@awboost/cfntypes 0.100.27 → 0.100.28

package/lib/resources.generated.d.ts

@@ -3291,21 +3291,12 @@ export type ApiGatewayUsagePlanKeyAttributes = {
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-vpclink.html}
  */
 export type ApiGatewayVpcLinkProps = {
-    /**
-     * The description of the VPC link.
-     */
     Description?: string;
-    /**
-     * The name used to label and identify the VPC link.
-     */
     Name: string;
     /**
      * An array of arbitrary tags (key-value pairs) to associate with the VPC link.
      */
     Tags?: ApiGatewayVpcLinkTag[];
-    /**
-     * The ARN of the network load balancer of the VPC targeted by the VPC link. The network load balancer must be owned by the same AWS-account of the API owner.
-     */
     TargetArns: string[];
 };
 /**
@@ -11251,23 +11242,83 @@ export type AppSyncFunctionConfigurationSyncConfig = {
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-graphqlapi.html}
  */
 export type AppSyncGraphQLApiProps = {
+    /**
+     * A list of additional authentication providers for the GraphqlApi API.
+     */
     AdditionalAuthenticationProviders?: AppSyncGraphQLApiAdditionalAuthenticationProvider[];
+    /**
+     * The value that indicates whether the GraphQL API is a standard API (GRAPHQL) or merged API (MERGED).
+     */
     ApiType?: string;
+    /**
+     * Security configuration for your GraphQL API
+     */
     AuthenticationType: string;
+    /**
+     * Enables and controls the enhanced metrics feature. Enhanced metrics emit granular data on API usage and performance such as AppSync request and error counts, latency, and cache hits/misses. All enhanced metric data is sent to your CloudWatch account, and you can configure the types of data that will be sent.
+     */
     EnhancedMetricsConfig?: AppSyncGraphQLApiEnhancedMetricsConfig;
-    EnvironmentVariables?: Record<string, any>;
+    /**
+     * A map containing the list of resources with their properties and environment variables.
+     */
+    EnvironmentVariables?: Record<string, string>;
+    /**
+     * Sets the value of the GraphQL API to enable (ENABLED) or disable (DISABLED) introspection. If no value is provided, the introspection configuration will be set to ENABLED by default. This field will produce an error if the operation attempts to use the introspection feature while this field is disabled.
+     */
     IntrospectionConfig?: string;
+    /**
+     * A LambdaAuthorizerConfig holds configuration on how to authorize AWS AppSync API access when using the AWS_LAMBDA authorizer mode. Be aware that an AWS AppSync API may have only one Lambda authorizer configured at a time.
+     */
     LambdaAuthorizerConfig?: AppSyncGraphQLApiLambdaAuthorizerConfig;
+    /**
+     * The Amazon CloudWatch Logs configuration.
+     */
     LogConfig?: AppSyncGraphQLApiLogConfig;
+    /**
+     * The AWS Identity and Access Management service role ARN for a merged API.
+     */
     MergedApiExecutionRoleArn?: string;
+    /**
+     * The API name
+     */
     Name: string;
+    /**
+     * The OpenID Connect configuration.
+     */
     OpenIDConnectConfig?: AppSyncGraphQLApiOpenIDConnectConfig;
+    /**
+     * The owner contact information for an API resource.
+     */
     OwnerContact?: string;
+    /**
+     * The maximum depth a query can have in a single request. Depth refers to the amount of nested levels allowed in the body of query.
+     */
     QueryDepthLimit?: number;
+    /**
+     * The maximum number of resolvers that can be invoked in a single request.
+     */
     ResolverCountLimit?: number;
+    /**
+       * An arbitrary set of tags (key-value pairs) for this GraphQL API.
+      
+      
+       */
     Tags?: AppSyncGraphQLApiTag[];
+    /**
+       * Optional authorization configuration for using Amazon Cognito user pools with your GraphQL endpoint.
+      
+      
+       */
     UserPoolConfig?: AppSyncGraphQLApiUserPoolConfig;
+    /**
+     * Sets the scope of the GraphQL API to public (GLOBAL) or private (PRIVATE). By default, the scope is set to Global if no value is provided.
+     */
     Visibility?: string;
+    /**
+       * A flag indicating whether to use AWS X-Ray tracing for this GraphqlApi.
+      
+      
+       */
     XrayEnabled?: boolean;
 };
 /**
@@ -11275,13 +11326,33 @@ export type AppSyncGraphQLApiProps = {
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-graphqlapi.html#aws-resource-appsync-graphqlapi-return-values}
  */
 export type AppSyncGraphQLApiAttributes = {
+    /**
+     * Unique AWS AppSync GraphQL API identifier.
+     */
     ApiId: string;
+    /**
+     * The Amazon Resource Name (ARN) of the API key
+     */
     Arn: string;
+    /**
+     * The fully qualified domain name (FQDN) of the endpoint URL of your GraphQL API.
+     */
     GraphQLDns: string;
+    /**
+     * The GraphQL endpoint ARN.
+     */
     GraphQLEndpointArn: string;
+    /**
+     * The Endpoint URL of your GraphQL API.
