@aws-mdaa/dataops-dms 1.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (12) hide show
  1. package/README.md +131 -0
  2. package/SCHEMA.md +3747 -0
  3. package/bin/dms.d.ts +6 -0
  4. package/bin/dms.js +10 -0
  5. package/cdk.json +7 -0
  6. package/lib/config-schema.json +1618 -0
  7. package/lib/dms-config.d.ts +25 -0
  8. package/lib/dms-config.js +19 -0
  9. package/lib/dms.d.ts +11 -0
  10. package/lib/dms.js +28 -0
  11. package/mdaa.config.json +3 -0
  12. package/package.json +55 -0
package/lib/config-schema.json ADDED
@@ -0,0 +1,1618 @@
1
+ {
2
+ "$schema": "http://json-schema.org/draft-07/schema#",
3
+ "additionalProperties": false,
4
+ "definitions": {
5
+ "CfnParameterProps": {
6
+ "additionalProperties": false,
7
+ "properties": {
8
+ "allowedPattern": {
9
+ "default": "- No constraints on patterns allowed for parameter.",
10
+ "description": "A regular expression that represents the patterns to allow for String types.",
11
+ "type": "string"
12
+ },
13
+ "allowedValues": {
14
+ "default": "- No constraints on values allowed for parameter.",
15
+ "description": "An array containing the list of values allowed for the parameter.",
16
+ "items": {
17
+ "type": "string"
18
+ },
19
+ "type": "array"
20
+ },
21
+ "constraintDescription": {
22
+ "default": "- No description with customized error message when user specifies invalid values.",
23
+ "description": "A string that explains a constraint when the constraint is violated.\nFor example, without a constraint description, a parameter that has an allowed\npattern of [A-Za-z0-9]+ displays the following error message when the user specifies\nan invalid value:",
24
+ "type": "string"
25
+ },
26
+ "default": {
27
+ "default": "- No default value for parameter.",
28
+ "description": "A value of the appropriate type for the template to use if no value is specified\nwhen a stack is created. If you define constraints for the parameter, you must specify\na value that adheres to those constraints."
29
+ },
30
+ "description": {
31
+ "default": "- No description for the parameter.",
32
+ "description": "A string of up to 4000 characters that describes the parameter.",
33
+ "type": "string"
34
+ },
35
+ "maxLength": {
36
+ "default": "- None.",
37
+ "description": "An integer value that determines the largest number of characters you want to allow for String types.",
38
+ "type": "number"
39
+ },
40
+ "maxValue": {
41
+ "default": "- None.",
42
+ "description": "A numeric value that determines the largest numeric value you want to allow for Number types.",
43
+ "type": "number"
44
+ },
45
+ "minLength": {
46
+ "default": "- None.",
47
+ "description": "An integer value that determines the smallest number of characters you want to allow for String types.",
48
+ "type": "number"
49
+ },
50
+ "minValue": {
51
+ "default": "- None.",
52
+ "description": "A numeric value that determines the smallest numeric value you want to allow for Number types.",
53
+ "type": "number"
54
+ },
55
+ "noEcho": {
56
+ "default": "- Parameter values are not masked.",
57
+ "description": "Whether to mask the parameter value when anyone makes a call that describes the stack.\nIf you set the value to ``true``, the parameter value is masked with asterisks (``*****``).",
58
+ "type": "boolean"
59
+ },
60
+ "type": {
61
+ "default": "String",
62
+ "description": "The data type for the parameter (DataType).",
63
+ "type": "string"
64
+ }
65
+ },
66
+ "type": "object"
67
+ },
68
+ "DMSProps": {
69
+ "additionalProperties": false,
70
+ "description": "Q-ENHANCED-INTERFACE\nDMSProps configuration interface for database migration and replication.\n\nUse cases: Database migration; Database replication; Data migration workflows; Database connectivity\n\nAWS: AWS Database Migration Service configuration for database migration and replication\n\nValidation: Configuration must be valid for deployment; properties must conform to AWS DMS and MDAA requirements",
71
+ "properties": {
72
+ "createDmsLogRole": {
73
+ "description": "Q-ENHANCED-PROPERTY\nOptional boolean flag to create DMS CloudWatch Logs service role enabling migration logging and monitoring capabilities. Controls whether MDAA will create the required CloudWatch Logs service role for DMS operation logging and monitoring.\n\nUse cases: Migration logging; DMS monitoring; CloudWatch integration; Log management; Migration troubleshooting\n\nAWS: AWS DMS CloudWatch Logs service role creation for migration logging and monitoring\n\nValidation: Must be boolean value if provided; optional for logging service role management",
74
+ "type": "boolean"
75
+ },
76
+ "createDmsVpcRole": {
77
+ "description": "Q-ENHANCED-PROPERTY\nOptional boolean flag to create DMS VPC service role enabling VPC-based database migration operations. Controls whether MDAA will create the required VPC service role for DMS operations in VPC environments with private database connectivity.\n\nUse cases: VPC-based migrations; Private database connectivity; DMS VPC role creation; Network-isolated migrations\n\nAWS: AWS DMS VPC service role creation for VPC-based database migration operations\n\nValidation: Must be boolean value if provided; optional for VPC service role management",
78
+ "type": "boolean"
79
+ },
80
+ "dmsRoleArn": {
81
+ "description": "Q-ENHANCED-PROPERTY\nOptional IAM role ARN for AWS Database Migration Service operations enabling custom role specification for DMS service access. Provides ability to specify a custom IAM role for DMS operations when default service roles are insufficient or when specific permissions are required.\n\nUse cases: Custom IAM role specification; Advanced permission management; Cross-account DMS access; Custom service roles\n\nAWS: IAM role ARN for AWS Database Migration Service operations and resource access\n\nValidation: Must be valid IAM role ARN format if provided; optional for custom role specification",
82
+ "type": "string"
83
+ },
84
+ "endpoints": {
85
+ "$ref": "#/definitions/NamedEndpointProps",
86
+ "description": "Q-ENHANCED-PROPERTY\nOptional named endpoints configuration for DMS source and target database connections enabling flexible database connectivity. Defines the database connection endpoints that DMS will use for source and target databases in migration operations.\n\nUse cases: Database connectivity; Source/target configuration; Connection management; Multi-database migrations\n\nAWS: AWS DMS endpoints for source and target database connection configuration\n\nValidation: Must be valid NamedEndpointProps if provided; optional for endpoint configuration"
87
+ },
88
+ "replicationInstances": {
89
+ "$ref": "#/definitions/NamedReplicationInstanceProps",
90
+ "description": "Q-ENHANCED-PROPERTY\nOptional named replication instances configuration for DMS migration infrastructure enabling scalable database migration operations. Defines the compute resources that will perform the actual data migration tasks with appropriate sizing and configuration.\n\nUse cases: Migration infrastructure; Replication instance management; Migration scaling; Compute resource allocation\n\nAWS: AWS DMS replication instances for database migration compute infrastructure\n\nValidation: Must be valid NamedReplicationInstanceProps if provided; optional for replication instance configuration"
91
+ },
92
+ "replicationTasks": {
93
+ "$ref": "#/definitions/NamedReplicationTaskProps",
94
+ "description": "Q-ENHANCED-PROPERTY\nOptional named replication tasks configuration for DMS migration job definitions enabling automated database migration workflows. Defines the specific migration tasks that will transfer data between source and target databases with appropriate settings and filters.\n\nUse cases: Migration task definition; Data transfer workflows; Migration automation; Task scheduling\n\nAWS: AWS DMS replication tasks for automated database migration job execution\n\nValidation: Must be valid NamedReplicationTaskProps if provided; optional for replication task configuration"
95
+ }
96
+ },
97
+ "type": "object"
98
+ },
99
+ "DmsMigrationType": {
100
+ "enum": [
101
+ "cdc",
102
+ "full-load",
103
+ "full-load-and-cdc"
104
+ ],
105
+ "type": "string"
106
+ },
107
+ "DocDbSettingsProperty": {
108
+ "additionalProperties": false,
109
+ "description": "Q-ENHANCED-INTERFACE\nDocumentDB settings configuration interface for DMS providing document database migration and MongoDB-compatible capabilities. Defines DocumentDB-specific properties for Database Migration Service including document migration, MongoDB compatibility, and DocumentDB integration for document database migration workflows.\n\nUse cases: Document database migration; MongoDB-compatible migration; DocumentDB connectivity; Document data migration; MongoDB compatibility; DMS DocumentDB integration\n\nAWS: AWS DMS DocumentDB endpoint configuration with document database migration and MongoDB-compatible capabilities\n\nValidation: Configuration must be valid for DMS migration; properties must conform to AWS DMS and database-specific requirements",
110
+ "properties": {
111
+ "docsToInvestigate": {
112
+ "description": "Q-ENHANCED-PROPERTY\nOptional number of documents to preview for determining document organization and schema inference in DocumentDB migration. Defines the sample size for document analysis when nesting level is set to \"one\" for table mode migration, enabling proper schema detection and data mapping.\n\nUse cases: Document schema inference; Migration planning; Table mode configuration; Document organization analysis\n\nAWS: DMS DocumentDB endpoint docsToInvestigate setting for document sampling and schema analysis\n\nValidation: Must be positive integer greater than 0 if provided; default is 1000; used for document organization analysis\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-docdbsettings.html#cfn-dms-endpoint-docdbsettings-docstoinvestigate",
113
+ "type": "number"
114
+ },
115
+ "extractDocId": {
116
+ "description": "Q-ENHANCED-PROPERTY\nOptional flag to extract document ID during DocumentDB migration enabling document identification and tracking. Specifies whether to extract the document ID when nesting level is set to \"none\" for document mode migration, enabling document-level tracking and identification.\n\nUse cases: Document identification; Document mode migration; Document tracking; ID extraction\n\nAWS: DMS DocumentDB endpoint extractDocId setting for document ID extraction configuration\n\nValidation: Must be boolean value if provided; default is false; used when nesting level is \"none\"\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-docdbsettings.html#cfn-dms-endpoint-docdbsettings-extractdocid",
117
+ "type": "boolean"
118
+ },
119
+ "nestingLevel": {
120
+ "description": "Q-ENHANCED-PROPERTY\nOptional nesting level specification for DocumentDB migration mode selection enabling document or table mode migration. Defines the migration approach with \"none\" for document mode preserving document structure or \"one\" for table mode flattening documents into relational format.\n\nUse cases: Migration mode selection; Document structure preservation; Table mode flattening; Migration strategy configuration\n\nAWS: DMS DocumentDB endpoint nestingLevel setting for migration mode configuration\n\nValidation: Must be \"none\" or \"one\" if provided; default is \"none\"; determines document vs table migration mode\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-docdbsettings.html#cfn-dms-endpoint-docdbsettings-nestinglevel",
121
+ "type": "string"
122
+ },
123
+ "secretsManagerAccessRoleArn": {
124
+ "description": "Q-ENHANCED-PROPERTY\nOptional IAM role ARN for DMS to access Secrets Manager secret containing DocumentDB credentials enabling secure credential management. Defines the IAM role that DMS assumes to retrieve database credentials from Secrets Manager for DocumentDB endpoint connectivity with role-based security.\n\nUse cases: Secure credential access; IAM role-based security; Secrets Manager integration; DMS authentication\n\nAWS: DMS DocumentDB endpoint secretsManagerAccessRoleArn setting for IAM role-based credential access\n\nValidation: Must be valid IAM role ARN if provided; role must have iam:PassRole and Secrets Manager access permissions\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-docdbsettings.html#cfn-dms-endpoint-docdbsettings-secretsmanageraccessrolearn",
125
+ "type": "string"
126
+ },
127
+ "secretsManagerSecretArn": {
128
+ "description": "Q-ENHANCED-PROPERTY\nRequired Secrets Manager secret ARN containing DocumentDB endpoint connection details enabling secure credential storage for document database connectivity. Defines the AWS Secrets Manager secret that stores database connection credentials including username, password, and connection parameters for DocumentDB endpoint access.\n\nUse cases: Secure credential storage; DocumentDB connectivity; Database authentication; Secrets management\n\nAWS: DMS DocumentDB endpoint secretsManagerSecretId setting for Secrets Manager secret reference\n\nValidation: Must be valid Secrets Manager secret ARN; required; secret must contain valid DocumentDB connection credentials\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-docdbsettings.html#cfn-dms-endpoint-docdbsettings-secretsmanagersecretid",
129
+ "type": "string"
130
+ },
131
+ "secretsManagerSecretKMSArn": {
132
+ "description": "Q-ENHANCED-PROPERTY\nOptional KMS key ARN for encrypting Secrets Manager secret containing DocumentDB credentials enabling enhanced security for database connection details. Defines the KMS key used to encrypt the Secrets Manager secret that stores DocumentDB endpoint credentials for additional security layer.\n\nUse cases: Credential encryption; Enhanced security; KMS integration; Secrets Manager encryption\n\nAWS: DMS DocumentDB endpoint secretsManagerSecretKMSArn setting for KMS encryption of credentials\n\nValidation: Must be valid KMS key ARN if provided; enables encryption of Secrets Manager secret containing credentials",
133
+ "type": "string"
134
+ }
135
+ },
136
+ "required": [
137
+ "secretsManagerSecretArn"
138
+ ],
139
+ "type": "object"
140
+ },
141
+ "DynamoDbSettingsProperty": {
142
+ "additionalProperties": false,
143
+ "description": "Q-ENHANCED-INTERFACE\nDynamoDB settings configuration interface for DMS providing NoSQL database migration and serverless database capabilities. Defines DynamoDB-specific properties for Database Migration Service including NoSQL migration, serverless database connectivity, and DynamoDB integration for serverless database migration workflows.\n\nUse cases: NoSQL database migration; Serverless database migration; DynamoDB connectivity; NoSQL data migration; Serverless data integration; DMS DynamoDB integration\n\nAWS: AWS DMS DynamoDB endpoint configuration with NoSQL database migration and serverless database capabilities\n\nValidation: Configuration must be valid for DMS migration; properties must conform to AWS DMS and database-specific requirements",
144
+ "properties": {
145
+ "serviceAccessRoleArn": {
146
+ "description": "Q-ENHANCED-PROPERTY\nOptional IAM service role ARN for DMS DynamoDB endpoint access enabling secure authentication and authorization for NoSQL database operations. Defines the IAM role that DMS assumes to access DynamoDB tables with required permissions for data migration and NoSQL operations.\n\nUse cases: DynamoDB access control; DMS service authentication; IAM role-based security; NoSQL database permissions\n\nAWS: DMS DynamoDB endpoint serviceAccessRoleArn setting for IAM role-based authentication\n\nValidation: Must be valid IAM role ARN if provided; role must have iam:PassRole permission and DynamoDB access policies\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-dynamodbsettings.html#cfn-dms-endpoint-dynamodbsettings-serviceaccessrolearn",
147
+ "type": "string"
148
+ }
149
+ },
150
+ "type": "object"
151
+ },
152
+ "ElasticsearchSettingsProperty": {
153
+ "additionalProperties": false,
154
+ "description": "Q-ENHANCED-INTERFACE\nElasticsearch settings configuration interface for DMS providing search engine migration and search data capabilities. Defines Elasticsearch-specific properties for Database Migration Service including search data migration, index configuration, and Elasticsearch integration for search engine migration workflows.\n\nUse cases: Search engine migration; Search data migration; Elasticsearch connectivity; Search index migration; Search data integration; DMS Elasticsearch integration\n\nAWS: AWS DMS Elasticsearch endpoint configuration with search engine migration and search data capabilities\n\nValidation: Configuration must be valid for DMS migration; properties must conform to AWS DMS and database-specific requirements",
155
+ "properties": {
156
+ "endpointUri": {
157
+ "description": "Q-ENHANCED-PROPERTY\nOptional OpenSearch cluster endpoint URI for DMS target connectivity enabling search engine data migration and indexing. Defines the connection endpoint for OpenSearch cluster where DMS will migrate and index data from source databases for search and analytics capabilities.\n\nUse cases: Search engine migration; Data indexing; OpenSearch connectivity; Search data integration\n\nAWS: DMS Elasticsearch endpoint endpointUri setting for OpenSearch cluster connectivity\n\nValidation: Must be valid HTTPS URI if provided; DMS uses HTTPS by default for secure search engine connectivity\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-elasticsearchsettings.html#cfn-dms-endpoint-elasticsearchsettings-endpointuri",
158
+ "type": "string"
159
+ },
160
+ "errorRetryDuration": {
161
+ "description": "Q-ENHANCED-PROPERTY\nOptional maximum retry duration in seconds for failed DMS API requests to OpenSearch cluster enabling resilient search data migration. Defines the maximum time DMS will retry failed API requests to the OpenSearch cluster for improved reliability and fault tolerance during search data migration.\n\nUse cases: Search migration resilience; API retry configuration; OpenSearch connectivity reliability; Migration fault tolerance\n\nAWS: DMS Elasticsearch endpoint errorRetryDuration setting for API retry timing configuration\n\nValidation: Must be positive integer in seconds if provided; controls maximum retry duration for failed OpenSearch API requests\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-elasticsearchsettings.html#cfn-dms-endpoint-elasticsearchsettings-errorretryduration",
162
+ "type": "number"
163
+ },
164
+ "fullLoadErrorPercentage": {
165
+ "description": "Q-ENHANCED-PROPERTY\nOptional maximum percentage of failed records before stopping full load operation enabling controlled search data migration quality. Defines the failure threshold for record writes to OpenSearch before DMS stops the full load operation to prevent data quality issues in search indexes.\n\nUse cases: Data quality control; Migration failure thresholds; Search index quality; Load operation control\n\nAWS: DMS Elasticsearch endpoint fullLoadErrorPercentage setting for data quality control\n\nValidation: Must be percentage value between 0-100 if provided; controls failure threshold for full load operations\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-elasticsearchsettings.html#cfn-dms-endpoint-elasticsearchsettings-fullloaderrorpercentage",
166
+ "type": "number"
167
+ },
168
+ "serviceAccessRoleArn": {
169
+ "description": "Q-ENHANCED-PROPERTY\nOptional IAM service role ARN for DMS OpenSearch endpoint access enabling secure authentication and authorization for search engine operations. Defines the IAM role that DMS assumes to access OpenSearch cluster with required permissions for indexing and search operations.\n\nUse cases: OpenSearch access control; DMS service authentication; IAM role-based security; Search engine permissions\n\nAWS: DMS Elasticsearch endpoint serviceAccessRoleArn setting for IAM role-based authentication\n\nValidation: Must be valid IAM role ARN if provided; role must have iam:PassRole permission and OpenSearch access policies\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-elasticsearchsettings.html#cfn-dms-endpoint-elasticsearchsettings-serviceaccessrolearn",
170
+ "type": "string"
171
+ }
172
+ },
173
+ "type": "object"
174
+ },
175
+ "EndpointProps": {
176
+ "additionalProperties": false,
177
+ "description": "Q-ENHANCED-INTERFACE\nEndpointProps configuration interface for database migration and replication.\n\nUse cases: Database migration; Database replication; Data migration workflows; Database connectivity\n\nAWS: AWS Database Migration Service configuration for database migration and replication\n\nValidation: Configuration must be valid for deployment; properties must conform to AWS DMS and MDAA requirements",
178
+ "properties": {
179
+ "databaseName": {
180
+ "description": "The optional name of the endpoint database. Required for certain endpoint types.",
181
+ "type": "string"
182
+ },
183
+ "docDbSettings": {
184
+ "$ref": "#/definitions/DocDbSettingsProperty",
185
+ "description": "Settings in JSON format for the source and target DocumentDB endpoint.\nFor more information about other available settings, see [Using extra connections attributes with Amazon DocumentDB as a source](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Source.DocumentDB.html#CHAP_Source.DocumentDB.ECAs) and [Using Amazon DocumentDB as a target for AWS Database Migration Service](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Target.DocumentDB.html) in the *AWS Database Migration Service User Guide* .\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dms-endpoint.html#cfn-dms-endpoint-docdbsettings"
186
+ },
187
+ "dynamoDbSettings": {
188
+ "$ref": "#/definitions/DynamoDbSettingsProperty",
189
+ "description": "Settings in JSON format for the target Amazon DynamoDB endpoint.\nFor information about other available settings, see [Using object mapping to migrate data to DynamoDB](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Target.DynamoDB.html#CHAP_Target.DynamoDB.ObjectMapping) in the *AWS Database Migration Service User Guide* .\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dms-endpoint.html#cfn-dms-endpoint-dynamodbsettings"
190
+ },
191
+ "elasticsearchSettings": {
192
+ "$ref": "#/definitions/ElasticsearchSettingsProperty",
193
+ "description": "Settings in JSON format for the target OpenSearch endpoint.\nFor more information about the available settings, see [Extra connection attributes when using OpenSearch as a target for AWS DMS](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Target.Elasticsearch.html#CHAP_Target.Elasticsearch.Configuration) in the *AWS Database Migration Service User Guide* .\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dms-endpoint.html#cfn-dms-endpoint-elasticsearchsettings"
194
+ },
195
+ "endpointType": {
196
+ "$ref": "#/definitions/MdaaEndpointType",
197
+ "description": "The type of Endpoint (\"source\" or \"target\")"
198
+ },
199
+ "engineName": {
200
+ "$ref": "#/definitions/MdaaEndpointEngine",
201
+ "description": "The name of the endpoint engine"
202
+ },
203
+ "ibmDb2Settings": {
204
+ "$ref": "#/definitions/IbmDb2SettingsProperty",
205
+ "description": "Settings in JSON format for the source IBM Db2 LUW endpoint.\nFor information about other available settings, see [Extra connection attributes when using Db2 LUW as a source for AWS DMS](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Source.DB2.html#CHAP_Source.DB2.ConnectionAttrib) in the *AWS Database Migration Service User Guide* .\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dms-endpoint.html#cfn-dms-endpoint-ibmdb2settings"
206
+ },
207
+ "kinesisSettings": {
208
+ "$ref": "#/definitions/KinesisSettingsProperty",
209
+ "description": "Settings in JSON format for the target endpoint for Amazon Kinesis Data Streams.\nFor more information about other available settings, see [Using object mapping to migrate data to a Kinesis data stream](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Target.Kinesis.html#CHAP_Target.Kinesis.ObjectMapping) in the *AWS Database Migration Service User Guide* .\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dms-endpoint.html#cfn-dms-endpoint-kinesissettings"
210
+ },
211
+ "microsoftSqlServerSettings": {
212
+ "$ref": "#/definitions/MicrosoftSqlServerSettingsProperty",
213
+ "description": "Settings in JSON format for the source and target Microsoft SQL Server endpoint.\nFor information about other available settings, see [Extra connection attributes when using SQL Server as a source for AWS DMS](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Source.SQLServer.html#CHAP_Source.SQLServer.ConnectionAttrib) and [Extra connection attributes when using SQL Server as a target for AWS DMS](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Target.SQLServer.html#CHAP_Target.SQLServer.ConnectionAttrib) in the *AWS Database Migration Service User Guide* .\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dms-endpoint.html#cfn-dms-endpoint-microsoftsqlserversettings"
214
+ },
215
+ "mongoDbSettings": {
216
+ "$ref": "#/definitions/MongoDbSettingsProperty",
217
+ "description": "Settings in JSON format for the source MongoDB endpoint.\nFor more information about the available settings, see [Using MongoDB as a target for AWS Database Migration Service](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Source.MongoDB.html#CHAP_Source.MongoDB.Configuration) in the *AWS Database Migration Service User Guide* .\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dms-endpoint.html#cfn-dms-endpoint-mongodbsettings"
218
+ },
219
+ "mySqlSettings": {
220
+ "$ref": "#/definitions/MySqlSettingsProperty",
221
+ "description": "Settings in JSON format for the source and target MySQL endpoint.\nFor information about other available settings, see [Extra connection attributes when using MySQL as a source for AWS DMS](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Source.MySQL.html#CHAP_Source.MySQL.ConnectionAttrib) and [Extra connection attributes when using a MySQL-compatible database as a target for AWS DMS](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Target.MySQL.html#CHAP_Target.MySQL.ConnectionAttrib) in the *AWS Database Migration Service User Guide* .\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dms-endpoint.html#cfn-dms-endpoint-mysqlsettings"
222
+ },
223
+ "neptuneSettings": {
224
+ "$ref": "#/definitions/NeptuneSettingsProperty",
225
