@awboost/cfn-resource-types 0.1.473 → 0.1.475

package/lib/AWS-AppConfig-Deployment.d.ts

@@ -32,7 +32,7 @@ export type AppConfigDeploymentProperties = {
     EnvironmentId: string;
     /**
      * The AWS Key Management Service key identifier (key ID, key alias, or key ARN) provided when the resource was created or updated.
-     * @pattern `^[\da-f]{8}-[\da-f]{4}-[\da-f]{4}-[\da-f]{4}-[\da-f]{12}|alias/[a-zA-Z0-9/_-]{1,250}|arn:aws[a-zA-Z-]*:kms:((eusc-)?[a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\d{1})?:(key/[0-9a-f-]{36}|alias/[a-zA-Z0-9/_-]{1,250})$`
+     * @pattern `^[\da-f]{8}-[\da-f]{4}-[\da-f]{4}-[\da-f]{4}-[\da-f]{12}|alias/[a-zA-Z0-9/_-]{1,250}|arn:aws[a-zA-Z-]*:kms:[a-z]{2}(-gov|-iso(b?))?-[a-z]+-\d{1}:\d{12}:(key/[0-9a-f-]{36}|alias/[a-zA-Z0-9/_-]{1,250})$`
      */
     KmsKeyIdentifier?: string;
     /**

package/lib/AWS-BedrockAgentCore-GatewayTarget.d.ts

@@ -35,6 +35,7 @@ export type BedrockAgentCoreGatewayTargetAttributes = {
      * @pattern `^arn:aws(|-cn|-us-gov):bedrock-agentcore:[a-z0-9-]{1,20}:[0-9]{12}:gateway/([0-9a-z][-]?){1,100}-[a-z0-9]{10}$`
      */
     GatewayArn: string;
+    LastSynchronizedAt: string;
     Status: TargetStatus;
     /**
      * @maxLength `100`
@@ -116,6 +117,16 @@ export type McpLambdaTargetConfiguration = {
     LambdaArn: string;
     ToolSchema: ToolSchema;
 };
+/**
+ * Type definition for `AWS::BedrockAgentCore::GatewayTarget.McpServerTargetConfiguration`.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-bedrockagentcore-gatewaytarget-mcpservertargetconfiguration.html}
+ */
+export type McpServerTargetConfiguration = {
+    /**
+     * @pattern `^https://.*`
+     */
+    Endpoint: string;
+};
 /**
  * Type definition for `AWS::BedrockAgentCore::GatewayTarget.McpTargetConfiguration`.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-bedrockagentcore-gatewaytarget-mcptargetconfiguration.html}
@@ -126,6 +137,8 @@ export type McpTargetConfiguration = {
     SmithyModel: ApiSchemaConfiguration;
 } | {
     Lambda: McpLambdaTargetConfiguration;
+} | {
+    McpServer: McpServerTargetConfiguration;
 };
 /**
  * Type definition for `AWS::BedrockAgentCore::GatewayTarget.OAuthCredentialProvider`.
@@ -193,7 +206,7 @@ export type TargetConfiguration = {
  * Type definition for `AWS::BedrockAgentCore::GatewayTarget.TargetStatus`.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-bedrockagentcore-gatewaytarget-targetstatus.html}
  */
-export type TargetStatus = "CREATING" | "UPDATING" | "UPDATE_UNSUCCESSFUL" | "DELETING" | "READY" | "FAILED";
+export type TargetStatus = "CREATING" | "UPDATING" | "UPDATE_UNSUCCESSFUL" | "DELETING" | "READY" | "FAILED" | "SYNCHRONIZING" | "SYNCHRONIZE_UNSUCCESSFUL";
 /**
  * Type definition for `AWS::BedrockAgentCore::GatewayTarget.ToolDefinition`.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-bedrockagentcore-gatewaytarget-tooldefinition.html}

