@awboost/cfntypes 0.100.189 → 0.100.191

package/lib/resources.generated.d.ts

@@ -13935,6 +13935,9 @@ export type AutoScalingAutoScalingGroupProps = {
      * Indicates whether Capacity Rebalancing is enabled. Otherwise, Capacity Rebalancing is disabled. When you turn on Capacity Rebalancing, Amazon EC2 Auto Scaling attempts to launch a Spot Instance whenever Amazon EC2 notifies that a Spot Instance is at an elevated risk of interruption. After launching a new instance, it then terminates an old instance. For more information, see [Use Capacity Rebalancing to handle Amazon EC2 Spot Interruptions](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-capacity-rebalancing.html) in the in the *Amazon EC2 Auto Scaling User Guide*.
      */
     CapacityRebalance?: boolean;
+    /**
+     * The capacity reservation specification.
+     */
     CapacityReservationSpecification?: AutoScalingAutoScalingGroupCapacityReservationSpecification;
     /**
      * Reserved.
@@ -14078,6 +14081,13 @@ export type AutoScalingAutoScalingGroupProps = {
        */
     VPCZoneIdentifier?: string[];
 };
+/**
+ * Attribute type definition for `AWS::AutoScaling::AutoScalingGroup`.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-autoscaling-autoscalinggroup.html#aws-resource-autoscaling-autoscalinggroup-return-values}
+ */
+export type AutoScalingAutoScalingGroupAttributes = {
+    AutoScalingGroupARN: string;
+};
 /**
  * Type definition for `AWS::AutoScaling::AutoScalingGroup.AcceleratorCountRequest`.
  * ``AcceleratorCountRequest`` is a property of the ``InstanceRequirements`` property of the [AWS::AutoScaling::AutoScalingGroup LaunchTemplateOverrides](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-autoscaling-autoscalinggroup-launchtemplateoverrides.html) property type that describes the minimum and maximum number of accelerators for an instance type.
@@ -14153,32 +14163,60 @@ export type AutoScalingAutoScalingGroupBaselineEbsBandwidthMbpsRequest = {
 };
 /**
  * Type definition for `AWS::AutoScaling::AutoScalingGroup.BaselinePerformanceFactorsRequest`.
+ * The baseline performance to consider, using an instance family as a baseline reference. The instance family establishes the lowest acceptable level of performance. Auto Scaling uses this baseline to guide instance type selection, but there is no guarantee that the selected instance types will always exceed the baseline for every application.
+ Currently, this parameter only supports CPU performance as a baseline performance factor. For example, specifying ``c6i`` uses the CPU performance of the ``c6i`` family as the baseline reference.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-autoscaling-autoscalinggroup-baselineperformancefactorsrequest.html}
  */
 export type AutoScalingAutoScalingGroupBaselinePerformanceFactorsRequest = {
+    /**
+     * The CPU performance to consider, using an instance family as the baseline reference.
+     */
     Cpu?: AutoScalingAutoScalingGroupCpuPerformanceFactorRequest;
 };
 /**
  * Type definition for `AWS::AutoScaling::AutoScalingGroup.CapacityReservationSpecification`.
+ * Describes the Capacity Reservation preference and targeting options. If you specify ``open`` or ``none`` for ``CapacityReservationPreference``, do not specify a ``CapacityReservationTarget``.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-autoscaling-autoscalinggroup-capacityreservationspecification.html}
  */
 export type AutoScalingAutoScalingGroupCapacityReservationSpecification = {
+    /**
+       * The capacity reservation preference. The following options are available:
+        +   ``capacity-reservations-only`` - Auto Scaling will only launch instances into a Capacity Reservation or Capacity Reservation resource group. If capacity isn't available, instances will fail to launch.
+        +   ``capacity-reservations-first`` - Auto Scaling will try to launch instances into a Capacity Reservation or Capacity Reservation resource group first. If capacity isn't available, instances will run in On-Demand capacity.
+        +   ``none`` - Auto Scaling will not launch instances into a Capacity Reservation. Instances will run in On-Demand capacity.
+        +   ``default`` - Auto Scaling uses the Capacity Reservation preference from your launch template or an open Capacity Reservation.
+       */
     CapacityReservationPreference: string;
+    /**
+     * Describes a target Capacity Reservation or Capacity Reservation resource group.
+     */
     CapacityReservationTarget?: AutoScalingAutoScalingGroupCapacityReservationTarget;
 };
 /**
  * Type definition for `AWS::AutoScaling::AutoScalingGroup.CapacityReservationTarget`.
+ * The target for the Capacity Reservation. Specify Capacity Reservations IDs or Capacity Reservation resource group ARNs.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-autoscaling-autoscalinggroup-capacityreservationtarget.html}
  */
 export type AutoScalingAutoScalingGroupCapacityReservationTarget = {
+    /**
+     * The Capacity Reservation IDs to launch instances into.
+     */
     CapacityReservationIds?: string[];
+    /**
+     * The resource group ARNs of the Capacity Reservation to launch instances into.
+     */
     CapacityReservationResourceGroupArns?: string[];
 };
 /**
  * Type definition for `AWS::AutoScaling::AutoScalingGroup.CpuPerformanceFactorRequest`.
+ * The CPU performance to consider, using an instance family as the baseline reference.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-autoscaling-autoscalinggroup-cpuperformancefactorrequest.html}
  */
 export type AutoScalingAutoScalingGroupCpuPerformanceFactorRequest = {
+    /**
+       * Specify an instance family to use as the baseline reference for CPU performance. All instance types that match your specified attributes will be compared against the CPU performance of the referenced instance family, regardless of CPU manufacturer or architecture differences.
+        Currently only one instance family can be specified in the list.
+       */
     References?: AutoScalingAutoScalingGroupPerformanceFactorReferenceRequest[];
 };
 /**
@@ -14274,6 +14312,9 @@ export type AutoScalingAutoScalingGroupInstanceRequirements = {
        Default: No minimum or maximum limits
        */
     BaselineEbsBandwidthMbps?: AutoScalingAutoScalingGroupBaselineEbsBandwidthMbpsRequest;
+    /**
+     * The baseline performance factors for the instance requirements.
+     */
     BaselinePerformanceFactors?: AutoScalingAutoScalingGroupBaselinePerformanceFactorsRequest;
     /**
        * Indicates whether burstable performance instance types are included, excluded, or required. For more information, see [Burstable performance instances](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances.html) in the *Amazon EC2 User Guide for Linux Instances*.
@@ -14689,9 +14730,27 @@ export type AutoScalingAutoScalingGroupNotificationConfiguration = {
 };
 /**
  * Type definition for `AWS::AutoScaling::AutoScalingGroup.PerformanceFactorReferenceRequest`.
+ * Specify an instance family to use as the baseline reference for CPU performance. All instance types that All instance types that match your specified attributes will be compared against the CPU performance of the referenced instance family, regardless of CPU manufacturer or architecture differences.
+  Currently only one instance family can be specified in the list.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-autoscaling-autoscalinggroup-performancefactorreferencerequest.html}
  */
 export type AutoScalingAutoScalingGroupPerformanceFactorReferenceRequest = {
+    /**
+       * The instance family to use as a baseline reference.