+ "description": "Settings in JSON format for the target Amazon Neptune endpoint.\nFor more information about the available settings, see [Specifying endpoint settings for Amazon Neptune as a target](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Target.Neptune.html#CHAP_Target.Neptune.EndpointSettings) in the *AWS Database Migration Service User Guide* .\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dms-endpoint.html#cfn-dms-endpoint-neptunesettings"
226
+ },
227
+ "oracleSettings": {
228
+ "$ref": "#/definitions/OracleSettingsProperty",
229
+ "description": "Settings in JSON format for the source and target Oracle endpoint.\nFor information about other available settings, see [Extra connection attributes when using Oracle as a source for AWS DMS](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Source.Oracle.html#CHAP_Source.Oracle.ConnectionAttrib) and [Extra connection attributes when using Oracle as a target for AWS DMS](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Target.Oracle.html#CHAP_Target.Oracle.ConnectionAttrib) in the *AWS Database Migration Service User Guide* .\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dms-endpoint.html#cfn-dms-endpoint-oraclesettings"
230
+ },
231
+ "postgreSqlSettings": {
232
+ "$ref": "#/definitions/PostgreSqlSettingsProperty",
233
+ "description": "Settings in JSON format for the source and target PostgreSQL endpoint.\nFor information about other available settings, see [Extra connection attributes when using PostgreSQL as a source for AWS DMS](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Source.PostgreSQL.html#CHAP_Source.PostgreSQL.ConnectionAttrib) and [Extra connection attributes when using PostgreSQL as a target for AWS DMS](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Target.PostgreSQL.html#CHAP_Target.PostgreSQL.ConnectionAttrib) in the *AWS Database Migration Service User Guide* .\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dms-endpoint.html#cfn-dms-endpoint-postgresqlsettings"
234
+ },
235
+ "redshiftSettings": {
236
+ "$ref": "#/definitions/RedshiftSettingsProperty",
237
+ "description": "Settings in JSON format for the Amazon Redshift endpoint.\nFor more information about other available settings, see [Extra connection attributes when using Amazon Redshift as a target for AWS DMS](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Target.Redshift.html#CHAP_Target.Redshift.ConnectionAttrib) in the *AWS Database Migration Service User Guide* .\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dms-endpoint.html#cfn-dms-endpoint-redshiftsettings"
238
+ },
239
+ "s3Settings": {
240
+ "$ref": "#/definitions/S3SettingsProperty",
241
+ "description": "Settings in JSON format for the source and target Amazon S3 endpoint.\nFor more information about other available settings, see [Extra connection attributes when using Amazon S3 as a source for AWS DMS](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Source.S3.html#CHAP_Source.S3.Configuring) and [Extra connection attributes when using Amazon S3 as a target for AWS DMS](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Target.S3.html#CHAP_Target.S3.Configuring) in the *AWS Database Migration Service User Guide* .\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dms-endpoint.html#cfn-dms-endpoint-s3settings"
242
+ },
243
+ "sybaseSettings": {
244
+ "$ref": "#/definitions/SybaseSettingsProperty",
245
+ "description": "Settings in JSON format for the source and target SAP ASE endpoint.\nFor information about other available settings, see [Extra connection attributes when using SAP ASE as a source for AWS DMS](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Source.SAP.html#CHAP_Source.SAP.ConnectionAttrib) and [Extra connection attributes when using SAP ASE as a target for AWS DMS](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Target.SAP.html#CHAP_Target.SAP.ConnectionAttrib) in the *AWS Database Migration Service User Guide* .\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dms-endpoint.html#cfn-dms-endpoint-sybasesettings"
246
+ }
247
+ },
248
+ "required": [
249
+ "endpointType",
250
+ "engineName"
251
+ ],
252
+ "type": "object"
253
+ },
254
+ "IbmDb2SettingsProperty": {
255
+ "additionalProperties": false,
256
+ "description": "Q-ENHANCED-INTERFACE\nIBM DB2 settings configuration interface for DMS providing mainframe database migration and enterprise database capabilities. Defines IBM DB2-specific properties for Database Migration Service including mainframe connectivity, enterprise features, and DB2 integration for enterprise database migration workflows.\n\nUse cases: Mainframe database migration; Enterprise database migration; IBM DB2 connectivity; Mainframe integration; Enterprise migration workflows; DMS DB2 integration\n\nAWS: AWS DMS IBM DB2 endpoint configuration with mainframe database migration and enterprise database capabilities\n\nValidation: Configuration must be valid for DMS migration; properties must conform to AWS DMS and database-specific requirements",
257
+ "properties": {
258
+ "currentLsn": {
259
+ "description": "Q-ENHANCED-PROPERTY\nOptional log sequence number (LSN) for IBM DB2 change data capture (CDC) replication starting point enabling precise replication control. Specifies the exact LSN where ongoing replication should begin for CDC operations, providing fine-grained control over data synchronization starting points in mainframe database migration scenarios.\n\nUse cases: CDC replication control; Precise replication starting points; Mainframe data synchronization; Log-based replication; Data migration control\n\nAWS: AWS DMS IBM DB2 current LSN for CDC replication starting point control and log-based data synchronization\n\nValidation: Must be valid LSN string if provided; used for CDC replication; optional for replication starting point control",
260
+ "type": "string"
261
+ },
262
+ "maxKBytesPerRead": {
263
+ "description": "Q-ENHANCED-PROPERTY\nOptional maximum bytes per read operation for IBM DB2 data transfer performance optimization enabling throughput tuning. Defines the maximum number of kilobytes that will be read in a single operation during data migration, allowing performance optimization for mainframe database transfers with configurable read buffer sizes.\n\nUse cases: Performance optimization; Throughput tuning; Read buffer configuration; Migration performance; Mainframe data transfer optimization\n\nAWS: AWS DMS IBM DB2 maximum kilobytes per read for data transfer performance optimization and throughput control\n\nValidation: Must be positive number if provided; defaults to 64 KB; optional for performance tuning",
264
+ "type": "number"
265
+ },
266
+ "secretsManagerAccessRoleArn": {
267
+ "description": "The full Amazon Resource Name (ARN) of the IAM role that specifies AWS DMS as the trusted entity and grants the required permissions to access the value in `SecretsManagerSecret` .\nThe role must allow the `iam:PassRole` action. `SecretsManagerSecret` has the value ofthe AWS Secrets Manager secret that allows access to the Db2 LUW endpoint.\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-ibmdb2settings.html#cfn-dms-endpoint-ibmdb2settings-secretsmanageraccessrolearn",
268
+ "type": "string"
269
+ },
270
+ "secretsManagerSecretArn": {
271
+ "description": "The full ARN of the `SecretsManagerSecret` that contains the IBMDB2 endpoint connection details.\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-ibmdb2settings.html#cfn-dms-endpoint-ibmdb2settings-secretsmanagersecretid",
272
+ "type": "string"
273
+ },
274
+ "secretsManagerSecretKMSArn": {
275
+ "description": "The ID of the KMS key used to encrypt the credentials secret.",
276
+ "type": "string"
277
+ },
278
+ "setDataCaptureChanges": {
279
+ "description": "Enables ongoing replication (CDC) as a BOOLEAN value.\nThe default is true.\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-ibmdb2settings.html#cfn-dms-endpoint-ibmdb2settings-setdatacapturechanges",
280
+ "type": "boolean"
281
+ }
282
+ },
283
+ "required": [
284
+ "secretsManagerSecretArn"
285
+ ],
286
+ "type": "object"
287
+ },
288
+ "KinesisSettingsProperty": {
289
+ "additionalProperties": false,
290
+ "description": "Q-ENHANCED-INTERFACE\nKinesis settings configuration interface for DMS providing streaming data integration and real-time migration capabilities. Defines Kinesis-specific properties for Database Migration Service including streaming configuration, data format settings, and Kinesis integration for real-time database streaming workflows.\n\nUse cases: Real-time database streaming; Streaming data integration; Kinesis data streams; Real-time migration; Database streaming workflows; DMS Kinesis integration\n\nAWS: AWS DMS Kinesis endpoint configuration with streaming data integration and real-time migration capabilities\n\nValidation: Configuration must be valid for DMS migration; properties must conform to AWS DMS and database-specific requirements",
291
+ "properties": {
292
+ "includeControlDetails": {
293
+ "description": "Q-ENHANCED-PROPERTY\nOptional flag to show detailed control information for table and column changes in Kinesis message output for change tracking. Enables detailed control information including table definition, column definition, and table/column changes in Kinesis streaming output with default false for enhanced change visibility.\n\nUse cases: Change tracking; Control information; Table monitoring; Column changes; Detailed streaming\n\nAWS: AWS DMS Kinesis endpoint includeControlDetails for detailed control information in streaming output\n\nValidation: Must be boolean if provided; default false; enables detailed control information in Kinesis message output",
294
+ "type": "boolean"
295
+ },
296
+ "includeNullAndEmpty": {
297
+ "description": "Q-ENHANCED-PROPERTY\nOptional flag to include NULL and empty columns in records migrated to Kinesis endpoint for complete data representation. Enables inclusion of NULL and empty column values in Kinesis streaming output with default false, ensuring complete data representation in real-time streaming operations.\n\nUse cases: Complete data representation; NULL handling; Empty column inclusion; Data completeness; Streaming integrity\n\nAWS: AWS DMS Kinesis endpoint includeNullAndEmpty for NULL and empty column inclusion in streaming output\n\nValidation: Must be boolean if provided; default false; includes NULL and empty columns in Kinesis streaming records",
298
+ "type": "boolean"
299
+ },
300
+ "includePartitionValue": {
301
+ "description": "Q-ENHANCED-PROPERTY\nOptional flag to show partition value in Kinesis message output unless partition type is schema-table-type. Enables partition value visibility in Kinesis streaming output with default false, providing partition information for data organization and routing in streaming operations.\n\nUse cases: Partition visibility; Data organization; Streaming routing; Partition information; Message organization\n\nAWS: AWS DMS Kinesis endpoint includePartitionValue for partition value visibility in streaming output\n\nValidation: Must be boolean if provided; default false; shows partition value unless partition type is schema-table-type",
302
+ "type": "boolean"
303
+ },
304
+ "includeTableAlterOperations": {
305
+ "description": "Q-ENHANCED-PROPERTY\nOptional flag to include DDL operations that change table structure in control data for schema change tracking. Enables inclusion of DDL operations like rename-table, drop-table, add-column, drop-column, and rename-column in control data with default false for schema evolution tracking.\n\nUse cases: Schema change tracking; DDL monitoring; Table structure changes; Schema evolution; Control data enhancement\n\nAWS: AWS DMS Kinesis endpoint includeTableAlterOperations for DDL operation inclusion in control data\n\nValidation: Must be boolean if provided; default false; includes DDL operations in control data for schema change tracking",
306
+ "type": "boolean"
307
+ },
308
+ "includeTransactionDetails": {
309
+ "description": "Q-ENHANCED-PROPERTY\nOptional flag to provide detailed transaction information from source database for transaction tracking. Enables detailed transaction information including commit timestamp, log position, transaction_id, previous transaction_id, and transaction_record_id with default false for enhanced transaction visibility in streaming.\n\nUse cases: Transaction tracking; Commit information; Transaction details; Log position tracking; Transaction lineage\n\nAWS: AWS DMS Kinesis endpoint includeTransactionDetails for detailed transaction information in streaming output\n\nValidation: Must be boolean if provided; default false; provides detailed transaction information from source database",
310
+ "type": "boolean"
311
+ },
312
+ "messageFormat": {
313
+ "description": "Q-ENHANCED-PROPERTY\nOptional output format specification for records created on Kinesis endpoint for streaming data format control. Specifies message format with JSON (default) for formatted output or JSON_UNFORMATTED for single-line output without tabs, affecting streaming data structure and readability.\n\nUse cases: Message formatting; JSON structure; Output format; Streaming format; Data structure control\n\nAWS: AWS DMS Kinesis endpoint messageFormat for streaming record output format specification\n\nValidation: Must be 'JSON' or 'JSON_UNFORMATTED' if provided; default JSON; controls streaming message format and structure",
314
+ "type": "string"
315
+ },
316
+ "noHexPrefix": {
317
+ "description": "Q-ENHANCED-PROPERTY\nOptional flag to avoid adding '0x' prefix to raw data in hexadecimal format for cleaner data representation. Enables migration of RAW data type columns without '0x' prefix, particularly useful for LOB columns from Oracle sources to Kinesis targets for cleaner hexadecimal data representation.\n\nUse cases: Hexadecimal formatting; RAW data migration; LOB handling; Data format control; Oracle to Kinesis migration\n\nAWS: AWS DMS Kinesis endpoint noHexPrefix for hexadecimal data formatting control in streaming output\n\nValidation: Must be boolean if provided; removes '0x' prefix from hexadecimal RAW data in streaming output",
318
+ "type": "boolean"
319
+ },
320
+ "partitionIncludeSchemaTable": {
321
+ "description": "Q-ENHANCED-PROPERTY\nOptional flag to prefix schema and table names to partition values for improved data distribution across Kinesis shards. Enables schema and table name prefixing when partition type is primary-key-type, improving data distribution and reducing throttling for tables with limited primary key ranges.\n\nUse cases: Data distribution; Shard optimization; Throttling prevention; Partition strategy; Performance optimization\n\nAWS: AWS DMS Kinesis endpoint partitionIncludeSchemaTable for partition value prefixing and shard distribution\n\nValidation: Must be boolean if provided; default false; improves data distribution when partition type is primary-key-type",
322
+ "type": "boolean"
323
+ },
324
+ "serviceAccessRoleArn": {
325
+ "description": "Q-ENHANCED-PROPERTY\nOptional IAM role ARN for DMS service access to Kinesis data stream for secure streaming operations. Specifies the IAM role enabling DMS to write to Kinesis data stream, requiring iam:PassRole action for secure streaming data integration and real-time data migration operations.\n\nUse cases: Service access; IAM role configuration; Kinesis permissions; Secure streaming; Data migration authorization\n\nAWS: AWS IAM role ARN for DMS service access to Kinesis data stream operations and streaming integration\n\nValidation: Must be valid IAM role ARN if provided; requires iam:PassRole action; enables Kinesis data stream write operations",
326
+ "type": "string"
327
+ },
328
+ "streamArn": {
329
+ "description": "Q-ENHANCED-PROPERTY\nRequired Amazon Kinesis Data Streams endpoint ARN for DMS streaming destination configuration. Specifies the target Kinesis data stream where migrated database data will be streamed, serving as the primary destination for real-time database streaming workflows and data integration.\n\nUse cases: Streaming destination; Kinesis integration; Real-time migration; Data stream target; Database streaming endpoint\n\nAWS: Amazon Kinesis Data Streams ARN for DMS streaming destination and real-time data integration\n\nValidation: Must be valid Kinesis Data Streams ARN; required for Kinesis endpoint configuration and streaming destination",
330
+ "type": "string"
331
+ }
332
+ },
333
+ "required": [
334
+ "streamArn"
335
+ ],
336
+ "type": "object"
337
+ },
338
+ "MdaaCidrPeer": {
339
+ "additionalProperties": false,
340
+ "description": "Q-ENHANCED-INTERFACE\nMdaaCidrPeer interface.\n\nUse cases: Compute infrastructure; Instance management; Network configuration; Security groups\n\nAWS: Amazon EC2 configuration for compute infrastructure and instance management\n\nValidation: Configuration must be valid for deployment; properties must conform to Amazon EC2 and MDAA requirements",
341
+ "properties": {
342
+ "cidr": {
343
+ "description": "Q-ENHANCED-PROPERTY\nRequired CIDR block specification for network access control in security group rules enabling IP range-based access control. Defines the IP address range that will be allowed or denied access through security group rules for network-level access control and security boundaries.\n\nUse cases: IP range access control; Network security boundaries; CIDR-based filtering; Network access management\n\nAWS: Amazon EC2 security group CIDR block for IP range-based network access control\n\nValidation: Must be valid CIDR notation (e.g., 10.0.0.0/16); required for CIDR-based security group rules",
344
+ "type": "string"
345
+ },
346
+ "description": {
347
+ "type": "string"
348
+ },
349
+ "port": {
350
+ "type": "number"
351
+ },
352
+ "protocol": {
353
+ "type": "string"
354
+ },
355
+ "suppressions": {
356
+ "items": {
357
+ "$ref": "#/definitions/NagPackSuppression"
358
+ },
359
+ "type": "array"
360
+ },
361
+ "toPort": {
362
+ "description": "Q-ENHANCED-PROPERTY\nThe ending port number for the security group rule defining the upper bound of the port range. Specifies the ending port for port range rules enabling flexible port range configuration for network access control and service-specific traffic management.\n\nUse cases: Port range configuration; Service port ranges; Flexible port access; Multi-port services; Port range restrictions\n\nAWS: AWS EC2 SecurityGroup rule ToPort property for port range specification\n\nValidation: Must be valid port number (1-65535); should be >= port (fromPort); optional number for port range rules",
363
+ "type": "number"
364
+ }
365
+ },
366
+ "required": [
367
+ "cidr",
368
+ "protocol"
369
+ ],
370
+ "type": "object"
371
+ },
372
+ "MdaaEndpointEngine": {
373
+ "enum": [
374
+ "aurora",
375
+ "aurora-postgresql",
376
+ "azuredb",
377
+ "db2",
378
+ "docdb",
379
+ "dynamodb",
380
+ "elasticsearch",
381
+ "kafka",
382
+ "kinesis",
383
+ "mariadb",
384
+ "mongodb",
385
+ "mysql",
386
+ "neptune",
387
+ "opensearch",
388
+ "oracle",
389
+ "postgres",
390
+ "redshift",
391
+ "redshift-serverless",
392
+ "s3",
393
+ "sqlserver",
394
+ "sybase"
395
+ ],
396
+ "type": "string"
397
+ },
398
+ "MdaaEndpointType": {
399
+ "enum": [
400
+ "source",
401
+ "target"
402
+ ],
403
+ "type": "string"
404
+ },
405
+ "MdaaNagSuppressionByPath": {
406
+ "additionalProperties": false,
407
+ "description": "Q-ENHANCED-INTERFACE\nConfiguration interface for suppressing specific CDK Nag security rules on individual CloudFormation resources identified by their resource path. Provides targeted rule suppression with mandatory justification for audit and compliance tracking.\n\nUse cases: Individual resource security exceptions; False positive rule suppressions; Documented compliance deviations\n\nAWS: Suppresses specific CDK Nag security rules for individual CloudFormation resources during deployment validation\n\nValidation: path must be valid CloudFormation resource path; suppressions array must contain valid rule IDs and justifications",
408
+ "properties": {
409
+ "path": {
410
+ "description": "Q-ENHANCED-PROPERTY\nCloudFormation resource path identifying the specific resource for which CDK Nag rules should be suppressed. Uses CDK construct tree path format to precisely target individual resources within the deployment stack.\n\nUse cases: Specific resource targeting; Individual resource exceptions; Precise suppression scope control\n\nAWS: CloudFormation resource path for targeted CDK Nag rule suppression during validation\n\nValidation: Must be valid CDK construct tree path format (e.g., /StackName/ConstructName/ResourceName)",
411
+ "type": "string"
412
+ },
413
+ "suppressions": {
414
+ "description": "Q-ENHANCED-PROPERTY\nArray of specific CDK Nag rule suppressions with rule IDs and mandatory justifications for audit compliance. Each suppression must include the rule identifier and business justification for the security exception.\n\nUse cases: Multiple rule suppressions per resource; Documented security exceptions; Audit trail maintenance\n\nAWS: CDK Nag rule ID suppression with justification tracking for compliance auditing\n\nValidation: Each suppression must have valid CDK Nag rule ID and non-empty reason string\n *",
415
+ "items": {
416
+ "additionalProperties": false,
417
+ "properties": {
418
+ "id": {
419
+ "type": "string"
420
+ },
421
+ "reason": {
422
+ "type": "string"
423
+ }
424
+ },
425
+ "required": [
426
+ "id",
427
+ "reason"
428
+ ],
429
+ "type": "object"
430
+ },
431
+ "type": "array"
432
+ }
433
+ },
434
+ "required": [
435
+ "path",
436
+ "suppressions"
437
+ ],
438
+ "type": "object"
439
+ },
440
+ "MdaaNagSuppressionConfigs": {
441
+ "additionalProperties": false,
442
+ "description": "Q-ENHANCED-INTERFACE\nConfiguration interface for CDK Nag rule suppressions organized by CloudFormation resource paths. Enables selective suppression of security compliance rules for specific resources while maintaining overall compliance posture and audit trail.\n\nUse cases: False positive suppression; Approved security exceptions; Legacy resource compliance exemptions\n\nAWS: Suppresses CDK Nag security rule violations for specific CloudFormation resources during deployment validation\n\nValidation: by_path array must contain valid suppression configurations with resource paths and justifications",
443
+ "properties": {
444
+ "by_path": {
445
+ "description": "Q-ENHANCED-PROPERTY\nArray of CDK Nag suppressions organized by CloudFormation resource path, enabling targeted suppression of specific security rules for individual resources. Each suppression requires justification and maps to specific CloudFormation resource paths.\n\nUse cases: Resource-specific security exceptions; False positive rule suppressions; Approved compliance deviations\n\nAWS: CDK Nag rule suppression targeting specific CloudFormation resources during security validation\n\nValidation: Must be array of valid MdaaNagSuppressionByPath objects with valid resource paths and suppression details\n *",
446
+ "items": {
447
+ "$ref": "#/definitions/MdaaNagSuppressionByPath"
448
+ },
449
+ "type": "array"
450
+ }
451
+ },
452
+ "required": [
453
+ "by_path"
454
+ ],
455
+ "type": "object"
456
+ },
457
+ "MdaaPrefixListPeer": {
458
+ "additionalProperties": false,
459
+ "description": "Q-ENHANCED-INTERFACE\nMdaaPrefixListPeer interface.\n\nUse cases: Compute infrastructure; Instance management; Network configuration; Security groups\n\nAWS: Amazon EC2 configuration for compute infrastructure and instance management\n\nValidation: Configuration must be valid for deployment; properties must conform to Amazon EC2 and MDAA requirements",
460
+ "properties": {
461
+ "description": {
462
+ "type": "string"
463
+ },
464
+ "port": {
465
+ "type": "number"
466
+ },
467
+ "prefixList": {
468
+ "description": "Q-ENHANCED-PROPERTY\nRequired prefix list identifier for managed IP range access control in security group rules enabling AWS service and managed IP range-based access control. Defines the prefix list ID that contains managed IP ranges for AWS services or custom IP ranges for streamlined security group rule management.\n\nUse cases: AWS service access; Managed IP ranges; Prefix list-based filtering; Streamlined rule management\n\nAWS: Amazon EC2 prefix list identifier for managed IP range-based network access control\n\nValidation: Must be valid prefix list ID format (pl-xxxxxxxxx); required for prefix list-based security group rules",
469
+ "type": "string"
470
+ },
471
+ "protocol": {
472
+ "type": "string"
473
+ },
474
+ "suppressions": {
475
+ "items": {
476
+ "$ref": "#/definitions/NagPackSuppression"
477
+ },
478
+ "type": "array"
479
+ },
480
+ "toPort": {
481
+ "description": "Q-ENHANCED-PROPERTY\nThe ending port number for the security group rule defining the upper bound of the port range. Specifies the ending port for port range rules enabling flexible port range configuration for network access control and service-specific traffic management.\n\nUse cases: Port range configuration; Service port ranges; Flexible port access; Multi-port services; Port range restrictions\n\nAWS: AWS EC2 SecurityGroup rule ToPort property for port range specification\n\nValidation: Must be valid port number (1-65535); should be >= port (fromPort); optional number for port range rules",
482
+ "type": "number"
483
+ }
484
+ },
485
+ "required": [
486
+ "prefixList",
487
+ "protocol"
488
+ ],
489
+ "type": "object"
490
+ },
491
+ "MdaaSecurityGroupPeer": {
492
+ "additionalProperties": false,
493
+ "description": "Q-ENHANCED-INTERFACE\nMdaaSecurityGroupPeer interface.\n\nUse cases: Compute infrastructure; Instance management; Network configuration; Security groups\n\nAWS: Amazon EC2 configuration for compute infrastructure and instance management\n\nValidation: Configuration must be valid for deployment; properties must conform to Amazon EC2 and MDAA requirements",
494
+ "properties": {
495
+ "description": {
496
+ "type": "string"
497
+ },
498
+ "port": {
499
+ "type": "number"
500
+ },
501
+ "protocol": {
502
+ "type": "string"
503
+ },
504
+ "sgId": {
505
+ "description": "Q-ENHANCED-PROPERTY\nRequired security group identifier for security group-based access control in network rules enabling security group reference-based access control. Defines the security group ID that will be referenced in security group rules for allowing access between security groups and resources.\n\nUse cases: Security group reference; Cross-security group access; Resource-based access control; Security group chaining\n\nAWS: Amazon EC2 security group identifier for security group-based network access control\n\nValidation: Must be valid security group ID format (sg-xxxxxxxxx); required for security group-based rules",
506
+ "type": "string"
507
+ },
508
+ "suppressions": {
509