package/lib/AWS-Connect-SecurityProfile.d.ts

@@ -28,6 +28,12 @@ export type ConnectSecurityProfileProperties = {
      * @maxLength `250`
      */
     Description?: string;
+    GranularAccessControlConfiguration?: {
+        /**
+         * Defines the access control configuration for data tables.
+         */
+        DataTableAccessControlConfiguration?: DataTableAccessControlConfiguration;
+    };
     /**
      * The list of resources that a security profile applies hierarchy restrictions to in Amazon Connect.
      * @maxLength `10`
@@ -99,6 +105,54 @@ export type Application = {
      */
     Namespace: string;
 };
+/**
+ * Type definition for `AWS::Connect::SecurityProfile.DataTableAccessControlConfiguration`.
+ * Defines the access control configuration for data tables.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-connect-securityprofile-datatableaccesscontrolconfiguration.html}
+ */
+export type DataTableAccessControlConfiguration = {
+    /**
+     * Contains the configuration for record-based access control.
+     */
+    PrimaryAttributeAccessControlConfiguration?: PrimaryAttributeAccessControlConfigurationItem;
+};
+/**
+ * Type definition for `AWS::Connect::SecurityProfile.PrimaryAttributeAccessControlConfigurationItem`.
+ * Contains the configuration for record-based access control.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-connect-securityprofile-primaryattributeaccesscontrolconfigurationitem.html}
+ */
+export type PrimaryAttributeAccessControlConfigurationItem = {
+    /**
+     * An array of PrimaryAttributeValue objects.
+     * @minLength `1`
+     * @maxLength `5`
+     */
+    PrimaryAttributeValues: PrimaryAttributeValue[];
+};
+/**
+ * Type definition for `AWS::Connect::SecurityProfile.PrimaryAttributeValue`.
+ * An object defining the access control for a specific attribute and its values.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-connect-securityprofile-primaryattributevalue.html}
+ */
+export type PrimaryAttributeValue = {
+    /**
+     * Specifies the type of access granted. Currently, only "ALLOW" is supported
+     */
+    AccessType: "ALLOW";
+    /**
+     * The name of the primary attribute.
+     * @minLength `1`
+     * @maxLength `127`
+     * @pattern `^(?!aws:|connect:)[\p{L}\p{Z}\p{N}\-_.:=@'|]+$`
+     */
+    AttributeName: string;
+    /**
+     * An array of allowed primary values for the specified primary attribute.
+     * @minLength `1`
+     * @maxLength `2`
+     */
+    Values: string[];
+};
 /**
  * Type definition for `AWS::Connect::SecurityProfile.Tag`.
  * A key-value pair to associate with a resource.

package/lib/AWS-ControlTower-LandingZone.d.ts

@@ -6,6 +6,7 @@ import type { ResourceOptions as $ResourceOptions } from "@awboost/cfn-template-
  */
 export type ControlTowerLandingZoneProperties = {
     Manifest: any;
+    RemediationTypes?: "INHERITANCE_DRIFT"[];
     Tags?: Tag[];
     /**
      * @minLength `3`

package/lib/AWS-DynamoDB-GlobalTable.d.ts

@@ -235,7 +235,7 @@ export type ReplicaSSESpecification = {
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dynamodb-globaltable-replicastreamspecification.html}
  */
 export type ReplicaStreamSpecification = {
-    ResourcePolicy?: ResourcePolicy;
+    ResourcePolicy: ResourcePolicy;
 };
 /**
  * Type definition for `AWS::DynamoDB::GlobalTable.ResourcePolicy`.