+        Make sure that you specify the correct value for the instance family. The instance family is everything before the period (.) in the instance type name. For example, in the instance ``c6i.large``, the instance family is ``c6i``, not ``c6``. For more information, see [Amazon EC2 instance type naming conventions](https://docs.aws.amazon.com/ec2/latest/instancetypes/instance-type-names.html) in *Amazon EC2 Instance Types*.
+        The following instance types are *not supported* for performance protection.
+        +   ``c1``
+        +   ``g3| g3s``
+        +   ``hpc7g``
+        +   ``m1| m2``
+        +   ``mac1 | mac2 | mac2-m1ultra | mac2-m2 | mac2-m2pro``
+        +   ``p3dn | p4d | p5``
+        +   ``t1``
+        +   ``u-12tb1 | u-18tb1 | u-24tb1 | u-3tb1 | u-6tb1 | u-9tb1 | u7i-12tb | u7in-16tb | u7in-24tb | u7in-32tb``
+        
+       If you performance protection by specifying a supported instance family, the returned instance types will exclude the preceding unsupported instance families.
+       If you specify an unsupported instance family as a value for baseline performance, the API returns an empty response.
+       */
     InstanceFamily?: string;
 };
 /**
@@ -28572,10 +28631,10 @@ export type CloudFrontCachePolicyCachePolicyConfig = {
 export type CloudFrontCachePolicyCookiesConfig = {
     /**
        * Determines whether any cookies in viewer requests are included in the cache key and in requests that CloudFront sends to the origin. Valid values are:
-        +   ``none`` – No cookies in viewer requests are included in the cache key or in requests that CloudFront sends to the origin. Even when this field is set to ``none``, any cookies that are listed in an ``OriginRequestPolicy`` *are* included in origin requests.
-        +   ``whitelist`` – Only the cookies in viewer requests that are listed in the ``CookieNames`` type are included in the cache key and in requests that CloudFront sends to the origin.
-        +   ``allExcept`` – All cookies in viewer requests are included in the cache key and in requests that CloudFront sends to the origin, *except* for those that are listed in the ``CookieNames`` type, which are not included.
-        +   ``all`` – All cookies in viewer requests are included in the cache key and in requests that CloudFront sends to the origin.
+        +  ``none`` – No cookies in viewer requests are included in the cache key or in requests that CloudFront sends to the origin. Even when this field is set to ``none``, any cookies that are listed in an ``OriginRequestPolicy``*are* included in origin requests.
+        +  ``whitelist`` – Only the cookies in viewer requests that are listed in the ``CookieNames`` type are included in the cache key and in requests that CloudFront sends to the origin.
+        +  ``allExcept`` – All cookies in viewer requests are included in the cache key and in requests that CloudFront sends to the origin, *except* for those that are listed in the ``CookieNames`` type, which are not included.
+        +  ``all`` – All cookies in viewer requests are included in the cache key and in requests that CloudFront sends to the origin.
        * @pattern `^(none|whitelist|allExcept|all)$`
        */
     CookieBehavior: string;
@@ -28592,8 +28651,8 @@ export type CloudFrontCachePolicyCookiesConfig = {
 export type CloudFrontCachePolicyHeadersConfig = {
     /**
        * Determines whether any HTTP headers are included in the cache key and in requests that CloudFront sends to the origin. Valid values are:
-        +   ``none`` – No HTTP headers are included in the cache key or in requests that CloudFront sends to the origin. Even when this field is set to ``none``, any headers that are listed in an ``OriginRequestPolicy`` *are* included in origin requests.
-        +   ``whitelist`` – Only the HTTP headers that are listed in the ``Headers`` type are included in the cache key and in requests that CloudFront sends to the origin.
+        +  ``none`` – No HTTP headers are included in the cache key or in requests that CloudFront sends to the origin. Even when this field is set to ``none``, any headers that are listed in an ``OriginRequestPolicy``*are* included in origin requests.
+        +  ``whitelist`` – Only the HTTP headers that are listed in the ``Headers`` type are included in the cache key and in requests that CloudFront sends to the origin.
        * @pattern `^(none|whitelist)$`
        */
     HeaderBehavior: string;
@@ -28615,7 +28674,7 @@ export type CloudFrontCachePolicyParametersInCacheKeyAndForwardedToOrigin = {
     CookiesConfig: CloudFrontCachePolicyCookiesConfig;
     /**
        * A flag that can affect whether the ``Accept-Encoding`` HTTP header is included in the cache key and included in requests that CloudFront sends to the origin.
-       This field is related to the ``EnableAcceptEncodingGzip`` field. If one or both of these fields is ``true`` *and* the viewer request includes the ``Accept-Encoding`` header, then CloudFront does the following:
+       This field is related to the ``EnableAcceptEncodingGzip`` field. If one or both of these fields is ``true``*and* the viewer request includes the ``Accept-Encoding`` header, then CloudFront does the following:
         +  Normalizes the value of the viewer's ``Accept-Encoding`` header
         +  Includes the normalized header in the cache key
         +  Includes the normalized header in the request to the origin, if a request is necessary
@@ -28627,7 +28686,7 @@ export type CloudFrontCachePolicyParametersInCacheKeyAndForwardedToOrigin = {
     EnableAcceptEncodingBrotli?: boolean;
     /**
        * A flag that can affect whether the ``Accept-Encoding`` HTTP header is included in the cache key and included in requests that CloudFront sends to the origin.
-       This field is related to the ``EnableAcceptEncodingBrotli`` field. If one or both of these fields is ``true`` *and* the viewer request includes the ``Accept-Encoding`` header, then CloudFront does the following:
+       This field is related to the ``EnableAcceptEncodingBrotli`` field. If one or both of these fields is ``true``*and* the viewer request includes the ``Accept-Encoding`` header, then CloudFront does the following:
         +  Normalizes the value of the viewer's ``Accept-Encoding`` header
         +  Includes the normalized header in the cache key
         +  Includes the normalized header in the request to the origin, if a request is necessary
@@ -28654,10 +28713,10 @@ export type CloudFrontCachePolicyParametersInCacheKeyAndForwardedToOrigin = {
 export type CloudFrontCachePolicyQueryStringsConfig = {
     /**
        * Determines whether any URL query strings in viewer requests are included in the cache key and in requests that CloudFront sends to the origin. Valid values are:
-        +   ``none`` – No query strings in viewer requests are included in the cache key or in requests that CloudFront sends to the origin. Even when this field is set to ``none``, any query strings that are listed in an ``OriginRequestPolicy`` *are* included in origin requests.
-        +   ``whitelist`` – Only the query strings in viewer requests that are listed in the ``QueryStringNames`` type are included in the cache key and in requests that CloudFront sends to the origin.
-        +   ``allExcept`` – All query strings in viewer requests are included in the cache key and in requests that CloudFront sends to the origin, *except* those that are listed in the ``QueryStringNames`` type, which are not included.
-        +   ``all`` – All query strings in viewer requests are included in the cache key and in requests that CloudFront sends to the origin.
+        +  ``none`` – No query strings in viewer requests are included in the cache key or in requests that CloudFront sends to the origin. Even when this field is set to ``none``, any query strings that are listed in an ``OriginRequestPolicy``*are* included in origin requests.
+        +  ``whitelist`` – Only the query strings in viewer requests that are listed in the ``QueryStringNames`` type are included in the cache key and in requests that CloudFront sends to the origin.