+ "items": {
510
+ "$ref": "#/definitions/NagPackSuppression"
511
+ },
512
+ "type": "array"
513
+ },
514
+ "toPort": {
515
+ "description": "Q-ENHANCED-PROPERTY\nThe ending port number for the security group rule defining the upper bound of the port range. Specifies the ending port for port range rules enabling flexible port range configuration for network access control and service-specific traffic management.\n\nUse cases: Port range configuration; Service port ranges; Flexible port access; Multi-port services; Port range restrictions\n\nAWS: AWS EC2 SecurityGroup rule ToPort property for port range specification\n\nValidation: Must be valid port number (1-65535); should be >= port (fromPort); optional number for port range rules",
516
+ "type": "number"
517
+ }
518
+ },
519
+ "required": [
520
+ "protocol",
521
+ "sgId"
522
+ ],
523
+ "type": "object"
524
+ },
525
+ "MdaaSecurityGroupRuleProps": {
526
+ "additionalProperties": false,
527
+ "description": "Q-ENHANCED-INTERFACE\nMdaaSecurityGroupRuleProps configuration interface for compute infrastructure and instance management.\n\nUse cases: Compute infrastructure; Instance management; Network configuration; Security groups\n\nAWS: Amazon EC2 configuration for compute infrastructure and instance management\n\nValidation: Configuration must be valid for deployment; properties must conform to Amazon EC2 and MDAA requirements",
528
+ "properties": {
529
+ "ipv4": {
530
+ "description": "Q-ENHANCED-PROPERTY\nIPv4 CIDR block rules for security group traffic control defining IP address-based access restrictions. Specifies IPv4 CIDR blocks that are allowed or denied access through the security group for network-level access control and IP-based security policies.\n\nUse cases: IP-based access control; Network segmentation; CIDR-based restrictions; Geographic access control; Network security policies\n\nAWS: AWS EC2 SecurityGroup rules with IPv4 CIDR block sources/destinations\n\nValidation: Must be valid MdaaCidrPeer array with valid CIDR notation; optional array for IP-based rules\n *",
531
+ "items": {
532
+ "$ref": "#/definitions/MdaaCidrPeer"
533
+ },
534
+ "type": "array"
535
+ },
536
+ "prefixList": {
537
+ "description": "Q-ENHANCED-PROPERTY\nPrefix list rules for security group traffic control defining managed prefix list-based access restrictions. Specifies AWS-managed or customer-managed prefix lists for scalable IP address range management and centralized network access control.\n\nUse cases: Managed IP ranges; Scalable access control; Centralized IP management; AWS service access; Regional IP restrictions\n\nAWS: AWS EC2 SecurityGroup rules with prefix list sources/destinations\n\nValidation: Must be valid MdaaPrefixListPeer array with valid prefix list IDs; optional array for prefix list-based rules\n *",
538
+ "items": {
539
+ "$ref": "#/definitions/MdaaPrefixListPeer"
540
+ },
541
+ "type": "array"
542
+ },
543
+ "sg": {
544
+ "description": "Q-ENHANCED-PROPERTY\nSecurity group rules for cross-security group traffic control defining security group-based access restrictions. Specifies other security groups that are allowed access through this security group for resource-level access control and security group chaining.\n\nUse cases: Cross-security group access; Resource-based access control; Security group chaining; Service-to-service communication; Layered security\n\nAWS: AWS EC2 SecurityGroup rules with security group sources/destinations\n\nValidation: Must be valid MdaaSecurityGroupPeer array with valid security group IDs; optional array for SG-based rules\n *",
545
+ "items": {
546
+ "$ref": "#/definitions/MdaaSecurityGroupPeer"
547
+ },
548
+ "type": "array"
549
+ }
550
+ },
551
+ "type": "object"
552
+ },
553
+ "MdaaServiceCatalogConstraintConfig": {
554
+ "additionalProperties": false,
555
+ "description": "Q-ENHANCED-INTERFACE\nConfiguration interface for AWS Service Catalog constraints that group multiple validation rules with descriptive information. Enables parameter validation and business rule enforcement for Service Catalog products.\n\nUse cases: Product parameter validation; Business rule grouping; Service Catalog compliance enforcement\n\nAWS: Configures AWS Service Catalog constraints with multiple validation rules for product provisioning\n\nValidation: description must be non-empty; rules must be object with valid constraint rule configurations",
556
+ "properties": {
557
+ "description": {
558
+ "description": "Q-ENHANCED-PROPERTY\nHuman-readable description explaining the purpose and scope of the Service Catalog constraint. Provides clear documentation about the validation rules and business requirements enforced by the constraint.\n\nUse cases: Constraint documentation; User guidance; Business rule explanation\n\nAWS: AWS Service Catalog constraint description for user understanding\n\nValidation: Must be non-empty descriptive text explaining the constraint purpose and scope",
559
+ "type": "string"
560
+ },
561
+ "rules": {
562
+ "additionalProperties": {
563
+ "$ref": "#/definitions/MdaaServiceCatalogConstraintRuleConfig"
564
+ },
565
+ "description": "Q-ENHANCED-PROPERTY\nObject containing named constraint rules that define the validation logic for Service Catalog product parameters. Each rule can contain conditions and assertions for parameter validation.\n\nUse cases: Named validation rules; Organized constraint logic; Multiple validation scenarios\n\nAWS: AWS Service Catalog constraint rules for structured parameter validation\n\nValidation: Must be object with string keys and valid MdaaServiceCatalogConstraintRuleConfig values\n *",
566
+ "type": "object"
567
+ }
568
+ },
569
+ "required": [
570
+ "description",
571
+ "rules"
572
+ ],
573
+ "type": "object"
574
+ },
575
+ "MdaaServiceCatalogConstraintRuleAssertionConfig": {
576
+ "additionalProperties": false,
577
+ "description": "Q-ENHANCED-INTERFACE\nConfiguration interface for AWS Service Catalog constraint rule assertions that define validation logic for Service Catalog product parameters. Enables parameter validation and business rule enforcement during Service Catalog product provisioning.\n\nUse cases: Parameter validation rules; Business logic enforcement; Service Catalog product compliance\n\nAWS: Configures AWS Service Catalog constraint rules for product parameter validation during provisioning\n\nValidation: assert must be valid constraint assertion expression; description must be non-empty explanatory text",
578
+ "properties": {
579
+ "assert": {
580
+ "description": "Q-ENHANCED-PROPERTY\nConstraint assertion expression that defines the validation logic for Service Catalog product parameters. Uses CloudFormation intrinsic functions and conditions to validate parameter values during product provisioning.\n\nUse cases: Parameter range validation; Cross-parameter dependency checks; Business rule enforcement\n\nAWS: AWS Service Catalog constraint rule assertion for parameter validation\n\nValidation: Must be valid CloudFormation condition expression using intrinsic functions",
581
+ "type": "string"
582
+ },
583
+ "description": {
584
+ "description": "Q-ENHANCED-PROPERTY\nHuman-readable description explaining the purpose and requirements of the constraint assertion. Provides clear guidance to users about parameter validation requirements and business rules.\n\nUse cases: User guidance for parameter validation; Error message context; Business rule documentation\n\nAWS: AWS Service Catalog constraint rule description for user guidance\n\nValidation: Must be non-empty descriptive text explaining the constraint purpose",
585
+ "type": "string"
586
+ }
587
+ },
588
+ "required": [
589
+ "assert",
590
+ "description"
591
+ ],
592
+ "type": "object"
593
+ },
594
+ "MdaaServiceCatalogConstraintRuleCondititionConfig": {
595
+ "additionalProperties": false,
596
+ "type": "object"
597
+ },
598
+ "MdaaServiceCatalogConstraintRuleConfig": {
599
+ "additionalProperties": false,
600
+ "description": "Q-ENHANCED-INTERFACE\nConfiguration interface for AWS Service Catalog constraint rules that combine conditions and assertions for parameter validation. Enables complex validation logic with conditional assertions based on parameter values.\n\nUse cases: Complex parameter validation; Conditional business rules; Multi-parameter validation logic\n\nAWS: Configures AWS Service Catalog constraint rules with conditions and assertions for product parameter validation\n\nValidation: condition must be valid condition config; assertions must be array of valid assertion configs",
601
+ "properties": {
602
+ "assertions": {
603
+ "description": "Q-ENHANCED-PROPERTY\nArray of constraint assertions that define the validation logic to be applied when the condition is met. Each assertion validates specific aspects of the Service Catalog product parameters.\n\nUse cases: Multiple validation checks; parameter validation; Business rule enforcement\n\nAWS: AWS Service Catalog constraint rule assertions for parameter validation\n\nValidation: Must be array of valid MdaaServiceCatalogConstraintRuleAssertionConfig objects",
604
+ "items": {
605
+ "$ref": "#/definitions/MdaaServiceCatalogConstraintRuleAssertionConfig"
606
+ },
607
+ "type": "array"
608
+ },
609
+ "condition": {
610
+ "$ref": "#/definitions/MdaaServiceCatalogConstraintRuleCondititionConfig",
611
+ "description": "Q-ENHANCED-PROPERTY\nCondition configuration that determines when the constraint rule assertions should be evaluated. Enables conditional validation logic based on parameter values and deployment context.\n\nUse cases: Conditional validation logic; Context-dependent rules; Parameter-dependent constraints\n\nAWS: AWS Service Catalog constraint rule condition for conditional validation\n\nValidation: Must be valid MdaaServiceCatalogConstraintRuleCondititionConfig object"
612
+ }
613
+ },
614
+ "required": [
615
+ "assertions",
616
+ "condition"
617
+ ],
618
+ "type": "object"
619
+ },
620
+ "MdaaServiceCatalogParameterConfig": {
621
+ "additionalProperties": false,
622
+ "description": "Q-ENHANCED-INTERFACE\nConfiguration interface for AWS Service Catalog product parameters that combines CloudFormation parameter properties with optional constraint validation. Enables parameterized Service Catalog products with validation rules.\n\nUse cases: Service Catalog product parameterization; Parameter validation; User input constraints\n\nAWS: Configures AWS Service Catalog product parameters with CloudFormation properties and validation constraints\n\nValidation: props must be valid CfnParameterProps; constraints must be valid constraint configuration if provided",
623
+ "properties": {
624
+ "constraints": {
625
+ "$ref": "#/definitions/MdaaServiceCatalogConstraintConfig",
626
+ "description": "Q-ENHANCED-PROPERTY\nOptional constraint configuration that defines additional validation rules for the Service Catalog product parameter. Enables business rule enforcement and complex parameter validation beyond basic CloudFormation constraints.\n\nUse cases: Advanced parameter validation; Business rule enforcement; Cross-parameter validation\n\nAWS: AWS Service Catalog parameter constraints for enhanced validation during provisioning\n\nValidation: Must be valid MdaaServiceCatalogConstraintConfig object if provided"
627
+ },
628
+ "props": {
629
+ "$ref": "#/definitions/CfnParameterProps",
630
+ "description": "Q-ENHANCED-PROPERTY\nCloudFormation parameter properties that define the parameter characteristics including type, default value, and allowed values. Provides the foundational parameter definition for Service Catalog products.\n\nUse cases: Parameter type definition; Default value specification; Allowed value constraints\n\nAWS: AWS CloudFormation parameter properties for Service Catalog product parameters\n\nValidation: Must be valid CfnParameterProps object with required CloudFormation parameter properties"
631
+ }
632
+ },
633
+ "required": [
634
+ "props"
635
+ ],
636
+ "type": "object"
637
+ },
638
+ "MdaaServiceCatalogProductConfig": {
639
+ "additionalProperties": false,
640
+ "description": "Q-ENHANCED-INTERFACE\nConfiguration interface for AWS Service Catalog product deployment that specifies portfolio association, ownership, and parameterization. Enables MDAA modules to be deployed as self-service Service Catalog products with controlled access and validation.\n\nUse cases: Self-service infrastructure deployment; Controlled resource provisioning; Parameterized product offerings\n\nAWS: Configures AWS Service Catalog products for self-service deployment of MDAA modules with portfolio management\n\nValidation: portfolio_arn must be valid Service Catalog portfolio ARN; owner and name must be non-empty strings",
641
+ "properties": {
642
+ "launch_role_name": {
643
+ "description": "Q-ENHANCED-PROPERTY\nOptional IAM role name that will be used to launch the Service Catalog product. Enables controlled permissions for product provisioning and resource creation with specific IAM role constraints.\n\nUse cases: Controlled provisioning permissions; IAM role-based access; Security constraint enforcement\n\nAWS: AWS Service Catalog launch role for controlled product provisioning permissions\n\nValidation: Must be valid IAM role name if provided",
644
+ "type": "string"
645
+ },
646
+ "name": {
647
+ "description": "Q-ENHANCED-PROPERTY\nDisplay name for the Service Catalog product that will be visible to end users in the Service Catalog console. Should be descriptive and user-friendly to facilitate product discovery and selection.\n\nUse cases: Product identification; User-friendly naming; Service Catalog console display\n\nAWS: AWS Service Catalog product name for user interface display\n\nValidation: Must be non-empty string suitable for Service Catalog product naming",
648
+ "type": "string"
649
+ },
650
+ "owner": {
651
+ "description": "Q-ENHANCED-PROPERTY\nOwner identifier for the Service Catalog product, typically representing the team or organization responsible for the product. Provides accountability and contact information for product management.\n\nUse cases: Product ownership identification; Contact information; Responsibility assignment\n\nAWS: AWS Service Catalog product owner for accountability and management\n\nValidation: Must be non-empty string identifying the product owner",
652
+ "type": "string"
653
+ },
654
+ "parameters": {
655
+ "additionalProperties": {
656
+ "$ref": "#/definitions/MdaaServiceCatalogParameterConfig"
657
+ },
658
+ "description": "Q-ENHANCED-PROPERTY\nOptional object containing named parameter configurations for the Service Catalog product. Enables parameterized product deployment with validation rules and user input constraints.\n\nUse cases: Product parameterization; User input collection; Deployment customization\n\nAWS: AWS Service Catalog product parameters for user-configurable deployment options\n\nValidation: Must be object with string keys and valid MdaaServiceCatalogParameterConfig values if provided\n *",
659
+ "type": "object"
660
+ },
661
+ "portfolio_arn": {
662
+ "description": "Q-ENHANCED-PROPERTY\nARN of the AWS Service Catalog portfolio where the product will be associated. Determines access control and organizational structure for the Service Catalog product deployment.\n\nUse cases: Portfolio organization; Access control; Product categorization\n\nAWS: AWS Service Catalog portfolio ARN for product association and access management\n\nValidation: Must be valid AWS Service Catalog portfolio ARN format",
663
+ "type": "string"
664
+ }
665
+ },
666
+ "required": [
667
+ "name",
668
+ "owner",
669
+ "portfolio_arn"
670
+ ],
671
+ "type": "object"
672
+ },
673
+ "MicrosoftSqlServerSettingsProperty": {
674
+ "additionalProperties": false,
675
+ "description": "Q-ENHANCED-INTERFACE\nMicrosoft SQL Server settings configuration interface for DMS providing SQL Server migration and enterprise database capabilities. Defines SQL Server-specific properties for Database Migration Service including enterprise features, backup integration, and SQL Server migration for enterprise database migration workflows.\n\nUse cases: SQL Server migration; Enterprise database migration; SQL Server connectivity; Enterprise migration workflows; Database backup integration; DMS SQL Server integration\n\nAWS: AWS DMS Microsoft SQL Server endpoint configuration with enterprise database migration and SQL Server capabilities\n\nValidation: Configuration must be valid for DMS migration; properties must conform to AWS DMS and database-specific requirements",
676
+ "properties": {
677
+ "bcpPacketSize": {
678
+ "description": "Q-ENHANCED-PROPERTY\nOptional BCP packet size in bytes for SQL Server data transfer optimization enabling performance tuning for bulk data operations. Defines the maximum packet size used for Bulk Copy Program (BCP) operations during SQL Server data migration for optimal network utilization and transfer performance.\n\nUse cases: SQL Server performance tuning; Bulk data transfer optimization; Network utilization; Migration performance\n\nAWS: DMS Microsoft SQL Server endpoint bcpPacketSize setting for BCP transfer optimization\n\nValidation: Must be valid packet size in bytes if provided; affects BCP transfer performance and network utilization\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-microsoftsqlserversettings.html#cfn-dms-endpoint-microsoftsqlserversettings-bcppacketsize",
679
+ "type": "number"
680
+ },
681
+ "controlTablesFileGroup": {
682
+ "description": "Q-ENHANCED-PROPERTY\nOptional file group specification for DMS internal control tables enabling SQL Server storage organization and performance optimization. Defines the file group where DMS creates internal control tables (awsdms_apply_exception, awsdms_apply, awsdms_changes) for organized storage management and performance tuning.\n\nUse cases: SQL Server storage organization; Performance optimization; File group management; Control table organization\n\nAWS: DMS Microsoft SQL Server endpoint controlTablesFileGroup setting for internal table storage organization\n\nValidation: Must be valid SQL Server file group name if provided; affects DMS internal table storage location\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-microsoftsqlserversettings.html#cfn-dms-endpoint-microsoftsqlserversettings-controltablesfilegroup",
683
+ "type": "string"
684
+ },
685
+ "databaseName": {
686
+ "description": "Q-ENHANCED-PROPERTY\nOptional database name for SQL Server endpoint connectivity enabling specific database targeting within SQL Server instance. Defines the target database name within the SQL Server instance for focused migration operations and database-specific connectivity.\n\nUse cases: Database-specific migration; SQL Server database targeting; Multi-database instance management; Database connectivity\n\nAWS: DMS Microsoft SQL Server endpoint databaseName setting for specific database connectivity\n\nValidation: Must be valid SQL Server database name if provided; targets specific database within SQL Server instance\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-microsoftsqlserversettings.html#cfn-dms-endpoint-microsoftsqlserversettings-databasename",
687
+ "type": "string"
688
+ },
689
+ "forceLobLookup": {
690
+ "description": "Q-ENHANCED-PROPERTY\nOptional flag to force LOB lookup on inline LOB data enabling large object handling in SQL Server migration. Forces DMS to perform LOB lookup operations on inline LOB data for complete large object migration and data integrity in SQL Server environments.\n\nUse cases: Large object migration; SQL Server LOB handling; Data integrity; Complete data migration\n\nAWS: DMS Microsoft SQL Server endpoint forceLobLookup setting for LOB data handling configuration\n\nValidation: Must be boolean value if provided; affects LOB data migration behavior and completeness\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-microsoftsqlserversettings.html#cfn-dms-endpoint-microsoftsqlserversettings-forceloblookup",
691
+ "type": "boolean"
692
+ },
693
+ "port": {
694
+ "description": "Q-ENHANCED-PROPERTY\nOptional TCP port number for SQL Server endpoint connectivity enabling custom port configuration for database connections. Defines the network port for SQL Server database connectivity allowing for non-standard port configurations and network security requirements.\n\nUse cases: Custom port configuration; Network security; SQL Server connectivity; Port management\n\nAWS: DMS Microsoft SQL Server endpoint port setting for database connectivity configuration\n\nValidation: Must be valid TCP port number if provided; enables custom SQL Server port connectivity\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-microsoftsqlserversettings.html#cfn-dms-endpoint-microsoftsqlserversettings-port",
695
+ "type": "number"
696
+ },
697
+ "querySingleAlwaysOnNode": {
698
+ "description": "Q-ENHANCED-PROPERTY\nOptional flag to query single Always On node in SQL Server Always On availability groups enabling optimized connectivity for high availability environments. Directs DMS to query only a single node in Always On availability groups for improved performance and reduced resource utilization in high availability SQL Server deployments.\n\nUse cases: Always On availability groups; High availability optimization; Performance tuning; Resource optimization\n\nAWS: DMS Microsoft SQL Server endpoint querySingleAlwaysOnNode setting for Always On optimization\n\nValidation: Must be boolean value if provided; optimizes connectivity for Always On availability groups\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-microsoftsqlserversettings.html#cfn-dms-endpoint-microsoftsqlserversettings-querysinglealwaysonnode",
699
+ "type": "boolean"
700
+ },
701
+ "readBackupOnly": {
702
+ "description": "Q-ENHANCED-PROPERTY\nOptional flag to read changes only from transaction log backups enabling controlled transaction log management in SQL Server migration. When enabled, DMS reads changes only from transaction log backups rather than active transaction logs, providing better control over log file growth and replication latency.\n\nUse cases: Transaction log management; Log file growth control; Replication latency control; Backup-based replication\n\nAWS: DMS Microsoft SQL Server endpoint readBackupOnly setting for transaction log management\n\nValidation: Must be boolean value if provided; affects transaction log reading behavior and log file growth\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-microsoftsqlserversettings.html#cfn-dms-endpoint-microsoftsqlserversettings-readbackuponly",
703
+ "type": "boolean"
704
+ },
705
+ "safeguardPolicy": {
706
+ "description": "Q-ENHANCED-PROPERTY\nOptional safeguard policy for transaction log truncation prevention enabling controlled log management in SQL Server replication. Defines the method for preventing transaction log truncation with options for transaction-based or sp_repldone-based approaches for optimal log management and replication coordination.\n\nUse cases: Transaction log truncation prevention; Log management; Replication coordination; Parallel task management\n\nAWS: DMS Microsoft SQL Server endpoint safeguardPolicy setting for transaction log management\n\nValidation: Must be valid safeguard policy value if provided; controls transaction log truncation prevention method\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-microsoftsqlserversettings.html#cfn-dms-endpoint-microsoftsqlserversettings-safeguardpolicy",
707
+ "type": "string"
708
+ },
709
+ "secretsManagerAccessRoleArn": {
710
+ "description": "Q-ENHANCED-PROPERTY\nOptional IAM role ARN for DMS to access Secrets Manager secret containing SQL Server credentials enabling secure credential management. Defines the IAM role that DMS assumes to retrieve database credentials from Secrets Manager for SQL Server endpoint connectivity with role-based security.\n\nUse cases: Secure credential access; IAM role-based security; Secrets Manager integration; DMS authentication\n\nAWS: DMS Microsoft SQL Server endpoint secretsManagerAccessRoleArn setting for IAM role-based credential access\n\nValidation: Must be valid IAM role ARN if provided; role must have iam:PassRole and Secrets Manager access permissions\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-microsoftsqlserversettings.html#cfn-dms-endpoint-microsoftsqlserversettings-secretsmanageraccessrolearn",
711
+ "type": "string"
712
+ },
713
+ "secretsManagerSecretArn": {
714
+ "description": "Q-ENHANCED-PROPERTY\nRequired Secrets Manager secret ARN containing SQL Server endpoint connection details enabling secure credential storage for database connectivity. Defines the AWS Secrets Manager secret that stores database connection credentials including username, password, and connection parameters for SQL Server endpoint access.\n\nUse cases: Secure credential storage; SQL Server connectivity; Database authentication; Secrets management\n\nAWS: DMS Microsoft SQL Server endpoint secretsManagerSecretId setting for Secrets Manager secret reference\n\nValidation: Must be valid Secrets Manager secret ARN; required; secret must contain valid SQL Server connection credentials\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-microsoftsqlserversettings.html#cfn-dms-endpoint-microsoftsqlserversettings-secretsmanagersecretid",
715
+ "type": "string"
716
+ },
717
+ "secretsManagerSecretKMSArn": {
718
+ "description": "Q-ENHANCED-PROPERTY\nOptional KMS key ARN for encrypting Secrets Manager secret containing SQL Server credentials enabling enhanced security for database connection details. Defines the KMS key used to encrypt the Secrets Manager secret that stores SQL Server endpoint credentials for additional security layer.\n\nUse cases: Credential encryption; Enhanced security; KMS integration; Secrets Manager encryption\n\nAWS: DMS Microsoft SQL Server endpoint secretsManagerSecretKMSArn setting for KMS encryption of credentials\n\nValidation: Must be valid KMS key ARN if provided; enables encryption of Secrets Manager secret containing credentials",
719
+ "type": "string"
720
+ },
721
+ "serverName": {
722
+ "description": "Q-ENHANCED-PROPERTY\nOptional fully qualified domain name for SQL Server endpoint connectivity enabling precise server identification and network routing. Defines the complete server name including domain for SQL Server database connectivity, typically from RDS DescribeDBInstances endpoint address for managed instances.\n\nUse cases: Server identification; Network routing; SQL Server connectivity; RDS integration\n\nAWS: DMS Microsoft SQL Server endpoint serverName setting for database server identification\n\nValidation: Must be valid FQDN if provided; enables precise SQL Server server identification and connectivity\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-microsoftsqlserversettings.html#cfn-dms-endpoint-microsoftsqlserversettings-servername",