package/lib/AWS-EC2-EC2Fleet.d.ts

@@ -148,9 +148,9 @@ export type FleetLaunchTemplateSpecificationRequest = {
 export type InstanceRequirementsRequest = {
     AcceleratorCount?: AcceleratorCountRequest;
     AcceleratorManufacturers?: ("amazon-web-services" | "amd" | "habana" | "nvidia" | "xilinx")[];
-    AcceleratorNames?: ("a10g" | "a100" | "h100" | "inferentia" | "k520" | "k80" | "m60" | "radeon-pro-v520" | "t4" | "t4g" | "vu9p" | "v100")[];
+    AcceleratorNames?: ("a10g" | "a100" | "h100" | "inferentia" | "k520" | "k80" | "m60" | "radeon-pro-v520" | "t4" | "t4g" | "vu9p" | "v100" | "l40s" | "l4" | "gaudi-hl-205" | "inferentia2" | "trainium" | "trainium2" | "u30")[];
     AcceleratorTotalMemoryMiB?: AcceleratorTotalMemoryMiBRequest;
-    AcceleratorTypes?: ("gpu" | "fpga" | "inference")[];
+    AcceleratorTypes?: ("gpu" | "fpga" | "inference" | "media")[];
     AllowedInstanceTypes?: string[];
     BareMetal?: "included" | "required" | "excluded";
     BaselineEbsBandwidthMbps?: BaselineEbsBandwidthMbpsRequest;

package/lib/AWS-EC2-IPAMScope.d.ts

@@ -6,6 +6,10 @@ import type { ResourceOptions as $ResourceOptions } from "@awboost/cfn-template-
  */
 export type EC2IPAMScopeProperties = {
     Description?: string;
+    /**
+     * External service configuration to connect your AWS IPAM scope.
+     */
+    ExternalAuthorityConfiguration?: IpamScopeExternalAuthorityConfiguration;
     /**
      * The Id of the IPAM this scope is a part of.
      */
@@ -45,6 +49,21 @@ export type EC2IPAMScopeAttributes = {
      */
     PoolCount: number;
 };
+/**
+ * Type definition for `AWS::EC2::IPAMScope.IpamScopeExternalAuthorityConfiguration`.
+ * External service configuration to connect your AWS IPAM scope.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-ipamscope-ipamscopeexternalauthorityconfiguration.html}
+ */
+export type IpamScopeExternalAuthorityConfiguration = {
+    /**
+     * Resource identifier of the scope in the external service connecting to your AWS IPAM scope.
+     */
+    ExternalResourceIdentifier: string;
+    /**
+     * An external service connecting to your AWS IPAM scope.
+     */
+    IpamScopeExternalAuthorityType: "infoblox";
+};
 /**
  * Type definition for `AWS::EC2::IPAMScope.Tag`.
  * A key-value pair to associate with a resource.

package/lib/AWS-EC2-SpotFleet.d.ts

@@ -147,9 +147,9 @@ export type InstanceNetworkInterfaceSpecification = {
 export type InstanceRequirementsRequest = {
     AcceleratorCount?: AcceleratorCountRequest;
     AcceleratorManufacturers?: ("amazon-web-services" | "amd" | "habana" | "nvidia" | "xilinx")[];
-    AcceleratorNames?: ("a10g" | "a100" | "h100" | "inferentia" | "k520" | "k80" | "m60" | "radeon-pro-v520" | "t4" | "t4g" | "vu9p" | "v100")[];
+    AcceleratorNames?: ("a10g" | "a100" | "h100" | "inferentia" | "k520" | "k80" | "m60" | "radeon-pro-v520" | "t4" | "t4g" | "vu9p" | "v100" | "l40s" | "l4" | "gaudi-hl-205" | "inferentia2" | "trainium" | "trainium2" | "u30")[];
     AcceleratorTotalMemoryMiB?: AcceleratorTotalMemoryMiBRequest;
-    AcceleratorTypes?: ("gpu" | "fpga" | "inference")[];
+    AcceleratorTypes?: ("gpu" | "fpga" | "inference" | "media")[];
     AllowedInstanceTypes?: string[];
     BareMetal?: "included" | "required" | "excluded";
     BaselineEbsBandwidthMbps?: BaselineEbsBandwidthMbpsRequest;