+        +  ``allExcept`` – All query strings in viewer requests are included in the cache key and in requests that CloudFront sends to the origin, *except* those that are listed in the ``QueryStringNames`` type, which are not included.
+        +  ``all`` – All query strings in viewer requests are included in the cache key and in requests that CloudFront sends to the origin.
        * @pattern `^(none|whitelist|allExcept|all)$`
        */
     QueryStringBehavior: string;
@@ -28697,14 +28756,30 @@ export type CloudFrontCloudFrontOriginAccessIdentityCloudFrontOriginAccessIdenti
     Comment: string;
 };
 /**
- * Resource Type definition for AWS::CloudFront::ConnectionGroup
+ * Resource type definition for `AWS::CloudFront::ConnectionGroup`.
+ * The connection group for your distribution tenants. When you first create a distribution tenant and you don't specify a connection group, CloudFront will automatically create a default connection group for you. When you create a new distribution tenant and don't specify a connection group, the default one will be associated with your distribution tenant.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-connectiongroup.html}
  */
 export type CloudFrontConnectionGroupProps = {
+    /**
+     * The ID of the Anycast static IP list.
+     */
     AnycastIpListId?: string;
+    /**
+     * Whether the connection group is enabled.
+     */
     Enabled?: boolean;
+    /**
+     * IPv6 is enabled for the connection group.
+     */
     Ipv6Enabled?: boolean;
+    /**
+     * The name of the connection group.
+     */
     Name: string;
+    /**
+     * A complex type that contains zero or more ``Tag`` elements.
+     */
     Tags?: CloudFrontConnectionGroupTag[];
 };
 /**
@@ -28723,10 +28798,19 @@ export type CloudFrontConnectionGroupAttributes = {
 };
 /**
  * Type definition for `AWS::CloudFront::ConnectionGroup.Tag`.
+ * A complex type that contains ``Tag`` key and ``Tag`` value.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-connectiongroup-tag.html}
  */
 export type CloudFrontConnectionGroupTag = {
+    /**
+       * A string that contains ``Tag`` key.
+       The string length should be between 1 and 128 characters. Valid characters include ``a-z``, ``A-Z``, ``0-9``, space, and the special characters ``_ - . : / = + @``.
+       */
     Key: string;
+    /**
+       * A string that contains an optional ``Tag`` value.
+       The string length should be between 0 and 256 characters. Valid characters include ``a-z``, ``A-Z``, ``0-9``, space, and the special characters ``_ - . : / = + @``.
+       */
     Value: string;
 };
 /**
@@ -29018,9 +29102,9 @@ export type CloudFrontDistributionCacheBehavior = {
     TrustedSigners?: string[];
     /**
        * The protocol that viewers can use to access the files in the origin specified by ``TargetOriginId`` when a request matches the path pattern in ``PathPattern``. You can specify the following options:
-        +   ``allow-all``: Viewers can use HTTP or HTTPS.
-        +   ``redirect-to-https``: If a viewer submits an HTTP request, CloudFront returns an HTTP status code of 301 (Moved Permanently) to the viewer along with the HTTPS URL. The viewer then resubmits the request using the new URL.
-        +   ``https-only``: If a viewer sends an HTTP request, CloudFront returns an HTTP status code of 403 (Forbidden).
+        +  ``allow-all``: Viewers can use HTTP or HTTPS.
+        +  ``redirect-to-https``: If a viewer submits an HTTP request, CloudFront returns an HTTP status code of 301 (Moved Permanently) to the viewer along with the HTTPS URL. The viewer then resubmits the request using the new URL.
+        +  ``https-only``: If a viewer sends an HTTP request, CloudFront returns an HTTP status code of 403 (Forbidden).
         
        For more information about requiring the HTTPS protocol, see [Requiring HTTPS Between Viewers and CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https-viewers-to-cloudfront.html) in the *Amazon CloudFront Developer Guide*.
         The only way to guarantee that viewers retrieve an object that was fetched from the origin using HTTPS is never to use any other protocol to fetch the object. If you have recently changed from HTTP to HTTPS, we recommend that you clear your objects' cache because cached objects are protocol agnostic. That means that an edge location will return an object from the cache regardless of whether the current request protocol matches the protocol used previously. For more information, see [Managing Cache Expiration](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Expiration.html) in the *Amazon CloudFront Developer Guide*.
@@ -29099,7 +29183,7 @@ export type CloudFrontDistributionCustomErrorResponse = {
 };
 /**
  * Type definition for `AWS::CloudFront::Distribution.CustomOriginConfig`.
- * A custom origin. A custom origin is any origin that is *not* an Amazon S3 bucket, with one exception. An Amazon S3 bucket that is [configured with static website hosting](https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html) *is* a custom origin.
+ * A custom origin. A custom origin is any origin that is *not* an Amazon S3 bucket, with one exception. An Amazon S3 bucket that is [configured with static website hosting](https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html)*is* a custom origin.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-customoriginconfig.html}
  */
 export type CloudFrontDistributionCustomOriginConfig = {
@@ -29118,9 +29202,9 @@ export type CloudFrontDistributionCustomOriginConfig = {
     OriginKeepaliveTimeout?: number;
     /**
        * Specifies the protocol (HTTP or HTTPS) that CloudFront uses to connect to the origin. Valid values are:
-        +   ``http-only`` – CloudFront always uses HTTP to connect to the origin.
-        +   ``match-viewer`` – CloudFront connects to the origin using the same protocol that the viewer used to connect to CloudFront.
-        +   ``https-only`` – CloudFront always uses HTTPS to connect to the origin.
+        +  ``http-only`` – CloudFront always uses HTTP to connect to the origin.
+        +  ``match-viewer`` – CloudFront connects to the origin using the same protocol that the viewer used to connect to CloudFront.
+        +  ``https-only`` – CloudFront always uses HTTPS to connect to the origin.
        */
     OriginProtocolPolicy: string;
     /**
@@ -29239,9 +29323,9 @@ export type CloudFrontDistributionDefaultCacheBehavior = {
     TrustedSigners?: string[];
     /**
        * The protocol that viewers can use to access the files in the origin specified by ``TargetOriginId`` when a request matches the path pattern in ``PathPattern``. You can specify the following options:
-        +   ``allow-all``: Viewers can use HTTP or HTTPS.
-        +   ``redirect-to-https``: If a viewer submits an HTTP request, CloudFront returns an HTTP status code of 301 (Moved Permanently) to the viewer along with the HTTPS URL. The viewer then resubmits the request using the new URL.
-        +   ``https-only``: If a viewer sends an HTTP request, CloudFront returns an HTTP status code of 403 (Forbidden).
+        +  ``allow-all``: Viewers can use HTTP or HTTPS.
+        +  ``redirect-to-https``: If a viewer submits an HTTP request, CloudFront returns an HTTP status code of 301 (Moved Permanently) to the viewer along with the HTTPS URL. The viewer then resubmits the request using the new URL.
+        +  ``https-only``: If a viewer sends an HTTP request, CloudFront returns an HTTP status code of 403 (Forbidden).
         
        For more information about requiring the HTTPS protocol, see [Requiring HTTPS Between Viewers and CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https-viewers-to-cloudfront.html) in the *Amazon CloudFront Developer Guide*.