+     */
     GraphQLUrl: string;
-    Id: string;
+    /**
+     * The fully qualified domain name (FQDN) of the real-time endpoint URL of your GraphQL API.
+     */
     RealtimeDns: string;
+    /**
+     * The GraphQL API real-time endpoint URL.
+     */
     RealtimeUrl: string;
 };
 /**
@@ -11289,6 +11360,9 @@ export type AppSyncGraphQLApiAttributes = {
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appsync-graphqlapi-additionalauthenticationprovider.html}
  */
 export type AppSyncGraphQLApiAdditionalAuthenticationProvider = {
+    /**
+     * The authentication type for API key, AWS Identity and Access Management, OIDC, Amazon Cognito user pools, or AWS Lambda.
+     */
     AuthenticationType: string;
     LambdaAuthorizerConfig?: AppSyncGraphQLApiLambdaAuthorizerConfig;
     OpenIDConnectConfig?: AppSyncGraphQLApiOpenIDConnectConfig;
@@ -11299,8 +11373,17 @@ export type AppSyncGraphQLApiAdditionalAuthenticationProvider = {
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appsync-graphqlapi-cognitouserpoolconfig.html}
  */
 export type AppSyncGraphQLApiCognitoUserPoolConfig = {
+    /**
+     * A regular expression for validating the incoming Amazon Cognito user pool app client ID.
+     */
     AppIdClientRegex?: string;
+    /**
+     * The AWS Region in which the user pool was created.
+     */
     AwsRegion?: string;
+    /**
+     * The user pool ID
+     */
     UserPoolId?: string;
 };
 /**
@@ -11308,8 +11391,23 @@ export type AppSyncGraphQLApiCognitoUserPoolConfig = {
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appsync-graphqlapi-enhancedmetricsconfig.html}
  */
 export type AppSyncGraphQLApiEnhancedMetricsConfig = {
+    /**
+       * Controls how data source metrics will be emitted to CloudWatch. Data source metrics include:
+      
+      
+       */
     DataSourceLevelMetricsBehavior: string;
+    /**
+       * Controls how operation metrics will be emitted to CloudWatch. Operation metrics include:
+      
+      
+       */
     OperationLevelMetricsConfig: string;
+    /**
+       * Controls how resolver metrics will be emitted to CloudWatch. Resolver metrics include:
+      
+      
+       */
     ResolverLevelMetricsBehavior: string;
 };
 /**
@@ -11317,8 +11415,17 @@ export type AppSyncGraphQLApiEnhancedMetricsConfig = {
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appsync-graphqlapi-lambdaauthorizerconfig.html}
  */
 export type AppSyncGraphQLApiLambdaAuthorizerConfig = {
+    /**
+     * The number of seconds a response should be cached for.
+     */
     AuthorizerResultTtlInSeconds?: number;
+    /**
+     * The ARN of the Lambda function to be called for authorization.
+     */
     AuthorizerUri?: string;
+    /**
+     * A regular expression for validation of tokens before the Lambda function is called.
+     */
     IdentityValidationExpression?: string;
 };
 /**
@@ -11326,8 +11433,17 @@ export type AppSyncGraphQLApiLambdaAuthorizerConfig = {
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appsync-graphqlapi-logconfig.html}
  */
 export type AppSyncGraphQLApiLogConfig = {
+    /**
+     * The service role that AWS AppSync will assume to publish to Amazon CloudWatch Logs in your account.
+     */
     CloudWatchLogsRoleArn?: string;
+    /**
+     * Set to TRUE to exclude sections that contain information such as headers, context, and evaluated mapping templates, regardless of logging level.
+     */
     ExcludeVerboseContent?: boolean;
+    /**
+     * The field logging level. Values can be NONE, ERROR, INFO, DEBUG, or ALL.
+     */
     FieldLogLevel?: string;
 };
 /**
@@ -11335,9 +11451,23 @@ export type AppSyncGraphQLApiLogConfig = {
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appsync-graphqlapi-openidconnectconfig.html}
  */
 export type AppSyncGraphQLApiOpenIDConnectConfig = {
+    /**
+     * The number of milliseconds that a token is valid after being authenticated.
+     */
     AuthTTL?: number;
+    /**
+     * The client identifier of the Relying party at the OpenID identity provider.
+     */
     ClientId?: string;
+    /**
+       * The number of milliseconds that a token is valid after it's issued to a user.
+      
+      
+       */
     IatTTL?: number;
+    /**
+     * The issuer for the OIDC configuration.
+     */
     Issuer?: string;
 };
 /**
@@ -11353,9 +11483,21 @@ export type AppSyncGraphQLApiTag = {
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appsync-graphqlapi-userpoolconfig.html}
  */
 export type AppSyncGraphQLApiUserPoolConfig = {
+    /**
+     * A regular expression for validating the incoming Amazon Cognito user pool app client ID.
+     */
     AppIdClientRegex?: string;
+    /**
+     * The AWS Region in which the user pool was created.
+     */
     AwsRegion?: string;
+    /**
+     * The action that you want your GraphQL API to take when a request that uses Amazon Cognito user pool authentication doesn't match the Amazon Cognito user pool configuration.
+     */
     DefaultAction?: string;
+    /**
+     * The user pool ID.