package/lib/AWS-ECS-Cluster.d.ts

@@ -65,13 +65,13 @@ export type CapacityProviderStrategyItem = {
        * The *base* value designates how many tasks, at a minimum, to run on the specified capacity provider for each service. Only one capacity provider in a capacity provider strategy can have a *base* defined. If no value is specified, the default value of ``0`` is used.
        Base value characteristics:
         +  Only one capacity provider in a strategy can have a base defined
-        +  Default value is ``0`` if not specified
-        +  Valid range: 0 to 100,000
+        +  The default value is ``0`` if not specified
+        +  The valid range is 0 to 100,000
         +  Base requirements are satisfied first before weight distribution
        */
     Base?: number;
     /**
-     * The short name of the capacity provider.
+     * The short name of the capacity provider. This can be either an AWS managed capacity provider (``FARGATE`` or ``FARGATE_SPOT``) or the name of a custom capacity provider that you created.
      */
     CapacityProvider?: string;
     /**
@@ -79,8 +79,8 @@ export type CapacityProviderStrategyItem = {
        If no ``weight`` value is specified, the default value of ``0`` is used. When multiple capacity providers are specified within a capacity provider strategy, at least one of the capacity providers must have a weight value greater than zero and any capacity providers with a weight of ``0`` can't be used to place tasks. If you specify multiple capacity providers in a strategy that all have a weight of ``0``, any ``RunTask`` or ``CreateService`` actions using the capacity provider strategy will fail.
        Weight value characteristics:
         +  Weight is considered after the base value is satisfied
-        +  Default value is ``0`` if not specified
-        +  Valid range: 0 to 1,000
+        +  The default value is ``0`` if not specified
+        +  The valid range is 0 to 1,000
         +  At least one capacity provider must have a weight greater than zero
         +  Capacity providers with weight of ``0`` cannot place tasks
         

package/lib/AWS-ElasticLoadBalancingV2-Listener.d.ts

@@ -77,6 +77,7 @@ export type Action = {
        If you specify both ``ForwardConfig`` and ``TargetGroupArn``, you can specify only one target group using ``ForwardConfig`` and it must be the same target group specified in ``TargetGroupArn``.
        */
     ForwardConfig?: ForwardConfig;
+    JwtValidationConfig?: JwtValidationConfig;
     /**
      * The order for the action. This value is required for rules with multiple actions. The action with the lowest value for order is performed first.
      */
@@ -243,6 +244,24 @@ export type ForwardConfig = {
      */
     TargetGroups?: TargetGroupTuple[];
 };
+/**
+ * Type definition for `AWS::ElasticLoadBalancingV2::Listener.JwtValidationActionAdditionalClaim`.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-jwtvalidationactionadditionalclaim.html}
+ */
+export type JwtValidationActionAdditionalClaim = {
+    Format: string;
+    Name: string;
+    Values: string[];
+};
+/**
+ * Type definition for `AWS::ElasticLoadBalancingV2::Listener.JwtValidationConfig`.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-jwtvalidationconfig.html}
+ */
+export type JwtValidationConfig = {
+    AdditionalClaims?: JwtValidationActionAdditionalClaim[];
+    Issuer: string;
+    JwksEndpoint: string;
+};
 /**
  * Type definition for `AWS::ElasticLoadBalancingV2::Listener.ListenerAttribute`.
  * Information about a listener attribute.

package/lib/AWS-ElasticLoadBalancingV2-ListenerRule.d.ts

@@ -59,6 +59,7 @@ export type Action = {
        If you specify both ``ForwardConfig`` and ``TargetGroupArn``, you can specify only one target group using ``ForwardConfig`` and it must be the same target group specified in ``TargetGroupArn``.
        */
     ForwardConfig?: ForwardConfig;
+    JwtValidationConfig?: JwtValidationConfig;
     /**
      * The order for the action. This value is required for rules with multiple actions. The action with the lowest value for order is performed first.
      */
@@ -259,6 +260,24 @@ export type HttpRequestMethodConfig = {
        */
     Values?: string[];
 };
+/**
+ * Type definition for `AWS::ElasticLoadBalancingV2::ListenerRule.JwtValidationActionAdditionalClaim`.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-jwtvalidationactionadditionalclaim.html}
+ */
+export type JwtValidationActionAdditionalClaim = {
+    Format: string;
+    Name: string;
+    Values: string[];
+};
+/**
+ * Type definition for `AWS::ElasticLoadBalancingV2::ListenerRule.JwtValidationConfig`.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-jwtvalidationconfig.html}
+ */
+export type JwtValidationConfig = {
+    AdditionalClaims?: JwtValidationActionAdditionalClaim[];
+    Issuer: string;
+    JwksEndpoint: string;
+};
 /**
  * Type definition for `AWS::ElasticLoadBalancingV2::ListenerRule.PathPatternConfig`.
  * Information about a path pattern condition.