         The only way to guarantee that viewers retrieve an object that was fetched from the origin using HTTPS is never to use any other protocol to fetch the object. If you have recently changed from HTTP to HTTPS, we recommend that you clear your objects' cache because cached objects are protocol agnostic. That means that an edge location will return an object from the cache regardless of whether the current request protocol matches the protocol used previously. For more information, see [Managing Cache Expiration](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Expiration.html) in the *Amazon CloudFront Developer Guide*.
@@ -29275,6 +29359,9 @@ export type CloudFrontDistributionDistributionConfig = {
      * A comment to describe the distribution. The comment cannot be longer than 128 characters.
      */
     Comment?: string;
+    /**
+     * The connection mode to filter distributions by.
+     */
     ConnectionMode?: CloudFrontDistributionConnectionMode;
     /**
      * The identifier of a continuous deployment policy. For more information, see ``CreateContinuousDeploymentPolicy``.
@@ -29361,6 +29448,9 @@ export type CloudFrontDistributionDistributionConfig = {
      * A Boolean that indicates whether this is a staging distribution. When this value is ``true``, this is a staging distribution. When this value is ``false``, this is not a staging distribution.
      */
     Staging?: boolean;
+    /**
+     * A distribution tenant configuration.
+     */
     TenantConfig?: {
         ParameterDefinitions?: CloudFrontDistributionParameterDefinition[];
     };
@@ -29370,7 +29460,7 @@ export type CloudFrontDistributionDistributionConfig = {
     ViewerCertificate?: CloudFrontDistributionViewerCertificate;
     /**
        * A unique identifier that specifies the WAF web ACL, if any, to associate with this distribution. To specify a web ACL created using the latest version of WAF, use the ACL ARN, for example ``arn:aws:wafv2:us-east-1:123456789012:global/webacl/ExampleWebACL/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111``. To specify a web ACL created using WAF Classic, use the ACL ID, for example ``a1b2c3d4-5678-90ab-cdef-EXAMPLE11111``.
-        WAF is a web application firewall that lets you monitor the HTTP and HTTPS requests that are forwarded to CloudFront, and lets you control access to your content. Based on conditions that you specify, such as the IP addresses that requests originate from or the values of query strings, CloudFront responds to requests either with the requested content or with an HTTP 403 status code (Forbidden). You can also configure CloudFront to return a custom error page when a request is blocked. For more information about WAF, see the [Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html).
+       WAF is a web application firewall that lets you monitor the HTTP and HTTPS requests that are forwarded to CloudFront, and lets you control access to your content. Based on conditions that you specify, such as the IP addresses that requests originate from or the values of query strings, CloudFront responds to requests either with the requested content or with an HTTP 403 status code (Forbidden). You can also configure CloudFront to return a custom error page when a request is blocked. For more information about WAF, see the [Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html).
        */
     WebACLId?: string;
 };
@@ -29446,9 +29536,9 @@ export type CloudFrontDistributionGeoRestriction = {
     Locations?: string[];
     /**
        * The method that you want to use to restrict distribution of your content by country:
-        +   ``none``: No geo restriction is enabled, meaning access to content is not restricted by client geo location.
-        +   ``blacklist``: The ``Location`` elements specify the countries in which you don't want CloudFront to distribute your content.
-        +   ``whitelist``: The ``Location`` elements specify the countries in which you want CloudFront to distribute your content.
+        +  ``none``: No geo restriction is enabled, meaning access to content is not restricted by client geo location.
+        +  ``blacklist``: The ``Location`` elements specify the countries in which you don't want CloudFront to distribute your content.
+        +  ``whitelist``: The ``Location`` elements specify the countries in which you want CloudFront to distribute your content.
        */
     RestrictionType: string;
 };
@@ -29473,10 +29563,10 @@ export type CloudFrontDistributionGrpcConfig = {
 export type CloudFrontDistributionLambdaFunctionAssociation = {
     /**
        * Specifies the event type that triggers a Lambda@Edge function invocation. You can specify the following values:
-        +   ``viewer-request``: The function executes when CloudFront receives a request from a viewer and before it checks to see whether the requested object is in the edge cache.
-        +   ``origin-request``: The function executes only when CloudFront sends a request to your origin. When the requested object is in the edge cache, the function doesn't execute.
-        +   ``origin-response``: The function executes after CloudFront receives a response from the origin and before it caches the object in the response. When the requested object is in the edge cache, the function doesn't execute.
-        +   ``viewer-response``: The function executes before CloudFront returns the requested object to the viewer. The function executes regardless of whether the object was already in the edge cache.
+        +  ``viewer-request``: The function executes when CloudFront receives a request from a viewer and before it checks to see whether the requested object is in the edge cache.
+        +  ``origin-request``: The function executes only when CloudFront sends a request to your origin. When the requested object is in the edge cache, the function doesn't execute.
+        +  ``origin-response``: The function executes after CloudFront receives a response from the origin and before it caches the object in the response. When the requested object is in the edge cache, the function doesn't execute.
+        +  ``viewer-response``: The function executes before CloudFront returns the requested object to the viewer. The function executes regardless of whether the object was already in the edge cache.
        If the origin returns an HTTP status code other than HTTP 200 (OK), the function doesn't execute.
        */
     EventType?: string;
@@ -29491,7 +29581,7 @@ export type CloudFrontDistributionLambdaFunctionAssociation = {
 };
 /**
  * Type definition for `AWS::CloudFront::Distribution.LegacyCustomOrigin`.
- * A custom origin. A custom origin is any origin that is *not* an S3 bucket, with one exception. An S3 bucket that is [configured with static website hosting](https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html) *is* a custom origin.
+ * A custom origin. A custom origin is any origin that is *not* an S3 bucket, with one exception. An S3 bucket that is [configured with static website hosting](https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html)*is* a custom origin.
   This property is legacy. We recommend that you use [Origin](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-origin.html) instead.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-legacycustomorigin.html}
  */
@@ -29744,9 +29834,13 @@ export type CloudFrontDistributionOriginShield = {
 };
 /**
  * Type definition for `AWS::CloudFront::Distribution.ParameterDefinition`.
+ * A list of parameter values to add to the resource. A parameter is specified as a key-value pair. A valid parameter value must exist for any parameter that is marked as required in the multi-tenant distribution.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-parameterdefinition.html}
  */
 export type CloudFrontDistributionParameterDefinition = {
+    /**
+     * The value that you assigned to the parameter.
+     */
     Definition: {
         StringSchema?: {
             Comment?: string;
@@ -29754,6 +29848,9 @@ export type CloudFrontDistributionParameterDefinition = {
             Required: boolean;
         };
     };
+    /**
+     * The name of the parameter.
+     */
     Name: string;
 };
 /**
@@ -29828,8 +29925,8 @@ export type CloudFrontDistributionTag = {
   
   +  The minimum SSL/TLS protocol version that the distribution can use to communicate with viewers. To specify a minimum version, choose a value for ``MinimumProtocolVersion``. For more information, see [Security Policy](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValues-security-policy) in the *Amazon CloudFront Developer Guide*.
   +  The location of the SSL/TLS certificate, [(ACM)](https://docs.aws.amazon.com/acm/latest/userguide/acm-overview.html) (recommended) or [(IAM)](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html). You specify the location by setting a value in one of the following fields (not both):
-  +   ``ACMCertificateArn`` (In CloudFormation, this field name is ``AcmCertificateArn``. Note the different capitalization.)
-  +   ``IAMCertificateId`` (In CloudFormation, this field name is ``IamCertificateId``. Note the different capitalization.)