+     */
     UserPoolId?: string;
 };
 /**
@@ -13174,7 +13316,7 @@ export type AutoScalingAutoScalingGroupProps = {
     HealthCheckGracePeriod?: number;
     /**
        * A comma-separated value string of one or more health check types.
-       The valid values are ``EC2``, ``ELB``, and ``VPC_LATTICE``. ``EC2`` is the default health check and cannot be disabled. For more information, see [Health checks for instances in an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-health-checks.html) in the *Amazon EC2 Auto Scaling User Guide*.
+       The valid values are ``EC2``, ``EBS``, ``ELB``, and ``VPC_LATTICE``. ``EC2`` is the default health check and cannot be disabled. For more information, see [Health checks for instances in an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-health-checks.html) in the *Amazon EC2 Auto Scaling User Guide*.
        Only specify ``EC2`` if you must clear a value that was previously set.
        */
     HealthCheckType?: string;
@@ -13266,6 +13408,7 @@ export type AutoScalingAutoScalingGroupProps = {
        Valid values: ``Default`` | ``AllocationStrategy`` | ``ClosestToNextInstanceHour`` | ``NewestInstance`` | ``OldestInstance`` | ``OldestLaunchConfiguration`` | ``OldestLaunchTemplate`` | ``arn:aws:lambda:region:account-id:function:my-function:my-alias``
        */
     TerminationPolicies?: string[];
+    TrafficSources?: AutoScalingAutoScalingGroupTrafficSourceIdentifier[];
     /**
        * A list of subnet IDs for a virtual private cloud (VPC) where instances in the Auto Scaling group can be created.
        If this resource specifies public subnets and is also in a VPC that is defined in the same stack template, you must use the [DependsOn attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-dependson.html) to declare a dependency on the [VPC-gateway attachment](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpc-gateway-attachment.html).
@@ -13863,6 +14006,14 @@ export type AutoScalingAutoScalingGroupTotalLocalStorageGBRequest = {
      */
     Min?: number;
 };
+/**
+ * Type definition for `AWS::AutoScaling::AutoScalingGroup.TrafficSourceIdentifier`.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-autoscaling-autoscalinggroup-trafficsourceidentifier.html}
+ */
+export type AutoScalingAutoScalingGroupTrafficSourceIdentifier = {
+    Identifier: string;
+    Type: string;
+};
 /**
  * Type definition for `AWS::AutoScaling::AutoScalingGroup.VCpuCountRequest`.
  * ``VCpuCountRequest`` is a property of the ``InstanceRequirements`` property of the [AWS::AutoScaling::AutoScalingGroup LaunchTemplateOverrides](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-autoscaling-autoscalinggroup-launchtemplateoverrides.html) property type that describes the minimum and maximum number of vCPUs for an instance type.
@@ -15356,6 +15507,39 @@ export type BackupFrameworkTag = {
      */
     Value?: string;
 };
+/**
+ * Resource Type definition for AWS::Backup::LogicallyAirGappedBackupVault
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-backup-logicallyairgappedbackupvault.html}
+ */
+export type BackupLogicallyAirGappedBackupVaultProps = {
+    AccessPolicy?: Record<string, any> | string;
+    /**
+     * @pattern `^[a-zA-Z0-9\-\_]{2,50}$`
+     */
+    BackupVaultName: string;
+    BackupVaultTags?: Record<string, string>;
+    MaxRetentionDays: number;
+    MinRetentionDays: number;
+    Notifications?: BackupLogicallyAirGappedBackupVaultNotificationObjectType;
+    VaultState?: string;
+    VaultType?: string;
+};
+/**
+ * Attribute type definition for `AWS::Backup::LogicallyAirGappedBackupVault`.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-backup-logicallyairgappedbackupvault.html#aws-resource-backup-logicallyairgappedbackupvault-return-values}
+ */
+export type BackupLogicallyAirGappedBackupVaultAttributes = {
+    BackupVaultArn: string;
+    EncryptionKeyArn: string;
+};
+/**
+ * Type definition for `AWS::Backup::LogicallyAirGappedBackupVault.NotificationObjectType`.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-backup-logicallyairgappedbackupvault-notificationobjecttype.html}
+ */
+export type BackupLogicallyAirGappedBackupVaultNotificationObjectType = {
+    BackupVaultEvents: string[];
+    SNSTopicArn: string;
+};
 /**
  * Resource type definition for `AWS::Backup::ReportPlan`.
  * Contains detailed information about a report plan in AWS Backup Audit Manager.
@@ -16463,7 +16647,7 @@ export type BedrockAgentProps = {
      * ARN or name of a Bedrock model.
