; /** * Templated target type for the Amazon ECS [`RunTask`](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_RunTask.html) API operation. Detailed below. */ ecsParameters?: pulumi.Input; /** * Templated target type for the EventBridge [`PutEvents`](https://docs.aws.amazon.com/eventbridge/latest/APIReference/API_PutEvents.html) API operation. Detailed below. */ eventbridgeParameters?: pulumi.Input; /** * Text, or well-formed JSON, passed to the target. Read more in [Universal target](https://docs.aws.amazon.com/scheduler/latest/UserGuide/managing-targets-universal.html). */ input?: pulumi.Input; /** * Templated target type for the Amazon Kinesis [`PutRecord`](https://docs.aws.amazon.com/kinesis/latest/APIReference/API_PutRecord.html) API operation. Detailed below. */ kinesisParameters?: pulumi.Input; /** * Information about the retry policy settings. Detailed below. */ retryPolicy?: pulumi.Input; /** * ARN of the IAM role that EventBridge Scheduler will use for this target when the schedule is invoked. Read more in [Set up the execution role](https://docs.aws.amazon.com/scheduler/latest/UserGuide/setting-up.html#setting-up-execution-role). * * The following arguments are optional: */ roleArn: pulumi.Input; /** * Templated target type for the Amazon SageMaker [`StartPipelineExecution`](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_StartPipelineExecution.html) API operation. Detailed below. */ sagemakerPipelineParameters?: pulumi.Input; /** * The templated target type for the Amazon SQS [`SendMessage`](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/APIReference/API_SendMessage.html) API operation. Detailed below. */ sqsParameters?: pulumi.Input; } export interface ScheduleTargetDeadLetterConfig { /** * ARN of the SQS queue specified as the destination for the dead-letter queue. */ arn: pulumi.Input; } export interface ScheduleTargetEcsParameters { /** * Up to `6` capacity provider strategies to use for the task. Detailed below. */ capacityProviderStrategies?: pulumi.Input[]>; /** * Specifies whether to enable Amazon ECS managed tags for the task. For more information, see [Tagging Your Amazon ECS Resources](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-using-tags.html) in the Amazon ECS Developer Guide. */ enableEcsManagedTags?: pulumi.Input; /** * Specifies whether to enable the execute command functionality for the containers in this task. */ enableExecuteCommand?: pulumi.Input; /** * Specifies an ECS task group for the task. At most 255 characters. */ group?: pulumi.Input; /** * Specifies the launch type on which your task is running. The launch type that you specify here must match one of the launch type (compatibilities) of the target task. One of: `EC2`, `FARGATE`, `EXTERNAL`. */ launchType?: pulumi.Input; /** * Configures the networking associated with the task. Detailed below. */ networkConfiguration?: pulumi.Input; /** * A set of up to 10 placement constraints to use for the task. Detailed below. */ placementConstraints?: pulumi.Input[]>; /** * A set of up to 5 placement strategies. Detailed below. */ placementStrategies?: pulumi.Input[]>; /** * Specifies the platform version for the task. Specify only the numeric portion of the platform version, such as `1.1.0`. */ platformVersion?: pulumi.Input; /** * Specifies whether to propagate the tags from the task definition to the task. One of: `TASK_DEFINITION`. */ propagateTags?: pulumi.Input; /** * Reference ID to use for the task. */ referenceId?: pulumi.Input; /** * The metadata that you apply to the task. Each tag consists of a key and an optional value. For more information, see [`RunTask`](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_RunTask.html) in the Amazon ECS API Reference. */ tags?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * The number of tasks to create. Ranges from `1` (default) to `10`. */ taskCount?: pulumi.Input; /** * ARN of the task definition to use. * * The following arguments are optional: */ taskDefinitionArn: pulumi.Input; } export interface ScheduleTargetEcsParametersCapacityProviderStrategy { /** * How many tasks, at a minimum, to run on the specified capacity provider. Only one capacity provider in a capacity provider strategy can have a base defined. Ranges from `0` (default) to `100000`. */ base?: pulumi.Input; /** * Short name of the capacity provider. */ capacityProvider: pulumi.Input; /** * Designates the relative percentage of the total number of tasks launched that should use the specified capacity provider. The weight value is taken into consideration after the base value, if defined, is satisfied. Ranges from from `0` to `1000`. */ weight?: pulumi.Input; } export interface ScheduleTargetEcsParametersNetworkConfiguration { /** * Specifies whether the task's elastic network interface receives a public IP address. This attribute is a boolean type, where `true` maps to `ENABLED` and `false` to `DISABLED`. You can specify `true` only when the `launchType` is set to `FARGATE`. */ assignPublicIp?: pulumi.Input; /** * Set of 1 to 5 Security Group ID-s to be associated with the task. These security groups must all be in the same VPC. */ securityGroups?: pulumi.Input[]>; /** * Set of 1 to 16 subnets to be associated with the task. These subnets must all be in the same VPC. */ subnets: pulumi.Input[]>; } export interface ScheduleTargetEcsParametersPlacementConstraint { /** * A cluster query language expression to apply to the constraint. You cannot specify an expression if the constraint type is `distinctInstance`. For more information, see [Cluster query language](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/cluster-query-language.html) in the Amazon ECS Developer Guide. */ expression?: pulumi.Input; /** * The type of constraint. One of: `distinctInstance`, `memberOf`. */ type: pulumi.Input; } export interface ScheduleTargetEcsParametersPlacementStrategy { /** * The field to apply the placement strategy against. */ field?: pulumi.Input; /** * The type of placement strategy. One of: `random`, `spread`, `binpack`. */ type: pulumi.Input; } export interface ScheduleTargetEventbridgeParameters { /** * Free-form string used to decide what fields to expect in the event detail. Up to 128 characters. */ detailType: pulumi.Input; /** * Source of the event. */ source: pulumi.Input; } export interface ScheduleTargetKinesisParameters { /** * Specifies the shard to which EventBridge Scheduler sends the event. Up to 256 characters. */ partitionKey: pulumi.Input; } export interface ScheduleTargetRetryPolicy { /** * Maximum amount of time, in seconds, to continue to make retry attempts. Ranges from `60` to `86400` (default). */ maximumEventAgeInSeconds?: pulumi.Input; /** * Maximum number of retry attempts to make before the request fails. Ranges from `0` to `185` (default). */ maximumRetryAttempts?: pulumi.Input; } export interface ScheduleTargetSagemakerPipelineParameters { /** * Set of up to 200 parameter names and values to use when executing the SageMaker Model Building Pipeline. Detailed below. */ pipelineParameters?: pulumi.Input[]>; } export interface ScheduleTargetSagemakerPipelineParametersPipelineParameter { /** * Name of parameter to start execution of a SageMaker Model Building Pipeline. */ name: pulumi.Input; /** * Value of parameter to start execution of a SageMaker Model Building Pipeline. */ value: pulumi.Input; } export interface ScheduleTargetSqsParameters { /** * FIFO message group ID to use as the target. */ messageGroupId?: pulumi.Input; } } export namespace secretsmanager { export interface GetSecretsFilter { /** * Name of the filter field. Valid values can be found in the [Secrets Manager ListSecrets API Reference](https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_ListSecrets.html). */ name: string; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: string[]; } export interface GetSecretsFilterArgs { /** * Name of the filter field. Valid values can be found in the [Secrets Manager ListSecrets API Reference](https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_ListSecrets.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: pulumi.Input[]>; } export interface SecretReplica { /** * ARN, Key ID, or Alias of the AWS KMS key within the region secret is replicated to. If one is not specified, then Secrets Manager defaults to using the AWS account's default KMS key (`aws/secretsmanager`) in the region or creates one for use if non-existent. */ kmsKeyId?: pulumi.Input; /** * Date that you last accessed the secret in the Region. */ lastAccessedDate?: pulumi.Input; /** * Region for replicating the secret. */ region: pulumi.Input; /** * Status can be `InProgress`, `Failed`, or `InSync`. */ status?: pulumi.Input; /** * Message such as `Replication succeeded` or `Secret with this name already exists in this region`. */ statusMessage?: pulumi.Input; } export interface SecretRotationRotationRules { /** * Specifies the number of days between automatic scheduled rotations of the secret. Either `automaticallyAfterDays` or `scheduleExpression` must be specified. */ automaticallyAfterDays?: pulumi.Input; /** * The length of the rotation window in hours. For example, `3h` for a three hour window. */ duration?: pulumi.Input; /** * A `cron()` or `rate()` expression that defines the schedule for rotating your secret. Either `automaticallyAfterDays` or `scheduleExpression` must be specified. */ scheduleExpression?: pulumi.Input; } } export namespace securityhub { export interface AutomationRuleAction { /** * A block that specifies that the automation rule action is an update to a finding field. Documented below. */ findingFieldsUpdate?: pulumi.Input; /** * Specifies that the rule action should update the `Types` finding field. The `Types` finding field classifies findings in the format of namespace/category/classifier. */ type?: pulumi.Input; } export interface AutomationRuleActionFindingFieldsUpdate { /** * The rule action updates the `Confidence` field of a finding. */ confidence?: pulumi.Input; /** * The rule action updates the `Criticality` field of a finding. */ criticality?: pulumi.Input; /** * A resource block that updates the note. Documented below. */ note?: pulumi.Input; /** * A resource block that the rule action updates the `RelatedFindings` field of a finding. Documented below. */ relatedFindings?: pulumi.Input[]>; /** * A resource block that updates to the severity information for a finding. Documented below. */ severity?: pulumi.Input; /** * The rule action updates the `Types` field of a finding. */ types?: pulumi.Input[]>; /** * The rule action updates the `UserDefinedFields` field of a finding. */ userDefinedFields?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * The rule action updates the `VerificationState` field of a finding. The allowed values are the following `UNKNOWN`, `TRUE_POSITIVE`, `FALSE_POSITIVE` and `BENIGN_POSITIVE`. */ verificationState?: pulumi.Input; /** * A resource block that is used to update information about the investigation into the finding. Documented below. */ workflow?: pulumi.Input; } export interface AutomationRuleActionFindingFieldsUpdateNote { /** * The updated note text. */ text: pulumi.Input; /** * The principal that updated the note. */ updatedBy: pulumi.Input; } export interface AutomationRuleActionFindingFieldsUpdateRelatedFinding { /** * The product-generated identifier for a related finding. */ id: pulumi.Input; /** * The ARN of the product that generated a related finding. */ productArn: pulumi.Input; } export interface AutomationRuleActionFindingFieldsUpdateSeverity { /** * The severity value of the finding. The allowed values are the following `INFORMATIONAL`, `LOW`, `MEDIUM`, `HIGH` and `CRITICAL`. */ label?: pulumi.Input; /** * The native severity as defined by the AWS service or integrated partner product that generated the finding. */ product?: pulumi.Input; } export interface AutomationRuleActionFindingFieldsUpdateWorkflow { /** * The status of the investigation into the finding. The allowed values are the following `NEW`, `NOTIFIED`, `RESOLVED` and `SUPPRESSED`. */ status?: pulumi.Input; } export interface AutomationRuleCriteria { /** * The AWS account ID in which a finding was generated. Documented below. */ awsAccountIds?: pulumi.Input[]>; /** * The name of the AWS account in which a finding was generated. Documented below. */ awsAccountNames?: pulumi.Input[]>; /** * The name of the company for the product that generated the finding. For control-based findings, the company is AWS. Documented below. */ companyNames?: pulumi.Input[]>; /** * The unique identifier of a standard in which a control is enabled. Documented below. */ complianceAssociatedStandardsIds?: pulumi.Input[]>; /** * The security control ID for which a finding was generated. Security control IDs are the same across standards. Documented below. */ complianceSecurityControlIds?: pulumi.Input[]>; /** * The result of a security check. This field is only used for findings generated from controls. Documented below. */ complianceStatuses?: pulumi.Input[]>; /** * The likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. `Confidence` is scored on a 0–100 basis using a ratio scale. A value of `0` means 0 percent confidence, and a value of `100` means 100 percent confidence. Documented below. */ confidences?: pulumi.Input[]>; /** * A timestamp that indicates when this finding record was created. Documented below. */ createdAts?: pulumi.Input[]>; /** * The level of importance that is assigned to the resources that are associated with a finding. Documented below. */ criticalities?: pulumi.Input[]>; /** * A finding's description. Documented below. */ descriptions?: pulumi.Input[]>; /** * A timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings product. Documented below. */ firstObservedAts?: pulumi.Input[]>; /** * The identifier for the solution-specific component that generated a finding. Documented below. */ generatorIds?: pulumi.Input[]>; /** * The product-specific identifier for a finding. Documented below. */ ids?: pulumi.Input[]>; /** * A timestamp that indicates when the potential security issue captured by a finding was most recently observed by the security findings product. Documented below. */ lastObservedAts?: pulumi.Input[]>; /** * The text of a user-defined note that's added to a finding. Documented below. */ noteTexts?: pulumi.Input[]>; /** * The timestamp of when the note was updated. Documented below. */ noteUpdatedAts?: pulumi.Input[]>; /** * The principal that created a note. Documented below. */ noteUpdatedBies?: pulumi.Input[]>; /** * The Amazon Resource Name (ARN) for a third-party product that generated a finding in Security Hub. Documented below. */ productArns?: pulumi.Input[]>; /** * Provides the name of the product that generated the finding. For control-based findings, the product name is Security Hub. Documented below. */ productNames?: pulumi.Input[]>; /** * Provides the current state of a finding. Documented below. */ recordStates?: pulumi.Input[]>; /** * The product-generated identifier for a related finding. Documented below. */ relatedFindingsIds?: pulumi.Input[]>; /** * The ARN for the product that generated a related finding. Documented below. */ relatedFindingsProductArns?: pulumi.Input[]>; /** * The Amazon Resource Name (ARN) of the application that is related to a finding. Documented below. */ resourceApplicationArns?: pulumi.Input[]>; /** * The name of the application that is related to a finding. Documented below. */ resourceApplicationNames?: pulumi.Input[]>; /** * Custom fields and values about the resource that a finding pertains to. Documented below. */ resourceDetailsOthers?: pulumi.Input[]>; /** * The identifier for the given resource type. For AWS resources that are identified by Amazon Resource Names (ARNs), this is the ARN. For AWS resources that lack ARNs, this is the identifier as defined by the AWS service that created the resource. For non-AWS resources, this is a unique identifier that is associated with the resource. Documented below. */ resourceIds?: pulumi.Input[]>; /** * The partition in which the resource that the finding pertains to is located. A partition is a group of AWS Regions. Each AWS account is scoped to one partition. Documented below. */ resourcePartitions?: pulumi.Input[]>; /** * The AWS Region where the resource that a finding pertains to is located. Documented below. */ resourceRegions?: pulumi.Input[]>; /** * A list of AWS tags associated with a resource at the time the finding was processed. Documented below. */ resourceTags?: pulumi.Input[]>; /** * The type of resource that the finding pertains to. Documented below. */ resourceTypes?: pulumi.Input[]>; /** * The severity value of the finding. Documented below. */ severityLabels?: pulumi.Input[]>; /** * Provides a URL that links to a page about the current finding in the finding product. Documented below. */ sourceUrls?: pulumi.Input[]>; /** * A finding's title. Documented below. */ titles?: pulumi.Input[]>; /** * One or more finding types in the format of namespace/category/classifier that classify a finding. Documented below. */ types?: pulumi.Input[]>; /** * A timestamp that indicates when the finding record was most recently updated. Documented below. */ updatedAts?: pulumi.Input[]>; /** * A list of user-defined name and value string pairs added to a finding. Documented below. */ userDefinedFields?: pulumi.Input[]>; /** * Provides the veracity of a finding. Documented below. */ verificationStates?: pulumi.Input[]>; /** * Provides information about the status of the investigation into a finding. Documented below. */ workflowStatuses?: pulumi.Input[]>; } export interface AutomationRuleCriteriaAwsAccountId { comparison: pulumi.Input; value: pulumi.Input; } export interface AutomationRuleCriteriaAwsAccountName { comparison: pulumi.Input; value: pulumi.Input; } export interface AutomationRuleCriteriaCompanyName { comparison: pulumi.Input; value: pulumi.Input; } export interface AutomationRuleCriteriaComplianceAssociatedStandardsId { comparison: pulumi.Input; value: pulumi.Input; } export interface AutomationRuleCriteriaComplianceSecurityControlId { comparison: pulumi.Input; value: pulumi.Input; } export interface AutomationRuleCriteriaComplianceStatus { comparison: pulumi.Input; value: pulumi.Input; } export interface AutomationRuleCriteriaConfidence { eq?: pulumi.Input; gt?: pulumi.Input; gte?: pulumi.Input; lt?: pulumi.Input; lte?: pulumi.Input; } export interface AutomationRuleCriteriaCreatedAt { dateRange?: pulumi.Input; end?: pulumi.Input; start?: pulumi.Input; } export interface AutomationRuleCriteriaCreatedAtDateRange { /** * A date range unit for the date filter. Valid values: `DAYS`. */ unit: pulumi.Input; /** * A date range value for the date filter, provided as an Integer. */ value: pulumi.Input; } export interface AutomationRuleCriteriaCriticality { eq?: pulumi.Input; gt?: pulumi.Input; gte?: pulumi.Input; lt?: pulumi.Input; lte?: pulumi.Input; } export interface AutomationRuleCriteriaDescription { comparison: pulumi.Input; value: pulumi.Input; } export interface AutomationRuleCriteriaFirstObservedAt { dateRange?: pulumi.Input; end?: pulumi.Input; start?: pulumi.Input; } export interface AutomationRuleCriteriaFirstObservedAtDateRange { /** * A date range unit for the date filter. Valid values: `DAYS`. */ unit: pulumi.Input; /** * A date range value for the date filter, provided as an Integer. */ value: pulumi.Input; } export interface AutomationRuleCriteriaGeneratorId { comparison: pulumi.Input; value: pulumi.Input; } export interface AutomationRuleCriteriaId { comparison: pulumi.Input; value: pulumi.Input; } export interface AutomationRuleCriteriaLastObservedAt { dateRange?: pulumi.Input; end?: pulumi.Input; start?: pulumi.Input; } export interface AutomationRuleCriteriaLastObservedAtDateRange { /** * A date range unit for the date filter. Valid values: `DAYS`. */ unit: pulumi.Input; /** * A date range value for the date filter, provided as an Integer. */ value: pulumi.Input; } export interface AutomationRuleCriteriaNoteText { comparison: pulumi.Input; value: pulumi.Input; } export interface AutomationRuleCriteriaNoteUpdatedAt { dateRange?: pulumi.Input; end?: pulumi.Input; start?: pulumi.Input; } export interface AutomationRuleCriteriaNoteUpdatedAtDateRange { /** * A date range unit for the date filter. Valid values: `DAYS`. */ unit: pulumi.Input; /** * A date range value for the date filter, provided as an Integer. */ value: pulumi.Input; } export interface AutomationRuleCriteriaNoteUpdatedBy { comparison: pulumi.Input; value: pulumi.Input; } export interface AutomationRuleCriteriaProductArn { comparison: pulumi.Input; value: pulumi.Input; } export interface AutomationRuleCriteriaProductName { comparison: pulumi.Input; value: pulumi.Input; } export interface AutomationRuleCriteriaRecordState { comparison: pulumi.Input; value: pulumi.Input; } export interface AutomationRuleCriteriaRelatedFindingsId { comparison: pulumi.Input; value: pulumi.Input; } export interface AutomationRuleCriteriaRelatedFindingsProductArn { comparison: pulumi.Input; value: pulumi.Input; } export interface AutomationRuleCriteriaResourceApplicationArn { comparison: pulumi.Input; value: pulumi.Input; } export interface AutomationRuleCriteriaResourceApplicationName { comparison: pulumi.Input; value: pulumi.Input; } export interface AutomationRuleCriteriaResourceDetailsOther { comparison: pulumi.Input; key: pulumi.Input; value: pulumi.Input; } export interface AutomationRuleCriteriaResourceId { comparison: pulumi.Input; value: pulumi.Input; } export interface AutomationRuleCriteriaResourcePartition { comparison: pulumi.Input; value: pulumi.Input; } export interface AutomationRuleCriteriaResourceRegion { comparison: pulumi.Input; value: pulumi.Input; } export interface AutomationRuleCriteriaResourceTag { comparison: pulumi.Input; key: pulumi.Input; value: pulumi.Input; } export interface AutomationRuleCriteriaResourceType { comparison: pulumi.Input; value: pulumi.Input; } export interface AutomationRuleCriteriaSeverityLabel { comparison: pulumi.Input; value: pulumi.Input; } export interface AutomationRuleCriteriaSourceUrl { comparison: pulumi.Input; value: pulumi.Input; } export interface AutomationRuleCriteriaTitle { comparison: pulumi.Input; value: pulumi.Input; } export interface AutomationRuleCriteriaType { comparison: pulumi.Input; value: pulumi.Input; } export interface AutomationRuleCriteriaUpdatedAt { dateRange?: pulumi.Input; end?: pulumi.Input; start?: pulumi.Input; } export interface AutomationRuleCriteriaUpdatedAtDateRange { /** * A date range unit for the date filter. Valid values: `DAYS`. */ unit: pulumi.Input; /** * A date range value for the date filter, provided as an Integer. */ value: pulumi.Input; } export interface AutomationRuleCriteriaUserDefinedField { comparison: pulumi.Input; key: pulumi.Input; value: pulumi.Input; } export interface AutomationRuleCriteriaVerificationState { comparison: pulumi.Input; value: pulumi.Input; } export interface AutomationRuleCriteriaWorkflowStatus { comparison: pulumi.Input; value: pulumi.Input; } export interface ConfigurationPolicyConfigurationPolicy { /** * A list that defines which security standards are enabled in the configuration policy. It must be defined if `serviceEnabled` is set to true. */ enabledStandardArns?: pulumi.Input[]>; /** * Defines which security controls are enabled in the configuration policy and any customizations to parameters affecting them. See below. */ securityControlsConfiguration?: pulumi.Input; /** * Indicates whether Security Hub is enabled in the policy. */ serviceEnabled: pulumi.Input; } export interface ConfigurationPolicyConfigurationPolicySecurityControlsConfiguration { /** * A list of security controls that are disabled in the configuration policy Security Hub enables all other controls (including newly released controls) other than the listed controls. Conflicts with `enabledControlIdentifiers`. */ disabledControlIdentifiers?: pulumi.Input[]>; /** * A list of security controls that are enabled in the configuration policy. Security Hub disables all other controls (including newly released controls) other than the listed controls. Conflicts with `disabledControlIdentifiers`. */ enabledControlIdentifiers?: pulumi.Input[]>; /** * A list of control parameter customizations that are included in a configuration policy. Include multiple blocks to define multiple control custom parameters. See below. */ securityControlCustomParameters?: pulumi.Input[]>; } export interface ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameter { /** * An object that specifies parameter values for a control in a configuration policy. See below. */ parameters: pulumi.Input[]>; /** * The ID of the security control. For more information see the [Security Hub controls reference] documentation. */ securityControlId: pulumi.Input; } export interface ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameter { /** * The bool `value` for a Boolean-typed Security Hub Control Parameter. */ bool?: pulumi.Input; /** * The float `value` for a Double-typed Security Hub Control Parameter. */ double?: pulumi.Input; /** * The string `value` for a Enum-typed Security Hub Control Parameter. */ enum?: pulumi.Input; /** * The string list `value` for a EnumList-typed Security Hub Control Parameter. */ enumList?: pulumi.Input; /** * The int `value` for a Int-typed Security Hub Control Parameter. */ int?: pulumi.Input; /** * The int list `value` for a IntList-typed Security Hub Control Parameter. */ intList?: pulumi.Input; /** * The name of the control parameter. For more information see the [Security Hub controls reference] documentation. */ name: pulumi.Input; /** * The string `value` for a String-typed Security Hub Control Parameter. */ string?: pulumi.Input; /** * The string list `value` for a StringList-typed Security Hub Control Parameter. */ stringList?: pulumi.Input; /** * Identifies whether a control parameter uses a custom user-defined value or subscribes to the default Security Hub behavior. Valid values: `DEFAULT`, `CUSTOM`. */ valueType: pulumi.Input; } export interface ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterBool { value: pulumi.Input; } export interface ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterDouble { value: pulumi.Input; } export interface ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterEnum { value: pulumi.Input; } export interface ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterEnumList { values: pulumi.Input[]>; } export interface ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterInt { value: pulumi.Input; } export interface ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterIntList { values: pulumi.Input[]>; } export interface ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterString { value: pulumi.Input; } export interface ConfigurationPolicyConfigurationPolicySecurityControlsConfigurationSecurityControlCustomParameterParameterStringList { values: pulumi.Input[]>; } export interface InsightFilters { /** * AWS account ID that a finding is generated in. See String_Filter below for more details. */ awsAccountIds?: pulumi.Input[]>; /** * The name of the findings provider (company) that owns the solution (product) that generates findings. See String_Filter below for more details. */ companyNames?: pulumi.Input[]>; /** * Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard, such as CIS AWS Foundations. Contains security standard-related finding details. See String Filter below for more details. */ complianceStatuses?: pulumi.Input[]>; /** * A finding's confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence. See Number Filter below for more details. */ confidences?: pulumi.Input[]>; /** * An ISO8601-formatted timestamp that indicates when the security-findings provider captured the potential security issue that a finding captured. See Date Filter below for more details. */ createdAts?: pulumi.Input[]>; /** * The level of importance assigned to the resources associated with the finding. A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources. See Number Filter below for more details. */ criticalities?: pulumi.Input[]>; /** * A finding's description. See String Filter below for more details. */ descriptions?: pulumi.Input[]>; /** * The finding provider value for the finding confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence. See Number Filter below for more details. */ findingProviderFieldsConfidences?: pulumi.Input[]>; /** * The finding provider value for the level of importance assigned to the resources associated with the findings. A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources. See Number Filter below for more details. */ findingProviderFieldsCriticalities?: pulumi.Input[]>; /** * The finding identifier of a related finding that is identified by the finding provider. See String Filter below for more details. */ findingProviderFieldsRelatedFindingsIds?: pulumi.Input[]>; /** * The ARN of the solution that generated a related finding that is identified by the finding provider. See String Filter below for more details. */ findingProviderFieldsRelatedFindingsProductArns?: pulumi.Input[]>; /** * The finding provider value for the severity label. See String Filter below for more details. */ findingProviderFieldsSeverityLabels?: pulumi.Input[]>; /** * The finding provider's original value for the severity. See String Filter below for more details. */ findingProviderFieldsSeverityOriginals?: pulumi.Input[]>; /** * One or more finding types that the finding provider assigned to the finding. Uses the format of `namespace/category/classifier` that classify a finding. Valid namespace values include: `Software and Configuration Checks`, `TTPs`, `Effects`, `Unusual Behaviors`, and `Sensitive Data Identifications`. See String Filter below for more details. */ findingProviderFieldsTypes?: pulumi.Input[]>; /** * An ISO8601-formatted timestamp that indicates when the security-findings provider first observed the potential security issue that a finding captured. See Date Filter below for more details. */ firstObservedAts?: pulumi.Input[]>; /** * The identifier for the solution-specific component (a discrete unit of logic) that generated a finding. See String Filter below for more details. */ generatorIds?: pulumi.Input[]>; /** * The security findings provider-specific identifier for a finding. See String Filter below for more details. */ ids?: pulumi.Input[]>; /** * A keyword for a finding. See Keyword Filter below for more details. */ keywords?: pulumi.Input[]>; /** * An ISO8601-formatted timestamp that indicates when the security-findings provider most recently observed the potential security issue that a finding captured. See Date Filter below for more details. */ lastObservedAts?: pulumi.Input[]>; /** * The name of the malware that was observed. See String Filter below for more details. */ malwareNames?: pulumi.Input[]>; /** * The filesystem path of the malware that was observed. See String Filter below for more details. */ malwarePaths?: pulumi.Input[]>; /** * The state of the malware that was observed. See String Filter below for more details. */ malwareStates?: pulumi.Input[]>; /** * The type of the malware that was observed. See String Filter below for more details. */ malwareTypes?: pulumi.Input[]>; /** * The destination domain of network-related information about a finding. See String Filter below for more details. */ networkDestinationDomains?: pulumi.Input[]>; /** * The destination IPv4 address of network-related information about a finding. See Ip Filter below for more details. */ networkDestinationIpv4s?: pulumi.Input[]>; /** * The destination IPv6 address of network-related information about a finding. See Ip Filter below for more details. */ networkDestinationIpv6s?: pulumi.Input[]>; /** * The destination port of network-related information about a finding. See Number Filter below for more details. */ networkDestinationPorts?: pulumi.Input[]>; /** * Indicates the direction of network traffic associated with a finding. See String Filter below for more details. */ networkDirections?: pulumi.Input[]>; /** * The protocol of network-related information about a finding. See String Filter below for more details. */ networkProtocols?: pulumi.Input[]>; /** * The source domain of network-related information about a finding. See String Filter below for more details. */ networkSourceDomains?: pulumi.Input[]>; /** * The source IPv4 address of network-related information about a finding. See Ip Filter below for more details. */ networkSourceIpv4s?: pulumi.Input[]>; /** * The source IPv6 address of network-related information about a finding. See Ip Filter below for more details. */ networkSourceIpv6s?: pulumi.Input[]>; /** * The source media access control (MAC) address of network-related information about a finding. See String Filter below for more details. */ networkSourceMacs?: pulumi.Input[]>; /** * The source port of network-related information about a finding. See Number Filter below for more details. */ networkSourcePorts?: pulumi.Input[]>; /** * The text of a note. See String Filter below for more details. */ noteTexts?: pulumi.Input[]>; /** * The timestamp of when the note was updated. See Date Filter below for more details. */ noteUpdatedAts?: pulumi.Input[]>; /** * The principal that created a note. See String Filter below for more details. */ noteUpdatedBies?: pulumi.Input[]>; /** * The date/time that the process was launched. See Date Filter below for more details. */ processLaunchedAts?: pulumi.Input[]>; /** * The name of the process. See String Filter below for more details. */ processNames?: pulumi.Input[]>; /** * The parent process ID. See Number Filter below for more details. */ processParentPids?: pulumi.Input[]>; /** * The path to the process executable. See String Filter below for more details. */ processPaths?: pulumi.Input[]>; /** * The process ID. See Number Filter below for more details. */ processPids?: pulumi.Input[]>; /** * The date/time that the process was terminated. See Date Filter below for more details. */ processTerminatedAts?: pulumi.Input[]>; /** * The ARN generated by Security Hub that uniquely identifies a third-party company (security findings provider) after this provider's product (solution that generates findings) is registered with Security Hub. See String Filter below for more details. */ productArns?: pulumi.Input[]>; /** * A data type where security-findings providers can include additional solution-specific details that aren't part of the defined `AwsSecurityFinding` format. See Map Filter below for more details. */ productFields?: pulumi.Input[]>; /** * The name of the solution (product) that generates findings. See String Filter below for more details. */ productNames?: pulumi.Input[]>; /** * The recommendation of what to do about the issue described in a finding. See String Filter below for more details. */ recommendationTexts?: pulumi.Input[]>; /** * The updated record state for the finding. See String Filter below for more details. */ recordStates?: pulumi.Input[]>; /** * The solution-generated identifier for a related finding. See String Filter below for more details. */ relatedFindingsIds?: pulumi.Input[]>; /** * The ARN of the solution that generated a related finding. See String Filter below for more details. */ relatedFindingsProductArns?: pulumi.Input[]>; /** * The IAM profile ARN of the instance. See String Filter below for more details. */ resourceAwsEc2InstanceIamInstanceProfileArns?: pulumi.Input[]>; /** * The Amazon Machine Image (AMI) ID of the instance. See String Filter below for more details. */ resourceAwsEc2InstanceImageIds?: pulumi.Input[]>; /** * The IPv4 addresses associated with the instance. See Ip Filter below for more details. */ resourceAwsEc2InstanceIpv4Addresses?: pulumi.Input[]>; /** * The IPv6 addresses associated with the instance. See Ip Filter below for more details. */ resourceAwsEc2InstanceIpv6Addresses?: pulumi.Input[]>; /** * The key name associated with the instance. See String Filter below for more details. */ resourceAwsEc2InstanceKeyNames?: pulumi.Input[]>; /** * The date and time the instance was launched. See Date Filter below for more details. */ resourceAwsEc2InstanceLaunchedAts?: pulumi.Input[]>; /** * The identifier of the subnet that the instance was launched in. See String Filter below for more details. */ resourceAwsEc2InstanceSubnetIds?: pulumi.Input[]>; /** * The instance type of the instance. See String Filter below for more details. */ resourceAwsEc2InstanceTypes?: pulumi.Input[]>; /** * The identifier of the VPC that the instance was launched in. See String Filter below for more details. */ resourceAwsEc2InstanceVpcIds?: pulumi.Input[]>; /** * The creation date/time of the IAM access key related to a finding. See Date Filter below for more details. */ resourceAwsIamAccessKeyCreatedAts?: pulumi.Input[]>; /** * The status of the IAM access key related to a finding. See String Filter below for more details. */ resourceAwsIamAccessKeyStatuses?: pulumi.Input[]>; /** * The user associated with the IAM access key related to a finding. See String Filter below for more details. */ resourceAwsIamAccessKeyUserNames?: pulumi.Input[]>; /** * The canonical user ID of the owner of the S3 bucket. See String Filter below for more details. */ resourceAwsS3BucketOwnerIds?: pulumi.Input[]>; /** * The display name of the owner of the S3 bucket. See String Filter below for more details. */ resourceAwsS3BucketOwnerNames?: pulumi.Input[]>; /** * The identifier of the image related to a finding. See String Filter below for more details. */ resourceContainerImageIds?: pulumi.Input[]>; /** * The name of the image related to a finding. See String Filter below for more details. */ resourceContainerImageNames?: pulumi.Input[]>; /** * The date/time that the container was started. See Date Filter below for more details. */ resourceContainerLaunchedAts?: pulumi.Input[]>; /** * The name of the container related to a finding. See String Filter below for more details. */ resourceContainerNames?: pulumi.Input[]>; /** * The details of a resource that doesn't have a specific subfield for the resource type defined. See Map Filter below for more details. */ resourceDetailsOthers?: pulumi.Input[]>; /** * The canonical identifier for the given resource type. See String Filter below for more details. */ resourceIds?: pulumi.Input[]>; /** * The canonical AWS partition name that the Region is assigned to. See String Filter below for more details. */ resourcePartitions?: pulumi.Input[]>; /** * The canonical AWS external Region name where this resource is located. See String Filter below for more details. */ resourceRegions?: pulumi.Input[]>; /** * A list of AWS tags associated with a resource at the time the finding was processed. See Map Filter below for more details. */ resourceTags?: pulumi.Input[]>; /** * Specifies the type of the resource that details are provided for. See String Filter below for more details. */ resourceTypes?: pulumi.Input[]>; /** * The label of a finding's severity. See String Filter below for more details. */ severityLabels?: pulumi.Input[]>; /** * A URL that links to a page about the current finding in the security-findings provider's solution. See String Filter below for more details. */ sourceUrls?: pulumi.Input[]>; /** * The category of a threat intelligence indicator. See String Filter below for more details. */ threatIntelIndicatorCategories?: pulumi.Input[]>; /** * The date/time of the last observation of a threat intelligence indicator. See Date Filter below for more details. */ threatIntelIndicatorLastObservedAts?: pulumi.Input[]>; /** * The URL for more details from the source of the threat intelligence. See String Filter below for more details. */ threatIntelIndicatorSourceUrls?: pulumi.Input[]>; /** * The source of the threat intelligence. See String Filter below for more details. */ threatIntelIndicatorSources?: pulumi.Input[]>; /** * The type of a threat intelligence indicator. See String Filter below for more details. */ threatIntelIndicatorTypes?: pulumi.Input[]>; /** * The value of a threat intelligence indicator. See String Filter below for more details. */ threatIntelIndicatorValues?: pulumi.Input[]>; /** * A finding's title. See String Filter below for more details. */ titles?: pulumi.Input[]>; /** * A finding type in the format of `namespace/category/classifier` that classifies a finding. See String Filter below for more details. */ types?: pulumi.Input[]>; /** * An ISO8601-formatted timestamp that indicates when the security-findings provider last updated the finding record. See Date Filter below for more details. */ updatedAts?: pulumi.Input[]>; /** * A list of name/value string pairs associated with the finding. These are custom, user-defined fields added to a finding. See Map Filter below for more details. */ userDefinedValues?: pulumi.Input[]>; /** * The veracity of a finding. See String Filter below for more details. */ verificationStates?: pulumi.Input[]>; /** * The status of the investigation into a finding. See Workflow Status Filter below for more details. */ workflowStatuses?: pulumi.Input[]>; } export interface InsightFiltersAwsAccountId { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersCompanyName { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersComplianceStatus { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersConfidence { eq?: pulumi.Input; gte?: pulumi.Input; lte?: pulumi.Input; } export interface InsightFiltersCreatedAt { dateRange?: pulumi.Input; end?: pulumi.Input; start?: pulumi.Input; } export interface InsightFiltersCreatedAtDateRange { /** * A date range unit for the date filter. Valid values: `DAYS`. */ unit: pulumi.Input; /** * A date range value for the date filter, provided as an Integer. */ value: pulumi.Input; } export interface InsightFiltersCriticality { eq?: pulumi.Input; gte?: pulumi.Input; lte?: pulumi.Input; } export interface InsightFiltersDescription { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersFindingProviderFieldsConfidence { eq?: pulumi.Input; gte?: pulumi.Input; lte?: pulumi.Input; } export interface InsightFiltersFindingProviderFieldsCriticality { eq?: pulumi.Input; gte?: pulumi.Input; lte?: pulumi.Input; } export interface InsightFiltersFindingProviderFieldsRelatedFindingsId { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersFindingProviderFieldsRelatedFindingsProductArn { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersFindingProviderFieldsSeverityLabel { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersFindingProviderFieldsSeverityOriginal { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersFindingProviderFieldsType { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersFirstObservedAt { dateRange?: pulumi.Input; end?: pulumi.Input; start?: pulumi.Input; } export interface InsightFiltersFirstObservedAtDateRange { /** * A date range unit for the date filter. Valid values: `DAYS`. */ unit: pulumi.Input; /** * A date range value for the date filter, provided as an Integer. */ value: pulumi.Input; } export interface InsightFiltersGeneratorId { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersId { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersKeyword { /** * A value for the keyword. */ value: pulumi.Input; } export interface InsightFiltersLastObservedAt { dateRange?: pulumi.Input; end?: pulumi.Input; start?: pulumi.Input; } export interface InsightFiltersLastObservedAtDateRange { /** * A date range unit for the date filter. Valid values: `DAYS`. */ unit: pulumi.Input; /** * A date range value for the date filter, provided as an Integer. */ value: pulumi.Input; } export interface InsightFiltersMalwareName { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersMalwarePath { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersMalwareState { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersMalwareType { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersNetworkDestinationDomain { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersNetworkDestinationIpv4 { cidr: pulumi.Input; } export interface InsightFiltersNetworkDestinationIpv6 { cidr: pulumi.Input; } export interface InsightFiltersNetworkDestinationPort { eq?: pulumi.Input; gte?: pulumi.Input; lte?: pulumi.Input; } export interface InsightFiltersNetworkDirection { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersNetworkProtocol { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersNetworkSourceDomain { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersNetworkSourceIpv4 { cidr: pulumi.Input; } export interface InsightFiltersNetworkSourceIpv6 { cidr: pulumi.Input; } export interface InsightFiltersNetworkSourceMac { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersNetworkSourcePort { eq?: pulumi.Input; gte?: pulumi.Input; lte?: pulumi.Input; } export interface InsightFiltersNoteText { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersNoteUpdatedAt { dateRange?: pulumi.Input; end?: pulumi.Input; start?: pulumi.Input; } export interface InsightFiltersNoteUpdatedAtDateRange { /** * A date range unit for the date filter. Valid values: `DAYS`. */ unit: pulumi.Input; /** * A date range value for the date filter, provided as an Integer. */ value: pulumi.Input; } export interface InsightFiltersNoteUpdatedBy { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersProcessLaunchedAt { dateRange?: pulumi.Input; end?: pulumi.Input; start?: pulumi.Input; } export interface InsightFiltersProcessLaunchedAtDateRange { /** * A date range unit for the date filter. Valid values: `DAYS`. */ unit: pulumi.Input; /** * A date range value for the date filter, provided as an Integer. */ value: pulumi.Input; } export interface InsightFiltersProcessName { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersProcessParentPid { eq?: pulumi.Input; gte?: pulumi.Input; lte?: pulumi.Input; } export interface InsightFiltersProcessPath { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersProcessPid { eq?: pulumi.Input; gte?: pulumi.Input; lte?: pulumi.Input; } export interface InsightFiltersProcessTerminatedAt { dateRange?: pulumi.Input; end?: pulumi.Input; start?: pulumi.Input; } export interface InsightFiltersProcessTerminatedAtDateRange { /** * A date range unit for the date filter. Valid values: `DAYS`. */ unit: pulumi.Input; /** * A date range value for the date filter, provided as an Integer. */ value: pulumi.Input; } export interface InsightFiltersProductArn { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersProductField { comparison: pulumi.Input; key: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersProductName { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersRecommendationText { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersRecordState { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersRelatedFindingsId { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersRelatedFindingsProductArn { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersResourceAwsEc2InstanceIamInstanceProfileArn { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersResourceAwsEc2InstanceImageId { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersResourceAwsEc2InstanceIpv4Address { cidr: pulumi.Input; } export interface InsightFiltersResourceAwsEc2InstanceIpv6Address { cidr: pulumi.Input; } export interface InsightFiltersResourceAwsEc2InstanceKeyName { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersResourceAwsEc2InstanceLaunchedAt { dateRange?: pulumi.Input; end?: pulumi.Input; start?: pulumi.Input; } export interface InsightFiltersResourceAwsEc2InstanceLaunchedAtDateRange { /** * A date range unit for the date filter. Valid values: `DAYS`. */ unit: pulumi.Input; /** * A date range value for the date filter, provided as an Integer. */ value: pulumi.Input; } export interface InsightFiltersResourceAwsEc2InstanceSubnetId { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersResourceAwsEc2InstanceType { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersResourceAwsEc2InstanceVpcId { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersResourceAwsIamAccessKeyCreatedAt { dateRange?: pulumi.Input; end?: pulumi.Input; start?: pulumi.Input; } export interface InsightFiltersResourceAwsIamAccessKeyCreatedAtDateRange { /** * A date range unit for the date filter. Valid values: `DAYS`. */ unit: pulumi.Input; /** * A date range value for the date filter, provided as an Integer. */ value: pulumi.Input; } export interface InsightFiltersResourceAwsIamAccessKeyStatus { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersResourceAwsIamAccessKeyUserName { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersResourceAwsS3BucketOwnerId { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersResourceAwsS3BucketOwnerName { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersResourceContainerImageId { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersResourceContainerImageName { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersResourceContainerLaunchedAt { dateRange?: pulumi.Input; end?: pulumi.Input; start?: pulumi.Input; } export interface InsightFiltersResourceContainerLaunchedAtDateRange { /** * A date range unit for the date filter. Valid values: `DAYS`. */ unit: pulumi.Input; /** * A date range value for the date filter, provided as an Integer. */ value: pulumi.Input; } export interface InsightFiltersResourceContainerName { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersResourceDetailsOther { comparison: pulumi.Input; key: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersResourceId { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersResourcePartition { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersResourceRegion { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersResourceTag { comparison: pulumi.Input; key: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersResourceType { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersSeverityLabel { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersSourceUrl { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersThreatIntelIndicatorCategory { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersThreatIntelIndicatorLastObservedAt { dateRange?: pulumi.Input; end?: pulumi.Input; start?: pulumi.Input; } export interface InsightFiltersThreatIntelIndicatorLastObservedAtDateRange { /** * A date range unit for the date filter. Valid values: `DAYS`. */ unit: pulumi.Input; /** * A date range value for the date filter, provided as an Integer. */ value: pulumi.Input; } export interface InsightFiltersThreatIntelIndicatorSource { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersThreatIntelIndicatorSourceUrl { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersThreatIntelIndicatorType { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersThreatIntelIndicatorValue { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersTitle { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersType { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersUpdatedAt { dateRange?: pulumi.Input; end?: pulumi.Input; start?: pulumi.Input; } export interface InsightFiltersUpdatedAtDateRange { /** * A date range unit for the date filter. Valid values: `DAYS`. */ unit: pulumi.Input; /** * A date range value for the date filter, provided as an Integer. */ value: pulumi.Input; } export interface InsightFiltersUserDefinedValue { comparison: pulumi.Input; key: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersVerificationState { comparison: pulumi.Input; value: pulumi.Input; } export interface InsightFiltersWorkflowStatus { comparison: pulumi.Input; value: pulumi.Input; } export interface OrganizationConfigurationOrganizationConfiguration { /** * Indicates whether the organization uses local or central configuration. If using central configuration, `autoEnable` must be set to `false` and `autoEnableStandards` set to `NONE`. More information can be found in the [documentation for central configuration](https://docs.aws.amazon.com/securityhub/latest/userguide/central-configuration-intro.html). Valid values: `LOCAL`, `CENTRAL`. */ configurationType: pulumi.Input; } } export namespace securitylake { export interface AwsLogSourceSource { /** * Specify the AWS account information where you want to enable Security Lake. */ accounts?: pulumi.Input[]>; /** * Specify the Regions where you want to enable Security Lake. */ regions: pulumi.Input[]>; /** * The name for a AWS source. This must be a Regionally unique value. Valid values: `ROUTE53`, `VPC_FLOW`, `SH_FINDINGS`, `CLOUD_TRAIL_MGMT`, `LAMBDA_EXECUTION`, `S3_DATA`. */ sourceName: pulumi.Input; /** * The version for a AWS source. This must be a Regionally unique value. */ sourceVersion?: pulumi.Input; } export interface CustomLogSourceAttribute { /** * The ARN of the AWS Glue crawler. */ crawlerArn: pulumi.Input; /** * The ARN of the AWS Glue database where results are written. */ databaseArn: pulumi.Input; /** * The ARN of the AWS Glue table. */ tableArn: pulumi.Input; } export interface CustomLogSourceConfiguration { /** * The configuration for the Glue Crawler for the third-party custom source. */ crawlerConfiguration?: pulumi.Input; /** * The identity of the log provider for the third-party custom source. */ providerIdentity?: pulumi.Input; } export interface CustomLogSourceConfigurationCrawlerConfiguration { /** * The ARN of the IAM role to be used by the entity putting logs into your custom source partition. */ roleArn: pulumi.Input; } export interface CustomLogSourceConfigurationProviderIdentity { externalId: pulumi.Input; principal: pulumi.Input; } export interface CustomLogSourceProviderDetail { /** * The location of the partition in the Amazon S3 bucket for Security Lake. */ location: pulumi.Input; /** * The ARN of the IAM role to be used by the entity putting logs into your custom source partition. */ roleArn: pulumi.Input; } export interface DataLakeConfiguration { /** * Provides encryption details of Amazon Security Lake object. */ encryptionConfigurations?: pulumi.Input[]>; /** * Provides lifecycle details of Amazon Security Lake object. */ lifecycleConfiguration?: pulumi.Input; /** * The AWS Regions where Security Lake is automatically enabled. */ region: pulumi.Input; /** * Provides replication details of Amazon Security Lake object. */ replicationConfiguration?: pulumi.Input; } export interface DataLakeConfigurationEncryptionConfiguration { /** * The id of KMS encryption key used by Amazon Security Lake to encrypt the Security Lake object. */ kmsKeyId: pulumi.Input; } export interface DataLakeConfigurationLifecycleConfiguration { /** * Provides data expiration details of Amazon Security Lake object. */ expiration?: pulumi.Input; /** * Provides data storage transition details of Amazon Security Lake object. */ transitions?: pulumi.Input[]>; } export interface DataLakeConfigurationLifecycleConfigurationExpiration { /** * Number of days before data transition to a different S3 Storage Class in the Amazon Security Lake object. */ days?: pulumi.Input; } export interface DataLakeConfigurationLifecycleConfigurationTransition { /** * Number of days before data transition to a different S3 Storage Class in the Amazon Security Lake object. */ days?: pulumi.Input; /** * The range of storage classes that you can choose from based on the data access, resiliency, and cost requirements of your workloads. */ storageClass?: pulumi.Input; } export interface DataLakeConfigurationReplicationConfiguration { /** * Replication enables automatic, asynchronous copying of objects across Amazon S3 buckets. Amazon S3 buckets that are configured for object replication can be owned by the same AWS account or by different accounts. You can replicate objects to a single destination bucket or to multiple destination buckets. The destination buckets can be in different AWS Regions or within the same Region as the source bucket. */ regions?: pulumi.Input[]>; /** * Replication settings for the Amazon S3 buckets. This parameter uses the AWS Identity and Access Management (IAM) role you created that is managed by Security Lake, to ensure the replication setting is correct. */ roleArn?: pulumi.Input; } export interface DataLakeTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface SubscriberNotificationConfiguration { /** * The configurations for HTTPS subscriber notification. */ httpsNotificationConfiguration?: pulumi.Input; /** * The configurations for SQS subscriber notification. */ sqsNotificationConfiguration?: pulumi.Input; } export interface SubscriberNotificationConfigurationHttpsNotificationConfiguration { /** * The key name for the notification subscription. */ authorizationApiKeyName?: pulumi.Input; /** * The key value for the notification subscription. */ authorizationApiKeyValue?: pulumi.Input; /** * The subscription endpoint in Security Lake. If you prefer notification with an HTTPs endpoint, populate this field. */ endpoint?: pulumi.Input; /** * The HTTPS method used for the notification subscription. */ httpMethod?