package/lib/AWS-Kinesis-Stream.d.ts

@@ -42,10 +42,14 @@ export type KinesisStreamProperties = {
      */
     StreamModeDetails?: StreamModeDetails;
     /**
-     * An arbitrary set of tags (key–value pairs) to associate with the Kinesis stream.
+     * An arbitrary set of tags (key-value pairs) to associate with the Kinesis stream.
      * @maxLength `50`
      */
     Tags?: Tag[];
+    /**
+     * Target warm throughput in MiB/s for the stream. This property can ONLY be set when StreamMode is ON_DEMAND.
+     */
+    WarmThroughputMiBps?: number;
 };
 /**
  * Attribute type definition for `AWS::Kinesis::Stream`.
@@ -56,6 +60,19 @@ export type KinesisStreamAttributes = {
      * The Amazon resource name (ARN) of the Kinesis stream
      */
     Arn: string;
+    /**
+     * Warm throughput configuration details for the stream. Only present for ON_DEMAND streams.
+     */
+    WarmThroughputObject: {
+        /**
+         * Current warm throughput in MiB/s
+         */
+        CurrentMiBps: number;
+        /**
+         * Target warm throughput in MiB/s that a customer can write to a stream at any given time
+         */
+        TargetMiBps: number;
+    };
 };
 /**
  * Type definition for `AWS::Kinesis::Stream.EnhancedMetric`.
@@ -110,6 +127,21 @@ export type Tag = {
      */
     Value: string;
 };
+/**
+ * Type definition for `AWS::Kinesis::Stream.WarmThroughputObject`.
+ * Warm throughput configuration details for the stream. Only present for ON_DEMAND streams.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-kinesis-stream-warmthroughputobject.html}
+ */
+export type WarmThroughputObject = {
+    /**
+     * Current warm throughput in MiB/s
+     */
+    CurrentMiBps?: number;
+    /**
+     * Target warm throughput in MiB/s that a customer can write to a stream at any given time
+     */
+    TargetMiBps?: number;
+};
 /**
  * Resource Type definition for AWS::Kinesis::Stream
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-kinesis-stream.html}