      * @minLength `1`
      * @maxLength `2048`
-     * @pattern `^arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:(([0-9]{12}:custom-model/[a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}(([:][a-z0-9-]{1,63}){0,2})?/[a-z0-9]{12})|(:foundation-model/([a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.]?[a-z0-9-]{1,63})([:][a-z0-9-]{1,63}){0,2})))|(([a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.]?[a-z0-9-]{1,63})([:][a-z0-9-]{1,63}){0,2}))|(([0-9a-zA-Z][_-]?)+)$`
+     * @pattern `^arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:(([0-9]{12}:custom-model/[a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}(([:][a-z0-9-]{1,63}){0,2})?/[a-z0-9]{12})|(:foundation-model/([a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.]?[a-z0-9-]{1,63})([:][a-z0-9-]{1,63}){0,2}))|([0-9]{12}:(inference-profile|application-inference-profile)/[a-zA-Z0-9-:.]+))|(([a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.]?[a-z0-9-]{1,63})([:][a-z0-9-]{1,63}){0,2}))|(([0-9a-zA-Z][_-]?)+)$`
      */
     FoundationModel?: string;
     /**
@@ -16575,7 +16759,7 @@ export type BedrockAgentActionGroupExecutor = {
  * Action Group Signature for a BuiltIn Action
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-bedrock-agent-actiongroupsignature.html}
  */
-export type BedrockAgentActionGroupSignature = "AMAZON.UserInput";
+export type BedrockAgentActionGroupSignature = "AMAZON.UserInput" | "AMAZON.CodeInterpreter";
 /**
  * Type definition for `AWS::Bedrock::Agent.ActionGroupState`.
  * State of the action group
@@ -29693,20 +29877,13 @@ export type CognitoUserPoolGroupProps = {
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolidentityprovider.html}
  */
 export type CognitoUserPoolIdentityProviderProps = {
-    AttributeMapping?: Record<string, any>;
+    AttributeMapping?: Record<string, string>;
     IdpIdentifiers?: string[];
-    ProviderDetails?: Record<string, any>;
+    ProviderDetails: Record<string, string>;
     ProviderName: string;
     ProviderType: string;
     UserPoolId: string;
 };
-/**
- * Attribute type definition for `AWS::Cognito::UserPoolIdentityProvider`.
- * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolidentityprovider.html#aws-resource-cognito-userpoolidentityprovider-return-values}
- */
-export type CognitoUserPoolIdentityProviderAttributes = {
-    Id: string;
-};
 /**
  * Resource Type definition for AWS::Cognito::UserPoolResourceServer
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolresourceserver.html}
@@ -50710,7 +50887,8 @@ export type EC2VPCDHCPOptionsAssociationProps = {
 export type EC2VPCEndpointProps = {
     /**
        * An endpoint policy, which controls access to the service from the VPC. The default endpoint policy allows full access to the service. Endpoint policies are supported only for gateway and interface endpoints.
-       For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. CFNlong converts YAML policies to JSON format before calling the API to create or modify the VPC endpoint.
+       For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. For example, if you have a JSON policy, you can convert it to YAML before including it in the YAML template, and CFNlong converts the policy to JSON format before calling the API actions for privatelink. Alternatively, you can include the JSON directly in the YAML, as shown in the following ``Properties`` section:
+       ``Properties: VpcEndpointType: 'Interface' ServiceName: !Sub 'com.amazonaws.${AWS::Region}.logs' PolicyDocument: '{ "Version":"2012-10-17", "Statement": [{ "Effect":"Allow", "Principal":"*", "Action":["logs:Describe*","logs:Get*","logs:List*","logs:FilterLogEvents"], "Resource":"*" }] }'``
        */
     PolicyDocument?: string | Record<string, any>;
     /**
@@ -50982,60 +51160,100 @@ export type EC2VPNConnectionAttributes = {
 };
 /**
  * Type definition for `AWS::EC2::VPNConnection.CloudwatchLogOptionsSpecification`.
+ * Options for sending VPN tunnel logs to CloudWatch.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-vpnconnection-cloudwatchlogoptionsspecification.html}
  */
 export type EC2VPNConnectionCloudwatchLogOptionsSpecification = {
+    /**
+       * Enable or disable VPN tunnel logging feature. Default value is ``False``.
+       Valid values: ``True`` | ``False``
+       */
     LogEnabled?: boolean;
+    /**
+     * The Amazon Resource Name (ARN) of the CloudWatch log group to send logs to.
+     */
     LogGroupArn?: string;
+    /**
+       * Set log format. Default format is ``json``.
+       Valid values: ``json`` | ``text``
+       */
     LogOutputFormat?: "json" | "text";
 };
 /**
  * Type definition for `AWS::EC2::VPNConnection.IKEVersionsRequestListValue`.
+ * The IKE version that is permitted for the VPN tunnel.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-vpnconnection-ikeversionsrequestlistvalue.html}
  */
 export type EC2VPNConnectionIKEVersionsRequestListValue = {
+    /**
+     * The IKE version.
+     */
     Value?: "ikev1" | "ikev2";
 };
 /**
  * Type definition for `AWS::EC2::VPNConnection.Phase1DHGroupNumbersRequestListValue`.
+ * Specifies a Diffie-Hellman group number for the VPN tunnel for phase 1 IKE negotiations.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-vpnconnection-phase1dhgroupnumbersrequestlistvalue.html}
  */
 export type EC2VPNConnectionPhase1DHGroupNumbersRequestListValue = {
+    /**
+     * The Diffie-Hellmann group number.
+     */
     Value?: 2 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24;
 };
 /**
  * Type definition for `AWS::EC2::VPNConnection.Phase1EncryptionAlgorithmsRequestListValue`.