+  +  ``ACMCertificateArn`` (In CloudFormation, this field name is ``AcmCertificateArn``. Note the different capitalization.)
+  +  ``IAMCertificateId`` (In CloudFormation, this field name is ``IamCertificateId``. Note the different capitalization.)
   
   
  All distributions support HTTPS connections from viewers. To require viewers to use HTTPS only, or to redirect them from HTTP to HTTPS, use ``ViewerProtocolPolicy`` in the ``CacheBehavior`` or ``DefaultCacheBehavior``. To specify how CloudFront should use SSL/TLS to communicate with your custom origin, use ``CustomOriginConfig``.
@@ -29846,7 +29943,7 @@ export type CloudFrontDistributionViewerCertificate = {
     /**
        * If the distribution uses the CloudFront domain name such as ``d111111abcdef8.cloudfront.net``, set this field to ``true``.
        If the distribution uses ``Aliases`` (alternate domain names or CNAMEs), omit this field and specify values for the following fields:
-        +   ``AcmCertificateArn`` or ``IamCertificateId`` (specify a value for one, not both)
+        +  ``AcmCertificateArn`` or ``IamCertificateId`` (specify a value for one, not both)
         +   ``MinimumProtocolVersion``
         +   ``SslSupportMethod``
        */
@@ -29871,9 +29968,9 @@ export type CloudFrontDistributionViewerCertificate = {
     /**
        * In CloudFormation, this field name is ``SslSupportMethod``. Note the different capitalization.
         If the distribution uses ``Aliases`` (alternate domain names or CNAMEs), specify which viewers the distribution accepts HTTPS connections from.
-        +   ``sni-only`` – The distribution accepts HTTPS connections from only viewers that support [server name indication (SNI)](https://docs.aws.amazon.com/https://en.wikipedia.org/wiki/Server_Name_Indication). This is recommended. Most browsers and clients support SNI.
-        +   ``vip`` – The distribution accepts HTTPS connections from all viewers including those that don't support SNI. This is not recommended, and results in additional monthly charges from CloudFront.
-        +   ``static-ip`` - Do not specify this value unless your distribution has been enabled for this feature by the CloudFront team. If you have a use case that requires static IP addresses for a distribution, contact CloudFront through the [Center](https://docs.aws.amazon.com/support/home).
+        +  ``sni-only`` – The distribution accepts HTTPS connections from only viewers that support [server name indication (SNI)](https://docs.aws.amazon.com/https://en.wikipedia.org/wiki/Server_Name_Indication). This is recommended. Most browsers and clients support SNI.
+        +  ``vip`` – The distribution accepts HTTPS connections from all viewers including those that don't support SNI. This is not recommended, and results in additional monthly charges from CloudFront.
+        +  ``static-ip`` - Do not specify this value unless your distribution has been enabled for this feature by the CloudFront team. If you have a use case that requires static IP addresses for a distribution, contact CloudFront through the [Center](https://docs.aws.amazon.com/support/home).
         
        If the distribution uses the CloudFront domain name such as ``d111111abcdef8.cloudfront.net``, don't set a value for this field.
        */
@@ -29901,18 +29998,46 @@ export type CloudFrontDistributionVpcOriginConfig = {
     VpcOriginId: string;
 };
 /**
- * Resource Type definition for AWS::CloudFront::DistributionTenant
+ * Resource type definition for `AWS::CloudFront::DistributionTenant`.
+ * The distribution tenant.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-distributiontenant.html}
  */
 export type CloudFrontDistributionTenantProps = {
+    /**
+     * The ID of the connection group for the distribution tenant. If you don't specify a connection group, CloudFront uses the default connection group.
+     */
     ConnectionGroupId?: string;
+    /**
+     * Customizations for the distribution tenant. For each distribution tenant, you can specify the geographic restrictions, and the Amazon Resource Names (ARNs) for the ACM certificate and WAF web ACL. These are specific values that you can override or disable from the multi-tenant distribution that was used to create the distribution tenant.
+     */
     Customizations?: CloudFrontDistributionTenantCustomizations;
+    /**
+     * The ID of the multi-tenant distribution.
+     */
     DistributionId: string;
+    /**
+     * The domains associated with the distribution tenant.
+     */
     Domains: string[];
+    /**
+     * Indicates whether the distribution tenant is in an enabled state. If disabled, the distribution tenant won't serve traffic.
+     */
     Enabled?: boolean;
+    /**
+     * An object that represents the request for the Amazon CloudFront managed ACM certificate.
+     */
     ManagedCertificateRequest?: CloudFrontDistributionTenantManagedCertificateRequest;
+    /**
+     * The name of the distribution tenant.
+     */
     Name: string;
+    /**
+     * A list of parameter values to add to the resource. A parameter is specified as a key-value pair. A valid parameter value must exist for any parameter that is marked as required in the multi-tenant distribution.
+     */
     Parameters?: CloudFrontDistributionTenantParameter[];
+    /**
+     * A complex type that contains zero or more ``Tag`` elements.
+     */
     Tags?: CloudFrontDistributionTenantTag[];
 };
 /**
@@ -29923,7 +30048,13 @@ export type CloudFrontDistributionTenantAttributes = {
     Arn: string;
     CreatedTime: string;
     DomainResults: {
+        /**
+         * The specified domain.
+         */
         Domain: string;
+        /**
+         * Whether the domain is active or inactive.
+         */
         Status: "active" | "inactive";
     }[];
     ETag: string;
@@ -29933,67 +30064,133 @@ export type CloudFrontDistributionTenantAttributes = {
 };
 /**
  * Type definition for `AWS::CloudFront::DistributionTenant.Certificate`.
+ * The ACMlong (ACM) certificate associated with your distribution.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distributiontenant-certificate.html}
  */
 export type CloudFrontDistributionTenantCertificate = {
+    /**
+     * The Amazon Resource Name (ARN) of the ACM certificate.
+     */
     Arn?: string;
 };
 /**
  * Type definition for `AWS::CloudFront::DistributionTenant.Customizations`.
+ * Customizations for the distribution tenant. For each distribution tenant, you can specify the geographic restrictions, and the Amazon Resource Names (ARNs) for the ACM certificate and WAF web ACL. These are specific values that you can override or disable from the multi-tenant distribution that was used to create the distribution tenant.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distributiontenant-customizations.html}
  */
 export type CloudFrontDistributionTenantCustomizations = {
+    /**
+     * The ACMlong (ACM) certificate.
+     */
     Certificate?: CloudFrontDistributionTenantCertificate;
+    /**
+     * The geographic restrictions.
+     */
     GeoRestrictions?: CloudFrontDistributionTenantGeoRestrictionCustomization;
+    /**
+     * The WAF web ACL.
+     */
     WebAcl?: CloudFrontDistributionTenantWebAclCustomization;
 };
 /**
  * Type definition for `AWS::CloudFront::DistributionTenant.DomainResult`.
+ * The details about the domain result.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distributiontenant-domainresult.html}
  */
 export type CloudFrontDistributionTenantDomainResult = {
+    /**
+     * The specified domain.
+     */
     Domain?: string;
+    /**
+     * Whether the domain is active or inactive.
+     */
     Status?: "active" | "inactive";
 };
 /**
  * Type definition for `AWS::CloudFront::DistributionTenant.GeoRestrictionCustomization`.