723
+ "type": "string"
724
+ },
725
+ "tlogAccessMode": {
726
+ "description": "Q-ENHANCED-PROPERTY\nOptional transaction log access mode for CDC data fetching enabling optimized change data capture in SQL Server migration. Defines the method for accessing transaction log data for change data capture operations, affecting CDC performance and resource utilization in SQL Server replication.\n\nUse cases: CDC optimization; Transaction log access; Change data capture; Replication performance\n\nAWS: DMS Microsoft SQL Server endpoint tlogAccessMode setting for CDC data access configuration\n\nValidation: Must be valid transaction log access mode if provided; affects CDC data fetching behavior and performance\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-microsoftsqlserversettings.html#cfn-dms-endpoint-microsoftsqlserversettings-tlogaccessmode",
727
+ "type": "string"
728
+ },
729
+ "trimSpaceInChar": {
730
+ "description": "Q-ENHANCED-PROPERTY\nOptional flag to right-trim spaces in CHAR and NCHAR data types during SQL Server migration enabling data formatting consistency. Controls whether DMS removes trailing spaces from CHAR and NCHAR columns during migration for consistent data formatting and storage optimization.\n\nUse cases: Data formatting consistency; Space trimming; Character data optimization; Migration data quality\n\nAWS: DMS Microsoft SQL Server endpoint trimSpaceInChar setting for character data formatting\n\nValidation: Must be boolean value if provided; default is true; affects character data formatting during migration\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-microsoftsqlserversettings.html#cfn-dms-endpoint-microsoftsqlserversettings-trimspaceinchar",
731
+ "type": "boolean"
732
+ },
733
+ "useBcpFullLoad": {
734
+ "description": "Q-ENHANCED-PROPERTY\nOptional flag to use BCP for full-load operations enabling optimized bulk data transfer in SQL Server migration. Controls whether DMS uses Bulk Copy Program (BCP) for full-load operations, providing high-performance data transfer but requiring consideration of identity columns and table structure compatibility.\n\nUse cases: Bulk data transfer optimization; Full-load performance; SQL Server migration optimization; High-volume data transfer\n\nAWS: DMS Microsoft SQL Server endpoint useBcpFullLoad setting for bulk copy optimization\n\nValidation: Must be boolean value if provided; affects full-load performance and identity column handling\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-microsoftsqlserversettings.html#cfn-dms-endpoint-microsoftsqlserversettings-usebcpfullload",
735
+ "type": "boolean"
736
+ },
737
+ "useThirdPartyBackupDevice": {
738
+ "description": "Q-ENHANCED-PROPERTY\nOptional boolean flag to enable processing of third-party transaction log backups for SQL Server DMS migration enabling backup-based replication. Controls whether DMS will process third-party transaction log backups created in native format for SQL Server migration scenarios, providing flexibility for backup-based data migration strategies.\n\nUse cases: Third-party backup processing; Backup-based migration; Transaction log processing; SQL Server migration; Native backup integration\n\nAWS: AWS DMS SQL Server third-party backup device processing for backup-based migration and transaction log handling\n\nValidation: Must be boolean value if provided; optional for third-party backup processing control",
739
+ "type": "boolean"
740
+ }
741
+ },
742
+ "required": [
743
+ "secretsManagerSecretArn"
744
+ ],
745
+ "type": "object"
746
+ },
747
+ "MongoDbSettingsProperty": {
748
+ "additionalProperties": false,
749
+ "description": "Q-ENHANCED-INTERFACE\nMongoDB settings configuration interface for DMS providing NoSQL database migration and document database capabilities. Defines MongoDB-specific properties for Database Migration Service including document migration, authentication settings, and MongoDB integration for NoSQL database migration workflows.\n\nUse cases: NoSQL database migration; Document database migration; MongoDB connectivity; NoSQL migration workflows; Document data migration; DMS MongoDB integration\n\nAWS: AWS DMS MongoDB endpoint configuration with NoSQL database migration and document database capabilities\n\nValidation: Configuration must be valid for DMS migration; properties must conform to AWS DMS and database-specific requirements",
750
+ "properties": {
751
+ "authMechanism": {
752
+ "description": "Q-ENHANCED-PROPERTY\nOptional authentication mechanism for MongoDB source endpoint access with version-specific defaults. Specifies authentication method with default \"mongodb_cr\" for MongoDB 2.x and \"scram_sha_1\" for MongoDB 3.x+, not used when AuthType is \"no\", enabling secure MongoDB database connectivity and authentication.\n\nUse cases: MongoDB authentication; Version-specific auth; Database security; Connection authentication; MongoDB connectivity\n\nAWS: AWS DMS MongoDB endpoint authMechanism for authentication method specification and secure database access\n\nValidation: Must be valid MongoDB authentication mechanism if provided; version-dependent defaults; not used when AuthType is \"no\"",
753
+ "type": "string"
754
+ },
755
+ "authSource": {
756
+ "description": "Q-ENHANCED-PROPERTY\nOptional MongoDB database name for authentication with default \"admin\" database. Specifies the database used for authentication operations, not used when AuthType is \"no\", enabling proper authentication context and database-specific access control for MongoDB migration operations.\n\nUse cases: Authentication database; MongoDB auth context; Database-specific auth; Authentication scope; MongoDB security\n\nAWS: AWS DMS MongoDB endpoint authSource for authentication database specification and access control\n\nValidation: Must be valid MongoDB database name if provided; default \"admin\"; not used when AuthType is \"no\"",
757
+ "type": "string"
758
+ },
759
+ "authType": {
760
+ "description": "Q-ENHANCED-PROPERTY\nOptional authentication type for MongoDB source endpoint access control. Specifies authentication type with \"no\" disabling username/password requirements and allowing empty credentials, enabling flexible authentication configuration for MongoDB database connectivity and migration operations.\n\nUse cases: Authentication control; MongoDB security; Credential management; Access control; Database authentication\n\nAWS: AWS DMS MongoDB endpoint authType for authentication type specification and access control\n\nValidation: Must be valid authentication type if provided; \"no\" disables username/password requirements; controls MongoDB authentication",
761
+ "type": "string"
762
+ },
763
+ "databaseName": {
764
+ "description": "Q-ENHANCED-PROPERTY\nOptional database name on MongoDB source endpoint for migration scope specification. Specifies the target database name for MongoDB migration operations, defining the scope of data migration and database-specific operations for NoSQL document database migration workflows.\n\nUse cases: Database scope; Migration target; MongoDB database selection; Data scope; Database specification\n\nAWS: AWS DMS MongoDB endpoint databaseName for migration database specification and scope definition\n\nValidation: Must be valid MongoDB database name if provided; defines migration scope and target database for operations",
765
+ "type": "string"
766
+ },
767
+ "docsToInvestigate": {
768
+ "description": "Q-ENHANCED-PROPERTY\nOptional number of documents to preview for document organization analysis when using table mode. Specifies document count for preview analysis with default 1000, used when NestingLevel is \"one\", enabling proper document structure analysis and table mode configuration.\n\nUse cases: Document analysis; Structure preview; Table mode configuration; Document organization; Schema analysis\n\nAWS: AWS DMS MongoDB endpoint docsToInvestigate for document structure analysis and table mode configuration\n\nValidation: Must be positive integer greater than 0 if provided; default 1000; used when NestingLevel is \"one\"",
769
+ "type": "string"
770
+ },
771
+ "extractDocId": {
772
+ "description": "Q-ENHANCED-PROPERTY\nOptional flag to specify document ID extraction when using document mode. Specifies whether to extract document ID with default \"false\", used when NestingLevel is \"none\", enabling document ID handling and document mode configuration for MongoDB migration operations.\n\nUse cases: Document ID extraction; Document mode; ID handling; Document configuration; MongoDB document processing\n\nAWS: AWS DMS MongoDB endpoint extractDocId for document ID extraction and document mode configuration\n\nValidation: Must be \"true\" or \"false\" if provided; default \"false\"; used when NestingLevel is \"none\"",
773
+ "type": "string"
774
+ },
775
+ "nestingLevel": {
776
+ "description": "Q-ENHANCED-PROPERTY\nOptional nesting level specification for document or table mode selection. Specifies migration mode with \"none\" for document mode and \"one\" for table mode, with default \"none\", controlling how MongoDB documents are processed and migrated in NoSQL database operations.\n\nUse cases: Migration mode; Document processing; Table mode; Document mode; MongoDB structure handling\n\nAWS: AWS DMS MongoDB endpoint nestingLevel for migration mode specification and document processing control\n\nValidation: Must be \"none\" or \"one\" if provided; default \"none\"; \"none\" uses document mode, \"one\" uses table mode",
777
+ "type": "string"
778
+ },
779
+ "port": {
780
+ "description": "The port value for the MongoDB source endpoint.\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-mongodbsettings.html#cfn-dms-endpoint-mongodbsettings-port",
781
+ "type": "number"
782
+ },
783
+ "secretsManagerAccessRoleArn": {
784
+ "description": "The full Amazon Resource Name (ARN) of the IAM role that specifies AWS DMS as the trusted entity and grants the required permissions to access the value in `SecretsManagerSecret` .\nThe role must allow the `iam:PassRole` action. `SecretsManagerSecret` has the value of the AWS Secrets Manager secret that allows access to the MongoDB endpoint.\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-mongodbsettings.html#cfn-dms-endpoint-mongodbsettings-secretsmanageraccessrolearn",
785
+ "type": "string"
786
+ },
787
+ "secretsManagerSecretArn": {
788
+ "description": "The full ARN of the `SecretsManagerSecret` that contains the MongoDB endpoint connection details.\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-mongodbsettings.html#cfn-dms-endpoint-mongodbsettings-secretsmanagersecretid",
789
+ "type": "string"
790
+ },
791
+ "secretsManagerSecretKMSArn": {
792
+ "description": "The ID of the KMS key used to encrypt the credentials secret.",
793
+ "type": "string"
794
+ },
795
+ "serverName": {
796
+ "description": "The name of the server on the MongoDB source endpoint.\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-mongodbsettings.html#cfn-dms-endpoint-mongodbsettings-servername",
797
+ "type": "string"
798
+ }
799
+ },
800
+ "required": [
801
+ "secretsManagerSecretArn"
802
+ ],
803
+ "type": "object"
804
+ },
805
+ "MySqlSettingsProperty": {
806
+ "additionalProperties": false,
807
+ "description": "Q-ENHANCED-INTERFACE\nMySQL database settings configuration interface for DMS providing database migration and MySQL-specific capabilities. Defines MySQL-specific properties for Database Migration Service including connection settings, replication configuration, and MySQL migration parameters for MySQL database migration workflows.\n\nUse cases: MySQL database migration; Database replication; Connection configuration; MySQL migration workflows; Database connectivity; DMS integration\n\nAWS: AWS DMS MySQL endpoint configuration with MySQL-specific migration settings and replication management\n\nValidation: Configuration must be valid for DMS migration; properties must conform to AWS DMS and database-specific requirements",
808
+ "properties": {
809
+ "afterConnectScript": {
810
+ "description": "Q-ENHANCED-PROPERTY\nOptional SQL script to execute immediately after DMS connects to the MySQL endpoint for initialization tasks. Provides custom initialization logic that runs after connection establishment, with migration task continuing regardless of script success or failure, enabling database-specific setup and configuration.\n\nUse cases: Database initialization; Connection setup; Custom configuration; Post-connection tasks; Database preparation\n\nAWS: AWS DMS MySQL endpoint afterConnectScript for post-connection initialization and setup\n\nValidation: Must be valid SQL script code if provided; script content not filename; migration continues regardless of execution result",
811
+ "type": "string"
812
+ },
813
+ "cleanSourceMetadataOnMismatch": {
814
+ "description": "Q-ENHANCED-PROPERTY\nOptional flag to clean and recreate table metadata on replication instance when mismatches occur. Handles situations where DDL operations cause cached table metadata differences on the replication instance, ensuring metadata consistency during MySQL database migration and replication operations.\n\nUse cases: Metadata consistency; DDL handling; Cache management; Replication reliability; Table structure synchronization\n\nAWS: AWS DMS MySQL endpoint cleanSourceMetadataOnMismatch for metadata consistency and cache management\n\nValidation: Must be boolean value if provided; enables automatic metadata cleanup and recreation on mismatch detection",
815
+ "type": "boolean"
816
+ },
817
+ "eventsPollInterval": {
818
+ "description": "Q-ENHANCED-PROPERTY\nOptional polling interval in seconds for checking MySQL binary log changes when database is idle. Specifies how frequently DMS checks binary logs for new changes during idle periods, with default of 5 seconds, affecting change detection latency and system resource usage during MySQL replication.\n\nUse cases: Change detection; Polling frequency; Performance tuning; Idle monitoring; Binary log processing\n\nAWS: AWS DMS MySQL endpoint eventsPollInterval for binary log change detection frequency\n\nValidation: Must be positive integer in seconds if provided; default 5 seconds; affects change detection latency and resource usage",
819
+ "type": "number"
820
+ },
821
+ "maxFileSize": {
822
+ "description": "Q-ENHANCED-PROPERTY\nOptional maximum CSV file size in KB for MySQL data transfer operations. Specifies the maximum size limit for CSV files used in data transfer to MySQL-compatible databases, controlling file size for bulk data operations and affecting transfer performance and memory usage.\n\nUse cases: File size control; Bulk data transfer; Performance optimization; Memory management; CSV processing\n\nAWS: AWS DMS MySQL endpoint maxFileSize for CSV file size limits in data transfer operations\n\nValidation: Must be positive integer in KB if provided; controls CSV file size for MySQL data transfer operations",
823
+ "type": "number"
824
+ },
825
+ "parallelLoadThreads": {
826
+ "description": "Q-ENHANCED-PROPERTY\nOptional number of parallel threads for loading data into MySQL-compatible target databases for performance optimization. Specifies thread count for parallel data loading with each thread requiring separate connection, affecting performance and database load with default of 1 thread for MySQL target operations.\n\nUse cases: Performance optimization; Parallel loading; Thread configuration; MySQL target optimization; Load balancing\n\nAWS: AWS DMS MySQL endpoint parallelLoadThreads for parallel data loading performance optimization\n\nValidation: Must be positive integer if provided; default 1; higher values may impact database performance due to connection overhead",
827
+ "type": "number"
828
+ },
829
+ "secretsManagerAccessRoleArn": {
830
+ "description": "Q-ENHANCED-PROPERTY\nOptional IAM role ARN for AWS Secrets Manager access to MySQL endpoint credentials. Specifies the IAM role with required permissions to access SecretsManagerSecret containing MySQL endpoint credentials, enabling secure credential management and access control for MySQL database connections.\n\nUse cases: Credential management; Secrets Manager integration; Secure access; IAM role configuration; MySQL authentication\n\nAWS: AWS IAM role ARN for Secrets Manager access to MySQL endpoint credentials and authentication\n\nValidation: Must be valid IAM role ARN if provided; requires iam:PassRole action and Secrets Manager access permissions",
831
+ "type": "string"
832
+ },
833
+ "secretsManagerSecretArn": {
834
+ "description": "Q-ENHANCED-PROPERTY\nRequired Secrets Manager secret ARN containing MySQL endpoint connection details for secure credential management. Specifies the full ARN of the secret containing MySQL database connection information including credentials, enabling secure storage and access of MySQL endpoint authentication details.\n\nUse cases: Secure credential storage; MySQL authentication; Secrets Manager integration; Database connection security; Credential management\n\nAWS: AWS Secrets Manager secret ARN containing MySQL endpoint connection details and credentials\n\nValidation: Must be valid Secrets Manager secret ARN; required for secure MySQL endpoint credential management and authentication",
835
+ "type": "string"
836
+ },
837
+ "secretsManagerSecretKMSArn": {
838
+ "description": "Q-ENHANCED-PROPERTY\nOptional KMS key ARN for encrypting MySQL endpoint credentials secret in Secrets Manager. Specifies the KMS key used to encrypt the credentials secret, providing additional encryption layer for MySQL endpoint authentication information stored in AWS Secrets Manager.\n\nUse cases: Credential encryption; KMS integration; Enhanced security; Secret encryption; MySQL credential protection\n\nAWS: AWS KMS key ARN for encrypting Secrets Manager secret containing MySQL endpoint credentials\n\nValidation: Must be valid KMS key ARN if provided; provides additional encryption for MySQL credentials in Secrets Manager",
839
+ "type": "string"
840
+ },
841
+ "serverTimezone": {
842
+ "description": "Q-ENHANCED-PROPERTY\nOptional time zone specification for MySQL source database configuration. Specifies the time zone for the source MySQL database affecting timestamp handling and data conversion during migration, ensuring proper time zone handling and data consistency across different time zones.\n\nUse cases: Time zone configuration; Timestamp handling; Data consistency; MySQL configuration; Time zone conversion\n\nAWS: AWS DMS MySQL endpoint serverTimezone for source database time zone configuration\n\nValidation: Must be valid time zone string if provided; do not enclose in single quotes; affects timestamp data handling",
843
+ "type": "string"
844
+ },
845
+ "targetDbType": {
846
+ "description": "Q-ENHANCED-PROPERTY\nOptional target database type specification for MySQL migration destination configuration. Specifies whether to migrate source tables to a single database or multiple databases on the target, with SPECIFIC_DATABASE requiring DatabaseName parameter and MULTIPLE_DATABASES preserving source database structure.\n\nUse cases: Database structure preservation; Migration strategy; Target configuration; Database organization; Schema mapping\n\nAWS: AWS DMS MySQL endpoint targetDbType for target database structure and migration destination configuration\n\nValidation: Must be valid target type if provided; SPECIFIC_DATABASE requires DatabaseName parameter; MULTIPLE_DATABASES preserves structure",
847
+ "type": "string"
848
+ }
849
+ },
850
+ "required": [
851
+ "secretsManagerSecretArn"
852
+ ],
853
+ "type": "object"
854
+ },
855
+ "NagPackSuppression": {
856
+ "additionalProperties": false,
857
+ "description": "Interface for creating a rule suppression",
858
+ "properties": {
859
+ "appliesTo": {
860
+ "description": "Rule specific granular suppressions",
861
+ "items": {
862
+ "$ref": "#/definitions/NagPackSuppressionAppliesTo"
863
+ },
864
+ "type": "array"
865
+ },
866
+ "id": {
867
+ "description": "The id of the rule to ignore",
868
+ "type": "string"
869
+ },
870
+ "reason": {
871
+ "description": "The reason to ignore the rule (minimum 10 characters)",
872
+ "type": "string"
873
+ }
874
+ },
875
+ "required": [
876
+ "id",
877
+ "reason"
878
+ ],
879
+ "type": "object"
880
+ },
881
+ "NagPackSuppressionAppliesTo": {
882
+ "anyOf": [
883
+ {
884
+ "$ref": "#/definitions/RegexAppliesTo"
885
+ },
886
+ {
887
+ "type": "string"
888
+ }
889
+ ],
890
+ "description": "A granular suppression"
891
+ },
892
+ "NamedEndpointProps": {
893
+ "additionalProperties": {
894
+ "$ref": "#/definitions/EndpointProps"
895
+ },
896
+ "description": "Q-ENHANCED-INTERFACE\nNamedEndpointProps configuration interface for database migration and replication.\n\nUse cases: Database migration; Database replication; Data migration workflows; Database connectivity\n\nAWS: AWS Database Migration Service configuration for database migration and replication\n\nValidation: Configuration must be valid for deployment; properties must conform to AWS DMS and MDAA requirements",
897
+ "type": "object"
898
+ },
899
+ "NamedReplicationInstanceProps": {
900
+ "additionalProperties": {
901
+ "$ref": "#/definitions/ReplicationInstanceProps"
902
+ },
903
+ "description": "Q-ENHANCED-INTERFACE\nNamedReplicationInstanceProps configuration interface for database migration and replication.\n\nUse cases: Database migration; Database replication; Data migration workflows; Database connectivity\n\nAWS: AWS Database Migration Service configuration for database migration and replication\n\nValidation: Configuration must be valid for deployment; properties must conform to AWS DMS and MDAA requirements",
904
+ "type": "object"
905
+ },
906
+ "NamedReplicationTaskProps": {
907
+ "additionalProperties": {
908
+ "$ref": "#/definitions/ReplicationTaskProps"
909
+ },
910
+ "description": "Q-ENHANCED-INTERFACE\nNamedReplicationTaskProps configuration interface for database migration and replication.\n\nUse cases: Database migration; Database replication; Data migration workflows; Database connectivity\n\nAWS: AWS Database Migration Service configuration for database migration and replication\n\nValidation: Configuration must be valid for deployment; properties must conform to AWS DMS and MDAA requirements",
911
+ "type": "object"
912
+ },
913
+ "NeptuneSettingsProperty": {
914
+ "additionalProperties": false,
915
+ "description": "Q-ENHANCED-INTERFACE\nNeptune settings configuration interface for DMS providing graph database migration and graph data capabilities. Defines Neptune-specific properties for Database Migration Service including graph data migration, graph database connectivity, and Neptune integration for graph database migration workflows.\n\nUse cases: Graph database migration; Graph data migration; Neptune connectivity; Graph database workflows; Graph data integration; DMS Neptune integration\n\nAWS: AWS DMS Neptune endpoint configuration with graph database migration and graph data capabilities\n\nValidation: Configuration must be valid for DMS migration; properties must conform to AWS DMS and database-specific requirements",
916
+ "properties": {
917
+ "errorRetryDuration": {
918
+ "description": "Q-ENHANCED-PROPERTY\nOptional retry duration in milliseconds for DMS bulk-load operations to Neptune target database enabling resilient graph data migration with configurable error recovery. Defines the wait time before retrying failed bulk-load operations for migrated graph data to ensure reliable data transfer to Neptune.\n\nUse cases: Graph data migration resilience; Bulk-load error recovery; Neptune migration optimization; Retry configuration\n\nAWS: DMS Neptune endpoint errorRetryDuration setting for bulk-load retry timing configuration\n\nValidation: Must be positive integer in milliseconds; default is 250ms; controls retry timing for failed bulk operations\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-neptunesettings.html#cfn-dms-endpoint-neptunesettings-errorretryduration",
919
+ "type": "number"
920
+ },
921
+ "maxFileSize": {
922
+ "description": "Q-ENHANCED-PROPERTY\nOptional maximum file size in kilobytes for CSV files containing migrated graph data before DMS bulk-loads to Neptune target database enabling optimized batch processing. Defines the size threshold for CSV files storing graph data before triggering bulk-load operations to Neptune, optimizing memory usage and transfer efficiency.\n\nUse cases: Graph data batch optimization; Memory management; CSV file size control; Neptune bulk-load efficiency\n\nAWS: DMS Neptune endpoint maxFileSize setting for CSV file size threshold configuration\n\nValidation: Must be positive integer in kilobytes; default is 1,048,576 KB (1GB); controls CSV batch size for bulk operations\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-neptunesettings.html#cfn-dms-endpoint-neptunesettings-maxfilesize",
923
+ "type": "number"
924
+ },
925
+ "maxRetryCount": {
926
+ "description": "Q-ENHANCED-PROPERTY\nOptional maximum retry count for DMS bulk-load operations to Neptune target database enabling configurable resilience for graph data migration. Defines the number of retry attempts for failed bulk-load operations before raising an error, ensuring reliable graph data transfer with controlled retry behavior.\n\nUse cases: Graph migration resilience; Bulk-load retry control; Neptune migration reliability; Error handling configuration\n\nAWS: DMS Neptune endpoint maxRetryCount setting for bulk-load retry attempt configuration\n\nValidation: Must be positive integer; default is 5 retries; controls maximum retry attempts for failed bulk operations\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-neptunesettings.html#cfn-dms-endpoint-neptunesettings-maxretrycount",
927
+ "type": "number"
928
+ },
929
+ "s3BucketFolder": {
930
+ "description": "Q-ENHANCED-PROPERTY\nOptional S3 bucket folder path for storing migrated graph data during DMS Neptune migration enabling organized data staging and processing. Defines the folder structure within the S3 bucket for temporary storage of graph data CSV files before bulk-loading to Neptune target database.\n\nUse cases: Graph data organization; S3 staging structure; Migration data management; Temporary storage organization\n\nAWS: DMS Neptune endpoint s3BucketFolder setting for S3 staging folder path configuration\n\nValidation: Must be valid S3 folder path if provided; enables organized staging of graph migration data\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-neptunesettings.html#cfn-dms-endpoint-neptunesettings-s3bucketfolder",