+ * Specifies the encryption algorithm for the VPN tunnel for phase 1 IKE negotiations.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-vpnconnection-phase1encryptionalgorithmsrequestlistvalue.html}
  */
 export type EC2VPNConnectionPhase1EncryptionAlgorithmsRequestListValue = {
+    /**
+     * The value for the encryption algorithm.
+     */
     Value?: "AES128" | "AES256" | "AES128-GCM-16" | "AES256-GCM-16";
 };
 /**
  * Type definition for `AWS::EC2::VPNConnection.Phase1IntegrityAlgorithmsRequestListValue`.
+ * Specifies the integrity algorithm for the VPN tunnel for phase 1 IKE negotiations.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-vpnconnection-phase1integrityalgorithmsrequestlistvalue.html}
  */
 export type EC2VPNConnectionPhase1IntegrityAlgorithmsRequestListValue = {
+    /**
+     * The value for the integrity algorithm.
+     */
     Value?: "SHA1" | "SHA2-256" | "SHA2-384" | "SHA2-512";
 };
 /**
  * Type definition for `AWS::EC2::VPNConnection.Phase2DHGroupNumbersRequestListValue`.
+ * Specifies a Diffie-Hellman group number for the VPN tunnel for phase 2 IKE negotiations.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-vpnconnection-phase2dhgroupnumbersrequestlistvalue.html}
  */
 export type EC2VPNConnectionPhase2DHGroupNumbersRequestListValue = {
+    /**
+     * The Diffie-Hellmann group number.
+     */
     Value?: 2 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24;
 };
 /**
  * Type definition for `AWS::EC2::VPNConnection.Phase2EncryptionAlgorithmsRequestListValue`.
+ * Specifies the encryption algorithm for the VPN tunnel for phase 2 IKE negotiations.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-vpnconnection-phase2encryptionalgorithmsrequestlistvalue.html}
  */
 export type EC2VPNConnectionPhase2EncryptionAlgorithmsRequestListValue = {
+    /**
+     * The encryption algorithm.
+     */
     Value?: "AES128" | "AES256" | "AES128-GCM-16" | "AES256-GCM-16";
 };
 /**
  * Type definition for `AWS::EC2::VPNConnection.Phase2IntegrityAlgorithmsRequestListValue`.
+ * Specifies the integrity algorithm for the VPN tunnel for phase 2 IKE negotiations.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-vpnconnection-phase2integrityalgorithmsrequestlistvalue.html}
  */
 export type EC2VPNConnectionPhase2IntegrityAlgorithmsRequestListValue = {
+    /**
+     * The integrity algorithm.
+     */
     Value?: "SHA1" | "SHA2-256" | "SHA2-384" | "SHA2-512";
 };
 /**
@@ -51055,9 +51273,13 @@ export type EC2VPNConnectionTag = {
 };
 /**
  * Type definition for `AWS::EC2::VPNConnection.VpnTunnelLogOptionsSpecification`.
+ * Options for logging VPN tunnel activity.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-vpnconnection-vpntunnellogoptionsspecification.html}
  */
 export type EC2VPNConnectionVpnTunnelLogOptionsSpecification = {
+    /**
+     * Options for sending VPN tunnel logs to CloudWatch.
+     */
     CloudwatchLogOptions?: EC2VPNConnectionCloudwatchLogOptionsSpecification;
 };
 /**
@@ -51066,29 +51288,77 @@ export type EC2VPNConnectionVpnTunnelLogOptionsSpecification = {
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-vpnconnection-vpntunneloptionsspecification.html}
  */
 export type EC2VPNConnectionVpnTunnelOptionsSpecification = {
+    /**
+       * The action to take after DPD timeout occurs. Specify ``restart`` to restart the IKE initiation. Specify ``clear`` to end the IKE session.
+       Valid Values: ``clear`` | ``none`` | ``restart``
+       Default: ``clear``
+       */
     DPDTimeoutAction?: "clear" | "none" | "restart";
     /**
-     * @min `30`
-     */
+       * The number of seconds after which a DPD timeout occurs.
+       Constraints: A value greater than or equal to 30.
+       Default: ``30``
+       * @min `30`
+       */
     DPDTimeoutSeconds?: number;
+    /**
+     * Turn on or off tunnel endpoint lifecycle control feature.
+     */
     EnableTunnelLifecycleControl?: boolean;
+    /**
+       * The IKE versions that are permitted for the VPN tunnel.
+       Valid values: ``ikev1`` | ``ikev2``
+       */
     IKEVersions?: EC2VPNConnectionIKEVersionsRequestListValue[];
+    /**
+     * Options for logging VPN tunnel activity.
+     */
     LogOptions?: EC2VPNConnectionVpnTunnelLogOptionsSpecification;
+    /**
+       * One or more Diffie-Hellman group numbers that are permitted for the VPN tunnel for phase 1 IKE negotiations.
+       Valid values: ``2`` | ``14`` | ``15`` | ``16`` | ``17`` | ``18`` | ``19`` | ``20`` | ``21`` | ``22`` | ``23`` | ``24``
+       */
     Phase1DHGroupNumbers?: EC2VPNConnectionPhase1DHGroupNumbersRequestListValue[];
+    /**
+       * One or more encryption algorithms that are permitted for the VPN tunnel for phase 1 IKE negotiations.