+ * The customizations that you specified for the distribution tenant for geographic restrictions.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distributiontenant-georestrictioncustomization.html}
  */
 export type CloudFrontDistributionTenantGeoRestrictionCustomization = {
+    /**
+     * The locations for geographic restrictions.
+     */
     Locations?: string[];
+    /**
+       * The method that you want to use to restrict distribution of your content by country:
+        +  ``none``: No geographic restriction is enabled, meaning access to content is not restricted by client geo location.
+        +  ``blacklist``: The ``Location`` elements specify the countries in which you don't want CloudFront to distribute your content.
+        +  ``whitelist``: The ``Location`` elements specify the countries in which you want CloudFront to distribute your content.
+       */
     RestrictionType?: "blacklist" | "whitelist" | "none";
 };
 /**
  * Type definition for `AWS::CloudFront::DistributionTenant.ManagedCertificateRequest`.
+ * An object that represents the request for the Amazon CloudFront managed ACM certificate.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distributiontenant-managedcertificaterequest.html}
  */
 export type CloudFrontDistributionTenantManagedCertificateRequest = {
+    /**
+     * You can opt out of certificate transparency logging by specifying the ``disabled`` option. Opt in by specifying ``enabled``. For more information, see [Certificate Transparency Logging](https://docs.aws.amazon.com/acm/latest/userguide/acm-concepts.html#concept-transparency) in the *User Guide*.
+     */
     CertificateTransparencyLoggingPreference?: "enabled" | "disabled";
+    /**
+     * The primary domain name associated with the CloudFront managed ACM certificate.
+     */
     PrimaryDomainName?: string;
+    /**
+       * Specify how the HTTP validation token will be served when requesting the CloudFront managed ACM certificate.
+        +  For ``cloudfront``, CloudFront will automatically serve the validation token. Choose this mode if you can point the domain's DNS to CloudFront immediately.
+        +  For ``self-hosted``, you serve the validation token from your existing infrastructure. Choose this mode when you need to maintain current traffic flow while your certificate is being issued. You can place the validation token at the well-known path on your existing web server, wait for ACM to validate and issue the certificate, and then update your DNS to point to CloudFront.
+       */
     ValidationTokenHost?: "cloudfront" | "self-hosted";
 };
 /**
  * Type definition for `AWS::CloudFront::DistributionTenant.Parameter`.
+ * A list of parameter values to add to the resource. A parameter is specified as a key-value pair. A valid parameter value must exist for any parameter that is marked as required in the multi-tenant distribution.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distributiontenant-parameter.html}
  */
 export type CloudFrontDistributionTenantParameter = {
+    /**
+     * The parameter name.
+     */
     Name?: string;
+    /**
+     * The parameter value.
+     */
     Value?: string;
 };
 /**
  * Type definition for `AWS::CloudFront::DistributionTenant.Tag`.
+ * A complex type that contains ``Tag`` key and ``Tag`` value.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distributiontenant-tag.html}
  */
 export type CloudFrontDistributionTenantTag = {
+    /**
+       * A string that contains ``Tag`` key.
+       The string length should be between 1 and 128 characters. Valid characters include ``a-z``, ``A-Z``, ``0-9``, space, and the special characters ``_ - . : / = + @``.
+       */
     Key: string;
+    /**
+       * A string that contains an optional ``Tag`` value.
+       The string length should be between 0 and 256 characters. Valid characters include ``a-z``, ``A-Z``, ``0-9``, space, and the special characters ``_ - . : / = + @``.
+       */
     Value: string;
 };
 /**
  * Type definition for `AWS::CloudFront::DistributionTenant.WebAclCustomization`.
+ * The WAF web ACL customization specified for the distribution tenant.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distributiontenant-webaclcustomization.html}
  */
 export type CloudFrontDistributionTenantWebAclCustomization = {
+    /**
+     * The action for the WAF web ACL customization. You can specify ``override`` to specify a separate WAF web ACL for the distribution tenant. If you specify ``disable``, the distribution tenant won't have WAF web ACL protections and won't inherit from the multi-tenant distribution.
+     */
     Action?: "override" | "disable";
+    /**
+     * The Amazon Resource Name (ARN) of the WAF web ACL.
+     */
     Arn?: string;
 };
 /**
@@ -30233,9 +30430,9 @@ export type CloudFrontOriginAccessControlOriginAccessControlConfig = {
     /**
        * Specifies which requests CloudFront signs (adds authentication information to). Specify ``always`` for the most common use case. For more information, see [origin access control advanced settings](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html#oac-advanced-settings) in the *Amazon CloudFront Developer Guide*.
        This field can have one of the following values:
-        +   ``always`` – CloudFront signs all origin requests, overwriting the ``Authorization`` header from the viewer request if one exists.
-        +   ``never`` – CloudFront doesn't sign any origin requests. This value turns off origin access control for all origins in all distributions that use this origin access control.
-        +   ``no-override`` – If the viewer request doesn't contain the ``Authorization`` header, then CloudFront signs the origin request. If the viewer request contains the ``Authorization`` header, then CloudFront doesn't sign the origin request and instead passes along the ``Authorization`` header from the viewer request. *WARNING: To pass along the Authorization header from the viewer request, you must add the Authorization header to a cache policy for all cache behaviors that use origins associated with this origin access control.*
+        +  ``always`` – CloudFront signs all origin requests, overwriting the ``Authorization`` header from the viewer request if one exists.
+        +  ``never`` – CloudFront doesn't sign any origin requests. This value turns off origin access control for all origins in all distributions that use this origin access control.
+        +  ``no-override`` – If the viewer request doesn't contain the ``Authorization`` header, then CloudFront signs the origin request. If the viewer request contains the ``Authorization`` header, then CloudFront doesn't sign the origin request and instead passes along the ``Authorization`` header from the viewer request. *WARNING: To pass along the Authorization header from the viewer request, you must add the Authorization header to a cache policy for all cache behaviors that use origins associated with this origin access control.*
        * @pattern `^(never|no-override|always)$`
        */
     SigningBehavior: string;
@@ -30278,10 +30475,10 @@ export type CloudFrontOriginRequestPolicyAttributes = {
 export type CloudFrontOriginRequestPolicyCookiesConfig = {
     /**
        * Determines whether cookies in viewer requests are included in requests that CloudFront sends to the origin. Valid values are:
-        +   ``none`` – No cookies in viewer requests are included in requests that CloudFront sends to the origin. Even when this field is set to ``none``, any cookies that are listed in a ``CachePolicy`` *are* included in origin requests.
-        +   ``whitelist`` – Only the cookies in viewer requests that are listed in the ``CookieNames`` type are included in requests that CloudFront sends to the origin.
-        +   ``all`` – All cookies in viewer requests are included in requests that CloudFront sends to the origin.
-        +   ``allExcept`` – All cookies in viewer requests are included in requests that CloudFront sends to the origin, *except* for those listed in the ``CookieNames`` type, which are not included.
+        +  ``none`` – No cookies in viewer requests are included in requests that CloudFront sends to the origin. Even when this field is set to ``none``, any cookies that are listed in a ``CachePolicy``*are* included in origin requests.
+        +  ``whitelist`` – Only the cookies in viewer requests that are listed in the ``CookieNames`` type are included in requests that CloudFront sends to the origin.