931
+ "type": "string"
932
+ },
933
+ "s3BucketName": {
934
+ "description": "Q-ENHANCED-PROPERTY\nRequired S3 bucket name for temporary storage of migrated graph data during DMS Neptune migration enabling staged data processing and bulk-loading. Defines the S3 bucket where DMS stores CSV files containing graph data before bulk-loading to Neptune target database.\n\nUse cases: Graph data staging; Neptune migration storage; Temporary CSV storage; Bulk-load data preparation\n\nAWS: DMS Neptune endpoint s3BucketName setting for S3 staging bucket configuration\n\nValidation: Must be valid S3 bucket name; required for Neptune endpoint configuration; bucket must exist and be accessible\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-neptunesettings.html#cfn-dms-endpoint-neptunesettings-s3bucketname",
935
+ "type": "string"
936
+ },
937
+ "serviceAccessRoleArn": {
938
+ "description": "Q-ENHANCED-PROPERTY\nOptional IAM service role ARN for DMS Neptune endpoint access enabling secure authentication and authorization for graph database operations. Defines the IAM role that DMS assumes to access Neptune target database with required permissions for bulk-loading and graph data operations.\n\nUse cases: Neptune access control; DMS service authentication; IAM role-based security; Graph database permissions\n\nAWS: DMS Neptune endpoint serviceAccessRoleArn setting for IAM role-based authentication\n\nValidation: Must be valid IAM role ARN if provided; role must have iam:PassRole permission and Neptune access policies\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-neptunesettings.html#cfn-dms-endpoint-neptunesettings-serviceaccessrolearn",
939
+ "type": "string"
940
+ }
941
+ },
942
+ "required": [
943
+ "s3BucketName"
944
+ ],
945
+ "type": "object"
946
+ },
947
+ "OracleSettingsProperty": {
948
+ "additionalProperties": false,
949
+ "description": "Q-ENHANCED-INTERFACE\nConfiguration interface for AWS DMS Oracle database endpoint settings providing replication and change data capture options. Provides Oracle-specific configuration properties for DMS endpoints including supplemental logging, archived log management, and advanced Oracle database features for secure and efficient data migration and replication.\n\nUse cases: Oracle database migration; Change data capture; Database replication; Oracle-specific configuration; Advanced Oracle features\n\nAWS: AWS Database Migration Service Oracle endpoint configuration with Oracle-specific settings and optimization parameters\n\nValidation: Boolean properties must be true/false; numeric properties must be valid integers; string properties must follow Oracle naming conventions",
950
+ "properties": {
951
+ "accessAlternateDirectly": {
952
+ "description": "Q-ENHANCED-PROPERTY\nOptional flag to disable Binary Reader access to redo logs through direct file access for Oracle RDS sources. Controls whether DMS accesses redo logs directly or through specified path prefix replacement, affecting change data capture performance and configuration for Oracle database replication.\n\nUse cases: RDS Oracle configuration; Change data capture optimization; Direct file access control; Performance tuning; Oracle replication setup\n\nAWS: AWS DMS Oracle endpoint accessAlternateDirectly setting for redo log access configuration\n\nValidation: Must be boolean value if provided; affects Oracle change data capture behavior and performance",
953
+ "type": "boolean"
954
+ },
955
+ "addSupplementalLogging": {
956
+ "description": "Q-ENHANCED-PROPERTY\nOptional flag to enable table-level supplemental logging for Oracle database migration tasks. Enables PRIMARY KEY supplemental logging on all selected tables for migration, providing necessary change data capture information while requiring database-level supplemental logging to be enabled separately.\n\nUse cases: Supplemental logging; Change data capture; Table-level logging; Oracle migration; Primary key tracking\n\nAWS: AWS DMS Oracle endpoint addSupplementalLogging for table-level supplemental logging configuration\n\nValidation: Must be boolean value if provided; requires database-level supplemental logging to be enabled for proper operation",
957
+ "type": "boolean"
958
+ },
959
+ "additionalArchivedLogDestId": {
960
+ "description": "Q-ENHANCED-PROPERTY\nOptional additional archived log destination ID for Oracle primary/standby switchover scenarios. Specifies the destination for archive redo logs in switchover situations where the previous primary instance becomes standby, enabling continuous replication during Oracle database role changes.\n\nUse cases: Oracle switchover; High availability; Standby database configuration; Archive log management; Disaster recovery\n\nAWS: AWS DMS Oracle endpoint additionalArchivedLogDestId for switchover archive log destination\n\nValidation: Must be valid integer destination ID if provided; used for Oracle switchover scenarios and archive log management",
961
+ "type": "number"
962
+ },
963
+ "allowSelectNestedTables": {
964
+ "description": "Q-ENHANCED-PROPERTY\nOptional flag to enable replication of Oracle tables with nested tables or defined types for complex data structure migration. Allows DMS to replicate Oracle tables containing columns with nested tables or user-defined types, enabling migration of complex Oracle database schemas with advanced data structures.\n\nUse cases: Complex schema migration; Nested table replication; User-defined types; Advanced Oracle features; Complex data structures\n\nAWS: AWS DMS Oracle endpoint allowSelectNestedTables for complex data type replication support\n\nValidation: Must be boolean value if provided; enables replication of Oracle nested tables and defined types",
965
+ "type": "boolean"
966
+ },
967
+ "archivedLogDestId": {
968
+ "description": "Q-ENHANCED-PROPERTY\nOptional archived redo log destination ID for Oracle change data capture configuration. Specifies the destination ID for archived redo logs matching the dest_id column in v$archived_log view, optimizing performance by ensuring correct log access from the start of replication operations.\n\nUse cases: Archived log configuration; Performance optimization; Change data capture; Log destination management; Oracle replication tuning\n\nAWS: AWS DMS Oracle endpoint archivedLogDestId for archived redo log destination specification\n\nValidation: Must be valid integer matching Oracle v$archived_log dest_id; improves performance through correct log access",
969
+ "type": "number"
970
+ },
971
+ "archivedLogsOnly": {
972
+ "description": "Q-ENHANCED-PROPERTY\nOptional flag to restrict DMS access to archived redo logs only for Oracle replication. When enabled, DMS accesses only archived redo logs, requiring ASM privileges if logs are stored on Automatic Storage Management, providing controlled access to Oracle change data.\n\nUse cases: Archived log only access; ASM storage; Controlled log access; Oracle security; Change data capture restriction\n\nAWS: AWS DMS Oracle endpoint archivedLogsOnly for restricted archived log access configuration\n\nValidation: Must be boolean value if provided; requires ASM privileges when archived logs are on ASM storage",
973
+ "type": "boolean"
974
+ },
975
+ "asmServer": {
976
+ "description": "Q-ENHANCED-PROPERTY\nOptional ASM server address for Oracle source endpoint Binary Reader configuration. Specifies the Automatic Storage Management server address for Oracle databases using ASM, enabling DMS Binary Reader access to Oracle databases with ASM storage for change data capture operations.\n\nUse cases: ASM configuration; Binary Reader setup; Oracle ASM access; Storage management; Change data capture with ASM\n\nAWS: AWS DMS Oracle endpoint asmServer for ASM server address configuration with Binary Reader\n\nValidation: Must be valid ASM server address if provided; required for Oracle databases using ASM storage with Binary Reader",
977
+ "type": "string"
978
+ },
979
+ "charLengthSemantics": {
980
+ "description": "Q-ENHANCED-PROPERTY\nOptional character length semantics specification for Oracle character column interpretation. Determines whether character column lengths are measured in bytes or characters, affecting data type mapping and character handling during Oracle database migration and replication operations.\n\nUse cases: Character encoding; Data type mapping; Character column handling; Oracle character semantics; Migration accuracy\n\nAWS: AWS DMS Oracle endpoint charLengthSemantics for character column length interpretation\n\nValidation: Must be 'CHAR' for character-based or default for byte-based; affects character column length calculation",
981
+ "type": "string"
982
+ },
983
+ "directPathNoLog": {
984
+ "description": "Q-ENHANCED-PROPERTY\nOptional flag to enable direct path loading without database logging for Oracle target performance optimization. Increases commit rate on Oracle target databases by writing directly to tables without creating database log trails, improving performance for bulk data loading operations.\n\nUse cases: Performance optimization; Bulk loading; Direct path loading; Oracle target optimization; High-speed migration\n\nAWS: AWS DMS Oracle endpoint directPathNoLog for direct path loading without logging\n\nValidation: Must be boolean value if provided; improves performance but bypasses Oracle database logging mechanisms",
985
+ "type": "boolean"
986
+ },
987
+ "directPathParallelLoad": {
988
+ "description": "Q-ENHANCED-PROPERTY\nOptional flag to enable parallel loading when direct path full load is active for Oracle target performance optimization. Enables parallel load operations when useDirectPathFullLoad is set, requiring target tables without constraints or indexes for maximum performance during bulk data migration.\n\nUse cases: Parallel loading; Performance optimization; Bulk migration; Direct path loading; High-speed data transfer\n\nAWS: AWS DMS Oracle endpoint directPathParallelLoad for parallel loading with direct path full load\n\nValidation: Must be boolean value if provided; requires useDirectPathFullLoad enabled and target tables without constraints/indexes",
989
+ "type": "boolean"
990
+ },
991
+ "enableHomogenousTablespace": {
992
+ "description": "Q-ENHANCED-PROPERTY\nOptional flag to enable homogeneous tablespace replication for Oracle target database consistency. Creates existing tables and indexes under the same tablespace on the target database, maintaining Oracle tablespace organization and storage structure during migration operations.\n\nUse cases: Tablespace consistency; Oracle structure preservation; Storage organization; Database layout maintenance; Migration fidelity\n\nAWS: AWS DMS Oracle endpoint enableHomogenousTablespace for tablespace replication and consistency\n\nValidation: Must be boolean value if provided; maintains Oracle tablespace structure and organization on target database",
993
+ "type": "boolean"
994
+ },
995
+ "extraArchivedLogDestIds": {
996
+ "description": "Q-ENHANCED-PROPERTY\nOptional array of additional archived log destination IDs for Oracle Data Guard switchover scenarios. Specifies multiple destinations for archived redo logs in primary-to-multiple-standby setups, enabling DMS to access correct archive logs during Oracle Data Guard switchover operations.\n\nUse cases: Data Guard switchover; Multiple standby configuration; Archive log management; High availability; Disaster recovery\n\nAWS: AWS DMS Oracle endpoint extraArchivedLogDestIds for multiple archived log destination configuration\n\nValidation: Must be array of valid integer destination IDs if provided; used with archivedLogDestId for switchover scenarios\n *",
997
+ "items": {
998
+ "type": "number"
999
+ },
1000
+ "type": "array"
1001
+ },
1002
+ "failTasksOnLobTruncation": {
1003
+ "description": "Q-ENHANCED-PROPERTY\nOptional flag to cause task failure when LOB column size exceeds specified LobMaxSize limit. Forces task failure instead of LOB data truncation when actual LOB size is greater than LobMaxSize in limited LOB mode, ensuring data integrity and preventing silent data loss.\n\nUse cases: Data integrity; LOB handling; Error handling; Data validation; Migration quality control\n\nAWS: AWS DMS Oracle endpoint failTasksOnLobTruncation for LOB size validation and error handling\n\nValidation: Must be boolean value if provided; causes task failure instead of LOB truncation when size limits exceeded",
1004
+ "type": "boolean"
1005
+ },
1006
+ "numberDatatypeScale": {
1007
+ "description": "Q-ENHANCED-PROPERTY\nOptional number data type scale specification for Oracle NUMBER data type conversion precision. Defines the scale for NUMBER data type conversion up to 38 or FLOAT, controlling precision and scale during Oracle numeric data migration with default precision 38, scale 10.\n\nUse cases: Numeric precision; Data type conversion; Oracle NUMBER handling; Precision control; Migration accuracy\n\nAWS: AWS DMS Oracle endpoint numberDatatypeScale for NUMBER data type conversion precision\n\nValidation: Must be integer between 0-38 or FLOAT if provided; controls Oracle NUMBER data type conversion precision and scale",
1008
+ "type": "number"
1009
+ },
1010
+ "oraclePathPrefix": {
1011
+ "description": "Q-ENHANCED-PROPERTY\nOptional Oracle path prefix for Binary Reader redo log access configuration. Specifies the default Oracle root path for accessing redo logs when using Binary Reader for change data capture from Amazon RDS for Oracle sources, enabling proper redo log access and change data capture operations.\n\nUse cases: Binary Reader configuration; Redo log access; RDS Oracle sources; Change data capture; Path configuration\n\nAWS: AWS DMS Oracle endpoint oraclePathPrefix for Binary Reader redo log access path specification\n\nValidation: Must be valid Oracle path string if provided; required for Binary Reader access to RDS Oracle redo logs",
1012
+ "type": "string"
1013
+ },
1014
+ "parallelAsmReadThreads": {
1015
+ "description": "Q-ENHANCED-PROPERTY\nOptional number of parallel ASM read threads for Oracle change data capture performance optimization. Configures the number of threads (2-8) for CDC load operations using Oracle Automatic Storage Management, working with readAheadBlocks for optimized ASM performance during change data capture.\n\nUse cases: ASM performance; CDC optimization; Thread configuration; Parallel processing; Oracle ASM tuning\n\nAWS: AWS DMS Oracle endpoint parallelAsmReadThreads for ASM CDC performance optimization\n\nValidation: Must be integer between 2-8 if provided; used with readAheadBlocks for ASM performance tuning",
1016
+ "type": "number"
1017
+ },
1018
+ "readAheadBlocks": {
1019
+ "description": "Q-ENHANCED-PROPERTY\nOptional number of read-ahead blocks for Oracle ASM change data capture performance optimization. Configures read-ahead blocks (1000-200000) for CDC load operations using Oracle Automatic Storage Management, working with parallelAsmReadThreads for optimized ASM performance during change data capture.\n\nUse cases: ASM performance; CDC optimization; Block configuration; Read-ahead tuning; Oracle ASM optimization\n\nAWS: AWS DMS Oracle endpoint readAheadBlocks for ASM CDC read-ahead performance optimization\n\nValidation: Must be integer between 1000-200000 if provided; used with parallelAsmReadThreads for ASM performance tuning",
1020
+ "type": "number"
1021
+ },
1022
+ "readTableSpaceName": {
1023
+ "description": "Q-ENHANCED-PROPERTY\nOptional flag to enable tablespace name reading for Oracle tablespace replication support. Enables DMS to read and replicate tablespace information during Oracle database migration, supporting tablespace-aware migration and maintaining Oracle storage organization on target databases.\n\nUse cases: Tablespace replication; Storage organization; Oracle structure preservation; Tablespace awareness; Migration fidelity\n\nAWS: AWS DMS Oracle endpoint readTableSpaceName for tablespace replication and organization support\n\nValidation: Must be boolean value if provided; enables tablespace name reading and replication during Oracle migration",
1024
+ "type": "boolean"
1025
+ },
1026
+ "replacePathPrefix": {
1027
+ "description": "Q-ENHANCED-PROPERTY\nOptional flag to enable path prefix replacement for Binary Reader redo log access. Instructs DMS to replace the default Oracle root with usePathPrefix setting for redo log access when using Binary Reader for change data capture from Amazon RDS for Oracle sources.\n\nUse cases: Path replacement; Binary Reader configuration; RDS Oracle access; Redo log path management; Change data capture setup\n\nAWS: AWS DMS Oracle endpoint replacePathPrefix for Binary Reader path replacement configuration\n\nValidation: Must be boolean value if provided; enables path prefix replacement for Binary Reader redo log access",
1028
+ "type": "boolean"
1029
+ },
1030
+ "retryInterval": {
1031
+ "description": "Q-ENHANCED-PROPERTY\nOptional retry interval in seconds for Oracle connection query retry operations. Specifies the wait time before resending queries to Oracle database, providing resilience and error recovery for Oracle database connectivity issues during migration and replication operations.\n\nUse cases: Connection resilience; Error recovery; Query retry; Oracle connectivity; Network reliability\n\nAWS: AWS DMS Oracle endpoint retryInterval for query retry timing and connection resilience\n\nValidation: Must be positive integer in seconds if provided; controls query retry timing for Oracle connection resilience",
1032
+ "type": "number"
1033
+ },
1034
+ "secretsManagerAccessRoleArn": {
1035
+ "description": "Q-ENHANCED-PROPERTY\nOptional IAM role ARN for AWS Secrets Manager access to Oracle endpoint credentials. Specifies the IAM role with required permissions to access SecretsManagerSecret containing Oracle endpoint credentials, enabling secure credential management and access control for Oracle database connections.\n\nUse cases: Credential management; Secrets Manager integration; Secure access; IAM role configuration; Oracle authentication\n\nAWS: AWS IAM role ARN for Secrets Manager access to Oracle endpoint credentials and authentication\n\nValidation: Must be valid IAM role ARN if provided; requires iam:PassRole action and Secrets Manager access permissions",
1036
+ "type": "string"
1037
+ },
1038
+ "secretsManagerOracleAsmAccessRoleArn": {
1039
+ "description": "Q-ENHANCED-PROPERTY\nOptional IAM role ARN for AWS Secrets Manager access to Oracle ASM credentials when using Advanced Storage Manager. Specifies the IAM role with required permissions to access SecretsManagerOracleAsmSecret containing Oracle ASM connection details, enabling secure ASM credential management for Oracle endpoints with ASM storage.\n\nUse cases: ASM credential management; Secrets Manager integration; Oracle ASM access; Secure ASM authentication; Advanced storage configuration\n\nAWS: AWS IAM role ARN for Secrets Manager access to Oracle ASM credentials and authentication\n\nValidation: Must be valid IAM role ARN if provided; required for Oracle endpoints using ASM; mutually exclusive with clear-text ASM credentials",
1040
+ "type": "string"
1041
+ },
1042
+ "secretsManagerOracleAsmSecretArn": {
1043
+ "description": "Q-ENHANCED-PROPERTY\nOptional Secrets Manager secret ARN containing Oracle ASM connection details for Advanced Storage Manager endpoints. Specifies the full ARN of the secret containing Oracle ASM connection information, enabling secure storage and access of ASM credentials for Oracle endpoints using Advanced Storage Manager.\n\nUse cases: ASM secret storage; Secure ASM credentials; Oracle ASM configuration; Advanced storage authentication; Secret management\n\nAWS: AWS Secrets Manager secret ARN containing Oracle ASM connection details and credentials\n\nValidation: Must be valid Secrets Manager secret ARN if provided; required for Oracle endpoints using ASM with Secrets Manager",
1044
+ "type": "string"
1045
+ },
1046
+ "secretsManagerSecretArn": {
1047
+ "description": "Q-ENHANCED-PROPERTY\nRequired Secrets Manager secret ARN containing Oracle endpoint connection details for secure credential management. Specifies the full ARN of the secret containing Oracle database connection information including credentials, enabling secure storage and access of Oracle endpoint authentication details.\n\nUse cases: Secure credential storage; Oracle authentication; Secrets Manager integration; Database connection security; Credential management\n\nAWS: AWS Secrets Manager secret ARN containing Oracle endpoint connection details and credentials\n\nValidation: Must be valid Secrets Manager secret ARN; required for secure Oracle endpoint credential management and authentication",
1048
+ "type": "string"
1049
+ },
1050
+ "secretsManagerSecretKMSArn": {
1051
+ "description": "Q-ENHANCED-PROPERTY\nOptional KMS key ARN for encrypting Oracle endpoint credentials secret in Secrets Manager. Specifies the KMS key used to encrypt the credentials secret, providing additional encryption layer for Oracle endpoint authentication information stored in AWS Secrets Manager.\n\nUse cases: Credential encryption; KMS integration; Enhanced security; Secret encryption; Oracle credential protection\n\nAWS: AWS KMS key ARN for encrypting Secrets Manager secret containing Oracle endpoint credentials\n\nValidation: Must be valid KMS key ARN if provided; provides additional encryption for Oracle credentials in Secrets Manager",
1052
+ "type": "string"
1053
+ },
1054
+ "spatialDataOptionToGeoJsonFunctionName": {
1055
+ "description": "Q-ENHANCED-PROPERTY\nOptional custom function name for converting Oracle SDO_GEOMETRY to GEOJSON format during spatial data migration. Specifies a custom function to handle spatial data conversion, defaulting to SDO2GEOJSON function if available, enabling proper handling of Oracle spatial data types during migration operations.\n\nUse cases: Spatial data conversion; GEOJSON transformation; Oracle spatial types; Custom function usage; Spatial data migration\n\nAWS: AWS DMS Oracle endpoint spatial data conversion function for SDO_GEOMETRY to GEOJSON transformation\n\nValidation: Must be valid Oracle function name if provided; function must be accessible and mimic SDO2GEOJSON operation",
1056
+ "type": "string"
1057
+ },
1058
+ "standbyDelayTime": {
1059
+ "description": "Q-ENHANCED-PROPERTY\nOptional standby delay time in minutes for Oracle Active Data Guard standby database synchronization. Specifies the time lag between primary and standby databases when using Oracle Active Data Guard standby as CDC source, enabling replication from standby instances without impacting production databases.\n\nUse cases: Active Data Guard; Standby replication; Production isolation; CDC from standby; Database synchronization delay\n\nAWS: AWS DMS Oracle endpoint standby delay configuration for Active Data Guard standby database replication\n\nValidation: Must be positive integer in minutes if provided; controls synchronization delay for Active Data Guard standby sources",
1060
+ "type": "number"
1061
+ },
1062
+ "useAlternateFolderForOnline": {
1063
+ "description": "Q-ENHANCED-PROPERTY\nOptional flag to enable alternate folder usage for online redo logs with Binary Reader for Oracle RDS sources. Instructs DMS Binary Reader to use specified prefix replacement for accessing online redo logs, enabling proper change data capture from Amazon RDS for Oracle databases with custom redo log configurations.\n\nUse cases: Binary Reader configuration; Online redo log access; RDS Oracle sources; Prefix replacement; Change data capture optimization\n\nAWS: AWS DMS Oracle endpoint useAlternateFolderForOnline for Binary Reader online redo log access configuration\n\nValidation: Must be boolean value if provided; enables alternate folder usage for Binary Reader online redo log access",
1064
+ "type": "boolean"
1065
+ },
1066
+ "useBFile": {
1067
+ "description": "Q-ENHANCED-PROPERTY\nOptional flag to enable Binary Reader utility for Oracle change data capture operations. Enables Binary Reader for change data capture requiring UseLogminerReader to be disabled, providing alternative method for accessing Oracle redo logs with additional configuration for RDS Oracle sources and ASM environments.\n\nUse cases: Binary Reader CDC; Alternative log access; Oracle ASM support; RDS Oracle configuration; Change data capture method selection\n\nAWS: AWS DMS Oracle endpoint useBFile for Binary Reader utility change data capture configuration\n\nValidation: Must be boolean value if provided; requires UseLogminerReader set to false; additional attributes needed for RDS Oracle",
1068
+ "type": "boolean"
1069
+ },
1070
+ "useDirectPathFullLoad": {
1071
+ "description": "Q-ENHANCED-PROPERTY\nOptional flag to enable direct path full load for Oracle target database performance optimization. Uses Oracle Call Interface (OCI) direct path protocol for bulk-loading Oracle target tables during full load operations, providing improved performance for large data migration scenarios.\n\nUse cases: Performance optimization; Bulk loading; Full load acceleration; Oracle target optimization; Large data migration\n\nAWS: AWS DMS Oracle endpoint useDirectPathFullLoad for direct path protocol bulk loading optimization\n\nValidation: Must be boolean value if provided; enables OCI direct path protocol for bulk-loading Oracle target tables",
1072
+ "type": "boolean"
1073
+ },
1074
+ "useLogminerReader": {
1075
+ "description": "Q-ENHANCED-PROPERTY\nOptional flag to enable Oracle LogMiner utility for change data capture operations (default method). Controls whether to use LogMiner (default) or Binary Reader for accessing redo logs, with LogMiner being the standard method and Binary Reader requiring additional configuration for binary file access.\n\nUse cases: LogMiner CDC; Standard log access; Change data capture method; Oracle replication; Log access method selection\n\nAWS: AWS DMS Oracle endpoint useLogminerReader for LogMiner utility change data capture configuration\n\nValidation: Must be boolean value if provided; default true for LogMiner; set false to enable Binary Reader with useBFile",
1076
+ "type": "boolean"
1077
+ },
1078
+ "usePathPrefix": {
1079