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the EventBridge API destinations IAM role that you created. For more information about ARNs and how to use them in policies, see Managing data access and AWS Managed Policies in the Amazon Security Lake User Guide. */ targetRoleArn?: pulumi.Input; } export interface SubscriberNotificationConfigurationSqsNotificationConfiguration { } export interface SubscriberSource { /** * Amazon Security Lake supports log and event collection for natively supported AWS services. */ awsLogSourceResource?: pulumi.Input; /** * Amazon Security Lake supports custom source types. */ customLogSourceResource?: pulumi.Input; } export interface SubscriberSourceAwsLogSourceResource { /** * The name for a third-party custom source. This must be a Regionally unique value. */ sourceName?: pulumi.Input; /** * The version for a third-party custom source. This must be a Regionally unique value. */ sourceVersion?: pulumi.Input; } export interface SubscriberSourceCustomLogSourceResource { /** * The attributes of a third-party custom source. */ attributes?: pulumi.Input[]>; providers?: pulumi.Input[]>; /** * The name for a third-party custom source. This must be a Regionally unique value. */ sourceName?: pulumi.Input; /** * The version for a third-party custom source. This must be a Regionally unique value. */ sourceVersion?: pulumi.Input; } export interface SubscriberSourceCustomLogSourceResourceAttribute { /** * The ARN of the AWS Glue crawler. */ crawlerArn: pulumi.Input; /** * The ARN of the AWS Glue database where results are written. */ databaseArn: pulumi.Input; /** * The ARN of the AWS Glue table. */ tableArn: pulumi.Input; } export interface SubscriberSourceCustomLogSourceResourceProvider { /** * The location of the partition in the Amazon S3 bucket for Security Lake. */ location: pulumi.Input; /** * The ARN of the IAM role to be used by the entity putting logs into your custom source partition. */ roleArn: pulumi.Input; } export interface SubscriberSubscriberIdentity { /** * The AWS Regions where Security Lake is automatically enabled. */ externalId: pulumi.Input; /** * Provides encryption details of Amazon Security Lake object. */ principal: pulumi.Input; } export interface SubscriberTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } } export namespace servicecatalog { export interface ProductProvisioningArtifactParameters { /** * Description of the provisioning artifact (i.e., version), including how it differs from the previous provisioning artifact. */ description?: pulumi.Input; /** * Whether AWS Service Catalog stops validating the specified provisioning artifact template even if it is invalid. */ disableTemplateValidation?: pulumi.Input; /** * Name of the provisioning artifact (for example, `v1`, `v2beta`). No spaces are allowed. */ name?: pulumi.Input; /** * Template source as the physical ID of the resource that contains the template. Currently only supports CloudFormation stack ARN. Specify the physical ID as `arn:[partition]:cloudformation:[region]:[account ID]:stack/[stack name]/[resource ID]`. */ templatePhysicalId?: pulumi.Input; /** * Template source as URL of the CloudFormation template in Amazon S3. */ templateUrl?: pulumi.Input; /** * Type of provisioning artifact. See [AWS Docs](https://docs.aws.amazon.com/servicecatalog/latest/dg/API_ProvisioningArtifactProperties.html) for valid list of values. */ type?: pulumi.Input; } export interface ProvisionedProductOutput { /** * The description of the output. */ description?: pulumi.Input; /** * The output key. */ key?: pulumi.Input; /** * The output value. */ value?: pulumi.Input; } export interface ProvisionedProductProvisioningParameter { /** * Parameter key. */ key: pulumi.Input; /** * Whether to ignore `value` and keep the previous parameter value. Ignored when initially provisioning a product. */ usePreviousValue?: pulumi.Input; /** * Parameter value. */ value?: pulumi.Input; } export interface ProvisionedProductStackSetProvisioningPreferences { /** * One or more AWS accounts that will have access to the provisioned product. The AWS accounts specified should be within the list of accounts in the STACKSET constraint. To get the list of accounts in the STACKSET constraint, use the `awsServicecatalogProvisioningParameters` data source. If no values are specified, the default value is all accounts from the STACKSET constraint. */ accounts?: pulumi.Input[]>; /** * Number of accounts, per region, for which this operation can fail before AWS Service Catalog stops the operation in that region. If the operation is stopped in a region, AWS Service Catalog doesn't attempt the operation in any subsequent regions. You must specify either `failureToleranceCount` or `failureTolerancePercentage`, but not both. The default value is 0 if no value is specified. */ failureToleranceCount?: pulumi.Input; /** * Percentage of accounts, per region, for which this stack operation can fail before AWS Service Catalog stops the operation in that region. If the operation is stopped in a region, AWS Service Catalog doesn't attempt the operation in any subsequent regions. When calculating the number of accounts based on the specified percentage, AWS Service Catalog rounds down to the next whole number. You must specify either `failureToleranceCount` or `failureTolerancePercentage`, but not both. */ failureTolerancePercentage?: pulumi.Input; /** * Maximum number of accounts in which to perform this operation at one time. This is dependent on the value of `failureToleranceCount`. `maxConcurrencyCount` is at most one more than the `failureToleranceCount`. Note that this setting lets you specify the maximum for operations. For large deployments, under certain circumstances the actual number of accounts acted upon concurrently may be lower due to service throttling. You must specify either `maxConcurrencyCount` or `maxConcurrencyPercentage`, but not both. */ maxConcurrencyCount?: pulumi.Input; /** * Maximum percentage of accounts in which to perform this operation at one time. When calculating the number of accounts based on the specified percentage, AWS Service Catalog rounds down to the next whole number. This is true except in cases where rounding down would result is zero. In this case, AWS Service Catalog sets the number as 1 instead. Note that this setting lets you specify the maximum for operations. For large deployments, under certain circumstances the actual number of accounts acted upon concurrently may be lower due to service throttling. You must specify either `maxConcurrencyCount` or `maxConcurrencyPercentage`, but not both. */ maxConcurrencyPercentage?: pulumi.Input; /** * One or more AWS Regions where the provisioned product will be available. The specified regions should be within the list of regions from the STACKSET constraint. To get the list of regions in the STACKSET constraint, use the `awsServicecatalogProvisioningParameters` data source. If no values are specified, the default value is all regions from the STACKSET constraint. */ regions?: pulumi.Input[]>; } export interface ServiceActionDefinition { /** * ARN of the role that performs the self-service actions on your behalf. For example, `arn:aws:iam::12345678910:role/ActionRole`. To reuse the provisioned product launch role, set to `LAUNCH_ROLE`. */ assumeRole?: pulumi.Input; /** * Name of the SSM document. For example, `AWS-RestartEC2Instance`. If you are using a shared SSM document, you must provide the ARN instead of the name. */ name: pulumi.Input; /** * List of parameters in JSON format. For example: `[{\"Name\":\"InstanceId\",\"Type\":\"TARGET\"}]` or `[{\"Name\":\"InstanceId\",\"Type\":\"TEXT_VALUE\"}]`. */ parameters?: pulumi.Input; /** * Service action definition type. Valid value is `SSM_AUTOMATION`. Default is `SSM_AUTOMATION`. */ type?: pulumi.Input; /** * SSM document version. For example, `1`. */ version: pulumi.Input; } } export namespace servicediscovery { export interface ServiceDnsConfig { /** * An array that contains one DnsRecord object for each resource record set. */ dnsRecords: pulumi.Input[]>; /** * The ID of the namespace to use for DNS configuration. */ namespaceId: pulumi.Input; /** * The routing policy that you want to apply to all records that Route 53 creates when you register an instance and specify the service. Valid Values: MULTIVALUE, WEIGHTED */ routingPolicy?: pulumi.Input; } export interface ServiceDnsConfigDnsRecord { /** * The amount of time, in seconds, that you want DNS resolvers to cache the settings for this resource record set. */ ttl: pulumi.Input; /** * The type of the resource, which indicates the value that Amazon Route 53 returns in response to DNS queries. Valid Values: A, AAAA, SRV, CNAME */ type: pulumi.Input; } export interface ServiceHealthCheckConfig { /** * The number of consecutive health checks. Maximum value of 10. */ failureThreshold?: pulumi.Input; /** * The path that you want Route 53 to request when performing health checks. Route 53 automatically adds the DNS name for the service. If you don't specify a value, the default value is /. */ resourcePath?: pulumi.Input; /** * The type of health check that you want to create, which indicates how Route 53 determines whether an endpoint is healthy. Valid Values: HTTP, HTTPS, TCP */ type?: pulumi.Input; } export interface ServiceHealthCheckCustomConfig { /** * The number of 30-second intervals that you want service discovery to wait before it changes the health status of a service instance. Maximum value of 10. */ failureThreshold?: pulumi.Input; } } export namespace servicequotas { export interface GetTemplatesTemplate { /** * Indicates whether the quota is global. */ globalQuota?: boolean; /** * Quota identifier. */ quotaCode?: string; /** * Quota name. */ quotaName?: string; /** * AWS Region to which the quota increases apply. */ region?: string; /** * (Required) Service identifier. */ serviceCode?: string; /** * Service name. */ serviceName?: string; /** * Unit of measurement. */ unit?: string; /** * (Required) The new, increased value for the quota. */ value?: number; } export interface GetTemplatesTemplateArgs { /** * Indicates whether the quota is global. */ globalQuota?: pulumi.Input; /** * Quota identifier. */ quotaCode?: pulumi.Input; /** * Quota name. */ quotaName?: pulumi.Input; /** * AWS Region to which the quota increases apply. */ region?: pulumi.Input; /** * (Required) Service identifier. */ serviceCode?: pulumi.Input; /** * Service name. */ serviceName?: pulumi.Input; /** * Unit of measurement. */ unit?: pulumi.Input; /** * (Required) The new, increased value for the quota. */ value?: pulumi.Input; } export interface ServiceQuotaUsageMetric { /** * The metric dimensions. */ metricDimensions?: pulumi.Input[]>; /** * The name of the metric. */ metricName?: pulumi.Input; /** * The namespace of the metric. */ metricNamespace?: pulumi.Input; /** * The metric statistic that AWS recommend you use when determining quota usage. */ metricStatisticRecommendation?: pulumi.Input; } export interface ServiceQuotaUsageMetricMetricDimension { class?: pulumi.Input; resource?: pulumi.Input; service?: pulumi.Input; type?: pulumi.Input; } } export namespace ses { export interface ConfigurationSetDeliveryOptions { /** * Whether messages that use the configuration set are required to use Transport Layer Security (TLS). If the value is `Require`, messages are only delivered if a TLS connection can be established. If the value is `Optional`, messages can be delivered in plain text if a TLS connection can't be established. Valid values: `Require` or `Optional`. Defaults to `Optional`. */ tlsPolicy?: pulumi.Input; } export interface ConfigurationSetTrackingOptions { /** * Custom subdomain that is used to redirect email recipients to the Amazon SES event tracking domain. */ customRedirectDomain?: pulumi.Input; } export interface EventDestinationCloudwatchDestination { /** * The default value for the event */ defaultValue: pulumi.Input; /** * The name for the dimension */ dimensionName: pulumi.Input; /** * The source for the value. May be any of `"messageTag"`, `"emailHeader"` or `"linkTag"`. */ valueSource: pulumi.Input; } export interface EventDestinationKinesisDestination { /** * The ARN of the role that has permissions to access the Kinesis Stream */ roleArn: pulumi.Input; /** * The ARN of the Kinesis Stream */ streamArn: pulumi.Input; } export interface EventDestinationSnsDestination { /** * The ARN of the SNS topic */ topicArn: pulumi.Input; } export interface ReceiptRuleAddHeaderAction { /** * The name of the header to add */ headerName: pulumi.Input; /** * The value of the header to add */ headerValue: pulumi.Input; /** * The position of the action in the receipt rule */ position: pulumi.Input; } export interface ReceiptRuleBounceAction { /** * The message to send */ message: pulumi.Input; /** * The position of the action in the receipt rule */ position: pulumi.Input; /** * The email address of the sender */ sender: pulumi.Input; /** * The RFC 5321 SMTP reply code */ smtpReplyCode: pulumi.Input; /** * The RFC 3463 SMTP enhanced status code */ statusCode?: pulumi.Input; /** * The ARN of an SNS topic to notify */ topicArn?: pulumi.Input; } export interface ReceiptRuleLambdaAction { /** * The ARN of the Lambda function to invoke */ functionArn: pulumi.Input; /** * `Event` or `RequestResponse` */ invocationType?: pulumi.Input; /** * The position of the action in the receipt rule */ position: pulumi.Input; /** * The ARN of an SNS topic to notify */ topicArn?: pulumi.Input; } export interface ReceiptRuleS3Action { /** * The name of the S3 bucket */ bucketName: pulumi.Input; /** * The ARN of the KMS key */ kmsKeyArn?: pulumi.Input; /** * The key prefix of the S3 bucket */ objectKeyPrefix?: pulumi.Input; /** * The position of the action in the receipt rule */ position: pulumi.Input; /** * The ARN of an SNS topic to notify */ topicArn?: pulumi.Input; } export interface ReceiptRuleSnsAction { /** * The encoding to use for the email within the Amazon SNS notification. Default value is `UTF-8`. */ encoding?: pulumi.Input; /** * The position of the action in the receipt rule */ position: pulumi.Input; /** * The ARN of an SNS topic to notify */ topicArn: pulumi.Input; } export interface ReceiptRuleStopAction { /** * The position of the action in the receipt rule */ position: pulumi.Input; /** * The scope to apply. The only acceptable value is `RuleSet`. */ scope: pulumi.Input; /** * The ARN of an SNS topic to notify */ topicArn?: pulumi.Input; } export interface ReceiptRuleWorkmailAction { /** * The ARN of the WorkMail organization */ organizationArn: pulumi.Input; /** * The position of the action in the receipt rule */ position: pulumi.Input; /** * The ARN of an SNS topic to notify */ topicArn?: pulumi.Input; } } export namespace sesv2 { export interface AccountVdmAttributesDashboardAttributes { /** * Specifies the status of your VDM engagement metrics collection. Valid values: `ENABLED`, `DISABLED`. */ engagementMetrics?: pulumi.Input; } export interface AccountVdmAttributesGuardianAttributes { /** * Specifies the status of your VDM optimized shared delivery. Valid values: `ENABLED`, `DISABLED`. */ optimizedSharedDelivery?: pulumi.Input; } export interface ConfigurationSetDeliveryOptions { /** * The name of the dedicated IP pool to associate with the configuration set. */ sendingPoolName?: pulumi.Input; /** * Specifies whether messages that use the configuration set are required to use Transport Layer Security (TLS). Valid values: `REQUIRE`, `OPTIONAL`. */ tlsPolicy?: pulumi.Input; } export interface ConfigurationSetEventDestinationEventDestination { /** * An object that defines an Amazon CloudWatch destination for email events. See cloudWatchDestination below */ cloudWatchDestination?: pulumi.Input; /** * When the event destination is enabled, the specified event types are sent to the destinations. Default: `false`. */ enabled?: pulumi.Input; /** * An object that defines an Amazon Kinesis Data Firehose destination for email events. See kinesisFirehoseDestination below. */ kinesisFirehoseDestination?: pulumi.Input; /** * An array that specifies which events the Amazon SES API v2 should send to the destinations. Valid values: `SEND`, `REJECT`, `BOUNCE`, `COMPLAINT`, `DELIVERY`, `OPEN`, `CLICK`, `RENDERING_FAILURE`, `DELIVERY_DELAY`, `SUBSCRIPTION`. * * The following arguments are optional: */ matchingEventTypes: pulumi.Input[]>; /** * An object that defines an Amazon Pinpoint project destination for email events. See pinpointDestination below. */ pinpointDestination?: pulumi.Input; /** * An object that defines an Amazon SNS destination for email events. See snsDestination below. */ snsDestination?: pulumi.Input; } export interface ConfigurationSetEventDestinationEventDestinationCloudWatchDestination { /** * An array of objects that define the dimensions to use when you send email events to Amazon CloudWatch. See dimensionConfiguration below. */ dimensionConfigurations: pulumi.Input[]>; } export interface ConfigurationSetEventDestinationEventDestinationCloudWatchDestinationDimensionConfiguration { /** * The default value of the dimension that is published to Amazon CloudWatch if you don't provide the value of the dimension when you send an email. */ defaultDimensionValue: pulumi.Input; /** * The name of an Amazon CloudWatch dimension associated with an email sending metric. */ dimensionName: pulumi.Input; /** * The location where the Amazon SES API v2 finds the value of a dimension to publish to Amazon CloudWatch. Valid values: `MESSAGE_TAG`, `EMAIL_HEADER`, `LINK_TAG`. */ dimensionValueSource: pulumi.Input; } export interface ConfigurationSetEventDestinationEventDestinationKinesisFirehoseDestination { /** * The Amazon Resource Name (ARN) of the Amazon Kinesis Data Firehose stream that the Amazon SES API v2 sends email events to. */ deliveryStreamArn: pulumi.Input; /** * The Amazon Resource Name (ARN) of the IAM role that the Amazon SES API v2 uses to send email events to the Amazon Kinesis Data Firehose stream. */ iamRoleArn: pulumi.Input; } export interface ConfigurationSetEventDestinationEventDestinationPinpointDestination { applicationArn: pulumi.Input; } export interface ConfigurationSetEventDestinationEventDestinationSnsDestination { /** * The Amazon Resource Name (ARN) of the Amazon SNS topic to publish email events to. */ topicArn: pulumi.Input; } export interface ConfigurationSetReputationOptions { /** * The date and time (in Unix time) when the reputation metrics were last given a fresh start. When your account is given a fresh start, your reputation metrics are calculated starting from the date of the fresh start. */ lastFreshStart?: pulumi.Input; /** * If `true`, tracking of reputation metrics is enabled for the configuration set. If `false`, tracking of reputation metrics is disabled for the configuration set. */ reputationMetricsEnabled?: pulumi.Input; } export interface ConfigurationSetSendingOptions { /** * If `true`, email sending is enabled for the configuration set. If `false`, email sending is disabled for the configuration set. */ sendingEnabled?: pulumi.Input; } export interface ConfigurationSetSuppressionOptions { /** * A list that contains the reasons that email addresses are automatically added to the suppression list for your account. Valid values: `BOUNCE`, `COMPLAINT`. */ suppressedReasons?: pulumi.Input[]>; } export interface ConfigurationSetTrackingOptions { /** * The domain to use for tracking open and click events. */ customRedirectDomain: pulumi.Input; } export interface ConfigurationSetVdmOptions { /** * Specifies additional settings for your VDM configuration as applicable to the Dashboard. */ dashboardOptions?: pulumi.Input; /** * Specifies additional settings for your VDM configuration as applicable to the Guardian. */ guardianOptions?: pulumi.Input; } export interface ConfigurationSetVdmOptionsDashboardOptions { /** * Specifies the status of your VDM engagement metrics collection. Valid values: `ENABLED`, `DISABLED`. */ engagementMetrics?: pulumi.Input; } export interface ConfigurationSetVdmOptionsGuardianOptions { /** * Specifies the status of your VDM optimized shared delivery. Valid values: `ENABLED`, `DISABLED`. */ optimizedSharedDelivery?: pulumi.Input; } export interface ContactListTopic { /** * Default subscription status to be applied to a contact if the contact has not noted their preference for subscribing to a topic. */ defaultSubscriptionStatus: pulumi.Input; /** * Description of what the topic is about, which the contact will see. */ description?: pulumi.Input; /** * Name of the topic the contact will see. */ displayName: pulumi.Input; /** * Name of the topic. * * The following arguments are optional: */ topicName: pulumi.Input; } export interface EmailIdentityDkimSigningAttributes { /** * [Easy DKIM] The key length of the DKIM key pair in use. */ currentSigningKeyLength?: pulumi.Input; /** * [Bring Your Own DKIM] A private key that's used to generate a DKIM signature. The private key must use 1024 or 2048-bit RSA encryption, and must be encoded using base64 encoding. * * > **NOTE:** You have to delete the first and last lines ('-----BEGIN PRIVATE KEY-----' and '-----END PRIVATE KEY-----', respectively) of the generated private key. Additionally, you have to remove the line breaks in the generated private key. The resulting value is a string of characters with no spaces or line breaks. */ domainSigningPrivateKey?: pulumi.Input; /** * [Bring Your Own DKIM] A string that's used to identify a public key in the DNS configuration for a domain. */ domainSigningSelector?: pulumi.Input; /** * [Easy DKIM] The last time a key pair was generated for this identity. */ lastKeyGenerationTimestamp?: pulumi.Input; /** * [Easy DKIM] The key length of the future DKIM key pair to be generated. This can be changed at most once per day. Valid values: `RSA_1024_BIT`, `RSA_2048_BIT`. */ nextSigningKeyLength?: pulumi.Input; /** * A string that indicates how DKIM was configured for the identity. `AWS_SES` indicates that DKIM was configured for the identity by using Easy DKIM. `EXTERNAL` indicates that DKIM was configured for the identity by using Bring Your Own DKIM (BYODKIM). */ signingAttributesOrigin?: pulumi.Input; /** * Describes whether or not Amazon SES has successfully located the DKIM records in the DNS records for the domain. See the [AWS SES API v2 Reference](https://docs.aws.amazon.com/ses/latest/APIReference-V2/API_DkimAttributes.html#SES-Type-DkimAttributes-Status) for supported statuses. */ status?: pulumi.Input; /** * If you used Easy DKIM to configure DKIM authentication for the domain, then this object contains a set of unique strings that you use to create a set of CNAME records that you add to the DNS configuration for your domain. When Amazon SES detects these records in the DNS configuration for your domain, the DKIM authentication process is complete. If you configured DKIM authentication for the domain by providing your own public-private key pair, then this object contains the selector for the public key. */ tokens?: pulumi.Input[]>; } } export namespace sfn { export interface AliasRoutingConfiguration { /** * The Amazon Resource Name (ARN) of the state machine version. */ stateMachineVersionArn: pulumi.Input; /** * Percentage of traffic routed to the state machine version. */ weight: pulumi.Input; } export interface StateMachineLoggingConfiguration { /** * Determines whether execution data is included in your log. When set to `false`, data is excluded. */ includeExecutionData?: pulumi.Input; /** * Defines which category of execution history events are logged. Valid values: `ALL`, `ERROR`, `FATAL`, `OFF` */ level?: pulumi.Input; /** * Amazon Resource Name (ARN) of a CloudWatch log group. Make sure the State Machine has the correct IAM policies for logging. The ARN must end with `:*` */ logDestination?: pulumi.Input; } export interface StateMachineTracingConfiguration { /** * When set to `true`, AWS X-Ray tracing is enabled. Make sure the State Machine has the correct IAM policies for logging. See the [AWS Step Functions Developer Guide](https://docs.aws.amazon.com/step-functions/latest/dg/xray-iam.html) for details. */ enabled?: pulumi.Input; } } export namespace shield { export interface ApplicationLayerAutomaticResponseTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface DrtAccessLogBucketAssociationTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; } export interface DrtAccessRoleArnAssociationTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface ProactiveEngagementEmergencyContact { contactNotes?: pulumi.Input; emailAddress: pulumi.Input; phoneNumber?: pulumi.Input; } } export namespace signer { export interface SigningJobDestination { /** * A configuration block describing the S3 Destination object: See S3 Destination below for details. */ s3: pulumi.Input; } export interface SigningJobDestinationS3 { bucket: pulumi.Input; prefix?: pulumi.Input; } export interface SigningJobRevocationRecord { reason?: pulumi.Input; revokedAt?: pulumi.Input; revokedBy?: pulumi.Input; } export interface SigningJobSignedObject { s3s?: pulumi.Input[]>; } export interface SigningJobSignedObjectS3 { bucket?: pulumi.Input; key?: pulumi.Input; } export interface SigningJobSource { /** * A configuration block describing the S3 Source object: See S3 Source below for details. */ s3: pulumi.Input; } export interface SigningJobSourceS3 { bucket: pulumi.Input; key: pulumi.Input; version: pulumi.Input; } export interface SigningProfileRevocationRecord { /** * The time when revocation becomes effective. */ revocationEffectiveFrom?: pulumi.Input; /** * The time when the signing profile was revoked. */ revokedAt?: pulumi.Input; /** * The identity of the revoker. */ revokedBy?: pulumi.Input; } export interface SigningProfileSignatureValidityPeriod { /** * The time unit for signature validity. Valid values: `DAYS`, `MONTHS`, `YEARS`. */ type: pulumi.Input; /** * The numerical value of the time unit for signature validity. */ value: pulumi.Input; } export interface SigningProfileSigningMaterial { /** * The Amazon Resource Name (ARN) of the certificates that is used to sign your code. */ certificateArn: pulumi.Input; } } export namespace ssm { export interface AssociationOutputLocation { /** * The S3 bucket name. */ s3BucketName: pulumi.Input; /** * The S3 bucket prefix. Results stored in the root if not configured. */ s3KeyPrefix?: pulumi.Input; /** * The S3 bucket region. * * Targets specify what instance IDs or tags to apply the document to and has these keys: */ s3Region?: pulumi.Input; } export interface AssociationTarget { /** * Either `InstanceIds` or `tag:Tag Name` to specify an EC2 tag. */ key: pulumi.Input; /** * A list of instance IDs or tag values. AWS currently limits this list size to one value. */ values: pulumi.Input[]>; } export interface ContactsRotationRecurrence { dailySettings?: pulumi.Input[]>; /** * (Optional) Information about on-call rotations that recur monthly. See Monthly Settings for more details. */ monthlySettings?: pulumi.Input[]>; /** * (Required) The number of contacts, or shift team members designated to be on call concurrently during a shift. */ numberOfOnCalls: pulumi.Input; /** * (Required) The number of days, weeks, or months a single rotation lasts. */ recurrenceMultiplier: pulumi.Input; /** * (Optional) Information about the days of the week that the on-call rotation coverage includes. See Shift Coverages for more details. */ shiftCoverages?: pulumi.Input[]>; /** * (Optional) Information about on-call rotations that recur weekly. See Weekly Settings for more details. */ weeklySettings?: pulumi.Input[]>; } export interface ContactsRotationRecurrenceDailySetting { /** * (Required) The hour of the day. */ hourOfDay: pulumi.Input; /** * (Required) The minutes of the hour. */ minuteOfHour: pulumi.Input; } export interface ContactsRotationRecurrenceMonthlySetting { /** * (Required) The day of the month when monthly recurring on-call rotations begin. */ dayOfMonth: pulumi.Input; /** * (Required) The hand off time. See Hand Off Time for more details. */ handOffTime?: pulumi.Input; } export interface ContactsRotationRecurrenceMonthlySettingHandOffTime { /** * (Required) The hour of the day. */ hourOfDay: pulumi.Input; /** * (Required) The minutes of the hour. */ minuteOfHour: pulumi.Input; } export interface ContactsRotationRecurrenceShiftCoverage { /** * (Required) Information about when an on-call shift begins and ends. See Coverage Times for more details. */ coverageTimes?: pulumi.Input[]>; mapBlockKey: pulumi.Input; } export interface ContactsRotationRecurrenceShiftCoverageCoverageTime { /** * (Required) The end time of the on-call shift. See Hand Off Time for more details. */ end?: pulumi.Input; /** * (Required) The start time of the on-call shift. See Hand Off Time for more details. */ start?: pulumi.Input; } export interface ContactsRotationRecurrenceShiftCoverageCoverageTimeEnd { /** * (Required) The hour of the day. */ hourOfDay: pulumi.Input; /** * (Required) The minutes of the hour. */ minuteOfHour: pulumi.Input; } export interface ContactsRotationRecurrenceShiftCoverageCoverageTimeStart { /** * (Required) The hour of the day. */ hourOfDay: pulumi.Input; /** * (Required) The minutes of the hour. */ minuteOfHour: pulumi.Input; } export interface ContactsRotationRecurrenceWeeklySetting { /** * (Required) The day of the week when the shift coverage occurs. */ dayOfWeek: pulumi.Input; /** * (Required) The hand off time. See Hand Off Time for more details. */ handOffTime?: pulumi.Input; } export interface ContactsRotationRecurrenceWeeklySettingHandOffTime { /** * (Required) The hour of the day. */ hourOfDay: pulumi.Input; /** * (Required) The minutes of the hour. */ minuteOfHour: pulumi.Input; } export interface DocumentAttachmentsSource { /** * The key of a key-value pair that identifies the location of an attachment to the document. Valid values: `SourceUrl`, `S3FileUrl`, `AttachmentReference`. */ key: pulumi.Input; /** * The name of the document attachment file. */ name?: pulumi.Input; /** * The value of a key-value pair that identifies the location of an attachment to the document. The argument format is a list of a single string that depends on the type of key you specify - see the [API Reference](https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_AttachmentsSource.html) for details. */ values: pulumi.Input[]>; } export interface DocumentParameter { /** * If specified, the default values for the parameters. Parameters without a default value are required. Parameters with a default value are optional. */ defaultValue?: pulumi.Input; /** * A description of what the parameter does, how to use it, the default value, and whether or not the parameter is optional. */ description?: pulumi.Input; /** * The name of the document. */ name?: pulumi.Input; /** * The type of parameter. Valid values: `String`, `StringList`. */ type?: pulumi.Input; } export interface GetInstancesFilter { /** * Name of the filter field. Valid values can be found in the [SSM InstanceInformationStringFilter API Reference](https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_InstanceInformationStringFilter.html). */ name: string; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: string[]; } export interface GetInstancesFilterArgs { /** * Name of the filter field. Valid values can be found in the [SSM InstanceInformationStringFilter API Reference](https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_InstanceInformationStringFilter.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: pulumi.Input[]>; } export interface GetMaintenanceWindowsFilter { /** * Name of the filter field. Valid values can be found in the [SSM DescribeMaintenanceWindows API Reference](https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeMaintenanceWindows.html#API_DescribeMaintenanceWindows_RequestSyntax). */ name: string; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: string[]; } export interface GetMaintenanceWindowsFilterArgs { /** * Name of the filter field. Valid values can be found in the [SSM DescribeMaintenanceWindows API Reference](https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeMaintenanceWindows.html#API_DescribeMaintenanceWindows_RequestSyntax). */ name: pulumi.Input; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: pulumi.Input[]>; } export interface MaintenanceWindowTargetTarget { key: pulumi.Input; values: pulumi.Input[]>; } export interface MaintenanceWindowTaskTarget { key: pulumi.Input; values: pulumi.Input[]>; } export interface MaintenanceWindowTaskTaskInvocationParameters { /** * The parameters for an AUTOMATION task type. Documented below. */ automationParameters?: pulumi.Input; /** * The parameters for a LAMBDA task type. Documented below. */ lambdaParameters?: pulumi.Input; /** * The parameters for a RUN_COMMAND task type. Documented below. */ runCommandParameters?: pulumi.Input; /** * The parameters for a STEP_FUNCTIONS task type. Documented below. */ stepFunctionsParameters?: pulumi.Input; } export interface MaintenanceWindowTaskTaskInvocationParametersAutomationParameters { /** * The version of an Automation document to use during task execution. */ documentVersion?: pulumi.Input; /** * The parameters for the RUN_COMMAND task execution. Documented below. */ parameters?: pulumi.Input[]>; } export interface MaintenanceWindowTaskTaskInvocationParametersAutomationParametersParameter { /** * The parameter name. */ name: pulumi.Input; /** * The array of strings. */ values: pulumi.Input[]>; } export interface MaintenanceWindowTaskTaskInvocationParametersLambdaParameters { /** * Pass client-specific information to the Lambda function that you are invoking. */ clientContext?: pulumi.Input; /** * JSON to provide to your Lambda function as input. */ payload?: pulumi.Input; /** * Specify a Lambda function version or alias name. */ qualifier?: pulumi.Input; } export interface MaintenanceWindowTaskTaskInvocationParametersRunCommandParameters { /** * Configuration options for sending command output to CloudWatch Logs. Documented below. */ cloudwatchConfig?: pulumi.Input; /** * Information about the command(s) to execute. */ comment?: pulumi.Input; /** * The SHA-256 or SHA-1 hash created by the system when the document was created. SHA-1 hashes have been deprecated. */ documentHash?: pulumi.Input; /** * SHA-256 or SHA-1. SHA-1 hashes have been deprecated. Valid values: `Sha256` and `Sha1` */ documentHashType?: pulumi.Input; documentVersion?: pulumi.Input; /** * Configurations for sending notifications about command status changes on a per-instance basis. Documented below. */ notificationConfig?: pulumi.Input; /** * The name of the Amazon S3 bucket. */ outputS3Bucket?: pulumi.Input; /** * The Amazon S3 bucket subfolder. */ outputS3KeyPrefix?: pulumi.Input; /** * The parameters for the RUN_COMMAND task execution. Documented below. */ parameters?: pulumi.Input[]>; /** * The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) service role to use to publish Amazon Simple Notification Service (Amazon SNS) notifications for maintenance window Run Command tasks. */ serviceRoleArn?: pulumi.Input; /** * If this time is reached and the command has not already started executing, it doesn't run. */ timeoutSeconds?: pulumi.Input; } export interface MaintenanceWindowTaskTaskInvocationParametersRunCommandParametersCloudwatchConfig { /** * The name of the CloudWatch log group where you want to send command output. If you don't specify a group name, Systems Manager automatically creates a log group for you. The log group uses the following naming format: aws/ssm/SystemsManagerDocumentName. */ cloudwatchLogGroupName?: pulumi.Input; /** * Enables Systems Manager to send command output to CloudWatch Logs. */ cloudwatchOutputEnabled?: pulumi.Input; } export interface MaintenanceWindowTaskTaskInvocationParametersRunCommandParametersNotificationConfig { /** * An Amazon Resource Name (ARN) for a Simple Notification Service (SNS) topic. Run Command pushes notifications about command status changes to this topic. */ notificationArn?: pulumi.Input; /** * The different events for which you can receive notifications. Valid values: `All`, `InProgress`, `Success`, `TimedOut`, `Cancelled`, and `Failed` */ notificationEvents?: pulumi.Input[]>; /** * When specified with `Command`, receive notification when the status of a command changes. When specified with `Invocation`, for commands sent to multiple instances, receive notification on a per-instance basis when the status of a command changes. Valid values: `Command` and `Invocation` */ notificationType?: pulumi.Input; } export interface MaintenanceWindowTaskTaskInvocationParametersRunCommandParametersParameter { /** * The parameter name. */ name: pulumi.Input; /** * The array of strings. */ values: pulumi.Input[]>; } export interface MaintenanceWindowTaskTaskInvocationParametersStepFunctionsParameters { /** * The inputs for the STEP_FUNCTION task. */ input?: pulumi.Input; /** * The name of the STEP_FUNCTION task. */ name?: pulumi.Input; } export interface PatchBaselineApprovalRule { /** * Number of days after the release date of each patch matched by the rule the patch is marked as approved in the patch baseline. Valid Range: 0 to 100. Conflicts with `approveUntilDate`. */ approveAfterDays?: pulumi.Input; /** * Cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically. Date is formatted as `YYYY-MM-DD`. Conflicts with `approveAfterDays` */ approveUntilDate?: pulumi.Input; /** * Compliance level for patches approved by this rule. Valid values are `CRITICAL`, `HIGH`, `MEDIUM`, `LOW`, `INFORMATIONAL`, and `UNSPECIFIED`. The default value is `UNSPECIFIED`. */ complianceLevel?: pulumi.Input; /** * Boolean enabling the application of non-security updates. The default value is `false`. Valid for Linux instances only. */ enableNonSecurity?: pulumi.Input; /** * Patch filter group that defines the criteria for the rule. Up to 5 patch filters can be specified per approval rule using Key/Value pairs. Valid combinations of these Keys and the `operatingSystem` value can be found in the [SSM DescribePatchProperties API Reference](https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribePatchProperties.html). Valid Values are exact values for the patch property given as the key, or a wildcard `*`, which matches all values. `PATCH_SET` defaults to `OS` if unspecified */ patchFilters: pulumi.Input[]>; } export interface PatchBaselineApprovalRulePatchFilter { key: pulumi.Input; values: pulumi.Input[]>; } export interface PatchBaselineGlobalFilter { key: pulumi.Input; values: pulumi.Input[]>; } export interface PatchBaselineSource { /** * Value of the yum repo configuration. For information about other options available for your yum repository configuration, see the [`dnf.conf` documentation](https://man7.org/linux/man-pages/man5/dnf.conf.5.html) */ configuration: pulumi.Input; /** * Name specified to identify the patch source. */ name: pulumi.Input; /** * Specific operating system versions a patch repository applies to, such as `"Ubuntu16.04"`, `"AmazonLinux2016.09"`, `"RedhatEnterpriseLinux7.2"` or `"Suse12.7"`. For lists of supported product values, see [PatchFilter](https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_PatchFilter.html). */ products: pulumi.Input[]>; } export interface ResourceDataSyncS3Destination { /** * Name of S3 bucket where the aggregated data is stored. */ bucketName: pulumi.Input; /** * ARN of an encryption key for a destination in Amazon S3. */ kmsKeyArn?: pulumi.Input; /** * Prefix for the bucket. */ prefix?: pulumi.Input; /** * Region with the bucket targeted by the Resource Data Sync. */ region: pulumi.Input; /** * A supported sync format. Only JsonSerDe is currently supported. Defaults to JsonSerDe. */ syncFormat?: pulumi.Input; } } export namespace ssmcontacts { export interface ContactChannelDeliveryAddress { /** * Details to engage this contact channel. The expected format depends on the contact channel type and is described in the [`ContactChannelAddress` section of the SSM Contacts API Reference](https://docs.aws.amazon.com/incident-manager/latest/APIReference/API_SSMContacts_ContactChannelAddress.html). */ simpleAddress: pulumi.Input; } export interface PlanStage { /** * The time to wait until beginning the next stage. The duration can only be set to 0 if a target is specified. */ durationInMinutes: pulumi.Input; /** * One or more configuration blocks for specifying the contacts or contact methods that the escalation plan or engagement plan is engaging. See Target below for more details. */ targets?: pulumi.Input[]>; } export interface PlanStageTarget { /** * A configuration block for specifying information about the contact channel that Incident Manager engages. See Channel Target Info for more details. */ channelTargetInfo?: pulumi.Input; /** * A configuration block for specifying information about the contact that Incident Manager engages. See Contact Target Info for more details. */ contactTargetInfo?: pulumi.Input; } export interface PlanStageTargetChannelTargetInfo { /** * The Amazon Resource Name (ARN) of the contact channel. */ contactChannelId: pulumi.Input; /** * The number of minutes to wait before retrying to send engagement if the engagement initially failed. */ retryIntervalInMinutes?: pulumi.Input; } export interface PlanStageTargetContactTargetInfo { /** * The Amazon Resource Name (ARN) of the contact. */ contactId?: pulumi.Input; /** * A Boolean value determining if the contact's acknowledgement stops the progress of stages in the plan. */ isEssential: pulumi.Input; } } export namespace ssmincidents { export interface ReplicationSetRegion { /** * The Amazon Resource name (ARN) of the customer managed key. If omitted, AWS manages the AWS KMS keys for you, using an AWS owned key, as indicated by a default value of `DefaultKey`. * * The following arguments are optional: */ kmsKeyArn?: pulumi.Input; /** * The name of the Region, such as `ap-southeast-2`. */ name: pulumi.Input; /** * The current status of the Region. * * Valid Values: `ACTIVE` | `CREATING` | `UPDATING` | `DELETING` | `FAILED` */ status?: pulumi.Input; /** * More information about the status of a Region. */ statusMessage?: pulumi.Input; } export interface ResponsePlanAction { ssmAutomations?: pulumi.Input[]>; } export interface ResponsePlanActionSsmAutomation { documentName: pulumi.Input; documentVersion?: pulumi.Input; dynamicParameters?: pulumi.Input<{[key: string]: pulumi.Input}>; parameters?: pulumi.Input[]>; roleArn: pulumi.Input; targetAccount?: pulumi.Input; } export interface ResponsePlanActionSsmAutomationParameter { /** * The name of the response plan. */ name: pulumi.Input; values: pulumi.Input[]>; } export interface ResponsePlanIncidentTemplate { /** * A string used to stop Incident Manager from creating multiple incident records for the same incident. */ dedupeString?: pulumi.Input; /** * The impact value of a generated incident. The following values are supported: */ impact: pulumi.Input; /** * The tags assigned to an incident template. When an incident starts, Incident Manager assigns the tags specified in the template to the incident. */ incidentTags?