package/lib/AWS-Lambda-Permission.d.ts

@@ -3,7 +3,7 @@ import type { ResourceOptions as $ResourceOptions } from "@awboost/cfn-template-
 /**
  * The ``AWS::Lambda::Permission`` resource grants an AWS service or another account permission to use a function. You can apply the policy at the function level, or specify a qualifier to restrict access to a single version or alias. If you use a qualifier, the invoker must use the full Amazon Resource Name (ARN) of that version or alias to invoke the function.
  To grant permission to another account, specify the account ID as the ``Principal``. To grant permission to an organization defined in AOlong, specify the organization ID as the ``PrincipalOrgID``. For AWS services, the principal is a domain-style identifier defined by the service, like ``s3.amazonaws.com`` or ``sns.amazonaws.com``. For AWS services, you can also specify the ARN of the associated resource as the ``SourceArn``. If you grant permission to a service principal without specifying the source, other accounts could potentially configure resources in their account to invoke your Lambda function.
- If your function has a function URL, you can specify the ``FunctionUrlAuthType`` parameter. This adds a condition to your permission that only applies when your function URL's ``AuthType`` matches the specified ``FunctionUrlAuthType``. For more information about the ``AuthType`` parameter, see [Security and auth model for function URLs](https://docs.aws.amazon.com/lambda/latest/dg/urls-auth.html).
+ If your function has a function URL, you can specify the ``FunctionUrlAuthType`` parameter. This adds a condition to your permission that only applies when your function URL's ``AuthType`` matches the specified ``FunctionUrlAuthType``. For more information about the ``AuthType`` parameter, see [Control access to function URLs](https://docs.aws.amazon.com/lambda/latest/dg/urls-auth.html).
  This resource adds a statement to a resource-based permission policy for the function. For more information about function policies, see [Lambda Function Policies](https://docs.aws.amazon.com/lambda/latest/dg/access-control-resource-based.html).
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html}
  */
@@ -36,9 +36,12 @@ export type LambdaPermissionProperties = {
        */
     FunctionName: string;
     /**
-     * The type of authentication that your function URL uses. Set to ``AWS_IAM`` if you want to restrict access to authenticated users only. Set to ``NONE`` if you want to bypass IAM authentication to create a public endpoint. For more information, see [Security and auth model for Lambda function URLs](https://docs.aws.amazon.com/lambda/latest/dg/urls-auth.html).
+     * The type of authentication that your function URL uses. Set to ``AWS_IAM`` if you want to restrict access to authenticated users only. Set to ``NONE`` if you want to bypass IAM authentication to create a public endpoint. For more information, see [Control access to Lambda function URLs](https://docs.aws.amazon.com/lambda/latest/dg/urls-auth.html).
      */
     FunctionUrlAuthType?: "AWS_IAM" | "NONE";
+    /**
+     * Restricts the ``lambda:InvokeFunction`` action to function URL calls. When specified, this option prevents the principal from invoking the function by any means other than the function URL. For more information, see [Control access to Lambda function URLs](https://docs.aws.amazon.com/lambda/latest/dg/urls-auth.html).
+     */
     InvokedViaFunctionUrl?: boolean;
     /**
      * The AWS-service, AWS-account, IAM user, or IAM role that invokes the function. If you specify a service, use ``SourceArn`` or ``SourceAccount`` to limit who can invoke the function through that service.
@@ -85,7 +88,7 @@ export type LambdaPermissionAttributes = {
 /**
  * The ``AWS::Lambda::Permission`` resource grants an AWS service or another account permission to use a function. You can apply the policy at the function level, or specify a qualifier to restrict access to a single version or alias. If you use a qualifier, the invoker must use the full Amazon Resource Name (ARN) of that version or alias to invoke the function.
  To grant permission to another account, specify the account ID as the ``Principal``. To grant permission to an organization defined in AOlong, specify the organization ID as the ``PrincipalOrgID``. For AWS services, the principal is a domain-style identifier defined by the service, like ``s3.amazonaws.com`` or ``sns.amazonaws.com``. For AWS services, you can also specify the ARN of the associated resource as the ``SourceArn``. If you grant permission to a service principal without specifying the source, other accounts could potentially configure resources in their account to invoke your Lambda function.
- If your function has a function URL, you can specify the ``FunctionUrlAuthType`` parameter. This adds a condition to your permission that only applies when your function URL's ``AuthType`` matches the specified ``FunctionUrlAuthType``. For more information about the ``AuthType`` parameter, see [Security and auth model for function URLs](https://docs.aws.amazon.com/lambda/latest/dg/urls-auth.html).
+ If your function has a function URL, you can specify the ``FunctionUrlAuthType`` parameter. This adds a condition to your permission that only applies when your function URL's ``AuthType`` matches the specified ``FunctionUrlAuthType``. For more information about the ``AuthType`` parameter, see [Control access to function URLs](https://docs.aws.amazon.com/lambda/latest/dg/urls-auth.html).
  This resource adds a statement to a resource-based permission policy for the function. For more information about function policies, see [Lambda Function Policies](https://docs.aws.amazon.com/lambda/latest/dg/access-control-resource-based.html).
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html}
  */