+ "description": "Q-ENHANCED-PROPERTY\nOptional path prefix for Binary Reader redo log access replacement in Oracle RDS sources. Specifies the path prefix to replace the default Oracle root for accessing redo logs when using Binary Reader for change data capture from Amazon RDS for Oracle databases.\n\nUse cases: Binary Reader configuration; Path replacement; RDS Oracle access; Redo log path management; Custom path configuration\n\nAWS: AWS DMS Oracle endpoint usePathPrefix for Binary Reader path prefix replacement configuration\n\nValidation: Must be valid path prefix string if provided; used with Binary Reader for RDS Oracle redo log access replacement",
1080
+ "type": "string"
1081
+ }
1082
+ },
1083
+ "required": [
1084
+ "secretsManagerSecretArn"
1085
+ ],
1086
+ "type": "object"
1087
+ },
1088
+ "PostgreSqlSettingsProperty": {
1089
+ "additionalProperties": false,
1090
+ "description": "Q-ENHANCED-INTERFACE\nPostgreSQL settings configuration interface for DMS providing PostgreSQL migration and open-source database capabilities. Defines PostgreSQL-specific properties for Database Migration Service including advanced PostgreSQL features, replication settings, and PostgreSQL integration for open-source database migration workflows.\n\nUse cases: PostgreSQL migration; Open-source database migration; PostgreSQL connectivity; Advanced PostgreSQL features; Database replication; DMS PostgreSQL integration\n\nAWS: AWS DMS PostgreSQL endpoint configuration with PostgreSQL migration and open-source database capabilities\n\nValidation: Configuration must be valid for DMS migration; properties must conform to AWS DMS and database-specific requirements",
1091
+ "properties": {
1092
+ "afterConnectScript": {
1093
+ "description": "Q-ENHANCED-PROPERTY\nOptional SQL script executed after connecting to PostgreSQL source for change data capture (CDC) optimization enabling performance tuning and constraint bypassing. Provides custom SQL commands that run immediately after DMS connects to the PostgreSQL database, commonly used to bypass foreign keys and triggers during bulk loading for improved migration performance.\n\nUse cases: CDC performance optimization; Constraint bypassing; Custom connection setup; Migration performance tuning; Bulk load optimization\n\nAWS: AWS DMS PostgreSQL after-connect script for CDC optimization and custom connection configuration\n\nValidation: Must be valid SQL script if provided; commonly used for session configuration; optional for connection customization",
1094
+ "type": "string"
1095
+ },
1096
+ "babelfishDatabaseName": {
1097
+ "description": "Q-ENHANCED-PROPERTY\nOptional Babelfish for Aurora PostgreSQL database name for DMS endpoint configuration enabling SQL Server compatibility layer access. Specifies the database name when using Babelfish for Aurora PostgreSQL, which provides SQL Server compatibility on top of PostgreSQL for cross-database migration scenarios.\n\nUse cases: Babelfish database access; SQL Server compatibility; Aurora PostgreSQL with Babelfish; Cross-database migration; SQL Server to PostgreSQL migration\n\nAWS: AWS DMS Babelfish for Aurora PostgreSQL database name for SQL Server compatibility layer access\n\nValidation: Must be valid database name if provided; used with Babelfish-enabled Aurora PostgreSQL; optional for Babelfish configuration",
1098
+ "type": "string"
1099
+ },
1100
+ "captureDdls": {
1101
+ "description": "Q-ENHANCED-PROPERTY\nOptional boolean flag to enable DDL event capture for PostgreSQL DMS migration enabling schema change tracking and replication. Controls whether DMS will capture DDL events by creating artifacts in the PostgreSQL database, allowing schema changes to be tracked and replicated during migration operations.\n\nUse cases: DDL event capture; Schema change tracking; DDL replication; Database schema migration; Change data capture\n\nAWS: AWS DMS PostgreSQL DDL capture for schema change tracking and DDL event replication\n\nValidation: Must be boolean value if provided; optional for DDL capture control",
1102
+ "type": "boolean"
1103
+ },
1104
+ "databaseMode": {
1105
+ "description": "Q-ENHANCED-PROPERTY\nOptional database mode specification for PostgreSQL-compatible endpoints requiring additional configuration enabling specialized endpoint handling. Defines the default behavior for handling PostgreSQL-compatible endpoints such as Babelfish endpoints that require specific configuration and compatibility settings.\n\nUse cases: PostgreSQL-compatible endpoint handling; Babelfish endpoint configuration; Specialized database modes; Endpoint compatibility; Database-specific settings\n\nAWS: AWS DMS PostgreSQL database mode for PostgreSQL-compatible endpoint handling and specialized configuration\n\nValidation: Must be valid database mode string if provided; optional for specialized endpoint configuration",
1106
+ "type": "string"
1107
+ },
1108
+ "ddlArtifactsSchema": {
1109
+ "description": "The schema in which the operational DDL database artifacts are created.\nExample: `ddlArtifactsSchema=xyzddlschema;`\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-postgresqlsettings.html#cfn-dms-endpoint-postgresqlsettings-ddlartifactsschema",
1110
+ "type": "string"
1111
+ },
1112
+ "executeTimeout": {
1113
+ "description": "Sets the client statement timeout for the PostgreSQL instance, in seconds. The default value is 60 seconds.\nExample: `executeTimeout=100;`\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-postgresqlsettings.html#cfn-dms-endpoint-postgresqlsettings-executetimeout",
1114
+ "type": "number"
1115
+ },
1116
+ "failTasksOnLobTruncation": {
1117
+ "description": "When set to `true` , this value causes a task to fail if the actual size of a LOB column is greater than the specified `LobMaxSize` .\nIf task is set to Limited LOB mode and this option is set to true, the task fails instead of truncating the LOB data.\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-postgresqlsettings.html#cfn-dms-endpoint-postgresqlsettings-failtasksonlobtruncation",
1118
+ "type": "boolean"
1119
+ },
1120
+ "heartbeatEnable": {
1121
+ "description": "Q-ENHANCED-PROPERTY\nOptional boolean flag to enable WAL heartbeat feature for PostgreSQL DMS migration preventing storage full scenarios and maintaining replication slot health. Enables write-ahead log heartbeat that mimics dummy transactions to keep restart_lsn moving and prevent idle logical replication slots from holding old WAL logs.\n\nUse cases: WAL heartbeat management; Storage full prevention; Replication slot maintenance; Logical replication optimization; WAL log management\n\nAWS: AWS DMS PostgreSQL WAL heartbeat for replication slot maintenance and storage optimization\n\nValidation: Must be boolean value if provided; optional for WAL heartbeat control",
1122
+ "type": "boolean"
1123
+ },
1124
+ "heartbeatFrequency": {
1125
+ "description": "Q-ENHANCED-PROPERTY\nOptional WAL heartbeat frequency in minutes for PostgreSQL DMS migration enabling configurable heartbeat timing and replication optimization. Defines how frequently the WAL heartbeat feature will execute dummy transactions to maintain replication slot health and prevent storage issues.\n\nUse cases: Heartbeat frequency control; Replication optimization; WAL management timing; Storage optimization; Performance tuning\n\nAWS: AWS DMS PostgreSQL WAL heartbeat frequency for configurable replication slot maintenance timing\n\nValidation: Must be positive number in minutes if provided; optional for heartbeat frequency control",
1126
+ "type": "number"
1127
+ },
1128
+ "heartbeatSchema": {
1129
+ "description": "Sets the schema in which the heartbeat artifacts are created.\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-postgresqlsettings.html#cfn-dms-endpoint-postgresqlsettings-heartbeatschema",
1130
+ "type": "string"
1131
+ },
1132
+ "mapBooleanAsBoolean": {
1133
+ "description": "When true, lets PostgreSQL migrate the boolean type as boolean.\nBy default, PostgreSQL migrates booleans as `varchar(5)` . You must set this setting on both the source and target endpoints for it to take effect.\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-postgresqlsettings.html#cfn-dms-endpoint-postgresqlsettings-mapbooleanasboolean",
1134
+ "type": "boolean"
1135
+ },
1136
+ "maxFileSize": {
1137
+ "description": "Specifies the maximum size (in KB) of any .csv file used to transfer data to PostgreSQL.\nExample: `maxFileSize=512`\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-postgresqlsettings.html#cfn-dms-endpoint-postgresqlsettings-maxfilesize",
1138
+ "type": "number"
1139
+ },
1140
+ "pluginName": {
1141
+ "description": "Specifies the plugin to use to create a replication slot.\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-postgresqlsettings.html#cfn-dms-endpoint-postgresqlsettings-pluginname",
1142
+ "type": "string"
1143
+ },
1144
+ "secretsManagerAccessRoleArn": {
1145
+ "description": "The full Amazon Resource Name (ARN) of the IAM role that specifies AWS DMS as the trusted entity and grants the required permissions to access the value in `SecretsManagerSecret` .\nThe role must allow the `iam:PassRole` action. `SecretsManagerSecret` has the value of the AWS Secrets Manager secret that allows access to the PostgreSQL endpoint.\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-postgresqlsettings.html#cfn-dms-endpoint-postgresqlsettings-secretsmanageraccessrolearn",
1146
+ "type": "string"
1147
+ },
1148
+ "secretsManagerSecretArn": {
1149
+ "description": "The full ARN of the `SecretsManagerSecret` that contains the PostgreSQL endpoint connection details.\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-postgresqlsettings.html#cfn-dms-endpoint-postgresqlsettings-secretsmanagersecretid",
1150
+ "type": "string"
1151
+ },
1152
+ "secretsManagerSecretKMSArn": {
1153
+ "description": "The ID of the KMS key used to encrypt the credentials secret.",
1154
+ "type": "string"
1155
+ },
1156
+ "slotName": {
1157
+ "description": "Sets the name of a previously created logical replication slot for a change data capture (CDC) load of the PostgreSQL source instance.\nWhen used with the `CdcStartPosition` request parameter for the AWS DMS API , this attribute also makes it possible to use native CDC start points. DMS verifies that the specified logical replication slot exists before starting the CDC load task. It also verifies that the task was created with a valid setting of `CdcStartPosition` . If the specified slot doesn't exist or the task doesn't have a valid `CdcStartPosition` setting, DMS raises an error.\nFor more information about setting the `CdcStartPosition` request parameter, see [Determining a CDC native start point](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Task.CDC.html#CHAP_Task.CDC.StartPoint.Native) in the *AWS Database Migration Service User Guide* . For more information about using `CdcStartPosition` , see [CreateReplicationTask](https://docs.aws.amazon.com/dms/latest/APIReference/API_CreateReplicationTask.html) , [StartReplicationTask](https://docs.aws.amazon.com/dms/latest/APIReference/API_StartReplicationTask.html) , and [ModifyReplicationTask](https://docs.aws.amazon.com/dms/latest/APIReference/API_ModifyReplicationTask.html) .\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-postgresqlsettings.html#cfn-dms-endpoint-postgresqlsettings-slotname",
1158
+ "type": "string"
1159
+ }
1160
+ },
1161
+ "required": [
1162
+ "secretsManagerSecretArn"
1163
+ ],
1164
+ "type": "object"
1165
+ },
1166
+ "RedshiftSettingsProperty": {
1167
+ "additionalProperties": false,
1168
+ "description": "Q-ENHANCED-INTERFACE\nRedshift settings configuration interface for DMS providing data warehouse integration and bulk loading capabilities. Defines Redshift-specific properties for Database Migration Service including data loading configuration, S3 integration, and Redshift optimization for data warehouse migration workflows.\n\nUse cases: Data warehouse migration; Redshift integration; Bulk data loading; Data warehouse workflows; S3 staging; DMS Redshift integration\n\nAWS: AWS DMS Redshift endpoint configuration with data warehouse integration and bulk loading optimization\n\nValidation: Configuration must be valid for DMS migration; properties must conform to AWS DMS and Redshift-specific requirements",
1169
+ "properties": {
1170
+ "acceptAnyDate": {
1171
+ "description": "Q-ENHANCED-PROPERTY\nOptional flag to allow any date format including invalid formats for flexible date handling in Redshift data warehouse. Enables loading of any date format including invalid formats like 00/00/00 00:00:00 without errors, with false default, requiring DATEFORMAT parameter for proper date handling.\n\nUse cases: Flexible date handling; Invalid date processing; Date format tolerance; Data warehouse loading; TIMESTAMP/DATE columns\n\nAWS: AWS DMS Redshift endpoint acceptAnyDate for flexible date format handling in data warehouse loading\n\nValidation: Must be boolean if provided; default false; applies only to TIMESTAMP and DATE columns; requires DATEFORMAT parameter",
1172
+ "type": "boolean"
1173
+ },
1174
+ "afterConnectScript": {
1175
+ "description": "Q-ENHANCED-PROPERTY\nOptional SQL script to execute after connecting to Redshift endpoint for initialization and setup tasks. Provides custom initialization logic that runs after connection establishment to Redshift data warehouse, enabling database-specific setup and configuration for data warehouse operations.\n\nUse cases: Database initialization; Connection setup; Custom configuration; Post-connection tasks; Data warehouse preparation\n\nAWS: AWS DMS Redshift endpoint afterConnectScript for post-connection initialization and setup\n\nValidation: Must be valid SQL script code if provided; script content not filename; enables custom Redshift initialization",
1176
+ "type": "string"
1177
+ },
1178
+ "bucketFolder": {
1179
+ "description": "Q-ENHANCED-PROPERTY\nOptional S3 folder for storing CSV files before uploading to Redshift cluster for staged data loading. Specifies S3 folder where CSV files are stored before Redshift COPY operations, with full load using BucketFolder/TableID path and CDC using BucketFolder/NetChangesTableID path for organized data staging.\n\nUse cases: Data staging; S3 organization; CSV storage; Redshift COPY operations; Staged loading\n\nAWS: AWS S3 folder path for DMS Redshift CSV file staging and COPY operation organization\n\nValidation: Must be valid S3 folder path if provided; used for CSV staging before Redshift COPY operations",
1180
+ "type": "string"
1181
+ },
1182
+ "bucketName": {
1183
+ "description": "Q-ENHANCED-PROPERTY\nRequired S3 bucket name for intermediate CSV file storage before Redshift data loading operations. Specifies the S3 bucket where CSV files are stored before uploading to Redshift cluster, serving as staging area for Redshift COPY operations and data warehouse loading workflows.\n\nUse cases: Data staging; S3 storage; CSV intermediate storage; Redshift loading; Data warehouse staging\n\nAWS: AWS S3 bucket name for DMS Redshift CSV file staging and data warehouse loading operations\n\nValidation: Must be valid S3 bucket name; required for Redshift endpoint configuration and CSV staging operations",
1184
+ "type": "string"
1185
+ },
1186
+ "caseSensitiveNames": {
1187
+ "description": "Q-ENHANCED-PROPERTY\nOptional flag to enable case-sensitive schema names in Redshift data warehouse for precise schema handling. Enables case-sensitive schema name support when Redshift is configured for case sensitivity with default false, ensuring proper schema name handling and data organization in data warehouse operations.\n\nUse cases: Case-sensitive schemas; Schema name precision; Data organization; Redshift configuration; Schema handling\n\nAWS: AWS DMS Redshift endpoint caseSensitiveNames for case-sensitive schema name handling\n\nValidation: Must be boolean if provided; default false; requires Redshift configured for case-sensitive schema names",
1188
+ "type": "boolean"
1189
+ },
1190
+ "compUpdate": {
1191
+ "description": "Q-ENHANCED-PROPERTY\nOptional flag to enable automatic compression for empty Redshift tables for storage optimization. Enables automatic compression when table is empty even with existing encodings other than RAW, with true default, optimizing storage efficiency and query performance in data warehouse operations.\n\nUse cases: Storage optimization; Compression management; Performance tuning; Data warehouse optimization; Automatic encoding\n\nAWS: AWS DMS Redshift endpoint compUpdate for automatic compression and storage optimization\n\nValidation: Must be boolean if provided; default true; applies automatic compression to empty tables regardless of existing encodings",
1192
+ "type": "boolean"
1193
+ },
1194
+ "connectionTimeout": {
1195
+ "description": "Q-ENHANCED-PROPERTY\nOptional connection timeout in milliseconds for Redshift endpoint connection establishment. Specifies the maximum time to wait for initial connection establishment to Redshift data warehouse, controlling connection reliability and timeout behavior for data warehouse connectivity.\n\nUse cases: Connection reliability; Timeout control; Network configuration; Connection management; Data warehouse connectivity\n\nAWS: AWS DMS Redshift endpoint connectionTimeout for connection establishment timeout control\n\nValidation: Must be positive integer in milliseconds if provided; controls initial connection timeout for Redshift endpoint",
1196
+ "type": "number"
1197
+ },
1198
+ "dateFormat": {
1199
+ "description": "Q-ENHANCED-PROPERTY\nOptional date format specification for Redshift data loading and date handling. Specifies date format with 'auto' for automatic recognition, custom format string in quotes, or NULL for default YYYY-MM-DD format, enabling flexible date parsing and data warehouse date handling.\n\nUse cases: Date format specification; Flexible date parsing; Data warehouse loading; Date handling; Format recognition\n\nAWS: AWS DMS Redshift endpoint dateFormat for date format specification and parsing control\n\nValidation: Must be 'auto', quoted format string, or NULL if provided; default YYYY-MM-DD; use 'auto' for mixed formats",
1200
+ "type": "string"
1201
+ },
1202
+ "emptyAsNull": {
1203
+ "description": "Q-ENHANCED-PROPERTY\nOptional flag to migrate empty CHAR and VARCHAR fields as NULL for consistent null handling. Enables migration of empty string fields as NULL values with true setting and false default, ensuring consistent null representation in Redshift data warehouse operations.\n\nUse cases: NULL handling; Empty string processing; Data consistency; Redshift migration; Field representation\n\nAWS: AWS DMS Redshift endpoint emptyAsNull for empty field NULL conversion and consistent data representation\n\nValidation: Must be boolean if provided; default false; converts empty CHAR/VARCHAR fields to NULL when true",
1204
+ "type": "boolean"
1205
+ },
1206
+ "explicitIds": {
1207
+ "description": "Q-ENHANCED-PROPERTY\nOptional flag to override auto-generated IDENTITY column values with explicit source values for full-load migration. Enables tables with IDENTITY columns to use explicit values from source data files instead of auto-generated values, applicable only to full-load migration tasks.\n\nUse cases: IDENTITY column handling; Explicit value loading; Full-load migration; Source value preservation; Identity management\n\nAWS: AWS DMS Redshift endpoint explicitIds for IDENTITY column value override in full-load migration\n\nValidation: Must be boolean if provided; default false; applies only to full-load migration tasks with IDENTITY columns",
1208
+ "type": "boolean"
1209
+ },
1210
+ "fileTransferUploadStreams": {
1211
+ "description": "Q-ENHANCED-PROPERTY\nOptional number of parallel threads for single file upload to optimize S3 multipart upload performance. Specifies thread count (1-64) for uploading single CSV files to S3 using multipart upload with default 10, affecting upload performance and throughput for Redshift staging operations.\n\nUse cases: Upload optimization; Parallel processing; S3 multipart upload; Performance tuning; File transfer optimization\n\nAWS: AWS S3 multipart upload thread configuration for DMS Redshift CSV file upload optimization\n\nValidation: Must be integer between 1-64 if provided; default 10; controls parallel streams for S3 multipart upload",
1212
+ "type": "number"
1213
+ },
1214
+ "loadTimeout": {
1215
+ "description": "Q-ENHANCED-PROPERTY\nOptional timeout in milliseconds for Redshift cluster operations including COPY, INSERT, DELETE, and UPDATE. Specifies maximum wait time for DMS operations on Redshift cluster, controlling operation timeout behavior and preventing hung operations in data warehouse loading.\n\nUse cases: Operation timeout; Performance control; Redshift operations; Timeout management; Data warehouse loading\n\nAWS: AWS DMS Redshift endpoint loadTimeout for cluster operation timeout control and performance management\n\nValidation: Must be positive integer in milliseconds if provided; controls timeout for Redshift COPY/INSERT/DELETE/UPDATE operations",
1216
+ "type": "number"
1217
+ },
1218
+ "mapBooleanAsBoolean": {
1219
+ "description": "Q-ENHANCED-PROPERTY\nOptional flag to migrate boolean type as native boolean in Redshift for proper data type representation. Enables migration of boolean values as boolean type instead of default varchar(1), requiring setting on both source and target endpoints for proper boolean data type handling in data warehouse.\n\nUse cases: Boolean type preservation; Data type accuracy; Redshift native types; Type mapping; Data warehouse optimization\n\nAWS: AWS DMS Redshift endpoint mapBooleanAsBoolean for native boolean type migration and data type preservation\n\nValidation: Must be boolean if provided; must be set on both source and target endpoints; preserves boolean data type in Redshift",
1220
+ "type": "boolean"
1221
+ },
1222
+ "maxFileSize": {
1223
+ "description": "Q-ENHANCED-PROPERTY\nOptional maximum CSV file size in KB for S3 staging and Redshift data transfer optimization. Specifies maximum size limit for CSV files used in S3 bucket loading and Redshift data transfer with default 1 GB (1048576KB), affecting staging performance and transfer efficiency.\n\nUse cases: File size control; S3 staging optimization; Transfer performance; Data warehouse loading; Storage management\n\nAWS: AWS DMS Redshift endpoint maxFileSize for CSV file size limits in S3 staging and data transfer\n\nValidation: Must be positive integer in KB if provided; default 1 GB; controls CSV file size for S3 staging and Redshift transfer",
1224
+ "type": "number"
1225
+ },
1226
+ "removeQuotes": {
1227
+ "description": "Q-ENHANCED-PROPERTY\nOptional flag to remove surrounding quotation marks from strings in incoming data for cleaner data processing. Enables removal of quotation marks while retaining all characters within quotes including delimiters, with false default, affecting string data processing in Redshift migration.\n\nUse cases: String processing; Quotation handling; Data cleaning; Character processing; String formatting\n\nAWS: AWS DMS Redshift endpoint removeQuotes for quotation mark removal and string data processing\n\nValidation: Must be boolean if provided; default false; removes surrounding quotation marks while preserving internal content",
1228
+ "type": "boolean"
1229
+ },
1230
+ "replaceChars": {
1231
+ "description": "Q-ENHANCED-PROPERTY\nOptional replacement character for invalid characters specified in ReplaceInvalidChars for data cleaning. Specifies the substitution character for invalid characters during data migration with default \"?\" character, working with ReplaceInvalidChars for character replacement and data cleaning.\n\nUse cases: Character replacement; Data cleaning; Invalid character handling; String processing; Data sanitization\n\nAWS: AWS DMS Redshift endpoint replaceChars for invalid character replacement and data cleaning\n\nValidation: Must be valid replacement character if provided; default \"?\"; works with ReplaceInvalidChars for character substitution",
1232
+ "type": "string"
1233
+ },
1234
+ "replaceInvalidChars": {
1235
+ "description": "Q-ENHANCED-PROPERTY\nOptional list of characters to replace during data migration for data cleaning. Specifies characters that should be replaced using ReplaceChars substitution, enabling data sanitization and character normalization during Redshift data warehouse migration operations.\n\nUse cases: Character filtering; Data sanitization; Invalid character removal; String normalization; Data cleaning\n\nAWS: AWS DMS Redshift endpoint replaceInvalidChars for character filtering and data sanitization\n\nValidation: Must be valid character list if provided; works with ReplaceChars for character replacement and data cleaning",
1236
+ "type": "string"
1237
+ },
1238
+ "secretsManagerAccessRoleArn": {
1239
+ "description": "Q-ENHANCED-PROPERTY\nOptional IAM role ARN for AWS Secrets Manager access to Redshift endpoint credentials. Specifies the IAM role with required permissions to access SecretsManagerSecret containing Redshift endpoint credentials, enabling secure credential management and access control for data warehouse connections.\n\nUse cases: Credential management; Secrets Manager integration; Secure access; IAM role configuration; Redshift authentication\n\nAWS: AWS IAM role ARN for Secrets Manager access to Redshift endpoint credentials and authentication\n\nValidation: Must be valid IAM role ARN if provided; requires iam:PassRole action and Secrets Manager access permissions",
1240
+ "type": "string"
1241
+ },
1242
+ "secretsManagerSecretArn": {
1243
+ "description": "Q-ENHANCED-PROPERTY\nRequired Secrets Manager secret ARN containing Redshift endpoint connection details for secure credential management. Specifies the full ARN of the secret containing Redshift database connection information including credentials, enabling secure storage and access of Redshift endpoint authentication details.\n\nUse cases: Secure credential storage; Redshift authentication; Secrets Manager integration; Database connection security; Credential management\n\nAWS: AWS Secrets Manager secret ARN containing Redshift endpoint connection details and credentials\n\nValidation: Must be valid Secrets Manager secret ARN; required for secure Redshift endpoint credential management and authentication",
1244
+ "type": "string"
1245
+ },
1246
+ "secretsManagerSecretKMSArn": {
1247
+ "description": "Q-ENHANCED-PROPERTY\nOptional KMS key ARN for encrypting Redshift endpoint credentials secret in Secrets Manager. Specifies the KMS key used to encrypt the credentials secret, providing additional encryption layer for Redshift endpoint authentication information stored in AWS Secrets Manager.\n\nUse cases: Credential encryption; KMS integration; Enhanced security; Secret encryption; Redshift credential protection\n\nAWS: AWS KMS key ARN for encrypting Secrets Manager secret containing Redshift endpoint credentials\n\nValidation: Must be valid KMS key ARN if provided; provides additional encryption for Redshift credentials in Secrets Manager",