+       Valid values: ``AES128`` | ``AES256`` | ``AES128-GCM-16`` | ``AES256-GCM-16``
+       */
     Phase1EncryptionAlgorithms?: EC2VPNConnectionPhase1EncryptionAlgorithmsRequestListValue[];
+    /**
+       * One or more integrity algorithms that are permitted for the VPN tunnel for phase 1 IKE negotiations.
+       Valid values: ``SHA1`` | ``SHA2-256`` | ``SHA2-384`` | ``SHA2-512``
+       */
     Phase1IntegrityAlgorithms?: EC2VPNConnectionPhase1IntegrityAlgorithmsRequestListValue[];
     /**
-     * @min `900`
-     * @max `28800`
-     */
+       * The lifetime for phase 1 of the IKE negotiation, in seconds.
+       Constraints: A value between 900 and 28,800.
+       Default: ``28800``
+       * @min `900`
+       * @max `28800`
+       */
     Phase1LifetimeSeconds?: number;
+    /**
+       * One or more Diffie-Hellman group numbers that are permitted for the VPN tunnel for phase 2 IKE negotiations.
+       Valid values: ``2`` | ``5`` | ``14`` | ``15`` | ``16`` | ``17`` | ``18`` | ``19`` | ``20`` | ``21`` | ``22`` | ``23`` | ``24``
+       */
     Phase2DHGroupNumbers?: EC2VPNConnectionPhase2DHGroupNumbersRequestListValue[];
+    /**
+       * One or more encryption algorithms that are permitted for the VPN tunnel for phase 2 IKE negotiations.
+       Valid values: ``AES128`` | ``AES256`` | ``AES128-GCM-16`` | ``AES256-GCM-16``
+       */
     Phase2EncryptionAlgorithms?: EC2VPNConnectionPhase2EncryptionAlgorithmsRequestListValue[];
+    /**
+       * One or more integrity algorithms that are permitted for the VPN tunnel for phase 2 IKE negotiations.
+       Valid values: ``SHA1`` | ``SHA2-256`` | ``SHA2-384`` | ``SHA2-512``
+       */
     Phase2IntegrityAlgorithms?: EC2VPNConnectionPhase2IntegrityAlgorithmsRequestListValue[];
     /**
-     * @min `900`
-     * @max `3600`
-     */
+       * The lifetime for phase 2 of the IKE negotiation, in seconds.
+       Constraints: A value between 900 and 3,600. The value must be less than the value for ``Phase1LifetimeSeconds``.
+       Default: ``3600``
+       * @min `900`
+       * @max `3600`
+       */
     Phase2LifetimeSeconds?: number;
     /**
        * The pre-shared key (PSK) to establish initial authentication between the virtual private gateway and customer gateway.
@@ -51096,19 +51366,33 @@ export type EC2VPNConnectionVpnTunnelOptionsSpecification = {
        */
     PreSharedKey?: string;
     /**
-     * @min `0`
-     * @max `100`
-     */
+       * The percentage of the rekey window (determined by ``RekeyMarginTimeSeconds``) during which the rekey time is randomly selected.
+       Constraints: A value between 0 and 100.
+       Default: ``100``
+       * @min `0`
+       * @max `100`
+       */
     RekeyFuzzPercentage?: number;
     /**
-     * @min `60`
-     */
+       * The margin time, in seconds, before the phase 2 lifetime expires, during which the AWS side of the VPN connection performs an IKE rekey. The exact time of the rekey is randomly selected based on the value for ``RekeyFuzzPercentage``.
+       Constraints: A value between 60 and half of ``Phase2LifetimeSeconds``.
+       Default: ``270``
+       * @min `60`
+       */
     RekeyMarginTimeSeconds?: number;
     /**
-     * @min `64`
-     * @max `2048`
-     */
+       * The number of packets in an IKE replay window.
+       Constraints: A value between 64 and 2048.
+       Default: ``1024``
+       * @min `64`
+       * @max `2048`
+       */
     ReplayWindowSize?: number;
+    /**
+       * The action to take when the establishing the tunnel for the VPN connection. By default, your customer gateway device must initiate the IKE negotiation and bring up the tunnel. Specify ``start`` for AWS to initiate the IKE negotiation.
+       Valid Values: ``add`` | ``start``
+       Default: ``add``
+       */
     StartupAction?: "add" | "start";
     /**
        * The range of inside IP addresses for the tunnel. Any specified CIDR blocks must be unique across all VPN connections that use the same virtual private gateway.
@@ -51122,6 +51406,10 @@ export type EC2VPNConnectionVpnTunnelOptionsSpecification = {
         +   ``169.254.169.252/30``
        */
     TunnelInsideCidr?: string;
+    /**
+       * The range of inside IPv6 addresses for the tunnel. Any specified CIDR blocks must be unique across all VPN connections that use the same transit gateway.
+       Constraints: A size /126 CIDR block from the local ``fd00::/8`` range.