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * The Amazon Simple Notification Service (Amazon SNS) targets that this incident notifies when it is updated. The `notificationTarget` configuration block supports the following argument: */ notificationTargets?: pulumi.Input[]>; /** * The summary of an incident. */ summary?: pulumi.Input; /** * The title of a generated incident. */ title: pulumi.Input; } export interface ResponsePlanIncidentTemplateNotificationTarget { /** * The ARN of the Amazon SNS topic. * * The following arguments are optional: */ snsTopicArn: pulumi.Input; } export interface ResponsePlanIntegration { pagerduties?: pulumi.Input[]>; } export interface ResponsePlanIntegrationPagerduty { /** * The name of the response plan. */ name: pulumi.Input; secretId: pulumi.Input; serviceId: pulumi.Input; } } export namespace ssoadmin { export interface ApplicationPortalOptions { /** * Sign-in options for the access portal. See `signInOptions` below. */ signInOptions?: pulumi.Input; /** * Indicates whether this application is visible in the access portal. Valid values are `ENABLED` and `DISABLED`. */ visibility?: pulumi.Input; } export interface ApplicationPortalOptionsSignInOptions { /** * URL that accepts authentication requests for an application. */ applicationUrl?: pulumi.Input; /** * Determines how IAM Identity Center navigates the user to the target application. * Valid values are `APPLICATION` and `IDENTITY_CENTER`. * If `APPLICATION` is set, IAM Identity Center redirects the customer to the configured `applicationUrl`. * If `IDENTITY_CENTER` is set, IAM Identity Center uses SAML identity-provider initiated authentication to sign the customer directly into a SAML-based application. */ origin: pulumi.Input; } export interface CustomerManagedPolicyAttachmentCustomerManagedPolicyReference { /** * Name of the customer managed IAM Policy to be attached. */ name: pulumi.Input; /** * The path to the IAM policy to be attached. The default is `/`. See [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-friendly-names) for more information. */ path?: pulumi.Input; } export interface GetApplicationAssignmentsApplicationAssignment { /** * ARN of the application. */ applicationArn?: string; /** * An identifier for an object in IAM Identity Center, such as a user or group. */ principalId?: string; /** * Entity type for which the assignment will be created. Valid values are `USER` or `GROUP`. */ principalType?: string; } export interface GetApplicationAssignmentsApplicationAssignmentArgs { /** * ARN of the application. */ applicationArn?: pulumi.Input; /** * An identifier for an object in IAM Identity Center, such as a user or group. */ principalId?: pulumi.Input; /** * Entity type for which the assignment will be created. Valid values are `USER` or `GROUP`. */ principalType?: pulumi.Input; } export interface GetApplicationPortalOption { signInOptions?: inputs.ssoadmin.GetApplicationPortalOptionSignInOption[]; visibility?: string; } export interface GetApplicationPortalOptionArgs { signInOptions?: pulumi.Input[]>; visibility?: pulumi.Input; } export interface GetApplicationPortalOptionSignInOption { applicationUrl?: string; origin?: string; } export interface GetApplicationPortalOptionSignInOptionArgs { applicationUrl?: pulumi.Input; origin?: pulumi.Input; } export interface GetApplicationProvidersApplicationProvider { /** * ARN of the application provider. */ applicationProviderArn?: string; /** * An object describing how IAM Identity Center represents the application provider in the portal. See `displayData` below. */ displayDatas?: inputs.ssoadmin.GetApplicationProvidersApplicationProviderDisplayData[]; /** * Protocol that the application provider uses to perform federation. Valid values are `SAML` and `OAUTH`. */ federationProtocol?: string; } export interface GetApplicationProvidersApplicationProviderArgs { /** * ARN of the application provider. */ applicationProviderArn?: pulumi.Input; /** * An object describing how IAM Identity Center represents the application provider in the portal. See `displayData` below. */ displayDatas?: pulumi.Input[]>; /** * Protocol that the application provider uses to perform federation. Valid values are `SAML` and `OAUTH`. */ federationProtocol?: pulumi.Input; } export interface GetApplicationProvidersApplicationProviderDisplayData { /** * Description of the application provider. */ description?: string; /** * Name of the application provider. */ displayName?: string; /** * URL that points to an icon that represents the application provider. */ iconUrl?: string; } export interface GetApplicationProvidersApplicationProviderDisplayDataArgs { /** * Description of the application provider. */ description?: pulumi.Input; /** * Name of the application provider. */ displayName?: pulumi.Input; /** * URL that points to an icon that represents the application provider. */ iconUrl?: pulumi.Input; } export interface GetPrincipalApplicationAssignmentsApplicationAssignment { /** * ARN of the application. */ applicationArn?: string; /** * An identifier for an object in IAM Identity Center, such as a user or group. */ principalId?: string; /** * Entity type for which the assignment will be created. Valid values are `USER` or `GROUP`. */ principalType?: string; } export interface GetPrincipalApplicationAssignmentsApplicationAssignmentArgs { /** * ARN of the application. */ applicationArn?: pulumi.Input; /** * An identifier for an object in IAM Identity Center, such as a user or group. */ principalId?: pulumi.Input; /** * Entity type for which the assignment will be created. Valid values are `USER` or `GROUP`. */ principalType?: pulumi.Input; } export interface InstanceAccessControlAttributesAttribute { key: pulumi.Input; values: pulumi.Input[]>; } export interface InstanceAccessControlAttributesAttributeValue { sources: pulumi.Input[]>; } export interface PermissionsBoundaryAttachmentPermissionsBoundary { /** * Specifies the name and path of a customer managed policy. See below. */ customerManagedPolicyReference?: pulumi.Input; /** * AWS-managed IAM policy ARN to use as the permissions boundary. */ managedPolicyArn?: pulumi.Input; } export interface PermissionsBoundaryAttachmentPermissionsBoundaryCustomerManagedPolicyReference { /** * Name of the customer managed IAM Policy to be attached. */ name: pulumi.Input; /** * The path to the IAM policy to be attached. The default is `/`. See [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-friendly-names) for more information. */ path?: pulumi.Input; } export interface TrustedTokenIssuerTrustedTokenIssuerConfiguration { /** * A block that describes the settings for a trusted token issuer that works with OpenID Connect (OIDC) by using JSON Web Tokens (JWT). See Documented below below. */ oidcJwtConfiguration?: pulumi.Input; } export interface TrustedTokenIssuerTrustedTokenIssuerConfigurationOidcJwtConfiguration { /** * Specifies the path of the source attribute in the JWT from the trusted token issuer. */ claimAttributePath: pulumi.Input; /** * Specifies path of the destination attribute in a JWT from IAM Identity Center. The attribute mapped by this JMESPath expression is compared against the attribute mapped by `claimAttributePath` when a trusted token issuer token is exchanged for an IAM Identity Center token. */ identityStoreAttributePath: pulumi.Input; /** * Specifies the URL that IAM Identity Center uses for OpenID Discovery. OpenID Discovery is used to obtain the information required to verify the tokens that the trusted token issuer generates. */ issuerUrl: pulumi.Input; /** * The method that the trusted token issuer can use to retrieve the JSON Web Key Set used to verify a JWT. Valid values are `OPEN_ID_DISCOVERY` */ jwksRetrievalOption: pulumi.Input; } } export namespace storagegateway { export interface FileSystemAssociationCacheAttributes { /** * Refreshes a file share's cache by using Time To Live (TTL). * TTL is the length of time since the last refresh after which access to the directory would cause the file gateway * to first refresh that directory's contents from the Amazon S3 bucket. Valid Values: `0` or `300` to `2592000` seconds (5 minutes to 30 days). Defaults to `0` */ cacheStaleTimeoutInSeconds?: pulumi.Input; } export interface GatewayGatewayNetworkInterface { /** * The Internet Protocol version 4 (IPv4) address of the interface. */ ipv4Address?: pulumi.Input; } export interface GatewayMaintenanceStartTime { /** * The day of the month component of the maintenance start time represented as an ordinal number from 1 to 28, where 1 represents the first day of the month and 28 represents the last day of the month. */ dayOfMonth?: pulumi.Input; /** * The day of the week component of the maintenance start time week represented as an ordinal number from 0 to 6, where 0 represents Sunday and 6 Saturday. */ dayOfWeek?: pulumi.Input; /** * The hour component of the maintenance start time represented as _hh_, where _hh_ is the hour (00 to 23). The hour of the day is in the time zone of the gateway. */ hourOfDay: pulumi.Input; /** * The minute component of the maintenance start time represented as _mm_, where _mm_ is the minute (00 to 59). The minute of the hour is in the time zone of the gateway. */ minuteOfHour?: pulumi.Input; } export interface GatewaySmbActiveDirectorySettings { activeDirectoryStatus?: pulumi.Input; /** * List of IPv4 addresses, NetBIOS names, or host names of your domain server. * If you need to specify the port number include it after the colon (“:”). For example, `mydc.mydomain.com:389`. */ domainControllers?: pulumi.Input[]>; /** * The name of the domain that you want the gateway to join. */ domainName: pulumi.Input; /** * The organizational unit (OU) is a container in an Active Directory that can hold users, groups, * computers, and other OUs and this parameter specifies the OU that the gateway will join within the AD domain. */ organizationalUnit?: pulumi.Input; /** * The password of the user who has permission to add the gateway to the Active Directory domain. */ password: pulumi.Input; /** * Specifies the time in seconds, in which the JoinDomain operation must complete. The default is `20` seconds. */ timeoutInSeconds?: pulumi.Input; /** * The user name of user who has permission to add the gateway to the Active Directory domain. */ username: pulumi.Input; } export interface NfsFileShareCacheAttributes { /** * Refreshes a file share's cache by using Time To Live (TTL). * TTL is the length of time since the last refresh after which access to the directory would cause the file gateway * to first refresh that directory's contents from the Amazon S3 bucket. Valid Values: 300 to 2,592,000 seconds (5 minutes to 30 days) */ cacheStaleTimeoutInSeconds?: pulumi.Input; } export interface NfsFileShareNfsFileShareDefaults { /** * The Unix directory mode in the string form "nnnn". Defaults to `"0777"`. */ directoryMode?: pulumi.Input; /** * The Unix file mode in the string form "nnnn". Defaults to `"0666"`. */ fileMode?: pulumi.Input; /** * The default group ID for the file share (unless the files have another group ID specified). Defaults to `65534` (`nfsnobody`). Valid values: `0` through `4294967294`. */ groupId?: pulumi.Input; /** * The default owner ID for the file share (unless the files have another owner ID specified). Defaults to `65534` (`nfsnobody`). Valid values: `0` through `4294967294`. */ ownerId?: pulumi.Input; } export interface SmbFileShareCacheAttributes { /** * Refreshes a file share's cache by using Time To Live (TTL). * TTL is the length of time since the last refresh after which access to the directory would cause the file gateway * to first refresh that directory's contents from the Amazon S3 bucket. Valid Values: 300 to 2,592,000 seconds (5 minutes to 30 days) */ cacheStaleTimeoutInSeconds?: pulumi.Input; } } export namespace synthetics { export interface CanaryArtifactConfig { /** * Configuration of the encryption-at-rest settings for artifacts that the canary uploads to Amazon S3. See S3 Encryption. */ s3Encryption?: pulumi.Input; } export interface CanaryArtifactConfigS3Encryption { /** * The encryption method to use for artifacts created by this canary. Valid values are: `SSE_S3` and `SSE_KMS`. */ encryptionMode?: pulumi.Input; /** * The ARN of the customer-managed KMS key to use, if you specify `SSE_KMS` for `encryptionMode`. */ kmsKeyArn?: pulumi.Input; } export interface CanaryRunConfig { /** * Whether this canary is to use active AWS X-Ray tracing when it runs. You can enable active tracing only for canaries that use version syn-nodejs-2.0 or later for their canary runtime. */ activeTracing?: pulumi.Input; /** * Map of environment variables that are accessible from the canary during execution. Please see [AWS Docs](https://docs.aws.amazon.com/lambda/latest/dg/configuration-envvars.html#configuration-envvars-runtime) for variables reserved for Lambda. */ environmentVariables?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * Maximum amount of memory available to the canary while it is running, in MB. The value you specify must be a multiple of 64. */ memoryInMb?: pulumi.Input; /** * Number of seconds the canary is allowed to run before it must stop. If you omit this field, the frequency of the canary is used, up to a maximum of 840 (14 minutes). */ timeoutInSeconds?: pulumi.Input; } export interface CanarySchedule { /** * Duration in seconds, for the canary to continue making regular runs according to the schedule in the Expression value. */ durationInSeconds?: pulumi.Input; /** * Rate expression or cron expression that defines how often the canary is to run. For rate expression, the syntax is `rate(number unit)`. _unit_ can be `minute`, `minutes`, or `hour`. For cron expression, the syntax is `cron(expression)`. For more information about the syntax for cron expressions, see [Scheduling canary runs using cron](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch_Synthetics_Canaries_cron.html). */ expression: pulumi.Input; } export interface CanaryTimeline { /** * Date and time the canary was created. */ created?: pulumi.Input; /** * Date and time the canary was most recently modified. */ lastModified?: pulumi.Input; /** * Date and time that the canary's most recent run started. */ lastStarted?: pulumi.Input; /** * Date and time that the canary's most recent run ended. */ lastStopped?: pulumi.Input; } export interface CanaryVpcConfig { /** * IDs of the security groups for this canary. */ securityGroupIds?: pulumi.Input[]>; /** * IDs of the subnets where this canary is to run. */ subnetIds?: pulumi.Input[]>; /** * ID of the VPC where this canary is to run. */ vpcId?: pulumi.Input; } } export namespace timestreamwrite { export interface TableMagneticStoreWriteProperties { /** * A flag to enable magnetic store writes. */ enableMagneticStoreWrites?: pulumi.Input; /** * The location to write error reports for records rejected asynchronously during magnetic store writes. See Magnetic Store Rejected Data Location below for more details. */ magneticStoreRejectedDataLocation?: pulumi.Input; } export interface TableMagneticStoreWritePropertiesMagneticStoreRejectedDataLocation { /** * Configuration of an S3 location to write error reports for records rejected, asynchronously, during magnetic store writes. See S3 Configuration below for more details. */ s3Configuration?: pulumi.Input; } export interface TableMagneticStoreWritePropertiesMagneticStoreRejectedDataLocationS3Configuration { /** * Bucket name of the customer S3 bucket. */ bucketName?: pulumi.Input; /** * Encryption option for the customer s3 location. Options are S3 server side encryption with an S3-managed key or KMS managed key. Valid values are `SSE_KMS` and `SSE_S3`. */ encryptionOption?: pulumi.Input; /** * KMS key arn for the customer s3 location when encrypting with a KMS managed key. */ kmsKeyId?: pulumi.Input; /** * Object key prefix for the customer S3 location. */ objectKeyPrefix?: pulumi.Input; } export interface TableRetentionProperties { /** * The duration for which data must be stored in the magnetic store. Minimum value of 1. Maximum value of 73000. */ magneticStoreRetentionPeriodInDays: pulumi.Input; /** * The duration for which data must be stored in the memory store. Minimum value of 1. Maximum value of 8766. */ memoryStoreRetentionPeriodInHours: pulumi.Input; } export interface TableSchema { /** * A non-empty list of partition keys defining the attributes used to partition the table data. The order of the list determines the partition hierarchy. The name and type of each partition key as well as the partition key order cannot be changed after the table is created. However, the enforcement level of each partition key can be changed. See Composite Partition Key below for more details. */ compositePartitionKey?: pulumi.Input; } export interface TableSchemaCompositePartitionKey { /** * The level of enforcement for the specification of a dimension key in ingested records. Valid values: `REQUIRED`, `OPTIONAL`. */ enforcementInRecord?: pulumi.Input; /** * The name of the attribute used for a dimension key. */ name?: pulumi.Input; /** * The type of the partition key. Valid values: `DIMENSION`, `MEASURE`. */ type: pulumi.Input; } } export namespace transcribe { export interface LanguageModelInputDataConfig { /** * IAM role with access to S3 bucket. */ dataAccessRoleArn: pulumi.Input; /** * S3 URI where training data is located. */ s3Uri: pulumi.Input; /** * S3 URI where tuning data is located. * * The following arguments are optional: */ tuningDataS3Uri?: pulumi.Input; } } export namespace transfer { export interface AccessHomeDirectoryMapping { /** * Represents an entry and a target. */ entry: pulumi.Input; /** * Represents the map target. */ target: pulumi.Input; } export interface AccessPosixProfile { /** * The POSIX group ID used for all EFS operations by this user. */ gid: pulumi.Input; /** * The secondary POSIX group IDs used for all EFS operations by this user. */ secondaryGids?: pulumi.Input[]>; /** * The POSIX user ID used for all EFS operations by this user. */ uid: pulumi.Input; } export interface ConnectorAs2Config { compression: pulumi.Input; encryptionAlgorithm: pulumi.Input; localProfileId: pulumi.Input; mdnResponse: pulumi.Input; mdnSigningAlgorithm?: pulumi.Input; messageSubject?: pulumi.Input; partnerProfileId: pulumi.Input; signingAlgorithm: pulumi.Input; } export interface ConnectorSftpConfig { trustedHostKeys?: pulumi.Input[]>; userSecretId?: pulumi.Input; } export interface ServerEndpointDetails { /** * A list of address allocation IDs that are required to attach an Elastic IP address to your SFTP server's endpoint. This property can only be used when `endpointType` is set to `VPC`. */ addressAllocationIds?: pulumi.Input[]>; /** * A list of security groups IDs that are available to attach to your server's endpoint. If no security groups are specified, the VPC's default security groups are automatically assigned to your endpoint. This property can only be used when `endpointType` is set to `VPC`. */ securityGroupIds?: pulumi.Input[]>; /** * A list of subnet IDs that are required to host your SFTP server endpoint in your VPC. This property can only be used when `endpointType` is set to `VPC`. */ subnetIds?: pulumi.Input[]>; /** * The ID of the VPC endpoint. This property can only be used when `endpointType` is set to `VPC_ENDPOINT` */ vpcEndpointId?: pulumi.Input; /** * The VPC ID of the virtual private cloud in which the SFTP server's endpoint will be hosted. This property can only be used when `endpointType` is set to `VPC`. */ vpcId?: pulumi.Input; } export interface ServerProtocolDetails { /** * Indicates the transport method for the AS2 messages. Currently, only `HTTP` is supported. */ as2Transports?: pulumi.Input[]>; /** * Indicates passive mode, for FTP and FTPS protocols. Enter a single IPv4 address, such as the public IP address of a firewall, router, or load balancer. */ passiveIp?: pulumi.Input; /** * Use to ignore the error that is generated when the client attempts to use `SETSTAT` on a file you are uploading to an S3 bucket. Valid values: `DEFAULT`, `ENABLE_NO_OP`. */ setStatOption?: pulumi.Input; /** * A property used with Transfer Family servers that use the FTPS protocol. Provides a mechanism to resume or share a negotiated secret key between the control and data connection for an FTPS session. Valid values: `DISABLED`, `ENABLED`, `ENFORCED`. */ tlsSessionResumptionMode?: pulumi.Input; } export interface ServerS3StorageOptions { /** * Specifies whether or not performance for your Amazon S3 directories is optimized. Valid values are `DISABLED`, `ENABLED`. * * By default, home directory mappings have a `TYPE` of `DIRECTORY`. If you enable this option, you would then need to explicitly set the `HomeDirectoryMapEntry` Type to `FILE` if you want a mapping to have a file target. See [Using logical directories to simplify your Transfer Family directory structures](https://docs.aws.amazon.com/transfer/latest/userguide/logical-dir-mappings.html) for details. */ directoryListingOptimization?: pulumi.Input; } export interface ServerWorkflowDetails { /** * A trigger that starts a workflow if a file is only partially uploaded. See Workflow Detail below. See `onPartialUpload` block below for details. */ onPartialUpload?: pulumi.Input; /** * A trigger that starts a workflow: the workflow begins to execute after a file is uploaded. See `onUpload` block below for details. */ onUpload?: pulumi.Input; } export interface ServerWorkflowDetailsOnPartialUpload { /** * Includes the necessary permissions for S3, EFS, and Lambda operations that Transfer can assume, so that all workflow steps can operate on the required resources. */ executionRole: pulumi.Input; /** * A unique identifier for the workflow. */ workflowId: pulumi.Input; } export interface ServerWorkflowDetailsOnUpload { /** * Includes the necessary permissions for S3, EFS, and Lambda operations that Transfer can assume, so that all workflow steps can operate on the required resources. */ executionRole: pulumi.Input; /** * A unique identifier for the workflow. */ workflowId: pulumi.Input; } export interface UserHomeDirectoryMapping { /** * Represents an entry and a target. */ entry: pulumi.Input; /** * Represents the map target. * * The `Restricted` option is achieved using the following mapping: * * ``` * home_directory_mappings { * entry = "/" * target = "/${aws_s3_bucket.foo.id}/$${Transfer:UserName}" * } * ``` */ target: pulumi.Input; } export interface UserPosixProfile { /** * The POSIX group ID used for all EFS operations by this user. */ gid: pulumi.Input; /** * The secondary POSIX group IDs used for all EFS operations by this user. */ secondaryGids?: pulumi.Input[]>; /** * The POSIX user ID used for all EFS operations by this user. */ uid: pulumi.Input; } export interface WorkflowOnExceptionStep { copyStepDetails?: pulumi.Input; customStepDetails?: pulumi.Input; decryptStepDetails?: pulumi.Input; deleteStepDetails?: pulumi.Input; tagStepDetails?: pulumi.Input; type: pulumi.Input; } export interface WorkflowOnExceptionStepCopyStepDetails { /** * Specifies the location for the file being copied. Use ${Transfer:username} in this field to parametrize the destination prefix by username. */ destinationFileLocation?: pulumi.Input; /** * The name of the step, used as an identifier. */ name?: pulumi.Input; /** * A flag that indicates whether or not to overwrite an existing file of the same name. The default is `FALSE`. Valid values are `TRUE` and `FALSE`. */ overwriteExisting?: pulumi.Input; /** * Specifies which file to use as input to the workflow step: either the output from the previous step, or the originally uploaded file for the workflow. Enter ${previous.file} to use the previous file as the input. In this case, this workflow step uses the output file from the previous workflow step as input. This is the default value. Enter ${original.file} to use the originally-uploaded file location as input for this step. */ sourceFileLocation?: pulumi.Input; } export interface WorkflowOnExceptionStepCopyStepDetailsDestinationFileLocation { /** * Specifies the details for the EFS file being copied. */ efsFileLocation?: pulumi.Input; /** * Specifies the details for the S3 file being copied. */ s3FileLocation?: pulumi.Input; } export interface WorkflowOnExceptionStepCopyStepDetailsDestinationFileLocationEfsFileLocation { /** * The ID of the file system, assigned by Amazon EFS. */ fileSystemId?: pulumi.Input; /** * The pathname for the folder being used by a workflow. */ path?: pulumi.Input; } export interface WorkflowOnExceptionStepCopyStepDetailsDestinationFileLocationS3FileLocation { /** * Specifies the S3 bucket for the customer input file. */ bucket?: pulumi.Input; /** * The name assigned to the file when it was created in S3. You use the object key to retrieve the object. */ key?: pulumi.Input; } export interface WorkflowOnExceptionStepCustomStepDetails { /** * The name of the step, used as an identifier. */ name?: pulumi.Input; /** * Specifies which file to use as input to the workflow step: either the output from the previous step, or the originally uploaded file for the workflow. Enter ${previous.file} to use the previous file as the input. In this case, this workflow step uses the output file from the previous workflow step as input. This is the default value. Enter ${original.file} to use the originally-uploaded file location as input for this step. */ sourceFileLocation?: pulumi.Input; /** * The ARN for the lambda function that is being called. */ target?: pulumi.Input; /** * Timeout, in seconds, for the step. */ timeoutSeconds?: pulumi.Input; } export interface WorkflowOnExceptionStepDecryptStepDetails { /** * Specifies the location for the file being copied. Use ${Transfer:username} in this field to parametrize the destination prefix by username. */ destinationFileLocation?: pulumi.Input; /** * The name of the step, used as an identifier. */ name?: pulumi.Input; /** * A flag that indicates whether or not to overwrite an existing file of the same name. The default is `FALSE`. Valid values are `TRUE` and `FALSE`. */ overwriteExisting?: pulumi.Input; /** * Specifies which file to use as input to the workflow step: either the output from the previous step, or the originally uploaded file for the workflow. Enter ${previous.file} to use the previous file as the input. In this case, this workflow step uses the output file from the previous workflow step as input. This is the default value. Enter ${original.file} to use the originally-uploaded file location as input for this step. */ sourceFileLocation?: pulumi.Input; /** * The type of encryption used. Currently, this value must be `"PGP"`. */ type: pulumi.Input; } export interface WorkflowOnExceptionStepDecryptStepDetailsDestinationFileLocation { /** * Specifies the details for the EFS file being copied. */ efsFileLocation?: pulumi.Input; /** * Specifies the details for the S3 file being copied. */ s3FileLocation?: pulumi.Input; } export interface WorkflowOnExceptionStepDecryptStepDetailsDestinationFileLocationEfsFileLocation { /** * The ID of the file system, assigned by Amazon EFS. */ fileSystemId?: pulumi.Input; /** * The pathname for the folder being used by a workflow. */ path?: pulumi.Input; } export interface WorkflowOnExceptionStepDecryptStepDetailsDestinationFileLocationS3FileLocation { /** * Specifies the S3 bucket for the customer input file. */ bucket?: pulumi.Input; /** * The name assigned to the file when it was created in S3. You use the object key to retrieve the object. */ key?: pulumi.Input; } export interface WorkflowOnExceptionStepDeleteStepDetails { /** * The name of the step, used as an identifier. */ name?: pulumi.Input; /** * Specifies which file to use as input to the workflow step: either the output from the previous step, or the originally uploaded file for the workflow. Enter ${previous.file} to use the previous file as the input. In this case, this workflow step uses the output file from the previous workflow step as input. This is the default value. Enter ${original.file} to use the originally-uploaded file location as input for this step. */ sourceFileLocation?: pulumi.Input; } export interface WorkflowOnExceptionStepTagStepDetails { /** * The name of the step, used as an identifier. */ name?: pulumi.Input; /** * Specifies which file to use as input to the workflow step: either the output from the previous step, or the originally uploaded file for the workflow. Enter ${previous.file} to use the previous file as the input. In this case, this workflow step uses the output file from the previous workflow step as input. This is the default value. Enter ${original.file} to use the originally-uploaded file location as input for this step. */ sourceFileLocation?: pulumi.Input; /** * Array that contains from 1 to 10 key/value pairs. See S3 Tags below. */ tags?: pulumi.Input[]>; } export interface WorkflowOnExceptionStepTagStepDetailsTag { key: pulumi.Input; value: pulumi.Input; } export interface WorkflowStep { copyStepDetails?: pulumi.Input; customStepDetails?: pulumi.Input; decryptStepDetails?: pulumi.Input; deleteStepDetails?: pulumi.Input; tagStepDetails?: pulumi.Input; type: pulumi.Input; } export interface WorkflowStepCopyStepDetails { /** * Specifies the location for the file being copied. Use ${Transfer:username} in this field to parametrize the destination prefix by username. */ destinationFileLocation?: pulumi.Input; /** * The name of the step, used as an identifier. */ name?: pulumi.Input; /** * A flag that indicates whether or not to overwrite an existing file of the same name. The default is `FALSE`. Valid values are `TRUE` and `FALSE`. */ overwriteExisting?: pulumi.Input; /** * Specifies which file to use as input to the workflow step: either the output from the previous step, or the originally uploaded file for the workflow. Enter ${previous.file} to use the previous file as the input. In this case, this workflow step uses the output file from the previous workflow step as input. This is the default value. Enter ${original.file} to use the originally-uploaded file location as input for this step. */ sourceFileLocation?: pulumi.Input; } export interface WorkflowStepCopyStepDetailsDestinationFileLocation { /** * Specifies the details for the EFS file being copied. */ efsFileLocation?: pulumi.Input; /** * Specifies the details for the S3 file being copied. */ s3FileLocation?: pulumi.Input; } export interface WorkflowStepCopyStepDetailsDestinationFileLocationEfsFileLocation { /** * The ID of the file system, assigned by Amazon EFS. */ fileSystemId?: pulumi.Input; /** * The pathname for the folder being used by a workflow. */ path?: pulumi.Input; } export interface WorkflowStepCopyStepDetailsDestinationFileLocationS3FileLocation { /** * Specifies the S3 bucket for the customer input file. */ bucket?: pulumi.Input; /** * The name assigned to the file when it was created in S3. You use the object key to retrieve the object. */ key?: pulumi.Input; } export interface WorkflowStepCustomStepDetails { /** * The name of the step, used as an identifier. */ name?: pulumi.Input; /** * Specifies which file to use as input to the workflow step: either the output from the previous step, or the originally uploaded file for the workflow. Enter ${previous.file} to use the previous file as the input. In this case, this workflow step uses the output file from the previous workflow step as input. This is the default value. Enter ${original.file} to use the originally-uploaded file location as input for this step. */ sourceFileLocation?: pulumi.Input; /** * The ARN for the lambda function that is being called. */ target?: pulumi.Input; /** * Timeout, in seconds, for the step. */ timeoutSeconds?: pulumi.Input; } export interface WorkflowStepDecryptStepDetails { /** * Specifies the location for the file being copied. Use ${Transfer:username} in this field to parametrize the destination prefix by username. */ destinationFileLocation?: pulumi.Input; /** * The name of the step, used as an identifier. */ name?: pulumi.Input; /** * A flag that indicates whether or not to overwrite an existing file of the same name. The default is `FALSE`. Valid values are `TRUE` and `FALSE`. */ overwriteExisting?: pulumi.Input; /** * Specifies which file to use as input to the workflow step: either the output from the previous step, or the originally uploaded file for the workflow. Enter ${previous.file} to use the previous file as the input. In this case, this workflow step uses the output file from the previous workflow step as input. This is the default value. Enter ${original.file} to use the originally-uploaded file location as input for this step. */ sourceFileLocation?: pulumi.Input; /** * The type of encryption used. Currently, this value must be `"PGP"`. */ type: pulumi.Input; } export interface WorkflowStepDecryptStepDetailsDestinationFileLocation { /** * Specifies the details for the EFS file being copied. */ efsFileLocation?: pulumi.Input; /** * Specifies the details for the S3 file being copied. */ s3FileLocation?: pulumi.Input; } export interface WorkflowStepDecryptStepDetailsDestinationFileLocationEfsFileLocation { /** * The ID of the file system, assigned by Amazon EFS. */ fileSystemId?: pulumi.Input; /** * The pathname for the folder being used by a workflow. */ path?: pulumi.Input; } export interface WorkflowStepDecryptStepDetailsDestinationFileLocationS3FileLocation { /** * Specifies the S3 bucket for the customer input file. */ bucket?: pulumi.Input; /** * The name assigned to the file when it was created in S3. You use the object key to retrieve the object. */ key?: pulumi.Input; } export interface WorkflowStepDeleteStepDetails { /** * The name of the step, used as an identifier. */ name?: pulumi.Input; /** * Specifies which file to use as input to the workflow step: either the output from the previous step, or the originally uploaded file for the workflow. Enter ${previous.file} to use the previous file as the input. In this case, this workflow step uses the output file from the previous workflow step as input. This is the default value. Enter ${original.file} to use the originally-uploaded file location as input for this step. */ sourceFileLocation?: pulumi.Input; } export interface WorkflowStepTagStepDetails { /** * The name of the step, used as an identifier. */ name?: pulumi.Input; /** * Specifies which file to use as input to the workflow step: either the output from the previous step, or the originally uploaded file for the workflow. Enter ${previous.file} to use the previous file as the input. In this case, this workflow step uses the output file from the previous workflow step as input. This is the default value. Enter ${original.file} to use the originally-uploaded file location as input for this step. */ sourceFileLocation?: pulumi.Input; /** * Array that contains from 1 to 10 key/value pairs. See S3 Tags below. */ tags?: pulumi.Input[]>; } export interface WorkflowStepTagStepDetailsTag { key: pulumi.Input; value: pulumi.Input; } } export namespace verifiedaccess { export interface EndpointLoadBalancerOptions { loadBalancerArn?: pulumi.Input; port?: pulumi.Input; protocol?: pulumi.Input; subnetIds?: pulumi.Input[]>; } export interface EndpointNetworkInterfaceOptions { networkInterfaceId?: pulumi.Input; port?: pulumi.Input; protocol?: pulumi.Input; } export interface EndpointSseSpecification { customerManagedKeyEnabled?: pulumi.Input; kmsKeyArn?: pulumi.Input; } export interface GroupSseConfiguration { customerManagedKeyEnabled?: pulumi.Input; /** * ARN of the KMS key to use. */ kmsKeyArn?: pulumi.Input; } export interface InstanceLoggingConfigurationAccessLogs { /** * A block that specifies configures sending Verified Access logs to CloudWatch Logs. Detailed below. */ cloudwatchLogs?: pulumi.Input; /** * Include trust data sent by trust providers into the logs. */ includeTrustContext?: pulumi.Input; /** * A block that specifies configures sending Verified Access logs to Kinesis. Detailed below. */ kinesisDataFirehose?: pulumi.Input; /** * The logging version to use. Refer to [VerifiedAccessLogOptions](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_VerifiedAccessLogOptions.html) for the allowed values. */ logVersion?: pulumi.Input; /** * A block that specifies configures sending Verified Access logs to S3. Detailed below. */ s3?: pulumi.Input; } export interface InstanceLoggingConfigurationAccessLogsCloudwatchLogs { /** * Indicates whether logging is enabled. */ enabled: pulumi.Input; /** * The name of the CloudWatch Logs Log Group. */ logGroup?: pulumi.Input; } export interface InstanceLoggingConfigurationAccessLogsKinesisDataFirehose { /** * The name of the delivery stream. */ deliveryStream?: pulumi.Input; /** * Indicates whether logging is enabled. */ enabled: pulumi.Input; } export interface InstanceLoggingConfigurationAccessLogsS3 { /** * The name of S3 bucket. */ bucketName?: pulumi.Input; /** * The ID of the AWS account that owns the Amazon S3 bucket. */ bucketOwner?: pulumi.Input; /** * Indicates whether logging is enabled. */ enabled: pulumi.Input; /** * The bucket prefix. */ prefix?: pulumi.Input; } export interface InstanceVerifiedAccessTrustProvider { /** * A description for the AWS Verified Access Instance. */ description?: pulumi.Input; /** * The type of device-based trust provider. */ deviceTrustProviderType?: pulumi.Input; /** * The type of trust provider (user- or device-based). */ trustProviderType?: pulumi.Input; /** * The type of user-based trust provider. */ userTrustProviderType?: pulumi.Input; /** * The ID of the trust provider. */ verifiedAccessTrustProviderId?: pulumi.Input; } export interface TrustProviderDeviceOptions { tenantId?: pulumi.Input; } export interface TrustProviderOidcOptions { authorizationEndpoint?: pulumi.Input; clientId?: pulumi.Input; clientSecret: pulumi.Input; issuer?: pulumi.Input; scope?: pulumi.Input; tokenEndpoint?: pulumi.Input; userInfoEndpoint?: pulumi.Input; } } export namespace verifiedpermissions { export interface PolicyDefinition { /** * The static policy statement. See Static below. */ static?: pulumi.Input; /** * The template linked policy. See Template Linked below. */ templateLinked?: pulumi.Input; } export interface PolicyDefinitionStatic { /** * The description of the static policy. */ description?: pulumi.Input; /** * The statement of the static policy. */ statement: pulumi.Input; } export interface PolicyDefinitionTemplateLinked { /** * The ID of the template. */ policyTemplateId: pulumi.Input; /** * The principal of the template linked policy. */ principal?: pulumi.Input; /** * The resource of the template linked policy. */ resource?: pulumi.Input; } export interface PolicyDefinitionTemplateLinkedPrincipal { /** * The entity ID of the principal. */ entityId: pulumi.Input; /** * The entity type of the principal. */ entityType: pulumi.Input; } export interface PolicyDefinitionTemplateLinkedResource { /** * The entity ID of the resource. */ entityId: pulumi.Input; /** * The entity type of the resource. */ entityType: pulumi.Input; } export interface PolicyStoreValidationSettings { /** * The mode for the validation settings. Valid values: `OFF`, `STRICT`. * * The following arguments are optional: */ mode: pulumi.Input; } export interface SchemaDefinition { /** * A JSON string representation of the schema. */ value: pulumi.Input; } } export namespace vpc { export interface GetSecurityGroupRuleFilter { /** * Name of the filter field. Valid values can be found in the EC2 [`DescribeSecurityGroupRules`](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroupRules.html) API Reference. */ name: string; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: string[]; } export interface GetSecurityGroupRuleFilterArgs { /** * Name of the filter field. Valid values can be found in the EC2 [`DescribeSecurityGroupRules`](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroupRules.html) API Reference. */ name: pulumi.Input; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: pulumi.Input[]>; } export interface GetSecurityGroupRulesFilter { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroupRules.html). */ name: string; /** * Set of values that are accepted for the given field. * Security group rule IDs will be selected if any one of the given values match. */ values: string[]; } export interface GetSecurityGroupRulesFilterArgs { /** * Name of the field to filter by, as defined by * [the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroupRules.html). */ name: pulumi.Input; /** * Set of values that are accepted for the given field. * Security group rule IDs will be selected if any one of the given values match. */ values: pulumi.Input[]>; } } export namespace vpclattice { export interface ListenerDefaultAction { fixedResponse?: pulumi.Input; /** * Route requests to one or more target groups. See Forward blocks below. * * > **NOTE:** You must specify exactly one of the following argument blocks: `fixedResponse` or `forward`. */ forwards?: pulumi.Input[]>; } export interface ListenerDefaultActionFixedResponse { /** * Custom HTTP status code to return, e.g. a 404 response code. See [Listeners](https://docs.aws.amazon.com/vpc-lattice/latest/ug/listeners.html) in the AWS documentation for a list of supported codes. */ statusCode: pulumi.Input; } export interface ListenerDefaultActionForward { /** * One or more target group blocks. */ targetGroups?: pulumi.Input[]>; } export interface ListenerDefaultActionForwardTargetGroup { targetGroupIdentifier?: pulumi.Input; weight?: pulumi.Input; } export interface ListenerRuleAction { /** * Describes the rule action that returns a custom HTTP response. */ fixedResponse?: pulumi.Input; /** * The forward action. Traffic that matches the rule is forwarded to the specified target groups. */ forward?: pulumi.Input; } export interface ListenerRuleActionFixedResponse { /** * The HTTP response code. */ statusCode: pulumi.Input; } export interface ListenerRuleActionForward { /** * The target groups. Traffic matching the rule is forwarded to the specified target groups. With forward actions, you can assign a weight that controls the prioritization and selection of each target group. This means that requests are distributed to individual target groups based on their weights. For example, if two target groups have the same weight, each target group receives half of the traffic. * * The default value is 1 with maximum number of 2. If only one target group is provided, there is no need to set the weight; 100% of traffic will go to that target group. */ targetGroups: pulumi.Input[]>; } export interface ListenerRuleActionForwardTargetGroup { targetGroupIdentifier: pulumi.Input; weight?: pulumi.Input; } export interface ListenerRuleMatch { /** * The HTTP criteria that a rule must match. */ httpMatch?: pulumi.Input; } export interface ListenerRuleMatchHttpMatch { /** * The header matches. Matches incoming requests with rule based on request header value before applying rule action. */ headerMatches?: pulumi.Input[]>; /** * The HTTP method type. */ method?: pulumi.Input; /** * The path match. */ pathMatch?: pulumi.Input; } export interface ListenerRuleMatchHttpMatchHeaderMatch { /** * Indicates whether the match is case sensitive. Defaults to false. */ caseSensitive?: pulumi.Input; /** * The header match type. */ match: pulumi.Input; /** * The name of the header. */ name: pulumi.Input; } export interface ListenerRuleMatchHttpMatchHeaderMatchMatch { /** * Specifies a contains type match. */ contains?: pulumi.Input; /** * Specifies an exact type match. */ exact?: pulumi.Input; /** * Specifies a prefix type match. Matches the value with the prefix. */ prefix?: pulumi.Input; } export interface ListenerRuleMatchHttpMatchPathMatch { /** * Indicates whether the match is case sensitive. Defaults to false. */ caseSensitive?: pulumi.Input; /** * The header match type. */ match: pulumi.Input; } export interface ListenerRuleMatchHttpMatchPathMatchMatch { /** * Specifies an exact type match. */ exact?: pulumi.Input; /** * Specifies a prefix type match. Matches the value with the prefix. */ prefix?: pulumi.Input; } export interface ServiceDnsEntry { domainName?: pulumi.Input; hostedZoneId?: pulumi.Input; } export interface ServiceNetworkServiceAssociationDnsEntry { /** * The domain name of the service. */ domainName?: pulumi.Input; /** * The ID of the hosted zone. */ hostedZoneId?: pulumi.Input; } export interface TargetGroupAttachmentTarget { /** * The ID of the target. If the target type of the target group is INSTANCE, this is an instance ID. If the target type is IP , this is an IP address. If the target type is LAMBDA, this is the ARN of the Lambda function. If the target type is ALB, this is the ARN of the Application Load Balancer. */ id: pulumi.Input; /** * This port is used for routing traffic to the target, and defaults to the target group port. However, you can override the default and specify a custom port. */ port?: pulumi.Input; } export interface TargetGroupConfig { /** * The health check configuration. */ healthCheck?: pulumi.Input; /** * The type of IP address used for the target group. Valid values: `IPV4` | `IPV6`. */ ipAddressType?: pulumi.Input; /** * The version of the event structure that the Lambda function receives. Supported only if `type` is `LAMBDA`. Valid Values are `V1` | `V2`. */ lambdaEventStructureVersion?: pulumi.Input; /** * The port on which the targets are listening. */ port?: pulumi.Input; /** * The protocol to use for routing traffic to the targets. Valid Values are `HTTP` | `HTTPS`. */ protocol?: pulumi.Input; /** * The protocol version. Valid Values are `HTTP1` | `HTTP2` | `GRPC`. Default value is `HTTP1`. */ protocolVersion?: pulumi.Input; /** * The ID of the VPC. */ vpcIdentifier?: pulumi.Input; } export interface TargetGroupConfigHealthCheck { /** * Indicates whether health checking is enabled. Defaults to `true`. */ enabled?: pulumi.Input; /** * The approximate amount of time, in seconds, between health checks of an individual target. The range is 5–300 seconds. The default is 30 seconds. */ healthCheckIntervalSeconds?: pulumi.Input; /** * The amount of time, in seconds, to wait before reporting a target as unhealthy. The range is 1–120 seconds. The default is 5 seconds. * * `healthyThresholdCount ` - (Optional) The number of consecutive successful health checks required before considering an unhealthy target healthy. The range is 2–10. The default is 5. */ healthCheckTimeoutSeconds?: pulumi.Input; healthyThresholdCount?: pulumi.Input; /** * The codes to use when checking for a successful response from a target. These are called _Success codes_ in the console. */ matcher?: pulumi.Input; /** * The destination for health checks on the targets. If the protocol version is HTTP/1.1 or HTTP/2, specify a valid URI (for example, /path?query). The default path is `/`. Health checks are not supported if the protocol version is gRPC, however, you can choose HTTP/1.1 or HTTP/2 and specify a valid URI. */ path?: pulumi.Input; /** * The port used when performing health checks on targets. The default setting is the port that a target receives traffic on. */ port?: pulumi.Input; /** * The protocol used when performing health checks on targets. The possible protocols are `HTTP` and `HTTPS`. */ protocol?: pulumi.Input; /** * The protocol version used when performing health checks on targets. The possible protocol versions are `HTTP1` and `HTTP2`. The default is `HTTP1`. */ protocolVersion?: pulumi.Input; /** * The number of consecutive failed health checks required before considering a target unhealthy. The range is 2–10. The default is 2. */ unhealthyThresholdCount?: pulumi.Input; } export interface TargetGroupConfigHealthCheckMatcher { /** * The HTTP codes to use when checking for a successful response from a target. */ value?: pulumi.Input; } } export namespace waf { export interface ByteMatchSetByteMatchTuple { fieldToMatch: pulumi.Input; positionalConstraint: pulumi.Input; targetString?: pulumi.Input; textTransformation: pulumi.Input; } export interface ByteMatchSetByteMatchTupleFieldToMatch { data?: pulumi.Input; type: pulumi.Input; } export interface GeoMatchSetGeoMatchConstraint { type: pulumi.Input; value: pulumi.Input; } export interface IpSetIpSetDescriptor { type: pulumi.Input; value: pulumi.Input; } export interface RateBasedRulePredicate { dataId: pulumi.Input; negated: pulumi.Input; type: pulumi.Input; } export interface RegexMatchSetRegexMatchTuple { /** * The part of a web request that you want to search, such as a specified header or a query string. */ fieldToMatch: pulumi.Input; /** * The ID of a Regex Pattern Set. */ regexPatternSetId: pulumi.Input; /** * Text transformations used to eliminate unusual formatting that attackers use in web requests