1248
+ "type": "string"
1249
+ },
1250
+ "serverSideEncryptionKmsKeyId": {
1251
+ "description": "Q-ENHANCED-PROPERTY\nRequired KMS key ID for server-side encryption when using SSE_KMS encryption mode for Redshift S3 staging security. Specifies the AWS KMS key for encrypting S3 staging objects, requiring attached policy enabling IAM user permissions and key usage for secure data warehouse staging and compliance.\n\nUse cases: Data encryption; KMS integration; S3 security; Compliance requirements; Data protection\n\nAWS: AWS KMS key ID for S3 server-side encryption with customer-managed keys in Redshift staging\n\nValidation: Must be valid KMS key ID; required when EncryptionMode is SSE_KMS; requires proper IAM permissions and key policy",
1252
+ "type": "string"
1253
+ },
1254
+ "serviceAccessRoleArn": {
1255
+ "description": "Q-ENHANCED-PROPERTY\nOptional IAM role ARN for DMS service access to Redshift service operations for data warehouse integration. Specifies the service role enabling DMS to access Redshift service, requiring iam:PassRole action for secure Redshift access and data warehouse migration operations.\n\nUse cases: Service access; IAM role configuration; Redshift permissions; Secure access; Data warehouse authorization\n\nAWS: AWS IAM role ARN for DMS service access to Redshift service operations and data warehouse integration\n\nValidation: Must be valid IAM role ARN if provided; requires iam:PassRole action; enables Redshift service access operations",
1256
+ "type": "string"
1257
+ },
1258
+ "timeFormat": {
1259
+ "description": "Q-ENHANCED-PROPERTY\nOptional time format specification for Redshift data loading and time handling. Specifies time format with 'auto' for automatic recognition, custom timeformat_string, epochsecs, or epochmillisecs options, enabling flexible time parsing and data warehouse time handling with default 10.\n\nUse cases: Time format specification; Flexible time parsing; Data warehouse loading; Time handling; Format recognition\n\nAWS: AWS DMS Redshift endpoint timeFormat for time format specification and parsing control\n\nValidation: Must be 'auto', timeformat_string, 'epochsecs', or 'epochmillisecs' if provided; default 10; use 'auto' for mixed formats",
1260
+ "type": "string"
1261
+ },
1262
+ "trimBlanks": {
1263
+ "description": "Q-ENHANCED-PROPERTY\nOptional flag to remove trailing white space characters from VARCHAR strings for cleaner data processing. Enables removal of trailing whitespace from VARCHAR columns with true setting and false default, improving data quality and consistency in Redshift data warehouse operations.\n\nUse cases: Data cleaning; Whitespace removal; VARCHAR processing; Data quality; String normalization\n\nAWS: AWS DMS Redshift endpoint trimBlanks for trailing whitespace removal from VARCHAR columns\n\nValidation: Must be boolean if provided; default false; applies only to VARCHAR data type columns; removes trailing whitespace",
1264
+ "type": "boolean"
1265
+ },
1266
+ "truncateColumns": {
1267
+ "description": "Q-ENHANCED-PROPERTY\nOptional flag to truncate data in columns to fit column size limits for data integrity in Redshift. Enables truncation of data in VARCHAR or CHAR columns to appropriate character limits for rows 4MB or less, with false default, ensuring data fits column constraints in data warehouse operations.\n\nUse cases: Data truncation; Column size compliance; Data integrity; VARCHAR/CHAR handling; Size constraint management\n\nAWS: AWS DMS Redshift endpoint truncateColumns for data truncation and column size compliance\n\nValidation: Must be boolean if provided; default false; applies only to VARCHAR/CHAR columns with rows ≤4MB; ensures data fits columns",
1268
+ "type": "boolean"
1269
+ },
1270
+ "writeBufferSize": {
1271
+ "description": "Q-ENHANCED-PROPERTY\nOptional in-memory file write buffer size in KB for CSV file generation performance optimization. Specifies buffer size for generating CSV files on local disk at DMS replication instance with default 1000KB (1MB), affecting CSV generation performance and memory usage.\n\nUse cases: Performance optimization; Buffer management; CSV generation; Memory optimization; File write performance\n\nAWS: AWS DMS Redshift endpoint writeBufferSize for CSV file generation buffer optimization and performance tuning\n\nValidation: Must be positive integer in KB if provided; default 1000KB; controls in-memory buffer size for CSV file generation",
1272
+ "type": "number"
1273
+ }
1274
+ },
1275
+ "required": [
1276
+ "bucketName",
1277
+ "secretsManagerSecretArn",
1278
+ "serverSideEncryptionKmsKeyId"
1279
+ ],
1280
+ "type": "object"
1281
+ },
1282
+ "RegexAppliesTo": {
1283
+ "additionalProperties": false,
1284
+ "description": "A regular expression to apply to matching findings",
1285
+ "properties": {
1286
+ "regex": {
1287
+ "description": "An ECMA-262 regex string",
1288
+ "type": "string"
1289
+ }
1290
+ },
1291
+ "required": [
1292
+ "regex"
1293
+ ],
1294
+ "type": "object"
1295
+ },
1296
+ "ReplicationInstanceProps": {
1297
+ "additionalProperties": false,
1298
+ "description": "Q-ENHANCED-INTERFACE\nReplicationInstanceProps configuration interface for database migration and replication.\n\nUse cases: Database migration; Database replication; Data migration workflows; Database connectivity\n\nAWS: AWS Database Migration Service configuration for database migration and replication\n\nValidation: Configuration must be valid for deployment; properties must conform to AWS DMS and MDAA requirements",
1299
+ "properties": {
1300
+ "addSelfReferenceRule": {
1301
+ "description": "If true, the SG will allow traffic to and from itself",
1302
+ "type": "boolean"
1303
+ },
1304
+ "egressRules": {
1305
+ "$ref": "#/definitions/MdaaSecurityGroupRuleProps",
1306
+ "description": "List of egress rules to be added to the function SG"
1307
+ },
1308
+ "ingressRules": {
1309
+ "$ref": "#/definitions/MdaaSecurityGroupRuleProps",
1310
+ "description": "List of ingress rules to be added to the function SG"
1311
+ },
1312
+ "instanceClass": {
1313
+ "description": "Q-ENHANCED-PROPERTY\nRequired compute class specification for DMS replication instance enabling performance and capacity optimization for database migration workloads. Defines the compute capacity and performance characteristics of the replication instance for handling database migration tasks, data transfer operations, and replication workloads.\n\nUse cases: Performance optimization; Capacity planning; Migration workload sizing; Cost optimization; Compute resource specification\n\nAWS: AWS DMS replication instance class for compute capacity and performance optimization\n\nValidation: Must be valid DMS instance class; required for replication instance deployment; see AWS DMS documentation for supported types",
1314
+ "type": "string"
1315
+ },
1316
+ "subnetIds": {
1317
+ "description": "Q-ENHANCED-PROPERTY\nRequired array of subnet identifiers for DMS replication instance deployment enabling multi-AZ availability and network distribution. Defines the subnets where the replication instance will be deployed, requiring at least two availability zones for high availability and fault tolerance in database migration operations.\n\nUse cases: Multi-AZ deployment; High availability; Network distribution; Fault tolerance; Availability zone redundancy\n\nAWS: Amazon VPC subnet identifiers for DMS replication instance multi-AZ deployment and high availability\n\nValidation: Must be array of valid subnet identifiers; required for replication instance deployment; must span at least two availability zones",
1318
+ "items": {
1319
+ "type": "string"
1320
+ },
1321
+ "type": "array"
1322
+ },
1323
+ "vpcId": {
1324
+ "description": "Q-ENHANCED-PROPERTY\nRequired VPC identifier for DMS replication instance deployment enabling network isolation and security boundaries. Defines the Virtual Private Cloud that will host the replication instance providing network-level security and isolation for database migration operations and data transfer workflows.\n\nUse cases: Network isolation; VPC deployment; Security boundaries; Private migration environments; Network-level security\n\nAWS: Amazon VPC identifier for DMS replication instance deployment and network isolation\n\nValidation: Must be valid VPC identifier; required for VPC-based replication instance deployment",
1325
+ "type": "string"
1326
+ }
1327
+ },
1328
+ "required": [
1329
+ "instanceClass",
1330
+ "subnetIds",
1331
+ "vpcId"
1332
+ ],
1333
+ "type": "object"
1334
+ },
1335
+ "ReplicationTaskProps": {
1336
+ "additionalProperties": false,
1337
+ "description": "Q-ENHANCED-INTERFACE\nReplicationTaskProps configuration interface for database migration and replication.\n\nUse cases: Database migration; Database replication; Data migration workflows; Database connectivity\n\nAWS: AWS Database Migration Service configuration for database migration and replication\n\nValidation: Configuration must be valid for deployment; properties must conform to AWS DMS and MDAA requirements",
1338
+ "properties": {
1339
+ "cdcStartPosition": {
1340
+ "description": "Indicates when you want a change data capture (CDC) operation to start.\nUse either `CdcStartPosition` or `CdcStartTime` to specify when you want a CDC operation to start. Specifying both values results in an error.\nThe value can be in date, checkpoint, log sequence number (LSN), or system change number (SCN) format.\nHere is a date example: `--cdc-start-position \"2018-03-08T12:12:12\"`\nHere is a checkpoint example: `--cdc-start-position \"checkpoint:V1#27#mysql-bin-changelog.157832:1975:-1:2002:677883278264080:mysql-bin-changelog.157832:1876#0#0#*#0#93\"`\nHere is an LSN example: `--cdc-start-position “mysql-bin-changelog.000024:373”`\n> When you use this task setting with a source PostgreSQL database, a logical replication slot should already be created and associated with the source endpoint. You can verify this by setting the `slotName` extra connection attribute to the name of this logical replication slot. For more information, see [Extra Connection Attributes When Using PostgreSQL as a Source for AWS DMS](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Source.PostgreSQL.html#CHAP_Source.PostgreSQL.ConnectionAttrib) in the *AWS Database Migration Service User Guide* .\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dms-replicationtask.html#cfn-dms-replicationtask-cdcstartposition",
1341
+ "type": "string"
1342
+ },
1343
+ "cdcStartTime": {
1344
+ "description": "Indicates the start time for a change data capture (CDC) operation.\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dms-replicationtask.html#cfn-dms-replicationtask-cdcstarttime",
1345
+ "type": "number"
1346
+ },
1347
+ "cdcStopPosition": {
1348
+ "description": "Indicates when you want a change data capture (CDC) operation to stop.\nThe value can be either server time or commit time.\nHere is a server time example: `--cdc-stop-position \"server_time:2018-02-09T12:12:12\"`\nHere is a commit time example: `--cdc-stop-position \"commit_time: 2018-02-09T12:12:12\"`\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dms-replicationtask.html#cfn-dms-replicationtask-cdcstopposition",
1349
+ "type": "string"
1350
+ },
1351
+ "migrationType": {
1352
+ "$ref": "#/definitions/DmsMigrationType",
1353
+ "description": "The migration type.\nValid values: `full-load` | `cdc` | `full-load-and-cdc`\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dms-replicationtask.html#cfn-dms-replicationtask-migrationtype"
1354
+ },
1355
+ "replicationInstance": {
1356
+ "description": "Q-ENHANCED-PROPERTY\nRequired replication instance name reference for DMS task execution enabling task-to-instance association and resource allocation. Specifies the name of the replication instance from the replicationInstances section that will execute this migration task, providing compute resources for data transfer operations.\n\nUse cases: Task-instance association; Resource allocation; Migration task execution; Compute resource assignment; DMS task configuration\n\nAWS: AWS DMS replication instance reference for task execution and resource allocation\n\nValidation: Must reference valid replication instance name from replicationInstances section; required for task execution",
1357
+ "type": "string"
1358
+ },
1359
+ "replicationTaskSettings": {
1360
+ "additionalProperties": {},
1361
+ "description": "Overall settings for the task, in JSON format.\nFor more information, see [Specifying Task Settings for AWS Database Migration Service Tasks](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Tasks.CustomizingTasks.TaskSettings.html) in the *AWS Database Migration Service User Guide* .\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dms-replicationtask.html#cfn-dms-replicationtask-replicationtasksettings",
1362
+ "type": "object"
1363
+ },
1364
+ "sourceEndpoint": {
1365
+ "description": "Q-ENHANCED-PROPERTY\nRequired source endpoint name reference for DMS task data source configuration enabling source database connectivity and data extraction. Specifies the name of the source endpoint from the endpoints section that defines the source database connection for data migration operations.\n\nUse cases: Source database configuration; Data extraction setup; Database connectivity; Migration source definition; Endpoint reference\n\nAWS: AWS DMS source endpoint reference for source database connectivity and data extraction\n\nValidation: Must reference valid source endpoint name from endpoints section; required for source database configuration",
1366
+ "type": "string"
1367
+ },
1368
+ "tableMappings": {
1369
+ "additionalProperties": {},
1370
+ "description": "The table mappings for the task, in JSON format.\nFor more information, see [Using Table Mapping to Specify Task Settings](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Tasks.CustomizingTasks.TableMapping.html) in the *AWS Database Migration Service User Guide* .\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dms-replicationtask.html#cfn-dms-replicationtask-tablemappings",
1371
+ "type": "object"
1372
+ },
1373
+ "targetEndpoint": {
1374
+ "description": "Q-ENHANCED-PROPERTY\nRequired target endpoint name reference for DMS task data destination configuration enabling target database connectivity and data loading. Specifies the name of the target endpoint from the endpoints section that defines the destination database connection for data migration operations.\n\nUse cases: Target database configuration; Data loading setup; Database connectivity; Migration destination definition; Endpoint reference\n\nAWS: AWS DMS target endpoint reference for target database connectivity and data loading\n\nValidation: Must reference valid target endpoint name from endpoints section; required for target database configuration",
1375
+ "type": "string"
1376
+ },
1377
+ "taskData": {
1378
+ "additionalProperties": {},
1379
+ "description": "Supplemental information that the task requires to migrate the data for certain source and target endpoints.\nFor more information, see [Specifying Supplemental Data for Task Settings](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Tasks.TaskData.html) in the *AWS Database Migration Service User Guide.*\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dms-replicationtask.html#cfn-dms-replicationtask-taskdata",
1380
+ "type": "object"
1381
+ }
1382
+ },
1383
+ "required": [
1384
+ "migrationType",
1385
+ "replicationInstance",
1386
+ "sourceEndpoint",
1387
+ "tableMappings",
1388
+ "targetEndpoint"
1389
+ ],
1390
+ "type": "object"
1391
+ },
1392
+ "S3SettingsProperty": {
1393
+ "additionalProperties": false,
1394
+ "description": "Q-ENHANCED-INTERFACE\nS3 settings configuration interface for DMS providing data lake integration and file-based migration capabilities. Defines S3-specific properties for Database Migration Service including data format configuration, compression settings, and S3 integration for database-to-data lake migration workflows.\n\nUse cases: Database to data lake migration; S3 data integration; Data format configuration; File-based migration; Data lake workflows; DMS S3 integration\n\nAWS: AWS DMS S3 endpoint configuration with data lake integration and file format management\n\nValidation: Configuration must be valid for DMS migration; properties must conform to AWS DMS and database-specific requirements",
1395
+ "properties": {
1396
+ "addColumnName": {
1397
+ "description": "Q-ENHANCED-PROPERTY\nOptional flag to add column name information to CSV output files for S3 data lake integration. Enables column headers in CSV files when migrating data to S3, improving data usability and self-documentation for data lake consumers with default false value and support for boolean or y/n values.\n\nUse cases: CSV headers; Data documentation; Data lake usability; Self-describing data; CSV format enhancement\n\nAWS: AWS DMS S3 endpoint addColumnName for CSV column header inclusion in data lake files\n\nValidation: Must be boolean, 'y', or 'n' if provided; default false; improves CSV data usability in S3 data lake",
1398
+ "type": "boolean"
1399
+ },
1400
+ "bucketFolder": {
1401
+ "description": "Q-ENHANCED-PROPERTY\nOptional S3 bucket folder name for organizing migrated data with hierarchical structure. Specifies a folder prefix for table organization in S3 bucket, creating path structure as bucketFolder/schema_name/table_name/ instead of default schema_name/table_name/ for better data organization.\n\nUse cases: Data organization; Folder structure; S3 hierarchy; Data lake organization; Path management\n\nAWS: AWS DMS S3 endpoint bucketFolder for hierarchical data organization in S3 bucket structure\n\nValidation: Must be valid S3 folder name if provided; creates bucketFolder/schema_name/table_name/ path structure",
1402
+ "type": "string"
1403
+ },
1404
+ "bucketName": {
1405
+ "description": "Q-ENHANCED-PROPERTY\nRequired S3 bucket name for DMS data migration destination in data lake architecture. Specifies the target S3 bucket where migrated database data will be stored, serving as the primary destination for database-to-data lake migration workflows and data storage.\n\nUse cases: Data lake destination; S3 storage; Migration target; Data repository; Database migration endpoint\n\nAWS: AWS S3 bucket name for DMS data migration destination and data lake storage\n\nValidation: Must be valid S3 bucket name; required for S3 endpoint configuration and data migration destination",
1406
+ "type": "string"
1407
+ },
1408
+ "cannedAclForObjects": {
1409
+ "description": "Q-ENHANCED-PROPERTY\nOptional predefined access control list (ACL) for S3 objects created during data migration. Specifies canned ACL for CSV and Parquet files created in S3 bucket, controlling object-level permissions with options including NONE, PRIVATE, PUBLIC_READ, and BUCKET_OWNER_FULL_CONTROL for security management.\n\nUse cases: Access control; S3 permissions; Object security; Data lake security; File permissions\n\nAWS: AWS S3 canned ACL for objects created by DMS during data migration to S3 bucket\n\nValidation: Must be valid S3 canned ACL if provided; default NONE; controls object-level permissions in S3 bucket",
1410
+ "type": "string"
1411
+ },
1412
+ "cdcInsertsAndUpdates": {
1413
+ "description": "Q-ENHANCED-PROPERTY\nOptional flag to enable CDC INSERT and UPDATE operations capture to S3 files for change tracking. Enables writing INSERT and UPDATE operations to CSV or Parquet files during change data capture, with operation indication controlled by IncludeOpForFullLoad parameter, mutually exclusive with CdcInsertsOnly.\n\nUse cases: Change data capture; INSERT/UPDATE tracking; Data lake CDC; Operation logging; change tracking\n\nAWS: AWS DMS S3 endpoint cdcInsertsAndUpdates for CDC INSERT and UPDATE operations capture\n\nValidation: Must be boolean or 'y' if provided; mutually exclusive with CdcInsertsOnly; requires DMS version 3.3.1+",
1414
+ "type": "boolean"
1415
+ },
1416
+ "cdcInsertsOnly": {
1417
+ "description": "Q-ENHANCED-PROPERTY\nOptional flag to enable CDC INSERT-only operations capture to S3 files for insert-focused change tracking. Enables writing only INSERT operations to CSV or Parquet files during change data capture, with operation indication controlled by IncludeOpForFullLoad parameter, mutually exclusive with CdcInsertsAndUpdates.\n\nUse cases: Insert-only CDC; Append-only data lakes; INSERT tracking; Simplified change capture; Insert-focused replication\n\nAWS: AWS DMS S3 endpoint cdcInsertsOnly for CDC INSERT-only operations capture\n\nValidation: Must be boolean or 'y' if provided; mutually exclusive with CdcInsertsAndUpdates; requires DMS version 3.1.4+",
1418
+ "type": "boolean"
1419
+ },
1420
+ "cdcMaxBatchInterval": {
1421
+ "description": "Q-ENHANCED-PROPERTY\nOptional maximum batch interval in seconds for CDC file output to S3 for time-based file creation. Specifies the maximum time interval before triggering file output to S3, working with CdcMinFileSize where first condition met triggers write, with default 60 seconds for CDC file management.\n\nUse cases: File timing control; CDC batching; Time-based triggers; File output scheduling; Batch interval management\n\nAWS: AWS DMS S3 endpoint cdcMaxBatchInterval for time-based CDC file output triggering\n\nValidation: Must be positive integer in seconds if provided; default 60; works with CdcMinFileSize for file output triggering",
1422
+ "type": "number"
1423
+ },
1424
+ "cdcMinFileSize": {
1425
+ "description": "Q-ENHANCED-PROPERTY\nOptional minimum file size in kilobytes for CDC file output to S3 for size-based file creation. Specifies the minimum file size before triggering file output to S3, working with CdcMaxBatchInterval where first condition met triggers write, with default 32 MB for CDC file management.\n\nUse cases: File size control; CDC batching; Size-based triggers; File output optimization; Batch size management\n\nAWS: AWS DMS S3 endpoint cdcMinFileSize for size-based CDC file output triggering\n\nValidation: Must be positive integer in KB if provided; default 32 MB; works with CdcMaxBatchInterval for file output triggering",
1426
+ "type": "number"
1427
+ },
1428
+ "cdcPath": {
1429
+ "description": "Q-ENHANCED-PROPERTY\nOptional CDC folder path specification for change data capture file organization in S3. Specifies the folder path for CDC files in S3 bucket, required for S3 sources with CDC and optional for targets, enabling transaction order preservation and organized CDC file storage in data lake architecture.\n\nUse cases: CDC organization; Transaction order; File path management; S3 CDC structure; Change data organization\n\nAWS: AWS DMS S3 endpoint cdcPath for CDC file organization and transaction order preservation\n\nValidation: Must be valid S3 folder path if provided; required for S3 sources with CDC; supports DMS version 3.4.2+",
1430
+ "type": "string"
1431
+ },
1432
+ "compressionType": {
1433
+ "description": "Q-ENHANCED-PROPERTY\nOptional compression type for S3 target files to optimize storage and transfer performance. Specifies compression method for CSV and Parquet files with GZIP enabling compression and NONE (default) for uncompressed files, affecting storage costs and data transfer performance in data lake operations.\n\nUse cases: Storage optimization; Compression; Performance tuning; Cost optimization; File size reduction\n\nAWS: AWS DMS S3 endpoint compressionType for target file compression and storage optimization\n\nValidation: Must be GZIP or NONE if provided; default NONE; applies to both CSV and Parquet file formats",
1434
+ "type": "string"
1435
+ },
1436
+ "csvDelimiter": {
1437
+ "description": "Q-ENHANCED-PROPERTY\nOptional column delimiter for CSV file format in S3 data lake integration. Specifies the character used to separate columns in CSV files for both source and target operations, with default comma delimiter, affecting CSV file structure and data parsing in data lake workflows.\n\nUse cases: CSV formatting; Column separation; Data parsing; File structure; CSV customization\n\nAWS: AWS DMS S3 endpoint csvDelimiter for CSV column separation and file formatting\n\nValidation: Must be valid delimiter character if provided; default comma; affects CSV file structure and parsing",
1438
+ "type": "string"
1439
+ },
1440
+ "csvNoSupValue": {
1441
+ "description": "Q-ENHANCED-PROPERTY\nOptional string value for columns not included in supplemental log during CDC CSV operations. Specifies the value to use for columns not in supplemental log when UseCsvNoSupValue is true, with null value used if not specified, affecting CDC data completeness in CSV format.\n\nUse cases: Supplemental log handling; CDC data completeness; Missing column values; CSV CDC operations; Data consistency\n\nAWS: AWS DMS S3 endpoint csvNoSupValue for supplemental log column handling in CDC CSV operations\n\nValidation: Must be valid string value if provided; used when UseCsvNoSupValue is true; supports DMS version 3.4.1+",
1442
+ "type": "string"
1443
+ },
1444
+ "csvNullValue": {
1445
+ "description": "Q-ENHANCED-PROPERTY\nOptional null value representation for CSV files in S3 data lake operations. Specifies how DMS treats null values when writing to target, allowing user-defined string as null representation to differentiate between empty strings and null values, with default NULL value for CSV null handling.\n\nUse cases: Null value handling; CSV formatting; Data representation; Empty string differentiation; Target compatibility\n\nAWS: AWS DMS S3 endpoint csvNullValue for null value representation in CSV files\n\nValidation: Must be valid string if provided; default NULL; differentiates empty strings from null values in CSV format",
1446
+ "type": "string"
1447
+ },
1448
+ "csvRowDelimiter": {
1449
+ "description": "Q-ENHANCED-PROPERTY\nOptional row delimiter for CSV files in S3 data lake integration. Specifies the character used to separate rows in CSV files for both source and target operations, with default carriage return (\\n), affecting CSV file structure and data parsing in data lake workflows.\n\nUse cases: CSV formatting; Row separation; Data parsing; File structure; CSV customization\n\nAWS: AWS DMS S3 endpoint csvRowDelimiter for CSV row separation and file formatting\n\nValidation: Must be valid delimiter character if provided; default carriage return (\\n); affects CSV file structure and parsing",