+       */
     TunnelInsideIpv6Cidr?: string;
 };
 /**
@@ -55339,6 +55627,10 @@ export type ElastiCacheGlobalReplicationGroupProps = {
      * Cache parameter group name to use for the new engine version. This parameter cannot be modified independently.
      */
     CacheParameterGroupName?: string;
+    /**
+     * The engine of the Global Datastore.
+     */
+    Engine?: string;
     /**
      * The engine version of the Global Datastore.
      */
@@ -70442,7 +70734,7 @@ export type ImageBuilderComponentProps = {
     /**
      * The platform of the component.
      */
-    Platform: "Windows" | "Linux";
+    Platform: "Windows" | "Linux" | "macOS";
     /**
      * The operating system (OS) version supported by the component.
      */
@@ -71419,6 +71711,10 @@ export type ImageBuilderInfrastructureConfigurationProps = {
      * The name of the infrastructure configuration.
      */
     Name: string;
+    /**
+     * The placement option settings for the infrastructure configuration.
+     */
+    Placement?: ImageBuilderInfrastructureConfigurationPlacement;
     /**
      * The tags attached to the resource created by Image Builder.
      */
@@ -71480,6 +71776,29 @@ export type ImageBuilderInfrastructureConfigurationLogging = {
      */
     S3Logs?: ImageBuilderInfrastructureConfigurationS3Logs;
 };
+/**
+ * Type definition for `AWS::ImageBuilder::InfrastructureConfiguration.Placement`.
+ * The placement options
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-imagebuilder-infrastructureconfiguration-placement.html}
+ */
+export type ImageBuilderInfrastructureConfigurationPlacement = {
+    /**
+     * AvailabilityZone
+     */
+    AvailabilityZone?: string;
+    /**
+     * HostId
+     */
+    HostId?: string;
+    /**
+     * HostResourceGroupArn
+     */
+    HostResourceGroupArn?: string;
+    /**
+     * Tenancy
+     */
+    Tenancy?: "default" | "dedicated" | "host";
+};
 /**
  * Type definition for `AWS::ImageBuilder::InfrastructureConfiguration.S3Logs`.
  * The S3 path in which to store the logs.
@@ -81444,14 +81763,14 @@ export type IVSEncoderConfigurationProps = {
          */
         Framerate?: number;
         /**
-         * Video-resolution height. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 720.
-         * @min `1`
+         * Video-resolution height. This must be an even number. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 720.
+         * @min `2`
          * @max `1920`
          */
         Height?: number;
         /**
-         * Video-resolution width. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 1280.
-         * @min `1`
+         * Video-resolution width. This must be an even number. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 1280.
+         * @min `2`
          * @max `1920`
          */
         Width?: number;
@@ -144490,8 +144809,8 @@ export type RefactorSpacesEnvironmentProps = {
      * @maxLength `63`
      * @pattern `^(?!env-)[a-zA-Z0-9]+[a-zA-Z0-9-_ ]+$`
      */
-    Name: string;
-    NetworkFabricType: RefactorSpacesEnvironmentNetworkFabricType;
+    Name?: string;
+    NetworkFabricType?: RefactorSpacesEnvironmentNetworkFabricType;
     /**
      * Metadata that you can assign to help organize the frameworks that you create. Each tag is a key-value pair.
      */
@@ -149618,32 +149937,41 @@ export type S3BucketS3KeyFilter = {
 };
 /**
  * Type definition for `AWS::S3::Bucket.ServerSideEncryptionByDefault`.
- * Describes the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. If you don't specify a customer managed key at configuration, Amazon S3 automatically creates an AWS KMS key in your AWS account the first time that you add an object encrypted with SSE-KMS to a bucket. By default, Amazon S3 uses this KMS key for SSE-KMS. For more information, see [PUT Bucket encryption](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTencryption.html) in the *Amazon S3 API Reference*.
-  If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner.
+ * Describes the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. For more information, see [PutBucketEncryption](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTencryption.html).
+   +   *General purpose buckets* - If you don't specify a customer managed key at configuration, Amazon S3 automatically creates an AWS KMS key (``aws/s3``) in your AWS account the first time that you add an object encrypted with SSE-KMS to a bucket. By default, Amazon S3 uses this KMS key for SSE-KMS.
+  +   *Directory buckets* - Your SSE-KMS configuration can only support 1 [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) per directory bucket for the lifetime of the bucket. The [managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk) (``aws/s3``) isn't supported.
+  +   *Directory buckets* - For directory buckets, there are only two supported options for server-side encryption: SSE-S3 and SSE-KMS.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-serversideencryptionbydefault.html}
  */
 export type S3BucketServerSideEncryptionByDefault = {
     /**
-       * AWS Key Management Service (KMS) customer AWS KMS key ID to use for the default encryption. This parameter is allowed if and only if ``SSEAlgorithm`` is set to ``aws:kms`` or ``aws:kms:dsse``.
-       You can specify the key ID, key alias, or the Amazon Resource Name (ARN) of the KMS key.
+       * AWS Key Management Service (KMS) customer managed key ID to use for the default encryption.
+         +   *General purpose buckets* - This parameter is allowed if and only if ``SSEAlgorithm`` is set to ``aws:kms`` or ``aws:kms:dsse``.