in an effort to bypass AWS WAF. * e.g., `CMD_LINE`, `HTML_ENTITY_DECODE` or `NONE`. * See [docs](http://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchTuple.html#WAF-Type-ByteMatchTuple-TextTransformation) * for all supported values. */ textTransformation: pulumi.Input; } export interface RegexMatchSetRegexMatchTupleFieldToMatch { /** * When `type` is `HEADER`, enter the name of the header that you want to search, e.g., `User-Agent` or `Referer`. * If `type` is any other value, omit this field. */ data?: pulumi.Input; /** * The part of the web request that you want AWS WAF to search for a specified string. * e.g., `HEADER`, `METHOD` or `BODY`. * See [docs](http://docs.aws.amazon.com/waf/latest/APIReference/API_FieldToMatch.html) * for all supported values. */ type: pulumi.Input; } export interface RuleGroupActivatedRule { action: pulumi.Input; priority: pulumi.Input; ruleId: pulumi.Input; type?: pulumi.Input; } export interface RuleGroupActivatedRuleAction { type: pulumi.Input; } export interface RulePredicate { dataId: pulumi.Input; negated: pulumi.Input; type: pulumi.Input; } export interface SizeConstraintSetSizeConstraint { comparisonOperator: pulumi.Input; fieldToMatch: pulumi.Input; size: pulumi.Input; textTransformation: pulumi.Input; } export interface SizeConstraintSetSizeConstraintFieldToMatch { data?: pulumi.Input; type: pulumi.Input; } export interface SqlInjectionMatchSetSqlInjectionMatchTuple { /** * Specifies where in a web request to look for snippets of malicious SQL code. */ fieldToMatch: pulumi.Input; /** * Text transformations used to eliminate unusual formatting that attackers use in web requests in an effort to bypass AWS WAF. * If you specify a transformation, AWS WAF performs the transformation on `fieldToMatch` before inspecting a request for a match. * e.g., `CMD_LINE`, `HTML_ENTITY_DECODE` or `NONE`. * See [docs](http://docs.aws.amazon.com/waf/latest/APIReference/API_SqlInjectionMatchTuple.html#WAF-Type-SqlInjectionMatchTuple-TextTransformation) * for all supported values. */ textTransformation: pulumi.Input; } export interface SqlInjectionMatchSetSqlInjectionMatchTupleFieldToMatch { data?: pulumi.Input; type: pulumi.Input; } export interface WebAclDefaultAction { /** * Specifies how you want AWS WAF to respond to requests that don't match the criteria in any of the `rules`. * e.g., `ALLOW` or `BLOCK` */ type: pulumi.Input; } export interface WebAclLoggingConfiguration { /** * Amazon Resource Name (ARN) of Kinesis Firehose Delivery Stream */ logDestination: pulumi.Input; /** * Configuration block containing parts of the request that you want redacted from the logs. Detailed below. */ redactedFields?: pulumi.Input; } export interface WebAclLoggingConfigurationRedactedFields { /** * Set of configuration blocks for fields to redact. Detailed below. */ fieldToMatches: pulumi.Input[]>; } export interface WebAclLoggingConfigurationRedactedFieldsFieldToMatch { /** * When the value of `type` is `HEADER`, enter the name of the header that you want the WAF to search, for example, `User-Agent` or `Referer`. If the value of `type` is any other value, omit `data`. */ data?: pulumi.Input; /** * The part of the web request that you want AWS WAF to search for a specified stringE.g., `HEADER` or `METHOD` */ type: pulumi.Input; } export interface WebAclRule { /** * The action that CloudFront or AWS WAF takes when a web request matches the conditions in the rule. Not used if `type` is `GROUP`. */ action?: pulumi.Input; /** * Override the action that a group requests CloudFront or AWS WAF takes when a web request matches the conditions in the rule. Only used if `type` is `GROUP`. */ overrideAction?: pulumi.Input; /** * Specifies the order in which the rules in a WebACL are evaluated. * Rules with a lower value are evaluated before rules with a higher value. */ priority: pulumi.Input; /** * ID of the associated WAF (Global) rule (e.g., `aws.waf.Rule`). WAF (Regional) rules cannot be used. */ ruleId: pulumi.Input; /** * The rule type, either `REGULAR`, as defined by [Rule](http://docs.aws.amazon.com/waf/latest/APIReference/API_Rule.html), `RATE_BASED`, as defined by [RateBasedRule](http://docs.aws.amazon.com/waf/latest/APIReference/API_RateBasedRule.html), or `GROUP`, as defined by [RuleGroup](https://docs.aws.amazon.com/waf/latest/APIReference/API_RuleGroup.html). The default is REGULAR. If you add a RATE_BASED rule, you need to set `type` as `RATE_BASED`. If you add a GROUP rule, you need to set `type` as `GROUP`. */ type?: pulumi.Input; } export interface WebAclRuleAction { /** * valid values are: `BLOCK`, `ALLOW`, or `COUNT` */ type: pulumi.Input; } export interface WebAclRuleOverrideAction { /** * valid values are: `NONE` or `COUNT` */ type: pulumi.Input; } export interface XssMatchSetXssMatchTuple { /** * Specifies where in a web request to look for cross-site scripting attacks. */ fieldToMatch: pulumi.Input; /** * Text transformations used to eliminate unusual formatting that attackers use in web requests in an effort to bypass AWS WAF. * If you specify a transformation, AWS WAF performs the transformation on `targetString` before inspecting a request for a match. * e.g., `CMD_LINE`, `HTML_ENTITY_DECODE` or `NONE`. * See [docs](http://docs.aws.amazon.com/waf/latest/APIReference/API_XssMatchTuple.html#WAF-Type-XssMatchTuple-TextTransformation) * for all supported values. */ textTransformation: pulumi.Input; } export interface XssMatchSetXssMatchTupleFieldToMatch { data?: pulumi.Input; type: pulumi.Input; } } export namespace wafregional { export interface ByteMatchSetByteMatchTuple { /** * Settings for the ByteMatchTuple. FieldToMatch documented below. */ fieldToMatch: pulumi.Input; /** * Within the portion of a web request that you want to search. */ positionalConstraint: pulumi.Input; /** * The value that you want AWS WAF to search for. The maximum length of the value is 50 bytes. */ targetString?: pulumi.Input; /** * The formatting way for web request. * * FieldToMatch(field_to_match) support following: */ textTransformation: pulumi.Input; } export interface ByteMatchSetByteMatchTupleFieldToMatch { /** * When the value of Type is HEADER, enter the name of the header that you want AWS WAF to search, for example, User-Agent or Referer. If the value of Type is any other value, omit Data. */ data?: pulumi.Input; /** * The part of the web request that you want AWS WAF to search for a specified string. */ type: pulumi.Input; } export interface GeoMatchSetGeoMatchConstraint { type: pulumi.Input; value: pulumi.Input; } export interface IpSetIpSetDescriptor { type: pulumi.Input; value: pulumi.Input; } export interface RateBasedRulePredicate { dataId: pulumi.Input; negated: pulumi.Input; type: pulumi.Input; } export interface RegexMatchSetRegexMatchTuple { /** * The part of a web request that you want to search, such as a specified header or a query string. */ fieldToMatch: pulumi.Input; /** * The ID of a Regex Pattern Set. */ regexPatternSetId: pulumi.Input; /** * Text transformations used to eliminate unusual formatting that attackers use in web requests in an effort to bypass AWS WAF. * e.g., `CMD_LINE`, `HTML_ENTITY_DECODE` or `NONE`. * See [docs](http://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchTuple.html#WAF-Type-ByteMatchTuple-TextTransformation) * for all supported values. */ textTransformation: pulumi.Input; } export interface RegexMatchSetRegexMatchTupleFieldToMatch { /** * When `type` is `HEADER`, enter the name of the header that you want to search, e.g., `User-Agent` or `Referer`. * If `type` is any other value, omit this field. */ data?: pulumi.Input; /** * The part of the web request that you want AWS WAF to search for a specified string. * e.g., `HEADER`, `METHOD` or `BODY`. * See [docs](http://docs.aws.amazon.com/waf/latest/APIReference/API_FieldToMatch.html) * for all supported values. */ type: pulumi.Input; } export interface RuleGroupActivatedRule { action: pulumi.Input; priority: pulumi.Input; ruleId: pulumi.Input; type?: pulumi.Input; } export interface RuleGroupActivatedRuleAction { type: pulumi.Input; } export interface RulePredicate { dataId: pulumi.Input; negated: pulumi.Input; type: pulumi.Input; } export interface SizeConstraintSetSizeConstraint { comparisonOperator: pulumi.Input; fieldToMatch: pulumi.Input; size: pulumi.Input; textTransformation: pulumi.Input; } export interface SizeConstraintSetSizeConstraintFieldToMatch { data?: pulumi.Input; type: pulumi.Input; } export interface SqlInjectionMatchSetSqlInjectionMatchTuple { /** * Specifies where in a web request to look for snippets of malicious SQL code. */ fieldToMatch: pulumi.Input; /** * Text transformations used to eliminate unusual formatting that attackers use in web requests in an effort to bypass AWS WAF. * If you specify a transformation, AWS WAF performs the transformation on `fieldToMatch` before inspecting a request for a match. * e.g., `CMD_LINE`, `HTML_ENTITY_DECODE` or `NONE`. * See [docs](https://docs.aws.amazon.com/waf/latest/APIReference/API_regional_SqlInjectionMatchTuple.html#WAF-Type-regional_SqlInjectionMatchTuple-TextTransformation) * for all supported values. */ textTransformation: pulumi.Input; } export interface SqlInjectionMatchSetSqlInjectionMatchTupleFieldToMatch { /** * When `type` is `HEADER`, enter the name of the header that you want to search, e.g., `User-Agent` or `Referer`. * If `type` is any other value, omit this field. */ data?: pulumi.Input; /** * The part of the web request that you want AWS WAF to search for a specified string. * e.g., `HEADER`, `METHOD` or `BODY`. * See [docs](https://docs.aws.amazon.com/waf/latest/APIReference/API_regional_FieldToMatch.html) * for all supported values. */ type: pulumi.Input; } export interface WebAclDefaultAction { /** * Specifies how you want AWS WAF Regional to respond to requests that match the settings in a ruleE.g., `ALLOW`, `BLOCK` or `COUNT` */ type: pulumi.Input; } export interface WebAclLoggingConfiguration { /** * Amazon Resource Name (ARN) of Kinesis Firehose Delivery Stream */ logDestination: pulumi.Input; /** * Configuration block containing parts of the request that you want redacted from the logs. Detailed below. */ redactedFields?: pulumi.Input; } export interface WebAclLoggingConfigurationRedactedFields { /** * Set of configuration blocks for fields to redact. Detailed below. */ fieldToMatches: pulumi.Input[]>; } export interface WebAclLoggingConfigurationRedactedFieldsFieldToMatch { /** * When the value of `type` is `HEADER`, enter the name of the header that you want the WAF to search, for example, `User-Agent` or `Referer`. If the value of `type` is any other value, omit `data`. */ data?: pulumi.Input; /** * The part of the web request that you want AWS WAF to search for a specified stringE.g., `HEADER` or `METHOD` */ type: pulumi.Input; } export interface WebAclRule { /** * Configuration block of the action that CloudFront or AWS WAF takes when a web request matches the conditions in the rule. Not used if `type` is `GROUP`. Detailed below. */ action?: pulumi.Input; /** * Configuration block of the override the action that a group requests CloudFront or AWS WAF takes when a web request matches the conditions in the rule. Only used if `type` is `GROUP`. Detailed below. */ overrideAction?: pulumi.Input; /** * Specifies the order in which the rules in a WebACL are evaluated. * Rules with a lower value are evaluated before rules with a higher value. */ priority: pulumi.Input; /** * ID of the associated WAF (Regional) rule (e.g., `aws.wafregional.Rule`). WAF (Global) rules cannot be used. */ ruleId: pulumi.Input; /** * The rule type, either `REGULAR`, as defined by [Rule](http://docs.aws.amazon.com/waf/latest/APIReference/API_Rule.html), `RATE_BASED`, as defined by [RateBasedRule](http://docs.aws.amazon.com/waf/latest/APIReference/API_RateBasedRule.html), or `GROUP`, as defined by [RuleGroup](https://docs.aws.amazon.com/waf/latest/APIReference/API_RuleGroup.html). The default is REGULAR. If you add a RATE_BASED rule, you need to set `type` as `RATE_BASED`. If you add a GROUP rule, you need to set `type` as `GROUP`. */ type?: pulumi.Input; } export interface WebAclRuleAction { /** * Specifies how you want AWS WAF Regional to respond to requests that match the settings in a rule. Valid values for `action` are `ALLOW`, `BLOCK` or `COUNT`. Valid values for `overrideAction` are `COUNT` and `NONE`. */ type: pulumi.Input; } export interface WebAclRuleOverrideAction { type: pulumi.Input; } export interface XssMatchSetXssMatchTuple { /** * Specifies where in a web request to look for cross-site scripting attacks. */ fieldToMatch: pulumi.Input; /** * Which text transformation, if any, to perform on the web request before inspecting the request for cross-site scripting attacks. */ textTransformation: pulumi.Input; } export interface XssMatchSetXssMatchTupleFieldToMatch { /** * When the value of `type` is `HEADER`, enter the name of the header that you want the WAF to search, for example, `User-Agent` or `Referer`. If the value of `type` is any other value, omit `data`. */ data?: pulumi.Input; /** * The part of the web request that you want AWS WAF to search for a specified stringE.g., `HEADER` or `METHOD` */ type: pulumi.Input; } } export namespace wafv2 { export interface RegexPatternSetRegularExpression { /** * The string representing the regular expression, see the AWS WAF [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-regex-pattern-set-creating.html) for more information. */ regexString: pulumi.Input; } export interface RuleGroupCustomResponseBody { /** * The payload of the custom response. */ content: pulumi.Input; /** * The type of content in the payload that you are defining in the `content` argument. Valid values are `TEXT_PLAIN`, `TEXT_HTML`, or `APPLICATION_JSON`. */ contentType: pulumi.Input; /** * A unique key identifying the custom response body. This is referenced by the `customResponseBodyKey` argument in the Custom Response block. */ key: pulumi.Input; } export interface RuleGroupRule { /** * The action that AWS WAF should take on a web request when it matches the rule's statement. Settings at the `aws.wafv2.WebAcl` level can override the rule action setting. See Action below for details. */ action: pulumi.Input; /** * Specifies how AWS WAF should handle CAPTCHA evaluations. See Captcha Configuration below for details. */ captchaConfig?: pulumi.Input; /** * A friendly name of the rule. */ name: pulumi.Input; /** * If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the `rules` in order based on the value of `priority`. AWS WAF processes rules with lower priority first. */ priority: pulumi.Input; /** * Labels to apply to web requests that match the rule match statement. See Rule Label below for details. */ ruleLabels?: pulumi.Input[]>; /** * The AWS WAF processing statement for the rule, for example `byteMatchStatement` or `geoMatchStatement`. See Statement below for details. */ statement: pulumi.Input; /** * Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details. */ visibilityConfig: pulumi.Input; } export interface RuleGroupRuleAction { /** * Instructs AWS WAF to allow the web request. See Allow below for details. */ allow?: pulumi.Input; /** * Instructs AWS WAF to block the web request. See Block below for details. */ block?: pulumi.Input; /** * Instructs AWS WAF to run a `CAPTCHA` check against the web request. See Captcha below for details. */ captcha?: pulumi.Input; /** * Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See Challenge below for details. */ challenge?: pulumi.Input; /** * Instructs AWS WAF to count the web request and allow it. See Count below for details. */ count?: pulumi.Input; } export interface RuleGroupRuleActionAllow { /** * Defines custom handling for the web request. See Custom Request Handling below for details. */ customRequestHandling?: pulumi.Input; } export interface RuleGroupRuleActionAllowCustomRequestHandling { /** * The `insertHeader` blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details. */ insertHeaders: pulumi.Input[]>; } export interface RuleGroupRuleActionAllowCustomRequestHandlingInsertHeader { /** * A friendly name of the rule group. */ name: pulumi.Input; value: pulumi.Input; } export interface RuleGroupRuleActionBlock { /** * Defines a custom response for the web request. See Custom Response below for details. */ customResponse?: pulumi.Input; } export interface RuleGroupRuleActionBlockCustomResponse { /** * References the response body that you want AWS WAF to return to the web request client. This must reference a `key` defined in a `customResponseBody` block of this resource. */ customResponseBodyKey?: pulumi.Input; /** * The HTTP status code to return to the client. */ responseCode: pulumi.Input; /** * The `responseHeader` blocks used to define the HTTP response headers added to the response. See Custom HTTP Header below for details. */ responseHeaders?: pulumi.Input[]>; } export interface RuleGroupRuleActionBlockCustomResponseResponseHeader { /** * A friendly name of the rule group. */ name: pulumi.Input; value: pulumi.Input; } export interface RuleGroupRuleActionCaptcha { /** * Defines custom handling for the web request. See Custom Request Handling below for details. */ customRequestHandling?: pulumi.Input; } export interface RuleGroupRuleActionCaptchaCustomRequestHandling { /** * The `insertHeader` blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details. */ insertHeaders: pulumi.Input[]>; } export interface RuleGroupRuleActionCaptchaCustomRequestHandlingInsertHeader { /** * A friendly name of the rule group. */ name: pulumi.Input; value: pulumi.Input; } export interface RuleGroupRuleActionChallenge { /** * Defines custom handling for the web request. See Custom Request Handling below for details. */ customRequestHandling?: pulumi.Input; } export interface RuleGroupRuleActionChallengeCustomRequestHandling { /** * The `insertHeader` blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details. */ insertHeaders: pulumi.Input[]>; } export interface RuleGroupRuleActionChallengeCustomRequestHandlingInsertHeader { /** * A friendly name of the rule group. */ name: pulumi.Input; value: pulumi.Input; } export interface RuleGroupRuleActionCount { /** * Defines custom handling for the web request. See Custom Request Handling below for details. */ customRequestHandling?: pulumi.Input; } export interface RuleGroupRuleActionCountCustomRequestHandling { /** * The `insertHeader` blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details. */ insertHeaders: pulumi.Input[]>; } export interface RuleGroupRuleActionCountCustomRequestHandlingInsertHeader { /** * A friendly name of the rule group. */ name: pulumi.Input; value: pulumi.Input; } export interface RuleGroupRuleCaptchaConfig { /** * Defines custom immunity time. See Immunity Time Property below for details. */ immunityTimeProperty?: pulumi.Input; } export interface RuleGroupRuleCaptchaConfigImmunityTimeProperty { /** * The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300. */ immunityTime?: pulumi.Input; } export interface RuleGroupRuleRuleLabel { /** * The label string. */ name: pulumi.Input; } export interface RuleGroupRuleStatement { /** * A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details. */ andStatement?: pulumi.Input; /** * A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details. */ byteMatchStatement?: pulumi.Input; /** * A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details. */ geoMatchStatement?: pulumi.Input; /** * A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details. */ ipSetReferenceStatement?: pulumi.Input; /** * A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details. */ labelMatchStatement?: pulumi.Input; /** * A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details. */ notStatement?: pulumi.Input; /** * A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details. */ orStatement?: pulumi.Input; /** * A rate-based rule tracks the rate of requests for each originating `IP address`, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any `5-minute` time span. This statement can not be nested. See Rate Based Statement below for details. */ rateBasedStatement?: pulumi.Input; /** * A rule statement used to search web request components for a match against a single regular expression. See Regex Match Statement below for details. */ regexMatchStatement?: pulumi.Input; /** * A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details. */ regexPatternSetReferenceStatement?: pulumi.Input; /** * A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details. */ sizeConstraintStatement?: pulumi.Input; /** * An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details. */ sqliMatchStatement?: pulumi.Input; /** * A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details. */ xssMatchStatement?: pulumi.Input; } export interface RuleGroupRuleStatementAndStatement { /** * The statements to combine. */ statements: pulumi.Input[]>; } export interface RuleGroupRuleStatementByteMatchStatement { /** * The part of a web request that you want AWS WAF to inspect. See Field to Match below for details. */ fieldToMatch?: pulumi.Input; /** * The area within the portion of a web request that you want AWS WAF to search for `searchString`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information. */ positionalConstraint: pulumi.Input; /** * A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `fieldToMatch`. The maximum length of the value is 50 bytes. */ searchString: pulumi.Input; /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. * At least one required. * See Text Transformation below for details. */ textTransformations: pulumi.Input[]>; } export interface RuleGroupRuleStatementByteMatchStatementFieldToMatch { /** * Inspect all query arguments. */ allQueryArguments?: pulumi.Input; /** * Inspect the request body, which immediately follows the request headers. */ body?: pulumi.Input; /** * Inspect the cookies in the web request. See Cookies below for details. */ cookies?: pulumi.Input; /** * Inspect the request headers. See Header Order below for details. */ headerOrders?: pulumi.Input[]>; /** * Inspect the request headers. See Headers below for details. */ headers?: pulumi.Input[]>; ja3Fingerprint?: pulumi.Input; /** * Inspect the request body as JSON. See JSON Body for details. */ jsonBody?: pulumi.Input; /** * Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform. */ method?: pulumi.Input; /** * Inspect the query string. This is the part of a URL that appears after a `?` character, if any. */ queryString?: pulumi.Input; /** * Inspect a single header. See Single Header below for details. */ singleHeader?: pulumi.Input; /** * Inspect a single query argument. See Single Query Argument below for details. */ singleQueryArgument?: pulumi.Input; /** * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`. */ uriPath?: pulumi.Input; } export interface RuleGroupRuleStatementByteMatchStatementFieldToMatchAllQueryArguments { } export interface RuleGroupRuleStatementByteMatchStatementFieldToMatchBody { oversizeHandling?: pulumi.Input; } export interface RuleGroupRuleStatementByteMatchStatementFieldToMatchCookies { /** * The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either `all`, `includedCookies` or `excludedCookies`. More details: [CookieMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_CookieMatchPattern.html) */ matchPatterns: pulumi.Input[]>; /** * The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: `ALL`, `KEY`, `VALUE` */ matchScope: pulumi.Input; /** * What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH` */ oversizeHandling: pulumi.Input; } export interface RuleGroupRuleStatementByteMatchStatementFieldToMatchCookiesMatchPattern { all?: pulumi.Input; excludedCookies?: pulumi.Input[]>; includedCookies?: pulumi.Input[]>; } export interface RuleGroupRuleStatementByteMatchStatementFieldToMatchCookiesMatchPatternAll { } export interface RuleGroupRuleStatementByteMatchStatementFieldToMatchHeader { /** * The filter to use to identify the subset of headers to inspect in a web request. The `matchPattern` block supports only one of the following arguments: */ matchPattern: pulumi.Input; /** * The parts of the headers to inspect with the rule inspection criteria. If you specify `All`, AWS WAF inspects both keys and values. Valid values include the following: `ALL`, `Key`, `Value`. */ matchScope: pulumi.Input; /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface RuleGroupRuleStatementByteMatchStatementFieldToMatchHeaderMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; /** * An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values. */ excludedHeaders?: pulumi.Input[]>; /** * An array of strings that will be used for inspecting headers that have a key that matches one of the provided values. */ includedHeaders?: pulumi.Input[]>; } export interface RuleGroupRuleStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll { } export interface RuleGroupRuleStatementByteMatchStatementFieldToMatchHeaderOrder { /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface RuleGroupRuleStatementByteMatchStatementFieldToMatchJa3Fingerprint { fallbackBehavior: pulumi.Input; } export interface RuleGroupRuleStatementByteMatchStatementFieldToMatchJsonBody { /** * What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are `EVALUATE_AS_STRING`, `MATCH` and `NO_MATCH`. */ invalidFallbackBehavior?: pulumi.Input; /** * The patterns to look for in the JSON body. You must specify exactly one setting: either `all` or `includedPaths`. See [JsonMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_JsonMatchPattern.html) for details. */ matchPattern: pulumi.Input; /** * The parts of the JSON to match against using the `matchPattern`. Valid values are `ALL`, `KEY` and `VALUE`. */ matchScope: pulumi.Input; /** * What to do if the body is larger than can be inspected. Valid values are `CONTINUE` (default), `MATCH` and `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface RuleGroupRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern { all?: pulumi.Input; includedPaths?: pulumi.Input[]>; } export interface RuleGroupRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternAll { } export interface RuleGroupRuleStatementByteMatchStatementFieldToMatchMethod { } export interface RuleGroupRuleStatementByteMatchStatementFieldToMatchQueryString { } export interface RuleGroupRuleStatementByteMatchStatementFieldToMatchSingleHeader { /** * The name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface RuleGroupRuleStatementByteMatchStatementFieldToMatchSingleQueryArgument { /** * The name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface RuleGroupRuleStatementByteMatchStatementFieldToMatchUriPath { } export interface RuleGroupRuleStatementByteMatchStatementTextTransformation { /** * The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * The transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface RuleGroupRuleStatementGeoMatchStatement { /** * An array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values. */ countryCodes: pulumi.Input[]>; /** * The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details. */ forwardedIpConfig?: pulumi.Input; } export interface RuleGroupRuleStatementGeoMatchStatementForwardedIpConfig { /** * The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; /** * The name of the HTTP header to use for the IP address. */ headerName: pulumi.Input; } export interface RuleGroupRuleStatementIpSetReferenceStatement { /** * The Amazon Resource Name (ARN) of the IP Set that this statement references. */ arn: pulumi.Input; /** * The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details. */ ipSetForwardedIpConfig?: pulumi.Input; } export interface RuleGroupRuleStatementIpSetReferenceStatementIpSetForwardedIpConfig { /** * The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; /** * The name of the HTTP header to use for the IP address. */ headerName: pulumi.Input; /** * The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10. */ position: pulumi.Input; } export interface RuleGroupRuleStatementLabelMatchStatement { /** * The string to match against. */ key: pulumi.Input; /** * Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`. */ scope: pulumi.Input; } export interface RuleGroupRuleStatementNotStatement { /** * The statements to combine. */ statements: pulumi.Input[]>; } export interface RuleGroupRuleStatementOrStatement { /** * The statements to combine. */ statements: pulumi.Input[]>; } export interface RuleGroupRuleStatementRateBasedStatement { /** * Setting that indicates how to aggregate the request counts. Valid values include: `CONSTANT`, `CUSTOM_KEYS`, `FORWARDED_IP` or `IP`. Default: `IP`. */ aggregateKeyType?: pulumi.Input; /** * Aggregate the request counts using one or more web request components as the aggregate keys. See `customKey` below for details. */ customKeys?: pulumi.Input[]>; /** * The amount of time, in seconds, that AWS WAF should include in its request counts, looking back from the current time. Valid values are `60`, `120`, `300`, and `600`. Defaults to `300` (5 minutes). * * **NOTE:** This setting doesn't determine how often AWS WAF checks the rate, but how far back it looks each time it checks. AWS WAF checks the rate about every 10 seconds. */ evaluationWindowSec?: pulumi.Input; /** * The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. If `aggregateKeyType` is set to `FORWARDED_IP`, this block is required. See Forwarded IP Config below for details. */ forwardedIpConfig?: pulumi.Input; /** * The limit on requests per 5-minute period for a single originating IP address. */ limit: pulumi.Input; /** * An optional nested statement that narrows the scope of the rate-based statement to matching web requests. This can be any nestable statement, and you can nest statements at any level below this scope-down statement. See Statement above for details. If `aggregateKeyType` is set to `CONSTANT`, this block is required. */ scopeDownStatement?: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementCustomKey { /** * (Optional) Use the value of a cookie in the request as an aggregate key. See RateLimit `cookie` below for details. */ cookie?: pulumi.Input; /** * (Optional) Use the first IP address in an HTTP header as an aggregate key. See `forwardedIp` below for details. */ forwardedIp?: pulumi.Input; /** * (Optional) Use the value of a header in the request as an aggregate key. See RateLimit `header` below for details. */ header?: pulumi.Input; /** * (Optional) Use the request's HTTP method as an aggregate key. See RateLimit `httpMethod` below for details. */ httpMethod?: pulumi.Input; /** * (Optional) Use the request's originating IP address as an aggregate key. See `RateLimit ip` below for details. */ ip?: pulumi.Input; /** * (Optional) Use the specified label namespace as an aggregate key. See RateLimit `labelNamespace` below for details. */ labelNamespace?: pulumi.Input; /** * (Optional) Use the specified query argument as an aggregate key. See RateLimit `queryArgument` below for details. */ queryArgument?: pulumi.Input; /** * (Optional) Use the request's query string as an aggregate key. See RateLimit `queryString` below for details. */ queryString?: pulumi.Input; /** * (Optional) Use the request's URI path as an aggregate key. See RateLimit `uriPath` below for details. */ uriPath?: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementCustomKeyCookie { /** * A friendly name of the rule group. */ name: pulumi.Input; /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details. */ textTransformations: pulumi.Input[]>; } export interface RuleGroupRuleStatementRateBasedStatementCustomKeyCookieTextTransformation { /** * The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * The transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementCustomKeyForwardedIp { } export interface RuleGroupRuleStatementRateBasedStatementCustomKeyHeader { /** * A friendly name of the rule group. */ name: pulumi.Input; /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details. */ textTransformations: pulumi.Input[]>; } export interface RuleGroupRuleStatementRateBasedStatementCustomKeyHeaderTextTransformation { /** * The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * The transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementCustomKeyHttpMethod { } export interface RuleGroupRuleStatementRateBasedStatementCustomKeyIp { } export interface RuleGroupRuleStatementRateBasedStatementCustomKeyLabelNamespace { /** * The namespace to use for aggregation */ namespace: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementCustomKeyQueryArgument { /** * A friendly name of the rule group. */ name: pulumi.Input; /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details. */ textTransformations: pulumi.Input[]>; } export interface RuleGroupRuleStatementRateBasedStatementCustomKeyQueryArgumentTextTransformation { /** * The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * The transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementCustomKeyQueryString { /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details. */ textTransformations: pulumi.Input[]>; } export interface RuleGroupRuleStatementRateBasedStatementCustomKeyQueryStringTextTransformation { /** * The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * The transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementCustomKeyUriPath { /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See Text Transformation above for details. */ textTransformations: pulumi.Input[]>; } export interface RuleGroupRuleStatementRateBasedStatementCustomKeyUriPathTextTransformation { /** * The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * The transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementForwardedIpConfig { /** * The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; /** * The name of the HTTP header to use for the IP address. */ headerName: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatement { andStatement?: pulumi.Input; byteMatchStatement?: pulumi.Input; geoMatchStatement?: pulumi.Input; ipSetReferenceStatement?: pulumi.Input; labelMatchStatement?: pulumi.Input; notStatement?: pulumi.Input; orStatement?: pulumi.Input; regexMatchStatement?: pulumi.Input; regexPatternSetReferenceStatement?: pulumi.Input; sizeConstraintStatement?: pulumi.Input; sqliMatchStatement?: pulumi.Input; xssMatchStatement?: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementAndStatement { /** * The statements to combine. */ statements: pulumi.Input[]>; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatement { /** * The part of a web request that you want AWS WAF to inspect. See Field to Match below for details. */ fieldToMatch?: pulumi.Input; /** * The area within the portion of a web request that you want AWS WAF to search for `searchString`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information. */ positionalConstraint: pulumi.Input; /** * A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `fieldToMatch`. The maximum length of the value is 50 bytes. */ searchString: pulumi.Input; /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. * At least one required. * See Text Transformation below for details. */ textTransformations: pulumi.Input[]>; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatch { /** * Inspect all query arguments. */ allQueryArguments?: pulumi.Input; /** * Inspect the request body, which immediately follows the request headers. */ body?: pulumi.Input; /** * Inspect the cookies in the web request. See Cookies below for details. */ cookies?: pulumi.Input; /** * Inspect the request headers. See Header Order below for details. */ headerOrders?: pulumi.Input[]>; /** * Inspect the request headers. See Headers below for details. */ headers?: pulumi.Input[]>; ja3Fingerprint?: pulumi.Input; /** * Inspect the request body as JSON. See JSON Body for details. */ jsonBody?: pulumi.Input; /** * Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform. */ method?: pulumi.Input; /** * Inspect the query string. This is the part of a URL that appears after a `?` character, if any. */ queryString?: pulumi.Input; /** * Inspect a single header. See Single Header below for details. */ singleHeader?: pulumi.Input; /** * Inspect a single query argument. See Single Query Argument below for details. */ singleQueryArgument?: pulumi.Input; /** * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`. */ uriPath?: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchAllQueryArguments { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchBody { oversizeHandling?: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchCookies { /** * The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either `all`, `includedCookies` or `excludedCookies`. More details: [CookieMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_CookieMatchPattern.html) */ matchPatterns: pulumi.Input[]>; /** * The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: `ALL`, `KEY`, `VALUE` */ matchScope: pulumi.Input; /** * What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH` */ oversizeHandling: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPattern { all?: pulumi.Input; excludedCookies?: pulumi.Input[]>; includedCookies?: pulumi.Input[]>; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPatternAll { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeader { /** * The filter to use to identify the subset of headers to inspect in a web request. The `matchPattern` block supports only one of the following arguments: */ matchPattern: pulumi.Input; /** * The parts of the headers to inspect with the rule inspection criteria. If you specify `All`, AWS WAF inspects both keys and values. Valid values include the following: `ALL`, `Key`, `Value`. */ matchScope: pulumi.Input; /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; /** * An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values. */ excludedHeaders?: pulumi.Input[]>; /** * An array of strings that will be used for inspecting headers that have a key that matches one of the provided values. */ includedHeaders?: pulumi.Input[]>; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderOrder { /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJa3Fingerprint { fallbackBehavior: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBody { /** * What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are `EVALUATE_AS_STRING`, `MATCH` and `NO_MATCH`. */ invalidFallbackBehavior?: pulumi.Input; /** * The patterns to look for in the JSON body. You must specify exactly one setting: either `all` or `includedPaths`. See [JsonMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_JsonMatchPattern.html) for details. */ matchPattern: pulumi.Input; /** * The parts of the JSON to match against using the `matchPattern`. Valid values are `ALL`, `KEY` and `VALUE`. */ matchScope: pulumi.Input; /** * What to do if the body is larger than can be inspected. Valid values are `CONTINUE` (default), `MATCH` and `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern { all?: pulumi.Input; includedPaths?: pulumi.Input[]>; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternAll { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchMethod { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchQueryString { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchSingleHeader { /** * The name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchSingleQueryArgument { /** * The name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchUriPath { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementTextTransformation { /** * The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * The transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementGeoMatchStatement { /** * An array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values. */ countryCodes: pulumi.Input[]>; /** * The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details. */ forwardedIpConfig?: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementGeoMatchStatementForwardedIpConfig { /** * The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; /** * The name of the HTTP header to use for the IP address. */ headerName: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementIpSetReferenceStatement { /** * The Amazon Resource Name (ARN) of the IP Set that this statement references. */ arn: pulumi.Input; /** * The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details. */ ipSetForwardedIpConfig?: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementIpSetReferenceStatementIpSetForwardedIpConfig { /** * The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; /** * The name of the HTTP header to use for the IP address. */ headerName: pulumi.Input; /** * The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10. */ position: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementLabelMatchStatement { /** * The string to match against. */ key: pulumi.Input; /** * Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`. */ scope: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementNotStatement { /** * The statements to combine. */ statements: pulumi.Input[]>; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementOrStatement { /** * The statements to combine. */ statements: pulumi.Input[]>; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatement { /** * The part of a web request that you want AWS WAF to inspect. See Field to Match below for details. */ fieldToMatch?: pulumi.Input; /** * The string representing the regular expression. **Note:** The fixed quota for the maximum number of characters in each regex pattern is 200, which can't be changed. See [AWS WAF quotas](https://docs.aws.amazon.com/waf/latest/developerguide/limits.html) for details. */ regexString: pulumi.Input; /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. * At least one required. * See Text Transformation below for details. */ textTransformations: pulumi.Input[]>; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatch { /** * Inspect all query arguments. */ allQueryArguments?: pulumi.Input; /** * Inspect the request body, which immediately follows the request headers. */ body?: pulumi.Input; /** * Inspect the cookies in the web request. See Cookies below for details. */ cookies?: pulumi.Input; /** * Inspect the request headers. See Header Order below for details. */ headerOrders?: pulumi.Input[]>; /** * Inspect the request headers. See Headers below for details. */ headers?: pulumi.Input[]>; ja3Fingerprint?: pulumi.Input; /** * Inspect the request body as JSON. See JSON Body for details. */ jsonBody?: pulumi.Input; /** * Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform. */ method?: pulumi.Input; /** * Inspect the query string. This is the part of a URL that appears after a `?` character, if any. */ queryString?: pulumi.Input; /** * Inspect a single header. See Single Header below for details. */ singleHeader?: pulumi.Input; /** * Inspect a single query argument. See Single Query Argument below for details. */ singleQueryArgument?: pulumi.Input; /** * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`. */ uriPath?: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchAllQueryArguments { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchBody { oversizeHandling?: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchCookies { /** * The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either `all`, `includedCookies` or `excludedCookies`. More details: [CookieMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_CookieMatchPattern.html) */ matchPatterns: pulumi.Input[]>; /** * The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: `ALL`, `KEY`, `VALUE` */ matchScope: pulumi.Input; /** * What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH` */ oversizeHandling: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesMatchPattern { all?: pulumi.Input; excludedCookies?: pulumi.Input[]>; includedCookies?: pulumi.Input[]>; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesMatchPatternAll { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeader { /** * The filter to use to identify the subset of headers to inspect in a web request. The `matchPattern` block supports only one of the following arguments: */ matchPattern: pulumi.Input; /** * The parts of the headers to inspect with the rule inspection criteria. If you specify `All`, AWS WAF inspects both keys and values. Valid values include the following: `ALL`, `Key`, `Value`. */ matchScope: pulumi.Input; /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; /** * An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values. */ excludedHeaders?: pulumi.Input[]>; /** * An array of strings that will be used for inspecting headers that have a key that matches one of the provided values. */ includedHeaders?: pulumi.Input[]>; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPatternAll { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderOrder { /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJa3Fingerprint { fallbackBehavior: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBody { /** * What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are `EVALUATE_AS_STRING`, `MATCH` and `NO_MATCH`. */ invalidFallbackBehavior?: pulumi.Input; /** * The patterns to look for in the JSON body. You must specify exactly one setting: either `all` or `includedPaths`. See [JsonMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_JsonMatchPattern.html) for details. */ matchPattern: pulumi.Input; /** * The parts of the JSON to match against using the `matchPattern`. Valid values are `ALL`, `KEY` and `VALUE`. */ matchScope: pulumi.Input; /** * What to do if the body is larger than can be inspected. Valid values are `CONTINUE` (default), `MATCH` and `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyMatchPattern { all?: pulumi.Input; includedPaths?: pulumi.Input[]>; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyMatchPatternAll { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchMethod { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchQueryString { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleHeader { /** * The name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleQueryArgument { /** * The name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchUriPath { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementTextTransformation { /** * The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * The transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatement { /** * The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references. */ arn: pulumi.Input; /** * The part of a web request that you want AWS WAF to inspect. See Field to Match below for details. */ fieldToMatch?: pulumi.Input; /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. * At least one required. * See Text Transformation below for details. */ textTransformations: pulumi.Input[]>; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatch { /** * Inspect all query arguments. */ allQueryArguments?: pulumi.Input; /** * Inspect the request body, which immediately follows the request headers. */ body?: pulumi.Input; /** * Inspect the cookies in the web request. See Cookies below for details. */ cookies?: pulumi.Input; /** * Inspect the request headers. See Header Order below for details. */ headerOrders?: pulumi.Input[]>; /** * Inspect the request headers. See Headers below for details. */ headers?: pulumi.Input[]>; ja3Fingerprint?: pulumi.Input; /** * Inspect the request body as JSON. See JSON Body for details. */ jsonBody?: pulumi.Input; /** * Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform. */ method?: pulumi.Input; /** * Inspect the query string. This is the part of a URL that appears after a `?