+        +  ``all`` – All cookies in viewer requests are included in requests that CloudFront sends to the origin.
+        +  ``allExcept`` – All cookies in viewer requests are included in requests that CloudFront sends to the origin, *except* for those listed in the ``CookieNames`` type, which are not included.
        * @pattern `^(none|whitelist|all|allExcept)$`
        */
     CookieBehavior: string;
@@ -30298,11 +30495,11 @@ export type CloudFrontOriginRequestPolicyCookiesConfig = {
 export type CloudFrontOriginRequestPolicyHeadersConfig = {
     /**
        * Determines whether any HTTP headers are included in requests that CloudFront sends to the origin. Valid values are:
-        +   ``none`` – No HTTP headers in viewer requests are included in requests that CloudFront sends to the origin. Even when this field is set to ``none``, any headers that are listed in a ``CachePolicy`` *are* included in origin requests.
-        +   ``whitelist`` – Only the HTTP headers that are listed in the ``Headers`` type are included in requests that CloudFront sends to the origin.
-        +   ``allViewer`` – All HTTP headers in viewer requests are included in requests that CloudFront sends to the origin.
-        +   ``allViewerAndWhitelistCloudFront`` – All HTTP headers in viewer requests and the additional CloudFront headers that are listed in the ``Headers`` type are included in requests that CloudFront sends to the origin. The additional headers are added by CloudFront.
-        +   ``allExcept`` – All HTTP headers in viewer requests are included in requests that CloudFront sends to the origin, *except* for those listed in the ``Headers`` type, which are not included.
+        +  ``none`` – No HTTP headers in viewer requests are included in requests that CloudFront sends to the origin. Even when this field is set to ``none``, any headers that are listed in a ``CachePolicy``*are* included in origin requests.
+        +  ``whitelist`` – Only the HTTP headers that are listed in the ``Headers`` type are included in requests that CloudFront sends to the origin.
+        +  ``allViewer`` – All HTTP headers in viewer requests are included in requests that CloudFront sends to the origin.
+        +  ``allViewerAndWhitelistCloudFront`` – All HTTP headers in viewer requests and the additional CloudFront headers that are listed in the ``Headers`` type are included in requests that CloudFront sends to the origin. The additional headers are added by CloudFront.
+        +  ``allExcept`` – All HTTP headers in viewer requests are included in requests that CloudFront sends to the origin, *except* for those listed in the ``Headers`` type, which are not included.
        * @pattern `^(none|whitelist|allViewer|allViewerAndWhitelistCloudFront|allExcept)$`
        */
     HeaderBehavior: string;
@@ -30352,10 +30549,10 @@ export type CloudFrontOriginRequestPolicyOriginRequestPolicyConfig = {
 export type CloudFrontOriginRequestPolicyQueryStringsConfig = {
     /**
        * Determines whether any URL query strings in viewer requests are included in requests that CloudFront sends to the origin. Valid values are:
-        +   ``none`` – No query strings in viewer requests are included in requests that CloudFront sends to the origin. Even when this field is set to ``none``, any query strings that are listed in a ``CachePolicy`` *are* included in origin requests.
-        +   ``whitelist`` – Only the query strings in viewer requests that are listed in the ``QueryStringNames`` type are included in requests that CloudFront sends to the origin.
-        +   ``all`` – All query strings in viewer requests are included in requests that CloudFront sends to the origin.
-        +   ``allExcept`` – All query strings in viewer requests are included in requests that CloudFront sends to the origin, *except* for those listed in the ``QueryStringNames`` type, which are not included.
+        +  ``none`` – No query strings in viewer requests are included in requests that CloudFront sends to the origin. Even when this field is set to ``none``, any query strings that are listed in a ``CachePolicy``*are* included in origin requests.
+        +  ``whitelist`` – Only the query strings in viewer requests that are listed in the ``QueryStringNames`` type are included in requests that CloudFront sends to the origin.
+        +  ``all`` – All query strings in viewer requests are included in requests that CloudFront sends to the origin.
+        +  ``allExcept`` – All query strings in viewer requests are included in requests that CloudFront sends to the origin, *except* for those listed in the ``QueryStringNames`` type, which are not included.
        * @pattern `^(none|whitelist|all|allExcept)$`
        */
     QueryStringBehavior: string;
@@ -30443,12 +30640,12 @@ export type CloudFrontRealtimeLogConfigAttributes = {
 };
 /**
  * Type definition for `AWS::CloudFront::RealtimeLogConfig.EndPoint`.
- * Contains information about the Amazon Kinesis data stream where you are sending real-time log data in a real-time log configuration.
+ * Contains information about the Amazon Kinesis data stream where you are sending real-time log data for this real-time log configuration.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-realtimelogconfig-endpoint.html}
  */
 export type CloudFrontRealtimeLogConfigEndPoint = {
     /**
-     * Contains information about the Amazon Kinesis data stream where you are sending real-time log data.
+     * Contains information about the Amazon Kinesis data stream where you are sending real-time log data in a real-time log configuration.
      */
     KinesisStreamConfig: CloudFrontRealtimeLogConfigKinesisStreamConfig;
     /**
@@ -30524,7 +30721,7 @@ export type CloudFrontResponseHeadersPolicyAccessControlAllowMethods = {
         +   ``PUT``
         +   ``ALL``
         
-        ``ALL`` is a special value that includes all of the listed HTTP methods.
+       ``ALL`` is a special value that includes all of the listed HTTP methods.
        */
     Items: string[];
 };
@@ -33890,6 +34087,10 @@ export type CodePipelinePipelineEnvironmentVariable = {
      * The name of the environment variable.
      */
     Name: string;
+    /**
+     * The type of the environment variable.
+     */
+    Type?: "PLAINTEXT" | "SECRETS_MANAGER";
     /**
      * The value of the environment variable.
      */
@@ -52064,6 +52265,10 @@ export type EC2HostProps = {
      * The Amazon Resource Name (ARN) of the Amazon Web Services Outpost on which to allocate the Dedicated Host.
      */
     OutpostArn?: string;
+    /**
+     * Any tags assigned to the Host.
+     */
+    Tags?: EC2HostTag[];
 };
 /**
  * Attribute type definition for `AWS::EC2::Host`.
@@ -52075,6 +52280,14 @@ export type EC2HostAttributes = {
      */
     HostId: string;
 };
+/**
+ * Type definition for `AWS::EC2::Host.Tag`.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-host-tag.html}
+ */
+export type EC2HostTag = {
+    Key: string;
+    Value: string;
+};
 /**
  * Resource Type definition for AWS::EC2::Instance
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-instance.html}
@@ -60315,12 +60528,13 @@ export type ECRRegistryPolicyAttributes = {
     RegistryId: string;
 };
 /**
- * The AWS::ECR::RegistryScanningConfiguration controls the scanning configuration for an Amazon Elastic Container Registry (Amazon Private ECR). For more information, see https://docs.aws.amazon.com/AmazonECR/latest/userguide/image-scanning.html
+ * Resource type definition for `AWS::ECR::RegistryScanningConfiguration`.
+ * The scanning configuration for a private registry.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registryscanningconfiguration.html}
  */
 export type ECRRegistryScanningConfigurationProps = {
     /**
-     * The scanning rules associated with the registry. A registry scanning configuration may contain a maximum of 2 rules.
+     * The scanning rules associated with the registry.