package/lib/AWS-Lambda-Permission.js

@@ -2,7 +2,7 @@ import { Resource as $Resource } from "@awboost/cfn-template-builder/template/re
 /**
  * The ``AWS::Lambda::Permission`` resource grants an AWS service or another account permission to use a function. You can apply the policy at the function level, or specify a qualifier to restrict access to a single version or alias. If you use a qualifier, the invoker must use the full Amazon Resource Name (ARN) of that version or alias to invoke the function.
  To grant permission to another account, specify the account ID as the ``Principal``. To grant permission to an organization defined in AOlong, specify the organization ID as the ``PrincipalOrgID``. For AWS services, the principal is a domain-style identifier defined by the service, like ``s3.amazonaws.com`` or ``sns.amazonaws.com``. For AWS services, you can also specify the ARN of the associated resource as the ``SourceArn``. If you grant permission to a service principal without specifying the source, other accounts could potentially configure resources in their account to invoke your Lambda function.
- If your function has a function URL, you can specify the ``FunctionUrlAuthType`` parameter. This adds a condition to your permission that only applies when your function URL's ``AuthType`` matches the specified ``FunctionUrlAuthType``. For more information about the ``AuthType`` parameter, see [Security and auth model for function URLs](https://docs.aws.amazon.com/lambda/latest/dg/urls-auth.html).
+ If your function has a function URL, you can specify the ``FunctionUrlAuthType`` parameter. This adds a condition to your permission that only applies when your function URL's ``AuthType`` matches the specified ``FunctionUrlAuthType``. For more information about the ``AuthType`` parameter, see [Control access to function URLs](https://docs.aws.amazon.com/lambda/latest/dg/urls-auth.html).
  This resource adds a statement to a resource-based permission policy for the function. For more information about function policies, see [Lambda Function Policies](https://docs.aws.amazon.com/lambda/latest/dg/access-control-resource-based.html).
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html}
  */

package/lib/AWS-Rekognition-Project.d.ts

@@ -12,6 +12,12 @@ export type RekognitionProjectProperties = {
      * @pattern `[a-zA-Z0-9][a-zA-Z0-9_\-]*`
      */
     ProjectName: string;
+    /**
+     * An array of key-value pairs to apply to this resource.
+     * @minLength `0`
+     * @maxLength `200`
+     */
+    Tags?: Tag[];
 };
 /**
  * Attribute type definition for `AWS::Rekognition::Project`.
@@ -24,6 +30,25 @@ export type RekognitionProjectAttributes = {
      */
     Arn: string;
 };
+/**
+ * Type definition for `AWS::Rekognition::Project.Tag`.
+ * A key-value pair to associate with a resource.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rekognition-project-tag.html}
+ */
+export type Tag = {
+    /**
+     * The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.
+     * @maxLength `128`
+     * @pattern `\A(?!aws:)[a-zA-Z0-9+\-=\._\:\/@]+$`
+     */
+    Key: string;
+    /**
+     * The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.
+     * @maxLength `256`
+     * @pattern `\A[a-zA-Z0-9+\-=\._\:\/@]+$`
+     */
+    Value: string;
+};
 /**
  * The AWS::Rekognition::Project type creates an Amazon Rekognition CustomLabels Project. A project is a grouping of the resources needed to create and manage Dataset and ProjectVersions.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rekognition-project.html}

package/lib/AWS-Route53Resolver-FirewallRuleGroup.d.ts

@@ -127,7 +127,7 @@ export type FirewallRule = {
     /**
      * FirewallDomainRedirectionAction
      */
-    DnsThreatProtection?: "DGA" | "DNS_TUNNELING";
+    DnsThreatProtection?: "DGA" | "DNS_TUNNELING" | "DICTIONARY_DGA";
     /**
      * ResourceId
      * @minLength `1`

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@awboost/cfn-resource-types",
-  "version": "0.1.473",
+  "version": "0.1.475",
   "publishConfig": {
     "access": "public"
   },