` character, if any. */ queryString?: pulumi.Input; /** * Inspect a single header. See Single Header below for details. */ singleHeader?: pulumi.Input; /** * Inspect a single query argument. See Single Query Argument below for details. */ singleQueryArgument?: pulumi.Input; /** * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`. */ uriPath?: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchBody { oversizeHandling?: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookies { /** * The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either `all`, `includedCookies` or `excludedCookies`. More details: [CookieMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_CookieMatchPattern.html) */ matchPatterns: pulumi.Input[]>; /** * The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: `ALL`, `KEY`, `VALUE` */ matchScope: pulumi.Input; /** * What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH` */ oversizeHandling: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPattern { all?: pulumi.Input; excludedCookies?: pulumi.Input[]>; includedCookies?: pulumi.Input[]>; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPatternAll { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeader { /** * The filter to use to identify the subset of headers to inspect in a web request. The `matchPattern` block supports only one of the following arguments: */ matchPattern: pulumi.Input; /** * The parts of the headers to inspect with the rule inspection criteria. If you specify `All`, AWS WAF inspects both keys and values. Valid values include the following: `ALL`, `Key`, `Value`. */ matchScope: pulumi.Input; /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; /** * An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values. */ excludedHeaders?: pulumi.Input[]>; /** * An array of strings that will be used for inspecting headers that have a key that matches one of the provided values. */ includedHeaders?: pulumi.Input[]>; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPatternAll { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderOrder { /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa3Fingerprint { fallbackBehavior: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBody { /** * What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are `EVALUATE_AS_STRING`, `MATCH` and `NO_MATCH`. */ invalidFallbackBehavior?: pulumi.Input; /** * The patterns to look for in the JSON body. You must specify exactly one setting: either `all` or `includedPaths`. See [JsonMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_JsonMatchPattern.html) for details. */ matchPattern: pulumi.Input; /** * The parts of the JSON to match against using the `matchPattern`. Valid values are `ALL`, `KEY` and `VALUE`. */ matchScope: pulumi.Input; /** * What to do if the body is larger than can be inspected. Valid values are `CONTINUE` (default), `MATCH` and `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPattern { all?: pulumi.Input; includedPaths?: pulumi.Input[]>; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPatternAll { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchMethod { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchQueryString { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader { /** * The name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument { /** * The name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchUriPath { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementTextTransformation { /** * The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * The transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatement { /** * The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`. */ comparisonOperator: pulumi.Input; /** * The part of a web request that you want AWS WAF to inspect. See Field to Match below for details. */ fieldToMatch?: pulumi.Input; /** * The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive. */ size: pulumi.Input; /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. * At least one required. * See Text Transformation below for details. */ textTransformations: pulumi.Input[]>; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatch { /** * Inspect all query arguments. */ allQueryArguments?: pulumi.Input; /** * Inspect the request body, which immediately follows the request headers. */ body?: pulumi.Input; /** * Inspect the cookies in the web request. See Cookies below for details. */ cookies?: pulumi.Input; /** * Inspect the request headers. See Header Order below for details. */ headerOrders?: pulumi.Input[]>; /** * Inspect the request headers. See Headers below for details. */ headers?: pulumi.Input[]>; ja3Fingerprint?: pulumi.Input; /** * Inspect the request body as JSON. See JSON Body for details. */ jsonBody?: pulumi.Input; /** * Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform. */ method?: pulumi.Input; /** * Inspect the query string. This is the part of a URL that appears after a `?` character, if any. */ queryString?: pulumi.Input; /** * Inspect a single header. See Single Header below for details. */ singleHeader?: pulumi.Input; /** * Inspect a single query argument. See Single Query Argument below for details. */ singleQueryArgument?: pulumi.Input; /** * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`. */ uriPath?: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchAllQueryArguments { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchBody { oversizeHandling?: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookies { /** * The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either `all`, `includedCookies` or `excludedCookies`. More details: [CookieMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_CookieMatchPattern.html) */ matchPatterns: pulumi.Input[]>; /** * The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: `ALL`, `KEY`, `VALUE` */ matchScope: pulumi.Input; /** * What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH` */ oversizeHandling: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesMatchPattern { all?: pulumi.Input; excludedCookies?: pulumi.Input[]>; includedCookies?: pulumi.Input[]>; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesMatchPatternAll { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeader { /** * The filter to use to identify the subset of headers to inspect in a web request. The `matchPattern` block supports only one of the following arguments: */ matchPattern: pulumi.Input; /** * The parts of the headers to inspect with the rule inspection criteria. If you specify `All`, AWS WAF inspects both keys and values. Valid values include the following: `ALL`, `Key`, `Value`. */ matchScope: pulumi.Input; /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; /** * An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values. */ excludedHeaders?: pulumi.Input[]>; /** * An array of strings that will be used for inspecting headers that have a key that matches one of the provided values. */ includedHeaders?: pulumi.Input[]>; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPatternAll { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderOrder { /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa3Fingerprint { fallbackBehavior: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBody { /** * What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are `EVALUATE_AS_STRING`, `MATCH` and `NO_MATCH`. */ invalidFallbackBehavior?: pulumi.Input; /** * The patterns to look for in the JSON body. You must specify exactly one setting: either `all` or `includedPaths`. See [JsonMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_JsonMatchPattern.html) for details. */ matchPattern: pulumi.Input; /** * The parts of the JSON to match against using the `matchPattern`. Valid values are `ALL`, `KEY` and `VALUE`. */ matchScope: pulumi.Input; /** * What to do if the body is larger than can be inspected. Valid values are `CONTINUE` (default), `MATCH` and `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPattern { all?: pulumi.Input; includedPaths?: pulumi.Input[]>; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPatternAll { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchMethod { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchQueryString { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleHeader { /** * The name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleQueryArgument { /** * The name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchUriPath { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementTextTransformation { /** * The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * The transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatement { /** * The part of a web request that you want AWS WAF to inspect. See Field to Match below for details. */ fieldToMatch?: pulumi.Input; /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. * At least one required. * See Text Transformation below for details. */ textTransformations: pulumi.Input[]>; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatch { /** * Inspect all query arguments. */ allQueryArguments?: pulumi.Input; /** * Inspect the request body, which immediately follows the request headers. */ body?: pulumi.Input; /** * Inspect the cookies in the web request. See Cookies below for details. */ cookies?: pulumi.Input; /** * Inspect the request headers. See Header Order below for details. */ headerOrders?: pulumi.Input[]>; /** * Inspect the request headers. See Headers below for details. */ headers?: pulumi.Input[]>; ja3Fingerprint?: pulumi.Input; /** * Inspect the request body as JSON. See JSON Body for details. */ jsonBody?: pulumi.Input; /** * Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform. */ method?: pulumi.Input; /** * Inspect the query string. This is the part of a URL that appears after a `?` character, if any. */ queryString?: pulumi.Input; /** * Inspect a single header. See Single Header below for details. */ singleHeader?: pulumi.Input; /** * Inspect a single query argument. See Single Query Argument below for details. */ singleQueryArgument?: pulumi.Input; /** * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`. */ uriPath?: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchAllQueryArguments { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchBody { oversizeHandling?: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchCookies { /** * The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either `all`, `includedCookies` or `excludedCookies`. More details: [CookieMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_CookieMatchPattern.html) */ matchPatterns: pulumi.Input[]>; /** * The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: `ALL`, `KEY`, `VALUE` */ matchScope: pulumi.Input; /** * What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH` */ oversizeHandling: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesMatchPattern { all?: pulumi.Input; excludedCookies?: pulumi.Input[]>; includedCookies?: pulumi.Input[]>; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesMatchPatternAll { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeader { /** * The filter to use to identify the subset of headers to inspect in a web request. The `matchPattern` block supports only one of the following arguments: */ matchPattern: pulumi.Input; /** * The parts of the headers to inspect with the rule inspection criteria. If you specify `All`, AWS WAF inspects both keys and values. Valid values include the following: `ALL`, `Key`, `Value`. */ matchScope: pulumi.Input; /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; /** * An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values. */ excludedHeaders?: pulumi.Input[]>; /** * An array of strings that will be used for inspecting headers that have a key that matches one of the provided values. */ includedHeaders?: pulumi.Input[]>; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPatternAll { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderOrder { /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJa3Fingerprint { fallbackBehavior: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBody { /** * What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are `EVALUATE_AS_STRING`, `MATCH` and `NO_MATCH`. */ invalidFallbackBehavior?: pulumi.Input; /** * The patterns to look for in the JSON body. You must specify exactly one setting: either `all` or `includedPaths`. See [JsonMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_JsonMatchPattern.html) for details. */ matchPattern: pulumi.Input; /** * The parts of the JSON to match against using the `matchPattern`. Valid values are `ALL`, `KEY` and `VALUE`. */ matchScope: pulumi.Input; /** * What to do if the body is larger than can be inspected. Valid values are `CONTINUE` (default), `MATCH` and `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBodyMatchPattern { all?: pulumi.Input; includedPaths?: pulumi.Input[]>; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBodyMatchPatternAll { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchMethod { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchQueryString { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleHeader { /** * The name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleQueryArgument { /** * The name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchUriPath { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementTextTransformation { /** * The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * The transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatement { /** * The part of a web request that you want AWS WAF to inspect. See Field to Match below for details. */ fieldToMatch?: pulumi.Input; /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. * At least one required. * See Text Transformation below for details. */ textTransformations: pulumi.Input[]>; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatch { /** * Inspect all query arguments. */ allQueryArguments?: pulumi.Input; /** * Inspect the request body, which immediately follows the request headers. */ body?: pulumi.Input; /** * Inspect the cookies in the web request. See Cookies below for details. */ cookies?: pulumi.Input; /** * Inspect the request headers. See Header Order below for details. */ headerOrders?: pulumi.Input[]>; /** * Inspect the request headers. See Headers below for details. */ headers?: pulumi.Input[]>; ja3Fingerprint?: pulumi.Input; /** * Inspect the request body as JSON. See JSON Body for details. */ jsonBody?: pulumi.Input; /** * Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform. */ method?: pulumi.Input; /** * Inspect the query string. This is the part of a URL that appears after a `?` character, if any. */ queryString?: pulumi.Input; /** * Inspect a single header. See Single Header below for details. */ singleHeader?: pulumi.Input; /** * Inspect a single query argument. See Single Query Argument below for details. */ singleQueryArgument?: pulumi.Input; /** * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`. */ uriPath?: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchAllQueryArguments { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchBody { oversizeHandling?: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchCookies { /** * The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either `all`, `includedCookies` or `excludedCookies`. More details: [CookieMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_CookieMatchPattern.html) */ matchPatterns: pulumi.Input[]>; /** * The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: `ALL`, `KEY`, `VALUE` */ matchScope: pulumi.Input; /** * What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH` */ oversizeHandling: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchCookiesMatchPattern { all?: pulumi.Input; excludedCookies?: pulumi.Input[]>; includedCookies?: pulumi.Input[]>; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchCookiesMatchPatternAll { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeader { /** * The filter to use to identify the subset of headers to inspect in a web request. The `matchPattern` block supports only one of the following arguments: */ matchPattern: pulumi.Input; /** * The parts of the headers to inspect with the rule inspection criteria. If you specify `All`, AWS WAF inspects both keys and values. Valid values include the following: `ALL`, `Key`, `Value`. */ matchScope: pulumi.Input; /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; /** * An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values. */ excludedHeaders?: pulumi.Input[]>; /** * An array of strings that will be used for inspecting headers that have a key that matches one of the provided values. */ includedHeaders?: pulumi.Input[]>; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderMatchPatternAll { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderOrder { /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJa3Fingerprint { fallbackBehavior: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBody { /** * What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are `EVALUATE_AS_STRING`, `MATCH` and `NO_MATCH`. */ invalidFallbackBehavior?: pulumi.Input; /** * The patterns to look for in the JSON body. You must specify exactly one setting: either `all` or `includedPaths`. See [JsonMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_JsonMatchPattern.html) for details. */ matchPattern: pulumi.Input; /** * The parts of the JSON to match against using the `matchPattern`. Valid values are `ALL`, `KEY` and `VALUE`. */ matchScope: pulumi.Input; /** * What to do if the body is larger than can be inspected. Valid values are `CONTINUE` (default), `MATCH` and `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBodyMatchPattern { all?: pulumi.Input; includedPaths?: pulumi.Input[]>; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBodyMatchPatternAll { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchMethod { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchQueryString { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchSingleHeader { /** * The name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchSingleQueryArgument { /** * The name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchUriPath { } export interface RuleGroupRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementTextTransformation { /** * The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * The transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface RuleGroupRuleStatementRegexMatchStatement { /** * The part of a web request that you want AWS WAF to inspect. See Field to Match below for details. */ fieldToMatch?: pulumi.Input; /** * The string representing the regular expression. **Note:** The fixed quota for the maximum number of characters in each regex pattern is 200, which can't be changed. See [AWS WAF quotas](https://docs.aws.amazon.com/waf/latest/developerguide/limits.html) for details. */ regexString: pulumi.Input; /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. * At least one required. * See Text Transformation below for details. */ textTransformations: pulumi.Input[]>; } export interface RuleGroupRuleStatementRegexMatchStatementFieldToMatch { /** * Inspect all query arguments. */ allQueryArguments?: pulumi.Input; /** * Inspect the request body, which immediately follows the request headers. */ body?: pulumi.Input; /** * Inspect the cookies in the web request. See Cookies below for details. */ cookies?: pulumi.Input; /** * Inspect the request headers. See Header Order below for details. */ headerOrders?: pulumi.Input[]>; /** * Inspect the request headers. See Headers below for details. */ headers?: pulumi.Input[]>; ja3Fingerprint?: pulumi.Input; /** * Inspect the request body as JSON. See JSON Body for details. */ jsonBody?: pulumi.Input; /** * Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform. */ method?: pulumi.Input; /** * Inspect the query string. This is the part of a URL that appears after a `?` character, if any. */ queryString?: pulumi.Input; /** * Inspect a single header. See Single Header below for details. */ singleHeader?: pulumi.Input; /** * Inspect a single query argument. See Single Query Argument below for details. */ singleQueryArgument?: pulumi.Input; /** * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`. */ uriPath?: pulumi.Input; } export interface RuleGroupRuleStatementRegexMatchStatementFieldToMatchAllQueryArguments { } export interface RuleGroupRuleStatementRegexMatchStatementFieldToMatchBody { oversizeHandling?: pulumi.Input; } export interface RuleGroupRuleStatementRegexMatchStatementFieldToMatchCookies { /** * The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either `all`, `includedCookies` or `excludedCookies`. More details: [CookieMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_CookieMatchPattern.html) */ matchPatterns: pulumi.Input[]>; /** * The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: `ALL`, `KEY`, `VALUE` */ matchScope: pulumi.Input; /** * What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH` */ oversizeHandling: pulumi.Input; } export interface RuleGroupRuleStatementRegexMatchStatementFieldToMatchCookiesMatchPattern { all?: pulumi.Input; excludedCookies?: pulumi.Input[]>; includedCookies?: pulumi.Input[]>; } export interface RuleGroupRuleStatementRegexMatchStatementFieldToMatchCookiesMatchPatternAll { } export interface RuleGroupRuleStatementRegexMatchStatementFieldToMatchHeader { /** * The filter to use to identify the subset of headers to inspect in a web request. The `matchPattern` block supports only one of the following arguments: */ matchPattern: pulumi.Input; /** * The parts of the headers to inspect with the rule inspection criteria. If you specify `All`, AWS WAF inspects both keys and values. Valid values include the following: `ALL`, `Key`, `Value`. */ matchScope: pulumi.Input; /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface RuleGroupRuleStatementRegexMatchStatementFieldToMatchHeaderMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; /** * An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values. */ excludedHeaders?: pulumi.Input[]>; /** * An array of strings that will be used for inspecting headers that have a key that matches one of the provided values. */ includedHeaders?: pulumi.Input[]>; } export interface RuleGroupRuleStatementRegexMatchStatementFieldToMatchHeaderMatchPatternAll { } export interface RuleGroupRuleStatementRegexMatchStatementFieldToMatchHeaderOrder { /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface RuleGroupRuleStatementRegexMatchStatementFieldToMatchJa3Fingerprint { fallbackBehavior: pulumi.Input; } export interface RuleGroupRuleStatementRegexMatchStatementFieldToMatchJsonBody { /** * What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are `EVALUATE_AS_STRING`, `MATCH` and `NO_MATCH`. */ invalidFallbackBehavior?: pulumi.Input; /** * The patterns to look for in the JSON body. You must specify exactly one setting: either `all` or `includedPaths`. See [JsonMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_JsonMatchPattern.html) for details. */ matchPattern: pulumi.Input; /** * The parts of the JSON to match against using the `matchPattern`. Valid values are `ALL`, `KEY` and `VALUE`. */ matchScope: pulumi.Input; /** * What to do if the body is larger than can be inspected. Valid values are `CONTINUE` (default), `MATCH` and `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface RuleGroupRuleStatementRegexMatchStatementFieldToMatchJsonBodyMatchPattern { all?: pulumi.Input; includedPaths?: pulumi.Input[]>; } export interface RuleGroupRuleStatementRegexMatchStatementFieldToMatchJsonBodyMatchPatternAll { } export interface RuleGroupRuleStatementRegexMatchStatementFieldToMatchMethod { } export interface RuleGroupRuleStatementRegexMatchStatementFieldToMatchQueryString { } export interface RuleGroupRuleStatementRegexMatchStatementFieldToMatchSingleHeader { /** * The name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface RuleGroupRuleStatementRegexMatchStatementFieldToMatchSingleQueryArgument { /** * The name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface RuleGroupRuleStatementRegexMatchStatementFieldToMatchUriPath { } export interface RuleGroupRuleStatementRegexMatchStatementTextTransformation { /** * The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * The transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface RuleGroupRuleStatementRegexPatternSetReferenceStatement { /** * The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references. */ arn: pulumi.Input; /** * The part of a web request that you want AWS WAF to inspect. See Field to Match below for details. */ fieldToMatch?: pulumi.Input; /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. * At least one required. * See Text Transformation below for details. */ textTransformations: pulumi.Input[]>; } export interface RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatch { /** * Inspect all query arguments. */ allQueryArguments?: pulumi.Input; /** * Inspect the request body, which immediately follows the request headers. */ body?: pulumi.Input; /** * Inspect the cookies in the web request. See Cookies below for details. */ cookies?: pulumi.Input; /** * Inspect the request headers. See Header Order below for details. */ headerOrders?: pulumi.Input[]>; /** * Inspect the request headers. See Headers below for details. */ headers?: pulumi.Input[]>; ja3Fingerprint?: pulumi.Input; /** * Inspect the request body as JSON. See JSON Body for details. */ jsonBody?: pulumi.Input; /** * Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform. */ method?: pulumi.Input; /** * Inspect the query string. This is the part of a URL that appears after a `?` character, if any. */ queryString?: pulumi.Input; /** * Inspect a single header. See Single Header below for details. */ singleHeader?: pulumi.Input; /** * Inspect a single query argument. See Single Query Argument below for details. */ singleQueryArgument?: pulumi.Input; /** * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`. */ uriPath?: pulumi.Input; } export interface RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments { } export interface RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchBody { oversizeHandling?: pulumi.Input; } export interface RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchCookies { /** * The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either `all`, `includedCookies` or `excludedCookies`. More details: [CookieMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_CookieMatchPattern.html) */ matchPatterns: pulumi.Input[]>; /** * The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: `ALL`, `KEY`, `VALUE` */ matchScope: pulumi.Input; /** * What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH` */ oversizeHandling: pulumi.Input; } export interface RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPattern { all?: pulumi.Input; excludedCookies?: pulumi.Input[]>; includedCookies?: pulumi.Input[]>; } export interface RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPatternAll { } export interface RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeader { /** * The filter to use to identify the subset of headers to inspect in a web request. The `matchPattern` block supports only one of the following arguments: */ matchPattern: pulumi.Input; /** * The parts of the headers to inspect with the rule inspection criteria. If you specify `All`, AWS WAF inspects both keys and values. Valid values include the following: `ALL`, `Key`, `Value`. */ matchScope: pulumi.Input; /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; /** * An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values. */ excludedHeaders?: pulumi.Input[]>; /** * An array of strings that will be used for inspecting headers that have a key that matches one of the provided values. */ includedHeaders?: pulumi.Input[]>; } export interface RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPatternAll { } export interface RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeaderOrder { /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJa3Fingerprint { fallbackBehavior: pulumi.Input; } export interface RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJsonBody { /** * What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are `EVALUATE_AS_STRING`, `MATCH` and `NO_MATCH`. */ invalidFallbackBehavior?: pulumi.Input; /** * The patterns to look for in the JSON body. You must specify exactly one setting: either `all` or `includedPaths`. See [JsonMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_JsonMatchPattern.html) for details. */ matchPattern: pulumi.Input; /** * The parts of the JSON to match against using the `matchPattern`. Valid values are `ALL`, `KEY` and `VALUE`. */ matchScope: pulumi.Input; /** * What to do if the body is larger than can be inspected. Valid values are `CONTINUE` (default), `MATCH` and `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPattern { all?: pulumi.Input; includedPaths?: pulumi.Input[]>; } export interface RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPatternAll { } export interface RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchMethod { } export interface RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchQueryString { } export interface RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader { /** * The name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument { /** * The name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchUriPath { } export interface RuleGroupRuleStatementRegexPatternSetReferenceStatementTextTransformation { /** * The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * The transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface RuleGroupRuleStatementSizeConstraintStatement { /** * The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`. */ comparisonOperator: pulumi.Input; /** * The part of a web request that you want AWS WAF to inspect. See Field to Match below for details. */ fieldToMatch?: pulumi.Input; /** * The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive. */ size: pulumi.Input; /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. * At least one required. * See Text Transformation below for details. */ textTransformations: pulumi.Input[]>; } export interface RuleGroupRuleStatementSizeConstraintStatementFieldToMatch { /** * Inspect all query arguments. */ allQueryArguments?: pulumi.Input; /** * Inspect the request body, which immediately follows the request headers. */ body?: pulumi.Input; /** * Inspect the cookies in the web request. See Cookies below for details. */ cookies?: pulumi.Input; /** * Inspect the request headers. See Header Order below for details. */ headerOrders?: pulumi.Input[]>; /** * Inspect the request headers. See Headers below for details. */ headers?: pulumi.Input[]>; ja3Fingerprint?: pulumi.Input; /** * Inspect the request body as JSON. See JSON Body for details. */ jsonBody?: pulumi.Input; /** * Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform. */ method?: pulumi.Input; /** * Inspect the query string. This is the part of a URL that appears after a `?` character, if any. */ queryString?: pulumi.Input; /** * Inspect a single header. See Single Header below for details. */ singleHeader?: pulumi.Input; /** * Inspect a single query argument. See Single Query Argument below for details. */ singleQueryArgument?: pulumi.Input; /** * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`. */ uriPath?: pulumi.Input; } export interface RuleGroupRuleStatementSizeConstraintStatementFieldToMatchAllQueryArguments { } export interface RuleGroupRuleStatementSizeConstraintStatementFieldToMatchBody { oversizeHandling?: pulumi.Input; } export interface RuleGroupRuleStatementSizeConstraintStatementFieldToMatchCookies { /** * The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either `all`, `includedCookies` or `excludedCookies`. More details: [CookieMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_CookieMatchPattern.html) */ matchPatterns: pulumi.Input[]>; /** * The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: `ALL`, `KEY`, `VALUE` */ matchScope: pulumi.Input; /** * What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH` */ oversizeHandling: pulumi.Input; } export interface RuleGroupRuleStatementSizeConstraintStatementFieldToMatchCookiesMatchPattern { all?: pulumi.Input; excludedCookies?: pulumi.Input[]>; includedCookies?: pulumi.Input[]>; } export interface RuleGroupRuleStatementSizeConstraintStatementFieldToMatchCookiesMatchPatternAll { } export interface RuleGroupRuleStatementSizeConstraintStatementFieldToMatchHeader { /** * The filter to use to identify the subset of headers to inspect in a web request. The `matchPattern` block supports only one of the following arguments: */ matchPattern: pulumi.Input; /** * The parts of the headers to inspect with the rule inspection criteria. If you specify `All`, AWS WAF inspects both keys and values. Valid values include the following: `ALL`, `Key`, `Value`. */ matchScope: pulumi.Input; /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface RuleGroupRuleStatementSizeConstraintStatementFieldToMatchHeaderMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; /** * An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values. */ excludedHeaders?: pulumi.Input[]>; /** * An array of strings that will be used for inspecting headers that have a key that matches one of the provided values. */ includedHeaders?: pulumi.Input[]>; } export interface RuleGroupRuleStatementSizeConstraintStatementFieldToMatchHeaderMatchPatternAll { } export interface RuleGroupRuleStatementSizeConstraintStatementFieldToMatchHeaderOrder { /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface RuleGroupRuleStatementSizeConstraintStatementFieldToMatchJa3Fingerprint { fallbackBehavior: pulumi.Input; } export interface RuleGroupRuleStatementSizeConstraintStatementFieldToMatchJsonBody { /** * What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are `EVALUATE_AS_STRING`, `MATCH` and `NO_MATCH`. */ invalidFallbackBehavior?: pulumi.Input; /** * The patterns to look for in the JSON body. You must specify exactly one setting: either `all` or `includedPaths`. See [JsonMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_JsonMatchPattern.html) for details. */ matchPattern: pulumi.Input; /** * The parts of the JSON to match against using the `matchPattern`. Valid values are `ALL`, `KEY` and `VALUE`. */ matchScope: pulumi.Input; /** * What to do if the body is larger than can be inspected. Valid values are `CONTINUE` (default), `MATCH` and `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface RuleGroupRuleStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPattern { all?: pulumi.Input; includedPaths?: pulumi.Input[]>; } export interface RuleGroupRuleStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPatternAll { } export interface RuleGroupRuleStatementSizeConstraintStatementFieldToMatchMethod { } export interface RuleGroupRuleStatementSizeConstraintStatementFieldToMatchQueryString { } export interface RuleGroupRuleStatementSizeConstraintStatementFieldToMatchSingleHeader { /** * The name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface RuleGroupRuleStatementSizeConstraintStatementFieldToMatchSingleQueryArgument { /** * The name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface RuleGroupRuleStatementSizeConstraintStatementFieldToMatchUriPath { } export interface RuleGroupRuleStatementSizeConstraintStatementTextTransformation { /** * The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * The transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface RuleGroupRuleStatementSqliMatchStatement { /** * The part of a web request that you want AWS WAF to inspect. See Field to Match below for details. */ fieldToMatch?: pulumi.Input; /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. * At least one required. * See Text Transformation below for details. */ textTransformations: pulumi.Input[]>; } export interface RuleGroupRuleStatementSqliMatchStatementFieldToMatch { /** * Inspect all query arguments. */ allQueryArguments?: pulumi.Input; /** * Inspect the request body, which immediately follows the request headers. */ body?: pulumi.Input; /** * Inspect the cookies in the web request. See Cookies below for details. */ cookies?: pulumi.Input; /** * Inspect the request headers. See Header Order below for details. */ headerOrders?: pulumi.Input[]>; /** * Inspect the request headers. See Headers below for details. */ headers?: pulumi.Input[]>; ja3Fingerprint?: pulumi.Input; /** * Inspect the request body as JSON. See JSON Body for details. */ jsonBody?: pulumi.Input; /** * Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform. */ method?: pulumi.Input; /** * Inspect the query string. This is the part of a URL that appears after a `?` character, if any. */ queryString?: pulumi.Input; /** * Inspect a single header. See Single Header below for details. */ singleHeader?: pulumi.Input; /** * Inspect a single query argument. See Single Query Argument below for details. */ singleQueryArgument?: pulumi.Input; /** * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`. */ uriPath?: pulumi.Input; } export interface RuleGroupRuleStatementSqliMatchStatementFieldToMatchAllQueryArguments { } export interface RuleGroupRuleStatementSqliMatchStatementFieldToMatchBody { oversizeHandling?: pulumi.Input; } export interface RuleGroupRuleStatementSqliMatchStatementFieldToMatchCookies { /** * The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either `all`, `includedCookies` or `excludedCookies`. More details: [CookieMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_CookieMatchPattern.html) */ matchPatterns: pulumi.Input[]>; /** * The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: `ALL`, `KEY`, `VALUE` */ matchScope: pulumi.Input; /** * What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH` */ oversizeHandling: pulumi.Input; } export interface RuleGroupRuleStatementSqliMatchStatementFieldToMatchCookiesMatchPattern { all?: pulumi.Input; excludedCookies?: pulumi.Input[]>; includedCookies?: pulumi.Input[]>; } export interface RuleGroupRuleStatementSqliMatchStatementFieldToMatchCookiesMatchPatternAll { } export interface RuleGroupRuleStatementSqliMatchStatementFieldToMatchHeader { /** * The filter to use to identify the subset of headers to inspect in a web request. The `matchPattern` block supports only one of the following arguments: */ matchPattern: pulumi.Input; /** * The parts of the headers to inspect with the rule inspection criteria. If you specify `All`, AWS WAF inspects both keys and values. Valid values include the following: `ALL`, `Key`, `Value`. */ matchScope: pulumi.Input; /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface RuleGroupRuleStatementSqliMatchStatementFieldToMatchHeaderMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; /** * An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values. */ excludedHeaders?: pulumi.Input[]>; /** * An array of strings that will be used for inspecting headers that have a key that matches one of the provided values. */ includedHeaders?: pulumi.Input[]>; } export interface RuleGroupRuleStatementSqliMatchStatementFieldToMatchHeaderMatchPatternAll { } export interface RuleGroupRuleStatementSqliMatchStatementFieldToMatchHeaderOrder { /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface RuleGroupRuleStatementSqliMatchStatementFieldToMatchJa3Fingerprint { fallbackBehavior: pulumi.Input; } export interface RuleGroupRuleStatementSqliMatchStatementFieldToMatchJsonBody { /** * What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are `EVALUATE_AS_STRING`, `MATCH` and `NO_MATCH`. */ invalidFallbackBehavior?: pulumi.Input; /** * The patterns to look for in the JSON body. You must specify exactly one setting: either `all` or `includedPaths`. See [JsonMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_JsonMatchPattern.html) for details. */ matchPattern: pulumi.Input; /** * The parts of the JSON to match against using the `matchPattern`. Valid values are `ALL`, `KEY` and `VALUE`. */ matchScope: pulumi.Input; /** * What to do if the body is larger than can be inspected. Valid values are `CONTINUE` (default), `MATCH` and `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface RuleGroupRuleStatementSqliMatchStatementFieldToMatchJsonBodyMatchPattern { all?: pulumi.Input; includedPaths?: pulumi.Input[]>; } export interface RuleGroupRuleStatementSqliMatchStatementFieldToMatchJsonBodyMatchPatternAll { } export interface RuleGroupRuleStatementSqliMatchStatementFieldToMatchMethod { } export interface RuleGroupRuleStatementSqliMatchStatementFieldToMatchQueryString { } export interface RuleGroupRuleStatementSqliMatchStatementFieldToMatchSingleHeader { /** * The name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface RuleGroupRuleStatementSqliMatchStatementFieldToMatchSingleQueryArgument { /** * The name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface RuleGroupRuleStatementSqliMatchStatementFieldToMatchUriPath { } export interface RuleGroupRuleStatementSqliMatchStatementTextTransformation { /** * The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * The transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface RuleGroupRuleStatementXssMatchStatement { /** * The part of a web request that you want AWS WAF to inspect. See Field to Match below for details. */ fieldToMatch?: pulumi.Input; /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. * At least one required. * See Text Transformation below for details. */ textTransformations: pulumi.Input[]>; } export interface RuleGroupRuleStatementXssMatchStatementFieldToMatch { /** * Inspect all query arguments. */ allQueryArguments?: pulumi.Input; /** * Inspect the request body, which immediately follows the request headers. */ body?: pulumi.Input; /** * Inspect the cookies in the web request. See Cookies below for details. */ cookies?: pulumi.Input; /** * Inspect the request headers. See Header Order below for details. */ headerOrders?: pulumi.Input[]>; /** * Inspect the request headers. See Headers below for details. */ headers?: pulumi.Input[]>; ja3Fingerprint?: pulumi.Input; /** * Inspect the request body as JSON. See JSON Body for details. */ jsonBody?: pulumi.Input; /** * Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform. */ method?: pulumi.Input; /** * Inspect the query string. This is the part of a URL that appears after a `?` character, if any. */ queryString?: pulumi.Input; /** * Inspect a single header. See Single Header below for details. */ singleHeader?: pulumi.Input; /** * Inspect a single query argument. See Single Query Argument below for details. */ singleQueryArgument?: pulumi.Input; /** * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`. */ uriPath?: pulumi.Input; } export interface RuleGroupRuleStatementXssMatchStatementFieldToMatchAllQueryArguments { } export interface RuleGroupRuleStatementXssMatchStatementFieldToMatchBody { oversizeHandling?: pulumi.Input; } export interface RuleGroupRuleStatementXssMatchStatementFieldToMatchCookies { /** * The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either `all`, `includedCookies` or `excludedCookies`. More details: [CookieMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_CookieMatchPattern.html) */ matchPatterns: pulumi.Input[]>; /** * The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: `ALL`, `KEY`, `VALUE` */ matchScope: pulumi.Input; /** * What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH` */ oversizeHandling: pulumi.Input; } export interface RuleGroupRuleStatementXssMatchStatementFieldToMatchCookiesMatchPattern { all?: pulumi.Input; excludedCookies?: pulumi.Input[]>; includedCookies?: pulumi.Input[]>; } export interface RuleGroupRuleStatementXssMatchStatementFieldToMatchCookiesMatchPatternAll { } export interface RuleGroupRuleStatementXssMatchStatementFieldToMatchHeader { /** * The filter to use to identify the subset of headers to inspect in a web request. The `matchPattern` block supports only one of the following arguments: */ matchPattern: pulumi.Input; /** * The parts of the headers to inspect with the rule inspection criteria. If you specify `All`, AWS WAF inspects both keys and values. Valid values include the following: `ALL`, `Key`, `Value`. */ matchScope: pulumi.Input; /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface RuleGroupRuleStatementXssMatchStatementFieldToMatchHeaderMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; /** * An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values. */ excludedHeaders?: pulumi.Input[]>; /** * An array of strings that will be used for inspecting headers that have a key that matches one of the provided values. */ includedHeaders?: pulumi.Input[]>; } export interface RuleGroupRuleStatementXssMatchStatementFieldToMatchHeaderMatchPatternAll { } export interface RuleGroupRuleStatementXssMatchStatementFieldToMatchHeaderOrder { /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface RuleGroupRuleStatementXssMatchStatementFieldToMatchJa3Fingerprint { fallbackBehavior: pulumi.Input; } export interface RuleGroupRuleStatementXssMatchStatementFieldToMatchJsonBody { /** * What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are `EVALUATE_AS_STRING`, `MATCH` and `NO_MATCH`. */ invalidFallbackBehavior?: pulumi.Input; /** * The patterns to look for in the JSON body. You must specify exactly one setting: either `all` or `includedPaths`. See [JsonMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_JsonMatchPattern.html) for details. */ matchPattern: pulumi.Input; /** * The parts of the JSON to match against using the `matchPattern`. Valid values are `ALL`, `KEY` and `VALUE`. */ matchScope: pulumi.Input; /** * What to do if the body is larger than can be inspected. Valid values are `CONTINUE` (default), `MATCH` and `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface RuleGroupRuleStatementXssMatchStatementFieldToMatchJsonBodyMatchPattern { all?: pulumi.Input; includedPaths?: pulumi.Input[]>; } export interface RuleGroupRuleStatementXssMatchStatementFieldToMatchJsonBodyMatchPatternAll { } export interface RuleGroupRuleStatementXssMatchStatementFieldToMatchMethod { } export interface RuleGroupRuleStatementXssMatchStatementFieldToMatchQueryString { } export interface RuleGroupRuleStatementXssMatchStatementFieldToMatchSingleHeader { /** * The name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface RuleGroupRuleStatementXssMatchStatementFieldToMatchSingleQueryArgument { /** * The name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface RuleGroupRuleStatementXssMatchStatementFieldToMatchUriPath { } export interface RuleGroupRuleStatementXssMatchStatementTextTransformation { /** * The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * The transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface RuleGroupRuleVisibilityConfig { /** * A boolean indicating whether the associated resource sends metrics to CloudWatch. For the list of available metrics, see [AWS WAF Metrics](https://docs.aws.amazon.com/waf/latest/developerguide/monitoring-cloudwatch.html#waf-metrics). */ cloudwatchMetricsEnabled: pulumi.Input; /** * A friendly name of the CloudWatch metric. The name can contain only alphanumeric characters (A-Z, a-z, 0-9) hyphen(-) and underscore (_), with length from one to 128 characters. It can't contain whitespace or metric names reserved for AWS WAF, for example `All` and `Default_Action`. */ metricName: pulumi.Input; /** * A boolean indicating whether AWS WAF should store a sampling of the web requests that match the rules. You can view the sampled requests through the AWS WAF console. */ sampledRequestsEnabled: pulumi.Input; } export interface RuleGroupVisibilityConfig { /** * A boolean indicating whether the associated resource sends metrics to CloudWatch. For the list of available metrics, see [AWS WAF Metrics](https://docs.aws.amazon.com/waf/latest/developerguide/monitoring-cloudwatch.html#waf-metrics). */ cloudwatchMetricsEnabled: pulumi.Input; /** * A friendly name of the CloudWatch metric. The name can contain only alphanumeric characters (A-Z, a-z, 0-9) hyphen(-) and underscore (_), with length from one to 128 characters. It can't contain whitespace or metric names reserved for AWS WAF, for example `All` and `Default_Action`. */ metricName: pulumi.Input; /** * A boolean indicating whether AWS WAF should store a sampling of the web requests that match the rules. You can view the sampled requests through the AWS WAF console. */ sampledRequestsEnabled: pulumi.Input; } export interface WebAclAssociationConfig { /** * Customizes the request body that your protected resource forward to AWS WAF for inspection. See `requestBody` below for details. */ requestBodies?: pulumi.Input[]>; } export interface WebAclAssociationConfigRequestBody { /** * Customizes the request body that your protected CloudFront distributions forward to AWS WAF for inspection. See `cloudfront` below for details. */ cloudfronts?: pulumi.Input[]>; } export interface WebAclAssociationConfigRequestBodyCloudfront { /** * Specifies the maximum size of the web request body component that an associated CloudFront distribution should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are `KB_16`, `KB_32`, `KB_48` and `KB_64`. */ defaultSizeInspectionLimit: pulumi.Input; } export interface WebAclCaptchaConfig { /** * Defines custom immunity time. See `immunityTimeProperty` below for details. */ immunityTimeProperty?: pulumi.Input; } export interface WebAclCaptchaConfigImmunityTimeProperty { /** * The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300. */ immunityTime?: pulumi.Input; } export interface WebAclChallengeConfig { /** * Defines custom immunity time. See `immunityTimeProperty` below for details. */ immunityTimeProperty?: pulumi.Input; } export interface WebAclChallengeConfigImmunityTimeProperty { /** * The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300. */ immunityTime?: pulumi.Input; } export interface WebAclCustomResponseBody { /** * Payload of the custom response. */ content: pulumi.Input; /** * Type of content in the payload that you are defining in the `content` argument. Valid values are `TEXT_PLAIN`, `TEXT_HTML`, or `APPLICATION_JSON`. */ contentType: pulumi.Input; /** * Unique key identifying the custom response body. This is referenced by the `customResponseBodyKey` argument in the `customResponse` block. */ key: pulumi.Input; } export interface WebAclDefaultAction { /** * Specifies that AWS WAF should allow requests by default. See `allow` below for details. */ allow?: pulumi.Input; /** * Specifies that AWS WAF should block requests by default. See `block` below for details. */ block?: pulumi.Input; } export interface WebAclDefaultActionAllow { /** * Defines custom handling for the web request. See `customRequestHandling` below for details. */ customRequestHandling?: pulumi.Input; } export interface WebAclDefaultActionAllowCustomRequestHandling { /** * The `insertHeader` blocks used to define HTTP headers added to the request. See `insertHeader` below for details. */ insertHeaders: pulumi.Input[]>; } export interface WebAclDefaultActionAllowCustomRequestHandlingInsertHeader { /** * Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name `x-amzn-waf-`, to avoid confusion with the headers that are already in the request. For example, for the header name `sample`, AWS WAF inserts the header `x-amzn-waf-sample`. */ name: pulumi.Input; /** * Value of the custom header. */ value: pulumi.Input; } export interface WebAclDefaultActionBlock { /** * Defines a custom response for the web request. See `customResponse` below for details. */ customResponse?: pulumi.Input; } export interface WebAclDefaultActionBlockCustomResponse { /** * References the response body that you want AWS WAF to return to the web request client. This must reference a `key` defined in a `customResponseBody` block of this resource. */ customResponseBodyKey?: pulumi.Input; /** * The HTTP status code to return to the client. */ responseCode: pulumi.Input; /** * The `responseHeader` blocks used to define the HTTP response headers added to the response. See `responseHeader` below for details. */ responseHeaders?: pulumi.Input[]>; } export interface WebAclDefaultActionBlockCustomResponseResponseHeader { /** * Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name `x-amzn-waf-`, to avoid confusion with the headers that are already in the request. For example, for the header name `sample`, AWS WAF inserts the header `x-amzn-waf-sample`. */ name: pulumi.Input; /** * Value of the custom header. */ value: pulumi.Input; } export interface WebAclLoggingConfigurationLoggingFilter { /** * Default handling for logs that don't match any of the specified filtering conditions. Valid values for `defaultBehavior` are `KEEP` or `DROP`. */ defaultBehavior: pulumi.Input; /** * Filter(s) that you want to apply to the logs. See Filter below for more details. */ filters: pulumi.Input[]>; } export interface WebAclLoggingConfigurationLoggingFilterFilter { /** * Parameter that determines how to handle logs that meet the conditions and requirements of the filter. The valid values for `behavior` are `KEEP` or `DROP`. */ behavior: pulumi.Input; /** * Match condition(s) for the filter. See Condition below for more details. */ conditions: pulumi.Input[]>; /** * Logic to apply to the filtering conditions. You can specify that a log must match all conditions or at least one condition in order to satisfy the filter. Valid values for `requirement` are `MEETS_ALL` or `MEETS_ANY`. */ requirement: pulumi.Input; } export interface WebAclLoggingConfigurationLoggingFilterFilterCondition { /** * Configuration for a single action condition. See Action Condition below for more details. */ actionCondition?: pulumi.Input; /** * Condition for a single label name. See Label Name Condition below for more details. */ labelNameCondition?: pulumi.Input; } export interface WebAclLoggingConfigurationLoggingFilterFilterConditionActionCondition { /** * Action setting that a log record must contain in order to meet the condition. Valid values for `action` are `ALLOW`, `BLOCK`, and `COUNT`. */ action: pulumi.Input; } export interface WebAclLoggingConfigurationLoggingFilterFilterConditionLabelNameCondition { /** * Name of the label that a log record must contain in order to meet the condition. It must be a fully qualified label name, which includes a prefix, optional namespaces, and the label name itself. The prefix identifies the rule group or web ACL context of the rule that added the label. */ labelName: pulumi.Input; } export interface WebAclLoggingConfigurationRedactedField { /** * HTTP method to be redacted. It must be specified as an empty configuration block `{}`. The method indicates the type of operation that the request is asking the origin to perform. */ method?: pulumi.Input; /** * Whether to redact the query string. It must be specified as an empty configuration block `{}`. The query string is the part of a URL that appears after a `?