1450
+ "type": "string"
1451
+ },
1452
+ "dataFormat": {
1453
+ "description": "Q-ENHANCED-PROPERTY\nOptional data format specification for S3 output files in data lake architecture. Specifies the output file format with CSV for row-based comma-separated values and Parquet for columnar storage with efficient compression and faster query response, affecting data lake performance and storage.\n\nUse cases: Data format selection; Storage optimization; Query performance; Compression efficiency; Data lake architecture\n\nAWS: AWS DMS S3 endpoint dataFormat for output file format selection and data lake optimization\n\nValidation: Must be 'csv' or 'parquet' if provided; affects storage efficiency and query performance in data lake",
1454
+ "type": "string"
1455
+ },
1456
+ "dataPageSize": {
1457
+ "description": "Q-ENHANCED-PROPERTY\nOptional data page size in bytes for Parquet file format optimization. Specifies the size of one data page for Parquet files with default 1 MiB (1024 * 1024 bytes), affecting Parquet file structure, compression efficiency, and query performance in columnar data lake storage.\n\nUse cases: Parquet optimization; Page size tuning; Compression efficiency; Query performance; Columnar storage optimization\n\nAWS: AWS DMS S3 endpoint dataPageSize for Parquet file page size optimization and performance tuning\n\nValidation: Must be positive integer in bytes if provided; default 1 MiB; applies only to Parquet file format",
1458
+ "type": "number"
1459
+ },
1460
+ "datePartitionDelimiter": {
1461
+ "description": "Q-ENHANCED-PROPERTY\nOptional date partition delimiter for S3 folder partitioning organization. Specifies the delimiter character used in date-based folder partitioning with default SLASH, used when DatePartitionedEnabled is true for organizing data lake files by transaction commit dates in hierarchical folder structure.\n\nUse cases: Date partitioning; Folder organization; Data lake structure; Time-based organization; Partition delimiter\n\nAWS: AWS DMS S3 endpoint datePartitionDelimiter for date-based folder partitioning organization\n\nValidation: Must be valid delimiter if provided; default SLASH; used when DatePartitionedEnabled is true",
1462
+ "type": "string"
1463
+ },
1464
+ "datePartitionEnabled": {
1465
+ "description": "Q-ENHANCED-PROPERTY\nOptional flag to enable date-based folder partitioning for S3 bucket organization. Enables partitioning S3 bucket folders based on transaction commit dates with default false, providing time-based data organization for improved data lake query performance and data management.\n\nUse cases: Date-based partitioning; Data organization; Query optimization; Time-based structure; Data lake management\n\nAWS: AWS DMS S3 endpoint datePartitionEnabled for date-based folder partitioning and data organization\n\nValidation: Must be boolean if provided; default false; enables date-based folder partitioning for data lake organization",
1466
+ "type": "boolean"
1467
+ },
1468
+ "datePartitionSequence": {
1469
+ "description": "Q-ENHANCED-PROPERTY\nOptional date format sequence for folder partitioning organization in S3 data lake. Specifies the date format sequence for folder partitioning with default YYYYMMDD, used when DatePartitionedEnabled is true for consistent date-based folder naming and organization.\n\nUse cases: Date format specification; Folder naming; Partition sequence; Date organization; Consistent naming\n\nAWS: AWS DMS S3 endpoint datePartitionSequence for date format specification in folder partitioning\n\nValidation: Must be valid date format if provided; default YYYYMMDD; used when DatePartitionedEnabled is true",
1470
+ "type": "string"
1471
+ },
1472
+ "datePartitionTimezone": {
1473
+ "description": "Q-ENHANCED-PROPERTY\nOptional time zone specification for date partition folder creation and CDC file naming. Converts UTC time to specified time zone when creating date partition folders and CDC file names, using Area/Location format when DatePartitionedEnabled is true for consistent time zone handling.\n\nUse cases: Time zone conversion; Date partition timing; CDC file naming; Time zone consistency; Global data management\n\nAWS: AWS DMS S3 endpoint datePartitionTimezone for time zone conversion in date partitioning\n\nValidation: Must be valid Area/Location time zone format if provided; used when DatePartitionedEnabled is true",
1474
+ "type": "string"
1475
+ },
1476
+ "dictPageSizeLimit": {
1477
+ "description": "Q-ENHANCED-PROPERTY\nOptional maximum dictionary page size limit for Parquet column encoding optimization. Specifies the maximum size of encoded dictionary page for columns with default 1 MiB, reverting to PLAIN encoding when exceeded, affecting Parquet compression efficiency and query performance in columnar data lake storage.\n\nUse cases: Parquet optimization; Dictionary encoding; Compression efficiency; Column storage optimization; Encoding performance\n\nAWS: AWS DMS S3 endpoint dictPageSizeLimit for Parquet dictionary page size optimization and encoding control\n\nValidation: Must be positive integer in bytes if provided; default 1 MiB; applies only to Parquet file format",
1478
+ "type": "number"
1479
+ },
1480
+ "enableStatistics": {
1481
+ "description": "Q-ENHANCED-PROPERTY\nOptional flag to enable statistics collection for Parquet pages and row groups for query optimization. Enables collection of NULL, DISTINCT, MAX, and MIN statistics with default true, improving query performance and data analysis capabilities in Parquet columnar data lake storage.\n\nUse cases: Query optimization; Statistics collection; Parquet performance; Data analysis; Query planning\n\nAWS: AWS DMS S3 endpoint enableStatistics for Parquet statistics collection and query optimization\n\nValidation: Must be boolean if provided; default true; applies only to Parquet file format; improves query performance",
1482
+ "type": "boolean"
1483
+ },
1484
+ "encodingType": {
1485
+ "description": "Q-ENHANCED-PROPERTY\nOptional encoding type specification for Parquet file compression and storage optimization. Specifies encoding method with RLE_DICTIONARY (default) for efficient repeated value storage, PLAIN for no encoding, and PLAIN_DICTIONARY for column-specific dictionary encoding, affecting compression and performance.\n\nUse cases: Compression optimization; Encoding selection; Storage efficiency; Parquet performance; Data compression\n\nAWS: AWS DMS S3 endpoint encodingType for Parquet encoding method selection and compression optimization\n\nValidation: Must be RLE_DICTIONARY, PLAIN, or PLAIN_DICTIONARY if provided; default RLE_DICTIONARY; affects Parquet compression",
1486
+ "type": "string"
1487
+ },
1488
+ "externalTableDefinition": {
1489
+ "description": "Q-ENHANCED-PROPERTY\nOptional external table definition for S3 source configuration in data lake integration. Specifies the table definition when using S3 as source, required for S3 source endpoints to define table structure and schema for data processing and migration operations.\n\nUse cases: S3 source configuration; Table definition; Schema specification; Data structure; Source table mapping\n\nAWS: AWS DMS S3 endpoint externalTableDefinition for S3 source table structure and schema definition\n\nValidation: Must be valid table definition if provided; required when S3 is used as source; defines table structure and schema",
1490
+ "type": "string"
1491
+ },
1492
+ "ignoreHeaderRows": {
1493
+ "description": "Q-ENHANCED-PROPERTY\nOptional number of header rows to ignore in CSV files for S3 source processing. Specifies whether to ignore the first row header in CSV files with 1 enabling the feature and 0 (default) disabling it, affecting CSV file parsing and data processing in S3 source operations.\n\nUse cases: CSV header handling; File parsing; Data processing; Header row management; CSV source configuration\n\nAWS: AWS DMS S3 endpoint ignoreHeaderRows for CSV header row handling in S3 source processing\n\nValidation: Must be 0 or 1 if provided; default 0; controls CSV header row processing in S3 source operations",
1494
+ "type": "number"
1495
+ },
1496
+ "includeOpForFullLoad": {
1497
+ "description": "Q-ENHANCED-PROPERTY\nOptional flag to include INSERT operation indicators in full load CSV output for consistency with CDC operations. Enables recording INSERT operations as 'I' annotation in first field of CSV files during full load, providing consistency with CDC load format and operation tracking.\n\nUse cases: Operation tracking; Full load consistency; CDC compatibility; INSERT indication; Data lineage\n\nAWS: AWS DMS S3 endpoint includeOpForFullLoad for INSERT operation indication in full load CSV output\n\nValidation: Must be boolean or 'y' if provided; requires DMS version 3.1.4+; works with CdcInsertsOnly and CdcInsertsAndUpdates",
1498
+ "type": "boolean"
1499
+ },
1500
+ "maxFileSize": {
1501
+ "description": "Q-ENHANCED-PROPERTY\nOptional maximum CSV file size in KB for S3 target during full load migration operations. Specifies the maximum size limit for CSV files created during full load migration with default 1 GB (1,048,576 KB), controlling file size and affecting data lake file organization and performance.\n\nUse cases: File size control; Full load optimization; Storage management; File organization; Performance tuning\n\nAWS: AWS DMS S3 endpoint maxFileSize for CSV file size limits during full load migration\n\nValidation: Must be integer between 1-1,048,576 KB if provided; default 1 GB; controls CSV file size during full load",
1502
+ "type": "number"
1503
+ },
1504
+ "parquetTimestampInMillisecond": {
1505
+ "description": "Q-ENHANCED-PROPERTY\nOptional flag to set TIMESTAMP column precision to milliseconds in Parquet files for Athena and Glue compatibility. Enables millisecond precision for TIMESTAMP columns in Parquet format instead of microsecond precision, ensuring compatibility with Amazon Athena and AWS Glue query engines that handle only millisecond precision.\n\nUse cases: Athena compatibility; Glue integration; Timestamp precision; Parquet optimization; Query engine compatibility\n\nAWS: AWS DMS S3 endpoint parquetTimestampInMillisecond for TIMESTAMP precision in Parquet files\n\nValidation: Must be boolean or 'y' if provided; requires DMS version 3.1.4+; applies only to Parquet format; CSV always uses microsecond",
1506
+ "type": "boolean"
1507
+ },
1508
+ "parquetVersion": {
1509
+ "description": "Q-ENHANCED-PROPERTY\nOptional Apache Parquet format version specification for S3 data lake columnar storage. Specifies the Parquet format version with parquet_1_0 (default) or parquet_2_0 options, affecting file compatibility, features, and performance characteristics in columnar data lake storage operations.\n\nUse cases: Parquet version selection; Format compatibility; Feature availability; Performance optimization; Columnar storage\n\nAWS: AWS DMS S3 endpoint parquetVersion for Apache Parquet format version specification\n\nValidation: Must be 'parquet_1_0' or 'parquet_2_0' if provided; default parquet_1_0; affects Parquet file compatibility and features",
1510
+ "type": "string"
1511
+ },
1512
+ "preserveTransactions": {
1513
+ "description": "Q-ENHANCED-PROPERTY\nOptional flag to preserve transaction order for CDC loads in S3 target for data consistency. Enables saving transaction order for change data capture loads on S3 target specified by CdcPath, ensuring transactional consistency and proper ordering in data lake CDC operations.\n\nUse cases: Transaction consistency; CDC ordering; Data integrity; Transaction preservation; Change data consistency\n\nAWS: AWS DMS S3 endpoint preserveTransactions for CDC transaction order preservation in S3 target\n\nValidation: Must be boolean if provided; requires CdcPath setting; supports DMS version 3.4.2+; ensures transaction order consistency",
1514
+ "type": "boolean"
1515
+ },
1516
+ "rfc4180": {
1517
+ "description": "Q-ENHANCED-PROPERTY\nOptional flag to enable RFC 4180 compliance for CSV quotation mark handling in S3 operations. Controls quotation mark behavior with true (default) requiring paired quotation marks and proper escaping, and false allowing delimiters within strings, affecting CSV parsing and data integrity.\n\nUse cases: CSV compliance; Quotation handling; RFC 4180 standard; Data parsing; CSV formatting\n\nAWS: AWS DMS S3 endpoint rfc4180 for CSV quotation mark handling and RFC 4180 compliance\n\nValidation: Must be boolean, 'y', or 'n' if provided; default true; affects CSV quotation mark handling and delimiter behavior",
1518
+ "type": "boolean"
1519
+ },
1520
+ "rowGroupLength": {
1521
+ "description": "Q-ENHANCED-PROPERTY\nOptional number of rows in Parquet row group for read/write performance optimization. Specifies row group size with default 10,000 rows, balancing faster reads (smaller groups) against slower writes (more groups), with maximum 64MB limit for Parquet file performance tuning.\n\nUse cases: Parquet optimization; Read performance; Write performance; Row group tuning; Columnar storage optimization\n\nAWS: AWS DMS S3 endpoint rowGroupLength for Parquet row group size optimization and performance tuning\n\nValidation: Must be positive integer if provided; default 10,000; maximum 64MB (64*1024*1024 bytes); applies only to Parquet format",
1522
+ "type": "number"
1523
+ },
1524
+ "serverSideEncryptionKmsKeyId": {
1525
+ "description": "Q-ENHANCED-PROPERTY\nRequired KMS key ID for server-side encryption when using SSE_KMS encryption mode for S3 data lake security. Specifies the AWS KMS key for encrypting S3 objects, requiring attached policy enabling IAM user permissions and key usage for secure data lake storage and compliance.\n\nUse cases: Data encryption; KMS integration; S3 security; Compliance requirements; Data protection\n\nAWS: AWS KMS key ID for S3 server-side encryption with customer-managed keys\n\nValidation: Must be valid KMS key ID; required when EncryptionMode is SSE_KMS; requires proper IAM permissions and key policy",
1526
+ "type": "string"
1527
+ },
1528
+ "serviceAccessRoleArn": {
1529
+ "description": "Q-ENHANCED-PROPERTY\nOptional IAM role ARN for DMS service access to S3 bucket operations for data lake integration. Specifies the service role enabling DMS to read and write S3 objects, requiring iam:PassRole action for secure S3 bucket access and data migration operations.\n\nUse cases: Service access; IAM role configuration; S3 permissions; Secure access; Data migration authorization\n\nAWS: AWS IAM role ARN for DMS service access to S3 bucket operations and data lake integration\n\nValidation: Must be valid IAM role ARN if provided; requires iam:PassRole action; enables S3 read/write operations",
1530
+ "type": "string"
1531
+ },
1532
+ "timestampColumnName": {
1533
+ "description": "Q-ENHANCED-PROPERTY\nOptional timestamp column name for adding migration timing information to S3 data lake files. Adds STRING column with timestamp information to CSV or Parquet files, containing transfer timestamps for full load and commit timestamps for CDC, with microsecond precision format yyyy-MM-dd HH:mm:ss.SSSSSS.\n\nUse cases: Data lineage; Migration tracking; Timestamp information; Data auditing; Change tracking\n\nAWS: AWS DMS S3 endpoint timestampColumnName for migration timestamp tracking in data lake files\n\nValidation: Must be valid column name if provided; requires DMS version 3.1.4+; adds timestamp column to output files",
1534
+ "type": "string"
1535
+ },
1536
+ "useCsvNoSupValue": {
1537
+ "description": "Q-ENHANCED-PROPERTY\nOptional flag to use CsvNoSupValue for columns not in supplemental log during CDC CSV operations. Controls handling of columns not included in supplemental log with true using CsvNoSupValue and false using null value, affecting CDC data completeness in CSV format operations.\n\nUse cases: Supplemental log handling; CDC data completeness; Missing column values; CSV CDC operations; Data consistency\n\nAWS: AWS DMS S3 endpoint useCsvNoSupValue for supplemental log column handling in CDC CSV operations\n\nValidation: Must be boolean if provided; works with CsvNoSupValue setting; applies only to CDC loads in CSV format",
1538
+ "type": "boolean"
1539
+ },
1540
+ "useTaskStartTimeForFullLoadTimestamp": {
1541
+ "description": "Q-ENHANCED-PROPERTY\nOptional flag to use task start time for full load timestamp column instead of data arrival time. Controls timestamp behavior with true using task start time for full load and transaction commit time for CDC, and false using incremental data arrival time for full load operations.\n\nUse cases: Timestamp consistency; Task timing; Full load timing; Timestamp behavior; Data lineage\n\nAWS: AWS DMS S3 endpoint useTaskStartTimeForFullLoadTimestamp for timestamp column behavior control\n\nValidation: Must be boolean if provided; affects timestamp column behavior for full load operations; CDC always uses commit time",
1542
+ "type": "boolean"
1543
+ }
1544
+ },
1545
+ "required": [
1546
+ "bucketName",
1547
+ "serverSideEncryptionKmsKeyId"
1548
+ ],
1549
+ "type": "object"
1550
+ },
1551
+ "SybaseSettingsProperty": {
1552
+ "additionalProperties": false,
1553
+ "description": "Q-ENHANCED-INTERFACE\nSybase database settings configuration interface for DMS endpoint with secure credential management and IAM role-based access. Defines Sybase-specific properties for Database Migration Service including Secrets Manager integration for secure credential storage and IAM role configuration for accessing SAP ASE endpoints.\n\nUse cases: Sybase database migration; SAP ASE connectivity; Secure credential management; Enterprise database integration\n\nAWS: AWS DMS Sybase endpoint configuration with Secrets Manager integration and IAM role-based security\n\nValidation: Must include valid Secrets Manager secret ARN; IAM role must have appropriate DMS and Secrets Manager permissions",
1554
+ "properties": {
1555
+ "secretsManagerAccessRoleArn": {
1556
+ "description": "Q-ENHANCED-PROPERTY\nOptional IAM role ARN for DMS to access Secrets Manager secret containing Sybase endpoint credentials enabling secure credential management. Defines the IAM role that DMS assumes to retrieve database credentials from Secrets Manager for SAP ASE endpoint connectivity with role-based security.\n\nUse cases: Secure credential access; IAM role-based security; Secrets Manager integration; DMS authentication\n\nAWS: DMS Sybase endpoint secretsManagerAccessRoleArn setting for IAM role-based credential access\n\nValidation: Must be valid IAM role ARN if provided; role must have iam:PassRole and Secrets Manager access permissions\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-sybasesettings.html#cfn-dms-endpoint-sybasesettings-secretsmanageraccessrolearn",
1557
+ "type": "string"
1558
+ },
1559
+ "secretsManagerSecretArn": {
1560
+ "description": "Q-ENHANCED-PROPERTY\nRequired Secrets Manager secret ARN containing Sybase endpoint connection details enabling secure credential storage for SAP ASE database connectivity. Defines the AWS Secrets Manager secret that stores database connection credentials including username, password, and connection parameters for Sybase endpoint access.\n\nUse cases: Secure credential storage; SAP ASE connectivity; Database authentication; Secrets management\n\nAWS: DMS Sybase endpoint secretsManagerSecretId setting for Secrets Manager secret reference\n\nValidation: Must be valid Secrets Manager secret ARN; secret must contain valid Sybase connection credentials\nSee: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-dms-endpoint-sybasesettings.html#cfn-dms-endpoint-sybasesettings-secretsmanagersecretid",
1561
+ "type": "string"
1562
+ },
1563
+ "secretsManagerSecretKMSArn": {
1564
+ "description": "Q-ENHANCED-PROPERTY\nOptional KMS key ARN for encrypting Secrets Manager secret containing Sybase credentials enabling enhanced security for database connection details. Defines the KMS key used to encrypt the Secrets Manager secret that stores Sybase endpoint credentials for additional security layer.\n\nUse cases: Credential encryption; Enhanced security; KMS integration; Secrets Manager encryption\n\nAWS: DMS Sybase endpoint secretsManagerSecretKMSArn setting for KMS encryption of credentials\n\nValidation: Must be valid KMS key ARN if provided; enables encryption of Secrets Manager secret containing credentials",
1565
+ "type": "string"
1566
+ }
1567
+ },
1568
+ "required": [
1569
+ "secretsManagerSecretArn"
1570
+ ],
1571
+ "type": "object"
1572
+ }
1573
+ },
1574
+ "properties": {
1575
+ "deploymentRole": {
1576
+ "description": "Q-ENHANCED-PROPERTY\nRequired IAM role ARN for DataOps deployment operations enabling secure deployment and resource management. Provides the IAM role used for deploying and managing DataOps resources with appropriate permissions for infrastructure operations.\n\nUse cases: Deployment operations; Resource management; IAM permissions; Secure deployment\n\nAWS: IAM role ARN for DataOps deployment operations and resource management\n\nValidation: Must be valid IAM role ARN; required for deployment operations and resource management",
1577
+ "type": "string"
1578
+ },
1579
+ "dms": {
1580
+ "$ref": "#/definitions/DMSProps",
1581
+ "description": "Q-ENHANCED-PROPERTY\nRequired DMS configuration defining database migration and replication capabilities including replication instances, source and target endpoints, migration tasks, and data transformation. Provides complete DMS setup with secure data migration and real-time replication capabilities.\n\nUse cases: Database migration; Real-time replication; data movement and transformation between databases\n\nAWS: AWS Database Migration Service for database migration and replication operations\n\nValidation: Must be valid DMSProps; required; defines all DMS migration and replication characteristics"
1582
+ },
1583
+ "kmsArn": {
1584
+ "description": "Q-ENHANCED-PROPERTY\nRequired KMS key ARN for DataOps encryption enabling data protection and security compliance. Provides the customer-managed KMS key for encrypting DataOps resources, data, and operational artifacts ensuring data protection and compliance.\n\nUse cases: Data encryption; Security compliance; Key management; Data protection\n\nAWS: KMS key ARN for DataOps encryption and data protection compliance\n\nValidation: Must be valid KMS key ARN; required for encryption and data protection compliance",
1585
+ "type": "string"
1586
+ },
1587
+ "nag_suppressions": {
1588
+ "$ref": "#/definitions/MdaaNagSuppressionConfigs",
1589
+ "description": "Q-ENHANCED-PROPERTY\nOptional CDK Nag suppression configurations for compliance rule management enabling controlled security rule exceptions and compliance documentation. Provides structured approach to managing security rule suppressions with proper justification and documentation for compliance auditing.\n\nUse cases: Compliance management; Security rule exceptions; Audit documentation; Controlled suppressions\n\nAWS: CDK Nag suppressions for compliance rule management and security exception documentation\n\nValidation: Must be valid MdaaNagSuppressionConfigs if provided; enables structured compliance rule management"
1590
+ },
1591
+ "projectBucket": {
1592
+ "description": "Q-ENHANCED-PROPERTY\nRequired S3 bucket name for DataOps project storage enabling centralized data storage and artifact management. Provides the shared S3 bucket for project data, scripts, temporary files, and processing artifacts across DataOps workflows.\n\nUse cases: Project storage; Data artifacts; Script storage; Centralized storage management\n\nAWS: S3 bucket for DataOps project storage and artifact management\n\nValidation: Must be valid S3 bucket name; required for project storage and artifact management",
1593
+ "type": "string"
1594
+ },
1595
+ "projectName": {
1596
+ "description": "Q-ENHANCED-PROPERTY\nRequired DataOps project name for resource coordination and shared infrastructure enabling project-based resource organization and management. Provides the project identifier that coordinates shared resources across DataOps applications and workflows.\n\nUse cases: Project coordination; Resource organization; Shared infrastructure; Project management\n\nAWS: DataOps project name for resource coordination and shared infrastructure management\n\nValidation: Must be valid project name; required for project coordination and resource organization",
1597
+ "type": "string"
1598
+ },
1599
+ "projectTopicArn": {
1600
+ "description": "Q-ENHANCED-PROPERTY\nRequired SNS topic ARN for DataOps notifications enabling event-driven communication and workflow coordination. Provides the SNS topic for job notifications, error alerts, and workflow status updates across DataOps operations.\n\nUse cases: Job notifications; Error alerts; Workflow coordination; Event-driven communication\n\nAWS: SNS topic ARN for DataOps notifications and workflow coordination\n\nValidation: Must be valid SNS topic ARN; required for notifications and workflow coordination",
1601
+ "type": "string"
1602
+ },
1603
+ "securityConfigurationName": {
1604
+ "description": "Q-ENHANCED-PROPERTY\nRequired Glue security configuration name for DataOps job security enabling encryption and access control for data processing operations. Provides the security configuration that will be used by Glue jobs for encryption at rest, in transit, and CloudWatch logs encryption.\n\nUse cases: Glue job security; Encryption configuration; Security compliance; Data protection\n\nAWS: Glue security configuration for DataOps job encryption and security compliance\n\nValidation: Must be valid security configuration name; required for Glue job security and encryption",
1605
+ "type": "string"
1606
+ },
1607
+ "service_catalog_product_config": {
1608
+ "$ref": "#/definitions/MdaaServiceCatalogProductConfig",
1609
+ "description": "Q-ENHANCED-PROPERTY\nOptional Service Catalog product configuration for governed self-service deployment enabling controlled infrastructure provisioning and governance. When specified, deploys the module as a Service Catalog product instead of direct deployment for governed access and compliance.\n\nUse cases: Governed deployment; Self-service provisioning; Service Catalog integration; Controlled access\n\nAWS: Service Catalog product configuration for governed infrastructure deployment and self-service provisioning\n\nValidation: Must be valid MdaaServiceCatalogProductConfig if provided; enables Service Catalog deployment mode"
1610
+ }
1611
+ },
1612
+ "required": [
1613
+ "dms",
1614
+ "projectName"
1615
+ ],
1616
+ "type": "object"
1617
+ }
1618
+