      * @minLength `0`
      * @maxLength `2`
      */
@@ -60349,7 +60563,7 @@ export type ECRRegistryScanningConfigurationAttributes = {
 export type ECRRegistryScanningConfigurationFilterType = "WILDCARD";
 /**
  * Type definition for `AWS::ECR::RegistryScanningConfiguration.RepositoryFilter`.
- * The details of a scanning repository filter.
+ * The filter settings used with image replication. Specifying a repository filter to a replication rule provides a method for controlling which repositories in a private registry are replicated. If no filters are added, the contents of all repositories are replicated.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-registryscanningconfiguration-repositoryfilter.html}
  */
 export type ECRRegistryScanningConfigurationRepositoryFilter = {
@@ -60371,18 +60585,18 @@ export type ECRRegistryScanningConfigurationRepositoryFilter = {
 export type ECRRegistryScanningConfigurationScanFrequency = "SCAN_ON_PUSH" | "CONTINUOUS_SCAN";
 /**
  * Type definition for `AWS::ECR::RegistryScanningConfiguration.ScanningRule`.
- * A rule representing the details of a scanning configuration.
+ * The scanning rules associated with the registry.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-registryscanningconfiguration-scanningrule.html}
  */
 export type ECRRegistryScanningConfigurationScanningRule = {
     /**
-     * The repository filters associated with the scanning configuration for a private registry.
+     * The details of a scanning repository filter. For more information on how to use filters, see [Using filters](https://docs.aws.amazon.com/AmazonECR/latest/userguide/image-scanning.html#image-scanning-filters) in the *Amazon Elastic Container Registry User Guide*.
      * @minLength `0`
      * @maxLength `100`
      */
     RepositoryFilters: ECRRegistryScanningConfigurationRepositoryFilter[];
     /**
-     * The frequency that scans are performed.
+     * The frequency that scans are performed at for a private registry. When the ``ENHANCED`` scan type is specified, the supported scan frequencies are ``CONTINUOUS_SCAN`` and ``SCAN_ON_PUSH``. When the ``BASIC`` scan type is specified, the ``SCAN_ON_PUSH`` scan frequency is supported. If scan on push is not specified, then the ``MANUAL`` scan frequency is set by default.
      */
     ScanFrequency: ECRRegistryScanningConfigurationScanFrequency;
 };
@@ -74161,12 +74375,22 @@ export type GameLiftFleetProps = {
      * @maxLength `1024`
      */
     ServerLaunchPath?: string;
+    /**
+     * An array of key-value pairs to apply to this resource.
+     * @maxLength `200`
+     */
+    Tags?: GameLiftFleetTag[];
 };
 /**
  * Attribute type definition for `AWS::GameLift::Fleet`.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-gamelift-fleet.html#aws-resource-gamelift-fleet-return-values}
  */
 export type GameLiftFleetAttributes = {
+    /**
+     * The Amazon Resource Name (ARN) that is assigned to a Amazon GameLift Servers Fleet resource and uniquely identifies it. ARNs are unique across all Regions. In a GameLift Fleet ARN, the resource ID matches the FleetId value.
+     * @pattern `^arn:.*:fleet/[a-z]*fleet-[a-zA-Z0-9\-]+$`
+     */
+    FleetArn: string;
     /**
      * Unique fleet ID
      * @pattern `^fleet-\S+`
@@ -74398,6 +74622,25 @@ export type GameLiftFleetServerProcess = {
      */
     Parameters?: string;
 };
+/**
+ * Type definition for `AWS::GameLift::Fleet.Tag`.
+ * A key-value pair to associate with a resource.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-gamelift-fleet-tag.html}
+ */
+export type GameLiftFleetTag = {
+    /**
+     * The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length.
+     * @minLength `1`
+     * @maxLength `128`
+     */
+    Key: string;
+    /**
+     * The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length.
+     * @minLength `0`
+     * @maxLength `256`
+     */
+    Value: string;
+};
 /**
  * Type definition for `AWS::GameLift::Fleet.TargetConfiguration`.
  * Settings for a target-based scaling policy. A target-based policy tracks a particular fleet metric specifies a target value for the metric. As player usage changes, the policy triggers Amazon GameLift to adjust capacity so that the metric returns to the target value. The target configuration specifies settings as needed for the target based policy, including the target value.
@@ -105027,7 +105270,7 @@ export type LogsTransformerProcessor = {
          */
         Columns?: string[];
         /**
-         * @maxLength `1`
+         * @maxLength `2`
          */
         Delimiter?: string;
         /**
@@ -105065,7 +105308,7 @@ export type LogsTransformerProcessor = {
     };
     Grok?: {
         /**
-         * @maxLength `128`
+         * @maxLength `512`
          */
         Match: string;
         /**
@@ -105206,7 +105449,7 @@ export type LogsTransformerRenameKeyEntry = {
  */
 export type LogsTransformerSplitStringEntry = {
     /**
-     * @maxLength `1`
+     * @maxLength `128`
      */
     Delimiter: string;
     /**
@@ -162059,8 +162302,8 @@ export type RolesAnywhereTrustAnchorNotificationSetting = {
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rolesanywhere-trustanchor-source.html}
  */
 export type RolesAnywhereTrustAnchorSource = {
-    SourceData?: RolesAnywhereTrustAnchorSourceData;
-    SourceType?: RolesAnywhereTrustAnchorTrustAnchorType;
+    SourceData: RolesAnywhereTrustAnchorSourceData;
+    SourceType: RolesAnywhereTrustAnchorTrustAnchorType;
 };
 /**
  * Type definition for `AWS::RolesAnywhere::TrustAnchor.SourceData`.
@@ -182469,7 +182712,7 @@ export type SSMDocumentProps = {
     /**
      * The type of document to create.
      */
-    DocumentType?: "ApplicationConfiguration" | "ApplicationConfigurationSchema" | "Automation" | "Automation.ChangeTemplate" | "ChangeCalendar" | "CloudFormation" | "Command" | "DeploymentStrategy" | "Package" | "Policy" | "ProblemAnalysis" | "ProblemAnalysisTemplate" | "Session";
+    DocumentType?: "ApplicationConfiguration" | "ApplicationConfigurationSchema" | "Automation" | "Automation.ChangeTemplate" | "AutoApprovalPolicy" | "ChangeCalendar" | "CloudFormation" | "Command" | "DeploymentStrategy" | "ManualApprovalPolicy" | "Package" | "Policy" | "ProblemAnalysis" | "ProblemAnalysisTemplate" | "Session";
     /**
      * A name for the Systems Manager document.
      * @pattern `^[a-zA-Z0-9_\-.]{3,128}$`
@@ -196856,6 +197099,7 @@ export interface AttributeTypes {
     "AWS::Athena::NamedQuery": AthenaNamedQueryAttributes;
     "AWS::Athena::WorkGroup": AthenaWorkGroupAttributes;
     "AWS::AuditManager::Assessment": AuditManagerAssessmentAttributes;
+    "AWS::AutoScaling::AutoScalingGroup": AutoScalingAutoScalingGroupAttributes;
     "AWS::AutoScaling::ScalingPolicy": AutoScalingScalingPolicyAttributes;
     "AWS::AutoScaling::ScheduledAction": AutoScalingScheduledActionAttributes;
     "AWS::AutoScalingPlans::ScalingPlan": AutoScalingPlansScalingPlanAttributes;