` character, if any. */ queryString?: pulumi.Input; /** * "singleHeader" refers to the redaction of a single header. For more information, please see the details below under Single Header. */ singleHeader?: pulumi.Input; /** * Configuration block that redacts the request URI path. It should be specified as an empty configuration block `{}`. The URI path is the part of a web request that identifies a resource, such as `/images/daily-ad.jpg`. */ uriPath?: pulumi.Input; } export interface WebAclLoggingConfigurationRedactedFieldMethod { } export interface WebAclLoggingConfigurationRedactedFieldQueryString { } export interface WebAclLoggingConfigurationRedactedFieldSingleHeader { /** * Name of the query header to redact. This setting must be provided in lowercase characters. */ name: pulumi.Input; } export interface WebAclLoggingConfigurationRedactedFieldUriPath { } export interface WebAclRule { /** * Action that AWS WAF should take on a web request when it matches the rule's statement. This is used only for rules whose **statements do not reference a rule group**. See `action` for details. */ action?: pulumi.Input; /** * Specifies how AWS WAF should handle CAPTCHA evaluations. See `captchaConfig` below for details. */ captchaConfig?: pulumi.Input; /** * Friendly name of the rule. Note that the provider assumes that rules with names matching this pattern, `^ShieldMitigationRuleGroup___.*`, are AWS-added for [automatic application layer DDoS mitigation activities](https://docs.aws.amazon.com/waf/latest/developerguide/ddos-automatic-app-layer-response-rg.html). Such rules will be ignored by the provider unless you explicitly include them in your configuration (for example, by using the AWS CLI to discover their properties and creating matching configuration). However, since these rules are owned and managed by AWS, you may get permission errors. */ name: pulumi.Input; /** * Override action to apply to the rules in a rule group. Used only for rule **statements that reference a rule group**, like `ruleGroupReferenceStatement` and `managedRuleGroupStatement`. See `overrideAction` below for details. */ overrideAction?: pulumi.Input; /** * If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the `rules` in order based on the value of `priority`. AWS WAF processes rules with lower priority first. */ priority: pulumi.Input; /** * Labels to apply to web requests that match the rule match statement. See `ruleLabel` below for details. */ ruleLabels?: pulumi.Input[]>; /** * The AWS WAF processing statement for the rule, for example `byteMatchStatement` or `geoMatchStatement`. See `statement` below for details. */ statement: pulumi.Input; /** * Defines and enables Amazon CloudWatch metrics and web request sample collection. See `visibilityConfig` below for details. */ visibilityConfig: pulumi.Input; } export interface WebAclRuleAction { /** * Instructs AWS WAF to allow the web request. See `allow` below for details. */ allow?: pulumi.Input; /** * Instructs AWS WAF to block the web request. See `block` below for details. */ block?: pulumi.Input; /** * Instructs AWS WAF to run a Captcha check against the web request. See `captcha` below for details. */ captcha?: pulumi.Input; /** * Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See `challenge` below for details. */ challenge?: pulumi.Input; /** * Instructs AWS WAF to count the web request and allow it. See `count` below for details. */ count?: pulumi.Input; } export interface WebAclRuleActionAllow { /** * Defines custom handling for the web request. See `customRequestHandling` below for details. */ customRequestHandling?: pulumi.Input; } export interface WebAclRuleActionAllowCustomRequestHandling { /** * The `insertHeader` blocks used to define HTTP headers added to the request. See `insertHeader` below for details. */ insertHeaders: pulumi.Input[]>; } export interface WebAclRuleActionAllowCustomRequestHandlingInsertHeader { /** * Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name `x-amzn-waf-`, to avoid confusion with the headers that are already in the request. For example, for the header name `sample`, AWS WAF inserts the header `x-amzn-waf-sample`. */ name: pulumi.Input; /** * Value of the custom header. */ value: pulumi.Input; } export interface WebAclRuleActionBlock { /** * Defines a custom response for the web request. See `customResponse` below for details. */ customResponse?: pulumi.Input; } export interface WebAclRuleActionBlockCustomResponse { /** * References the response body that you want AWS WAF to return to the web request client. This must reference a `key` defined in a `customResponseBody` block of this resource. */ customResponseBodyKey?: pulumi.Input; /** * The HTTP status code to return to the client. */ responseCode: pulumi.Input; /** * The `responseHeader` blocks used to define the HTTP response headers added to the response. See `responseHeader` below for details. */ responseHeaders?: pulumi.Input[]>; } export interface WebAclRuleActionBlockCustomResponseResponseHeader { /** * Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name `x-amzn-waf-`, to avoid confusion with the headers that are already in the request. For example, for the header name `sample`, AWS WAF inserts the header `x-amzn-waf-sample`. */ name: pulumi.Input; /** * Value of the custom header. */ value: pulumi.Input; } export interface WebAclRuleActionCaptcha { /** * Defines custom handling for the web request. See `customRequestHandling` below for details. */ customRequestHandling?: pulumi.Input; } export interface WebAclRuleActionCaptchaCustomRequestHandling { /** * The `insertHeader` blocks used to define HTTP headers added to the request. See `insertHeader` below for details. */ insertHeaders: pulumi.Input[]>; } export interface WebAclRuleActionCaptchaCustomRequestHandlingInsertHeader { /** * Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name `x-amzn-waf-`, to avoid confusion with the headers that are already in the request. For example, for the header name `sample`, AWS WAF inserts the header `x-amzn-waf-sample`. */ name: pulumi.Input; /** * Value of the custom header. */ value: pulumi.Input; } export interface WebAclRuleActionChallenge { /** * Defines custom handling for the web request. See `customRequestHandling` below for details. */ customRequestHandling?: pulumi.Input; } export interface WebAclRuleActionChallengeCustomRequestHandling { /** * The `insertHeader` blocks used to define HTTP headers added to the request. See `insertHeader` below for details. */ insertHeaders: pulumi.Input[]>; } export interface WebAclRuleActionChallengeCustomRequestHandlingInsertHeader { /** * Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name `x-amzn-waf-`, to avoid confusion with the headers that are already in the request. For example, for the header name `sample`, AWS WAF inserts the header `x-amzn-waf-sample`. */ name: pulumi.Input; /** * Value of the custom header. */ value: pulumi.Input; } export interface WebAclRuleActionCount { /** * Defines custom handling for the web request. See `customRequestHandling` below for details. */ customRequestHandling?: pulumi.Input; } export interface WebAclRuleActionCountCustomRequestHandling { /** * The `insertHeader` blocks used to define HTTP headers added to the request. See `insertHeader` below for details. */ insertHeaders: pulumi.Input[]>; } export interface WebAclRuleActionCountCustomRequestHandlingInsertHeader { /** * Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name `x-amzn-waf-`, to avoid confusion with the headers that are already in the request. For example, for the header name `sample`, AWS WAF inserts the header `x-amzn-waf-sample`. */ name: pulumi.Input; /** * Value of the custom header. */ value: pulumi.Input; } export interface WebAclRuleCaptchaConfig { /** * Defines custom immunity time. See `immunityTimeProperty` below for details. */ immunityTimeProperty?: pulumi.Input; } export interface WebAclRuleCaptchaConfigImmunityTimeProperty { /** * The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300. */ immunityTime?: pulumi.Input; } export interface WebAclRuleOverrideAction { /** * Override the rule action setting to count (i.e., only count matches). Configured as an empty block `{}`. */ count?: pulumi.Input; /** * Don't override the rule action setting. Configured as an empty block `{}`. */ none?: pulumi.Input; } export interface WebAclRuleOverrideActionCount { } export interface WebAclRuleOverrideActionNone { } export interface WebAclRuleRuleLabel { /** * Label string. */ name: pulumi.Input; } export interface WebAclRuleStatement { /** * Logical rule statement used to combine other rule statements with AND logic. See `andStatement` below for details. */ andStatement?: pulumi.Input; /** * Rule statement that defines a string match search for AWS WAF to apply to web requests. See `byteMatchStatement` below for details. */ byteMatchStatement?: pulumi.Input; /** * Rule statement used to identify web requests based on country of origin. See `geoMatchStatement` below for details. */ geoMatchStatement?: pulumi.Input; /** * Rule statement used to detect web requests coming from particular IP addresses or address ranges. See `ipSetReferenceStatement` below for details. */ ipSetReferenceStatement?: pulumi.Input; /** * Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See `labelMatchStatement` below for details. */ labelMatchStatement?: pulumi.Input; /** * Rule statement used to run the rules that are defined in a managed rule group. This statement can not be nested. See `managedRuleGroupStatement` below for details. */ managedRuleGroupStatement?: pulumi.Input; /** * Logical rule statement used to negate the results of another rule statement. See `notStatement` below for details. */ notStatement?: pulumi.Input; /** * Logical rule statement used to combine other rule statements with OR logic. See `orStatement` below for details. */ orStatement?: pulumi.Input; /** * Rate-based rule tracks the rate of requests for each originating `IP address`, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any `5-minute` time span. This statement can not be nested. See `rateBasedStatement` below for details. */ rateBasedStatement?: pulumi.Input; /** * Rule statement used to search web request components for a match against a single regular expression. See `regexMatchStatement` below for details. */ regexMatchStatement?: pulumi.Input; /** * Rule statement used to search web request components for matches with regular expressions. See `regexPatternSetReferenceStatement` below for details. */ regexPatternSetReferenceStatement?: pulumi.Input; /** * Rule statement used to run the rules that are defined in an WAFv2 Rule Group. See `ruleGroupReferenceStatement` below for details. */ ruleGroupReferenceStatement?: pulumi.Input; /** * Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See `sizeConstraintStatement` below for more details. */ sizeConstraintStatement?: pulumi.Input; /** * An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See `sqliMatchStatement` below for details. */ sqliMatchStatement?: pulumi.Input; /** * Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See `xssMatchStatement` below for details. */ xssMatchStatement?: pulumi.Input; } export interface WebAclRuleStatementAndStatement { /** * The statements to combine. */ statements: pulumi.Input[]>; } export interface WebAclRuleStatementByteMatchStatement { /** * Part of a web request that you want AWS WAF to inspect. See `fieldToMatch` below for details. */ fieldToMatch?: pulumi.Input; /** * Area within the portion of a web request that you want AWS WAF to search for `searchString`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information. */ positionalConstraint: pulumi.Input; /** * String value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `fieldToMatch`. The maximum length of the value is 50 bytes. */ searchString: pulumi.Input; /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See `textTransformation` below for details. */ textTransformations: pulumi.Input[]>; } export interface WebAclRuleStatementByteMatchStatementFieldToMatch { /** * Inspect all query arguments. */ allQueryArguments?: pulumi.Input; /** * Inspect the request body, which immediately follows the request headers. See `body` below for details. */ body?: pulumi.Input; /** * Inspect the cookies in the web request. See `cookies` below for details. */ cookies?: pulumi.Input; /** * Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See `headerOrder` below for details. */ headerOrders?: pulumi.Input[]>; /** * Inspect the request headers. See `headers` below for details. */ headers?: pulumi.Input[]>; /** * Inspect the JA3 fingerprint. See `ja3Fingerprint` below for details. */ ja3Fingerprint?: pulumi.Input; /** * Inspect the request body as JSON. See `jsonBody` for details. */ jsonBody?: pulumi.Input; /** * Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform. */ method?: pulumi.Input; /** * Inspect the query string. This is the part of a URL that appears after a `?` character, if any. */ queryString?: pulumi.Input; /** * Inspect a single header. See `singleHeader` below for details. */ singleHeader?: pulumi.Input; /** * Inspect a single query argument. See `singleQueryArgument` below for details. */ singleQueryArgument?: pulumi.Input; /** * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`. */ uriPath?: pulumi.Input; } export interface WebAclRuleStatementByteMatchStatementFieldToMatchAllQueryArguments { } export interface WebAclRuleStatementByteMatchStatementFieldToMatchBody { /** * What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface WebAclRuleStatementByteMatchStatementFieldToMatchCookies { /** * The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either `all`, `includedCookies` or `excludedCookies`. More details: [CookieMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_CookieMatchPattern.html) */ matchPatterns: pulumi.Input[]>; /** * The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: `ALL`, `KEY`, `VALUE` */ matchScope: pulumi.Input; /** * What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH`. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementByteMatchStatementFieldToMatchCookiesMatchPattern { all?: pulumi.Input; excludedCookies?: pulumi.Input[]>; includedCookies?: pulumi.Input[]>; } export interface WebAclRuleStatementByteMatchStatementFieldToMatchCookiesMatchPatternAll { } export interface WebAclRuleStatementByteMatchStatementFieldToMatchHeader { /** * The filter to use to identify the subset of headers to inspect in a web request. The `matchPattern` block supports only one of the following arguments: */ matchPattern: pulumi.Input; /** * The parts of the headers to inspect with the rule inspection criteria. If you specify `All`, AWS WAF inspects both keys and values. Valid values include the following: `ALL`, `Key`, `Value`. */ matchScope: pulumi.Input; /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementByteMatchStatementFieldToMatchHeaderMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; /** * An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values. */ excludedHeaders?: pulumi.Input[]>; /** * An array of strings that will be used for inspecting headers that have a key that matches one of the provided values. */ includedHeaders?: pulumi.Input[]>; } export interface WebAclRuleStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll { } export interface WebAclRuleStatementByteMatchStatementFieldToMatchHeaderOrder { /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementByteMatchStatementFieldToMatchJa3Fingerprint { /** * The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface WebAclRuleStatementByteMatchStatementFieldToMatchJsonBody { /** * What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are `EVALUATE_AS_STRING`, `MATCH` and `NO_MATCH`. */ invalidFallbackBehavior?: pulumi.Input; /** * The patterns to look for in the JSON body. You must specify exactly one setting: either `all` or `includedPaths`. See [JsonMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_JsonMatchPattern.html) for details. */ matchPattern: pulumi.Input; /** * The parts of the JSON to match against using the `matchPattern`. Valid values are `ALL`, `KEY` and `VALUE`. */ matchScope: pulumi.Input; /** * What to do if the body is larger than can be inspected. Valid values are `CONTINUE` (default), `MATCH` and `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface WebAclRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern { all?: pulumi.Input; includedPaths?: pulumi.Input[]>; } export interface WebAclRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternAll { } export interface WebAclRuleStatementByteMatchStatementFieldToMatchMethod { } export interface WebAclRuleStatementByteMatchStatementFieldToMatchQueryString { } export interface WebAclRuleStatementByteMatchStatementFieldToMatchSingleHeader { /** * Name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface WebAclRuleStatementByteMatchStatementFieldToMatchSingleQueryArgument { /** * Name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface WebAclRuleStatementByteMatchStatementFieldToMatchUriPath { } export interface WebAclRuleStatementByteMatchStatementTextTransformation { /** * Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * Transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface WebAclRuleStatementGeoMatchStatement { /** * Array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values. */ countryCodes: pulumi.Input[]>; /** * Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See `forwardedIpConfig` below for details. */ forwardedIpConfig?: pulumi.Input; } export interface WebAclRuleStatementGeoMatchStatementForwardedIpConfig { /** * Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; /** * Name of the HTTP header to use for the IP address. */ headerName: pulumi.Input; } export interface WebAclRuleStatementIpSetReferenceStatement { /** * The Amazon Resource Name (ARN) of the IP Set that this statement references. */ arn: pulumi.Input; /** * Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See `ipSetForwardedIpConfig` below for more details. */ ipSetForwardedIpConfig?: pulumi.Input; } export interface WebAclRuleStatementIpSetReferenceStatementIpSetForwardedIpConfig { /** * Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; /** * Name of the HTTP header to use for the IP address. */ headerName: pulumi.Input; /** * Position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10. */ position: pulumi.Input; } export interface WebAclRuleStatementLabelMatchStatement { /** * String to match against. */ key: pulumi.Input; /** * Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`. */ scope: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatement { /** * Additional information that's used by a managed rule group. Only one rule attribute is allowed in each config. See `managedRuleGroupConfigs` for more details */ managedRuleGroupConfigs?: pulumi.Input[]>; /** * Name of the managed rule group. */ name: pulumi.Input; /** * Action settings to use in the place of the rule actions that are configured inside the rule group. You specify one override for each rule whose action you want to change. See `ruleActionOverride` below for details. */ ruleActionOverrides?: pulumi.Input[]>; /** * Narrows the scope of the statement to matching web requests. This can be any nestable statement, and you can nest statements at any level below this scope-down statement. See `statement` above for details. */ scopeDownStatement?: pulumi.Input; /** * Name of the managed rule group vendor. */ vendorName: pulumi.Input; /** * Version of the managed rule group. You can set `Version_1.0` or `Version_1.1` etc. If you want to use the default version, do not set anything. */ version?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfig { /** * Additional configuration for using the Account Creation Fraud Prevention managed rule group. Use this to specify information such as the registration page of your application and the type of content to accept or reject from the client. */ awsManagedRulesAcfpRuleSet?: pulumi.Input; /** * Additional configuration for using the Account Takeover Protection managed rule group. Use this to specify information such as the sign-in page of your application and the type of content to accept or reject from the client. */ awsManagedRulesAtpRuleSet?: pulumi.Input; /** * Additional configuration for using the Bot Control managed rule group. Use this to specify the inspection level that you want to use. See `awsManagedRulesBotControlRuleSet` for more details */ awsManagedRulesBotControlRuleSet?: pulumi.Input; /** * The path of the login endpoint for your application. */ loginPath?: pulumi.Input; /** * Details about your login page password field. See `passwordField` for more details. */ passwordField?: pulumi.Input; /** * The payload type for your login endpoint, either JSON or form encoded. */ payloadType?: pulumi.Input; /** * Details about your login page username field. See `usernameField` for more details. */ usernameField?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSet { /** * The path of the account creation endpoint for your application. This is the page on your website that accepts the completed registration form for a new user. This page must accept POST requests. */ creationPath: pulumi.Input; /** * Whether or not to allow the use of regular expressions in the login page path. */ enableRegexInPath?: pulumi.Input; /** * The path of the account registration endpoint for your application. This is the page on your website that presents the registration form to new users. This page must accept GET text/html requests. */ registrationPagePath: pulumi.Input; /** * The criteria for inspecting login requests, used by the ATP rule group to validate credentials usage. See `requestInspection` for more details. */ requestInspection: pulumi.Input; /** * The criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates. Note that Response Inspection is available only on web ACLs that protect CloudFront distributions. See `responseInspection` for more details. */ responseInspection?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspection { /** * The names of the fields in the request payload that contain your customer's primary physical address. See `addressFields` for more details. */ addressFields?: pulumi.Input; /** * The name of the field in the request payload that contains your customer's email. See `emailField` for more details. */ emailField?: pulumi.Input; /** * Details about your login page password field. See `passwordField` for more details. */ passwordField?: pulumi.Input; /** * The payload type for your login endpoint, either JSON or form encoded. */ payloadType: pulumi.Input; /** * The names of the fields in the request payload that contain your customer's primary phone number. See `phoneNumberFields` for more details. */ phoneNumberFields?: pulumi.Input; /** * Details about your login page username field. See `usernameField` for more details. */ usernameField?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionAddressFields { identifiers: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionEmailField { /** * The name of the field in the request payload that contains your customer's email. */ identifier: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionPasswordField { /** * The name of the password field. */ identifier: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionPhoneNumberFields { identifiers: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionUsernameField { /** * The name of the username field. */ identifier: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspection { /** * Configures inspection of the response body. See `bodyContains` for more details. */ bodyContains?: pulumi.Input; /** * Configures inspection of the response header.See `header` for more details. */ header?: pulumi.Input; /** * Configures inspection of the response JSON. See `json` for more details. */ json?: pulumi.Input; /** * Configures inspection of the response status code.See `statusCode` for more details. */ statusCode?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionBodyContains { /** * Strings in the body of the response that indicate a failed login attempt. */ failureStrings: pulumi.Input[]>; /** * Strings in the body of the response that indicate a successful login attempt. */ successStrings: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionHeader { /** * Values in the response header with the specified name that indicate a failed login attempt. */ failureValues: pulumi.Input[]>; /** * The name of the header to use. */ name: pulumi.Input; /** * Values in the response header with the specified name that indicate a successful login attempt. */ successValues: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionJson { failureValues: pulumi.Input[]>; /** * The identifier for the value to match against in the JSON. */ identifier: pulumi.Input; successValues: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionStatusCode { /** * Status codes in the response that indicate a failed login attempt. */ failureCodes: pulumi.Input[]>; /** * Status codes in the response that indicate a successful login attempt. */ successCodes: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSet { /** * Whether or not to allow the use of regular expressions in the login page path. */ enableRegexInPath?: pulumi.Input; /** * The path of the login endpoint for your application. */ loginPath: pulumi.Input; /** * The criteria for inspecting login requests, used by the ATP rule group to validate credentials usage. See `requestInspection` for more details. */ requestInspection?: pulumi.Input; /** * The criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates. Note that Response Inspection is available only on web ACLs that protect CloudFront distributions. See `responseInspection` for more details. */ responseInspection?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspection { /** * Details about your login page password field. See `passwordField` for more details. */ passwordField: pulumi.Input; /** * The payload type for your login endpoint, either JSON or form encoded. */ payloadType: pulumi.Input; /** * Details about your login page username field. See `usernameField` for more details. */ usernameField: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionPasswordField { /** * The name of the password field. */ identifier: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionUsernameField { /** * The name of the username field. */ identifier: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspection { /** * Configures inspection of the response body. See `bodyContains` for more details. */ bodyContains?: pulumi.Input; /** * Configures inspection of the response header.See `header` for more details. */ header?: pulumi.Input; /** * Configures inspection of the response JSON. See `json` for more details. */ json?: pulumi.Input; /** * Configures inspection of the response status code.See `statusCode` for more details. */ statusCode?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionBodyContains { /** * Strings in the body of the response that indicate a failed login attempt. */ failureStrings: pulumi.Input[]>; /** * Strings in the body of the response that indicate a successful login attempt. */ successStrings: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionHeader { /** * Values in the response header with the specified name that indicate a failed login attempt. */ failureValues: pulumi.Input[]>; /** * The name of the header to use. */ name: pulumi.Input; /** * Values in the response header with the specified name that indicate a successful login attempt. */ successValues: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionJson { failureValues: pulumi.Input[]>; /** * The identifier for the value to match against in the JSON. */ identifier: pulumi.Input; successValues: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionStatusCode { /** * Status codes in the response that indicate a failed login attempt. */ failureCodes: pulumi.Input[]>; /** * Status codes in the response that indicate a successful login attempt. */ successCodes: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesBotControlRuleSet { /** * The inspection level to use for the Bot Control rule group. */ inspectionLevel: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigPasswordField { /** * The name of the password field. */ identifier: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigUsernameField { /** * The name of the username field. */ identifier: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementRuleActionOverride { /** * Override action to use, in place of the configured action of the rule in the rule group. See `action` for details. */ actionToUse: pulumi.Input; /** * Name of the rule to override. See the [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-list.html) for a list of names in the appropriate rule group in use. */ name: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUse { allow?: pulumi.Input; block?: pulumi.Input; captcha?: pulumi.Input; challenge?: pulumi.Input; count?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllow { /** * Defines custom handling for the web request. See `customRequestHandling` below for details. */ customRequestHandling?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowCustomRequestHandling { /** * The `insertHeader` blocks used to define HTTP headers added to the request. See `insertHeader` below for details. */ insertHeaders: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowCustomRequestHandlingInsertHeader { /** * Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name `x-amzn-waf-`, to avoid confusion with the headers that are already in the request. For example, for the header name `sample`, AWS WAF inserts the header `x-amzn-waf-sample`. */ name: pulumi.Input; /** * Value of the custom header. */ value: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlock { /** * Defines a custom response for the web request. See `customResponse` below for details. */ customResponse?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockCustomResponse { /** * References the response body that you want AWS WAF to return to the web request client. This must reference a `key` defined in a `customResponseBody` block of this resource. */ customResponseBodyKey?: pulumi.Input; /** * The HTTP status code to return to the client. */ responseCode: pulumi.Input; /** * The `responseHeader` blocks used to define the HTTP response headers added to the response. See `responseHeader` below for details. */ responseHeaders?: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockCustomResponseResponseHeader { /** * Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name `x-amzn-waf-`, to avoid confusion with the headers that are already in the request. For example, for the header name `sample`, AWS WAF inserts the header `x-amzn-waf-sample`. */ name: pulumi.Input; /** * Value of the custom header. */ value: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptcha { /** * Defines custom handling for the web request. See `customRequestHandling` below for details. */ customRequestHandling?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaCustomRequestHandling { /** * The `insertHeader` blocks used to define HTTP headers added to the request. See `insertHeader` below for details. */ insertHeaders: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeader { /** * Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name `x-amzn-waf-`, to avoid confusion with the headers that are already in the request. For example, for the header name `sample`, AWS WAF inserts the header `x-amzn-waf-sample`. */ name: pulumi.Input; /** * Value of the custom header. */ value: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallenge { /** * Defines custom handling for the web request. See `customRequestHandling` below for details. */ customRequestHandling?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeCustomRequestHandling { /** * The `insertHeader` blocks used to define HTTP headers added to the request. See `insertHeader` below for details. */ insertHeaders: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeCustomRequestHandlingInsertHeader { /** * Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name `x-amzn-waf-`, to avoid confusion with the headers that are already in the request. For example, for the header name `sample`, AWS WAF inserts the header `x-amzn-waf-sample`. */ name: pulumi.Input; /** * Value of the custom header. */ value: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCount { /** * Defines custom handling for the web request. See `customRequestHandling` below for details. */ customRequestHandling?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountCustomRequestHandling { /** * The `insertHeader` blocks used to define HTTP headers added to the request. See `insertHeader` below for details. */ insertHeaders: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeader { /** * Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name `x-amzn-waf-`, to avoid confusion with the headers that are already in the request. For example, for the header name `sample`, AWS WAF inserts the header `x-amzn-waf-sample`. */ name: pulumi.Input; /** * Value of the custom header. */ value: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatement { andStatement?: pulumi.Input; byteMatchStatement?: pulumi.Input; geoMatchStatement?: pulumi.Input; ipSetReferenceStatement?: pulumi.Input; labelMatchStatement?: pulumi.Input; notStatement?: pulumi.Input; orStatement?: pulumi.Input; regexMatchStatement?: pulumi.Input; regexPatternSetReferenceStatement?: pulumi.Input; sizeConstraintStatement?: pulumi.Input; sqliMatchStatement?: pulumi.Input; xssMatchStatement?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatement { /** * The statements to combine. */ statements: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatement { /** * Part of a web request that you want AWS WAF to inspect. See `fieldToMatch` below for details. */ fieldToMatch?: pulumi.Input; /** * Area within the portion of a web request that you want AWS WAF to search for `searchString`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information. */ positionalConstraint: pulumi.Input; /** * String value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `fieldToMatch`. The maximum length of the value is 50 bytes. */ searchString: pulumi.Input; /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See `textTransformation` below for details. */ textTransformations: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatch { /** * Inspect all query arguments. */ allQueryArguments?: pulumi.Input; /** * Inspect the request body, which immediately follows the request headers. See `body` below for details. */ body?: pulumi.Input; /** * Inspect the cookies in the web request. See `cookies` below for details. */ cookies?: pulumi.Input; /** * Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See `headerOrder` below for details. */ headerOrders?: pulumi.Input[]>; /** * Inspect the request headers. See `headers` below for details. */ headers?: pulumi.Input[]>; /** * Inspect the JA3 fingerprint. See `ja3Fingerprint` below for details. */ ja3Fingerprint?: pulumi.Input; /** * Inspect the request body as JSON. See `jsonBody` for details. */ jsonBody?: pulumi.Input; /** * Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform. */ method?: pulumi.Input; /** * Inspect the query string. This is the part of a URL that appears after a `?` character, if any. */ queryString?: pulumi.Input; /** * Inspect a single header. See `singleHeader` below for details. */ singleHeader?: pulumi.Input; /** * Inspect a single query argument. See `singleQueryArgument` below for details. */ singleQueryArgument?: pulumi.Input; /** * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`. */ uriPath?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchAllQueryArguments { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchBody { /** * What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookies { /** * The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either `all`, `includedCookies` or `excludedCookies`. More details: [CookieMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_CookieMatchPattern.html) */ matchPatterns: pulumi.Input[]>; /** * The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: `ALL`, `KEY`, `VALUE` */ matchScope: pulumi.Input; /** * What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH`. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPattern { all?: pulumi.Input; excludedCookies?: pulumi.Input[]>; includedCookies?: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPatternAll { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeader { /** * The filter to use to identify the subset of headers to inspect in a web request. The `matchPattern` block supports only one of the following arguments: */ matchPattern: pulumi.Input; /** * The parts of the headers to inspect with the rule inspection criteria. If you specify `All`, AWS WAF inspects both keys and values. Valid values include the following: `ALL`, `Key`, `Value`. */ matchScope: pulumi.Input; /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; /** * An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values. */ excludedHeaders?: pulumi.Input[]>; /** * An array of strings that will be used for inspecting headers that have a key that matches one of the provided values. */ includedHeaders?: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderOrder { /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJa3Fingerprint { /** * The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBody { /** * What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are `EVALUATE_AS_STRING`, `MATCH` and `NO_MATCH`. */ invalidFallbackBehavior?: pulumi.Input; /** * The patterns to look for in the JSON body. You must specify exactly one setting: either `all` or `includedPaths`. See [JsonMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_JsonMatchPattern.html) for details. */ matchPattern: pulumi.Input; /** * The parts of the JSON to match against using the `matchPattern`. Valid values are `ALL`, `KEY` and `VALUE`. */ matchScope: pulumi.Input; /** * What to do if the body is larger than can be inspected. Valid values are `CONTINUE` (default), `MATCH` and `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern { all?: pulumi.Input; includedPaths?: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternAll { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchMethod { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchQueryString { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleHeader { /** * Name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleQueryArgument { /** * Name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchUriPath { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementTextTransformation { /** * Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * Transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatement { /** * Array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values. */ countryCodes: pulumi.Input[]>; /** * Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See `forwardedIpConfig` below for details. */ forwardedIpConfig?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatementForwardedIpConfig { /** * Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; /** * Name of the HTTP header to use for the IP address. */ headerName: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementIpSetReferenceStatement { /** * The Amazon Resource Name (ARN) of the IP Set that this statement references. */ arn: pulumi.Input; /** * Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See `ipSetForwardedIpConfig` below for more details. */ ipSetForwardedIpConfig?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementIpSetReferenceStatementIpSetForwardedIpConfig { /** * Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; /** * Name of the HTTP header to use for the IP address. */ headerName: pulumi.Input; /** * Position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10. */ position: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementLabelMatchStatement { /** * String to match against. */ key: pulumi.Input; /** * Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`. */ scope: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatement { /** * The statements to combine. */ statements: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatement { /** * The statements to combine. */ statements: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatement { /** * The part of a web request that you want AWS WAF to inspect. See `fieldToMatch` below for details. */ fieldToMatch?: pulumi.Input; /** * String representing the regular expression. Minimum of `1` and maximum of `512` characters. */ regexString: pulumi.Input; /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See `textTransformation` below for details. */ textTransformations: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatch { /** * Inspect all query arguments. */ allQueryArguments?: pulumi.Input; /** * Inspect the request body, which immediately follows the request headers. See `body` below for details. */ body?: pulumi.Input; /** * Inspect the cookies in the web request. See `cookies` below for details. */ cookies?: pulumi.Input; /** * Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See `headerOrder` below for details. */ headerOrders?: pulumi.Input[]>; /** * Inspect the request headers. See `headers` below for details. */ headers?: pulumi.Input[]>; /** * Inspect the JA3 fingerprint. See `ja3Fingerprint` below for details. */ ja3Fingerprint?: pulumi.Input; /** * Inspect the request body as JSON. See `jsonBody` for details. */ jsonBody?: pulumi.Input; /** * Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform. */ method?: pulumi.Input; /** * Inspect the query string. This is the part of a URL that appears after a `?` character, if any. */ queryString?: pulumi.Input; /** * Inspect a single header. See `singleHeader` below for details. */ singleHeader?: pulumi.Input; /** * Inspect a single query argument. See `singleQueryArgument` below for details. */ singleQueryArgument?: pulumi.Input; /** * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`. */ uriPath?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchAllQueryArguments { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchBody { /** * What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchCookies { /** * The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either `all`, `includedCookies` or `excludedCookies`. More details: [CookieMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_CookieMatchPattern.html) */ matchPatterns: pulumi.Input[]>; /** * The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: `ALL`, `KEY`, `VALUE` */ matchScope: pulumi.Input; /** * What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH`. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesMatchPattern { all?: pulumi.Input; excludedCookies?: pulumi.Input[]>; includedCookies?: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesMatchPatternAll { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeader { /** * The filter to use to identify the subset of headers to inspect in a web request. The `matchPattern` block supports only one of the following arguments: */ matchPattern: pulumi.Input; /** * The parts of the headers to inspect with the rule inspection criteria. If you specify `All`, AWS WAF inspects both keys and values. Valid values include the following: `ALL`, `Key`, `Value`. */ matchScope: pulumi.Input; /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; /** * An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values. */ excludedHeaders?: pulumi.Input[]>; /** * An array of strings that will be used for inspecting headers that have a key that matches one of the provided values. */ includedHeaders?: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPatternAll { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderOrder { /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJa3Fingerprint { /** * The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBody { /** * What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are `EVALUATE_AS_STRING`, `MATCH` and `NO_MATCH`. */ invalidFallbackBehavior?: pulumi.Input; /** * The patterns to look for in the JSON body. You must specify exactly one setting: either `all` or `includedPaths`. See [JsonMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_JsonMatchPattern.html) for details. */ matchPattern: pulumi.Input; /** * The parts of the JSON to match against using the `matchPattern`. Valid values are `ALL`, `KEY` and `VALUE`. */ matchScope: pulumi.Input; /** * What to do if the body is larger than can be inspected. Valid values are `CONTINUE` (default), `MATCH` and `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyMatchPattern { all?: pulumi.Input; includedPaths?: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyMatchPatternAll { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchMethod { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchQueryString { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleHeader { /** * Name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleQueryArgument { /** * Name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchUriPath { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementTextTransformation { /** * Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * Transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatement { /** * The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references. */ arn: pulumi.Input; /** * Part of a web request that you want AWS WAF to inspect. See `fieldToMatch` below for details. */ fieldToMatch?: pulumi.Input; /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See `textTransformation` below for details. */ textTransformations: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatch { /** * Inspect all query arguments. */ allQueryArguments?: pulumi.Input; /** * Inspect the request body, which immediately follows the request headers. See `body` below for details. */ body?: pulumi.Input; /** * Inspect the cookies in the web request. See `cookies` below for details. */ cookies?: pulumi.Input; /** * Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See `headerOrder` below for details. */ headerOrders?: pulumi.Input[]>; /** * Inspect the request headers. See `headers` below for details. */ headers?: pulumi.Input[]>; /** * Inspect the JA3 fingerprint. See `ja3Fingerprint` below for details. */ ja3Fingerprint?: pulumi.Input; /** * Inspect the request body as JSON. See `jsonBody` for details. */ jsonBody?: pulumi.Input; /** * Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform. */ method?: pulumi.Input; /** * Inspect the query string. This is the part of a URL that appears after a `?