+        +   *Directory buckets* - This parameter is allowed if and only if ``SSEAlgorithm`` is set to ``aws:kms``.
+        
+        You can specify the key ID, key alias, or the Amazon Resource Name (ARN) of the KMS key.
         +  Key ID: ``1234abcd-12ab-34cd-56ef-1234567890ab``
         +  Key ARN: ``arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab``
         +  Key Alias: ``alias/alias-name``
         
-       If you use a key ID, you can run into a LogDestination undeliverable error when creating a VPC flow log.
-       If you are using encryption with cross-account or AWS service operations you must use a fully qualified KMS key ARN. For more information, see [Using encryption for cross-account operations](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy).
-        Amazon S3 only supports symmetric encryption KMS keys. For more information, see [Asymmetric keys in KMS](https://docs.aws.amazon.com//kms/latest/developerguide/symmetric-asymmetric.html) in the *Key Management Service Developer Guide*.
+       If you are using encryption with cross-account or AWS service operations, you must use a fully qualified KMS key ARN. For more information, see [Using encryption for cross-account operations](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy).
+         +   *General purpose buckets* - If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. Also, if you use a key ID, you can run into a LogDestination undeliverable error when creating a VPC flow log.
+        +   *Directory buckets* - When you specify an [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn't supported.
+        
+         Amazon S3 only supports symmetric encryption KMS keys. For more information, see [Asymmetric keys in KMS](https://docs.aws.amazon.com//kms/latest/developerguide/symmetric-asymmetric.html) in the *Key Management Service Developer Guide*.
        */
     KMSMasterKeyID?: string;
     /**
-     * Server-side encryption algorithm to use for the default encryption.
-     */
+       * Server-side encryption algorithm to use for the default encryption.
+        For directory buckets, there are only two supported values for server-side encryption: ``AES256`` and ``aws:kms``.
+       */
     SSEAlgorithm: "aws:kms" | "AES256" | "aws:kms:dsse";
 };
 /**
  * Type definition for `AWS::S3::Bucket.ServerSideEncryptionRule`.
  * Specifies the default server-side encryption configuration.
-  If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner.
+   +   *General purpose buckets* - If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner.
+  +   *Directory buckets* - When you specify an [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn't supported.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-serversideencryptionrule.html}
  */
 export type S3BucketServerSideEncryptionRule = {
@@ -176077,6 +176405,7 @@ export interface ResourceTypes {
     "AWS::Backup::BackupSelection": BackupBackupSelectionProps;
     "AWS::Backup::BackupVault": BackupBackupVaultProps;
     "AWS::Backup::Framework": BackupFrameworkProps;
+    "AWS::Backup::LogicallyAirGappedBackupVault": BackupLogicallyAirGappedBackupVaultProps;
     "AWS::Backup::ReportPlan": BackupReportPlanProps;
     "AWS::Backup::RestoreTestingPlan": BackupRestoreTestingPlanProps;
     "AWS::Backup::RestoreTestingSelection": BackupRestoreTestingSelectionProps;
@@ -177376,6 +177705,7 @@ export interface AttributeTypes {
     "AWS::Backup::BackupSelection": BackupBackupSelectionAttributes;
     "AWS::Backup::BackupVault": BackupBackupVaultAttributes;
     "AWS::Backup::Framework": BackupFrameworkAttributes;
+    "AWS::Backup::LogicallyAirGappedBackupVault": BackupLogicallyAirGappedBackupVaultAttributes;
     "AWS::Backup::ReportPlan": BackupReportPlanAttributes;
     "AWS::Backup::RestoreTestingPlan": BackupRestoreTestingPlanAttributes;
     "AWS::BackupGateway::Hypervisor": BackupGatewayHypervisorAttributes;
@@ -177480,7 +177810,6 @@ export interface AttributeTypes {
     "AWS::Cognito::UserPool": CognitoUserPoolAttributes;
     "AWS::Cognito::UserPoolClient": CognitoUserPoolClientAttributes;
     "AWS::Cognito::UserPoolDomain": CognitoUserPoolDomainAttributes;
-    "AWS::Cognito::UserPoolIdentityProvider": CognitoUserPoolIdentityProviderAttributes;
     "AWS::Comprehend::DocumentClassifier": ComprehendDocumentClassifierAttributes;
     "AWS::Comprehend::Flywheel": ComprehendFlywheelAttributes;
     "AWS::Config::AggregationAuthorization": ConfigAggregationAuthorizationAttributes;
@@ -178562,6 +178891,7 @@ export declare const ResourceType: {
     readonly BackupBackupSelection: "AWS::Backup::BackupSelection";
     readonly BackupBackupVault: "AWS::Backup::BackupVault";
     readonly BackupFramework: "AWS::Backup::Framework";
+    readonly BackupLogicallyAirGappedBackupVault: "AWS::Backup::LogicallyAirGappedBackupVault";
     readonly BackupReportPlan: "AWS::Backup::ReportPlan";
     readonly BackupRestoreTestingPlan: "AWS::Backup::RestoreTestingPlan";
     readonly BackupRestoreTestingSelection: "AWS::Backup::RestoreTestingSelection";