` character, if any. */ queryString?: pulumi.Input; /** * Inspect a single header. See `singleHeader` below for details. */ singleHeader?: pulumi.Input; /** * Inspect a single query argument. See `singleQueryArgument` below for details. */ singleQueryArgument?: pulumi.Input; /** * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`. */ uriPath?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchBody { /** * What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookies { /** * The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either `all`, `includedCookies` or `excludedCookies`. More details: [CookieMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_CookieMatchPattern.html) */ matchPatterns: pulumi.Input[]>; /** * The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: `ALL`, `KEY`, `VALUE` */ matchScope: pulumi.Input; /** * What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH`. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPattern { all?: pulumi.Input; excludedCookies?: pulumi.Input[]>; includedCookies?: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPatternAll { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeader { /** * The filter to use to identify the subset of headers to inspect in a web request. The `matchPattern` block supports only one of the following arguments: */ matchPattern: pulumi.Input; /** * The parts of the headers to inspect with the rule inspection criteria. If you specify `All`, AWS WAF inspects both keys and values. Valid values include the following: `ALL`, `Key`, `Value`. */ matchScope: pulumi.Input; /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; /** * An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values. */ excludedHeaders?: pulumi.Input[]>; /** * An array of strings that will be used for inspecting headers that have a key that matches one of the provided values. */ includedHeaders?: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPatternAll { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderOrder { /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa3Fingerprint { /** * The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBody { /** * What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are `EVALUATE_AS_STRING`, `MATCH` and `NO_MATCH`. */ invalidFallbackBehavior?: pulumi.Input; /** * The patterns to look for in the JSON body. You must specify exactly one setting: either `all` or `includedPaths`. See [JsonMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_JsonMatchPattern.html) for details. */ matchPattern: pulumi.Input; /** * The parts of the JSON to match against using the `matchPattern`. Valid values are `ALL`, `KEY` and `VALUE`. */ matchScope: pulumi.Input; /** * What to do if the body is larger than can be inspected. Valid values are `CONTINUE` (default), `MATCH` and `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPattern { all?: pulumi.Input; includedPaths?: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPatternAll { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchMethod { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchQueryString { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader { /** * Name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument { /** * Name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchUriPath { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementTextTransformation { /** * Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * Transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatement { /** * Operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`. */ comparisonOperator: pulumi.Input; /** * Part of a web request that you want AWS WAF to inspect. See `fieldToMatch` below for details. */ fieldToMatch?: pulumi.Input; /** * Size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive. */ size: pulumi.Input; /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See `textTransformation` below for details. */ textTransformations: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatch { /** * Inspect all query arguments. */ allQueryArguments?: pulumi.Input; /** * Inspect the request body, which immediately follows the request headers. See `body` below for details. */ body?: pulumi.Input; /** * Inspect the cookies in the web request. See `cookies` below for details. */ cookies?: pulumi.Input; /** * Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See `headerOrder` below for details. */ headerOrders?: pulumi.Input[]>; /** * Inspect the request headers. See `headers` below for details. */ headers?: pulumi.Input[]>; /** * Inspect the JA3 fingerprint. See `ja3Fingerprint` below for details. */ ja3Fingerprint?: pulumi.Input; /** * Inspect the request body as JSON. See `jsonBody` for details. */ jsonBody?: pulumi.Input; /** * Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform. */ method?: pulumi.Input; /** * Inspect the query string. This is the part of a URL that appears after a `?` character, if any. */ queryString?: pulumi.Input; /** * Inspect a single header. See `singleHeader` below for details. */ singleHeader?: pulumi.Input; /** * Inspect a single query argument. See `singleQueryArgument` below for details. */ singleQueryArgument?: pulumi.Input; /** * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`. */ uriPath?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchAllQueryArguments { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchBody { /** * What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookies { /** * The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either `all`, `includedCookies` or `excludedCookies`. More details: [CookieMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_CookieMatchPattern.html) */ matchPatterns: pulumi.Input[]>; /** * The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: `ALL`, `KEY`, `VALUE` */ matchScope: pulumi.Input; /** * What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH`. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesMatchPattern { all?: pulumi.Input; excludedCookies?: pulumi.Input[]>; includedCookies?: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesMatchPatternAll { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeader { /** * The filter to use to identify the subset of headers to inspect in a web request. The `matchPattern` block supports only one of the following arguments: */ matchPattern: pulumi.Input; /** * The parts of the headers to inspect with the rule inspection criteria. If you specify `All`, AWS WAF inspects both keys and values. Valid values include the following: `ALL`, `Key`, `Value`. */ matchScope: pulumi.Input; /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; /** * An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values. */ excludedHeaders?: pulumi.Input[]>; /** * An array of strings that will be used for inspecting headers that have a key that matches one of the provided values. */ includedHeaders?: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPatternAll { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderOrder { /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa3Fingerprint { /** * The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBody { /** * What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are `EVALUATE_AS_STRING`, `MATCH` and `NO_MATCH`. */ invalidFallbackBehavior?: pulumi.Input; /** * The patterns to look for in the JSON body. You must specify exactly one setting: either `all` or `includedPaths`. See [JsonMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_JsonMatchPattern.html) for details. */ matchPattern: pulumi.Input; /** * The parts of the JSON to match against using the `matchPattern`. Valid values are `ALL`, `KEY` and `VALUE`. */ matchScope: pulumi.Input; /** * What to do if the body is larger than can be inspected. Valid values are `CONTINUE` (default), `MATCH` and `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPattern { all?: pulumi.Input; includedPaths?: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPatternAll { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchMethod { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchQueryString { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleHeader { /** * Name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleQueryArgument { /** * Name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchUriPath { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementTextTransformation { /** * Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * Transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatement { /** * Part of a web request that you want AWS WAF to inspect. See `fieldToMatch` below for details. */ fieldToMatch?: pulumi.Input; /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See `textTransformation` below for details. */ textTransformations: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatch { /** * Inspect all query arguments. */ allQueryArguments?: pulumi.Input; /** * Inspect the request body, which immediately follows the request headers. See `body` below for details. */ body?: pulumi.Input; /** * Inspect the cookies in the web request. See `cookies` below for details. */ cookies?: pulumi.Input; /** * Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See `headerOrder` below for details. */ headerOrders?: pulumi.Input[]>; /** * Inspect the request headers. See `headers` below for details. */ headers?: pulumi.Input[]>; /** * Inspect the JA3 fingerprint. See `ja3Fingerprint` below for details. */ ja3Fingerprint?: pulumi.Input; /** * Inspect the request body as JSON. See `jsonBody` for details. */ jsonBody?: pulumi.Input; /** * Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform. */ method?: pulumi.Input; /** * Inspect the query string. This is the part of a URL that appears after a `?` character, if any. */ queryString?: pulumi.Input; /** * Inspect a single header. See `singleHeader` below for details. */ singleHeader?: pulumi.Input; /** * Inspect a single query argument. See `singleQueryArgument` below for details. */ singleQueryArgument?: pulumi.Input; /** * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`. */ uriPath?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchAllQueryArguments { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchBody { /** * What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchCookies { /** * The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either `all`, `includedCookies` or `excludedCookies`. More details: [CookieMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_CookieMatchPattern.html) */ matchPatterns: pulumi.Input[]>; /** * The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: `ALL`, `KEY`, `VALUE` */ matchScope: pulumi.Input; /** * What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH`. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesMatchPattern { all?: pulumi.Input; excludedCookies?: pulumi.Input[]>; includedCookies?: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesMatchPatternAll { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeader { /** * The filter to use to identify the subset of headers to inspect in a web request. The `matchPattern` block supports only one of the following arguments: */ matchPattern: pulumi.Input; /** * The parts of the headers to inspect with the rule inspection criteria. If you specify `All`, AWS WAF inspects both keys and values. Valid values include the following: `ALL`, `Key`, `Value`. */ matchScope: pulumi.Input; /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; /** * An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values. */ excludedHeaders?: pulumi.Input[]>; /** * An array of strings that will be used for inspecting headers that have a key that matches one of the provided values. */ includedHeaders?: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPatternAll { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderOrder { /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJa3Fingerprint { /** * The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBody { /** * What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are `EVALUATE_AS_STRING`, `MATCH` and `NO_MATCH`. */ invalidFallbackBehavior?: pulumi.Input; /** * The patterns to look for in the JSON body. You must specify exactly one setting: either `all` or `includedPaths`. See [JsonMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_JsonMatchPattern.html) for details. */ matchPattern: pulumi.Input; /** * The parts of the JSON to match against using the `matchPattern`. Valid values are `ALL`, `KEY` and `VALUE`. */ matchScope: pulumi.Input; /** * What to do if the body is larger than can be inspected. Valid values are `CONTINUE` (default), `MATCH` and `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBodyMatchPattern { all?: pulumi.Input; includedPaths?: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBodyMatchPatternAll { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchMethod { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchQueryString { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleHeader { /** * Name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleQueryArgument { /** * Name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchUriPath { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementTextTransformation { /** * Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * Transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatement { /** * Part of a web request that you want AWS WAF to inspect. See `fieldToMatch` below for details. */ fieldToMatch?: pulumi.Input; /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See `textTransformation` below for details. */ textTransformations: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatch { /** * Inspect all query arguments. */ allQueryArguments?: pulumi.Input; /** * Inspect the request body, which immediately follows the request headers. See `body` below for details. */ body?: pulumi.Input; /** * Inspect the cookies in the web request. See `cookies` below for details. */ cookies?: pulumi.Input; /** * Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See `headerOrder` below for details. */ headerOrders?: pulumi.Input[]>; /** * Inspect the request headers. See `headers` below for details. */ headers?: pulumi.Input[]>; /** * Inspect the JA3 fingerprint. See `ja3Fingerprint` below for details. */ ja3Fingerprint?: pulumi.Input; /** * Inspect the request body as JSON. See `jsonBody` for details. */ jsonBody?: pulumi.Input; /** * Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform. */ method?: pulumi.Input; /** * Inspect the query string. This is the part of a URL that appears after a `?` character, if any. */ queryString?: pulumi.Input; /** * Inspect a single header. See `singleHeader` below for details. */ singleHeader?: pulumi.Input; /** * Inspect a single query argument. See `singleQueryArgument` below for details. */ singleQueryArgument?: pulumi.Input; /** * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`. */ uriPath?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchAllQueryArguments { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchBody { /** * What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchCookies { /** * The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either `all`, `includedCookies` or `excludedCookies`. More details: [CookieMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_CookieMatchPattern.html) */ matchPatterns: pulumi.Input[]>; /** * The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: `ALL`, `KEY`, `VALUE` */ matchScope: pulumi.Input; /** * What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH`. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchCookiesMatchPattern { all?: pulumi.Input; excludedCookies?: pulumi.Input[]>; includedCookies?: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchCookiesMatchPatternAll { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchHeader { /** * The filter to use to identify the subset of headers to inspect in a web request. The `matchPattern` block supports only one of the following arguments: */ matchPattern: pulumi.Input; /** * The parts of the headers to inspect with the rule inspection criteria. If you specify `All`, AWS WAF inspects both keys and values. Valid values include the following: `ALL`, `Key`, `Value`. */ matchScope: pulumi.Input; /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; /** * An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values. */ excludedHeaders?: pulumi.Input[]>; /** * An array of strings that will be used for inspecting headers that have a key that matches one of the provided values. */ includedHeaders?: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderMatchPatternAll { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderOrder { /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchJa3Fingerprint { /** * The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBody { /** * What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are `EVALUATE_AS_STRING`, `MATCH` and `NO_MATCH`. */ invalidFallbackBehavior?: pulumi.Input; /** * The patterns to look for in the JSON body. You must specify exactly one setting: either `all` or `includedPaths`. See [JsonMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_JsonMatchPattern.html) for details. */ matchPattern: pulumi.Input; /** * The parts of the JSON to match against using the `matchPattern`. Valid values are `ALL`, `KEY` and `VALUE`. */ matchScope: pulumi.Input; /** * What to do if the body is larger than can be inspected. Valid values are `CONTINUE` (default), `MATCH` and `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBodyMatchPattern { all?: pulumi.Input; includedPaths?: pulumi.Input[]>; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBodyMatchPatternAll { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchMethod { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchQueryString { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchSingleHeader { /** * Name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchSingleQueryArgument { /** * Name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchUriPath { } export interface WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementTextTransformation { /** * Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * Transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface WebAclRuleStatementNotStatement { /** * The statements to combine. */ statements: pulumi.Input[]>; } export interface WebAclRuleStatementOrStatement { /** * The statements to combine. */ statements: pulumi.Input[]>; } export interface WebAclRuleStatementRateBasedStatement { /** * Setting that indicates how to aggregate the request counts. Valid values include: `CONSTANT`, `CUSTOM_KEYS`, `FORWARDED_IP`, or `IP`. Default: `IP`. */ aggregateKeyType?: pulumi.Input; /** * Aggregate the request counts using one or more web request components as the aggregate keys. See `customKey` below for details. */ customKeys?: pulumi.Input[]>; /** * The amount of time, in seconds, that AWS WAF should include in its request counts, looking back from the current time. Valid values are `60`, `120`, `300`, and `600`. Defaults to `300` (5 minutes). * * **NOTE:** This setting doesn't determine how often AWS WAF checks the rate, but how far back it looks each time it checks. AWS WAF checks the rate about every 10 seconds. */ evaluationWindowSec?: pulumi.Input; /** * Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. If `aggregateKeyType` is set to `FORWARDED_IP`, this block is required. See `forwardedIpConfig` below for details. */ forwardedIpConfig?: pulumi.Input; /** * Limit on requests per 5-minute period for a single originating IP address. */ limit: pulumi.Input; /** * Optional nested statement that narrows the scope of the rate-based statement to matching web requests. This can be any nestable statement, and you can nest statements at any level below this scope-down statement. See `statement` above for details. If `aggregateKeyType` is set to `CONSTANT`, this block is required. */ scopeDownStatement?: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementCustomKey { /** * Use the value of a cookie in the request as an aggregate key. See RateLimit `cookie` below for details. */ cookie?: pulumi.Input; /** * Use the first IP address in an HTTP header as an aggregate key. See `forwardedIp` below for details. */ forwardedIp?: pulumi.Input; /** * Use the value of a header in the request as an aggregate key. See RateLimit `header` below for details. */ header?: pulumi.Input; /** * Use the request's HTTP method as an aggregate key. See RateLimit `httpMethod` below for details. */ httpMethod?: pulumi.Input; /** * Use the request's originating IP address as an aggregate key. See `RateLimit ip` below for details. */ ip?: pulumi.Input; /** * Use the specified label namespace as an aggregate key. See RateLimit `labelNamespace` below for details. */ labelNamespace?: pulumi.Input; /** * Use the specified query argument as an aggregate key. See RateLimit `queryArgument` below for details. */ queryArgument?: pulumi.Input; /** * Use the request's query string as an aggregate key. See RateLimit `queryString` below for details. */ queryString?: pulumi.Input; /** * Use the request's URI path as an aggregate key. See RateLimit `uriPath` below for details. */ uriPath?: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementCustomKeyCookie { /** * The name of the cookie to use. */ name: pulumi.Input; /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See `textTransformation` above for details. */ textTransformations: pulumi.Input[]>; } export interface WebAclRuleStatementRateBasedStatementCustomKeyCookieTextTransformation { /** * Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * Transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementCustomKeyForwardedIp { } export interface WebAclRuleStatementRateBasedStatementCustomKeyHeader { /** * The name of the header to use. */ name: pulumi.Input; /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See `textTransformation` above for details. */ textTransformations: pulumi.Input[]>; } export interface WebAclRuleStatementRateBasedStatementCustomKeyHeaderTextTransformation { /** * Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * Transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementCustomKeyHttpMethod { } export interface WebAclRuleStatementRateBasedStatementCustomKeyIp { } export interface WebAclRuleStatementRateBasedStatementCustomKeyLabelNamespace { /** * The namespace to use for aggregation */ namespace: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementCustomKeyQueryArgument { /** * The name of the query argument to use. */ name: pulumi.Input; /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See `textTransformation` above for details. */ textTransformations: pulumi.Input[]>; } export interface WebAclRuleStatementRateBasedStatementCustomKeyQueryArgumentTextTransformation { /** * Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * Transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementCustomKeyQueryString { /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See `textTransformation` above for details. */ textTransformations: pulumi.Input[]>; } export interface WebAclRuleStatementRateBasedStatementCustomKeyQueryStringTextTransformation { /** * Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * Transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementCustomKeyUriPath { /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. They are used in rate-based rule statements, to transform request components before using them as custom aggregation keys. Atleast one transformation is required. See `textTransformation` above for details. */ textTransformations: pulumi.Input[]>; } export interface WebAclRuleStatementRateBasedStatementCustomKeyUriPathTextTransformation { /** * Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * Transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementForwardedIpConfig { /** * Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; /** * Name of the HTTP header to use for the IP address. */ headerName: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatement { andStatement?: pulumi.Input; byteMatchStatement?: pulumi.Input; geoMatchStatement?: pulumi.Input; ipSetReferenceStatement?: pulumi.Input; labelMatchStatement?: pulumi.Input; notStatement?: pulumi.Input; orStatement?: pulumi.Input; regexMatchStatement?: pulumi.Input; regexPatternSetReferenceStatement?: pulumi.Input; sizeConstraintStatement?: pulumi.Input; sqliMatchStatement?: pulumi.Input; xssMatchStatement?: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatement { /** * The statements to combine. */ statements: pulumi.Input[]>; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatement { /** * Part of a web request that you want AWS WAF to inspect. See `fieldToMatch` below for details. */ fieldToMatch?: pulumi.Input; /** * Area within the portion of a web request that you want AWS WAF to search for `searchString`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information. */ positionalConstraint: pulumi.Input; /** * String value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `fieldToMatch`. The maximum length of the value is 50 bytes. */ searchString: pulumi.Input; /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See `textTransformation` below for details. */ textTransformations: pulumi.Input[]>; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatch { /** * Inspect all query arguments. */ allQueryArguments?: pulumi.Input; /** * Inspect the request body, which immediately follows the request headers. See `body` below for details. */ body?: pulumi.Input; /** * Inspect the cookies in the web request. See `cookies` below for details. */ cookies?: pulumi.Input; /** * Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See `headerOrder` below for details. */ headerOrders?: pulumi.Input[]>; /** * Inspect the request headers. See `headers` below for details. */ headers?: pulumi.Input[]>; /** * Inspect the JA3 fingerprint. See `ja3Fingerprint` below for details. */ ja3Fingerprint?: pulumi.Input; /** * Inspect the request body as JSON. See `jsonBody` for details. */ jsonBody?: pulumi.Input; /** * Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform. */ method?: pulumi.Input; /** * Inspect the query string. This is the part of a URL that appears after a `?` character, if any. */ queryString?: pulumi.Input; /** * Inspect a single header. See `singleHeader` below for details. */ singleHeader?: pulumi.Input; /** * Inspect a single query argument. See `singleQueryArgument` below for details. */ singleQueryArgument?: pulumi.Input; /** * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`. */ uriPath?: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchAllQueryArguments { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchBody { /** * What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchCookies { /** * The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either `all`, `includedCookies` or `excludedCookies`. More details: [CookieMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_CookieMatchPattern.html) */ matchPatterns: pulumi.Input[]>; /** * The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: `ALL`, `KEY`, `VALUE` */ matchScope: pulumi.Input; /** * What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH`. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPattern { all?: pulumi.Input; excludedCookies?: pulumi.Input[]>; includedCookies?: pulumi.Input[]>; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPatternAll { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeader { /** * The filter to use to identify the subset of headers to inspect in a web request. The `matchPattern` block supports only one of the following arguments: */ matchPattern: pulumi.Input; /** * The parts of the headers to inspect with the rule inspection criteria. If you specify `All`, AWS WAF inspects both keys and values. Valid values include the following: `ALL`, `Key`, `Value`. */ matchScope: pulumi.Input; /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; /** * An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values. */ excludedHeaders?: pulumi.Input[]>; /** * An array of strings that will be used for inspecting headers that have a key that matches one of the provided values. */ includedHeaders?: pulumi.Input[]>; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderOrder { /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJa3Fingerprint { /** * The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBody { /** * What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are `EVALUATE_AS_STRING`, `MATCH` and `NO_MATCH`. */ invalidFallbackBehavior?: pulumi.Input; /** * The patterns to look for in the JSON body. You must specify exactly one setting: either `all` or `includedPaths`. See [JsonMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_JsonMatchPattern.html) for details. */ matchPattern: pulumi.Input; /** * The parts of the JSON to match against using the `matchPattern`. Valid values are `ALL`, `KEY` and `VALUE`. */ matchScope: pulumi.Input; /** * What to do if the body is larger than can be inspected. Valid values are `CONTINUE` (default), `MATCH` and `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern { all?: pulumi.Input; includedPaths?: pulumi.Input[]>; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternAll { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchMethod { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchQueryString { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchSingleHeader { /** * Name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchSingleQueryArgument { /** * Name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchUriPath { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementTextTransformation { /** * Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * Transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementGeoMatchStatement { /** * Array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values. */ countryCodes: pulumi.Input[]>; /** * Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See `forwardedIpConfig` below for details. */ forwardedIpConfig?: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementGeoMatchStatementForwardedIpConfig { /** * Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; /** * Name of the HTTP header to use for the IP address. */ headerName: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementIpSetReferenceStatement { /** * The Amazon Resource Name (ARN) of the IP Set that this statement references. */ arn: pulumi.Input; /** * Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See `ipSetForwardedIpConfig` below for more details. */ ipSetForwardedIpConfig?: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementIpSetReferenceStatementIpSetForwardedIpConfig { /** * Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; /** * Name of the HTTP header to use for the IP address. */ headerName: pulumi.Input; /** * Position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10. */ position: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementLabelMatchStatement { /** * String to match against. */ key: pulumi.Input; /** * Specify whether you want to match using the label name or just the namespace. Valid values are `LABEL` or `NAMESPACE`. */ scope: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatement { /** * The statements to combine. */ statements: pulumi.Input[]>; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatement { /** * The statements to combine. */ statements: pulumi.Input[]>; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatement { /** * The part of a web request that you want AWS WAF to inspect. See `fieldToMatch` below for details. */ fieldToMatch?: pulumi.Input; /** * String representing the regular expression. Minimum of `1` and maximum of `512` characters. */ regexString: pulumi.Input; /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See `textTransformation` below for details. */ textTransformations: pulumi.Input[]>; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatch { /** * Inspect all query arguments. */ allQueryArguments?: pulumi.Input; /** * Inspect the request body, which immediately follows the request headers. See `body` below for details. */ body?: pulumi.Input; /** * Inspect the cookies in the web request. See `cookies` below for details. */ cookies?: pulumi.Input; /** * Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See `headerOrder` below for details. */ headerOrders?: pulumi.Input[]>; /** * Inspect the request headers. See `headers` below for details. */ headers?: pulumi.Input[]>; /** * Inspect the JA3 fingerprint. See `ja3Fingerprint` below for details. */ ja3Fingerprint?: pulumi.Input; /** * Inspect the request body as JSON. See `jsonBody` for details. */ jsonBody?: pulumi.Input; /** * Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform. */ method?: pulumi.Input; /** * Inspect the query string. This is the part of a URL that appears after a `?` character, if any. */ queryString?: pulumi.Input; /** * Inspect a single header. See `singleHeader` below for details. */ singleHeader?: pulumi.Input; /** * Inspect a single query argument. See `singleQueryArgument` below for details. */ singleQueryArgument?: pulumi.Input; /** * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`. */ uriPath?: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchAllQueryArguments { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchBody { /** * What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchCookies { /** * The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either `all`, `includedCookies` or `excludedCookies`. More details: [CookieMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_CookieMatchPattern.html) */ matchPatterns: pulumi.Input[]>; /** * The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: `ALL`, `KEY`, `VALUE` */ matchScope: pulumi.Input; /** * What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH`. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesMatchPattern { all?: pulumi.Input; excludedCookies?: pulumi.Input[]>; includedCookies?: pulumi.Input[]>; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesMatchPatternAll { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeader { /** * The filter to use to identify the subset of headers to inspect in a web request. The `matchPattern` block supports only one of the following arguments: */ matchPattern: pulumi.Input; /** * The parts of the headers to inspect with the rule inspection criteria. If you specify `All`, AWS WAF inspects both keys and values. Valid values include the following: `ALL`, `Key`, `Value`. */ matchScope: pulumi.Input; /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; /** * An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values. */ excludedHeaders?: pulumi.Input[]>; /** * An array of strings that will be used for inspecting headers that have a key that matches one of the provided values. */ includedHeaders?: pulumi.Input[]>; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPatternAll { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderOrder { /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJa3Fingerprint { /** * The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBody { /** * What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are `EVALUATE_AS_STRING`, `MATCH` and `NO_MATCH`. */ invalidFallbackBehavior?: pulumi.Input; /** * The patterns to look for in the JSON body. You must specify exactly one setting: either `all` or `includedPaths`. See [JsonMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_JsonMatchPattern.html) for details. */ matchPattern: pulumi.Input; /** * The parts of the JSON to match against using the `matchPattern`. Valid values are `ALL`, `KEY` and `VALUE`. */ matchScope: pulumi.Input; /** * What to do if the body is larger than can be inspected. Valid values are `CONTINUE` (default), `MATCH` and `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyMatchPattern { all?: pulumi.Input; includedPaths?: pulumi.Input[]>; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyMatchPatternAll { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchMethod { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchQueryString { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleHeader { /** * Name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleQueryArgument { /** * Name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementFieldToMatchUriPath { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexMatchStatementTextTransformation { /** * Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * Transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatement { /** * The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references. */ arn: pulumi.Input; /** * Part of a web request that you want AWS WAF to inspect. See `fieldToMatch` below for details. */ fieldToMatch?: pulumi.Input; /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See `textTransformation` below for details. */ textTransformations: pulumi.Input[]>; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatch { /** * Inspect all query arguments. */ allQueryArguments?: pulumi.Input; /** * Inspect the request body, which immediately follows the request headers. See `body` below for details. */ body?: pulumi.Input; /** * Inspect the cookies in the web request. See `cookies` below for details. */ cookies?: pulumi.Input; /** * Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See `headerOrder` below for details. */ headerOrders?: pulumi.Input[]>; /** * Inspect the request headers. See `headers` below for details. */ headers?: pulumi.Input[]>; /** * Inspect the JA3 fingerprint. See `ja3Fingerprint` below for details. */ ja3Fingerprint?: pulumi.Input; /** * Inspect the request body as JSON. See `jsonBody` for details. */ jsonBody?: pulumi.Input; /** * Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform. */ method?: pulumi.Input; /** * Inspect the query string. This is the part of a URL that appears after a `?` character, if any. */ queryString?: pulumi.Input; /** * Inspect a single header. See `singleHeader` below for details. */ singleHeader?: pulumi.Input; /** * Inspect a single query argument. See `singleQueryArgument` below for details. */ singleQueryArgument?: pulumi.Input; /** * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`. */ uriPath?: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchBody { /** * What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookies { /** * The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either `all`, `includedCookies` or `excludedCookies`. More details: [CookieMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_CookieMatchPattern.html) */ matchPatterns: pulumi.Input[]>; /** * The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: `ALL`, `KEY`, `VALUE` */ matchScope: pulumi.Input; /** * What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH`. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPattern { all?: pulumi.Input; excludedCookies?: pulumi.Input[]>; includedCookies?: pulumi.Input[]>; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPatternAll { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeader { /** * The filter to use to identify the subset of headers to inspect in a web request. The `matchPattern` block supports only one of the following arguments: */ matchPattern: pulumi.Input; /** * The parts of the headers to inspect with the rule inspection criteria. If you specify `All`, AWS WAF inspects both keys and values. Valid values include the following: `ALL`, `Key`, `Value`. */ matchScope: pulumi.Input; /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; /** * An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values. */ excludedHeaders?: pulumi.Input[]>; /** * An array of strings that will be used for inspecting headers that have a key that matches one of the provided values. */ includedHeaders?: pulumi.Input[]>; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPatternAll { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderOrder { /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa3Fingerprint { /** * The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBody { /** * What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are `EVALUATE_AS_STRING`, `MATCH` and `NO_MATCH`. */ invalidFallbackBehavior?: pulumi.Input; /** * The patterns to look for in the JSON body. You must specify exactly one setting: either `all` or `includedPaths`. See [JsonMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_JsonMatchPattern.html) for details. */ matchPattern: pulumi.Input; /** * The parts of the JSON to match against using the `matchPattern`. Valid values are `ALL`, `KEY` and `VALUE`. */ matchScope: pulumi.Input; /** * What to do if the body is larger than can be inspected. Valid values are `CONTINUE` (default), `MATCH` and `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPattern { all?: pulumi.Input; includedPaths?: pulumi.Input[]>; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPatternAll { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchMethod { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchQueryString { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader { /** * Name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument { /** * Name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchUriPath { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementTextTransformation { /** * Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * Transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatement { /** * Operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`. */ comparisonOperator: pulumi.Input; /** * Part of a web request that you want AWS WAF to inspect. See `fieldToMatch` below for details. */ fieldToMatch?: pulumi.Input; /** * Size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive. */ size: pulumi.Input; /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See `textTransformation` below for details. */ textTransformations: pulumi.Input[]>; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatch { /** * Inspect all query arguments. */ allQueryArguments?: pulumi.Input; /** * Inspect the request body, which immediately follows the request headers. See `body` below for details. */ body?: pulumi.Input; /** * Inspect the cookies in the web request. See `cookies` below for details. */ cookies?: pulumi.Input; /** * Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See `headerOrder` below for details. */ headerOrders?: pulumi.Input[]>; /** * Inspect the request headers. See `headers` below for details. */ headers?: pulumi.Input[]>; /** * Inspect the JA3 fingerprint. See `ja3Fingerprint` below for details. */ ja3Fingerprint?: pulumi.Input; /** * Inspect the request body as JSON. See `jsonBody` for details. */ jsonBody?: pulumi.Input; /** * Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform. */ method?: pulumi.Input; /** * Inspect the query string. This is the part of a URL that appears after a `?` character, if any. */ queryString?: pulumi.Input; /** * Inspect a single header. See `singleHeader` below for details. */ singleHeader?: pulumi.Input; /** * Inspect a single query argument. See `singleQueryArgument` below for details. */ singleQueryArgument?: pulumi.Input; /** * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`. */ uriPath?: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchAllQueryArguments { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchBody { /** * What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookies { /** * The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either `all`, `includedCookies` or `excludedCookies`. More details: [CookieMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_CookieMatchPattern.html) */ matchPatterns: pulumi.Input[]>; /** * The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: `ALL`, `KEY`, `VALUE` */ matchScope: pulumi.Input; /** * What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH`. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesMatchPattern { all?: pulumi.Input; excludedCookies?: pulumi.Input[]>; includedCookies?: pulumi.Input[]>; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesMatchPatternAll { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeader { /** * The filter to use to identify the subset of headers to inspect in a web request. The `matchPattern` block supports only one of the following arguments: */ matchPattern: pulumi.Input; /** * The parts of the headers to inspect with the rule inspection criteria. If you specify `All`, AWS WAF inspects both keys and values. Valid values include the following: `ALL`, `Key`, `Value`. */ matchScope: pulumi.Input; /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; /** * An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values. */ excludedHeaders?: pulumi.Input[]>; /** * An array of strings that will be used for inspecting headers that have a key that matches one of the provided values. */ includedHeaders?: pulumi.Input[]>; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPatternAll { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderOrder { /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa3Fingerprint { /** * The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBody { /** * What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are `EVALUATE_AS_STRING`, `MATCH` and `NO_MATCH`. */ invalidFallbackBehavior?: pulumi.Input; /** * The patterns to look for in the JSON body. You must specify exactly one setting: either `all` or `includedPaths`. See [JsonMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_JsonMatchPattern.html) for details. */ matchPattern: pulumi.Input; /** * The parts of the JSON to match against using the `matchPattern`. Valid values are `ALL`, `KEY` and `VALUE`. */ matchScope: pulumi.Input; /** * What to do if the body is larger than can be inspected. Valid values are `CONTINUE` (default), `MATCH` and `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPattern { all?: pulumi.Input; includedPaths?: pulumi.Input[]>; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPatternAll { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchMethod { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchQueryString { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleHeader { /** * Name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleQueryArgument { /** * Name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchUriPath { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementTextTransformation { /** * Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * Transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatement { /** * Part of a web request that you want AWS WAF to inspect. See `fieldToMatch` below for details. */ fieldToMatch?: pulumi.Input; /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See `textTransformation` below for details. */ textTransformations: pulumi.Input[]>; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatch { /** * Inspect all query arguments. */ allQueryArguments?: pulumi.Input; /** * Inspect the request body, which immediately follows the request headers. See `body` below for details. */ body?: pulumi.Input; /** * Inspect the cookies in the web request. See `cookies` below for details. */ cookies?: pulumi.Input; /** * Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See `headerOrder` below for details. */ headerOrders?: pulumi.Input[]>; /** * Inspect the request headers. See `headers` below for details. */ headers?: pulumi.Input[]>; /** * Inspect the JA3 fingerprint. See `ja3Fingerprint` below for details. */ ja3Fingerprint?: pulumi.Input; /** * Inspect the request body as JSON. See `jsonBody` for details. */ jsonBody?: pulumi.Input; /** * Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform. */ method?: pulumi.Input; /** * Inspect the query string. This is the part of a URL that appears after a `?` character, if any. */ queryString?: pulumi.Input; /** * Inspect a single header. See `singleHeader` below for details. */ singleHeader?: pulumi.Input; /** * Inspect a single query argument. See `singleQueryArgument` below for details. */ singleQueryArgument?: pulumi.Input; /** * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`. */ uriPath?: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchAllQueryArguments { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchBody { /** * What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchCookies { /** * The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either `all`, `includedCookies` or `excludedCookies`. More details: [CookieMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_CookieMatchPattern.html) */ matchPatterns: pulumi.Input[]>; /** * The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: `ALL`, `KEY`, `VALUE` */ matchScope: pulumi.Input; /** * What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH`. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesMatchPattern { all?: pulumi.Input; excludedCookies?: pulumi.Input[]>; includedCookies?: pulumi.Input[]>; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesMatchPatternAll { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeader { /** * The filter to use to identify the subset of headers to inspect in a web request. The `matchPattern` block supports only one of the following arguments: */ matchPattern: pulumi.Input; /** * The parts of the headers to inspect with the rule inspection criteria. If you specify `All`, AWS WAF inspects both keys and values. Valid values include the following: `ALL`, `Key`, `Value`. */ matchScope: pulumi.Input; /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; /** * An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values. */ excludedHeaders?: pulumi.Input[]>; /** * An array of strings that will be used for inspecting headers that have a key that matches one of the provided values. */ includedHeaders?: pulumi.Input[]>; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPatternAll { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderOrder { /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJa3Fingerprint { /** * The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBody { /** * What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are `EVALUATE_AS_STRING`, `MATCH` and `NO_MATCH`. */ invalidFallbackBehavior?: pulumi.Input; /** * The patterns to look for in the JSON body. You must specify exactly one setting: either `all` or `includedPaths`. See [JsonMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_JsonMatchPattern.html) for details. */ matchPattern: pulumi.Input; /** * The parts of the JSON to match against using the `matchPattern`. Valid values are `ALL`, `KEY` and `VALUE`. */ matchScope: pulumi.Input; /** * What to do if the body is larger than can be inspected. Valid values are `CONTINUE` (default), `MATCH` and `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBodyMatchPattern { all?: pulumi.Input; includedPaths?: pulumi.Input[]>; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBodyMatchPatternAll { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchMethod { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchQueryString { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleHeader { /** * Name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleQueryArgument { /** * Name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchUriPath { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementTextTransformation { /** * Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * Transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatement { /** * Part of a web request that you want AWS WAF to inspect. See `fieldToMatch` below for details. */ fieldToMatch?: pulumi.Input; /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See `textTransformation` below for details. */ textTransformations: pulumi.Input[]>; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatch { /** * Inspect all query arguments. */ allQueryArguments?: pulumi.Input; /** * Inspect the request body, which immediately follows the request headers. See `body` below for details. */ body?: pulumi.Input; /** * Inspect the cookies in the web request. See `cookies` below for details. */ cookies?: pulumi.Input; /** * Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See `headerOrder` below for details. */ headerOrders?: pulumi.Input[]>; /** * Inspect the request headers. See `headers` below for details. */ headers?: pulumi.Input[]>; /** * Inspect the JA3 fingerprint. See `ja3Fingerprint` below for details. */ ja3Fingerprint?: pulumi.Input; /** * Inspect the request body as JSON. See `jsonBody` for details. */ jsonBody?: pulumi.Input; /** * Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform. */ method?: pulumi.Input; /** * Inspect the query string. This is the part of a URL that appears after a `?` character, if any. */ queryString?: pulumi.Input; /** * Inspect a single header. See `singleHeader` below for details. */ singleHeader?: pulumi.Input; /** * Inspect a single query argument. See `singleQueryArgument` below for details. */ singleQueryArgument?: pulumi.Input; /** * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`. */ uriPath?: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchAllQueryArguments { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchBody { /** * What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchCookies { /** * The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either `all`, `includedCookies` or `excludedCookies`. More details: [CookieMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_CookieMatchPattern.html) */ matchPatterns: pulumi.Input[]>; /** * The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: `ALL`, `KEY`, `VALUE` */ matchScope: pulumi.Input; /** * What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH`. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchCookiesMatchPattern { all?: pulumi.Input; excludedCookies?: pulumi.Input[]>; includedCookies?: pulumi.Input[]>; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchCookiesMatchPatternAll { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeader { /** * The filter to use to identify the subset of headers to inspect in a web request. The `matchPattern` block supports only one of the following arguments: */ matchPattern: pulumi.Input; /** * The parts of the headers to inspect with the rule inspection criteria. If you specify `All`, AWS WAF inspects both keys and values. Valid values include the following: `ALL`, `Key`, `Value`. */ matchScope: pulumi.Input; /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; /** * An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values. */ excludedHeaders?: pulumi.Input[]>; /** * An array of strings that will be used for inspecting headers that have a key that matches one of the provided values. */ includedHeaders?: pulumi.Input[]>; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderMatchPatternAll { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderOrder { /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJa3Fingerprint { /** * The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBody { /** * What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are `EVALUATE_AS_STRING`, `MATCH` and `NO_MATCH`. */ invalidFallbackBehavior?: pulumi.Input; /** * The patterns to look for in the JSON body. You must specify exactly one setting: either `all` or `includedPaths`. See [JsonMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_JsonMatchPattern.html) for details. */ matchPattern: pulumi.Input; /** * The parts of the JSON to match against using the `matchPattern`. Valid values are `ALL`, `KEY` and `VALUE`. */ matchScope: pulumi.Input; /** * What to do if the body is larger than can be inspected. Valid values are `CONTINUE` (default), `MATCH` and `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBodyMatchPattern { all?: pulumi.Input; includedPaths?: pulumi.Input[]>; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBodyMatchPatternAll { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchMethod { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchQueryString { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchSingleHeader { /** * Name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchSingleQueryArgument { /** * Name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchUriPath { } export interface WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementTextTransformation { /** * Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * Transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface WebAclRuleStatementRegexMatchStatement { /** * The part of a web request that you want AWS WAF to inspect. See `fieldToMatch` below for details. */ fieldToMatch?: pulumi.Input; /** * String representing the regular expression. Minimum of `1` and maximum of `512` characters. */ regexString: pulumi.Input; /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See `textTransformation` below for details. */ textTransformations: pulumi.Input[]>; } export interface WebAclRuleStatementRegexMatchStatementFieldToMatch { /** * Inspect all query arguments. */ allQueryArguments?: pulumi.Input; /** * Inspect the request body, which immediately follows the request headers. See `body` below for details. */ body?: pulumi.Input; /** * Inspect the cookies in the web request. See `cookies` below for details. */ cookies?: pulumi.Input; /** * Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See `headerOrder` below for details. */ headerOrders?: pulumi.Input[]>; /** * Inspect the request headers. See `headers` below for details. */ headers?: pulumi.Input[]>; /** * Inspect the JA3 fingerprint. See `ja3Fingerprint` below for details. */ ja3Fingerprint?: pulumi.Input; /** * Inspect the request body as JSON. See `jsonBody` for details. */ jsonBody?: pulumi.Input; /** * Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform. */ method?: pulumi.Input; /** * Inspect the query string. This is the part of a URL that appears after a `?` character, if any. */ queryString?: pulumi.Input; /** * Inspect a single header. See `singleHeader` below for details. */ singleHeader?: pulumi.Input; /** * Inspect a single query argument. See `singleQueryArgument` below for details. */ singleQueryArgument?: pulumi.Input; /** * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`. */ uriPath?: pulumi.Input; } export interface WebAclRuleStatementRegexMatchStatementFieldToMatchAllQueryArguments { } export interface WebAclRuleStatementRegexMatchStatementFieldToMatchBody { /** * What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface WebAclRuleStatementRegexMatchStatementFieldToMatchCookies { /** * The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either `all`, `includedCookies` or `excludedCookies`. More details: [CookieMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_CookieMatchPattern.html) */ matchPatterns: pulumi.Input[]>; /** * The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: `ALL`, `KEY`, `VALUE` */ matchScope: pulumi.Input; /** * What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH`. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementRegexMatchStatementFieldToMatchCookiesMatchPattern { all?: pulumi.Input; excludedCookies?: pulumi.Input[]>; includedCookies?: pulumi.Input[]>; } export interface WebAclRuleStatementRegexMatchStatementFieldToMatchCookiesMatchPatternAll { } export interface WebAclRuleStatementRegexMatchStatementFieldToMatchHeader { /** * The filter to use to identify the subset of headers to inspect in a web request. The `matchPattern` block supports only one of the following arguments: */ matchPattern: pulumi.Input; /** * The parts of the headers to inspect with the rule inspection criteria. If you specify `All`, AWS WAF inspects both keys and values. Valid values include the following: `ALL`, `Key`, `Value`. */ matchScope: pulumi.Input; /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementRegexMatchStatementFieldToMatchHeaderMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; /** * An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values. */ excludedHeaders?: pulumi.Input[]>; /** * An array of strings that will be used for inspecting headers that have a key that matches one of the provided values. */ includedHeaders?: pulumi.Input[]>; } export interface WebAclRuleStatementRegexMatchStatementFieldToMatchHeaderMatchPatternAll { } export interface WebAclRuleStatementRegexMatchStatementFieldToMatchHeaderOrder { /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementRegexMatchStatementFieldToMatchJa3Fingerprint { /** * The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface WebAclRuleStatementRegexMatchStatementFieldToMatchJsonBody { /** * What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are `EVALUATE_AS_STRING`, `MATCH` and `NO_MATCH`. */ invalidFallbackBehavior?: pulumi.Input; /** * The patterns to look for in the JSON body. You must specify exactly one setting: either `all` or `includedPaths`. See [JsonMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_JsonMatchPattern.html) for details. */ matchPattern: pulumi.Input; /** * The parts of the JSON to match against using the `matchPattern`. Valid values are `ALL`, `KEY` and `VALUE`. */ matchScope: pulumi.Input; /** * What to do if the body is larger than can be inspected. Valid values are `CONTINUE` (default), `MATCH` and `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface WebAclRuleStatementRegexMatchStatementFieldToMatchJsonBodyMatchPattern { all?: pulumi.Input; includedPaths?: pulumi.Input[]>; } export interface WebAclRuleStatementRegexMatchStatementFieldToMatchJsonBodyMatchPatternAll { } export interface WebAclRuleStatementRegexMatchStatementFieldToMatchMethod { } export interface WebAclRuleStatementRegexMatchStatementFieldToMatchQueryString { } export interface WebAclRuleStatementRegexMatchStatementFieldToMatchSingleHeader { /** * Name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface WebAclRuleStatementRegexMatchStatementFieldToMatchSingleQueryArgument { /** * Name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface WebAclRuleStatementRegexMatchStatementFieldToMatchUriPath { } export interface WebAclRuleStatementRegexMatchStatementTextTransformation { /** * Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * Transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface WebAclRuleStatementRegexPatternSetReferenceStatement { /** * The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references. */ arn: pulumi.Input; /** * Part of a web request that you want AWS WAF to inspect. See `fieldToMatch` below for details. */ fieldToMatch?: pulumi.Input; /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See `textTransformation` below for details. */ textTransformations: pulumi.Input[]>; } export interface WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatch { /** * Inspect all query arguments. */ allQueryArguments?: pulumi.Input; /** * Inspect the request body, which immediately follows the request headers. See `body` below for details. */ body?: pulumi.Input; /** * Inspect the cookies in the web request. See `cookies` below for details. */ cookies?: pulumi.Input; /** * Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See `headerOrder` below for details. */ headerOrders?: pulumi.Input[]>; /** * Inspect the request headers. See `headers` below for details. */ headers?: pulumi.Input[]>; /** * Inspect the JA3 fingerprint. See `ja3Fingerprint` below for details. */ ja3Fingerprint?: pulumi.Input; /** * Inspect the request body as JSON. See `jsonBody` for details. */ jsonBody?: pulumi.Input; /** * Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform. */ method?: pulumi.Input; /** * Inspect the query string. This is the part of a URL that appears after a `?` character, if any. */ queryString?: pulumi.Input; /** * Inspect a single header. See `singleHeader` below for details. */ singleHeader?: pulumi.Input; /** * Inspect a single query argument. See `singleQueryArgument` below for details. */ singleQueryArgument?: pulumi.Input; /** * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`. */ uriPath?: pulumi.Input; } export interface WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments { } export interface WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatchBody { /** * What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatchCookies { /** * The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either `all`, `includedCookies` or `excludedCookies`. More details: [CookieMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_CookieMatchPattern.html) */ matchPatterns: pulumi.Input[]>; /** * The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: `ALL`, `KEY`, `VALUE` */ matchScope: pulumi.Input; /** * What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH`. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPattern { all?: pulumi.Input; excludedCookies?: pulumi.Input[]>; includedCookies?: pulumi.Input[]>; } export interface WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPatternAll { } export interface WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeader { /** * The filter to use to identify the subset of headers to inspect in a web request. The `matchPattern` block supports only one of the following arguments: */ matchPattern: pulumi.Input; /** * The parts of the headers to inspect with the rule inspection criteria. If you specify `All`, AWS WAF inspects both keys and values. Valid values include the following: `ALL`, `Key`, `Value`. */ matchScope: pulumi.Input; /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; /** * An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values. */ excludedHeaders?: pulumi.Input[]>; /** * An array of strings that will be used for inspecting headers that have a key that matches one of the provided values. */ includedHeaders?: pulumi.Input[]>; } export interface WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPatternAll { } export interface WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatchHeaderOrder { /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatchJa3Fingerprint { /** * The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatchJsonBody { /** * What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are `EVALUATE_AS_STRING`, `MATCH` and `NO_MATCH`. */ invalidFallbackBehavior?: pulumi.Input; /** * The patterns to look for in the JSON body. You must specify exactly one setting: either `all` or `includedPaths`. See [JsonMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_JsonMatchPattern.html) for details. */ matchPattern: pulumi.Input; /** * The parts of the JSON to match against using the `matchPattern`. Valid values are `ALL`, `KEY` and `VALUE`. */ matchScope: pulumi.Input; /** * What to do if the body is larger than can be inspected. Valid values are `CONTINUE` (default), `MATCH` and `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPattern { all?: pulumi.Input; includedPaths?: pulumi.Input[]>; } export interface WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPatternAll { } export interface WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatchMethod { } export interface WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatchQueryString { } export interface WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader { /** * Name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument { /** * Name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatchUriPath { } export interface WebAclRuleStatementRegexPatternSetReferenceStatementTextTransformation { /** * Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * Transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface WebAclRuleStatementRuleGroupReferenceStatement { /** * The Amazon Resource Name (ARN) of the `aws.wafv2.RuleGroup` resource. */ arn: pulumi.Input; /** * Action settings to use in the place of the rule actions that are configured inside the rule group. You specify one override for each rule whose action you want to change. See `ruleActionOverride` below for details. */ ruleActionOverrides?: pulumi.Input[]>; } export interface WebAclRuleStatementRuleGroupReferenceStatementRuleActionOverride { /** * Override action to use, in place of the configured action of the rule in the rule group. See `action` for details. */ actionToUse: pulumi.Input; /** * Name of the rule to override. See the [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-list.html) for a list of names in the appropriate rule group in use. */ name: pulumi.Input; } export interface WebAclRuleStatementRuleGroupReferenceStatementRuleActionOverrideActionToUse { allow?: pulumi.Input; block?: pulumi.Input; captcha?: pulumi.Input; challenge?: pulumi.Input; count?: pulumi.Input; } export interface WebAclRuleStatementRuleGroupReferenceStatementRuleActionOverrideActionToUseAllow { /** * Defines custom handling for the web request. See `customRequestHandling` below for details. */ customRequestHandling?: pulumi.Input; } export interface WebAclRuleStatementRuleGroupReferenceStatementRuleActionOverrideActionToUseAllowCustomRequestHandling { /** * The `insertHeader` blocks used to define HTTP headers added to the request. See `insertHeader` below for details. */ insertHeaders: pulumi.Input[]>; } export interface WebAclRuleStatementRuleGroupReferenceStatementRuleActionOverrideActionToUseAllowCustomRequestHandlingInsertHeader { /** * Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name `x-amzn-waf-`, to avoid confusion with the headers that are already in the request. For example, for the header name `sample`, AWS WAF inserts the header `x-amzn-waf-sample`. */ name: pulumi.Input; /** * Value of the custom header. */ value: pulumi.Input; } export interface WebAclRuleStatementRuleGroupReferenceStatementRuleActionOverrideActionToUseBlock { /** * Defines a custom response for the web request. See `customResponse` below for details. */ customResponse?: pulumi.Input; } export interface WebAclRuleStatementRuleGroupReferenceStatementRuleActionOverrideActionToUseBlockCustomResponse { /** * References the response body that you want AWS WAF to return to the web request client. This must reference a `key` defined in a `customResponseBody` block of this resource. */ customResponseBodyKey?: pulumi.Input; /** * The HTTP status code to return to the client. */ responseCode: pulumi.Input; /** * The `responseHeader` blocks used to define the HTTP response headers added to the response. See `responseHeader` below for details. */ responseHeaders?: pulumi.Input[]>; } export interface WebAclRuleStatementRuleGroupReferenceStatementRuleActionOverrideActionToUseBlockCustomResponseResponseHeader { /** * Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name `x-amzn-waf-`, to avoid confusion with the headers that are already in the request. For example, for the header name `sample`, AWS WAF inserts the header `x-amzn-waf-sample`. */ name: pulumi.Input; /** * Value of the custom header. */ value: pulumi.Input; } export interface WebAclRuleStatementRuleGroupReferenceStatementRuleActionOverrideActionToUseCaptcha { /** * Defines custom handling for the web request. See `customRequestHandling` below for details. */ customRequestHandling?: pulumi.Input; } export interface WebAclRuleStatementRuleGroupReferenceStatementRuleActionOverrideActionToUseCaptchaCustomRequestHandling { /** * The `insertHeader` blocks used to define HTTP headers added to the request. See `insertHeader` below for details. */ insertHeaders: pulumi.Input[]>; } export interface WebAclRuleStatementRuleGroupReferenceStatementRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeader { /** * Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name `x-amzn-waf-`, to avoid confusion with the headers that are already in the request. For example, for the header name `sample`, AWS WAF inserts the header `x-amzn-waf-sample`. */ name: pulumi.Input; /** * Value of the custom header. */ value: pulumi.Input; } export interface WebAclRuleStatementRuleGroupReferenceStatementRuleActionOverrideActionToUseChallenge { /** * Defines custom handling for the web request. See `customRequestHandling` below for details. */ customRequestHandling?: pulumi.Input; } export interface WebAclRuleStatementRuleGroupReferenceStatementRuleActionOverrideActionToUseChallengeCustomRequestHandling { /** * The `insertHeader` blocks used to define HTTP headers added to the request. See `insertHeader` below for details. */ insertHeaders: pulumi.Input[]>; } export interface WebAclRuleStatementRuleGroupReferenceStatementRuleActionOverrideActionToUseChallengeCustomRequestHandlingInsertHeader { /** * Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name `x-amzn-waf-`, to avoid confusion with the headers that are already in the request. For example, for the header name `sample`, AWS WAF inserts the header `x-amzn-waf-sample`. */ name: pulumi.Input; /** * Value of the custom header. */ value: pulumi.Input; } export interface WebAclRuleStatementRuleGroupReferenceStatementRuleActionOverrideActionToUseCount { /** * Defines custom handling for the web request. See `customRequestHandling` below for details. */ customRequestHandling?: pulumi.Input; } export interface WebAclRuleStatementRuleGroupReferenceStatementRuleActionOverrideActionToUseCountCustomRequestHandling { /** * The `insertHeader` blocks used to define HTTP headers added to the request. See `insertHeader` below for details. */ insertHeaders: pulumi.Input[]>; } export interface WebAclRuleStatementRuleGroupReferenceStatementRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeader { /** * Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name `x-amzn-waf-`, to avoid confusion with the headers that are already in the request. For example, for the header name `sample`, AWS WAF inserts the header `x-amzn-waf-sample`. */ name: pulumi.Input; /** * Value of the custom header. */ value: pulumi.Input; } export interface WebAclRuleStatementSizeConstraintStatement { /** * Operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`. */ comparisonOperator: pulumi.Input; /** * Part of a web request that you want AWS WAF to inspect. See `fieldToMatch` below for details. */ fieldToMatch?: pulumi.Input; /** * Size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive. */ size: pulumi.Input; /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See `textTransformation` below for details. */ textTransformations: pulumi.Input[]>; } export interface WebAclRuleStatementSizeConstraintStatementFieldToMatch { /** * Inspect all query arguments. */ allQueryArguments?: pulumi.Input; /** * Inspect the request body, which immediately follows the request headers. See `body` below for details. */ body?: pulumi.Input; /** * Inspect the cookies in the web request. See `cookies` below for details. */ cookies?: pulumi.Input; /** * Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See `headerOrder` below for details. */ headerOrders?: pulumi.Input[]>; /** * Inspect the request headers. See `headers` below for details. */ headers?: pulumi.Input[]>; /** * Inspect the JA3 fingerprint. See `ja3Fingerprint` below for details. */ ja3Fingerprint?: pulumi.Input; /** * Inspect the request body as JSON. See `jsonBody` for details. */ jsonBody?: pulumi.Input; /** * Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform. */ method?: pulumi.Input; /** * Inspect the query string. This is the part of a URL that appears after a `?` character, if any. */ queryString?: pulumi.Input; /** * Inspect a single header. See `singleHeader` below for details. */ singleHeader?: pulumi.Input; /** * Inspect a single query argument. See `singleQueryArgument` below for details. */ singleQueryArgument?: pulumi.Input; /** * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`. */ uriPath?: pulumi.Input; } export interface WebAclRuleStatementSizeConstraintStatementFieldToMatchAllQueryArguments { } export interface WebAclRuleStatementSizeConstraintStatementFieldToMatchBody { /** * What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface WebAclRuleStatementSizeConstraintStatementFieldToMatchCookies { /** * The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either `all`, `includedCookies` or `excludedCookies`. More details: [CookieMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_CookieMatchPattern.html) */ matchPatterns: pulumi.Input[]>; /** * The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: `ALL`, `KEY`, `VALUE` */ matchScope: pulumi.Input; /** * What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH`. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementSizeConstraintStatementFieldToMatchCookiesMatchPattern { all?: pulumi.Input; excludedCookies?: pulumi.Input[]>; includedCookies?: pulumi.Input[]>; } export interface WebAclRuleStatementSizeConstraintStatementFieldToMatchCookiesMatchPatternAll { } export interface WebAclRuleStatementSizeConstraintStatementFieldToMatchHeader { /** * The filter to use to identify the subset of headers to inspect in a web request. The `matchPattern` block supports only one of the following arguments: */ matchPattern: pulumi.Input; /** * The parts of the headers to inspect with the rule inspection criteria. If you specify `All`, AWS WAF inspects both keys and values. Valid values include the following: `ALL`, `Key`, `Value`. */ matchScope: pulumi.Input; /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementSizeConstraintStatementFieldToMatchHeaderMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; /** * An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values. */ excludedHeaders?: pulumi.Input[]>; /** * An array of strings that will be used for inspecting headers that have a key that matches one of the provided values. */ includedHeaders?: pulumi.Input[]>; } export interface WebAclRuleStatementSizeConstraintStatementFieldToMatchHeaderMatchPatternAll { } export interface WebAclRuleStatementSizeConstraintStatementFieldToMatchHeaderOrder { /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementSizeConstraintStatementFieldToMatchJa3Fingerprint { /** * The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface WebAclRuleStatementSizeConstraintStatementFieldToMatchJsonBody { /** * What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are `EVALUATE_AS_STRING`, `MATCH` and `NO_MATCH`. */ invalidFallbackBehavior?: pulumi.Input; /** * The patterns to look for in the JSON body. You must specify exactly one setting: either `all` or `includedPaths`. See [JsonMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_JsonMatchPattern.html) for details. */ matchPattern: pulumi.Input; /** * The parts of the JSON to match against using the `matchPattern`. Valid values are `ALL`, `KEY` and `VALUE`. */ matchScope: pulumi.Input; /** * What to do if the body is larger than can be inspected. Valid values are `CONTINUE` (default), `MATCH` and `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface WebAclRuleStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPattern { all?: pulumi.Input; includedPaths?: pulumi.Input[]>; } export interface WebAclRuleStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPatternAll { } export interface WebAclRuleStatementSizeConstraintStatementFieldToMatchMethod { } export interface WebAclRuleStatementSizeConstraintStatementFieldToMatchQueryString { } export interface WebAclRuleStatementSizeConstraintStatementFieldToMatchSingleHeader { /** * Name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface WebAclRuleStatementSizeConstraintStatementFieldToMatchSingleQueryArgument { /** * Name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface WebAclRuleStatementSizeConstraintStatementFieldToMatchUriPath { } export interface WebAclRuleStatementSizeConstraintStatementTextTransformation { /** * Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * Transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface WebAclRuleStatementSqliMatchStatement { /** * Part of a web request that you want AWS WAF to inspect. See `fieldToMatch` below for details. */ fieldToMatch?: pulumi.Input; /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See `textTransformation` below for details. */ textTransformations: pulumi.Input[]>; } export interface WebAclRuleStatementSqliMatchStatementFieldToMatch { /** * Inspect all query arguments. */ allQueryArguments?: pulumi.Input; /** * Inspect the request body, which immediately follows the request headers. See `body` below for details. */ body?: pulumi.Input; /** * Inspect the cookies in the web request. See `cookies` below for details. */ cookies?: pulumi.Input; /** * Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See `headerOrder` below for details. */ headerOrders?: pulumi.Input[]>; /** * Inspect the request headers. See `headers` below for details. */ headers?: pulumi.Input[]>; /** * Inspect the JA3 fingerprint. See `ja3Fingerprint` below for details. */ ja3Fingerprint?: pulumi.Input; /** * Inspect the request body as JSON. See `jsonBody` for details. */ jsonBody?: pulumi.Input; /** * Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform. */ method?: pulumi.Input; /** * Inspect the query string. This is the part of a URL that appears after a `?` character, if any. */ queryString?: pulumi.Input; /** * Inspect a single header. See `singleHeader` below for details. */ singleHeader?: pulumi.Input; /** * Inspect a single query argument. See `singleQueryArgument` below for details. */ singleQueryArgument?: pulumi.Input; /** * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`. */ uriPath?: pulumi.Input; } export interface WebAclRuleStatementSqliMatchStatementFieldToMatchAllQueryArguments { } export interface WebAclRuleStatementSqliMatchStatementFieldToMatchBody { /** * What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface WebAclRuleStatementSqliMatchStatementFieldToMatchCookies { /** * The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either `all`, `includedCookies` or `excludedCookies`. More details: [CookieMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_CookieMatchPattern.html) */ matchPatterns: pulumi.Input[]>; /** * The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: `ALL`, `KEY`, `VALUE` */ matchScope: pulumi.Input; /** * What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH`. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementSqliMatchStatementFieldToMatchCookiesMatchPattern { all?: pulumi.Input; excludedCookies?: pulumi.Input[]>; includedCookies?: pulumi.Input[]>; } export interface WebAclRuleStatementSqliMatchStatementFieldToMatchCookiesMatchPatternAll { } export interface WebAclRuleStatementSqliMatchStatementFieldToMatchHeader { /** * The filter to use to identify the subset of headers to inspect in a web request. The `matchPattern` block supports only one of the following arguments: */ matchPattern: pulumi.Input; /** * The parts of the headers to inspect with the rule inspection criteria. If you specify `All`, AWS WAF inspects both keys and values. Valid values include the following: `ALL`, `Key`, `Value`. */ matchScope: pulumi.Input; /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementSqliMatchStatementFieldToMatchHeaderMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; /** * An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values. */ excludedHeaders?: pulumi.Input[]>; /** * An array of strings that will be used for inspecting headers that have a key that matches one of the provided values. */ includedHeaders?: pulumi.Input[]>; } export interface WebAclRuleStatementSqliMatchStatementFieldToMatchHeaderMatchPatternAll { } export interface WebAclRuleStatementSqliMatchStatementFieldToMatchHeaderOrder { /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementSqliMatchStatementFieldToMatchJa3Fingerprint { /** * The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface WebAclRuleStatementSqliMatchStatementFieldToMatchJsonBody { /** * What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are `EVALUATE_AS_STRING`, `MATCH` and `NO_MATCH`. */ invalidFallbackBehavior?: pulumi.Input; /** * The patterns to look for in the JSON body. You must specify exactly one setting: either `all` or `includedPaths`. See [JsonMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_JsonMatchPattern.html) for details. */ matchPattern: pulumi.Input; /** * The parts of the JSON to match against using the `matchPattern`. Valid values are `ALL`, `KEY` and `VALUE`. */ matchScope: pulumi.Input; /** * What to do if the body is larger than can be inspected. Valid values are `CONTINUE` (default), `MATCH` and `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface WebAclRuleStatementSqliMatchStatementFieldToMatchJsonBodyMatchPattern { all?: pulumi.Input; includedPaths?: pulumi.Input[]>; } export interface WebAclRuleStatementSqliMatchStatementFieldToMatchJsonBodyMatchPatternAll { } export interface WebAclRuleStatementSqliMatchStatementFieldToMatchMethod { } export interface WebAclRuleStatementSqliMatchStatementFieldToMatchQueryString { } export interface WebAclRuleStatementSqliMatchStatementFieldToMatchSingleHeader { /** * Name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface WebAclRuleStatementSqliMatchStatementFieldToMatchSingleQueryArgument { /** * Name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface WebAclRuleStatementSqliMatchStatementFieldToMatchUriPath { } export interface WebAclRuleStatementSqliMatchStatementTextTransformation { /** * Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * Transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface WebAclRuleStatementXssMatchStatement { /** * Part of a web request that you want AWS WAF to inspect. See `fieldToMatch` below for details. */ fieldToMatch?: pulumi.Input; /** * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See `textTransformation` below for details. */ textTransformations: pulumi.Input[]>; } export interface WebAclRuleStatementXssMatchStatementFieldToMatch { /** * Inspect all query arguments. */ allQueryArguments?: pulumi.Input; /** * Inspect the request body, which immediately follows the request headers. See `body` below for details. */ body?: pulumi.Input; /** * Inspect the cookies in the web request. See `cookies` below for details. */ cookies?: pulumi.Input; /** * Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See `headerOrder` below for details. */ headerOrders?: pulumi.Input[]>; /** * Inspect the request headers. See `headers` below for details. */ headers?: pulumi.Input[]>; /** * Inspect the JA3 fingerprint. See `ja3Fingerprint` below for details. */ ja3Fingerprint?: pulumi.Input; /** * Inspect the request body as JSON. See `jsonBody` for details. */ jsonBody?: pulumi.Input; /** * Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform. */ method?: pulumi.Input; /** * Inspect the query string. This is the part of a URL that appears after a `?` character, if any. */ queryString?: pulumi.Input; /** * Inspect a single header. See `singleHeader` below for details. */ singleHeader?: pulumi.Input; /** * Inspect a single query argument. See `singleQueryArgument` below for details. */ singleQueryArgument?: pulumi.Input; /** * Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`. */ uriPath?: pulumi.Input; } export interface WebAclRuleStatementXssMatchStatementFieldToMatchAllQueryArguments { } export interface WebAclRuleStatementXssMatchStatementFieldToMatchBody { /** * What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface WebAclRuleStatementXssMatchStatementFieldToMatchCookies { /** * The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either `all`, `includedCookies` or `excludedCookies`. More details: [CookieMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_CookieMatchPattern.html) */ matchPatterns: pulumi.Input[]>; /** * The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: `ALL`, `KEY`, `VALUE` */ matchScope: pulumi.Input; /** * What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: `CONTINUE`, `MATCH`, `NO_MATCH`. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementXssMatchStatementFieldToMatchCookiesMatchPattern { all?: pulumi.Input; excludedCookies?: pulumi.Input[]>; includedCookies?: pulumi.Input[]>; } export interface WebAclRuleStatementXssMatchStatementFieldToMatchCookiesMatchPatternAll { } export interface WebAclRuleStatementXssMatchStatementFieldToMatchHeader { /** * The filter to use to identify the subset of headers to inspect in a web request. The `matchPattern` block supports only one of the following arguments: */ matchPattern: pulumi.Input; /** * The parts of the headers to inspect with the rule inspection criteria. If you specify `All`, AWS WAF inspects both keys and values. Valid values include the following: `ALL`, `Key`, `Value`. */ matchScope: pulumi.Input; /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementXssMatchStatementFieldToMatchHeaderMatchPattern { /** * An empty configuration block that is used for inspecting all headers. */ all?: pulumi.Input; /** * An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values. */ excludedHeaders?: pulumi.Input[]>; /** * An array of strings that will be used for inspecting headers that have a key that matches one of the provided values. */ includedHeaders?: pulumi.Input[]>; } export interface WebAclRuleStatementXssMatchStatementFieldToMatchHeaderMatchPatternAll { } export interface WebAclRuleStatementXssMatchStatementFieldToMatchHeaderOrder { /** * Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: `CONTINUE`, `MATCH`, `NO_MATCH`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-oversize-handling.html) for more information. */ oversizeHandling: pulumi.Input; } export interface WebAclRuleStatementXssMatchStatementFieldToMatchJa3Fingerprint { /** * The match status to assign to the web request if the request doesn't have a JA3 fingerprint. Valid values include: `MATCH` or `NO_MATCH`. */ fallbackBehavior: pulumi.Input; } export interface WebAclRuleStatementXssMatchStatementFieldToMatchJsonBody { /** * What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are `EVALUATE_AS_STRING`, `MATCH` and `NO_MATCH`. */ invalidFallbackBehavior?: pulumi.Input; /** * The patterns to look for in the JSON body. You must specify exactly one setting: either `all` or `includedPaths`. See [JsonMatchPattern](https://docs.aws.amazon.com/waf/latest/APIReference/API_JsonMatchPattern.html) for details. */ matchPattern: pulumi.Input; /** * The parts of the JSON to match against using the `matchPattern`. Valid values are `ALL`, `KEY` and `VALUE`. */ matchScope: pulumi.Input; /** * What to do if the body is larger than can be inspected. Valid values are `CONTINUE` (default), `MATCH` and `NO_MATCH`. */ oversizeHandling?: pulumi.Input; } export interface WebAclRuleStatementXssMatchStatementFieldToMatchJsonBodyMatchPattern { all?: pulumi.Input; includedPaths?: pulumi.Input[]>; } export interface WebAclRuleStatementXssMatchStatementFieldToMatchJsonBodyMatchPatternAll { } export interface WebAclRuleStatementXssMatchStatementFieldToMatchMethod { } export interface WebAclRuleStatementXssMatchStatementFieldToMatchQueryString { } export interface WebAclRuleStatementXssMatchStatementFieldToMatchSingleHeader { /** * Name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface WebAclRuleStatementXssMatchStatementFieldToMatchSingleQueryArgument { /** * Name of the query header to inspect. This setting must be provided as lower case characters. */ name: pulumi.Input; } export interface WebAclRuleStatementXssMatchStatementFieldToMatchUriPath { } export interface WebAclRuleStatementXssMatchStatementTextTransformation { /** * Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. */ priority: pulumi.Input; /** * Transformation to apply, please refer to the Text Transformation [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details. */ type: pulumi.Input; } export interface WebAclRuleVisibilityConfig { /** * Whether the associated resource sends metrics to CloudWatch. For the list of available metrics, see [AWS WAF Metrics](https://docs.aws.amazon.com/waf/latest/developerguide/monitoring-cloudwatch.html#waf-metrics). */ cloudwatchMetricsEnabled: pulumi.Input; /** * A friendly name of the CloudWatch metric. The name can contain only alphanumeric characters (A-Z, a-z, 0-9) hyphen(-) and underscore (\_), with length from one to 128 characters. It can't contain whitespace or metric names reserved for AWS WAF, for example `All` and `Default_Action`. */ metricName: pulumi.Input; /** * Whether AWS WAF should store a sampling of the web requests that match the rules. You can view the sampled requests through the AWS WAF console. */ sampledRequestsEnabled: pulumi.Input; } export interface WebAclVisibilityConfig { /** * Whether the associated resource sends metrics to CloudWatch. For the list of available metrics, see [AWS WAF Metrics](https://docs.aws.amazon.com/waf/latest/developerguide/monitoring-cloudwatch.html#waf-metrics). */ cloudwatchMetricsEnabled: pulumi.Input; /** * A friendly name of the CloudWatch metric. The name can contain only alphanumeric characters (A-Z, a-z, 0-9) hyphen(-) and underscore (\_), with length from one to 128 characters. It can't contain whitespace or metric names reserved for AWS WAF, for example `All` and `Default_Action`. */ metricName: pulumi.Input; /** * Whether AWS WAF should store a sampling of the web requests that match the rules. You can view the sampled requests through the AWS WAF console. */ sampledRequestsEnabled: pulumi.Input; } } export namespace worklink { export interface FleetIdentityProvider { /** * The SAML metadata document provided by the customer’s identity provider. */ samlMetadata: pulumi.Input; /** * The type of identity provider. */ type: pulumi.Input; } export interface FleetNetwork { /** * A list of security group IDs associated with access to the provided subnets. * * **identity_provider** requires the following: * * > **NOTE:** `identityProvider` cannot be removed without force recreating. */ securityGroupIds: pulumi.Input[]>; /** * A list of subnet IDs used for X-ENI connections from Amazon WorkLink rendering containers. */ subnetIds: pulumi.Input[]>; /** * The VPC ID with connectivity to associated websites. */ vpcId: pulumi.Input; } } export namespace workspaces { export interface ConnectionAliasTimeouts { /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ create?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs. */ delete?: pulumi.Input; /** * A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). */ update?: pulumi.Input; } export interface DirectorySelfServicePermissions { /** * Whether WorkSpaces directory users can change the compute type (bundle) for their workspace. Default `false`. */ changeComputeType?: pulumi.Input; /** * Whether WorkSpaces directory users can increase the volume size of the drives on their workspace. Default `false`. */ increaseVolumeSize?: pulumi.Input; /** * Whether WorkSpaces directory users can rebuild the operating system of a workspace to its original state. Default `false`. */ rebuildWorkspace?: pulumi.Input; /** * Whether WorkSpaces directory users can restart their workspace. Default `true`. */ restartWorkspace?: pulumi.Input; /** * Whether WorkSpaces directory users can switch the running mode of their workspace. Default `false`. */ switchRunningMode?: pulumi.Input; } export interface DirectoryWorkspaceAccessProperties { /** * Indicates whether users can use Android devices to access their WorkSpaces. */ deviceTypeAndroid?: pulumi.Input; /** * Indicates whether users can use Chromebooks to access their WorkSpaces. */ deviceTypeChromeos?: pulumi.Input; /** * Indicates whether users can use iOS devices to access their WorkSpaces. */ deviceTypeIos?: pulumi.Input; /** * Indicates whether users can use Linux clients to access their WorkSpaces. */ deviceTypeLinux?: pulumi.Input; /** * Indicates whether users can use macOS clients to access their WorkSpaces. */ deviceTypeOsx?: pulumi.Input; /** * Indicates whether users can access their WorkSpaces through a web browser. */ deviceTypeWeb?: pulumi.Input; /** * Indicates whether users can use Windows clients to access their WorkSpaces. */ deviceTypeWindows?: pulumi.Input; /** * Indicates whether users can use zero client devices to access their WorkSpaces. */ deviceTypeZeroclient?: pulumi.Input; } export interface DirectoryWorkspaceCreationProperties { /** * The identifier of your custom security group. Should relate to the same VPC, where workspaces reside in. */ customSecurityGroupId?: pulumi.Input; /** * The default organizational unit (OU) for your WorkSpace directories. Should conform `"OU=,DC=,...,DC="` pattern. */ defaultOu?: pulumi.Input; /** * Indicates whether internet access is enabled for your WorkSpaces. */ enableInternetAccess?: pulumi.Input; /** * Indicates whether maintenance mode is enabled for your WorkSpaces. For more information, see [WorkSpace Maintenance](https://docs.aws.amazon.com/workspaces/latest/adminguide/workspace-maintenance.html).. */ enableMaintenanceMode?: pulumi.Input; /** * Indicates whether users are local administrators of their WorkSpaces. */ userEnabledAsLocalAdministrator?: pulumi.Input; } export interface IpGroupRule { /** * The description of the IP group. */ description?: pulumi.Input; source: pulumi.Input; } export interface WorkspaceWorkspaceProperties { /** * The compute type. For more information, see [Amazon WorkSpaces Bundles](http://aws.amazon.com/workspaces/details/#Amazon_WorkSpaces_Bundles). Valid values are `VALUE`, `STANDARD`, `PERFORMANCE`, `POWER`, `GRAPHICS`, `POWERPRO`, `GRAPHICSPRO`, `GRAPHICS_G4DN`, and `GRAPHICSPRO_G4DN`. */ computeTypeName?: pulumi.Input; /** * The size of the root volume. */ rootVolumeSizeGib?: pulumi.Input; /** * The running mode. For more information, see [Manage the WorkSpace Running Mode](https://docs.aws.amazon.com/workspaces/latest/adminguide/running-mode.html). Valid values are `AUTO_STOP` and `ALWAYS_ON`. */ runningMode?: pulumi.Input; /** * The time after a user logs off when WorkSpaces are automatically stopped. Configured in 60-minute intervals. */ runningModeAutoStopTimeoutInMinutes?: pulumi.Input; /** * The size of the user storage. */ userVolumeSizeGib?: pulumi.Input; } } export namespace xray { export interface GroupInsightsConfiguration { /** * Specifies whether insights are enabled. */ insightsEnabled: pulumi.Input; /** * Specifies whether insight notifications are enabled. */ notificationsEnabled?: pulumi.Input; } }